codesake-dawn 0.85 → 1.0.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/.travis.yml +1 -1
- data/Changelog.md +67 -1
- data/README.md +137 -29
- data/Rakefile +29 -2
- data/Roadmap.md +10 -93
- data/features/{dawn_complains_about_an_incorrect_command_line.feature → dawn_complains_about_an_incorrect_command_line.feature.disabled} +0 -0
- data/features/{dawn_scan_a_secure_sinatra_app.feature → dawn_scan_a_secure_sinatra_app.feature.disabled} +0 -0
- data/features/{dawn_scan_a_vulnerable_sinatra_app.feature → dawn_scan_a_vulnerable_sinatra_app.feature.disabled} +0 -0
- data/lib/codesake/dawn/kb/basic_check.rb +7 -1
- data/lib/codesake/dawn/kb/cve_2004_0755.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2004_0983.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2005_1992.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2005_2337.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2006_1931.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2006_2582.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_3694.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2006_4112.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2006_5467.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_6303.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_6852.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2006_6979.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2007_0469.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5162.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2007_5379.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5380.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5770.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2007_6077.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2007_6612.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2008_1145.rb +40 -0
- data/lib/codesake/dawn/kb/cve_2008_1891.rb +40 -0
- data/lib/codesake/dawn/kb/cve_2008_2376.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2008_2662.rb +35 -0
- data/lib/codesake/dawn/kb/cve_2008_2663.rb +34 -0
- data/lib/codesake/dawn/kb/cve_2008_2664.rb +35 -0
- data/lib/codesake/dawn/kb/cve_2008_2725.rb +33 -0
- data/lib/codesake/dawn/kb/cve_2008_3655.rb +39 -0
- data/lib/codesake/dawn/kb/cve_2008_3657.rb +39 -0
- data/lib/codesake/dawn/kb/cve_2008_3790.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2008_3905.rb +38 -0
- data/lib/codesake/dawn/kb/cve_2008_4094.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2008_4310.rb +103 -0
- data/lib/codesake/dawn/kb/cve_2008_5189.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2008_7248.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2009_4078.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2009_4124.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2009_4214.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2010_2489.rb +62 -0
- data/lib/codesake/dawn/kb/cve_2010_3933.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_0188.rb +69 -0
- data/lib/codesake/dawn/kb/cve_2011_0739.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_1004.rb +36 -0
- data/lib/codesake/dawn/kb/cve_2011_1005.rb +33 -0
- data/lib/codesake/dawn/kb/cve_2011_2686.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2011_2705.rb +34 -0
- data/lib/codesake/dawn/kb/cve_2011_2930.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_3009.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_3187.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_4319.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_2090.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_4457.rb +1 -1
- data/lib/codesake/dawn/kb/dependency_check.rb +2 -2
- data/lib/codesake/dawn/kb/nokogiri_dos_20131217.rb +1 -0
- data/lib/codesake/dawn/kb/operating_system_check.rb +4 -3
- data/lib/codesake/dawn/kb/ruby_version_check.rb +9 -3
- data/lib/codesake/dawn/knowledge_base.rb +113 -0
- data/lib/codesake/dawn/padrino.rb +1 -1
- data/lib/codesake/dawn/version.rb +14 -2
- data/lib/tasks/dawn.rake +4 -0
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +256 -0
- data/spec/lib/dawn/{codesake_padrino_engine_spec.rb → codesake_padrino_engine_disabled.rb} +0 -0
- data/spec/lib/dawn/{codesake_rails_engine_spec.rb → codesake_rails_engine_disabled.rb} +0 -0
- data/spec/lib/dawn/{codesake_sinatra_engine_spec.rb → codesake_sinatra_engine_disabled.rb} +5 -5
- data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +40 -0
- data/spec/lib/kb/{codesake_cve_2013_6416.rb → codesake_cve_2013_6416_spec.rb} +5 -5
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +1 -0
- data/spec/lib/kb/cve_2004_0983_spec.rb +8 -0
- data/spec/lib/kb/cve_2005_1992_spec.rb +8 -0
- data/spec/lib/kb/cve_2005_2337_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_1931_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_2582_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_3694_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_4112_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_5467_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6303_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6852_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6979_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_0469_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5162_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5379_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5380_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5770_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_6077_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_6612_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_1145_