codesake-dawn 0.85 → 1.0.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/.travis.yml +1 -1
- data/Changelog.md +67 -1
- data/README.md +137 -29
- data/Rakefile +29 -2
- data/Roadmap.md +10 -93
- data/features/{dawn_complains_about_an_incorrect_command_line.feature → dawn_complains_about_an_incorrect_command_line.feature.disabled} +0 -0
- data/features/{dawn_scan_a_secure_sinatra_app.feature → dawn_scan_a_secure_sinatra_app.feature.disabled} +0 -0
- data/features/{dawn_scan_a_vulnerable_sinatra_app.feature → dawn_scan_a_vulnerable_sinatra_app.feature.disabled} +0 -0
- data/lib/codesake/dawn/kb/basic_check.rb +7 -1
- data/lib/codesake/dawn/kb/cve_2004_0755.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2004_0983.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2005_1992.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2005_2337.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2006_1931.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2006_2582.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_3694.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2006_4112.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2006_5467.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_6303.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_6852.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2006_6979.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2007_0469.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5162.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2007_5379.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5380.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5770.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2007_6077.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2007_6612.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2008_1145.rb +40 -0
- data/lib/codesake/dawn/kb/cve_2008_1891.rb +40 -0
- data/lib/codesake/dawn/kb/cve_2008_2376.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2008_2662.rb +35 -0
- data/lib/codesake/dawn/kb/cve_2008_2663.rb +34 -0
- data/lib/codesake/dawn/kb/cve_2008_2664.rb +35 -0
- data/lib/codesake/dawn/kb/cve_2008_2725.rb +33 -0
- data/lib/codesake/dawn/kb/cve_2008_3655.rb +39 -0
- data/lib/codesake/dawn/kb/cve_2008_3657.rb +39 -0
- data/lib/codesake/dawn/kb/cve_2008_3790.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2008_3905.rb +38 -0
- data/lib/codesake/dawn/kb/cve_2008_4094.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2008_4310.rb +103 -0
- data/lib/codesake/dawn/kb/cve_2008_5189.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2008_7248.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2009_4078.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2009_4124.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2009_4214.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2010_2489.rb +62 -0
- data/lib/codesake/dawn/kb/cve_2010_3933.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_0188.rb +69 -0
- data/lib/codesake/dawn/kb/cve_2011_0739.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_1004.rb +36 -0
- data/lib/codesake/dawn/kb/cve_2011_1005.rb +33 -0
- data/lib/codesake/dawn/kb/cve_2011_2686.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2011_2705.rb +34 -0
- data/lib/codesake/dawn/kb/cve_2011_2930.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_3009.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_3187.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_4319.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_2090.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_4457.rb +1 -1
- data/lib/codesake/dawn/kb/dependency_check.rb +2 -2
- data/lib/codesake/dawn/kb/nokogiri_dos_20131217.rb +1 -0
- data/lib/codesake/dawn/kb/operating_system_check.rb +4 -3
- data/lib/codesake/dawn/kb/ruby_version_check.rb +9 -3
- data/lib/codesake/dawn/knowledge_base.rb +113 -0
- data/lib/codesake/dawn/padrino.rb +1 -1
- data/lib/codesake/dawn/version.rb +14 -2
- data/lib/tasks/dawn.rake +4 -0
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +256 -0
- data/spec/lib/dawn/{codesake_padrino_engine_spec.rb → codesake_padrino_engine_disabled.rb} +0 -0
- data/spec/lib/dawn/{codesake_rails_engine_spec.rb → codesake_rails_engine_disabled.rb} +0 -0
- data/spec/lib/dawn/{codesake_sinatra_engine_spec.rb → codesake_sinatra_engine_disabled.rb} +5 -5
- data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +40 -0
- data/spec/lib/kb/{codesake_cve_2013_6416.rb → codesake_cve_2013_6416_spec.rb} +5 -5
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +1 -0
- data/spec/lib/kb/cve_2004_0983_spec.rb +8 -0
- data/spec/lib/kb/cve_2005_1992_spec.rb +8 -0
