codesake-dawn 0.60 → 0.70
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +1 -0
- data/Competitive_matrix.md +18 -4
- data/README.md +26 -44
- data/Roadmap.md +25 -11
- data/bin/dawn +104 -34
- data/{codesake_dawn.gemspec → codesake-dawn.gemspec} +5 -0
- data/features/dawn_complains_about_an_incorrect_command_line.feature +2 -2
- data/features/dawn_scan_a_secure_sinatra_app.feature +4 -4
- data/features/dawn_scan_a_vulnerable_sinatra_app.feature +36 -0
- data/features/step_definition/dawn_steps.rb +8 -2
- data/lib/codesake-dawn.rb +1 -0
- data/lib/codesake/dawn/core.rb +22 -0
- data/lib/codesake/dawn/engine.rb +66 -1
- data/lib/codesake/dawn/kb/cve_2011_0447.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_2197.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_2932.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_3186.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2012_1099.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_1241.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_2140.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_3463.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_3464.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4464.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4466.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_4481.rb +28 -0
- data/lib/codesake/dawn/kb/cve_2012_5370.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_5371.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2012_6134.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2013_0333.rb +0 -3
- data/lib/codesake/dawn/kb/cve_2013_1821.rb +1 -1
- data/lib/codesake/dawn/kb/pattern_match_check.rb +4 -3
- data/lib/codesake/dawn/kb/ruby_version_check.rb +14 -4
- data/lib/codesake/dawn/knowledge_base.rb +30 -0
- data/lib/codesake/dawn/sinatra.rb +105 -0
- data/lib/codesake/dawn/version.rb +1 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +87 -0
- data/spec/lib/dawn/codesake_sinatra_engine_spec.rb +44 -1
- data/spec/spec_helper.rb +3 -0
- data/spec/support/sinatra-vulnerable/application.rb +6 -0
- data/spec/support/sinatra-vulnerable/disabled.png +0 -0
- data/spec/support/sinatra-vulnerable/views/xss.haml +3 -0
- metadata +91 -15
- data/spec/support/hello_world_3.0.19/.gitignore +0 -4
- data/spec/support/hello_world_3.1.0/.gitignore +0 -5
- data/spec/support/hello_world_3.2.13/.gitignore +0 -15
- data/spec/support/sinatra-safe/.gitignore +0 -6
- data/spec/support/sinatra-vulnerable/.gitignore +0 -6
@@ -225,6 +225,93 @@ describe "The Codesake Dawn knowledge base" do
|
|
225
225
|
sc.class.should == Codesake::Dawn::Kb::CVE_2013_3221
|
226
226
|
end
|
227
227
|
|
228
|
+
it "must have test for CVE-2011-0447" do
|
229
|
+
sc = kb.find("CVE-2011-0447")
|
230
|
+
sc.should_not be_nil
|
231
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_0447
|
232
|
+
end
|
233
|
+
|
234
|
+
it "must have test for CVE-2011-3186" do
|
235
|
+
sc = kb.find("CVE-2011-3186")
|
236
|
+
sc.should_not be_nil
|
237
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_3186
|
238
|
+
end
|
239
|
+
it "must have test for CVE-2012-1099" do
|
240
|
+
sc = kb.find("CVE-2012-1099")
|
241
|
+
sc.should_not be_nil
|
242
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_1099
|
243
|
+
end
|
244
|
+
it "must have test for CVE-2012-1241" do
|
245
|
+
sc = kb.find("CVE-2012-1241")
|
246
|
+