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_1891_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2376_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2662_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2663_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2664_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2725_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3655_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3657_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3790_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3905_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_4094_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_4310_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_5189_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_7248_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4078_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4124_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4214_spec.rb +8 -0
- data/spec/lib/kb/cve_2010_2489_spec.rb +8 -0
- data/spec/lib/kb/cve_2010_3933_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_0188_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_0739_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_1004_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_1005_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2686_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2705_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2930_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_3009_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_3187_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_4319_spec.rb +8 -0
- data/spec/lib/kb/cve_2013_2090_spec.rb +8 -0
- data/spec/lib/kb/{owasp_ror_cheatsheet_spec.rb → owasp_ror_cheatsheet_disabled.rb} +0 -0
- metadata +172 -395
- data/Competitive_matrix.md +0 -177
- data/TODO.md +0 -64
- data/spec/support/hello_world_3.0.19/Gemfile +0 -31
- data/spec/support/hello_world_3.0.19/README +0 -256
- data/spec/support/hello_world_3.0.19/Rakefile +0 -7
- data/spec/support/hello_world_3.0.19/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.0.19/app/helpers/application_helper.rb +0 -2
- data/spec/support/hello_world_3.0.19/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.0.19/config.ru +0 -4
- data/spec/support/hello_world_3.0.19/config/application.rb +0 -42
- data/spec/support/hello_world_3.0.19/config/boot.rb +0 -6
- data/spec/support/hello_world_3.0.19/config/database.yml +0 -22
- data/spec/support/hello_world_3.0.19/config/environment.rb +0 -5
- data/spec/support/hello_world_3.0.19/config/environments/development.rb +0 -26
- data/spec/support/hello_world_3.0.19/config/environments/production.rb +0 -49
- data/spec/support/hello_world_3.0.19/config/environments/test.rb +0 -35
- data/spec/support/hello_world_3.0.19/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.0.19/config/initializers/inflections.rb +0 -10
- data/spec/support/hello_world_3.0.19/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.0.19/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.0.19/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.0.19/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.0.19/config/routes.rb +0 -58
- data/spec/support/hello_world_3.0.19/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.0.19/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.0.19/public/404.html +0 -26
- data/spec/support/hello_world_3.0.19/public/422.html +0 -26
- data/spec/support/hello_world_3.0.19/public/500.html +0 -26
- data/spec/support/hello_world_3.0.19/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.0.19/public/images/rails.png +0 -0
- data/spec/support/hello_world_3.0.19/public/index.html +0 -239
- data/spec/support/hello_world_3.0.19/public/javascripts/application.js +0 -2
- data/spec/support/hello_world_3.0.19/public/javascripts/controls.js +0 -965
- data/spec/support/hello_world_3.0.19/public/javascripts/dragdrop.js +0 -974
- data/spec/support/hello_world_3.0.19/public/javascripts/effects.js +0 -1123
- data/spec/support/hello_world_3.0.19/public/javascripts/prototype.js +0 -6001
- data/spec/support/hello_world_3.0.19/public/javascripts/rails.js +0 -202
- data/spec/support/hello_world_3.0.19/public/robots.txt +0 -5
- data/spec/support/hello_world_3.0.19/public/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.0.19/script/rails +0 -6
- data/spec/support/hello_world_3.0.19/test/performance/browsing_test.rb +0 -9
- data/spec/support/hello_world_3.0.19/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.0.19/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/Gemfile +0 -33
- data/spec/support/hello_world_3.1.0/README +0 -261
- data/spec/support/hello_world_3.1.0/Rakefile +0 -7
- data/spec/support/hello_world_3.1.0/app/assets/images/rails.png +0 -0
- data/spec/support/hello_world_3.1.0/app/assets/javascripts/application.js +0 -9
- data/spec/support/hello_world_3.1.0/app/assets/stylesheets/application.css +0 -7
- data/spec/support/hello_world_3.1.0/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.1.0/app/helpers/application_helper.rb +0 -2
- data/spec/support/hello_world_3.1.0/app/mailers/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/app/models/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.1.0/config.ru +0 -4
- data/spec/support/hello_world_3.1.0/config/application.rb +0 -48
- data/spec/support/hello_world_3.1.0/config/boot.rb +0 -6
- data/spec/support/hello_world_3.1.0/config/database.yml +0 -25
- data/spec/support/hello_world_3.1.0/config/environment.rb +0 -5
- data/spec/support/hello_world_3.1.0/config/environments/development.rb +0 -30