- data/spec/lib/kb/cve_2005_2337_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_1931_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_2582_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_3694_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_4112_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_5467_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6303_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6852_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6979_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_0469_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5162_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5379_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5380_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5770_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_6077_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_6612_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_1145_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_1891_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2376_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2662_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2663_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2664_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2725_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3655_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3657_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3790_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3905_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_4094_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_4310_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_5189_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_7248_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4078_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4124_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4214_spec.rb +8 -0
- data/spec/lib/kb/cve_2010_2489_spec.rb +8 -0
- data/spec/lib/kb/cve_2010_3933_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_0188_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_0739_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_1004_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_1005_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2686_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2705_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2930_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_3009_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_3187_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_4319_spec.rb +8 -0
- data/spec/lib/kb/cve_2013_2090_spec.rb +8 -0
- data/spec/lib/kb/{owasp_ror_cheatsheet_spec.rb → owasp_ror_cheatsheet_disabled.rb} +0 -0
- metadata +172 -395
- data/Competitive_matrix.md +0 -177
- data/TODO.md +0 -64
- data/spec/support/hello_world_3.0.19/Gemfile +0 -31
- data/spec/support/hello_world_3.0.19/README +0 -256
- data/spec/support/hello_world_3.0.19/Rakefile +0 -7
- data/spec/support/hello_world_3.0.19/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.0.19/app/helpers/application_helper.rb +0 -2
- data/spec/support/hello_world_3.0.19/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.0.19/config.ru +0 -4
- data/spec/support/hello_world_3.0.19/config/application.rb +0 -42
- data/spec/support/hello_world_3.0.19/config/boot.rb +0 -6
- data/spec/support/hello_world_3.0.19/config/database.yml +0 -22
- data/spec/support/hello_world_3.0.19/config/environment.rb +0 -5
- data/spec/support/hello_world_3.0.19/config/environments/development.rb +0 -26
- data/spec/support/hello_world_3.0.19/config/environments/production.rb +0 -49
- data/spec/support/hello_world_3.0.19/config/environments/test.rb +0 -35
- data/spec/support/hello_world_3.0.19/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.0.19/config/initializers/inflections.rb +0 -10
- data/spec/support/hello_world_3.0.19/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.0.19/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.0.19/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.0.19/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.0.19/config/routes.rb +0 -58
- data/spec/support/hello_world_3.0.19/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.0.19/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.0.19/public/404.html +0 -26
- data/spec/support/hello_world_3.0.19/public/422.html +0 -26
- data/spec/support/hello_world_3.0.19/public/500.html +0 -26
- data/spec/support/hello_world_3.0.19/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.0.19/public/images/rails.png +0 -0
- data/spec/support/hello_world_3.0.19/public/index.html +0 -239
- data/spec/support/hello_world_3.0.19/public/javascripts/application.js +0 -2
- data/spec/support/hello_world_3.0.19/public/javascripts/controls.js +0 -965
- data/spec/support/hello_world_3.0.19/public/javascripts/dragdrop.js +0 -974
- data/spec/support/hello_world_3.0.19/public/javascripts/effects.js +0 -1123
- data/spec/support/hello_world_3.0.19/public/javascripts/prototype.js +0 -6001
- data/spec/support/hello_world_3.0.19/public/javascripts/rails.js +0 -202
- data/spec/support/hello_world_3.0.19/public/robots.txt +0 -5
- data/spec/support/hello_world_3.0.19/public/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.0.19/script/rails +0 -6