sc.should_not be_nil
|
247
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_1241
|
248
|
+
end
|
249
|
+
it "must have test for CVE-2012-2140" do
|
250
|
+
sc = kb.find("CVE-2012-2140")
|
251
|
+
sc.should_not be_nil
|
252
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_2140
|
253
|
+
end
|
254
|
+
it "must have test for CVE-2012-5370" do
|
255
|
+
sc = kb.find("CVE-2012-5370")
|
256
|
+
sc.should_not be_nil
|
257
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_5370
|
258
|
+
end
|
259
|
+
it "must have test for CVE-2012-5371" do
|
260
|
+
sc = kb.find("CVE-2012-5371")
|
261
|
+
sc.should_not be_nil
|
262
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_5371
|
263
|
+
end
|
264
|
+
it "must have test for CVE-2011-2197" do
|
265
|
+
sc = kb.find("CVE-2011-2197")
|
266
|
+
sc.should_not be_nil
|
267
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_2197
|
268
|
+
end
|
269
|
+
it "must have test for CVE-2011-2932" do
|
270
|
+
sc = kb.find("CVE-2011-2932")
|
271
|
+
sc.should_not be_nil
|
272
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2011_2932
|
273
|
+
end
|
274
|
+
it "must have test for CVE-2012-3463" do
|
275
|
+
sc = kb.find("CVE-2012-3463")
|
276
|
+
sc.should_not be_nil
|
277
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_3463
|
278
|
+
end
|
279
|
+
it "must have test for CVE-2012-3464" do
|
280
|
+
sc = kb.find("CVE-2012-3464")
|
281
|
+
sc.should_not be_nil
|
282
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_3464
|
283
|
+
end
|
284
|
+
it "must have test for CVE-2012-4464" do
|
285
|
+
sc = kb.find("CVE-2012-4464")
|
286
|
+
sc.should_not be_nil
|
287
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_4464
|
288
|
+
end
|
289
|
+
it "must have test for CVE-2012-4466" do
|
290
|
+
sc = kb.find("CVE-2012-4466")
|
291
|
+
sc.should_not be_nil
|
292
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_4466
|
293
|
+
end
|
294
|
+
it "must have test for CVE-2012-4481" do
|
295
|
+
sc = kb.find("CVE-2012-4481")
|
296
|
+
sc.should_not be_nil
|
297
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_4481
|
298
|
+
end
|
299
|
+
it "must have test for CVE-2012-6134" do
|
300
|
+
sc = kb.find("CVE-2012-6134")
|
301
|
+
sc.should_not be_nil
|
302
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_6134
|
303
|
+
end
|
304
|
+
it "must have test for CVE-2012-6496" do
|
305
|
+
sc = kb.find("CVE-2012-6496")
|
306
|
+
sc.should_not be_nil
|
307
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_6496
|
308
|
+
end
|
309
|
+
|
310
|
+
it "must have test for CVE-2012-6497" do
|
311
|
+
sc = kb.find("CVE-2012-6497")
|
312
|
+
sc.should_not be_nil
|
313
|
+
sc.class.should == Codesake::Dawn::Kb::CVE_2012_6497
|
314
|
+
end
|
228
315
|
|
229
316
|
|
230
317
|
end
|
@@ -7,6 +7,9 @@ describe "The Codesake::Dawn engine for sinatra applications" do
|
|
7
7
|
@engine.name.should == "sinatra"
|
8
8
|
end
|
9
9
|
|
10
|
+
it "detects the default application name" do
|
11
|
+
@engine.appname.should == "application.rb"
|
12
|
+
end
|
10
13
|
it "has a valid target" do
|
11
14
|
@engine.target.should == "./spec/support/sinatra-safe"
|
12
15
|
@engine.target_is_dir?.should be_true
|
@@ -20,6 +23,14 @@ describe "The Codesake::Dawn engine for sinatra applications" do
|
|
20
23
|
@engine.mvc_version.should == "1.4.2"
|
21
24
|
end
|
22
25
|
|
26
|
+
it "detects 2 views" do
|
27