- data/spec/support/hello_world_3.1.0/config/environments/production.rb +0 -60
- data/spec/support/hello_world_3.1.0/config/environments/test.rb +0 -42
- data/spec/support/hello_world_3.1.0/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.1.0/config/initializers/inflections.rb +0 -10
- data/spec/support/hello_world_3.1.0/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.1.0/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.1.0/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.1.0/config/initializers/wrap_parameters.rb +0 -14
- data/spec/support/hello_world_3.1.0/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.1.0/config/routes.rb +0 -58
- data/spec/support/hello_world_3.1.0/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.1.0/lib/assets/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/log/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/public/404.html +0 -26
- data/spec/support/hello_world_3.1.0/public/422.html +0 -26
- data/spec/support/hello_world_3.1.0/public/500.html +0 -26
- data/spec/support/hello_world_3.1.0/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.1.0/public/index.html +0 -241
- data/spec/support/hello_world_3.1.0/public/robots.txt +0 -5
- data/spec/support/hello_world_3.1.0/script/rails +0 -6
- data/spec/support/hello_world_3.1.0/test/fixtures/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/functional/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/integration/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/performance/browsing_test.rb +0 -12
- data/spec/support/hello_world_3.1.0/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.1.0/test/unit/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/vendor/assets/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/Gemfile +0 -38
- data/spec/support/hello_world_3.2.13/README.rdoc +0 -261
- data/spec/support/hello_world_3.2.13/Rakefile +0 -7
- data/spec/support/hello_world_3.2.13/app/assets/images/rails.png +0 -0
- data/spec/support/hello_world_3.2.13/app/assets/javascripts/application.js +0 -15
- data/spec/support/hello_world_3.2.13/app/assets/stylesheets/application.css +0 -13
- data/spec/support/hello_world_3.2.13/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.2.13/app/helpers/application_helper.rb +0 -10
- data/spec/support/hello_world_3.2.13/app/mailers/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/app/models/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/app/models/test.rb +0 -3
- data/spec/support/hello_world_3.2.13/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.2.13/config.ru +0 -4
- data/spec/support/hello_world_3.2.13/config/application.rb +0 -62
- data/spec/support/hello_world_3.2.13/config/boot.rb +0 -6
- data/spec/support/hello_world_3.2.13/config/database.yml +0 -25
- data/spec/support/hello_world_3.2.13/config/environment.rb +0 -5
- data/spec/support/hello_world_3.2.13/config/environments/development.rb +0 -37
- data/spec/support/hello_world_3.2.13/config/environments/production.rb +0 -67
- data/spec/support/hello_world_3.2.13/config/environments/test.rb +0 -37
- data/spec/support/hello_world_3.2.13/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.2.13/config/initializers/inflections.rb +0 -15
- data/spec/support/hello_world_3.2.13/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.2.13/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.2.13/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.2.13/config/initializers/wrap_parameters.rb +0 -14
- data/spec/support/hello_world_3.2.13/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.2.13/config/routes.rb +0 -58
- data/spec/support/hello_world_3.2.13/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.2.13/lib/assets/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/log/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/public/404.html +0 -26
- data/spec/support/hello_world_3.2.13/public/422.html +0 -26
- data/spec/support/hello_world_3.2.13/public/500.html +0 -25
- data/spec/support/hello_world_3.2.13/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.2.13/public/index.html +0 -241
- data/spec/support/hello_world_3.2.13/public/robots.txt +0 -5
- data/spec/support/hello_world_3.2.13/script/rails +0 -6
- data/spec/support/hello_world_3.2.13/test/fixtures/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/functional/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/integration/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/performance/browsing_test.rb +0 -12
- data/spec/support/hello_world_3.2.13/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.2.13/test/unit/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/assets/javascripts/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/assets/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_padrino/.components +0 -9
- data/spec/support/hello_world_padrino/.gitignore +0 -8
- data/spec/support/hello_world_padrino/Gemfile +0 -42
- data/spec/support/hello_world_padrino/Rakefile +0 -6
- data/spec/support/hello_world_padrino/app/app.rb +0 -61
- data/spec/support/hello_world_padrino/config.ru +0 -9
- data/spec/support/hello_world_padrino/config/apps.rb +0 -39
- data/spec/support/hello_world_padrino/config/boot.rb +0 -46
- data/spec/support/hello_world_padrino/config/database.rb +0 -19
- data/spec/support/hello_world_padrino/cucumber.yml +0 -2
- data/spec/support/hello_world_padrino/db/migrate/001_create_users.rb +0 -16
- data/spec/support/hello_world_padrino/dispatcher/app.rb +0 -61
- data/spec/support/hello_world_padrino/features/add.feature +0 -11
- data/spec/support/hello_world_padrino/features/step_definitions/add_steps.rb +0 -15
