Merge pull request #62 from EMSeek/master

version 3.4 RC

Changelog

@@ -1,3 +1,15 @@
+3.4		2022 Mar ??
+		Fixed a path issue in misc/taintfind.sh
+		Changed installation instructions for better usage
+		Added link to tutorial video in documentation
+		Updated PHP rules
+		Updated dotnet rules
+		Updated xss rules
+		Updated secrets rules
+		Added support for setting default arguments via env vars
+		Added test cases for environment variables
+		Fixed a bug in database listing function
+
 3.3		2022 Jan 20
 		Fixed false positive rate in compressed js files
 		More secret rules

README.md

@@ -1,8 +1,8 @@
 graudit
 ===============================================================================
-graudit is a simple script and signature sets that allows you to find potential 
-security flaws in source code using the GNU utility grep. It's comparable to 
-other static analysis applications like RATS, SWAAT and flaw-finder while 
+graudit is a simple script and signature sets that allows you to find potential
+security flaws in source code using the GNU utility grep. It's comparable to
+other static analysis applications like RATS, SWAAT and flaw-finder while
 keeping the technical requirements to a minimum and being very flexible.
 
 Installation
@@ -17,9 +17,10 @@ between releases. To do this run the following command:
 git clone https://github.com/wireghoul/graudit
 ```
 
-You can then symlink graudit so it is in path:
+You can then add graudit to your path, using the appropriate values for
+your preferred shell:
 ```
-ln -s path/to/graudit/graudit ~/bin/graudit
+echo 'PATH="$HOME/graudit:${PATH:+:${PATH}}"; export PATH;' >> ~/.bashrc
 ```
 
 If graudit is not in your home directory you may wish to set the GRDIR
@@ -31,7 +32,7 @@ export GRDIR=/path/to/graudit/signatures
 Usage
 ===============================================================================
 graudit supports several options and tries to follow good shell practices. For
-a list of the options you can run graudit -h or see below. The simplest way to 
+a list of the options you can run graudit -h or see below. The simplest way to
 use graudit is;
 