|
+
@engine.views.should == [{:filename=>"./spec/support/sinatra-safe/views/layout.haml", :language=>:haml}, {:filename=>"./spec/support/sinatra-safe/views/root.haml", :language=>:haml}]
|
28
|
+
end
|
29
|
+
it "detects views are written using HAML" do
|
30
|
+
@engine.views[0][:language].should == :haml
|
31
|
+
@engine.views[1][:language].should == :haml
|
32
|
+
end
|
33
|
+
|
23
34
|
it "has some check in the knowledge base" do
|
24
35
|
@engine.checks.should_not be_nil
|
25
36
|
@engine.checks.should_not be_empty
|
@@ -53,7 +64,7 @@ describe "The Codesake::Dawn engine for sinatra applications" do
|
|
53
64
|
end
|
54
65
|
end
|
55
66
|
|
56
|
-
describe "applied do the sinatra-vulnerable application
|
67
|
+
describe "applied do the sinatra-vulnerable application" do
|
57
68
|
before (:all) {@engine= Codesake::Dawn::Sinatra.new('./spec/support/sinatra-vulnerable')}
|
58
69
|
it "has a valid target" do
|
59
70
|
@engine.target.should == "./spec/support/sinatra-vulnerable"
|
@@ -80,5 +91,37 @@ describe "The Codesake::Dawn engine for sinatra applications" do
|
|
80
91
|
e2 = Codesake::Dawn::Sinatra.new('./spec/support/sinatra-vulnerable')
|
81
92
|
e2.vulnerabilities.should_not be_empty
|
82
93
|
end
|
94
|
+
|
95
|
+
context "when scanning for XSS" do
|
96
|
+
it "detects 3 views" do
|
97
|
+
@engine.views.should == [
|
98
|
+
{:filename=>"./spec/support/sinatra-vulnerable/views/layout.haml", :language=>:haml},
|
99
|
+
{:filename=>"./spec/support/sinatra-vulnerable/views/root.haml", :language=>:haml},
|
100
|
+
{:filename=>"./spec/support/sinatra-vulnerable/views/xss.haml", :language=>:haml}
|
101
|
+
]
|
102
|
+
end
|
103
|
+
it "detects views are written using HAML" do
|
104
|
+
@engine.views[0][:language].should == :haml
|
105
|
+
@engine.views[1][:language].should == :haml
|
106
|
+
@engine.views[2][:language].should == :haml
|
107
|
+
end
|
108
|
+
|
109
|
+
it "detects a sink on application.rb" do
|
110
|
+
sink = @engine.detect_sinks("application.rb")
|
111
|
+
sink.should == [
|
112
|
+
{:sink_name=>"@xss_param", :sink_kind=>:params, :sink_source=>"name", :sink_line=>26},
|
113
|
+
{:sink_name=>"@my_arr", :sink_kind=>:params, :sink_source=>"second", :sink_line=>27}
|
114
|
+
]
|
115
|
+
end
|
116
|
+
|
117
|
+
it "detects reflected ones in HAML views" do
|
118
|
+
reflected_xss= @engine.detect_reflected_xss
|
119
|
+
@engine.reflected_xss.should_not be_nil
|
120
|
+
@engine.reflected_xss.should_not be_empty
|
121
|
+
@engine.reflected_xss.should == [
|
122
|
+
{:sink_name=>"@xss_param", :sink_kind=>:params, :sink_source=>"name", :sink_line=>26},
|
123
|
+
]
|
124
|
+
end
|
125
|
+
end
|
83
126
|
end
|
84
127
|
end
|
data/spec/spec_helper.rb
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: codesake-dawn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '0.
|
4
|
+
version: '0.70'
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-
|
12
|
+
date: 2013-06-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: codesake_commons
|
@@ -43,6 +43,70 @@ dependencies:
|
|
43
43
|
- - ! '>='
|
44
44
|
- !ruby/object:Gem::Version
|
45
45
|
version: '0'
|
46
|
+
- !ruby/object:Gem::Dependency
|
47
|
+
name: haml
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
none: false
|
50
|
+
requirements:
|
51
|
+
- - ! '>='
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0'
|
54
|
+
type: :runtime
