codesake-dawn 0.60 → 0.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. data/.gitignore +1 -0
  2. data/Competitive_matrix.md +18 -4
  3. data/README.md +26 -44
  4. data/Roadmap.md +25 -11
  5. data/bin/dawn +104 -34
  6. data/{codesake_dawn.gemspec → codesake-dawn.gemspec} +5 -0
  7. data/features/dawn_complains_about_an_incorrect_command_line.feature +2 -2
  8. data/features/dawn_scan_a_secure_sinatra_app.feature +4 -4
  9. data/features/dawn_scan_a_vulnerable_sinatra_app.feature +36 -0
  10. data/features/step_definition/dawn_steps.rb +8 -2
  11. data/lib/codesake-dawn.rb +1 -0
  12. data/lib/codesake/dawn/core.rb +22 -0
  13. data/lib/codesake/dawn/engine.rb +66 -1
  14. data/lib/codesake/dawn/kb/cve_2011_0447.rb +30 -0
  15. data/lib/codesake/dawn/kb/cve_2011_2197.rb +29 -0
  16. data/lib/codesake/dawn/kb/cve_2011_2932.rb +29 -0
  17. data/lib/codesake/dawn/kb/cve_2011_3186.rb +31 -0
  18. data/lib/codesake/dawn/kb/cve_2012_1099.rb +29 -0
  19. data/lib/codesake/dawn/kb/cve_2012_1241.rb +29 -0
  20. data/lib/codesake/dawn/kb/cve_2012_2140.rb +29 -0
  21. data/lib/codesake/dawn/kb/cve_2012_3463.rb +29 -0
  22. data/lib/codesake/dawn/kb/cve_2012_3464.rb +29 -0
  23. data/lib/codesake/dawn/kb/cve_2012_4464.rb +29 -0
  24. data/lib/codesake/dawn/kb/cve_2012_4466.rb +29 -0
  25. data/lib/codesake/dawn/kb/cve_2012_4481.rb +28 -0
  26. data/lib/codesake/dawn/kb/cve_2012_5370.rb +29 -0
  27. data/lib/codesake/dawn/kb/cve_2012_5371.rb +29 -0
  28. data/lib/codesake/dawn/kb/cve_2012_6134.rb +29 -0
  29. data/lib/codesake/dawn/kb/cve_2013_0333.rb +0 -3
  30. data/lib/codesake/dawn/kb/cve_2013_1821.rb +1 -1
  31. data/lib/codesake/dawn/kb/pattern_match_check.rb +4 -3
  32. data/lib/codesake/dawn/kb/ruby_version_check.rb +14 -4
  33. data/lib/codesake/dawn/knowledge_base.rb +30 -0
  34. data/lib/codesake/dawn/sinatra.rb +105 -0
  35. data/lib/codesake/dawn/version.rb +1 -1
  36. data/spec/lib/dawn/codesake_knowledgebase_spec.rb +87 -0
  37. data/spec/lib/dawn/codesake_sinatra_engine_spec.rb +44 -1
  38. data/spec/spec_helper.rb +3 -0
  39. data/spec/support/sinatra-vulnerable/application.rb +6 -0
  40. data/spec/support/sinatra-vulnerable/disabled.png +0 -0
  41. data/spec/support/sinatra-vulnerable/views/xss.haml +3 -0
  42. metadata +91 -15
  43. data/spec/support/hello_world_3.0.19/.gitignore +0 -4
  44. data/spec/support/hello_world_3.1.0/.gitignore +0 -5
  45. data/spec/support/hello_world_3.2.13/.gitignore +0 -15
  46. data/spec/support/sinatra-safe/.gitignore +0 -6
  47. data/spec/support/sinatra-vulnerable/.gitignore +0 -6
@@ -1,5 +1,5 @@
1
1
  module Codesake
2
2
  module Dawn
3
- VERSION = "0.60"
3
+ VERSION = "0.70"
4
4
  end
5
5
  end
@@ -225,6 +225,93 @@ describe "The Codesake Dawn knowledge base" do
225
225
  sc.class.should == Codesake::Dawn::Kb::CVE_2013_3221
226
226
  end
227
227
 
228
+ it "must have test for CVE-2011-0447" do
229
+ sc = kb.find("CVE-2011-0447")
230
+ sc.should_not be_nil
231
+ sc.class.should == Codesake::Dawn::Kb::CVE_2011_0447
232
+ end
233
+
234
