codesake-dawn 0.60 → 0.70
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +1 -0
- data/Competitive_matrix.md +18 -4
- data/README.md +26 -44
- data/Roadmap.md +25 -11
- data/bin/dawn +104 -34
- data/{codesake_dawn.gemspec → codesake-dawn.gemspec} +5 -0
- data/features/dawn_complains_about_an_incorrect_command_line.feature +2 -2
- data/features/dawn_scan_a_secure_sinatra_app.feature +4 -4
- data/features/dawn_scan_a_vulnerable_sinatra_app.feature +36 -0
- data/features/step_definition/dawn_steps.rb +8 -2
- data/lib/codesake-dawn.rb +1 -0
- data/lib/codesake/dawn/core.rb +22 -0
- data/lib/codesake/dawn/engine.rb +66 -1
- data/lib/codesake/dawn/kb/cve_2011_0447.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_2197.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_2932.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_3186.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2012_1099.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_1241.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_2140.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_3463.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_3464.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4464.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4466.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4481.rb +28 -0
- data/lib/codesake/dawn/kb/cve_2012_5370.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_5371.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_6134.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_0333.rb +0 -3
- data/lib/codesake/dawn/kb/cve_2013_1821.rb +1 -1
- data/lib/codesake/dawn/kb/pattern_match_check.rb +4 -3
- data/lib/codesake/dawn/kb/ruby_version_check.rb +14 -4
- data/lib/codesake/dawn/knowledge_base.rb +30 -0
- data/lib/codesake/dawn/sinatra.rb +105 -0
- data/lib/codesake/dawn/version.rb +1 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +87 -0
- data/spec/lib/dawn/codesake_sinatra_engine_spec.rb +44 -1
- data/spec/spec_helper.rb +3 -0
- data/spec/support/sinatra-vulnerable/application.rb +6 -0
- data/spec/support/sinatra-vulnerable/disabled.png +0 -0
- data/spec/support/sinatra-vulnerable/views/xss.haml +3 -0
- metadata +91 -15
- data/spec/support/hello_world_3.0.19/.gitignore +0 -4
- data/spec/support/hello_world_3.1.0/.gitignore +0 -5
- data/spec/support/hello_world_3.2.13/.gitignore +0 -15
- data/spec/support/sinatra-safe/.gitignore +0 -6
- data/spec/support/sinatra-vulnerable/.gitignore +0 -6
@@ -225,6 +225,93 @@ describe "The Codesake Dawn knowledge base" do
|
|
225
225
|
sc.class.should == Codesake::Dawn::Kb::CVE_2013_3221
|
226
226
|
end
|
227
227
|
|
228
|
+
it "must have test for CVE-2011-0447" do
|
229
|
+
sc = kb.find("CVE-2011-0447")
|
230
|
+
sc.should_not be_nil
|
231
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_0447
|
232
|
+
end
|
233
|
+
|
234
|
+
it "must have test for CVE-2011-3186" do
|
235
|
+
sc = kb.find("CVE-2011-3186")
|
236
|
+
sc.should_not be_nil
|
237
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_3186
|
238
|
+
end
|
239
|
+
it "must have test for CVE-2012-1099" do
|
240
|
+
sc = kb.find("CVE-2012-1099")
|
241
|
+
sc.should_not be_nil
|
242
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_1099
|
243
|
+
end
|
244
|
+
it "must have test for CVE-2012-1241" do
|
245
|
+
sc = kb.find("CVE-2012-1241")
|
246
|
+
sc.should_not be_nil