- data/spec/support/hello_world_3.0.19/test/performance/browsing_test.rb +0 -9
- data/spec/support/hello_world_3.0.19/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.0.19/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/Gemfile +0 -33
- data/spec/support/hello_world_3.1.0/README +0 -261
- data/spec/support/hello_world_3.1.0/Rakefile +0 -7
- data/spec/support/hello_world_3.1.0/app/assets/images/rails.png +0 -0
- data/spec/support/hello_world_3.1.0/app/assets/javascripts/application.js +0 -9
- data/spec/support/hello_world_3.1.0/app/assets/stylesheets/application.css +0 -7
- data/spec/support/hello_world_3.1.0/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.1.0/app/helpers/application_helper.rb +0 -2
- data/spec/support/hello_world_3.1.0/app/mailers/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/app/models/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.1.0/config.ru +0 -4
- data/spec/support/hello_world_3.1.0/config/application.rb +0 -48
- data/spec/support/hello_world_3.1.0/config/boot.rb +0 -6
- data/spec/support/hello_world_3.1.0/config/database.yml +0 -25
- data/spec/support/hello_world_3.1.0/config/environment.rb +0 -5
- data/spec/support/hello_world_3.1.0/config/environments/development.rb +0 -30
- data/spec/support/hello_world_3.1.0/config/environments/production.rb +0 -60
- data/spec/support/hello_world_3.1.0/config/environments/test.rb +0 -42
- data/spec/support/hello_world_3.1.0/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.1.0/config/initializers/inflections.rb +0 -10
- data/spec/support/hello_world_3.1.0/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.1.0/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.1.0/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.1.0/config/initializers/wrap_parameters.rb +0 -14
- data/spec/support/hello_world_3.1.0/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.1.0/config/routes.rb +0 -58
- data/spec/support/hello_world_3.1.0/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.1.0/lib/assets/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/log/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/public/404.html +0 -26
- data/spec/support/hello_world_3.1.0/public/422.html +0 -26
- data/spec/support/hello_world_3.1.0/public/500.html +0 -26
- data/spec/support/hello_world_3.1.0/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.1.0/public/index.html +0 -241
- data/spec/support/hello_world_3.1.0/public/robots.txt +0 -5
- data/spec/support/hello_world_3.1.0/script/rails +0 -6
- data/spec/support/hello_world_3.1.0/test/fixtures/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/functional/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/integration/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/performance/browsing_test.rb +0 -12
- data/spec/support/hello_world_3.1.0/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.1.0/test/unit/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/vendor/assets/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/Gemfile +0 -38
- data/spec/support/hello_world_3.2.13/README.rdoc +0 -261
- data/spec/support/hello_world_3.2.13/Rakefile +0 -7
- data/spec/support/hello_world_3.2.13/app/assets/images/rails.png +0 -0
- data/spec/support/hello_world_3.2.13/app/assets/javascripts/application.js +0 -15
- data/spec/support/hello_world_3.2.13/app/assets/stylesheets/application.css +0 -13
- data/spec/support/hello_world_3.2.13/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.2.13/app/helpers/application_helper.rb +0 -10
- data/spec/support/hello_world_3.2.13/app/mailers/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/app/models/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/app/models/test.rb +0 -3
- data/spec/support/hello_world_3.2.13/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.2.13/config.ru +0 -4
- data/spec/support/hello_world_3.2.13/config/application.rb +0 -62
- data/spec/support/hello_world_3.2.13/config/boot.rb +0 -6
- data/spec/support/hello_world_3.2.13/config/database.yml +0 -25
- data/spec/support/hello_world_3.2.13/config/environment.rb +0 -5
- data/spec/support/hello_world_3.2.13/config/environments/development.rb +0 -37
- data/spec/support/hello_world_3.2.13/config/environments/production.rb +0 -67
- data/spec/support/hello_world_3.2.13/config/environments/test.rb +0 -37
- data/spec/support/hello_world_3.2.13/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.2.13/config/initializers/inflections.rb +0 -15
- data/spec/support/hello_world_3.2.13/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.2.13/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.2.13/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.2.13/config/initializers/wrap_parameters.rb +0 -14
- data/spec/support/hello_world_3.2.13/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.2.13/config/routes.rb +0 -58
- data/spec/support/hello_world_3.2.13/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.2.13/lib/assets/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/log/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/public/404.html +0 -26