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ! '>='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
- !ruby/object:Gem::Dependency
|
63
|
+
name: parser
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
66
|
+
requirements:
|
67
|
+
- - ! '>='
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0'
|
70
|
+
type: :runtime
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ! '>='
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '0'
|
78
|
+
- !ruby/object:Gem::Dependency
|
79
|
+
name: ptools
|
80
|
+
requirement: !ruby/object:Gem::Requirement
|
81
|
+
none: false
|
82
|
+
requirements:
|
83
|
+
- - ! '>='
|
84
|
+
- !ruby/object:Gem::Version
|
85
|
+
version: '0'
|
86
|
+
type: :runtime
|
87
|
+
prerelease: false
|
88
|
+
version_requirements: !ruby/object:Gem::Requirement
|
89
|
+
none: false
|
90
|
+
requirements:
|
91
|
+
- - ! '>='
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: '0'
|
94
|
+
- !ruby/object:Gem::Dependency
|
95
|
+
name: coveralls
|
96
|
+
requirement: !ruby/object:Gem::Requirement
|
97
|
+
none: false
|
98
|
+
requirements:
|
99
|
+
- - ! '>='
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: '0'
|
102
|
+
type: :runtime
|
103
|
+
prerelease: false
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
105
|
+
none: false
|
106
|
+
requirements:
|
107
|
+
- - ! '>='
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: '0'
|
46
110
|
- !ruby/object:Gem::Dependency
|
47
111
|
name: rake
|
48
112
|
requirement: !ruby/object:Gem::Requirement
|
@@ -145,20 +209,37 @@ files:
|
|
145
209
|
- Roadmap.md
|
146
210
|
- TODO.md
|
147
211
|
- bin/dawn
|
148
|
-
-
|
212
|
+
- codesake-dawn.gemspec
|
149
213
|
- features/dawn_complains_about_an_incorrect_command_line.feature
|
150
214
|
- features/dawn_scan_a_secure_sinatra_app.feature
|
215
|
+
- features/dawn_scan_a_vulnerable_sinatra_app.feature
|
151
216
|
- features/step_definition/dawn_steps.rb
|
152
217
|
- features/support/env.rb
|
153
218
|
- lib/codesake-dawn.rb
|
219
|
+
- lib/codesake/dawn/core.rb
|
154
220
|
- lib/codesake/dawn/engine.rb
|
155
221
|
- lib/codesake/dawn/kb/basic_check.rb
|
222
|
+
- lib/codesake/dawn/kb/cve_2011_0447.rb
|
223
|
+
- lib/codesake/dawn/kb/cve_2011_2197.rb
|
156
224
|
- lib/codesake/dawn/kb/cve_2011_2931.rb
|
225
|
+
- lib/codesake/dawn/kb/cve_2011_2932.rb
|
226
|
+
- lib/codesake/dawn/kb/cve_2011_3186.rb
|
227
|
+
- lib/codesake/dawn/kb/cve_2012_1099.rb
|
228
|
+
- lib/codesake/dawn/kb/cve_2012_1241.rb
|
229
|
+
- lib/codesake/dawn/kb/cve_2012_2140.rb
|
157
230
|
- lib/codesake/dawn/kb/cve_2012_2660.rb
|
158
231
|
- lib/codesake/dawn/kb/cve_2012_2661.rb
|
159
232
|
- lib/codesake/dawn/kb/cve_2012_2694.rb
|
160
233
|
- lib/codesake/dawn/kb/cve_2012_2695.rb
|
234
|
+
- lib/codesake/dawn/kb/cve_2012_3463.rb
|
235
|
+
- lib/codesake/dawn/kb/cve_2012_3464.rb
|
161
236
|
- lib/codesake/dawn/kb/cve_2012_3465.rb
|
237
|
+
- lib/codesake/dawn/kb/cve_2012_4464.rb
|
238
|
+
- lib/codesake/dawn/kb/cve_2012_4466.rb
|
239
|
+
- lib/codesake/dawn/kb/cve_2012_4481.rb
|
240
|
+
- lib/codesake/dawn/kb/cve_2012_5370.rb
|
241
|
+
- lib/codesake/dawn/kb/cve_2012_5371.rb
|
242
|
+
- lib/codesake/dawn/kb/cve_2012_6134.rb
|
162
243
|
- lib/codesake/dawn/kb/cve_2012_6496.rb
|
163
244
|
- lib/codesake/dawn/kb/cve_2012_6497.rb
|
164
245
|
- lib/codesake/dawn/kb/cve_2013_0155.rb
|
@@ -205,7 +286,6 @@ files:
|
|