|
247
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_1241
|
248
|
+
end
|
249
|
+
it "must have test for CVE-2012-2140" do
|
250
|
+
sc = kb.find("CVE-2012-2140")
|
251
|
+
sc.should_not be_nil
|
252
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_2140
|
253
|
+
end
|
254
|
+
it "must have test for CVE-2012-5370" do
|
255
|
+
sc = kb.find("CVE-2012-5370")
|
256
|
+
sc.should_not be_nil
|
257
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_5370
|
258
|
+
end
|
259
|
+
it "must have test for CVE-2012-5371" do
|
260
|
+
sc = kb.find("CVE-2012-5371")
|
261
|
+
sc.should_not be_nil
|
262
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_5371
|
263
|
+
end
|
264
|
+
it "must have test for CVE-2011-2197" do
|
265
|
+
sc = kb.find("CVE-2011-2197")
|
266
|
+
sc.should_not be_nil
|
267
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_2197
|
268
|
+
end
|
269
|
+
it "must have test for CVE-2011-2932" do
|
270
|
+
sc = kb.find("CVE-2011-2932")
|
271
|
+
sc.should_not be_nil
|
272
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_2932
|
273
|
+
end
|
274
|
+
it "must have test for CVE-2012-3463" do
|
275
|
+
sc = kb.find("CVE-2012-3463")
|
276
|
+
sc.should_not be_nil
|
277
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_3463
|
278
|
+
end
|
279
|
+
it "must have test for CVE-2012-3464" do
|
280
|
+
sc = kb.find("CVE-2012-3464")
|
281
|
+
sc.should_not be_nil
|
282
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_3464
|
283
|
+
end
|
284
|
+
it "must have test for CVE-2012-4464" do
|
285
|
+
sc = kb.find("CVE-2012-4464")
|
286
|
+
sc.should_not be_nil
|
287
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_4464
|
288
|
+
end
|
289
|
+
it "must have test for CVE-2012-4466" do
|
290
|
+
sc = kb.find("CVE-2012-4466")
|
291
|
+
sc.should_not be_nil
|
292
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_4466
|
293
|
+
end
|
294
|
+
it "must have test for CVE-2012-4481" do
|
295
|
+
sc = kb.find("CVE-2012-4481")
|
296
|
+
sc.should_not be_nil
|
297
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_4481
|
298
|
+
end
|
299
|
+
it "must have test for CVE-2012-6134" do
|
300
|
+
sc = kb.find("CVE-2012-6134")
|
301
|
+
sc.should_not be_nil
|
302
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_6134
|
303
|
+
end
|
304
|
+
it "must have test for CVE-2012-6496" do
|
305
|
+
sc = kb.find("CVE-2012-6496")
|
306
|
+
sc.should_not be_nil
|
307
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_6496
|
308
|
+
end
|
309
|
+
|
310
|
+
it "must have test for CVE-2012-6497" do
|
311
|
+
sc = kb.find("CVE-2012-6497")
|
312
|
+
sc.should_not be_nil
|
313
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_6497
|
314
|
+
end
|
228
315
|
|
229
316
|
|
230
317
|
end
|
@@ -7,6 +7,9 @@ describe "The Codesake::Dawn engine for sinatra applications" do
|
|
7
7
|
@engine.name.should == "sinatra"
|
8
8
|
end
|
9
9
|
|
10
|
+
it "detects the default application name" do
|
11
|
+
@engine.appname.should == "application.rb"
|
12
|
+
end
|
10
13
|
it "has a valid target" do
|
11
14
|
@engine.target.should == "./spec/support/sinatra-safe"
|
12
15
|
@engine.target_is_dir?.should be_true
|
@@ -20,6 +23,14 @@ describe "The Codesake::Dawn engine for sinatra applications" do
|
|
20
23
|
@engine.mvc_version.should == "1.4.2"
|
21
24
|
end
|
22
25
|
|
26
|
+
it "detects 2 views" do
|
27
|
+
