codesake-dawn 0.85 → 1.0.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/.travis.yml +1 -1
- data/Changelog.md +67 -1
- data/README.md +137 -29
- data/Rakefile +29 -2
- data/Roadmap.md +10 -93
- data/features/{dawn_complains_about_an_incorrect_command_line.feature → dawn_complains_about_an_incorrect_command_line.feature.disabled} +0 -0
- data/features/{dawn_scan_a_secure_sinatra_app.feature → dawn_scan_a_secure_sinatra_app.feature.disabled} +0 -0
- data/features/{dawn_scan_a_vulnerable_sinatra_app.feature → dawn_scan_a_vulnerable_sinatra_app.feature.disabled} +0 -0
- data/lib/codesake/dawn/kb/basic_check.rb +7 -1
- data/lib/codesake/dawn/kb/cve_2004_0755.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2004_0983.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2005_1992.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2005_2337.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2006_1931.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2006_2582.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_3694.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2006_4112.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2006_5467.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_6303.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_6852.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2006_6979.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2007_0469.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5162.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2007_5379.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5380.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5770.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2007_6077.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2007_6612.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2008_1145.rb +40 -0
- data/lib/codesake/dawn/kb/cve_2008_1891.rb +40 -0
- data/lib/codesake/dawn/kb/cve_2008_2376.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2008_2662.rb +35 -0
- data/lib/codesake/dawn/kb/cve_2008_2663.rb +34 -0
- data/lib/codesake/dawn/kb/cve_2008_2664.rb +35 -0
- data/lib/codesake/dawn/kb/cve_2008_2725.rb +33 -0
- data/lib/codesake/dawn/kb/cve_2008_3655.rb +39 -0
- data/lib/codesake/dawn/kb/cve_2008_3657.rb +39 -0
- data/lib/codesake/dawn/kb/cve_2008_3790.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2008_3905.rb +38 -0
- data/lib/codesake/dawn/kb/cve_2008_4094.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2008_4310.rb +103 -0
- data/lib/codesake/dawn/kb/cve_2008_5189.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2008_7248.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2009_4078.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2009_4124.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2009_4214.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2010_2489.rb +62 -0
- data/lib/codesake/dawn/kb/cve_2010_3933.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_0188.rb +69 -0
- data/lib/codesake/dawn/kb/cve_2011_0739.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_1004.rb +36 -0
- data/lib/codesake/dawn/kb/cve_2011_1005.rb +33 -0
- data/lib/codesake/dawn/kb/cve_2011_2686.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2011_2705.rb +34 -0
- data/lib/codesake/dawn/kb/cve_2011_2930.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_3009.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_3187.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_4319.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_2090.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_4457.rb +1 -1
- data/lib/codesake/dawn/kb/dependency_check.rb +2 -2
- data/lib/codesake/dawn/kb/nokogiri_dos_20131217.rb +1 -0
- data/lib/codesake/dawn/kb/operating_system_check.rb +4 -3
- data/lib/codesake/dawn/kb/ruby_version_check.rb +9 -3
- data/lib/codesake/dawn/knowledge_base.rb +113 -0
- data/lib/codesake/dawn/padrino.rb +1 -1
- data/lib/codesake/dawn/version.rb +14 -2
- data/lib/tasks/dawn.rake +4 -0
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +256 -0
- data/spec/lib/dawn/{codesake_padrino_engine_spec.rb → codesake_padrino_engine_disabled.rb} +0 -0
- data/spec/lib/dawn/{codesake_rails_engine_spec.rb → codesake_rails_engine_disabled.rb} +0 -0
- data/spec/lib/dawn/{codesake_sinatra_engine_spec.rb → codesake_sinatra_engine_disabled.rb} +5 -5
- data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +40 -0
- data/spec/lib/kb/{codesake_cve_2013_6416.rb → codesake_cve_2013_6416_spec.rb} +5 -5
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +1 -0
- data/spec/lib/kb/cve_2004_0983_spec.rb +8 -0
- data/spec/lib/kb/cve_2005_1992_spec.rb +8 -0