+ it "must have test for CVE-2011-3186" do
235
+ sc = kb.find("CVE-2011-3186")
236
+ sc.should_not be_nil
237
+ sc.class.should == Codesake::Dawn::Kb::CVE_2011_3186
238
+ end
239
+ it "must have test for CVE-2012-1099" do
240
+ sc = kb.find("CVE-2012-1099")
241
+ sc.should_not be_nil
242
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_1099
243
+ end
244
+ it "must have test for CVE-2012-1241" do
245
+ sc = kb.find("CVE-2012-1241")
246
+ sc.should_not be_nil
247
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_1241
248
+ end
249
+ it "must have test for CVE-2012-2140" do
250
+ sc = kb.find("CVE-2012-2140")
251
+ sc.should_not be_nil
252
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_2140
253
+ end
254
+ it "must have test for CVE-2012-5370" do
255
+ sc = kb.find("CVE-2012-5370")
256
+ sc.should_not be_nil
257
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_5370
258
+ end
259
+ it "must have test for CVE-2012-5371" do
260
+ sc = kb.find("CVE-2012-5371")
261
+ sc.should_not be_nil
262
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_5371
263
+ end
264
+ it "must have test for CVE-2011-2197" do
265
+ sc = kb.find("CVE-2011-2197")
266
+ sc.should_not be_nil
267
+ sc.class.should == Codesake::Dawn::Kb::CVE_2011_2197
268
+ end
269
+ it "must have test for CVE-2011-2932" do
270
+ sc = kb.find("CVE-2011-2932")
271
+ sc.should_not be_nil
272
+ sc.class.should == Codesake::Dawn::Kb::CVE_2011_2932
273
+ end
274
+ it "must have test for CVE-2012-3463" do
275
+ sc = kb.find("CVE-2012-3463")
276
+ sc.should_not be_nil
277
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_3463
278
+ end
279
+ it "must have test for CVE-2012-3464" do
280
+ sc = kb.find("CVE-2012-3464")
281
+ sc.should_not be_nil
282
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_3464
283
+ end
284
+ it "must have test for CVE-2012-4464" do
285
+ sc = kb.find("CVE-2012-4464")
286
+ sc.should_not be_nil
287
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_4464
288
+ end
289
+ it "must have test for CVE-2012-4466" do
290
+ sc = kb.find("CVE-2012-4466")
291
+ sc.should_not be_nil
292
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_4466
293
+ end
294
+ it "must have test for CVE-2012-4481" do
295
+ sc = kb.find("CVE-2012-4481")
296
+ sc.should_not be_nil
297
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_4481
298
+ end
299
+ it "must have test for CVE-2012-6134" do
300
+ sc = kb.find("CVE-2012-6134")
301
+ sc.should_not be_nil
302
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_6134
303
+ end
304
+ it "must have test for CVE-2012-6496" do
305
+ sc = kb.find("CVE-2012-6496")
306
+ sc.should_not be_nil
307
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_6496
308
+ end
309
+
310
+ it "must have test for CVE-2012-6497" do
311
+ sc = kb.find("CVE-2012-6497")
312
+ sc.should_not be_nil
313
+ sc.class.should == Codesake::Dawn::Kb::CVE_2012_6497
314
+ end
228
315
 
229
316
 
230
317
  end
@@ -7,6 +7,9 @@ describe "The Codesake::Dawn engine for sinatra applications" do
7
7