- data/spec/support/hello_world_padrino/features/support/env.rb +0 -10
- data/spec/support/hello_world_padrino/features/support/url.rb +0 -17
- data/spec/support/hello_world_padrino/models/user.rb +0 -11
- data/spec/support/hello_world_padrino/public/favicon.ico +0 -0
- data/spec/support/hello_world_padrino/public/javascripts/application.js +0 -1
- data/spec/support/hello_world_padrino/public/javascripts/jquery-ujs.js +0 -95
- data/spec/support/hello_world_padrino/public/javascripts/jquery.js +0 -4
- data/spec/support/lorem.txt +0 -23
- data/spec/support/sinatra-safe/.gems +0 -4
- data/spec/support/sinatra-safe/Gemfile +0 -18
- data/spec/support/sinatra-safe/MIT-LICENSE +0 -20
- data/spec/support/sinatra-safe/README.rdoc +0 -35
- data/spec/support/sinatra-safe/Rakefile +0 -32
- data/spec/support/sinatra-safe/application.rb +0 -23
- data/spec/support/sinatra-safe/config.ru +0 -11
- data/spec/support/sinatra-safe/environment.rb +0 -25
- data/spec/support/sinatra-safe/lib/profile.rb +0 -11
- data/spec/support/sinatra-safe/public/main.css +0 -52
- data/spec/support/sinatra-safe/script/console +0 -16
- data/spec/support/sinatra-safe/views/layout.haml +0 -14
- data/spec/support/sinatra-safe/views/root.haml +0 -4
- data/spec/support/sinatra-vulnerable/.gems +0 -4
- data/spec/support/sinatra-vulnerable/Gemfile +0 -17
- data/spec/support/sinatra-vulnerable/MIT-LICENSE +0 -20
- data/spec/support/sinatra-vulnerable/README.rdoc +0 -35
- data/spec/support/sinatra-vulnerable/Rakefile +0 -32
- data/spec/support/sinatra-vulnerable/application.rb +0 -34
- data/spec/support/sinatra-vulnerable/config.ru +0 -11
- data/spec/support/sinatra-vulnerable/disabled.png +0 -0
- data/spec/support/sinatra-vulnerable/environment.rb +0 -25
- data/spec/support/sinatra-vulnerable/lib/profile.rb +0 -11
- data/spec/support/sinatra-vulnerable/public/main.css +0 -52
- data/spec/support/sinatra-vulnerable/script/console +0 -16
- data/spec/support/sinatra-vulnerable/views/layout.haml +0 -14
- data/spec/support/sinatra-vulnerable/views/root.haml +0 -4
- data/spec/support/sinatra-vulnerable/views/xss.haml +0 -3
@@ -1,61 +0,0 @@
|
|
1
|
-
module HelloWorldPadrino
|
2
|
-
class App < Padrino::Application
|
3
|
-
register Padrino::Rendering
|
4
|
-
register Padrino::Mailer
|
5
|
-
register Padrino::Helpers
|
6
|
-
|
7
|
-
enable :sessions
|
8
|
-
|
9
|
-
##
|
10
|
-
# Caching support
|
11
|
-
#
|
12
|
-
# register Padrino::Cache
|
13
|
-
# enable :caching
|
14
|
-
#
|
15
|
-
# You can customize caching store engines:
|
16
|
-
#
|
17
|
-
# set :cache, Padrino::Cache::Store::Memcache.new(::Memcached.new('127.0.0.1:11211', :exception_retry_limit => 1))
|
18
|
-
# set :cache, Padrino::Cache::Store::Memcache.new(::Dalli::Client.new('127.0.0.1:11211', :exception_retry_limit => 1))
|
19
|
-
# set :cache, Padrino::Cache::Store::Redis.new(::Redis.new(:host => '127.0.0.1', :port => 6379, :db => 0))
|
20
|
-
# set :cache, Padrino::Cache::Store::Memory.new(50)
|
21
|
-
# set :cache, Padrino::Cache::Store::File.new(Padrino.root('tmp', app_name.to_s, 'cache')) # default choice
|
22
|
-
#
|
23
|
-
|
24
|
-
##
|
25
|
-
# Application configuration options
|
26
|
-
#
|
27
|
-
# set :raise_errors, true # Raise exceptions (will stop application) (default for test)
|
28
|
-
# set :dump_errors, true # Exception backtraces are written to STDERR (default for production/development)
|
29
|
-
# set :show_exceptions, true # Shows a stack trace in browser (default for development)
|
30
|
-
# set :logging, true # Logging in STDOUT for development and file for production (default only for development)
|
31
|
-
# set :public_folder, 'foo/bar' # Location for static assets (default root/public)
|
32
|
-
# set :reload, false # Reload application files (default in development)
|
33
|
-
# set :default_builder, 'foo' # Set a custom form builder (default 'StandardFormBuilder')
|
34
|
-
# set :locale_path, 'bar' # Set path for I18n translations (default your_apps_root_path/locale)
|
35
|
-
# disable :sessions # Disabled sessions by default (enable if needed)
|
36
|
-
# disable :flash # Disables sinatra-flash (enabled by default if Sinatra::Flash is defined)
|
