codesake-dawn 0.77 → 0.79.99

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1704c064bfe4259ad7b2c335ce46c0a059a54487
-  data.tar.gz: 4fe5c2525c083a898595a20ab4f9e9e433506de2
+  metadata.gz: de9e08c8270b35f54fa2b233e5998d9e66e5772c
+  data.tar.gz: 7a10a5787cb7b03a335fc4b62d56e630de1738a4
 SHA512:
-  metadata.gz: 39835cc8d6eeaeed1ae987029f5641e79e4757b2961dfb03700603741bf3784039c434c5f914679a1f3a93995fa937c14bff50cfdb1334dbdf30477d5f8b1c3f
-  data.tar.gz: ab6bbab4930ddede813a8dc143caf1015763517e60a089d42e6cdc1844f7794fdaf3f66074a3068d1a1b0e88492e15b4c76bb8a2474e610486525c5406da3054
+  metadata.gz: 88ceeabc3abadd5b795d2c17e3d24492f4cb0e35ce3b965890a43c8dd035ff4b9436c36d2a1280c921553b2741f6cfc2875591db2d25e4d0271d15a740f3d1d2
+  data.tar.gz: d0d515fcda51b7a127923416f555772fb32280df8aa1077ed4e581d8fd567a1401ddc3da123e37da2fd14059730a58e22297c0717bad34aa199f456813992e12

data/README.md

@@ -14,7 +14,7 @@ frameworks.
 
 www:      [http://codesake.com](http://codesake.com) 
 
-twitter:  [https://twitter.com/codesake](https://twitter.com/codesake) #dawn hashtag
+twitter:  [https://twitter.com/codesake](https://twitter.com/codesake) #dawnscanner hashtag
 
 github:   [https://github.com/codesake/codesake\-dawn](https://github.com/codesake/codesake-dawn)
 
@@ -67,19 +67,18 @@ In example, this is the output of a scan performed over a very simple Sinatra
 application:
 
 ```
-$ bundle exec bin/dawn -s target
-
-[*] dawn v0.67 (C) 2013 - paolo@armoredcode.com is starting up at 08:14:17
-08:14:17: scanning /Users/thesp0nge/src/hacking/railsberry2013
-08:14:17: sinatra v1.4.2 detected
-08:14:17: applying all security checks
-08:14:17: all security checks applied
-08:14:17: 1 vulnerabilities found
-08:14:17 [!] CVE-2013-1800 failed
-08:14:17: Solution: Please use crack gem version 0.3.2 or above. Correct your gemfile
-08:14:17 [!] Evidence:
-08:14:17 [!] Vulnerable crack gem version found: 0.3.1
-[*] dawn is shutting down at 08:14:17
+$ dawn target
+08:34:53 [*] dawn v0.79.99 is starting up
+08:34:54 [$] dawn: scanning target
+08:34:54 [$] dawn: sinatra v1.4.2 detected
+08:34:54 [$] dawn: applying all security checks
+08:34:54 [$] dawn: 32 security checks applied - 0 security checks skipped
+08:34:54 [$] dawn: 1 vulnerabilities found
+08:34:54 [$] dawn: CVE-2013-1800 failed
+08:34:54 [$] dawn: Solution: Please use crack gem version 0.3.2 or above. Correct your gemfile
+08:34:54 [!] dawn: Evidence:
+08:34:54 [!] dawn: Vulnerable crack gem version found: 0.3.1
+08:34:54 [*] dawn is leaving
 ```
 
 

data/Roadmap.md

@@ -75,17 +75,10 @@ _latest update: Fri 17 May 2013 15:29:55 CEST_
 * detect sinks for XSS in Sinatra applications
 * detect reflected XSS in Sinatra applications
 
-## Version 0.80
+## Version 0.79.99 - codename:oddity (2013-11-14)
 
-* detect sinks for XSS in Padrino applications
-* detect reflected XSS in Padrino applications
-* detect stored XSS in Sinatra applications
-* detect stored XSS in Padrino applications
-* detect insecure direct object reference in Sinatra applications
-* detect insecure direct object reference in Padrino applications
-* support ERB for in detect\_views (for both Sinatra and Padrino)
-* integration with [codesake.com](http://codesake.com) with a public available
-  APIs to be consumed by codesake beta users.
+This is the first codesake-dawn version making codesake.com web application
+able to scan something. It deserves a special release.
 
