codesake-dawn 0.85 → 1.0.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/.travis.yml +1 -1
- data/Changelog.md +67 -1
- data/README.md +137 -29
- data/Rakefile +29 -2
- data/Roadmap.md +10 -93
- data/features/{dawn_complains_about_an_incorrect_command_line.feature → dawn_complains_about_an_incorrect_command_line.feature.disabled} +0 -0
- data/features/{dawn_scan_a_secure_sinatra_app.feature → dawn_scan_a_secure_sinatra_app.feature.disabled} +0 -0
- data/features/{dawn_scan_a_vulnerable_sinatra_app.feature → dawn_scan_a_vulnerable_sinatra_app.feature.disabled} +0 -0
- data/lib/codesake/dawn/kb/basic_check.rb +7 -1
- data/lib/codesake/dawn/kb/cve_2004_0755.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2004_0983.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2005_1992.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2005_2337.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2006_1931.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2006_2582.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_3694.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2006_4112.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2006_5467.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_6303.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2006_6852.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2006_6979.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2007_0469.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5162.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2007_5379.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5380.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2007_5770.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2007_6077.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2007_6612.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2008_1145.rb +40 -0
- data/lib/codesake/dawn/kb/cve_2008_1891.rb +40 -0
- data/lib/codesake/dawn/kb/cve_2008_2376.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2008_2662.rb +35 -0
- data/lib/codesake/dawn/kb/cve_2008_2663.rb +34 -0
- data/lib/codesake/dawn/kb/cve_2008_2664.rb +35 -0
- data/lib/codesake/dawn/kb/cve_2008_2725.rb +33 -0
- data/lib/codesake/dawn/kb/cve_2008_3655.rb +39 -0
- data/lib/codesake/dawn/kb/cve_2008_3657.rb +39 -0
- data/lib/codesake/dawn/kb/cve_2008_3790.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2008_3905.rb +38 -0
- data/lib/codesake/dawn/kb/cve_2008_4094.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2008_4310.rb +103 -0
- data/lib/codesake/dawn/kb/cve_2008_5189.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2008_7248.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2009_4078.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2009_4124.rb +32 -0
- data/lib/codesake/dawn/kb/cve_2009_4214.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2010_2489.rb +62 -0
- data/lib/codesake/dawn/kb/cve_2010_3933.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_0188.rb +69 -0
- data/lib/codesake/dawn/kb/cve_2011_0739.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_1004.rb +36 -0
- data/lib/codesake/dawn/kb/cve_2011_1005.rb +33 -0
- data/lib/codesake/dawn/kb/cve_2011_2686.rb +31 -0
- data/lib/codesake/dawn/kb/cve_2011_2705.rb +34 -0
- data/lib/codesake/dawn/kb/cve_2011_2930.rb +29 -0
- data/lib/codesake/dawn/kb/cve_2011_3009.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_3187.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2011_4319.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_2090.rb +30 -0
- data/lib/codesake/dawn/kb/cve_2013_4457.rb +1 -1
- data/lib/codesake/dawn/kb/dependency_check.rb +2 -2
- data/lib/codesake/dawn/kb/nokogiri_dos_20131217.rb +1 -0
- data/lib/codesake/dawn/kb/operating_system_check.rb +4 -3
- data/lib/codesake/dawn/kb/ruby_version_check.rb +9 -3
- data/lib/codesake/dawn/knowledge_base.rb +113 -0
- data/lib/codesake/dawn/padrino.rb +1 -1
- data/lib/codesake/dawn/version.rb +14 -2
- data/lib/tasks/dawn.rake +4 -0
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +256 -0
- data/spec/lib/dawn/{codesake_padrino_engine_spec.rb → codesake_padrino_engine_disabled.rb} +0 -0
- data/spec/lib/dawn/{codesake_rails_engine_spec.rb → codesake_rails_engine_disabled.rb} +0 -0
- data/spec/lib/dawn/{codesake_sinatra_engine_spec.rb → codesake_sinatra_engine_disabled.rb} +5 -5
- data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +40 -0
- data/spec/lib/kb/{codesake_cve_2013_6416.rb → codesake_cve_2013_6416_spec.rb} +5 -5
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +1 -0
- data/spec/lib/kb/cve_2004_0983_spec.rb +8 -0
- data/spec/lib/kb/cve_2005_1992_spec.rb +8 -0
- data/spec/lib/kb/cve_2005_2337_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_1931_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_2582_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_3694_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_4112_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_5467_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6303_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6852_spec.rb +8 -0
- data/spec/lib/kb/cve_2006_6979_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_0469_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5162_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5379_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5380_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_5770_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_6077_spec.rb +8 -0
- data/spec/lib/kb/cve_2007_6612_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_1145_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_1891_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2376_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2662_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2663_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2664_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_2725_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3655_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3657_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3790_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_3905_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_4094_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_4310_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_5189_spec.rb +8 -0