37
|
-
# layout :my_layout # Layout can be in views/layouts/foo.ext or views/foo.ext (default :application)
|
38
|
-
#
|
39
|
-
|
40
|
-
##
|
41
|
-
# You can configure for a specified environment like:
|
42
|
-
#
|
43
|
-
# configure :development do
|
44
|
-
# set :foo, :bar
|
45
|
-
# disable :asset_stamp # no asset timestamping for dev
|
46
|
-
# end
|
47
|
-
#
|
48
|
-
|
49
|
-
##
|
50
|
-
# You can manage errors like:
|
51
|
-
#
|
52
|
-
# error 404 do
|
53
|
-
# render 'errors/404'
|
54
|
-
# end
|
55
|
-
#
|
56
|
-
# error 505 do
|
57
|
-
# render 'errors/505'
|
58
|
-
# end
|
59
|
-
#
|
60
|
-
end
|
61
|
-
end
|
@@ -1,39 +0,0 @@
|
|
1
|
-
##
|
2
|
-
# This file mounts each app in the Padrino project to a specified sub-uri.
|
3
|
-
# You can mount additional applications using any of these commands below:
|
4
|
-
#
|
5
|
-
# Padrino.mount('blog').to('/blog')
|
6
|
-
# Padrino.mount('blog', :app_class => 'BlogApp').to('/blog')
|
7
|
-
# Padrino.mount('blog', :app_file => 'path/to/blog/app.rb').to('/blog')
|
8
|
-
#
|
9
|
-
# You can also map apps to a specified host:
|
10
|
-
#
|
11
|
-
# Padrino.mount('Admin').host('admin.example.org')
|
12
|
-
# Padrino.mount('WebSite').host(/.*\.?example.org/)
|
13
|
-
# Padrino.mount('Foo').to('/foo').host('bar.example.org')
|
14
|
-
#
|
15
|
-
# Note 1: Mounted apps (by default) should be placed into the project root at '/app_name'.
|
16
|
-
# Note 2: If you use the host matching remember to respect the order of the rules.
|
17
|
-
#
|
18
|
-
# By default, this file mounts the primary app which was generated with this project.
|
19
|
-
# However, the mounted app can be modified as needed:
|
20
|
-
#
|
21
|
-
# Padrino.mount('AppName', :app_file => 'path/to/file', :app_class => 'BlogApp').to('/')
|
22
|
-
#
|
23
|
-
|
24
|
-
##
|
25
|
-
# Setup global project settings for your apps. These settings are inherited by every subapp. You can
|
26
|
-
# override these settings in the subapps as needed.
|
27
|
-
#
|
28
|
-
Padrino.configure_apps do
|
29
|
-
# enable :sessions
|
30
|
-
set :session_secret, 'dfb3c40b836796c198245c9770ca6048884942b0a7f33671dcee1cb60efefe39'
|
31
|
-
set :protection, true
|
32
|
-
set :protect_from_csrf, true
|
33
|
-
end
|
34
|
-
|
35
|
-
# Mounts the core application for this project
|
36
|
-
Padrino.mount('HelloWorldPadrino::App', :app_file => Padrino.root('app/app.rb')).to('/')
|
37
|
-
|
38
|
-
Padrino.mount('HelloWorldPadrino::Log', :app_file => Padrino.root('log/app.rb')).to('/log')
|
39
|
-
Padrino.mount('HelloWorldPadrino::Dispatcher', :app_file => Padrino.root('dispatcher/app.rb')).to('/dispatcher')
|
@@ -1,46 +0,0 @@
|
|
1
|
-
# Defines our constants
|
2
|
-
PADRINO_ENV = ENV['PADRINO_ENV'] ||= ENV['RACK_ENV'] ||= 'development' unless defined?(PADRINO_ENV)
|
3
|
-
PADRINO_ROOT = File.expand_path('../..', __FILE__) unless defined?(PADRINO_ROOT)
|
4
|
-
|
5
|
-
# Load our dependencies
|
6
|
-
require 'rubygems' unless defined?(Gem)
|
7
|
-
require 'bundler/setup'
|
8
|
-
Bundler.require(:default, PADRINO_ENV)
|
9
|
-
|
10
|
-
##
|
11
|
-
# ## Enable devel logging
|
12
|
-
#
|
13
|
-
# Padrino::Logger::Config[:development][:log_level] = :devel
|
14
|
-
# Padrino::Logger::Config[:development][:log_static] = true
|
15
|
-
#
|
16
|
-
# ## Configure your I18n
|
17
|
-
#
|
18
|
-
# I18n.default_locale = :en
|
19
|
-
#
|
20
|
-
# ## Configure your HTML5 data helpers
|
21
|
-
#
|
22
|
-
# Padrino::Helpers::TagHelpers::DATA_ATTRIBUTES.push(:dialog)
|
23
|
-
# text_field :foo, :dialog => true
|
24
|
-
# Generates: <input type="text" data-dialog="true" name="foo" />
|
25
|
-
#
|
26
|
-
# ## Add helpers to mailer
|
27
|
-
#
|
28
|
-
# Mail::Message.class_eval do
|
29
|
-
# include Padrino::Helpers::NumberHelpers
|
30
|
-
# include Padrino::Helpers::TranslationHelpers
|
31
|
-
# end
|
32
|
-
|
33
|
-
##
|
34
|
-
# Add your before (RE)load hooks here
|
35
|
-
#
|
36
|
-
Padrino.before_load do
|
37
|
-
end
|
38
|
-
|
39
|
-
##
|
40
|
-
# Add your after (RE)load hooks here
|
41
|
-
#
|
42
|
-
Padrino.after_load do
|
43
|
-
DataMapper.finalize
|
44
|
-
end
|
45
|
-
|
46
|
-
Padrino.load!
