Dawnscanner: revive the project and create an RPM package
a project by pperego
Updated over 3 years ago. 1 hackers ♥️. 2 followers.

Project Description

Dawnscanner was a ruby code security static analyzer I created in 2013 and led until a couple of years ago. Unfortunately in my last two jobs, my focus was less on ruby code, so the project lost some traction.

Now it's time to revive the project, add some security checks and create an RPM package so it can be easily installed by our users.

Goal for this Hackweek

  • Solve issue 246: DONE
  • Solve issue 245: DONE
  • Solve issue 244: DONE
  • Marge branch kbrevampin_yaml in main and release version 2.0.0 with new KB 50% DONE: I decided not to release version 2.0.0 due some basic KB updating features
  • Move the KB in a separated repository: DONE
  • Working on a python script to parse NVD CVE information for ruby and rubygems to populate KB: DONE: 375 security checks added so far

Resources

Dawnscanner source code on GitHub Dawnscanner knowledge base repository is on GitHub

Join this project

Looking for hackers with the skills:

ruby rubygem staticanalysis security

This project is part of:

Hack Week 20

Activity

  • over 3 years ago: pperego added keyword "security" to this project.
  • over 3 years ago: wfrisch liked this project.
  • over 3 years ago: pperego started this project.
  • over 3 years ago: pperego added keyword "ruby" to this project.
  • over 3 years ago: pperego added keyword "rubygem" to this project.
  • over 3 years ago: pperego added keyword "staticanalysis" to this project.
  • over 3 years ago: pperego originated this project.


    • Comments

    • pperego
      over 3 years ago by pperego | Reply

      While working on the KB rebase, fetching data from NVD API, I suddenly realize I must change the way a vulnerable dependency must be handled. Instead of changing what is working right now, I'll add a new dependency check ruby class

    • pperego
      over 3 years ago by pperego | Reply

      I think I won't release 2.0.0 today, as the last day of my first #hackweek but I'm super proud of achieved those goals, and really thanks for SuSE for this great opportunity. The project is definitely live again

    Similar Projects

    Fix RSpec tests in order to replace the ruby-ldap rubygem in OBS by enavarro_suse

    Description

    "LDAP mode is not official supported by OBS!". See: config/options.yml.example#L100-L102

    However, there is an RSpec file which tests LDAP mode in OBS. These tests use the ruby-ldap rubygem, mocking the results returned by a LDAP server.

    The ruby-ldap rubygem seems no longer maintaned, and also prevents from updating to a more recent Ruby version. A good alternative is to replace it with the net-ldap rubygem.

    Before replacing the ruby-ldap rubygem, we should modify the tests so the don't mock the responses of a LDAP server. Instead, we should modify the tests and run them against a real LDAP server.

    Goals

    Goals of this project:

    • Modify the RSpec tests and run them against a real LDAP server
    • Replace the net-ldap rubygem with the ruby-ldap rubygem

    Achieving the above mentioned goals will:

    • Permit upgrading OBS from Ruby 3.1 to Ruby 3.2
    • Make a step towards officially supporting LDAP in OBS.

    Resources

    Recipes catalog and calculator in Rails 8 by gfilippetti

    My wife needs a website to catalog and sell the products of her upcoming bakery, and I need to learn and practice modern Rails. So I'm using this Hack Week to build a modern store using the latest Ruby on Rails best practices, ideally up to the deployment.

    TO DO

    • Index page
    • Product page
    • Admin area -- Supplies calculator based on orders -- Orders notification
    • Authentication
    • Payment
    • Deployment

    Day 1

    As my Rails knowledge was pretty outdated and I had 0 experience with Turbo (wich I want to use in the app), I started following a turbo-rails course. I completed 5 of 11 chapters.

    Day 2

    Continued the course until chapter 8 and added live updates & an empty state to the app. I should finish the course on day 3 and start my own project with the knowledge from it.

    Hackweek 24

    For this Hackweek I'll continue this project, focusing on a Catalog/Calculator for my wife's recipes so she can use for her Café.

