codesake-dawn 0.70 → 0.72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. data/codesake-dawn.gemspec +1 -0
  2. data/lib/codesake/dawn/core.rb +5 -3
  3. data/lib/codesake/dawn/engine.rb +6 -2
  4. data/lib/codesake/dawn/kb/pattern_match_check.rb +5 -1
  5. data/lib/codesake/dawn/sinatra.rb +1 -0
  6. data/lib/codesake/dawn/version.rb +1 -1
  7. metadata +20 -4
data/codesake-dawn.gemspec CHANGED
@@ -22,6 +22,7 @@ Gem::Specification.new do |gem|
22
22
  gem.add_dependency 'haml'
23
23
  gem.add_dependency 'parser'
24
24
  gem.add_dependency 'ptools'
25
+ gem.add_dependency 'ruby_parser'
25
26
 
26
27
  gem.add_dependency ('coveralls')
27
28
 
data/lib/codesake/dawn/core.rb CHANGED
@@ -2,10 +2,12 @@ module Codesake
2
2
  module Dawn
3
3
  class Core
4
4
  def self.detect_mvc(target)
5
- gemfile_lock = File.join(target, "Gemfile.lock")
6
- raise ArgumentError.new("no Gemfile.lock in #{target}") unless File.exist?(gemfile_lock)
5
+ my_dir = Dir.pwd
6
+ Dir.chdir(target)
7
+ raise ArgumentError.new("no Gemfile.lock in #{target}") unless File.exist?("Gemfile.lock")
7
8
 
8
- lockfile = Bundler::LockfileParser.new(Bundler.read_file(gemfile_lock))
9
+ lockfile = Bundler::LockfileParser.new(Bundler.read_file("Gemfile.lock"))
10
+ Dir.chdir(my_dir)
9
11
  lockfile.specs.each do |s|
10
12
  return Codesake::Dawn::Rails.new(target) if s.name == "rails"
11
13
  # return Codesake::Dawn::Padrino.new if s.name == "padrino"
data/lib/codesake/dawn/engine.rb CHANGED
@@ -218,7 +218,11 @@ module Codesake
218
218
  end
219
219
 
220
220
  def count_vulnerabilities
221
- @vulnerabilities.count + @reflected_xss.count
221
+ ret = 0
222
+ ret = @vulnerabilities.count unless @vulnerabilities.nil?
223
+ ret += @reflected_xss.count unless @reflected_xss.nil?
224
+
225
+ ret
222
226
  end
223
227
 
224
228
  private
@@ -230,7 +234,7 @@ module Codesake
230
234
  def get_rvm_ruby_ver
231
235
  return {:version=>"", :patchlevel=>""} unless File.exist?(File.join(@target, ".ruby-version"))
232
236
  hash = File.read('.ruby-version').split('-')
233
- return {:version=>hash[1], :patchlevel=>hash[2]}
237
+ return {:version=>hash[0], :patchlevel=>hash[1]}
234
238
  end
235
239
 
236
240
  end
data/lib/codesake/dawn/kb/pattern_match_check.rb CHANGED
@@ -18,7 +18,11 @@ module Codesake
18
18
  def vuln?
19
19
  Dir.glob(File.join("#{root_dir}", "*")).each do |filename|
20
20
  matches = []
21
- matches = run(load_file(filename)) if File.exists?(filename) and File.file?(filename) and ! File.binary?(filename)
21
+ begin
22
+ matches = run(load_file(filename)) if File.exists?(filename) and File.file?(filename) and ! File.binary?(filename)
23
+ rescue ArgumentError => e
24
+ puts "Skipping pattern match check for #{filename}: #{e.message}"
25
+ end
22
26
  @evidences << {:filename=>filename, :matches=>matches} unless matches.empty?
23
27
  end
24
28
  return ! @evidences.empty?
data/lib/codesake/dawn/sinatra.rb CHANGED
@@ -108,6 +108,7 @@ module Codesake
108
108
 
109
109
  def detect_views
110
110
  build_view_array(File.join(self.target, "views")) if File.exist?(File.join(self.target, "views"))
111
+ []
111
112
  end
112
113
 
113
114
  # e = Haml::Engine.new(File.read(template))
data/lib/codesake/dawn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Codesake
2
2
  module Dawn
3
- VERSION = "0.70"
3
+ VERSION = "0.72"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: codesake-dawn
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.70'
4
+ version: '0.72'
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-06-19 00:00:00.000000000 Z
12
+ date: 2013-06-24 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: codesake_commons
@@ -91,6 +91,22 @@ dependencies:
91
91
  - - ! '>='
92
92
  - !ruby/object:Gem::Version
93
93
  version: '0'
94
+ - !ruby/object:Gem::Dependency
95
+ name: ruby_parser
96
+ requirement: !ruby/object:Gem::Requirement
97
+ none: false
98
+ requirements:
99
+ - - ! '>='
100
+ - !ruby/object:Gem::Version
101
+ version: '0'
102
+ type: :runtime
103
+ prerelease: false
104
+ version_requirements: !ruby/object:Gem::Requirement
105
+ none: false
106
+ requirements:
107
+ - - ! '>='
108
+ - !ruby/object:Gem::Version
109
+ version: '0'
94
110
  - !ruby/object:Gem::Dependency
95
111
  name: coveralls
96
112
  requirement: !ruby/object:Gem::Requirement
@@ -463,7 +479,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
463
479
  version: '0'
464
480
  segments:
465
481
  - 0
466
- hash: -4262732666483923590
482
+ hash: 1262204685284581406
467
483
  required_rubygems_version: !ruby/object:Gem::Requirement
468
484
  none: false
469
485
  requirements:
@@ -472,7 +488,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
472
488
  version: '0'
473
489
  segments:
474
490
  - 0
475
- hash: -4262732666483923590
491
+ hash: 1262204685284581406
476
492
  requirements: []
477
493
  rubyforge_project:
478
494
  rubygems_version: 1.8.25