75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# File 'lib/dawn/cli/dawn_cli.rb', line 75
def scan(target)
$logger.helo APPNAME, Dawn::VERSION
trap("INT") { $logger.die('[INTERRUPTED]') }
$logger.die("invalid directory (#{target})") unless Dawn::Core.is_good_target?(target)
$debug = true if options[:debug]
$verbose = true if options[:verbose]
checks_to_be_skipped = []
checks_to_be_skipped = options[:skip] unless options[:skip].nil?
debug_me("scanning #{target}")
$config_file= Dawn::Core.find_conf(true) if options[:config_file].nil?
$config = Dawn::Core.read_conf($config_file)
debug_me($config)
engine = Dawn::Core.detect_mvc(target) unless options[:gemfile]
engine = Dawn::GemfileLock.new(target) if options[:gemfile]
if engine.nil?
$logger.error("MVC detection failure. Please open an issue at https://github.com/thesp0nge/dawnscanner/issues")
$logger.die('ruby framework auto detect failed.')
end
if options[:exit_on_warn]
Kernel.at_exit do
if engine.count_vulnerabilities != 0
Kernel.exit(engine.count_vulnerabilities)
end
end
end
engine.load_knowledge_base
ret = engine.apply_all(checks_to_be_skipped)
if options[:report_format] and options[:report_format].eql? "json"
STDERR.puts (ret)? {:status=>"OK", :vulnerabilities_count=>engine.count_vulnerabilities}.to_json : {:status=>"KO", :vulnerabilities_count=>-1}.to_json
$logger.bye
Kernel.exit(0)
end
$logger.info("#{engine.count_vulnerabilities} issues found")
$logger.info("#{engine.checks.count} checks applied")
Dawn::Reporter.new({:engine=>engine, :apply_all_code=>ret}).report
$logger.bye
Kernel.exit(0)
end
|