@engine.views.should == [{:filename=>"./spec/support/sinatra-safe/views/layout.haml", :language=>:haml}, {:filename=>"./spec/support/sinatra-safe/views/root.haml", :language=>:haml}]
|
28
|
+
end
|
29
|
+
it "detects views are written using HAML" do
|
30
|
+
@engine.views[0][:language].should == :haml
|
31
|
+
@engine.views[1][:language].should == :haml
|
32
|
+
end
|
33
|
+
|
23
34
|
it "has some check in the knowledge base" do
|
24
35
|
@engine.checks.should_not be_nil
|
25
36
|
@engine.checks.should_not be_empty
|
@@ -53,7 +64,7 @@ describe "The Codesake::Dawn engine for sinatra applications" do
|
|
53
64
|
end
|
54
65
|
end
|
55
66
|
|
56
|
-
describe "applied do the sinatra-vulnerable application
|
67
|
+
describe "applied do the sinatra-vulnerable application" do
|
57
68
|
before (:all) {@engine= Codesake::Dawn::Sinatra.new('./spec/support/sinatra-vulnerable')}
|
58
69
|
it "has a valid target" do
|
59
70
|
@engine.target.should == "./spec/support/sinatra-vulnerable"
|
@@ -80,5 +91,37 @@ describe "The Codesake::Dawn engine for sinatra applications" do
|
|
80
91
|
e2 = Codesake::Dawn::Sinatra.new('./spec/support/sinatra-vulnerable')
|
81
92
|
e2.vulnerabilities.should_not be_empty
|
82
93
|
end
|
94
|
+
|
95
|
+
context "when scanning for XSS" do
|
96
|
+
it "detects 3 views" do
|
97
|
+
@engine.views.should == [
|
98
|
+
{:filename=>"./spec/support/sinatra-vulnerable/views/layout.haml", :language=>:haml},
|
99
|
+
{:filename=>"./spec/support/sinatra-vulnerable/views/root.haml", :language=>:haml},
|
100
|
+
{:filename=>"./spec/support/sinatra-vulnerable/views/xss.haml", :language=>:haml}
|
101
|
+
]
|
102
|
+
end
|
103
|
+
it "detects views are written using HAML" do
|
104
|
+
@engine.views[0][:language].should == :haml
|
105
|
+
@engine.views[1][:language].should == :haml
|
106
|
+
@engine.views[2][:language].should == :haml
|
107
|
+
end
|
108
|
+
|
109
|
+
it "detects a sink on application.rb" do
|
110
|
+
sink = @engine.detect_sinks("application.rb")
|
111
|
+
sink.should == [
|
112
|
+
{:sink_name=>"@xss_param", :sink_kind=>:params, :sink_source=>"name", :sink_line=>26},
|
113
|
+
{:sink_name=>"@my_arr", :sink_kind=>:params, :sink_source=>"second", :sink_line=>27}
|
114
|
+
]
|
115
|
+
end
|
116
|
+
|
117
|
+
it "detects reflected ones in HAML views" do
|
118
|
+
reflected_xss= @engine.detect_reflected_xss
|
119
|
+
@engine.reflected_xss.should_not be_nil
|
120
|
+
@engine.reflected_xss.should_not be_empty
|
121
|
+
@engine.reflected_xss.should == [
|
122
|
+
{:sink_name=>"@xss_param", :sink_kind=>:params, :sink_source=>"name", :sink_line=>26},
|
123
|
+
]
|
124
|
+
end
|
125
|
+
end
|
83
126
|
end
|
84
127
|
end
|
data/spec/spec_helper.rb
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: codesake-dawn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '0.
|
4
|
+
version: '0.70'
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-
|
12
|
+
date: 2013-06-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: codesake_commons
|
@@ -43,6 +43,70 @@ dependencies:
|
|
43
43
|
- - ! '>='
|
44
44
|
- !ruby/object:Gem::Version
|
45
45
|
version: '0'
|
46
|
+
- !ruby/object:Gem::Dependency
|
47
|
+
name: haml
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
none: false
|
50
|
+
requirements:
|
51
|
+
- - ! '>='
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0'
|
54
|
+
type: :runtime