  @engine.name.should == "sinatra"
8
8
  end
9
9
 
10
+ it "detects the default application name" do
11
+ @engine.appname.should == "application.rb"
12
+ end
10
13
  it "has a valid target" do
11
14
  @engine.target.should == "./spec/support/sinatra-safe"
12
15
  @engine.target_is_dir?.should be_true
@@ -20,6 +23,14 @@ describe "The Codesake::Dawn engine for sinatra applications" do
20
23
  @engine.mvc_version.should == "1.4.2"
21
24
  end
22
25
 
26
+ it "detects 2 views" do
27
+ @engine.views.should == [{:filename=>"./spec/support/sinatra-safe/views/layout.haml", :language=>:haml}, {:filename=>"./spec/support/sinatra-safe/views/root.haml", :language=>:haml}]
28
+ end
29
+ it "detects views are written using HAML" do
30
+ @engine.views[0][:language].should == :haml
31
+ @engine.views[1][:language].should == :haml
32
+ end
33
+
23
34
  it "has some check in the knowledge base" do
24
35
  @engine.checks.should_not be_nil
25
36
  @engine.checks.should_not be_empty
@@ -53,7 +64,7 @@ describe "The Codesake::Dawn engine for sinatra applications" do
53
64
  end
54
65
  end
55
66
 
56
- describe "applied do the sinatra-vulnerable application do" do
67
+ describe "applied do the sinatra-vulnerable application" do
57
68
  before (:all) {@engine= Codesake::Dawn::Sinatra.new('./spec/support/sinatra-vulnerable')}
58
69
  it "has a valid target" do
59
70
  @engine.target.should == "./spec/support/sinatra-vulnerable"
@@ -80,5 +91,37 @@ describe "The Codesake::Dawn engine for sinatra applications" do
80
91
  e2 = Codesake::Dawn::Sinatra.new('./spec/support/sinatra-vulnerable')
81
92
  e2.vulnerabilities.should_not be_empty
82
93
  end
94
+
95
+ context "when scanning for XSS" do
96
+ it "detects 3 views" do
97
+ @engine.views.should == [
98
+ {:filename=>"./spec/support/sinatra-vulnerable/views/layout.haml", :language=>:haml},
99
+ {:filename=>"./spec/support/sinatra-vulnerable/views/root.haml", :language=>:haml},
100
+ {:filename=>"./spec/support/sinatra-vulnerable/views/xss.haml", :language=>:haml}
101
+ ]
102
+ end
103
+ it "detects views are written using HAML" do
104
+ @engine.views[0][:language].should == :haml
105
+ @engine.views[1][:language].should == :haml
106
+ @engine.views[2][:language].should == :haml
107
+ end
108
+
109
+ it "detects a sink on application.rb" do
110
+ sink = @engine.detect_sinks("application.rb")
111
+ sink.should == [
112
+ {:sink_name=>"@xss_param", :sink_kind=>:params, :sink_source=>"name", :sink_line=>26},
113
+ {:sink_name=>"@my_arr", :sink_kind=>:params, :sink_source=>"second", :sink_line=>27}
114
+ ]
115
+ end
116
+
117
+ it "detects reflected ones in HAML views" do
118
+ reflected_xss= @engine.detect_reflected_xss
119
+ @engine.reflected_xss.should_not be_nil
120
+ @engine.reflected_xss.should_not be_empty
121
+ @engine.reflected_xss.should == [
122
+ {:sink_name=>"@xss_param", :sink_kind=>:params, :sink_source=>"name", :sink_line=>26},
123
+ ]
124
+ end
125
+ end
83
126
  end
84
127
  end
@@ -1 +1,4 @@
1
+ require 'coveralls'
2
+
1
3
  require 'codesake-dawn'
4
+ Coveralls.wear!