- data/spec/support/hello_world_3.2.13/public/422.html +0 -26
- data/spec/support/hello_world_3.2.13/public/500.html +0 -25
- data/spec/support/hello_world_3.2.13/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.2.13/public/index.html +0 -241
- data/spec/support/hello_world_3.2.13/public/robots.txt +0 -5
- data/spec/support/hello_world_3.2.13/script/rails +0 -6
- data/spec/support/hello_world_3.2.13/test/fixtures/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/functional/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/integration/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/performance/browsing_test.rb +0 -12
- data/spec/support/hello_world_3.2.13/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.2.13/test/unit/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/assets/javascripts/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/assets/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_padrino/.components +0 -9
- data/spec/support/hello_world_padrino/.gitignore +0 -8
- data/spec/support/hello_world_padrino/Gemfile +0 -42
- data/spec/support/hello_world_padrino/Rakefile +0 -6
- data/spec/support/hello_world_padrino/app/app.rb +0 -61
- data/spec/support/hello_world_padrino/config.ru +0 -9
- data/spec/support/hello_world_padrino/config/apps.rb +0 -39
- data/spec/support/hello_world_padrino/config/boot.rb +0 -46
- data/spec/support/hello_world_padrino/config/database.rb +0 -19
- data/spec/support/hello_world_padrino/cucumber.yml +0 -2
- data/spec/support/hello_world_padrino/db/migrate/001_create_users.rb +0 -16
- data/spec/support/hello_world_padrino/dispatcher/app.rb +0 -61
- data/spec/support/hello_world_padrino/features/add.feature +0 -11
- data/spec/support/hello_world_padrino/features/step_definitions/add_steps.rb +0 -15
- data/spec/support/hello_world_padrino/features/support/env.rb +0 -10
- data/spec/support/hello_world_padrino/features/support/url.rb +0 -17
- data/spec/support/hello_world_padrino/models/user.rb +0 -11
- data/spec/support/hello_world_padrino/public/favicon.ico +0 -0
- data/spec/support/hello_world_padrino/public/javascripts/application.js +0 -1
- data/spec/support/hello_world_padrino/public/javascripts/jquery-ujs.js +0 -95
- data/spec/support/hello_world_padrino/public/javascripts/jquery.js +0 -4
- data/spec/support/lorem.txt +0 -23
- data/spec/support/sinatra-safe/.gems +0 -4
- data/spec/support/sinatra-safe/Gemfile +0 -18
- data/spec/support/sinatra-safe/MIT-LICENSE +0 -20
- data/spec/support/sinatra-safe/README.rdoc +0 -35
- data/spec/support/sinatra-safe/Rakefile +0 -32
- data/spec/support/sinatra-safe/application.rb +0 -23
- data/spec/support/sinatra-safe/config.ru +0 -11
- data/spec/support/sinatra-safe/environment.rb +0 -25
- data/spec/support/sinatra-safe/lib/profile.rb +0 -11
- data/spec/support/sinatra-safe/public/main.css +0 -52
- data/spec/support/sinatra-safe/script/console +0 -16
- data/spec/support/sinatra-safe/views/layout.haml +0 -14
- data/spec/support/sinatra-safe/views/root.haml +0 -4
- data/spec/support/sinatra-vulnerable/.gems +0 -4
- data/spec/support/sinatra-vulnerable/Gemfile +0 -17
- data/spec/support/sinatra-vulnerable/MIT-LICENSE +0 -20
- data/spec/support/sinatra-vulnerable/README.rdoc +0 -35
- data/spec/support/sinatra-vulnerable/Rakefile +0 -32
- data/spec/support/sinatra-vulnerable/application.rb +0 -34
- data/spec/support/sinatra-vulnerable/config.ru +0 -11
- data/spec/support/sinatra-vulnerable/disabled.png +0 -0
- data/spec/support/sinatra-vulnerable/environment.rb +0 -25
- data/spec/support/sinatra-vulnerable/lib/profile.rb +0 -11
- data/spec/support/sinatra-vulnerable/public/main.css +0 -52
- data/spec/support/sinatra-vulnerable/script/console +0 -16
- data/spec/support/sinatra-vulnerable/views/layout.haml +0 -14
- data/spec/support/sinatra-vulnerable/views/root.haml +0 -4
- data/spec/support/sinatra-vulnerable/views/xss.haml +0 -3
@@ -1,7 +0,0 @@
|
|
1
|
-
#!/usr/bin/env rake
|
2
|
-
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
3
|
-
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
4
|
-
|
5
|
-
require File.expand_path('../config/application', __FILE__)
|
6
|
-
|
7
|
-
HelloWorld310::Application.load_tasks
|
Binary file
|
@@ -1,9 +0,0 @@
|
|
1
|
-
// This is a manifest file that'll be compiled into including all the files listed below.
|
2
|
-
// Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
|
3
|
-
// be included in the compiled file accessible from http://example.com/assets/application.js
|
4
|
-
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
5
|
-
// the compiled file.
|
6
|
-
//
|
7
|
-
//= require jquery
|
8
|
-
//= require jquery_ujs
|
9
|
-
//= require_tree .
|
@@ -1,7 +0,0 @@
|
|
1
|
-
/*
|
2
|
-
* This is a manifest file that'll automatically include all the stylesheets available in this directory
|
3
|
-
* and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
|
4
|
-
* the top of the compiled file, but it's generally better to create a new file per style scope.
