RubyGems - codesake-dawn - Versions diffs - 0.85 → 1.0.0.rc1 - Mend

codesake-dawn 0.85 → 1.0.0.rc1

Files changed (315) hide show

data/spec/lib/dawn/{codesake_padrino_engine_spec.rb → codesake_padrino_engine_disabled.rb} RENAMED

File without changes

data/spec/lib/dawn/{codesake_rails_engine_spec.rb → codesake_rails_engine_disabled.rb} RENAMED

File without changes

data/spec/lib/dawn/{codesake_sinatra_engine_spec.rb → codesake_sinatra_engine_disabled.rb} RENAMED

@@ -19,8 +19,8 @@ describe "The Codesake::Dawn engine for sinatra applications" do
     @engine.has_gemfile_lock?.should   be_true
   end
-  it "detects a sinatra 1.4.2" do
-    @engine.mvc_version.should   == "1.4.2"
+  it "detects a sinatra 1.4.4" do
+    @engine.mvc_version.should   == "1.4.4"
   end
   it "detects 2 views" do
@@ -110,8 +110,8 @@ describe "The Codesake::Dawn engine for sinatra applications" do
       it "detects a sink on application.rb" do
         sink = @engine.detect_sinks("application.rb")
         sink.should == [
-          {:sink_name=>"@xss_param", :sink_kind=>:params, :sink_source=>"name", :sink_line=>26},
-          {:sink_name=>"@my_arr", :sink_kind=>:params, :sink_source=>"second", :sink_line=>27}
+          {:sink_name=>"@xss_param", :sink_kind=>:params, :sink_line=>26, :sink_source=>"name", :sink_file=>"application.rb", :sink_evidence=>"  @xss_param = params['name']"},
+          {:sink_name=>"@my_arr", :sink_kind=>:params, :sink_line=>27, :sink_source=>"second", :sink_file=>"application.rb", :sink_evidence=>"  @my_arr[0] = params['second']"}
         ]
       end
@@ -120,7 +120,7 @@ describe "The Codesake::Dawn engine for sinatra applications" do
         @engine.reflected_xss.should_not be_nil
         @engine.reflected_xss.should_not be_empty
         @engine.reflected_xss.should == [
-          {:sink_name=>"@xss_param", :sink_kind=>:params, :sink_source=>"name", :sink_line=>26},
+          {:sink_name=>"@xss_param", :sink_kind=>:params, :sink_line=>26, :sink_source=>"name", :sink_file=>"application.rb", :sink_evidence=>"  @xss_param = params['name']", :sink_view=>"./spec/support/sinatra-vulnerable/views/xss.haml"}
         ]
       end
     end

data/spec/lib/kb/codesake_cve_2013_4457_spec.rb ADDED

@@ -0,0 +1,40 @@
+require 'spec_helper'
+describe "The CVE-2013-4457 vulnerability" do
+  before(:all) do
+    @check = Codesake::Dawn::Kb::CVE_2013_4457.new
+    # @check.debug = true
+  end
+  it "is detected if vulnerable version of cocaine rubygem is detected" do
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.4.0'}]
+    @check.vuln?.should   be_true
+  end
+  it "is detected if vulnerable version of cocaine rubygem is detected" do
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.4.1'}]
+    @check.vuln?.should   be_true
+  end
+  it "is detected if vulnerable version of cocaine rubygem is detected" do
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.4.2'}]
+    @check.vuln?.should   be_true
+  end
+  it "is detected if vulnerable version of cocaine rubygem is detected" do
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.5.0'}]
+    @check.vuln?.should   be_true
+  end
+  it "is detected if vulnerable version of cocaine rubygem is detected" do
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.5.1'}]
+    @check.vuln?.should   be_true
+  end
+  it "is detected if vulnerable version of cocaine rubygem is detected" do
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.5.2'}]
+    @check.vuln?.should   be_true
+  end
+  it "is skipped if non vulnerable version of cocaine rubygem is detected" do
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.3.2'}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/{codesake_cve_2013_6416.rb → codesake_cve_2013_6416_spec.rb} RENAMED