 * adding test for CVE-2013-2065
 * adding test for CVE-2013-4389
@@ -102,8 +95,19 @@ _latest update: Fri 17 May 2013 15:29:55 CEST_
 * adding test for RoRCheatSheet\_7
 * adding test for RoRCheatSheet\_8
 * Fix issue #1. You can read more about it in TODO.md
-* Added internal API to scan a single Gemfile.lock
+* Added API to scan a single Gemfile.lock using -G flag
 
+## Version 0.80
+
+* detect sinks for XSS in Padrino applications
+* detect reflected XSS in Padrino applications
+* detect stored XSS in Sinatra applications
+* detect stored XSS in Padrino applications
+* detect insecure direct object reference in Sinatra applications
+* detect insecure direct object reference in Padrino applications
+* support ERB for in detect\_views (for both Sinatra and Padrino)
+* integration with [codesake.com](http://codesake.com) with a public available
+  APIs to be consumed by codesake beta users.
 
 ## Version 0.90
 

data/bin/dawn

@@ -68,6 +68,7 @@ def help
   printf "\n   -s, --sinatra\t\t\t\tforce dawn to consider the target a sinatra application" 
   printf "\n   -p, --padrino\t\t\t\tforce dawn to consider the target a padrino application" 
   printf "\n   -G, --gem-lock\t\t\t\tforce dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock"
+  printf "\n   -D, --debug\t\t\t\t\tenters dawn debug mode"
   printf "\n   -f, --list-known-framework\t\t\tlist ruby MVC frameworks supported by dawn"
   printf "\n   -k, --list-knowledgebase [check_name]\tlist dawn known security checks. If check_name is specified dawn says if check is present or not"
   printf "\n   -o, --output [console, json. csv, html]\tthe output will be in the specified format"
@@ -90,26 +91,28 @@ opts    = GetoptLong.new(
   [ '--rails',                  '-r',   GetoptLong::NO_ARGUMENT],
   [ '--sinatra',                '-s',   GetoptLong::NO_ARGUMENT],
   [ '--padrino',                '-p',   GetoptLong::NO_ARGUMENT],
-  [ '--gem-lock',               '-G',   GetoptLong::NO_ARGUMENT],  
+  [ '--gem-lock',               '-G',   GetoptLong::OPTIONAL_ARGUMENT],  
   [ '--list-known-framework',   '-f',   GetoptLong::NO_ARGUMENT],
   [ '--list-knowledgebase',     '-k',   GetoptLong::OPTIONAL_ARGUMENT],
   [ '--output',                 '-o',   GetoptLong::REQUIRED_ARGUMENT],
   [ '--verbose',                '-V',   GetoptLong::NO_ARGUMENT],
+  [ '--debug',                  '-D',   GetoptLong::NO_ARGUMENT],
   [ '--count-only',             '-C',   GetoptLong::NO_ARGUMENT],
   [ '--version',                '-v',   GetoptLong::NO_ARGUMENT],
   [ '--help',                   '-h',   GetoptLong::NO_ARGUMENT]
 )
 engine  = nil
-options = {:verbose=>false, :output=>"console", :count_only=>false, :dump_kb=>false, :mvc=>"", :gemfile_scan=>false}
+options = {:verbose=>false, :output=>"console", :count_only=>false, :dump_kb=>false, :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :debug=>false}
 
 trap("INT")   { $logger.die('[INTERRUPTED]') }
 check = ""
+guess = {:name=>"", :version=>"", :connected_gems=>[]}
 
 
 opts.each do |opt, val|
   case opt
   when '--version'
-    puts "#{Codesake::Dawn::VERSION}"
+    puts "#{Codesake::Dawn::VERSION} [#{Codesake::Dawn::CODENAME}]"
     Kernel.exit(0)
   when '--rails'
     options[:mvc]=:rails
@@ -120,12 +123,18 @@ opts.each do |opt, val|
     $logger.die "sorry padrino is not yet supported"
   when '--gem-lock'
     options[:gemfile_scan] = true
+    options[:gemfile_name] = val unless val.nil?
+    guess = Codesake::Dawn::Core.guess_mvc(val)
+    $logger.log "Guessed MVC: #{guess[:name]} v#{guess[:version]}"
+    
   when '--verbose'
     options[:verbose]=true
   when '--output'
     options[:output] = val unless VALID_OUTPUT_FORMAT.find_index(val).nil?
   when '--count-only'
     options[:count_only] = true
+  when '--debug'
+    options[:debug] = true
 
   when '--list-knowledgebase'
     options[:dump_kb]=true
@@ -155,22 +164,26 @@ end
 