|
5
|
-
*= require_self
|
6
|
-
*= require_tree .
|
7
|
-
*/
|
File without changes
|
File without changes
|
@@ -1,48 +0,0 @@
|
|
1
|
-
require File.expand_path('../boot', __FILE__)
|
2
|
-
|
3
|
-
require 'rails/all'
|
4
|
-
|
5
|
-
if defined?(Bundler)
|
6
|
-
# If you precompile assets before deploying to production, use this line
|
7
|
-
Bundler.require *Rails.groups(:assets => %w(development test))
|
8
|
-
# If you want your assets lazily compiled in production, use this line
|
9
|
-
# Bundler.require(:default, :assets, Rails.env)
|
10
|
-
end
|
11
|
-
|
12
|
-
module HelloWorld310
|
13
|
-
class Application < Rails::Application
|
14
|
-
# Settings in config/environments/* take precedence over those specified here.
|
15
|
-
# Application configuration should go into files in config/initializers
|
16
|
-
# -- all .rb files in that directory are automatically loaded.
|
17
|
-
|
18
|
-
# Custom directories with classes and modules you want to be autoloadable.
|
19
|
-
# config.autoload_paths += %W(#{config.root}/extras)
|
20
|
-
|
21
|
-
# Only load the plugins named here, in the order given (default is alphabetical).
|
22
|
-
# :all can be used as a placeholder for all plugins not explicitly named.
|
23
|
-
# config.plugins = [ :exception_notification, :ssl_requirement, :all ]
|
24
|
-
|
25
|
-
# Activate observers that should always be running.
|
26
|
-
# config.active_record.observers = :cacher, :garbage_collector, :forum_observer
|
27
|
-
|
28
|
-
# Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
|
29
|
-
# Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
|
30
|
-
# config.time_zone = 'Central Time (US & Canada)'
|
31
|
-
|
32
|
-
# The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
|
33
|
-
# config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
|
34
|
-
# config.i18n.default_locale = :de
|
35
|
-
|
36
|
-
# Configure the default encoding used in templates for Ruby 1.9.
|
37
|
-
config.encoding = "utf-8"
|
38
|
-
|
39
|
-
# Configure sensitive parameters which will be filtered from the log file.
|
40
|
-
config.filter_parameters += [:password]
|
41
|
-
|
42
|
-
# Enable the asset pipeline
|
43
|
-
config.assets.enabled = true
|
44
|
-
|
45
|
-
# Version of your assets, change this if you want to expire all your assets
|
46
|
-
config.assets.version = '1.0'
|
47
|
-
end
|
48
|
-
end
|
@@ -1,25 +0,0 @@
|
|
1
|
-
# SQLite version 3.x
|
2
|
-
# gem install sqlite3
|
3
|
-
#
|
4
|
-
# Ensure the SQLite 3 gem is defined in your Gemfile
|
5
|
-
# gem 'sqlite3'
|
6
|
-
development:
|
7
|
-
adapter: sqlite3
|
8
|
-
database: db/development.sqlite3
|
9
|
-
pool: 5
|
10
|
-
timeout: 5000
|
11
|
-
|
12
|
-
# Warning: The database defined as "test" will be erased and
|
13
|
-
# re-generated from your development database when you run "rake".
|
14
|
-
# Do not set this db to the same as development or production.
|
15
|
-
test:
|
16
|
-
adapter: sqlite3
|
17
|
-
database: db/test.sqlite3
|
18
|
-
pool: 5
|
19
|
-
timeout: 5000
|
20
|
-
|
21
|
-
production:
|
22
|
-
adapter: sqlite3
|
23
|
-
database: db/production.sqlite3
|
24
|
-
pool: 5
|
25
|
-
timeout: 5000
|
@@ -1,30 +0,0 @@
|
|
1
|
-
HelloWorld310::Application.configure do
|
2
|
-
# Settings specified here will take precedence over those in config/application.rb
|
3
|
-
|
4
|
-
# In the development environment your application's code is reloaded on
|
5
|
-
# every request. This slows down response time but is perfect for development
|
6
|
-
# since you don't have to restart the web server when you make code changes.
|
7
|
-
config.cache_classes = false
|
8
|
-
|
9
|
-
# Log error messages when you accidentally call methods on nil.
|
10
|
-
config.whiny_nils = true
|
11
|
-
|
12
|
-
# Show full error reports and disable caching
|
13
|
-
config.consider_all_requests_local = true
|
14
|
-
config.action_controller.perform_caching = false
|
15
|
-
|
16
|
-
# Don't care if the mailer can't send
|
17
|
-
config.action_mailer.raise_delivery_errors = false
|
18
|
-
|
19
|
-
# Print deprecation notices to the Rails logger
|
20
|
-
config.active_support.deprecation = :log
|
21
|
-
|
22
|
-
# Only use best-standards-support built into browsers
|
23
|
-
config.action_dispatch.best_standards_support = :builtin
|
24
|
-
|
25
|
-
# Do not compress assets
|
26
|
-
config.assets.compress = false
|
27
|
-
|
28
|
-
# Expands the lines which load the assets
|
29
|
-
config.assets.debug = true
|
30
|
-
end
|
@@ -1,60 +0,0 @@
|
|
1
|
-
HelloWorld310::Application.configure do
|
2
|
-
# Settings specified here will take precedence over those in config/application.rb
|
3
|
-
|
4
|
-
# Code is not reloaded between requests
|
5
|
-
config.cache_classes = true
|
6
|
-
|
7
|
-
# Full error reports are disabled and caching is turned on
|
8
|
-
config.consider_all_requests_local = false
|
9
|
-
config.action_controller.perform_caching = true
|
10
|
-
|
11
|
-
# Disable Rails's static asset server (Apache or nginx will already do this)
|
12
|
-
config.serve_static_assets = false
|
13
|
-
|
14
|
-
# Compress JavaScripts and CSS
|
15
|
-
config.assets.compress = true
|
16
|
-
|
17
|
-
# Don't fallback to assets pipeline if a precompiled asset is missed
|
18
|
-
config.assets.compile = false
|
19
|
-
|
20
|
-
# Generate digests for assets URLs
|
21
|
-
config.assets.digest = true
|
22
|
-
|
23
|
-
# Defaults to Rails.root.join("public/assets")
|
24
|
-
# config.assets.manifest = YOUR_PATH
|
25
|
-
|
26
|
-
# Specifies the header that your server uses for sending files
|
27
|
-
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
|
28
|
-
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
|
29
|
-
|
30
|
-
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
31
|
-
# config.force_ssl = true
|
32
|
-
|
33
|
-
# See everything in the log (default is :info)
|
34
|
-
# config.log_level = :debug
|
35
|
-
|
36
|
-
# Use a different logger for distributed setups
|
37
|
-
# config.logger = SyslogLogger.new
|
38
|
-
|
39
|
-
# Use a different cache store in production
|
40
|
-
# config.cache_store = :mem_cache_store
|
41
|
-
|
42
|
-
# Enable serving of images, stylesheets, and JavaScripts from an asset server
|
43
|
-
# config.action_controller.asset_host = "http://assets.example.com"
|
44
|
-
|
45
|
-
# Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
|
46
|
-
# config.assets.precompile += %w( search.js )
|
47
|
-
|
48
|
-
# Disable delivery errors, bad email addresses will be ignored
|
49
|
-
# config.action_mailer.raise_delivery_errors = false
|
50
|
-
|
51
|
-
# Enable threaded mode
|
52
|
-
# config.threadsafe!
|
53
|
-
|
54
|
-
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
|
55
|
-
# the I18n.default_locale when a translation can not be found)
|
56
|
-
config.i18n.fallbacks = true
|
57
|
-
|
58
|
-
# Send deprecation notices to registered listeners
|
59
|
-
config.active_support.deprecation = :notify
|
60
|
-
end
|
@@ -1,42 +0,0 @@
|
|
1
|
-
HelloWorld310::Application.configure do
|
2
|
-
# Settings specified here will take precedence over those in config/application.rb
|
3
|
-
|
4
|
-
# The test environment is used exclusively to run your application's
|
5
|
-
