search

thesp0nge / dawnscanner

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
MIT License
735 stars 88 forks source link

ptools 1.3.6 check_bom: undefined method #245

Closed innocode-devops closed 3 years ago

innocode-devops commented 4 years ago

Hi there, looks like an upgrade on ptools (1.3.6) repo cause issues with starting dawnscanner /usr/local/bundle/gems/ptools-1.3.6/lib/ptools.rb:440:in check_bom?': undefined methodforce_encoding' for nil:NilClass (NoMethodError)

alecslupu commented 4 years ago

I get the same errors having dawn 1.6.9 

$ gem install dawnscanner
Fetching: ptools-1.3.6.gem (100%)
Successfully installed ptools-1.3.6
Fetching: logger-colors-1.0.0.gem (100%)
Successfully installed logger-colors-1.0.0
Fetching: justify-1.0.2.gem (100%)
Successfully installed justify-1.0.2
Fetching: sys-uname-1.2.1.gem (100%)
Successfully installed sys-uname-1.2.1
Fetching: cvss-0.99.0.gem (100%)
Successfully installed cvss-0.99.0
Fetching: dawnscanner-1.6.9.gem (100%)
Successfully installed dawnscanner-1.6.9
6 gems installed
Traceback (most recent call last):
    11: from $rbenv_dir/bin/dawn:23:in `<main>'
    10: from $rbenv_dir/bin/dawn:23:in `load'
     9: from $rbenv_dir/lib/ruby/gems/2.5.0/gems/dawnscanner-1.6.9/bin/dawn:249:in `<top (required)>'
     8: from $rbenv_dir/lib/ruby/gems/2.5.0/gems/dawnscanner-1.6.9/lib/dawn/engine.rb:314:in `apply_all'
     7: from $rbenv_dir/lib/ruby/gems/2.5.0/gems/dawnscanner-1.6.9/lib/dawn/engine.rb:314:in `each'
     6: from $rbenv_dir/lib/ruby/gems/2.5.0/gems/dawnscanner-1.6.9/lib/dawn/engine.rb:315:in `block in apply_all'
     5: from $rbenv_dir/lib/ruby/gems/2.5.0/gems/dawnscanner-1.6.9/lib/dawn/engine.rb:392:in `_do_apply'
     4: from $rbenv_dir/lib/ruby/gems/2.5.0/gems/dawnscanner-1.6.9/lib/dawn/kb/pattern_match_check.rb:60:in `vuln?'
     3: from $rbenv_dir/lib/ruby/gems/2.5.0/gems/dawnscanner-1.6.9/lib/dawn/kb/pattern_match_check.rb:60:in `each'
     2: from $rbenv_dir/lib/ruby/gems/2.5.0/gems/dawnscanner-1.6.9/lib/dawn/kb/pattern_match_check.rb:64:in `block in vuln?'
     1: from $rbenv_dir/lib/ruby/gems/2.5.0/gems/ptools-1.3.6/lib/ptools.rb:96:in `binary?'
$rbenv_dir/lib/ruby/gems/2.5.0/gems/ptools-1.3.6/lib/ptools.rb:440:in `check_bom?': undefined method `force_encoding' for nil:NilClass (NoMethodError)
alecslupu commented 4 years ago

After a short investiagation, i have noticed the issue is caused by empty (0 bytes) files.

I have submitted a bug fix for ptools, to address the issue.

@innocode-devops, as a work around, try to identify what are the empty files in your project and delete them.

@thesp0nge maybe a good idea would be to skip from scanning the empty files?

thesp0nge commented 3 years ago

Sorry for the delay :)