- data/spec/lib/kb/cve_2005_2337_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_1931_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_2582_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_3694_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_4112_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_5467_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6303_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6852_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6979_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_0469_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5162_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5379_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5380_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5770_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_6077_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_6612_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_1145_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_1891_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2376_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2662_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2663_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2664_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2725_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3655_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3657_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3790_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3905_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_4094_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_4310_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_5189_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_7248_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4078_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4124_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4214_spec.rb +8 -0
- data/spec/lib/kb/cve_2010_2489_spec.rb +8 -0
- data/spec/lib/kb/cve_2010_3933_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_0188_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_0739_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_1004_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_1005_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2686_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2705_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2930_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_3009_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_3187_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_4319_spec.rb +8 -0
- data/spec/lib/kb/cve_2013_2090_spec.rb +8 -0
- data/spec/lib/kb/{owasp_ror_cheatsheet_spec.rb → owasp_ror_cheatsheet_disabled.rb} +0 -0
- metadata +172 -395
- data/Competitive_matrix.md +0 -177
- data/TODO.md +0 -64
- data/spec/support/hello_world_3.0.19/Gemfile +0 -31
- data/spec/support/hello_world_3.0.19/README +0 -256
- data/spec/support/hello_world_3.0.19/Rakefile +0 -7
- data/spec/support/hello_world_3.0.19/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.0.19/app/helpers/application_helper.rb +0 -2
- data/spec/support/hello_world_3.0.19/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.0.19/config.ru +0 -4
- data/spec/support/hello_world_3.0.19/config/application.rb +0 -42
- data/spec/support/hello_world_3.0.19/config/boot.rb +0 -6
- data/spec/support/hello_world_3.0.19/config/database.yml +0 -22
- data/spec/support/hello_world_3.0.19/config/environment.rb +0 -5
- data/spec/support/hello_world_3.0.19/config/environments/development.rb +0 -26
- data/spec/support/hello_world_3.0.19/config/environments/production.rb +0 -49
- data/spec/support/hello_world_3.0.19/config/environments/test.rb +0 -35
- data/spec/support/hello_world_3.0.19/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.0.19/config/initializers/inflections.rb +0 -10
- data/spec/support/hello_world_3.0.19/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.0.19/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.0.19/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.0.19/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.0.19/config/routes.rb +0 -58
- data/spec/support/hello_world_3.0.19/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.0.19/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.0.19/public/404.html +0 -26
- data/spec/support/hello_world_3.0.19/public/422.html +0 -26
- data/spec/support/hello_world_3.0.19/public/500.html +0 -26
- data/spec/support/hello_world_3.0.19/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.0.19/public/images/rails.png +0 -0
- data/spec/support/hello_world_3.0.19/public/index.html +0 -239
- data/spec/support/hello_world_3.0.19/public/javascripts/application.js +0 -2
- data/spec/support/hello_world_3.0.19/public/javascripts/controls.js +0 -965
- data/spec/support/hello_world_3.0.19/public/javascripts/dragdrop.js +0 -974
- data/spec/support/hello_world_3.0.19/public/javascripts/effects.js +0 -1123
