codesake-dawn 0.60 → 0.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. data/.gitignore +1 -0
  2. data/Competitive_matrix.md +18 -4
  3. data/README.md +26 -44
  4. data/Roadmap.md +25 -11
  5. data/bin/dawn +104 -34
  6. data/{codesake_dawn.gemspec → codesake-dawn.gemspec} +5 -0
  7. data/features/dawn_complains_about_an_incorrect_command_line.feature +2 -2
  8. data/features/dawn_scan_a_secure_sinatra_app.feature +4 -4
  9. data/features/dawn_scan_a_vulnerable_sinatra_app.feature +36 -0
  10. data/features/step_definition/dawn_steps.rb +8 -2
  11. data/lib/codesake-dawn.rb +1 -0
  12. data/lib/codesake/dawn/core.rb +22 -0
  13. data/lib/codesake/dawn/engine.rb +66 -1
  14. data/lib/codesake/dawn/kb/cve_2011_0447.rb +30 -0
  15. data/lib/codesake/dawn/kb/cve_2011_2197.rb +29 -0
  16. data/lib/codesake/dawn/kb/cve_2011_2932.rb +29 -0
  17. data/lib/codesake/dawn/kb/cve_2011_3186.rb +31 -0
  18. data/lib/codesake/dawn/kb/cve_2012_1099.rb +29 -0
  19. data/lib/codesake/dawn/kb/cve_2012_1241.rb +29 -0
  20. data/lib/codesake/dawn/kb/cve_2012_2140.rb +29 -0
  21. data/lib/codesake/dawn/kb/cve_2012_3463.rb +29 -0
  22. data/lib/codesake/dawn/kb/cve_2012_3464.rb +29 -0
  23. data/lib/codesake/dawn/kb/cve_2012_4464.rb +29 -0
  24. data/lib/codesake/dawn/kb/cve_2012_4466.rb +29 -0
  25. data/lib/codesake/dawn/kb/cve_2012_4481.rb +28 -0
  26. data/lib/codesake/dawn/kb/cve_2012_5370.rb +29 -0
  27. data/lib/codesake/dawn/kb/cve_2012_5371.rb +29 -0
  28. data/lib/codesake/dawn/kb/cve_2012_6134.rb +29 -0
  29. data/lib/codesake/dawn/kb/cve_2013_0333.rb +0 -3
  30. data/lib/codesake/dawn/kb/cve_2013_1821.rb +1 -1
  31. data/lib/codesake/dawn/kb/pattern_match_check.rb +4 -3
  32. data/lib/codesake/dawn/kb/ruby_version_check.rb +14 -4
  33. data/lib/codesake/dawn/knowledge_base.rb +30 -0
  34. data/lib/codesake/dawn/sinatra.rb +105 -0
  35. data/lib/codesake/dawn/version.rb +1 -1
  36. data/spec/lib/dawn/codesake_knowledgebase_spec.rb +87 -0
  37. data/spec/lib/dawn/codesake_sinatra_engine_spec.rb +44 -1
  38. data/spec/spec_helper.rb +3 -0
  39. data/spec/support/sinatra-vulnerable/application.rb +6 -0
  40. data/spec/support/sinatra-vulnerable/disabled.png +0 -0
  41. data/spec/support/sinatra-vulnerable/views/xss.haml +3 -0
  42. metadata +91 -15
  43. data/spec/support/hello_world_3.0.19/.gitignore +0 -4
  44. data/spec/support/hello_world_3.1.0/.gitignore +0 -5
  45. data/spec/support/hello_world_3.2.13/.gitignore +0 -15
  46. data/spec/support/sinatra-safe/.gitignore +0 -6
  47. data/spec/support/sinatra-vulnerable/.gitignore +0 -6
data/spec/support/hello_world_3.0.19/.gitignore DELETED
@@ -1,4 +0,0 @@
1
- .bundle
2
- db/*.sqlite3
3
- log/*.log
4
- tmp/
data/spec/support/hello_world_3.1.0/.gitignore DELETED
@@ -1,5 +0,0 @@
1
- .bundle
2
- db/*.sqlite3
3
- log/*.log
4
- tmp/
5
- .sass-cache/
data/spec/support/hello_world_3.2.13/.gitignore DELETED
@@ -1,15 +0,0 @@
1
- # See http://help.github.com/ignore-files/ for more about ignoring files.
2
- #
3
- # If you find yourself ignoring temporary files generated by your text editor
4
- # or operating system, you probably want to add a global ignore instead:
5
- # git config --global core.excludesfile ~/.gitignore_global
6
-
7
- # Ignore bundler config
8
- /.bundle
9
-
10
- # Ignore the default SQLite database.
11
- /db/*.sqlite3
12
-
13
- # Ignore all logfiles and tempfiles.
14
- /log/*.log
15
- /tmp
data/spec/support/sinatra-safe/.gitignore DELETED
@@ -1,6 +0,0 @@
1
- *.db
2
- *.sqlite3
3
- .bundle/*
4
- log/*
5
- *.swp
6
- *.swo
data/spec/support/sinatra-vulnerable/.gitignore DELETED
@@ -1,6 +0,0 @@
1
- *.db
2
- *.sqlite3
3
- .bundle/*
4
- log/*
5
- *.swp
6
- *.swo