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ! '>='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
- !ruby/object:Gem::Dependency
|
63
|
+
name: parser
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
66
|
+
requirements:
|
67
|
+
- - ! '>='
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0'
|
70
|
+
type: :runtime
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ! '>='
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '0'
|
78
|
+
- !ruby/object:Gem::Dependency
|
79
|
+
name: ptools
|
80
|
+
requirement: !ruby/object:Gem::Requirement
|
81
|
+
none: false
|
82
|
+
requirements:
|
83
|
+
- - ! '>='
|
84
|
+
- !ruby/object:Gem::Version
|
85
|
+
version: '0'
|
86
|
+
type: :runtime
|
87
|
+
prerelease: false
|
88
|
+
version_requirements: !ruby/object:Gem::Requirement
|
89
|
+
none: false
|
90
|
+
requirements:
|
91
|
+
- - ! '>='
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: '0'
|
94
|
+
- !ruby/object:Gem::Dependency
|
95
|
+
name: coveralls
|
96
|
+
requirement: !ruby/object:Gem::Requirement
|
97
|
+
none: false
|
98
|
+
requirements:
|
99
|
+
- - ! '>='
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: '0'
|
102
|
+
type: :runtime
|
103
|
+
prerelease: false
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
105
|
+
none: false
|
106
|
+
requirements:
|
107
|
+
- - ! '>='
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: '0'
|
46
110
|
- !ruby/object:Gem::Dependency
|
47
111
|
name: rake
|
48
112
|
requirement: !ruby/object:Gem::Requirement
|
@@ -145,20 +209,37 @@ files:
|
|
145
209
|
- Roadmap.md
|
146
210
|
- TODO.md
|
147
211
|
- bin/dawn
|
148
|
-
-
|
212
|
+
- codesake-dawn.gemspec
|
149
213
|
- features/dawn_complains_about_an_incorrect_command_line.feature
|
150
214
|
- features/dawn_scan_a_secure_sinatra_app.feature
|
215
|
+
- features/dawn_scan_a_vulnerable_sinatra_app.feature
|
151
216
|
- features/step_definition/dawn_steps.rb
|
152
217
|
- features/support/env.rb
|
153
218
|
- lib/codesake-dawn.rb
|
219
|
+
- lib/codesake/dawn/core.rb
|
154
220
|
- lib/codesake/dawn/engine.rb
|
155
221
|
- lib/codesake/dawn/kb/basic_check.rb
|
222
|
+
- lib/codesake/dawn/kb/cve_2011_0447.rb
|
223
|
+
- lib/codesake/dawn/kb/cve_2011_2197.rb
|
156
224
|
- lib/codesake/dawn/kb/cve_2011_2931.rb
|
225
|
+
- lib/codesake/dawn/kb/cve_2011_2932.rb
|
226
|
+
- lib/codesake/dawn/kb/cve_2011_3186.rb
|
227
|
+
- lib/codesake/dawn/kb/cve_2012_1099.rb
|
228
|
+
- lib/codesake/dawn/kb/cve_2012_1241.rb
|
229
|
+
- lib/codesake/dawn/kb/cve_2012_2140.rb
|
157
230
|
- lib/codesake/dawn/kb/cve_2012_2660.rb
|
158
231
|
- lib/codesake/dawn/kb/cve_2012_2661.rb
|
159
232
|
- lib/codesake/dawn/kb/cve_2012_2694.rb
|
160
233
|
- lib/codesake/dawn/kb/cve_2012_2695.rb
|
234
|
+
- lib/codesake/dawn/kb/cve_2012_3463.rb
|
235
|
+
- lib/codesake/dawn/kb/cve_2012_3464.rb
|
161
236
|
- lib/codesake/dawn/kb/cve_2012_3465.rb
|
237
|
+
- lib/codesake/dawn/kb/cve_2012_4464.rb
|
238
|
+
- lib/codesake/dawn/kb/cve_2012_4466.rb
|
239
|
+
- lib/codesake/dawn/kb/cve_2012_4481.rb
|
240
|
+
- lib/codesake/dawn/kb/cve_2012_5370.rb
|
241
|
+
- lib/codesake/dawn/kb/cve_2012_5371.rb
|
242
|
+
- lib/codesake/dawn/kb/cve_2012_6134.rb
|
162
243
|
- lib/codesake/dawn/kb/cve_2012_6496.rb
|
163
244
|
- lib/codesake/dawn/kb/cve_2012_6497.rb
|
164
245
|
- lib/codesake/dawn/kb/cve_2013_0155.rb
|
@@ -205,7 +286,6 @@ files:
|
|
205