@@ -22,6 +22,12 @@ get '/' do
22
22
  haml :root
23
23
  end
24
24
 
25
+ get '/xss' do
26
+ @xss_param = params['name']
27
+ @my_arr[0] = params['second']
28
+ haml :xss
29
+ end
30
+
25
31
  # FIXME: I must raise an error here
26
32
  get '/foo' do
27
33
  haml :bar
@@ -0,0 +1,3 @@
1
+ %h2 xss
2
+ %p
3
+ =@xss_param
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: codesake-dawn
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.60'
4
+ version: '0.70'
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-05-28 00:00:00.000000000 Z
12
+ date: 2013-06-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: codesake_commons
@@ -43,6 +43,70 @@ dependencies:
43
43
  - - ! '>='
44
44
  - !ruby/object:Gem::Version
45
45
  version: '0'
46
+ - !ruby/object:Gem::Dependency
47
+ name: haml
48
+ requirement: !ruby/object:Gem::Requirement
49
+ none: false
50
+ requirements:
51
+ - - ! '>='
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
54
+ type: :runtime
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
58
+ requirements:
59
+ - - ! '>='
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ - !ruby/object:Gem::Dependency
63
+ name: parser
64
+ requirement: !ruby/object:Gem::Requirement
65
+ none: false
66
+ requirements:
67
+ - - ! '>='
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ type: :runtime
71
+ prerelease: false
72
+ version_requirements: !ruby/object:Gem::Requirement
73
+ none: false
74
+ requirements:
75
+ - - ! '>='
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
78
+ - !ruby/object:Gem::Dependency
79
+ name: ptools
80
+ requirement: !ruby/object:Gem::Requirement
81
+ none: false
82
+ requirements:
83
+ - - ! '>='
84
+ - !ruby/object:Gem::Version
85
+ version: '0'
86
+ type: :runtime
87
+ prerelease: false
88
+ version_requirements: !ruby/object:Gem::Requirement
89
+ none: false
90
+ requirements:
91
+ - - ! '>='
92
+ - !ruby/object:Gem::Version
93
+ version: '0'
94
+ - !ruby/object:Gem::Dependency
95
+ name: coveralls
96
+ requirement: !ruby/object:Gem::Requirement
97
+ none: false
98
+ requirements:
99
+ - - ! '>='
100
+ - !ruby/object:Gem::Version
101
+ version: '0'
102
+ type: :runtime
103
+ prerelease: false
104
+ version_requirements: !ruby/object:Gem::Requirement
105
+ none: false
106
+ requirements:
107
+ - - ! '>='
108
+ - !ruby/object:Gem::Version
109
+ version: '0'
46
110
  - !ruby/object:Gem::Dependency
47
111
  name: rake
48
112
  requirement: !ruby/object:Gem::Requirement
@@ -145,20 +209,37 @@ files:
145
209
  - Roadmap.md
146
210
  - TODO.md
147
211
  - bin/dawn
148
- - codesake_dawn.gemspec
212
+ - codesake-dawn.gemspec
149
213
  - features/dawn_complains_about_an_incorrect_command_line.feature
150
214
  - features/dawn_scan_a_secure_sinatra_app.feature
215
+ - features/dawn_scan_a_vulnerable_sinatra_app.feature
151
216
  - features/step_definition/dawn_steps.rb
152
217
  - features/support/env.rb
153
218
  - lib/codesake-dawn.rb
219
+ - lib/codesake/dawn/core.rb
154
220
  - lib/codesake/dawn/engine.rb
155
221
  - lib/codesake/dawn/kb/basic_check.rb
222
+ - lib/codesake/dawn/kb/cve_2011_0447.rb
223
+ - lib/codesake/dawn/kb/cve_2011_2197.rb
156
224
  - lib/codesake/dawn/kb/cve_2011_2931.rb
225
+ - lib/codesake/dawn/kb/cve_2011_2932.rb
226
+ - lib/codesake/dawn/kb/cve_2011_3186.rb
227
+ - lib/codesake/dawn/kb/cve_2012_1099.rb
228
+ - lib/codesake/dawn/kb/cve_2012_1241.rb
229
+ - lib/codesake/dawn/kb/cve_2012_2140.rb
157
230
  - lib/codesake/dawn/kb/cve_2012_2660.rb
158
231
  - lib/codesake/dawn/kb/cve_2012_2661.rb
159
232
  - lib/codesake/dawn/kb/cve_2012_2694.rb