|
@@ -1,19 +0,0 @@
|
|
1
|
-
##
|
2
|
-
# A MySQL connection:
|
3
|
-
# DataMapper.setup(:default, 'mysql://user:password@localhost/the_database_name')
|
4
|
-
#
|
5
|
-
# # A Postgres connection:
|
6
|
-
# DataMapper.setup(:default, 'postgres://user:password@localhost/the_database_name')
|
7
|
-
#
|
8
|
-
# # A Sqlite3 connection
|
9
|
-
# DataMapper.setup(:default, "sqlite3://" + Padrino.root('db', "development.db"))
|
10
|
-
#
|
11
|
-
|
12
|
-
DataMapper.logger = logger
|
13
|
-
DataMapper::Property::String.length(255)
|
14
|
-
|
15
|
-
case Padrino.env
|
16
|
-
when :development then DataMapper.setup(:default, "sqlite3://" + Padrino.root('db', "hello_world_padrino_development.db"))
|
17
|
-
when :production then DataMapper.setup(:default, "sqlite3://" + Padrino.root('db', "hello_world_padrino_production.db"))
|
18
|
-
when :test then DataMapper.setup(:default, "sqlite3://" + Padrino.root('db', "hello_world_padrino_test.db"))
|
19
|
-
end
|
@@ -1,16 +0,0 @@
|
|
1
|
-
migration 1, :create_users do
|
2
|
-
up do
|
3
|
-
create_table :users do
|
4
|
-
column :id, Integer, :serial => true
|
5
|
-
column :login, DataMapper::Property::String, :length => 255
|
6
|
-
column :password, DataMapper::Property::String, :length => 255
|
7
|
-
column :name, DataMapper::Property::String, :length => 255
|
8
|
-
column :created_at, DataMapper::Property::DateTime
|
9
|
-
column :updated_at, DataMapper::Property::DateTime
|
10
|
-
end
|
11
|
-
end
|
12
|
-
|
13
|
-
down do
|
14
|
-
drop_table :users
|
15
|
-
end
|
16
|
-
end
|
@@ -1,61 +0,0 @@
|
|
1
|
-
module HelloWorldPadrino
|
2
|
-
class Dispatcher < Padrino::Application
|
3
|
-
register Padrino::Rendering
|
4
|
-
register Padrino::Mailer
|
5
|
-
register Padrino::Helpers
|
6
|
-
|
7
|
-
enable :sessions
|
8
|
-
|
9
|
-
##
|
10
|
-
# Caching support
|
11
|
-
#
|
12
|
-
# register Padrino::Cache
|
13
|
-
# enable :caching
|
14
|
-
#
|
15
|
-
# You can customize caching store engines:
|
16
|
-
#
|
17
|
-
# set :cache, Padrino::Cache::Store::Memcache.new(::Memcached.new('127.0.0.1:11211', :exception_retry_limit => 1))
|
18
|
-
# set :cache, Padrino::Cache::Store::Memcache.new(::Dalli::Client.new('127.0.0.1:11211', :exception_retry_limit => 1))
|
19
|
-
# set :cache, Padrino::Cache::Store::Redis.new(::Redis.new(:host => '127.0.0.1', :port => 6379, :db => 0))
|
20
|
-
# set :cache, Padrino::Cache::Store::Memory.new(50)
|
21
|
-
# set :cache, Padrino::Cache::Store::File.new(Padrino.root('tmp', app_name.to_s, 'cache')) # default choice
|
22
|
-
#
|
23
|
-
|
24
|
-
##
|
25
|
-
# Application configuration options
|
26
|
-
#
|
27
|
-
# set :raise_errors, true # Raise exceptions (will stop application) (default for test)
|
28
|
-
# set :dump_errors, true # Exception backtraces are written to STDERR (default for production/development)
|
29
|
-
# set :show_exceptions, true # Shows a stack trace in browser (default for development)
|
30
|
-
# set :logging, true # Logging in STDOUT for development and file for production (default only for development)
|
31
|
-
# set :public_folder, 'foo/bar' # Location for static assets (default root/public)
|
32
|
-
# set :reload, false # Reload application files (default in development)
|
33
|
-
# set :default_builder, 'foo' # Set a custom form builder (default 'StandardFormBuilder')
|
34
|
-
# set :locale_path, 'bar' # Set path for I18n translations (default your_apps_root_path/locale)
|
35
|
-
# disable :sessions # Disabled sessions by default (enable if needed)
|
36
|
-