    Day 1

    VulnHeap by r1chard-lyu

    Description

    The VulnHeap project is dedicated to the in-depth analysis and exploitation of vulnerabilities within heap memory management. It focuses on understanding the intricate workflow of heap allocation, chunk structures, and bin management, which are essential to identifying and mitigating security risks.

    Goals

    • Familiarize with heap
      • Heap workflow
      • Chunk and bin structure
      • Vulnerabilities
    • Vulnerability
      • Use after free (UAF)
      • Heap overflow
      • Double free
    • Use Docker to create a vulnerable environment and apply techniques to exploit it

    Resources

    • https://heap-exploitation.dhavalkapil.com/divingintoglibc_heap
    • https://raw.githubusercontent.com/cloudburst/libheap/master/heap.png
    • https://github.com/shellphish/how2heap?tab=readme-ov-file

    Kanidm: A safe and modern IDM system by firstyear

    Kanidm is an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme.

    Kanidm Github

    In addition Kanidm has spawn a number of adjacent projects in the Rust ecosystem such as LDAP, Kerberos, Webauthn, and cryptography libraries.

    In this hack week, we'll be working on Quokca, a certificate authority that supports PKCS11/TPM storage of keys, issuance of PIV certificates, and ACME without the feature gatekeeping implemented by other CA's like smallstep.

    For anyone who wants to participate in Kanidm, we have documentation and developer guides which can help.

    I'm happy to help and share more, so please get in touch!

    Migrate from Docker to Podman by tjyrinki_suse

    Description

    I'd like to continue my former work on containerization of several domains on a single server by changing from Docker containers to Podman containers. That will need an OS upgrade as well as Podman is not available in that old server version.

    Goals

    • Update OS.
    • Migrate from Docker to Podman.
    • Keep everything functional, including the existing "meanwhile done" additional Docker container that is actually being used already.
    • Keep everything at least as secure as currently. One of the reasons of having the containers is to isolate risks related to services open to public Internet.
    • Try to enable the Podman use in production.
    • At minimum, learn about all of these topics.
    • Optionally, improve Ansible side of things as well...

    Resources

    A search engine is one's friend. Migrating from Docker to Podman, and from docker-compose to podman-compose.

    CVE portal for SUSE Rancher products by gmacedo

    Description

    Currently it's a bit difficult for users to quickly see the list of CVEs affecting images in Rancher, RKE2, Harvester and Longhorn releases. Users need to individually look for each CVE in the SUSE CVE database page - https://www.suse.com/security/cve/ . This is not optimal, because those CVE pages are a bit hard to read and contain data for all SLE and BCI products too, making it difficult to easily see only the CVEs affecting the latest release of Rancher, for example. We understand that certain costumers are only looking for CVE data for Rancher and not SLE or BCI.

    Goals

    The objective is to create a simple to read and navigate page that contains only CVE data related to Rancher, RKE2, Harvester and Longhorn, where it's easy to search by a CVE ID, an image name or a release version. The page should also provide the raw data as an exportable CSV file.

    It must be an MVP with the minimal amount of effort/time invested, but still providing great value to our users and saving the wasted time that the Rancher Security team needs to spend by manually sharing such data. It might not be long lived, as it can be replaced in 2-3 years with a better SUSE wide solution.

    Resources

    • The page must be simple and easy to read.
    • The UI/UX must be as straightforward as possible with minimal visual noise.
    • The content must be created automatically from the raw data that we already have internally.
    • It must be updated automatically on a daily basis and on ad-hoc runs (when needed).
    • The CVE status must be aligned with VEX.
    • The raw data must be exportable as CSV file.
    • Ideally it will be written in Go or pure Shell script with basic HTML and no external dependencies in CSS or JS.

    OIDC Loginproxy by toe

    Description

    Reverse proxies can be a useful option to separate authentication logic from application logic. SUSE and openSUSE use "loginproxies" as an authentication layer in front of several services.

    Currently, loginproxies exist which support LDAP authentication or SAML authentication.

    Goals

    The goal of this Hack Week project is, to create another loginproxy which supports OpenID Connect authentication which can then act as a drop-in replacement for the existing LDAP or SAML loginproxies.

    Testing is intended to focus on the integration with OIDC IDPs from Okta, KanIDM and Authentik.

    Resources