# test suite. You never need to work with it otherwise. Remember that
|
6
|
-
# your test database is "scratch space" for the test suite and is wiped
|
7
|
-
# and recreated between test runs. Don't rely on the data there!
|
8
|
-
config.cache_classes = true
|
9
|
-
|
10
|
-
# Configure static asset server for tests with Cache-Control for performance
|
11
|
-
config.serve_static_assets = true
|
12
|
-
config.static_cache_control = "public, max-age=3600"
|
13
|
-
|
14
|
-
# Log error messages when you accidentally call methods on nil
|
15
|
-
config.whiny_nils = true
|
16
|
-
|
17
|
-
# Show full error reports and disable caching
|
18
|
-
config.consider_all_requests_local = true
|
19
|
-
config.action_controller.perform_caching = false
|
20
|
-
|
21
|
-
# Raise exceptions instead of rendering exception templates
|
22
|
-
config.action_dispatch.show_exceptions = false
|
23
|
-
|
24
|
-
# Disable request forgery protection in test environment
|
25
|
-
config.action_controller.allow_forgery_protection = false
|
26
|
-
|
27
|
-
# Tell Action Mailer not to deliver emails to the real world.
|
28
|
-
# The :test delivery method accumulates sent emails in the
|
29
|
-
# ActionMailer::Base.deliveries array.
|
30
|
-
config.action_mailer.delivery_method = :test
|
31
|
-
|
32
|
-
# Use SQL instead of Active Record's schema dumper when creating the test database.
|
33
|
-
# This is necessary if your schema can't be completely dumped by the schema dumper,
|
34
|
-
# like if you have constraints or database-specific column types
|
35
|
-
# config.active_record.schema_format = :sql
|
36
|
-
|
37
|
-
# Print deprecation notices to the stderr
|
38
|
-
config.active_support.deprecation = :stderr
|
39
|
-
|
40
|
-
# Allow pass debug_assets=true as a query parameter to load pages with unpackaged assets
|
41
|
-
config.assets.allow_debugging = true
|
42
|
-
end
|
@@ -1,7 +0,0 @@
|
|
1
|
-
# Be sure to restart your server when you modify this file.
|
2
|
-
|
3
|
-
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
|
4
|
-
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
|
5
|
-
|
6
|
-
# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
|
7
|
-
# Rails.backtrace_cleaner.remove_silencers!
|
@@ -1,10 +0,0 @@
|
|
1
|
-
# Be sure to restart your server when you modify this file.
|
2
|
-
|
3
|
-
# Add new inflection rules using the following format
|
4
|
-
# (all these examples are active by default):
|
5
|
-
# ActiveSupport::Inflector.inflections do |inflect|
|
6
|
-
# inflect.plural /^(ox)$/i, '\1en'
|
7
|
-
# inflect.singular /^(ox)en/i, '\1'
|
8
|
-
# inflect.irregular 'person', 'people'
|
9
|
-
# inflect.uncountable %w( fish sheep )
|
10
|
-
# end
|
@@ -1,7 +0,0 @@
|
|
1
|
-
# Be sure to restart your server when you modify this file.
|
2
|
-
|
3
|
-
# Your secret key for verifying the integrity of signed cookies.
|
4
|
-
# If you change this key, all old signed cookies will become invalid!
|
5
|
-
# Make sure the secret is at least 30 characters and all random,
|
6
|
-
# no regular words or you'll be exposed to dictionary attacks.
|
7
|
-
HelloWorld310::Application.config.secret_token = 'e31410e976e966ea173d3c69a344363d9cb8d4dccb4b05fba6f1de870818284ceb314d954a0816a6dab060f5e2f253b6b1f1db701b6fc5c0ed2f182547d9f9fc'
|
@@ -1,8 +0,0 @@
|
|
1
|
-
# Be sure to restart your server when you modify this file.
|
2
|
-
|
3
|
-
HelloWorld310::Application.config.session_store :cookie_store, key: '_hello_world_3.1.0_session'
|
4
|
-
|
5
|
-
# Use the database for sessions instead of the cookie-based default,
|
6
|
-
# which shouldn't be used to store highly confidential information
|
7
|
-
# (create the session table with "rails generate session_migration")
|
8
|
-
# HelloWorld310::Application.config.session_store :active_record_store
|
@@ -1,14 +0,0 @@
|
|
1
|
-
# Be sure to restart your server when you modify this file.
|
2
|
-
#
|
3
|
-
# This file contains settings for ActionController::ParamsWrapper which
|
4
|
-
# is enabled by default.
|
5
|
-
|
6
|
-
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
|
7
|
-
ActiveSupport.on_load(:action_controller) do
|
8
|
-
wrap_parameters format: [:json]