 ```
@@ -55,10 +56,18 @@ OPTIONS
   -h prints this help screen
 ```
 
+You can set default commandline options via the GRARGS environment variable.
+This may affect the use of graudit in scripts so it's only recommended to use
+the B,L,b,z and Z options for this purpose.
+```
+echo 'GRARGS="-b -L"; export GRARGS' >> ~/.basrc
+```
+
+
 Databases
 ===============================================================================
-graudit uses extended regular expressions (POSIX) as it's signatures and comes 
-with several databases ready for use. You can extend the existing databases or 
+graudit uses extended regular expressions (POSIX) as it's signatures and comes
+with several databases ready for use. You can extend the existing databases or
 make your own if you require additional signatures.
 
 Databases can be loaded from multiple locations, the order of precedence is as
@@ -108,12 +117,12 @@ Coming soon..
 
 Contributing
 ===============================================================================
-If you would like to contribute to graudit, please fork the repository at 
+If you would like to contribute to graudit, please fork the repository at
 https://github.com/wireghoul/graudit and use that. In particular language rules,
 additional scripts and documentation contributions are very welcome.
 If you like graudit then please say thanks and share it around.
 
-If you wish to get in contact with me, shoot me a line on github or twitter: 
+If you wish to get in contact with me, shoot me a line on github or twitter:
 @wireghoul
 
 Credits

graudit

@@ -2,9 +2,10 @@
 # graudit - Rough code review tool using grep
 # Written by Wireghoul - http://www.justanotherhacker.com
 # Released under the GPL licence
+set -- $GRARGS $@
 set -e
 set -o pipefail
-VERSION='3.3'
+VERSION='3.4'
 basedir=$(dirname "$0")
 BINFILE=$(which grep)
 
@@ -43,7 +44,7 @@ banner() {
         \___  /|__|  (____  /____/\____ | |__||__|  
        /_____/            \/           \/           
               grep rough audit - static analysis tool
-                  v3.3 written by @Wireghoul
+                  v3.4 written by @Wireghoul
 =================================[justanotherhacker.com]==='
     fi
 }
@@ -96,7 +97,7 @@ listdb () {
     if [ -d "$basedir"/misc/ ]; then
         ls -1 "$basedir"/misc/*.db 2>/dev/null
     fi
-    if [ -d ~/graudit/signatures/ ]; then
+    if [ -d ~/graudit/signatures/ ] && [ "$basedir" != "$HOME/graudit" ]; then
         ls -1 ~/graudit/signatures/*.db 2>/dev/null
     fi
 }

misc/taintfind.sh

@@ -7,7 +7,7 @@ if [ -z "$1" ]; then
     echo "Usage: $0 /path/to/check"
     exit 2
 fi
-~/flatline/graudit -B -z -d php "$1" | \
+graudit -B -z -d php "$1" | \
 perl -ne 'if ($_ =~ m/\$([A-Za-z0-9\-\_]+?)\s*=\s*\$_(GET|POST|REQUEST|COOKIE)\[.*?\]/) {
     @rulz=(
       "(include|require)(_once)?[[:space:]]*\\(?", 

signatures/dotnet.db

@@ -19,10 +19,11 @@ System.Security.Cryptography
 PBEParameterSpec
 PasswordDeriveBytes
 # Dotnet errors
-catch\s*{
+catch[[:space:]]*{
 Finally
 trace enabled
 customErrors mode
+<trace[[:space:]]+enabled[[:space:]]*=['"][Tt][Rr][Uu][Ee]['"]
 System\.Diagnostics\.Process\.Start\(.*
 new[[:space:]]+(System\.Diagnostic\.)?Process(StartInfo)?[[:space:]]*\(.*
 \.Start[[:space:]]\(.*
@@ -177,7 +178,7 @@ checkCertificateName
 checkCertificateRevocationList
 # Dotnet XSS
 [Rr]esponse.[Ww]rite[[:space:]]*\(
-<%\s*=[[:space:]]*[\_a-zA-Z0-9][^\%]+
+<%[[:space:]]*=[[:space:]]*[\_a-zA-Z0-9][^\%]+
 innerText[[:space:]]*=[^\;]+\+
 innerHTML[[:space:]]*=[^\;]+\+
 [Vv]alidate[Rr]equest=[\'\"]?false[\'\"]?

signatures/dotnet/error.db

@@ -1,5 +1,6 @@
 # Dotnet errors
-catch\s*{
+catch[[:space:]]*{
 Finally
 trace enabled
 customErrors mode
+<trace[[:space:]]+enabled[[:space:]]*=['"][Tt][Rr][Uu][Ee]['"]

signatures/dotnet/xss.db

@@ -1,6 +1,6 @@
 # Dotnet XSS
 [Rr]esponse.[Ww]rite[[:space:]]*\(
-<%\s*=[[:space:]]*[\_a-zA-Z0-9][^\%]+
+<%[[:space:]]*=[[:space:]]*[\_a-zA-Z0-9][^\%]+
 innerText[[:space:]]*=[^\;]+\+
 innerHTML[[:space:]]*=[^\;]+\+
 [Vv]alidate[Rr]equest=[\'\"]?false[\'\"]?

signatures/perl.db

@@ -49,4 +49,4 @@ kill.*\$.*
 umask
 ->param\s*\(.*\)
 # Perl xss signatures
-print\s*.*\$.*->param\(?.*\)?
+print[[:space:]]*.*\$.*->param\(?.*\)?

signatures/perl/xss.db

@@ -1,2 +1,2 @@
 # Perl xss signatures
-print\s*.*\$.*->param\(?.*\)?