 target=ARGV.shift
 
-$logger.die("missing target") if target.nil?
-$logger.die("invalid directory (#{target})") unless Codesake::Dawn::Core.is_good_target?(target)
-$logger.die("if scanning Gemfile.lock file you must force target MVC using one from -r, -s or -p flag") if options[:mvc].empty? && options[:gemfile_scan]
+$logger.die("missing target") if target.nil? && options[:gemfile_name].nil?
+$logger.die("invalid directory (#{target})") if options[:gemfile_name].nil?  &&! Codesake::Dawn::Core.is_good_target?(target) 
+$logger.die("if scanning Gemfile.lock file you must not force target MVC using one from -r, -s or -p flag") if ! options[:mvc].empty? && options[:gemfile_scan]
 
 
-## MVC auto detect
-begin
-  engine = Codesake::Dawn::Core.detect_mvc(target)  if options[:mvc].empty?
-rescue ArgumentError => e
-  $logger.die(e.message)
+## MVC auto detect.
+# Skipping MVC autodetect if it's already been done by guess_mvc when choosing Gemfile.lock scan
+
+unless options[:gemfile_scan]
+  begin
+    engine = Codesake::Dawn::Core.detect_mvc(target)  if options[:mvc].empty?
+  rescue ArgumentError => e
+    $logger.die(e.message)
+  end
 end
 
-engine = Codesake::Dawn::Rails.new(target)                      if options[:mvc] == :rails
-engine = Codesake::Dawn::Sinatra.new(target)                    if options[:mvc] == :sinatra
-# engine = Codesake::Dawn::Padrino.new(target)                    if options[:mvc] == :padrino
-engine = Codesake::Dawn::GemfileLock.new(target, options[:mvc]) if options[:gemfile_scan]
+engine = Codesake::Dawn::Rails.new(target)                      if options[:mvc] == :rails && options[:gemfile_scan].nil?
+engine = Codesake::Dawn::Sinatra.new(target)                    if options[:mvc] == :sinatra && options[:gemfile_scan].nil?
+# engine = Codesake::Dawn::Padrino.new(target)                    if options[:mvc] == :padrino && options[:gemfile_scan].nil? 
+engine = Codesake::Dawn::GemfileLock.new(target, options[:gemfile_name], options[:debug], guess) if options[:gemfile_scan]
 
 $logger.die("ruby framework auto detect failed. Please force if rails, sinatra or padrino with -r, -s or -p flags") if engine.nil?
 
@@ -191,13 +204,14 @@ $logger.die "missing target framework option" if engine.nil?
 
 engine.load_knowledge_base
 
-$logger.die "nothing to do on #{target}" unless engine.can_apply?
+$logger.die "nothing to do on #{target}" if ! options[:gemfile_scan] && ! engine.can_apply? 
+
 $logger.log "scanning #{target}"
 $logger.log "#{engine.name} v#{engine.get_mvc_version} detected" unless engine.name == "Gemfile.lock"
 $logger.log "#{engine.force} v#{engine.get_mvc_version} detected" if engine.name == "Gemfile.lock"
 $logger.log "applying all security checks" 
 if engine.apply_all 
-  $logger.log "all security checks applied"
+  $logger.log "#{engine.applied_checks} security checks applied - #{engine.skipped_checks} security checks skipped"
 else
   $logger.err "no security checks in the knowledge base"
 end

data/lib/codesake/dawn/core.rb

@@ -1,7 +1,36 @@
 module Codesake
   module Dawn
     class Core
+
+      
+      # guess_mvc is very close to detect_mvc despite it accepts a
+      # filename as input and it tries to guess the mvc framework used from the
+      # gems it founds in Gemfile.lock without creating an engine.
+
+      def self.guess_mvc(gemfile_lock)
+        ret = {:name=>"", :version=>"", :connected_gems=>[]}
+
+        a = []
+        my_dir = Dir.pwd
+        Dir.chdir(File.dirname(gemfile_lock)) 
+        raise ArgumentError.new("can't read #{gemfile_lock}") unless File.readable?(File.basename(gemfile_lock))
+
+        lockfile = Bundler::LockfileParser.new(Bundler.read_file(File.basename(gemfile_lock)))
+        Dir.chdir(my_dir)
+        lockfile.specs.each do |s|
+          ret = {:name=>s.name, :version=>s.version.to_s} if s.name == "rails" || s.name == "sinatra"
+          a << {:name=>s.name, :version=>s.version.to_s}
+        end
+
+        ret[:connected_gems]=a
+        ret
+
+      end
+
       def self.detect_mvc(target)
+
+        raise ArgumentError.new("you must set target directory") if target.nil?
+
         my_dir = Dir.pwd
         Dir.chdir(target) 
         raise ArgumentError.new("no Gemfile.lock in #{target}") unless File.exist?("Gemfile.lock")