# disable :flash # Disables sinatra-flash (enabled by default if Sinatra::Flash is defined)
|
37
|
-
# layout :my_layout # Layout can be in views/layouts/foo.ext or views/foo.ext (default :application)
|
38
|
-
#
|
39
|
-
|
40
|
-
##
|
41
|
-
# You can configure for a specified environment like:
|
42
|
-
#
|
43
|
-
# configure :development do
|
44
|
-
# set :foo, :bar
|
45
|
-
# disable :asset_stamp # no asset timestamping for dev
|
46
|
-
# end
|
47
|
-
#
|
48
|
-
|
49
|
-
##
|
50
|
-
# You can manage errors like:
|
51
|
-
#
|
52
|
-
# error 404 do
|
53
|
-
# render 'errors/404'
|
54
|
-
# end
|
55
|
-
#
|
56
|
-
# error 505 do
|
57
|
-
# render 'errors/505'
|
58
|
-
# end
|
59
|
-
#
|
60
|
-
end
|
61
|
-
end
|
@@ -1,11 +0,0 @@
|
|
1
|
-
Feature: Addition
|
2
|
-
In order to avoid silly mistakes
|
3
|
-
As a math idiot
|
4
|
-
I want to be told the sum of two numbers
|
5
|
-
|
6
|
-
Scenario: Add two numbers
|
7
|
-
Given I visit the calculator page
|
8
|
-
And I fill in '50' for 'first'
|
9
|
-
And I fill in '70' for 'second'
|
10
|
-
When I press 'Add'
|
11
|
-
Then I should see 'Answer: 120'
|
@@ -1,15 +0,0 @@
|
|
1
|
-
Given /^I visit the calculator page$/ do
|
2
|
-
visit '/add'
|
3
|
-
end
|
4
|
-
|
5
|
-
Given /^I fill in '(.*)' for '(.*)'$/ do |value, field|
|
6
|
-
fill_in(field, :with => value)
|
7
|
-
end
|
8
|
-
|
9
|
-
When /^I press '(.*)'$/ do |name|
|
10
|
-
click_button(name)
|
11
|
-
end
|
12
|
-
|
13
|
-
Then /^I should see '(.*)'$/ do |text|
|
14
|
-
response_body.should contain(/#{text}/m)
|
15
|
-
end
|
@@ -1,10 +0,0 @@
|
|
1
|
-
PADRINO_ENV = 'test' unless defined?(PADRINO_ENV)
|
2
|
-
require File.expand_path(File.dirname(__FILE__) + "/../../config/boot")
|
3
|
-
|
4
|
-
require 'capybara/cucumber'
|
5
|
-
require 'rspec/expectations'
|
6
|
-
|
7
|
-
##
|
8
|
-
# You can handle all padrino applications using instead:
|
9
|
-
# Padrino.application
|
10
|
-
Capybara.app = HelloWorldPadrino::App.tap { |app| }
|
@@ -1,17 +0,0 @@
|
|
1
|
-
module Cucumber
|
2
|
-
module Web
|
3
|
-
module URLs
|
4
|
-
def url_for(*names)
|
5
|
-
Capybara.app.url_for(*names)
|
6
|
-
end
|
7
|
-
alias_method :url, :url_for
|
8
|
-
|
9
|
-
def absolute_url_for(*names)
|
10
|
-
"http://www.example.com" + Capybara.app.url_for(*names)
|
11
|
-
end
|
12
|
-
alias_method :absolute_url, :absolute_url_for
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
World(Cucumber::Web::URLs)
|
Binary file
|
@@ -1 +0,0 @@
|
|
1
|
-
// Put your application scripts here
|
@@ -1,95 +0,0 @@
|
|
1
|
-
/*
|
2
|
-
* Padrino Javascript Jquery Adapter
|
3
|
-
* Created for use with Padrino Ruby Web Framework (http://www.padrinorb.com)
|
4
|
-
**/
|
5
|
-
|
6
|
-
/* Remote Form Support
|
7
|
-
* form_for @user, '/user', :remote => true
|
8
|
-
**/
|
9
|
-
|
10
|
-
$(function(){
|
11
|
-
$('form').on('submit', function(e) {
|
12
|
-
var element = $(this), message = element.data('confirm');
|
13
|
-
if (message && !confirm(message)) { return false; }
|
14
|
-
if (element.data('remote') == true) {
|
15
|
-
e.preventDefault(); e.stopped = true;
|
16
|
-
JSAdapter.sendRequest(element, {
|
17
|
-
verb: element.data('method') || element.attr('method') || 'post',
|
18
|
-
url: element.attr('action'),
|
19
|
-
dataType: element.data('type') || ($.ajaxSettings && $.ajaxSettings.dataType) || 'script',
|
20
|
-
params: element.serializeArray()
|
21
|
-
});
|
22
|
-
}
|
23
|
-
});
|
24
|
-
|
25
|
-
/* Confirmation Support
|
26
|
-
* link_to 'sign out', '/logout', :confirm => 'Log out?'