160
233
  - lib/codesake/dawn/kb/cve_2012_2695.rb
234
+ - lib/codesake/dawn/kb/cve_2012_3463.rb
235
+ - lib/codesake/dawn/kb/cve_2012_3464.rb
161
236
  - lib/codesake/dawn/kb/cve_2012_3465.rb
237
+ - lib/codesake/dawn/kb/cve_2012_4464.rb
238
+ - lib/codesake/dawn/kb/cve_2012_4466.rb
239
+ - lib/codesake/dawn/kb/cve_2012_4481.rb
240
+ - lib/codesake/dawn/kb/cve_2012_5370.rb
241
+ - lib/codesake/dawn/kb/cve_2012_5371.rb
242
+ - lib/codesake/dawn/kb/cve_2012_6134.rb
162
243
  - lib/codesake/dawn/kb/cve_2012_6496.rb
163
244
  - lib/codesake/dawn/kb/cve_2012_6497.rb
164
245
  - lib/codesake/dawn/kb/cve_2013_0155.rb
@@ -205,7 +286,6 @@ files:
205
286
  - spec/lib/kb/codesake_cve_2013_0175_spec.rb
206
287
  - spec/lib/kb/codesake_ruby_version_check_spec.rb
207
288
  - spec/spec_helper.rb
208
- - spec/support/hello_world_3.0.19/.gitignore
209
289
  - spec/support/hello_world_3.0.19/Gemfile
210
290
  - spec/support/hello_world_3.0.19/README
211
291
  - spec/support/hello_world_3.0.19/Rakefile
@@ -247,7 +327,6 @@ files:
247
327
  - spec/support/hello_world_3.0.19/test/performance/browsing_test.rb
248
328
  - spec/support/hello_world_3.0.19/test/test_helper.rb
249
329
  - spec/support/hello_world_3.0.19/vendor/plugins/.gitkeep
250
- - spec/support/hello_world_3.1.0/.gitignore
251
330
  - spec/support/hello_world_3.1.0/Gemfile
252
331
  - spec/support/hello_world_3.1.0/README
253
332
  - spec/support/hello_world_3.1.0/Rakefile
@@ -294,7 +373,6 @@ files:
294
373
  - spec/support/hello_world_3.1.0/test/unit/.gitkeep
295
374
  - spec/support/hello_world_3.1.0/vendor/assets/stylesheets/.gitkeep
296
375
  - spec/support/hello_world_3.1.0/vendor/plugins/.gitkeep
297
- - spec/support/hello_world_3.2.13/.gitignore
298
376
  - spec/support/hello_world_3.2.13/Gemfile
299
377
  - spec/support/hello_world_3.2.13/README.rdoc
300
378
  - spec/support/hello_world_3.2.13/Rakefile
@@ -344,7 +422,6 @@ files:
344
422
  - spec/support/hello_world_3.2.13/vendor/plugins/.gitkeep
345
423
  - spec/support/lorem.txt
346
424
  - spec/support/sinatra-safe/.gems
347
- - spec/support/sinatra-safe/.gitignore
348
425
  - spec/support/sinatra-safe/Gemfile
349
426
  - spec/support/sinatra-safe/MIT-LICENSE
350
427
  - spec/support/sinatra-safe/README.rdoc
@@ -358,19 +435,20 @@ files:
358
435
  - spec/support/sinatra-safe/views/layout.haml
359
436
  - spec/support/sinatra-safe/views/root.haml
360
437
  - spec/support/sinatra-vulnerable/.gems
361
- - spec/support/sinatra-vulnerable/.gitignore
362
438
  - spec/support/sinatra-vulnerable/Gemfile
363
439
  - spec/support/sinatra-vulnerable/MIT-LICENSE
364
440
  - spec/support/sinatra-vulnerable/README.rdoc
365
441
  - spec/support/sinatra-vulnerable/Rakefile
366
442
  - spec/support/sinatra-vulnerable/application.rb
367
443
  - spec/support/sinatra-vulnerable/config.ru
444
+ - spec/support/sinatra-vulnerable/disabled.png
368
445
  - spec/support/sinatra-vulnerable/environment.rb
369
446
  - spec/support/sinatra-vulnerable/lib/profile.rb
370
447
  - spec/support/sinatra-vulnerable/public/main.css
371
448
  - spec/support/sinatra-vulnerable/script/console
372
449
  - spec/support/sinatra-vulnerable/views/layout.haml
373
450
  - spec/support/sinatra-vulnerable/views/root.haml
451
+ - spec/support/sinatra-vulnerable/views/xss.haml
374
452
  homepage: http://codesake.com
375
453
  licenses: []
376
454
  post_install_message:
@@ -385,7 +463,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
385
463
  version: '0'
386
464
  segments:
387
465
  - 0
388
- hash: 4144472411104473385
466