@@ -6,24 +6,24 @@ describe "The CVE-2013-6416 vulnerability" do
     # @check.debug = true
   end
   it "is detected if vulnerable version of rails rubygem is detected" do
-    @check.options[:dependencies]=[{:name=>"rails", :version=>'4.0.1'}]
+    @check.dependencies=[{:name=>"rails", :version=>'4.0.1'}]
     @check.vuln?.should   be_true
   end
   it "is ignored if rails version is 3.2.x" do
-    @check.options[:dependencies]=[{:name=>"rails", :version=>'3.2.16'}]
+    @check.dependencies=[{:name=>"rails", :version=>'3.2.16'}]
     @check.vuln?.should   be_false
   end
   it "is ignored if rails version is 3.1.x" do
-    @check.options[:dependencies]=[{:name=>"rails", :version=>'3.1.16'}]
+    @check.dependencies=[{:name=>"rails", :version=>'3.1.16'}]
     @check.vuln?.should   be_false
   end
   it "is ignored if rails version is 3.0.x" do
-    @check.options[:dependencies]=[{:name=>"rails", :version=>'3.0.16'}]
+    @check.dependencies=[{:name=>"rails", :version=>'3.0.16'}]
     @check.vuln?.should   be_false
   end
   it "is ignored if rails version is 2.3.x" do
-    @check.options[:dependencies]=[{:name=>"rails", :version=>'2.3.16'}]
+    @check.dependencies=[{:name=>"rails", :version=>'2.3.16'}]
     @check.vuln?.should   be_false
   end

data/spec/lib/kb/codesake_ruby_version_check_spec.rb CHANGED

@@ -10,6 +10,7 @@ class Mockup
       :applies=>['sinatra', 'padrino', 'rails'],
       :message=> message
     )
+    # self.debug = true
     self.safe_rubies = [{:version=>"1.9.3", :patchlevel=>"p392"}, {:version=>"2.0.0", :patchlevel=>"p0"}]
   end

data/spec/lib/kb/cve_2004_0983_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2004-0983 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2004_0983.new
+		# @check.debug = true
+	end
+	it "you may want to test something here..."
+end

data/spec/lib/kb/cve_2005_1992_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2005-1992 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2005_1992.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2005_2337_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2005-2337 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2005_2337.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2006_1931_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2006-1931 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2006_1931.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2006_2582_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2006-2582 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2006_2582.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2006_3694_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2006-3694 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2006_3694.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2006_4112_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2006-4112 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2006_4112.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2006_5467_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2006-5467 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2006_5467.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2006_6303_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2006-6303 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2006_6303.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2006_6852_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2006-6852 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2006_6852.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2006_6979_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2006-6979 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2006_6979.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2007_0469_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2007-0469 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2007_0469.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2007_5162_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2007-5162 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2007_5162.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2007_5379_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2007-5379 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2007_5379.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2007_5380_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2007-5380 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2007_5380.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2007_5770_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2007-5770 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2007_5770.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2007_6077_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2007-6077 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2007_6077.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2007_6612_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2007-6612 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2007_6612.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_1145_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-1145 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_1145.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_1891_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-1891 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_1891.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_2376_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-2376 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_2376.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_2662_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-2662 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_2662.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_2663_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-2663 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_2663.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_2664_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-2664 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_2664.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_2725_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-2725 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_2725.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_3655_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-3655 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_3655.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_3657_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-3657 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_3657.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_3790_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-3790 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_3790.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_3905_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-3905 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_3905.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_4094_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-4094 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_4094.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_4310_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-4310 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_4310.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_5189_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-5189 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_5189.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2008_7248_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2008-7248 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2008_7248.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2009_4078_spec.rb ADDED

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2009-4078 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2009_4078.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end