205
286
|
- spec/lib/kb/codesake_cve_2013_0175_spec.rb
|
206
287
|
- spec/lib/kb/codesake_ruby_version_check_spec.rb
|
207
288
|
- spec/spec_helper.rb
|
208
|
-
- spec/support/hello_world_3.0.19/.gitignore
|
209
289
|
- spec/support/hello_world_3.0.19/Gemfile
|
210
290
|
- spec/support/hello_world_3.0.19/README
|
211
291
|
- spec/support/hello_world_3.0.19/Rakefile
|
@@ -247,7 +327,6 @@ files:
|
|
247
327
|
- spec/support/hello_world_3.0.19/test/performance/browsing_test.rb
|
248
328
|
- spec/support/hello_world_3.0.19/test/test_helper.rb
|
249
329
|
- spec/support/hello_world_3.0.19/vendor/plugins/.gitkeep
|
250
|
-
- spec/support/hello_world_3.1.0/.gitignore
|
251
330
|
- spec/support/hello_world_3.1.0/Gemfile
|
252
331
|
- spec/support/hello_world_3.1.0/README
|
253
332
|
- spec/support/hello_world_3.1.0/Rakefile
|
@@ -294,7 +373,6 @@ files:
|
|
294
373
|
- spec/support/hello_world_3.1.0/test/unit/.gitkeep
|
295
374
|
- spec/support/hello_world_3.1.0/vendor/assets/stylesheets/.gitkeep
|
296
375
|
- spec/support/hello_world_3.1.0/vendor/plugins/.gitkeep
|
297
|
-
- spec/support/hello_world_3.2.13/.gitignore
|
298
376
|
- spec/support/hello_world_3.2.13/Gemfile
|
299
377
|
- spec/support/hello_world_3.2.13/README.rdoc
|
300
378
|
- spec/support/hello_world_3.2.13/Rakefile
|
@@ -344,7 +422,6 @@ files:
|
|
344
422
|
- spec/support/hello_world_3.2.13/vendor/plugins/.gitkeep
|
345
423
|
- spec/support/lorem.txt
|
346
424
|
- spec/support/sinatra-safe/.gems
|
347
|
-
- spec/support/sinatra-safe/.gitignore
|
348
425
|
- spec/support/sinatra-safe/Gemfile
|
349
426
|
- spec/support/sinatra-safe/MIT-LICENSE
|
350
427
|
- spec/support/sinatra-safe/README.rdoc
|
@@ -358,19 +435,20 @@ files:
|
|
358
435
|
- spec/support/sinatra-safe/views/layout.haml
|
359
436
|
- spec/support/sinatra-safe/views/root.haml
|
360
437
|
- spec/support/sinatra-vulnerable/.gems
|
361
|
-
- spec/support/sinatra-vulnerable/.gitignore
|
362
438
|
- spec/support/sinatra-vulnerable/Gemfile
|
363
439
|
- spec/support/sinatra-vulnerable/MIT-LICENSE
|
364
440
|
- spec/support/sinatra-vulnerable/README.rdoc
|
365
441
|
- spec/support/sinatra-vulnerable/Rakefile
|
366
442
|
- spec/support/sinatra-vulnerable/application.rb
|
367
443
|
- spec/support/sinatra-vulnerable/config.ru
|
444
|
+
- spec/support/sinatra-vulnerable/disabled.png
|
368
445
|
- spec/support/sinatra-vulnerable/environment.rb
|
369
446
|
- spec/support/sinatra-vulnerable/lib/profile.rb
|
370
447
|
- spec/support/sinatra-vulnerable/public/main.css
|
371
448
|
- spec/support/sinatra-vulnerable/script/console
|
372
449
|
- spec/support/sinatra-vulnerable/views/layout.haml
|
373
450
|
- spec/support/sinatra-vulnerable/views/root.haml
|
451
|
+
- spec/support/sinatra-vulnerable/views/xss.haml
|
374
452
|
homepage: http://codesake.com
|
375
453
|
licenses: []
|
376
454
|
post_install_message:
|
@@ -385,7 +463,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
385
463
|
version: '0'
|
386
464
|
segments:
|
387
465
|
- 0
|
388
|
-
hash:
|
466
|
+
hash: -4262732666483923590
|
389
467
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
390
468
|
none: false
|
391
469
|
requirements:
|
@@ -394,7 +472,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
394
472
|
version: '0'
|
395
473
|
segments:
|
396
474
|
- 0
|
397
|
-
hash:
|
475
|
+
hash: -4262732666483923590
|
398
476
|
requirements: []