+ hash: -4262732666483923590
389
467
  required_rubygems_version: !ruby/object:Gem::Requirement
390
468
  none: false
391
469
  requirements:
@@ -394,7 +472,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
394
472
  version: '0'
395
473
  segments:
396
474
  - 0
397
- hash: 4144472411104473385
475
+ hash: -4262732666483923590
398
476
  requirements: []
399
477
  rubyforge_project:
400
478
  rubygems_version: 1.8.25
@@ -405,6 +483,7 @@ summary: dawn is a security static source code analyzer for sinatra, padrino and
405
483
  test_files:
406
484
  - features/dawn_complains_about_an_incorrect_command_line.feature
407
485
  - features/dawn_scan_a_secure_sinatra_app.feature
486
+ - features/dawn_scan_a_vulnerable_sinatra_app.feature
408
487
  - features/step_definition/dawn_steps.rb
409
488
  - features/support/env.rb
410
489
  - spec/lib/dawn/codesake_knowledgebase_spec.rb
@@ -413,7 +492,6 @@ test_files:
413
492
  - spec/lib/kb/codesake_cve_2013_0175_spec.rb
414
493
  - spec/lib/kb/codesake_ruby_version_check_spec.rb
415
494
  - spec/spec_helper.rb
416
- - spec/support/hello_world_3.0.19/.gitignore
417
495
  - spec/support/hello_world_3.0.19/Gemfile
418
496
  - spec/support/hello_world_3.0.19/README
419
497
  - spec/support/hello_world_3.0.19/Rakefile
@@ -455,7 +533,6 @@ test_files:
455
533
  - spec/support/hello_world_3.0.19/test/performance/browsing_test.rb
456
534
  - spec/support/hello_world_3.0.19/test/test_helper.rb
457
535
  - spec/support/hello_world_3.0.19/vendor/plugins/.gitkeep
458
- - spec/support/hello_world_3.1.0/.gitignore
459
536
  - spec/support/hello_world_3.1.0/Gemfile
460
537
  - spec/support/hello_world_3.1.0/README
461
538
  - spec/support/hello_world_3.1.0/Rakefile
@@ -502,7 +579,6 @@ test_files:
502
579
  - spec/support/hello_world_3.1.0/test/unit/.gitkeep
503
580
  - spec/support/hello_world_3.1.0/vendor/assets/stylesheets/.gitkeep
504
581
  - spec/support/hello_world_3.1.0/vendor/plugins/.gitkeep
505
- - spec/support/hello_world_3.2.13/.gitignore
506
582
  - spec/support/hello_world_3.2.13/Gemfile
507
583
  - spec/support/hello_world_3.2.13/README.rdoc
508
584
  - spec/support/hello_world_3.2.13/Rakefile
@@ -552,7 +628,6 @@ test_files:
552
628
  - spec/support/hello_world_3.2.13/vendor/plugins/.gitkeep
553
629
  - spec/support/lorem.txt
554
630
  - spec/support/sinatra-safe/.gems
555
- - spec/support/sinatra-safe/.gitignore
556
631
  - spec/support/sinatra-safe/Gemfile
557
632
  - spec/support/sinatra-safe/MIT-LICENSE
558
633
  - spec/support/sinatra-safe/README.rdoc
@@ -566,16 +641,17 @@ test_files:
566
641
  - spec/support/sinatra-safe/views/layout.haml
567
642
  - spec/support/sinatra-safe/views/root.haml
568
643
  - spec/support/sinatra-vulnerable/.gems
569
- - spec/support/sinatra-vulnerable/.gitignore
570
644
  - spec/support/sinatra-vulnerable/Gemfile
571
645
  - spec/support/sinatra-vulnerable/MIT-LICENSE
572
646
  - spec/support/sinatra-vulnerable/README.rdoc
573
647
  - spec/support/sinatra-vulnerable/Rakefile
574
648
  - spec/support/sinatra-vulnerable/application.rb
575
649
  - spec/support/sinatra-vulnerable/config.ru
650
+ - spec/support/sinatra-vulnerable/disabled.png
576
651
  - spec/support/sinatra-vulnerable/environment.rb
577
652
  - spec/support/sinatra-vulnerable/lib/profile.rb
578
653
  - spec/support/sinatra-vulnerable/public/main.css
579
654
  - spec/support/sinatra-vulnerable/script/console
580
655
  - spec/support/sinatra-vulnerable/views/layout.haml
581
656
  - spec/support/sinatra-vulnerable/views/root.haml
657
+ - spec/support/sinatra-vulnerable/views/xss.haml