|
27
|
-
**/
|
28
|
-
|
29
|
-
$('a[data-confirm]').on('click', function(e) {
|
30
|
-
var message = $(this).data('confirm');
|
31
|
-
if (!confirm(message)) { e.preventDefault(); e.stopped = true; }
|
32
|
-
});
|
33
|
-
|
34
|
-
/*
|
35
|
-
* Link Remote Support
|
36
|
-
* link_to 'add item', '/create', :remote => true
|
37
|
-
**/
|
38
|
-
|
39
|
-
$('a[data-remote=true]').on('click', function(e) {
|
40
|
-
var element = $(this);
|
41
|
-
if (e.stopped) return;
|
42
|
-
e.preventDefault(); e.stopped = true;
|
43
|
-
JSAdapter.sendRequest(element, {
|
44
|
-
verb: element.data('method') || 'get',
|
45
|
-
url: element.attr('href')
|
46
|
-
});
|
47
|
-
});
|
48
|
-
|
49
|
-
/*
|
50
|
-
* Link Method Support
|
51
|
-
* link_to 'delete item', '/destroy', :method => :delete
|
52
|
-
**/
|
53
|
-
|
54
|
-
$('a[data-method]:not([data-remote])').on('click', function(e) {
|
55
|
-
if (e.stopped) return;
|
56
|
-
JSAdapter.sendMethod($(this));
|
57
|
-
e.preventDefault(); e.stopped = true;
|
58
|
-
});
|
59
|
-
|
60
|
-
/* JSAdapter */
|
61
|
-
var JSAdapter = {
|
62
|
-
// Sends an xhr request to the specified url with given verb and params
|
63
|
-
// JSAdapter.sendRequest(element, { verb: 'put', url : '...', params: {} });
|
64
|
-
sendRequest: function(element, options) {
|
65
|
-
var verb = options.verb, url = options.url, params = options.params, dataType = options.dataType;
|
66
|
-
var event = element.trigger('ajax:before');
|
67
|
-
if (event.stopped) return false;
|
68
|
-
$.ajax({
|
69
|
-
url: url,
|
70
|
-
type: verb.toUpperCase() || 'POST',
|
71
|
-
data: params || [],
|
72
|
-
dataType: dataType,
|
73
|
-
|
74
|
-
beforeSend: function(request) { element.trigger('ajax:loading', [ request ]); },
|
75
|
-
complete: function(request) { element.trigger('ajax:complete', [ request ]); },
|
76
|
-
success: function(request) { element.trigger('ajax:success', [ request ]); },
|
77
|
-
error: function(request) { element.trigger('ajax:failure', [ request ]); }
|
78
|
-
});
|
79
|
-
element.trigger('ajax:after');
|
80
|
-
},
|
81
|
-
// Triggers a particular method verb to be triggered in a form posting to the url
|
82
|
-
// JSAdapter.sendMethod(element);
|
83
|
-
sendMethod: function(element) {
|
84
|
-
var verb = element.data('method');
|
85
|
-
var url = element.attr('href');
|
86
|
-
var form = $('<form method="post" action="'+url+'"></form>');
|
87
|
-
form.hide().appendTo('body');
|
88
|
-
if (verb !== 'post') {
|
89
|
-
var field = '<input type="hidden" name="_method" value="' + verb + '" />';
|
90
|
-
form.append(field);
|
91
|
-
}
|
92
|
-
form.submit();
|
93
|
-
}
|
94
|
-
};
|
95
|
-
});
|