- data/spec/support/hello_world_3.0.19/public/javascripts/prototype.js +0 -6001
- data/spec/support/hello_world_3.0.19/public/javascripts/rails.js +0 -202
- data/spec/support/hello_world_3.0.19/public/robots.txt +0 -5
- data/spec/support/hello_world_3.0.19/public/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.0.19/script/rails +0 -6
- data/spec/support/hello_world_3.0.19/test/performance/browsing_test.rb +0 -9
- data/spec/support/hello_world_3.0.19/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.0.19/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/Gemfile +0 -33
- data/spec/support/hello_world_3.1.0/README +0 -261
- data/spec/support/hello_world_3.1.0/Rakefile +0 -7
- data/spec/support/hello_world_3.1.0/app/assets/images/rails.png +0 -0
- data/spec/support/hello_world_3.1.0/app/assets/javascripts/application.js +0 -9
- data/spec/support/hello_world_3.1.0/app/assets/stylesheets/application.css +0 -7
- data/spec/support/hello_world_3.1.0/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.1.0/app/helpers/application_helper.rb +0 -2
- data/spec/support/hello_world_3.1.0/app/mailers/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/app/models/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.1.0/config.ru +0 -4
- data/spec/support/hello_world_3.1.0/config/application.rb +0 -48
- data/spec/support/hello_world_3.1.0/config/boot.rb +0 -6
- data/spec/support/hello_world_3.1.0/config/database.yml +0 -25
- data/spec/support/hello_world_3.1.0/config/environment.rb +0 -5
- data/spec/support/hello_world_3.1.0/config/environments/development.rb +0 -30
- data/spec/support/hello_world_3.1.0/config/environments/production.rb +0 -60
- data/spec/support/hello_world_3.1.0/config/environments/test.rb +0 -42
- data/spec/support/hello_world_3.1.0/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.1.0/config/initializers/inflections.rb +0 -10
- data/spec/support/hello_world_3.1.0/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.1.0/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.1.0/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.1.0/config/initializers/wrap_parameters.rb +0 -14
- data/spec/support/hello_world_3.1.0/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.1.0/config/routes.rb +0 -58
- data/spec/support/hello_world_3.1.0/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.1.0/lib/assets/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/log/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/public/404.html +0 -26
- data/spec/support/hello_world_3.1.0/public/422.html +0 -26
- data/spec/support/hello_world_3.1.0/public/500.html +0 -26
- data/spec/support/hello_world_3.1.0/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.1.0/public/index.html +0 -241
- data/spec/support/hello_world_3.1.0/public/robots.txt +0 -5
- data/spec/support/hello_world_3.1.0/script/rails +0 -6
- data/spec/support/hello_world_3.1.0/test/fixtures/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/functional/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/integration/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/performance/browsing_test.rb +0 -12
- data/spec/support/hello_world_3.1.0/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.1.0/test/unit/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/vendor/assets/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/Gemfile +0 -38
- data/spec/support/hello_world_3.2.13/README.rdoc +0 -261
- data/spec/support/hello_world_3.2.13/Rakefile +0 -7
- data/spec/support/hello_world_3.2.13/app/assets/images/rails.png +0 -0
- data/spec/support/hello_world_3.2.13/app/assets/javascripts/application.js +0 -15
- data/spec/support/hello_world_3.2.13/app/assets/stylesheets/application.css +0 -13
- data/spec/support/hello_world_3.2.13/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.2.13/app/helpers/application_helper.rb +0 -10
- data/spec/support/hello_world_3.2.13/app/mailers/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/app/models/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/app/models/test.rb +0 -3
- data/spec/support/hello_world_3.2.13/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.2.13/config.ru +0 -4
- data/spec/support/hello_world_3.2.13/config/application.rb +0 -62
- data/spec/support/hello_world_3.2.13/config/boot.rb +0 -6
- data/spec/support/hello_world_3.2.13/config/database.yml +0 -25
- data/spec/support/hello_world_3.2.13/config/environment.rb +0 -5
- data/spec/support/hello_world_3.2.13/config/environments/development.rb +0 -37
- data/spec/support/hello_world_3.2.13/config/environments/production.rb +0 -67
- data/spec/support/hello_world_3.2.13/config/environments/test.rb +0 -37
- data/spec/support/hello_world_3.2.13/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.2.13/config/initializers/inflections.rb +0 -15