|
399
477
|
rubyforge_project:
|
400
478
|
rubygems_version: 1.8.25
|
@@ -405,6 +483,7 @@ summary: dawn is a security static source code analyzer for sinatra, padrino and
|
|
405
483
|
test_files:
|
406
484
|
- features/dawn_complains_about_an_incorrect_command_line.feature
|
407
485
|
- features/dawn_scan_a_secure_sinatra_app.feature
|
486
|
+
- features/dawn_scan_a_vulnerable_sinatra_app.feature
|
408
487
|
- features/step_definition/dawn_steps.rb
|
409
488
|
- features/support/env.rb
|
410
489
|
- spec/lib/dawn/codesake_knowledgebase_spec.rb
|
@@ -413,7 +492,6 @@ test_files:
|
|
413
492
|
- spec/lib/kb/codesake_cve_2013_0175_spec.rb
|
414
493
|
- spec/lib/kb/codesake_ruby_version_check_spec.rb
|
415
494
|
- spec/spec_helper.rb
|
416
|
-
- spec/support/hello_world_3.0.19/.gitignore
|
417
495
|
- spec/support/hello_world_3.0.19/Gemfile
|
418
496
|
- spec/support/hello_world_3.0.19/README
|
419
497
|
- spec/support/hello_world_3.0.19/Rakefile
|
@@ -455,7 +533,6 @@ test_files:
|
|
455
533
|
- spec/support/hello_world_3.0.19/test/performance/browsing_test.rb
|
456
534
|
- spec/support/hello_world_3.0.19/test/test_helper.rb
|
457
535
|
- spec/support/hello_world_3.0.19/vendor/plugins/.gitkeep
|
458
|
-
- spec/support/hello_world_3.1.0/.gitignore
|
459
536
|
- spec/support/hello_world_3.1.0/Gemfile
|
460
537
|
- spec/support/hello_world_3.1.0/README
|
461
538
|
- spec/support/hello_world_3.1.0/Rakefile
|
@@ -502,7 +579,6 @@ test_files:
|
|
502
579
|
- spec/support/hello_world_3.1.0/test/unit/.gitkeep
|
503
580
|
- spec/support/hello_world_3.1.0/vendor/assets/stylesheets/.gitkeep
|
504
581
|
- spec/support/hello_world_3.1.0/vendor/plugins/.gitkeep
|
505
|
-
- spec/support/hello_world_3.2.13/.gitignore
|
506
582
|
- spec/support/hello_world_3.2.13/Gemfile
|
507
583
|
- spec/support/hello_world_3.2.13/README.rdoc
|
508
584
|
- spec/support/hello_world_3.2.13/Rakefile
|
@@ -552,7 +628,6 @@ test_files:
|
|
552
628
|
- spec/support/hello_world_3.2.13/vendor/plugins/.gitkeep
|
553
629
|
- spec/support/lorem.txt
|
554
630
|
- spec/support/sinatra-safe/.gems
|
555
|
-
- spec/support/sinatra-safe/.gitignore
|
556
631
|
- spec/support/sinatra-safe/Gemfile
|
557
632
|
- spec/support/sinatra-safe/MIT-LICENSE
|
558
633
|
- spec/support/sinatra-safe/README.rdoc
|
@@ -566,16 +641,17 @@ test_files:
|
|
566
641
|
- spec/support/sinatra-safe/views/layout.haml
|
567
642
|
- spec/support/sinatra-safe/views/root.haml
|
568
643
|
- spec/support/sinatra-vulnerable/.gems
|
569
|
-
- spec/support/sinatra-vulnerable/.gitignore
|
570
644
|
- spec/support/sinatra-vulnerable/Gemfile
|
571
645
|
- spec/support/sinatra-vulnerable/MIT-LICENSE
|
572
646
|
- spec/support/sinatra-vulnerable/README.rdoc
|
573
647
|
- spec/support/sinatra-vulnerable/Rakefile
|
574
648
|
- spec/support/sinatra-vulnerable/application.rb
|
575
649
|
- spec/support/sinatra-vulnerable/config.ru
|
650
|
+
- spec/support/sinatra-vulnerable/disabled.png
|
576
651
|
- spec/support/sinatra-vulnerable/environment.rb
|
577
652
|
- spec/support/sinatra-vulnerable/lib/profile.rb
|
578
653
|
- spec/support/sinatra-vulnerable/public/main.css
|
579
654
|
- spec/support/sinatra-vulnerable/script/console
|
580
655
|
- spec/support/sinatra-vulnerable/views/layout.haml
|
581
656
|
- spec/support/sinatra-vulnerable/views/root.haml
|
657
|
+
- spec/support/sinatra-vulnerable/views/xss.haml
|