+print[[:space:]]*.*\$.*->param\(?.*\)?

signatures/php.db

@@ -137,14 +137,14 @@ hash[[:space:]]*\(.*\)
 hash_init[[:space:]]*\(.*\)
 hash_update[[:space:]]*\(.*\)
 # Informatin disclosure
-phpinfo\s*\(.*\)
-phpcredits\s*\(.*\)
-php_logo_guid\s*\(.*\)
-php_uname\s*\(.*\)
-phpversion\s*\(.*\)
-zend_logo_guid\s*\(.*\)
-zend_version\s*\(.*\)
-get_loaded_extensions\s*\(.*\)
+phpinfo[[:space:]]*\(.*\)
+phpcredits[[:space:]]*\(.*\)
+php_logo_guid[[:space:]]*\(.*\)
+php_uname[[:space:]]*\(.*\)
+phpversion[[:space:]]*\(.*\)
+zend_logo_guid[[:space:]]*\(.*\)
+zend_version[[:space:]]*\(.*\)
+get_loaded_extensions[[:space:]]*\(.*\)
 mqseries_connx?[[:space:]]*\(
 mqseries_open[[:space:]]*\(
 AMQPStreamConnection[[:space:]]*\(
@@ -257,13 +257,13 @@ php://temp
 phar://.*\$.*
 expect://
 # PHP - Superglobals & Environment
-getenv\s*\(.*\)
-apache_getenv\s*\(.*\)
-putenv\s*\(.*\)
-apache_setenv\s*\(.*\)
-getallheaders\s*\(.*\)
-apache_request_headers\s*\(.*\)
-apache_response_headers\s*\(.*\)
+getenv[[:space:]]*\(.*\)
+apache_getenv[[:space:]]*\(.*\)
+putenv[[:space:]]*\(.*\)
+apache_setenv[[:space:]]*\(.*\)
+getallheaders[[:space:]]*\(.*\)
+apache_request_headers[[:space:]]*\(.*\)
+apache_response_headers[[:space:]]*\(.*\)
 \$_ENV\[.*\]
 \$_GET\[.*\]
 \$_POST\[.*\]

signatures/php/info.db

@@ -1,9 +1,9 @@
 # Informatin disclosure
-phpinfo\s*\(.*\)
-phpcredits\s*\(.*\)
-php_logo_guid\s*\(.*\)
-php_uname\s*\(.*\)
-phpversion\s*\(.*\)
-zend_logo_guid\s*\(.*\)
-zend_version\s*\(.*\)
-get_loaded_extensions\s*\(.*\)
+phpinfo[[:space:]]*\(.*\)
+phpcredits[[:space:]]*\(.*\)
+php_logo_guid[[:space:]]*\(.*\)
+php_uname[[:space:]]*\(.*\)
+phpversion[[:space:]]*\(.*\)
+zend_logo_guid[[:space:]]*\(.*\)
+zend_version[[:space:]]*\(.*\)
+get_loaded_extensions[[:space:]]*\(.*\)

signatures/php/superglobal.db

@@ -1,11 +1,11 @@
 # PHP - Superglobals & Environment
-getenv\s*\(.*\)
-apache_getenv\s*\(.*\)
-putenv\s*\(.*\)
-apache_setenv\s*\(.*\)
-getallheaders\s*\(.*\)
-apache_request_headers\s*\(.*\)
-apache_response_headers\s*\(.*\)
+getenv[[:space:]]*\(.*\)
+apache_getenv[[:space:]]*\(.*\)
+putenv[[:space:]]*\(.*\)
+apache_setenv[[:space:]]*\(.*\)
+getallheaders[[:space:]]*\(.*\)
+apache_request_headers[[:space:]]*\(.*\)
+apache_response_headers[[:space:]]*\(.*\)
 \$_ENV\[.*\]
 \$_GET\[.*\]
 \$_POST\[.*\]

signatures/secrets.db

@@ -17,9 +17,9 @@ PuTTY-User-Key-File-2\:
 SG\.......................\............................................
 SessionCryptoPassphrase(File)?[[:space:]]
 sk_live_.*
-GRANT.*IDENTIFIED BY.*
-INSERT\s*INTO.*'[0-9a-f]{32}'.*
-INSERT\s*INTO.*'[0-9a-f]{40}'.*
+[Gg][Rr][Aa][Nn][Tt].*[Ii][Dd][Ee][Nn][Tt][Ii][Ff][Ii][Ee][Dd][[:space:]]+[Bb][Yy].*
+[Ii][Nn][Ss][Ee][Rr][Tt][[:space:]]+[Ii][Nn][Tt][Oo].*'[0-9a-fA-F]{32}'.*
+[Ii][Nn][Ss][Ee][rR][Tt][[:space:]]+[Ii][Nn][Tt][Oo].*'[0-9a-fA-F]{40}'.*
 PHP_AUTH_(USER|PW).*[\!\=][\!\=].+
 [Cc]onnection[Ss]tring.*([Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]|[Pp][Ww][Dd])[[:space:]]*=.*
 mysqldump[[:space:]]+.*--password[= ].+

signatures/xss.db

@@ -1,6 +1,6 @@
 # Dotnet XSS
 [Rr]esponse.[Ww]rite[[:space:]]*\(
-<%\s*=[[:space:]]*[\_a-zA-Z0-9][^\%]+
+<%[[:space:]]*=[[:space:]]*[\_a-zA-Z0-9][^\%]+
 innerText[[:space:]]*=[^\;]+\+
 innerHTML[[:space:]]*=[^\;]+\+
 [Vv]alidate[Rr]equest=[\'\"]?false[\'\"]?
@@ -11,7 +11,7 @@ QueryUnescape\(.*
 response.sendRedirect[[:space:]]*\(.*[Rr]equest.*\)
 <c:out.*\$\{param
 # Perl xss signatures
-print\s*.*\$.*->param\(?.*\)?
+print[[:space:]]*.*\$.*->param\(?.*\)?
 # PHP xss signatures
 echo[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
 print[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*

t/t-000.sh

@@ -18,6 +18,8 @@ test_expect_code 1 'exclude files check' '../graudit -x *.js anotherfile'
 test_expect_code 1 'Supress colors check' '../graudit -z anotherfile'
 test_expect_code 1 'High contrast color check' '../graudit -Z anotherfile'
 test_expect_code 1 'Colour blind support check' '../graudit -b anotherfile'
+test_expect_code 1 'GRARGS environment variable test' 'GRARGS="-B -z" ../graudit anotherfile'
+test_expect_code 1 'GRDIR environment variable test' 'GRDIR=../misc/ ../graudit -d rce anotherfile'
 test_expect_code 2 'bad argument' '../graudit -99'
 test_expect_code 1 'Remove carriage returns', 'echo "" | ../graudit -B -d - crlf.txt | xxd | grep -c 0d'
 test_done