286
|
- spec/lib/kb/codesake_cve_2013_0175_spec.rb
|
206
287
|
- spec/lib/kb/codesake_ruby_version_check_spec.rb
|
207
288
|
- spec/spec_helper.rb
|
208
|
-
- spec/support/hello_world_3.0.19/.gitignore
|
209
289
|
- spec/support/hello_world_3.0.19/Gemfile
|
210
290
|
- spec/support/hello_world_3.0.19/README
|
211
291
|
- spec/support/hello_world_3.0.19/Rakefile
|
@@ -247,7 +327,6 @@ files:
|
|
247
327
|
- spec/support/hello_world_3.0.19/test/performance/browsing_test.rb
|
248
328
|
- spec/support/hello_world_3.0.19/test/test_helper.rb
|
249
329
|
- spec/support/hello_world_3.0.19/vendor/plugins/.gitkeep
|
250
|
-
- spec/support/hello_world_3.1.0/.gitignore
|
251
330
|
- spec/support/hello_world_3.1.0/Gemfile
|
252
331
|
- spec/support/hello_world_3.1.0/README
|
253
332
|
- spec/support/hello_world_3.1.0/Rakefile
|
@@ -294,7 +373,6 @@ files:
|
|
294
373
|
- spec/support/hello_world_3.1.0/test/unit/.gitkeep
|
295
374
|
- spec/support/hello_world_3.1.0/vendor/assets/stylesheets/.gitkeep
|
296
375
|
- spec/support/hello_world_3.1.0/vendor/plugins/.gitkeep
|
297
|
-
- spec/support/hello_world_3.2.13/.gitignore
|
298
376
|
- spec/support/hello_world_3.2.13/Gemfile
|
299
377
|
- spec/support/hello_world_3.2.13/README.rdoc
|
300
378
|
- spec/support/hello_world_3.2.13/Rakefile
|
@@ -344,7 +422,6 @@ files:
|
|
344
422
|
- spec/support/hello_world_3.2.13/vendor/plugins/.gitkeep
|
345
423
|
- spec/support/lorem.txt
|
346
424
|
- spec/support/sinatra-safe/.gems
|
347
|
-
- spec/support/sinatra-safe/.gitignore
|
348
425
|
- spec/support/sinatra-safe/Gemfile
|
349
426
|
- spec/support/sinatra-safe/MIT-LICENSE
|
350
427
|
- spec/support/sinatra-safe/README.rdoc
|
@@ -358,19 +435,20 @@ files:
|
|
358
435
|
- spec/support/sinatra-safe/views/layout.haml
|
359
436
|
- spec/support/sinatra-safe/views/root.haml
|
360
437
|
- spec/support/sinatra-vulnerable/.gems
|
361
|
-
- spec/support/sinatra-vulnerable/.gitignore
|
362
438
|
- spec/support/sinatra-vulnerable/Gemfile
|
363
439
|
- spec/support/sinatra-vulnerable/MIT-LICENSE
|
364
440
|
- spec/support/sinatra-vulnerable/README.rdoc
|
365
441
|
- spec/support/sinatra-vulnerable/Rakefile
|
366
442
|
- spec/support/sinatra-vulnerable/application.rb
|
367
443
|
- spec/support/sinatra-vulnerable/config.ru
|
444
|
+
- spec/support/sinatra-vulnerable/disabled.png
|
368
445
|
- spec/support/sinatra-vulnerable/environment.rb
|
369
446
|
- spec/support/sinatra-vulnerable/lib/profile.rb
|
370
447
|
- spec/support/sinatra-vulnerable/public/main.css
|
371
448
|
- spec/support/sinatra-vulnerable/script/console
|
372
449
|
- spec/support/sinatra-vulnerable/views/layout.haml
|
373
450
|
- spec/support/sinatra-vulnerable/views/root.haml
|
451
|
+
- spec/support/sinatra-vulnerable/views/xss.haml
|
374
452
|
homepage: http://codesake.com
|
375
453
|
licenses: []
|
376
454
|
post_install_message:
|
@@ -385,7 +463,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
385
463
|
version: '0'
|
386
464
|
segments:
|
387
465
|
- 0
|
388
|
-
hash:
|
466
|
+
hash: -4262732666483923590
|
389
467
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
390
468
|
none: false
|
391
469
|
requirements:
|
@@ -394,7 +472,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
394
472
|
version: '0'
|
395
473
|
segments:
|
396
474
|
- 0
|
397
|
-
hash:
|
475
|
+
hash: -4262732666483923590
|
398
476
|
requirements: []