|
9
|
-
end
|
10
|
-
|
11
|
-
# Disable root element in JSON by default.
|
12
|
-
ActiveSupport.on_load(:active_record) do
|
13
|
-
self.include_root_in_json = false
|
14
|
-
end
|
@@ -1,58 +0,0 @@
|
|
1
|
-
HelloWorld310::Application.routes.draw do
|
2
|
-
# The priority is based upon order of creation:
|
3
|
-
# first created -> highest priority.
|
4
|
-
|
5
|
-
# Sample of regular route:
|
6
|
-
# match 'products/:id' => 'catalog#view'
|
7
|
-
# Keep in mind you can assign values other than :controller and :action
|
8
|
-
|
9
|
-
# Sample of named route:
|
10
|
-
# match 'products/:id/purchase' => 'catalog#purchase', :as => :purchase
|
11
|
-
# This route can be invoked with purchase_url(:id => product.id)
|
12
|
-
|
13
|
-
# Sample resource route (maps HTTP verbs to controller actions automatically):
|
14
|
-
# resources :products
|
15
|
-
|
16
|
-
# Sample resource route with options:
|
17
|
-
# resources :products do
|
18
|
-
# member do
|
19
|
-
# get 'short'
|
20
|
-
# post 'toggle'
|
21
|
-
# end
|
22
|
-
#
|
23
|
-
# collection do
|
24
|
-
# get 'sold'
|
25
|
-
# end
|
26
|
-
# end
|
27
|
-
|
28
|
-
# Sample resource route with sub-resources:
|
29
|
-
# resources :products do
|
30
|
-
# resources :comments, :sales
|
31
|
-
# resource :seller
|
32
|
-
# end
|
33
|
-
|
34
|
-
# Sample resource route with more complex sub-resources
|
35
|
-
# resources :products do
|
36
|
-
# resources :comments
|
37
|
-
# resources :sales do
|
38
|
-
# get 'recent', :on => :collection
|
39
|
-
# end
|
40
|
-
# end
|
41
|
-
|
42
|
-
# Sample resource route within a namespace:
|
43
|
-
# namespace :admin do
|
44
|
-
# # Directs /admin/products/* to Admin::ProductsController
|
45
|
-
# # (app/controllers/admin/products_controller.rb)
|
46
|
-
# resources :products
|
47
|
-
# end
|
48
|
-
|
49
|
-
# You can have the root of your site routed with "root"
|
50
|
-
# just remember to delete public/index.html.
|
51
|
-
# root :to => 'welcome#index'
|
52
|
-
|
53
|
-
# See how all your routes lay out with "rake routes"
|
54
|
-
|
55
|
-
# This is a legacy wild controller route that's not recommended for RESTful applications.
|
56
|
-
# Note: This route will make all actions in every controller accessible via GET requests.
|
57
|
-
# match ':controller(/:action(/:id(.:format)))'
|
58
|
-
end
|
@@ -1,7 +0,0 @@
|
|
1
|
-
# This file should contain all the record creation needed to seed the database with its default values.
|
2
|
-
# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
|
3
|
-
#
|
4
|
-
# Examples:
|
5
|
-
#
|
6
|
-
# cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
|
7
|
-
# Mayor.create(name: 'Emanuel', city: cities.first)
|
File without changes
|
File without changes
|
File without changes
|
@@ -1,26 +0,0 @@
|
|
1
|
-
<!DOCTYPE html>
|
2
|
-
<html>
|
3
|
-
<head>
|
4
|
-
<title>The page you were looking for doesn't exist (404)</title>
|
5
|
-
<style type="text/css">
|
6
|
-
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
7
|
-
div.dialog {
|
8
|
-
width: 25em;
|
9
|
-
padding: 0 4em;
|
10
|
-
margin: 4em auto 0 auto;
|
11
|
-
border: 1px solid #ccc;
|
12
|
-
border-right-color: #999;
|
13
|
-
border-bottom-color: #999;
|
14
|
-
}
|
15
|
-
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
16
|
-
</style>
|
17
|
-
</head>
|
18
|
-
|
19
|
-
<body>
|
20
|
-
<!-- This file lives in public/404.html -->
|
21
|
-
<div class="dialog">
|
22
|
-
<h1>The page you were looking for doesn't exist.</h1>
|
23
|
-
<p>You may have mistyped the address or the page may have moved.</p>
|
24
|
-
</div>
|
25
|
-
</body>
|
26
|
-
</html>
|