- data/spec/support/hello_world_3.2.13/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.2.13/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.2.13/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.2.13/config/initializers/wrap_parameters.rb +0 -14
- data/spec/support/hello_world_3.2.13/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.2.13/config/routes.rb +0 -58
- data/spec/support/hello_world_3.2.13/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.2.13/lib/assets/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/log/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/public/404.html +0 -26
- data/spec/support/hello_world_3.2.13/public/422.html +0 -26
- data/spec/support/hello_world_3.2.13/public/500.html +0 -25
- data/spec/support/hello_world_3.2.13/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.2.13/public/index.html +0 -241
- data/spec/support/hello_world_3.2.13/public/robots.txt +0 -5
- data/spec/support/hello_world_3.2.13/script/rails +0 -6
- data/spec/support/hello_world_3.2.13/test/fixtures/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/functional/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/integration/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/performance/browsing_test.rb +0 -12
- data/spec/support/hello_world_3.2.13/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.2.13/test/unit/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/assets/javascripts/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/assets/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_padrino/.components +0 -9
- data/spec/support/hello_world_padrino/.gitignore +0 -8
- data/spec/support/hello_world_padrino/Gemfile +0 -42
- data/spec/support/hello_world_padrino/Rakefile +0 -6
- data/spec/support/hello_world_padrino/app/app.rb +0 -61
- data/spec/support/hello_world_padrino/config.ru +0 -9
- data/spec/support/hello_world_padrino/config/apps.rb +0 -39
- data/spec/support/hello_world_padrino/config/boot.rb +0 -46
- data/spec/support/hello_world_padrino/config/database.rb +0 -19
- data/spec/support/hello_world_padrino/cucumber.yml +0 -2
- data/spec/support/hello_world_padrino/db/migrate/001_create_users.rb +0 -16
- data/spec/support/hello_world_padrino/dispatcher/app.rb +0 -61
- data/spec/support/hello_world_padrino/features/add.feature +0 -11
- data/spec/support/hello_world_padrino/features/step_definitions/add_steps.rb +0 -15
- data/spec/support/hello_world_padrino/features/support/env.rb +0 -10
- data/spec/support/hello_world_padrino/features/support/url.rb +0 -17
- data/spec/support/hello_world_padrino/models/user.rb +0 -11
- data/spec/support/hello_world_padrino/public/favicon.ico +0 -0
- data/spec/support/hello_world_padrino/public/javascripts/application.js +0 -1
- data/spec/support/hello_world_padrino/public/javascripts/jquery-ujs.js +0 -95
- data/spec/support/hello_world_padrino/public/javascripts/jquery.js +0 -4
- data/spec/support/lorem.txt +0 -23
- data/spec/support/sinatra-safe/.gems +0 -4
- data/spec/support/sinatra-safe/Gemfile +0 -18
- data/spec/support/sinatra-safe/MIT-LICENSE +0 -20
- data/spec/support/sinatra-safe/README.rdoc +0 -35
- data/spec/support/sinatra-safe/Rakefile +0 -32
- data/spec/support/sinatra-safe/application.rb +0 -23
- data/spec/support/sinatra-safe/config.ru +0 -11
- data/spec/support/sinatra-safe/environment.rb +0 -25
- data/spec/support/sinatra-safe/lib/profile.rb +0 -11
- data/spec/support/sinatra-safe/public/main.css +0 -52
- data/spec/support/sinatra-safe/script/console +0 -16
- data/spec/support/sinatra-safe/views/layout.haml +0 -14
- data/spec/support/sinatra-safe/views/root.haml +0 -4
- data/spec/support/sinatra-vulnerable/.gems +0 -4
- data/spec/support/sinatra-vulnerable/Gemfile +0 -17
- data/spec/support/sinatra-vulnerable/MIT-LICENSE +0 -20
- data/spec/support/sinatra-vulnerable/README.rdoc +0 -35
- data/spec/support/sinatra-vulnerable/Rakefile +0 -32
- data/spec/support/sinatra-vulnerable/application.rb +0 -34
- data/spec/support/sinatra-vulnerable/config.ru +0 -11
- data/spec/support/sinatra-vulnerable/disabled.png +0 -0
- data/spec/support/sinatra-vulnerable/environment.rb +0 -25
- data/spec/support/sinatra-vulnerable/lib/profile.rb +0 -11
- data/spec/support/sinatra-vulnerable/public/main.css +0 -52
- data/spec/support/sinatra-vulnerable/script/console +0 -16
- data/spec/support/sinatra-vulnerable/views/layout.haml +0 -14
- data/spec/support/sinatra-vulnerable/views/root.haml +0 -4
- data/spec/support/sinatra-vulnerable/views/xss.haml +0 -3
File without changes
|
File without changes
|
@@ -19,8 +19,8 @@ describe "The Codesake::Dawn engine for sinatra applications" do
|
|
19
19
|
@engine.has_gemfile_lock?.should be_true
|
20
20
|
end
|
21
21
|
|
22
|
-
it "detects a sinatra 1.4.
|
23
|
-
@engine.mvc_version.should == "1.4.
