1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
|
#!/usr/bin/env ruby
require 'optparse'
require 'safe_yaml/load'
options = {}
option_parser = OptionParser.new do |opts|
opts.banner = "Usage: safe_yaml [options]"
opts.on("-f", "--file=<path>", "Parse the given YAML file, dump the result to STDOUT") do |file|
options[:file] = file
end
opts.on("--libyaml-check", "Check for libyaml vulnerability CVE-2014-2525 on your system") do
options[:libyaml_check] = true
end
end
option_parser.parse!
def report_libyaml_ok
puts "\e[32mGood news! You definitely have either a patched or up-to-date libyaml version :)\e[39m"
end
def check_for_overflow_bug
YAML.load("--- !#{' ' * 100}")
report_libyaml_ok
end
def perform_libyaml_check(force=false)
unless SafeYAML::LibyamlChecker.libyaml_version_ok?
warn <<-EOM.gsub(/^ /, ' ')
\e[33mSafeYAML Warning\e[39m
\e[33m----------------\e[39m
\e[31mYou may have an outdated version of libyaml (#{SafeYAML::LibyamlChecker::LIBYAML_VERSION}) installed on your system.\e[39m
Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.
For more info, see:
https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
EOM
end
puts <<-EOM.gsub(/^ /, ' ')
Hit Enter to check if your version of libyaml is vulnerable. This will run a test \e[31mwhich may crash\e[39m
\e[31mthe current process\e[39m. If it does, your system is vulnerable and you should do something about it.
Type "nm" and hit Enter if you don't want to run the check.
See the project wiki for more info:
https://github.com/dtao/safe_yaml/wiki/The-libyaml-vulnerability
EOM
if STDIN.readline.chomp("\n") != 'nm'
check_for_overflow_bug
end
end
if options[:libyaml_check]
perform_libyaml_check(options[:force_libyaml_check])
elsif options[:file]
yaml = File.read(options[:file])
result = SafeYAML.load(yaml)
puts result.inspect
else
puts option_parser.help
end
|