|
399
477
|
rubyforge_project:
|
400
478
|
rubygems_version: 1.8.25
|
@@ -405,6 +483,7 @@ summary: dawn is a security static source code analyzer for sinatra, padrino and
|
|
405
483
|
test_files:
|
406
484
|
- features/dawn_complains_about_an_incorrect_command_line.feature
|
407
485
|
- features/dawn_scan_a_secure_sinatra_app.feature
|
486
|
+
- features/dawn_scan_a_vulnerable_sinatra_app.feature
|
408
487
|
- features/step_definition/dawn_steps.rb
|
409
488
|
- features/support/env.rb
|
410
489
|
- spec/lib/dawn/codesake_knowledgebase_spec.rb
|
@@ -413,7 +492,6 @@ test_files:
|
|
413
492
|
- spec/lib/kb/codesake_cve_2013_0175_spec.rb
|
414
493
|
- spec/lib/kb/codesake_ruby_version_check_spec.rb
|
415
494
|
- spec/spec_helper.rb
|
416
|
-
- spec/support/hello_world_3.0.19/.gitignore
|
417
495
|
- spec/support/hello_world_3.0.19/Gemfile
|
418
496
|
- spec/support/hello_world_3.0.19/README
|
419
497
|
- spec/support/hello_world_3.0.19/Rakefile
|
@@ -455,7 +533,6 @@ test_files:
|
|
455
533
|
- spec/support/hello_world_3.0.19/test/performance/browsing_test.rb
|
456
534
|
- spec/support/hello_world_3.0.19/test/test_helper.rb
|
457
535
|
- spec/support/hello_world_3.0.19/vendor/plugins/.gitkeep
|
458
|
-
- spec/support/hello_world_3.1.0/.gitignore
|
459
536
|
- spec/support/hello_world_3.1.0/Gemfile
|
460
537
|
- spec/support/hello_world_3.1.0/README
|
461
538
|
- spec/support/hello_world_3.1.0/Rakefile
|
@@ -502,7 +579,6 @@ test_files:
|
|
502
579
|
- spec/support/hello_world_3.1.0/test/unit/.gitkeep
|
503
580
|
- spec/support/hello_world_3.1.0/vendor/assets/stylesheets/.gitkeep
|
504
581
|
- spec/support/hello_world_3.1.0/vendor/plugins/.gitkeep
|
505
|
-
- spec/support/hello_world_3.2.13/.gitignore
|
506
582
|
- spec/support/hello_world_3.2.13/Gemfile
|
507
583
|
- spec/support/hello_world_3.2.13/README.rdoc
|
508
584
|
- spec/support/hello_world_3.2.13/Rakefile
|
@@ -552,7 +628,6 @@ test_files:
|
|
552
628
|
- spec/support/hello_world_3.2.13/vendor/plugins/.gitkeep
|
553
629
|
- spec/support/lorem.txt
|
554
630
|
- spec/support/sinatra-safe/.gems
|
555
|
-
- spec/support/sinatra-safe/.gitignore
|
556
631
|
- spec/support/sinatra-safe/Gemfile
|
557
632
|
- spec/support/sinatra-safe/MIT-LICENSE
|
558
633
|
- spec/support/sinatra-safe/README.rdoc
|
@@ -566,16 +641,17 @@ test_files:
|
|
566
641
|
- spec/support/sinatra-safe/views/layout.haml
|
567
642
|
- spec/support/sinatra-safe/views/root.haml
|
568
643
|
- spec/support/sinatra-vulnerable/.gems
|
569
|
-
- spec/support/sinatra-vulnerable/.gitignore
|
570
644
|
- spec/support/sinatra-vulnerable/Gemfile
|
571
645
|
- spec/support/sinatra-vulnerable/MIT-LICENSE
|
572
646
|
- spec/support/sinatra-vulnerable/README.rdoc
|
573
647
|
- spec/support/sinatra-vulnerable/Rakefile
|
574
648
|
- spec/support/sinatra-vulnerable/application.rb
|
575
649
|
- spec/support/sinatra-vulnerable/config.ru
|
650
|
+
- spec/support/sinatra-vulnerable/disabled.png
|
576
651
|
- spec/support/sinatra-vulnerable/environment.rb
|
577
652
|
- spec/support/sinatra-vulnerable/lib/profile.rb
|
578
653
|
- spec/support/sinatra-vulnerable/public/main.css
|
579
654
|
- spec/support/sinatra-vulnerable/script/console
|
580
655
|
- spec/support/sinatra-vulnerable/views/layout.haml
|
581
656
|
- spec/support/sinatra-vulnerable/views/root.haml
|
657
|
+
- spec/support/sinatra-vulnerable/views/xss.haml
|