|
22
|
+
it "detects a sinatra 1.4.4" do
|
23
|
+
@engine.mvc_version.should == "1.4.4"
|
24
24
|
end
|
25
25
|
|
26
26
|
it "detects 2 views" do
|
@@ -110,8 +110,8 @@ describe "The Codesake::Dawn engine for sinatra applications" do
|
|
110
110
|
it "detects a sink on application.rb" do
|
111
111
|
sink = @engine.detect_sinks("application.rb")
|
112
112
|
sink.should == [
|
113
|
-
{:sink_name=>"@xss_param", :sink_kind=>:params, :sink_source=>"name", :
|
114
|
-
{:sink_name=>"@my_arr", :sink_kind=>:params, :sink_source=>"second", :
|
113
|
+
{:sink_name=>"@xss_param", :sink_kind=>:params, :sink_line=>26, :sink_source=>"name", :sink_file=>"application.rb", :sink_evidence=>" @xss_param = params['name']"},
|
114
|
+
{:sink_name=>"@my_arr", :sink_kind=>:params, :sink_line=>27, :sink_source=>"second", :sink_file=>"application.rb", :sink_evidence=>" @my_arr[0] = params['second']"}
|
115
115
|
]
|
116
116
|
end
|
117
117
|
|
@@ -120,7 +120,7 @@ describe "The Codesake::Dawn engine for sinatra applications" do
|
|
120
120
|
@engine.reflected_xss.should_not be_nil
|
121
121
|
@engine.reflected_xss.should_not be_empty
|
122
122
|
@engine.reflected_xss.should == [
|
123
|
-
{:sink_name=>"@xss_param", :sink_kind=>:params, :sink_source=>"name", :
|
123
|
+
{:sink_name=>"@xss_param", :sink_kind=>:params, :sink_line=>26, :sink_source=>"name", :sink_file=>"application.rb", :sink_evidence=>" @xss_param = params['name']", :sink_view=>"./spec/support/sinatra-vulnerable/views/xss.haml"}
|
124
124
|
]
|
125
125
|
end
|
126
126
|
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe "The CVE-2013-4457 vulnerability" do
|
4
|
+
before(:all) do
|
5
|
+
@check = Codesake::Dawn::Kb::CVE_2013_4457.new
|
6
|
+
# @check.debug = true
|
7
|
+
end
|
8
|
+
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
9
|
+
@check.dependencies=[{:name=>"cocaine", :version=>'0.4.0'}]
|
10
|
+
@check.vuln?.should be_true
|
11
|
+
end
|
12
|
+
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
13
|
+
@check.dependencies=[{:name=>"cocaine", :version=>'0.4.1'}]
|
14
|
+
@check.vuln?.should be_true
|
15
|
+
end
|
16
|
+
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
17
|
+
@check.dependencies=[{:name=>"cocaine", :version=>'0.4.2'}]
|
18
|
+
@check.vuln?.should be_true
|
19
|
+
end
|
20
|
+
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
21
|
+
@check.dependencies=[{:name=>"cocaine", :version=>'0.5.0'}]
|
22
|
+
@check.vuln?.should be_true
|
23
|
+
end
|
24
|
+
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
25
|
+
@check.dependencies=[{:name=>"cocaine", :version=>'0.5.1'}]
|
26
|
+
@check.vuln?.should be_true
|
27
|
+
end
|
28
|
+
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
29
|
+
@check.dependencies=[{:name=>"cocaine", :version=>'0.5.2'}]
|
30
|
+
@check.vuln?.should be_true
|
31
|
+
end
|
32
|
+
|
33
|
+
it "is skipped if non vulnerable version of cocaine rubygem is detected" do
|
34
|
+
@check.dependencies=[{:name=>"cocaine", :version=>'0.3.2'}]
|
35
|
+
@check.vuln?.should be_false
|
36
|
+
end
|
37
|
+
|
38
|
+
|
39
|
+
|
40
|
+
end
|
@@ -6,24 +6,24 @@ describe "The CVE-2013-6416 vulnerability" do
|
|
6
6
|
# @check.debug = true
|
7
7
|
end
|
8
8
|
it "is detected if vulnerable version of rails rubygem is detected" do
|
9
|
-
@check.
|
9
|
+
@check.dependencies=[{:name=>"rails", :version=>'4.0.1'}]
|
10
10
|
@check.vuln?.should be_true
|
11
11
|
end
|
12
12
|
it "is ignored if rails version is 3.2.x" do
|
13
|
-
@check.
|
13
|
+
@check.dependencies=[{:name=>"rails", :version=>'3.2.16'}]
|
14
14
|
@check.vuln?.should be_false
|
15
15
|
end
|
16
16
|
|
17
17
|
it "is ignored if rails version is 3.1.x" do
|
18
|
-
@check.
|
18
|
+
@check.dependencies=[{:name=>"rails", :version=>'3.1.16'}]
|
19
19
|
@check.vuln?.should be_false
|
20
20
|
end
|
21
21
|
it "is ignored if rails version is 3.0.x" do
|
22
|
-
@check.
|
22
|
+
@check.dependencies=[{:name=>"rails", :version=>'3.0.16'}]
|
23
23
|
@check.vuln?.should be_false
|
24
24
|
end
|
25
25
|
it "is ignored if rails version is 2.3.x" do
|
26
|
-
@check.
|
26
|
+
@check.dependencies=[{:name=>"rails", :version=>'2.3.16'}]
|
27
27
|
@check.vuln?.should be_false
|
28
28
|
end
|
29
29
|
|