data/lib/codesake/dawn/engine.rb

@@ -39,6 +39,9 @@ module Codesake
 
       attr_accessor :debug
 
+      attr_reader   :applied_checks
+      attr_reader   :skipped_checks
+
       def initialize(dir=nil, name="", options={})
         @name = name
         @mvc_version = ""
@@ -52,18 +55,36 @@ module Codesake
         @engine_error = false
         @debug = false
         @debug = options[:debug] unless options[:debug].nil?
-
-        # Only honoring force option for Gemfile.lock engine. If no force is
-        # provided the default behaviour for Gemfile.lock engine is to load all
-        # security checks.
-        @force = options[:force] if ! options[:force].nil? and @name == "Gemfile.lock"
+        @applied_checks = 0
+        @skipped_checks = 0
 
         set_target(dir) unless dir.nil?
+        @ruby_version = get_ruby_version if dir.nil?
+        @gemfile_lock = options[:gemfile_name] unless options[:gemfile_name].nil? 
 
         @views        = detect_views 
         @controllers  = detect_controllers
         @models       = detect_models
+
+        if $logger.nil?
+          $logger  = Codesake::Commons::Logging.instance
+          $logger.helo "dawn-engine", Codesake::Dawn::VERSION
+
+        end
+        $logger.warn "pattern matching security checks are disabled for Gemfile.lock scan" if @name == "Gemfile.lock"
+        $logger.warn "combo security checks are disabled for Gemfile.lock scan" if @name == "Gemfile.lock"
+        debug_me "engine is in debug mode" 
         
+        if @name == "Gemfile.lock" && ! options[:guessed_mvc].nil?
+          # since all checks relies on @name a Gemfile.lock engine must
+          # impersonificate the engine for the mvc it was detected
+          debug_me "now I'm switching my name from #{@name} to #{options[:guessed_mvc][:name]}" 
+          $logger.err "there are no connected gems... it seems Gemfile.lock parsing failed" if options[:guessed_mvc][:connected_gems].empty?
+          @name = options[:guessed_mvc][:name] 
+          @mvc_version = options[:guessed_mvc][:version]
+          @connected_gems = options[:guessed_mvc][:connected_gems]
+        end
+
         load_knowledge_base
       end
 
@@ -98,12 +119,18 @@ module Codesake
       end
 
       def get_ruby_version
-        # does target use rbenv?
-        ver = get_rbenv_ruby_ver
-        # does the target use rvm?
-        ver = get_rvm_ruby_ver if ver[:version].empty? and ver[:patchlevel].empty?
-        # take the running ruby otherwise
-        ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"} if ver[:version].empty? and ver[:patchlevel].empty? 
+        unless @target.nil?
+
+          # does target use rbenv?
+          ver = get_rbenv_ruby_ver 
+          # does the target use rvm?
+          ver = get_rvm_ruby_ver if  ver[:version].empty? && ver[:patchlevel].empty?
+          # take the running ruby otherwise
+          ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"} if ver[:version].empty? && ver[:patchlevel].empty? 
+        else
+          ver = {:engine=>RUBY_ENGINE, :version=>RUBY_VERSION, :patchlevel=>"p#{RUBY_PATCHLEVEL}"} 
+
+        end
 
         ver
       end
@@ -131,6 +158,8 @@ module Codesake
         @checks
       end
 
+
+
       def set_mvc_version
         ver = ""
         return ver unless target_is_dir?
@@ -185,21 +214,28 @@ module Codesake
 
         @checks.each do |check|
           if check.name == name
-            @applied << { :name=>name }
-            check.ruby_version = @ruby_version[:version]
-            check.detected_ruby  = @ruby_version if check.kind == Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK
-            check.dependencies = self.connected_gems if check.kind == Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK
-            check.root_dir = self.target if check.kind  == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
-            check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK
-
-            check_vuln = check.vuln?
-
-            @vulnerabilities  << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind !=  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
-
-            @vulnerabilities  << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind ==  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
-
-            @mitigated_issues << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check.mitigated?
-            return true
+            unless ((check.kind == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK || check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK ) && @name == "Gemfile.lock")
+              debug_me "applying check #{check.name}" 
+              @applied_checks += 1
+              @applied << { :name=>name }
+              check.ruby_version = @ruby_version[:version]
+              check.detected_ruby  = @ruby_version if check.kind == Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK
+              check.dependencies = self.connected_gems if check.kind == Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK
+              check.root_dir = self.target if check.kind  == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
+              check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+
+              check_vuln = check.vuln?
+
+              @vulnerabilities  << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind !=  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+
+              @vulnerabilities  << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind ==  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+
+              @mitigated_issues << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check.mitigated?
+              return true
+            else
+              debug_me "skipping check #{check.name}"
+              @skipped_checks += 1
+            end
           end
         end
 
@@ -211,25 +247,33 @@ module Codesake
         return false if @checks.empty?
 
