codesake-dawn 0.70 → 0.72

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. data/codesake-dawn.gemspec +1 -0
  2. data/lib/codesake/dawn/core.rb +5 -3
  3. data/lib/codesake/dawn/engine.rb +6 -2
  4. data/lib/codesake/dawn/kb/pattern_match_check.rb +5 -1
  5. data/lib/codesake/dawn/sinatra.rb +1 -0
  6. data/lib/codesake/dawn/version.rb +1 -1
  7. metadata +20 -4
data/codesake-dawn.gemspec CHANGED
@@ -22,6 +22,7 @@ Gem::Specification.new do |gem|
22
22
  gem.add_dependency 'haml'
23
23
  gem.add_dependency 'parser'
24
24
  gem.add_dependency 'ptools'
25
+ gem.add_dependency 'ruby_parser'
25
26
 
26
27
  gem.add_dependency ('coveralls')
27
28
 
data/lib/codesake/dawn/core.rb CHANGED
@@ -2,10 +2,12 @@ module Codesake
2
2
  module Dawn
3
3
  class Core
4
4
  def self.detect_mvc(target)
5
- gemfile_lock = File.join(target, "Gemfile.lock")
6
- raise ArgumentError.new("no Gemfile.lock in #{target}") unless File.exist?(gemfile_lock)
5
+ my_dir = Dir.pwd
6
+ Dir.chdir(target)
7
+ raise ArgumentError.new("no Gemfile.lock in #{target}") unless File.exist?("Gemfile.lock")
7
8
 
8
- lockfile = Bundler::LockfileParser.new(Bundler.read_file(gemfile_lock))
9
+ lockfile = Bundler::LockfileParser.new(Bundler.read_file("Gemfile.lock"))
10
+ Dir.chdir(my_dir)
9
11
  lockfile.specs.each do |s|
10
12
  return Codesake::Dawn::Rails.new(target) if s.name == "rails"
11
13
  # return Codesake::Dawn::Padrino.new if s.name == "padrino"
data/lib/codesake/dawn/engine.rb CHANGED
@@ -218,7 +218,11 @@ module Codesake
218
218
  end
219
219
 
220
220
  def count_vulnerabilities
221
- @vulnerabilities.count + @reflected_xss.count
221
+ ret = 0
222
+ ret = @vulnerabilities.count unless @vulnerabilities.nil?
223
+ ret += @reflected_xss.count unless @reflected_xss.nil?
224
+
225
+ ret
222
226
  end
223
227
 
224
228
  private
@@ -230,7 +234,7 @@ module Codesake
230
234
  def get_rvm_ruby_ver
231
235
  return {:version=>"", :patchlevel=>""} unless File.exist?(File.join(@target, ".ruby-version"))
232
236
  hash = File.read('.ruby-version').split('-')
233
- return {:version=>hash[1], :patchlevel=>hash[2]}
237
+ return {:version=>hash[0], :patchlevel=>hash[1]}
234
238
  end
235
239
 
236
240
  end
data/lib/codesake/dawn/kb/pattern_match_check.rb CHANGED
@@ -18,7 +18,11 @@ module Codesake
18
18
  def vuln?
19
19
  Dir.glob(File.join("#{root_dir}", "*")).each do |filename|
20
20
  matches = []
21
- matches = run(load_file(filename)) if File.exists?(filename) and File.file?(filename) and ! File.binary?(filename)
21
+ begin
22
+ matches = run(load_file(filename)) if File.exists?(filename) and File.file?(filename) and ! File.binary?(filename)
23
+ rescue ArgumentError => e
24
+ puts "Skipping pattern match check for #{filename}: #{e.message}"
25
+ end
22
26
  @evidences << {:filename=>filename, :matches=>matches} unless matches.empty?
23
27
  end
24
28
  return ! @evidences.empty?
data/lib/codesake/dawn/sinatra.rb CHANGED
@@ -108,6 +108,7 @@ module Codesake
108
108
 
109
109
  def detect_views
110
110
  build_view_array(File.join(self.target, "views")) if File.exist?(File.join(self.target, "views"))
111
+ []
111
112
  end
112
113
 
113
114
  # e = Haml::Engine.new(File.read(template))
data/lib/codesake/dawn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Codesake
2
2
  module Dawn
3
- VERSION = "0.70"
3
+ VERSION = "0.72"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: codesake-dawn
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.70'
4
+ version: '0.72'
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-06-19 00:00:00.000000000 Z
12
+ date: 2013-06-24 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: codesake_commons
@@ -91,6 +91,22 @@ dependencies:
91
91
  - - ! '>='
92
92
  - !ruby/object:Gem::Version
93
93
  version: '0'
94
+ - !ruby/object:Gem::Dependency
95
+ name: ruby_parser
96
+ requirement: !ruby/object:Gem::Requirement
97
+ none: false
98
+ requirements:
99
+ - - ! '>='
100
+ - !ruby/object:Gem::Version
101
+ version: '0'
102
+ type: :runtime
103
+ prerelease: false
104
+ version_requirements: !ruby/object:Gem::Requirement
105
+ none: false
106
+ requirements:
107
+ - - ! '>='
108
+ - !ruby/object:Gem::Version
109
+ version: '0'
94
110
  - !ruby/object:Gem::Dependency
95
111
  name: coveralls
96
112
  requirement: !ruby/object:Gem::Requirement
@@ -463,7 +479,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
463
479
  version: '0'
464
480
  segments:
465
481
  - 0
466
- hash: -4262732666483923590
482
+ hash: 1262204685284581406
467
483
  required_rubygems_version: !ruby/object:Gem::Requirement
468
484
  none: false
469
485
  requirements:
@@ -472,7 +488,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
472
488
  version: '0'
473
489
  segments:
474
490
  - 0
475
- hash: -4262732666483923590
491
+ hash: 1262204685284581406
476
492
  requirements: []
477
493
  rubyforge_project:
478
494
  rubygems_version: 1.8.25