codesake-dawn 0.60 → 0.70

Sign up to get free protection for your applications and to get access to all the features.
Files changed (47) hide show
  1. data/.gitignore +1 -0
  2. data/Competitive_matrix.md +18 -4
  3. data/README.md +26 -44
  4. data/Roadmap.md +25 -11
  5. data/bin/dawn +104 -34
  6. data/{codesake_dawn.gemspec → codesake-dawn.gemspec} +5 -0
  7. data/features/dawn_complains_about_an_incorrect_command_line.feature +2 -2
  8. data/features/dawn_scan_a_secure_sinatra_app.feature +4 -4
  9. data/features/dawn_scan_a_vulnerable_sinatra_app.feature +36 -0
  10. data/features/step_definition/dawn_steps.rb +8 -2
  11. data/lib/codesake-dawn.rb +1 -0
  12. data/lib/codesake/dawn/core.rb +22 -0
  13. data/lib/codesake/dawn/engine.rb +66 -1
  14. data/lib/codesake/dawn/kb/cve_2011_0447.rb +30 -0
  15. data/lib/codesake/dawn/kb/cve_2011_2197.rb +29 -0
  16. data/lib/codesake/dawn/kb/cve_2011_2932.rb +29 -0
  17. data/lib/codesake/dawn/kb/cve_2011_3186.rb +31 -0
  18. data/lib/codesake/dawn/kb/cve_2012_1099.rb +29 -0
  19. data/lib/codesake/dawn/kb/cve_2012_1241.rb +29 -0
  20. data/lib/codesake/dawn/kb/cve_2012_2140.rb +29 -0
  21. data/lib/codesake/dawn/kb/cve_2012_3463.rb +29 -0
  22. data/lib/codesake/dawn/kb/cve_2012_3464.rb +29 -0
  23. data/lib/codesake/dawn/kb/cve_2012_4464.rb +29 -0
  24. data/lib/codesake/dawn/kb/cve_2012_4466.rb +29 -0
  25. data/lib/codesake/dawn/kb/cve_2012_4481.rb +28 -0
  26. data/lib/codesake/dawn/kb/cve_2012_5370.rb +29 -0
  27. data/lib/codesake/dawn/kb/cve_2012_5371.rb +29 -0
  28. data/lib/codesake/dawn/kb/cve_2012_6134.rb +29 -0
  29. data/lib/codesake/dawn/kb/cve_2013_0333.rb +0 -3
  30. data/lib/codesake/dawn/kb/cve_2013_1821.rb +1 -1
  31. data/lib/codesake/dawn/kb/pattern_match_check.rb +4 -3
  32. data/lib/codesake/dawn/kb/ruby_version_check.rb +14 -4
  33. data/lib/codesake/dawn/knowledge_base.rb +30 -0
  34. data/lib/codesake/dawn/sinatra.rb +105 -0
  35. data/lib/codesake/dawn/version.rb +1 -1
  36. data/spec/lib/dawn/codesake_knowledgebase_spec.rb +87 -0
  37. data/spec/lib/dawn/codesake_sinatra_engine_spec.rb +44 -1
  38. data/spec/spec_helper.rb +3 -0
  39. data/spec/support/sinatra-vulnerable/application.rb +6 -0
  40. data/spec/support/sinatra-vulnerable/disabled.png +0 -0
  41. data/spec/support/sinatra-vulnerable/views/xss.haml +3 -0
  42. metadata +91 -15
  43. data/spec/support/hello_world_3.0.19/.gitignore +0 -4
  44. data/spec/support/hello_world_3.1.0/.gitignore +0 -5
  45. data/spec/support/hello_world_3.2.13/.gitignore +0 -15
  46. data/spec/support/sinatra-safe/.gitignore +0 -6
  47. data/spec/support/sinatra-vulnerable/.gitignore +0 -6
data/spec/support/hello_world_3.0.19/.gitignore DELETED
@@ -1,4 +0,0 @@
1
- .bundle
2
- db/*.sqlite3
3
- log/*.log
4
- tmp/
data/spec/support/hello_world_3.1.0/.gitignore DELETED
@@ -1,5 +0,0 @@
1
- .bundle
2
- db/*.sqlite3
3
- log/*.log
4
- tmp/
5
- .sass-cache/
data/spec/support/hello_world_3.2.13/.gitignore DELETED
@@ -1,15 +0,0 @@
1
- # See http://help.github.com/ignore-files/ for more about ignoring files.
2
- #
3
- # If you find yourself ignoring temporary files generated by your text editor
4
- # or operating system, you probably want to add a global ignore instead:
5
- # git config --global core.excludesfile ~/.gitignore_global
6
-
7
- # Ignore bundler config
8
- /.bundle
9
-
10
- # Ignore the default SQLite database.
11
- /db/*.sqlite3
12
-
13
- # Ignore all logfiles and tempfiles.
14
- /log/*.log
15
- /tmp
data/spec/support/sinatra-safe/.gitignore DELETED
@@ -1,6 +0,0 @@
1
- *.db
2
- *.sqlite3
3
- .bundle/*
4
- log/*
5
- *.swp
6
- *.swo
data/spec/support/sinatra-vulnerable/.gitignore DELETED
@@ -1,6 +0,0 @@
1
- *.db
2
- *.sqlite3
3
- .bundle/*
4
- log/*
5
- *.swp
6
- *.swo