         @checks.each do |check|
-          @applied << { :name => name }
+          unless ((check.kind == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK || check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK ) && @name == "Gemfile.lock")
 
-          check.ruby_version = @ruby_version[:version]
-          check.detected_ruby  = @ruby_version if check.kind == Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK
-          check.dependencies = self.connected_gems if check.kind == Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK
-          check.root_dir = self.target if check.kind  == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
-          check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK
-          check_vuln = check.vuln?
+            @applied << { :name => name }
+            debug_me "applying check #{check.name}" 
+            @applied_checks += 1
 
-          @vulnerabilities  << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind !=  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+            check.ruby_version = @ruby_version[:version]
+            check.detected_ruby  = @ruby_version if check.kind == Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK
+            check.dependencies = self.connected_gems if check.kind == Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK
+            check.root_dir = self.target if check.kind  == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK 
+            check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+            check_vuln = check.vuln?
+
+            @vulnerabilities  << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind !=  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
 
-          @vulnerabilities  << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind ==  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
-          @mitigated_issues << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check.mitigated?
+            @vulnerabilities  << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind ==  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+            @mitigated_issues << {:name=> check.name, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check.mitigated?
+          else
+            debug_me "skipping check #{check.name}"
+            @skipped_checks += 1
+          end
         end
 
         true
 
       end
-      
+
       def is_applied?(name)
         @applied.each do |a|
           return true if a[:name] == name

data/lib/codesake/dawn/gemfile_lock.rb

@@ -3,8 +3,8 @@ module Codesake
     class GemfileLock
       include Codesake::Dawn::Engine
 
-      def initialize(dir = "./", mvc = "")
-        super(dir, "Gemfile.lock", {:force=>mvc.to_s})
+      def initialize(dir = "./", filename = "", debug, guessed_mvc)
+        super(dir, "Gemfile.lock", {:gemfile_name=>filename, :debug=>debug, :guessed_mvc=>guessed_mvc})
       end
 
     end

data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/command_injection.rb

@@ -6,7 +6,7 @@ module Codesake
           include PatternMatchCheck
 
           def initialize
-            message = "Ruby offers a function called “eval” which will dynamically build new Ruby code based on Strings. It also has a number of ways to call system commands. While the power of these commands is quite useful, extreme care should be taken when using them in a Rails based application. Usually, its just a bad idea. If need be, a whitelist of possible values should be used and any input should be validated as thoroughly as possible. The Ruby Security Reviewer's Guide has a section on injection and there are a number of OWASP references for it, starting at the top: Command Injection."
+            message = "Ruby offers a function called \"eval\" which will dynamically build new Ruby code based on Strings. It also has a number of ways to call system commands. While the power of these commands is quite useful, extreme care should be taken when using them in a Rails based application. Usually, its just a bad idea. If need be, a whitelist of possible values should be used and any input should be validated as thoroughly as possible. The Ruby Security Reviewer's Guide has a section on injection and there are a number of OWASP references for it, starting at the top: Command Injection."
 
             super({
               :name=>"Owasp Ror CheatSheet: Command Injection",

data/lib/codesake/dawn/version.rb

@@ -1,5 +1,6 @@
 module Codesake
   module Dawn
-    VERSION = "0.77"
+    VERSION   = "0.79.99"
+    CODENAME  = "OdditY"
   end
 end

data/spec/spec_helper.rb

@@ -1,6 +1,6 @@
 require 'coveralls'
 
-require 'codesake_commons'
+require 'codesake-commons'
 $logger  = Codesake::Commons::Logging.instance
 
 require 'codesake-dawn'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: codesake-dawn
 version: !ruby/object:Gem::Version
-  version: '0.77'
+  version: 0.79.99
 platform: ruby
 authors:
 - Paolo Perego
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-30 00:00:00.000000000 Z
+date: 2013-11-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: codesake-commons