- data/spec/lib/kb/cve_2008_7248_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4078_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4124_spec.rb +8 -0
- data/spec/lib/kb/cve_2009_4214_spec.rb +8 -0
- data/spec/lib/kb/cve_2010_2489_spec.rb +8 -0
- data/spec/lib/kb/cve_2010_3933_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_0188_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_0739_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_1004_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_1005_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2686_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2705_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_2930_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_3009_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_3187_spec.rb +8 -0
- data/spec/lib/kb/cve_2011_4319_spec.rb +8 -0
- data/spec/lib/kb/cve_2013_2090_spec.rb +8 -0
- data/spec/lib/kb/{owasp_ror_cheatsheet_spec.rb → owasp_ror_cheatsheet_disabled.rb} +0 -0
- metadata +172 -395
- data/Competitive_matrix.md +0 -177
- data/TODO.md +0 -64
- data/spec/support/hello_world_3.0.19/Gemfile +0 -31
- data/spec/support/hello_world_3.0.19/README +0 -256
- data/spec/support/hello_world_3.0.19/Rakefile +0 -7
- data/spec/support/hello_world_3.0.19/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.0.19/app/helpers/application_helper.rb +0 -2
- data/spec/support/hello_world_3.0.19/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.0.19/config.ru +0 -4
- data/spec/support/hello_world_3.0.19/config/application.rb +0 -42
- data/spec/support/hello_world_3.0.19/config/boot.rb +0 -6
- data/spec/support/hello_world_3.0.19/config/database.yml +0 -22
- data/spec/support/hello_world_3.0.19/config/environment.rb +0 -5
- data/spec/support/hello_world_3.0.19/config/environments/development.rb +0 -26
- data/spec/support/hello_world_3.0.19/config/environments/production.rb +0 -49
- data/spec/support/hello_world_3.0.19/config/environments/test.rb +0 -35
- data/spec/support/hello_world_3.0.19/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.0.19/config/initializers/inflections.rb +0 -10
- data/spec/support/hello_world_3.0.19/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.0.19/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.0.19/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.0.19/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.0.19/config/routes.rb +0 -58
- data/spec/support/hello_world_3.0.19/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.0.19/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.0.19/public/404.html +0 -26
- data/spec/support/hello_world_3.0.19/public/422.html +0 -26
- data/spec/support/hello_world_3.0.19/public/500.html +0 -26
- data/spec/support/hello_world_3.0.19/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.0.19/public/images/rails.png +0 -0
- data/spec/support/hello_world_3.0.19/public/index.html +0 -239
- data/spec/support/hello_world_3.0.19/public/javascripts/application.js +0 -2
- data/spec/support/hello_world_3.0.19/public/javascripts/controls.js +0 -965
- data/spec/support/hello_world_3.0.19/public/javascripts/dragdrop.js +0 -974
- data/spec/support/hello_world_3.0.19/public/javascripts/effects.js +0 -1123
- data/spec/support/hello_world_3.0.19/public/javascripts/prototype.js +0 -6001
- data/spec/support/hello_world_3.0.19/public/javascripts/rails.js +0 -202
- data/spec/support/hello_world_3.0.19/public/robots.txt +0 -5
- data/spec/support/hello_world_3.0.19/public/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.0.19/script/rails +0 -6
- data/spec/support/hello_world_3.0.19/test/performance/browsing_test.rb +0 -9
- data/spec/support/hello_world_3.0.19/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.0.19/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/Gemfile +0 -33
- data/spec/support/hello_world_3.1.0/README +0 -261
- data/spec/support/hello_world_3.1.0/Rakefile +0 -7
- data/spec/support/hello_world_3.1.0/app/assets/images/rails.png +0 -0
- data/spec/support/hello_world_3.1.0/app/assets/javascripts/application.js +0 -9
- data/spec/support/hello_world_3.1.0/app/assets/stylesheets/application.css +0 -7
- data/spec/support/hello_world_3.1.0/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.1.0/app/helpers/application_helper.rb +0 -2
- data/spec/support/hello_world_3.1.0/app/mailers/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/app/models/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.1.0/config.ru +0 -4
- data/spec/support/hello_world_3.1.0/config/application.rb +0 -48
- data/spec/support/hello_world_3.1.0/config/boot.rb +0 -6
- data/spec/support/hello_world_3.1.0/config/database.yml +0 -25
- data/spec/support/hello_world_3.1.0/config/environment.rb +0 -5
- data/spec/support/hello_world_3.1.0/config/environments/development.rb +0 -30
- data/spec/support/hello_world_3.1.0/config/environments/production.rb +0 -60
- data/spec/support/hello_world_3.1.0/config/environments/test.rb +0 -42
- data/spec/support/hello_world_3.1.0/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.1.0/config/initializers/inflections.rb +0 -10
- data/spec/support/hello_world_3.1.0/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.1.0/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.1.0/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.1.0/config/initializers/wrap_parameters.rb +0 -14
- data/spec/support/hello_world_3.1.0/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.1.0/config/routes.rb +0 -58
- data/spec/support/hello_world_3.1.0/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.1.0/lib/assets/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/log/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/public/404.html +0 -26
- data/spec/support/hello_world_3.1.0/public/422.html +0 -26
- data/spec/support/hello_world_3.1.0/public/500.html +0 -26
- data/spec/support/hello_world_3.1.0/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.1.0/public/index.html +0 -241
- data/spec/support/hello_world_3.1.0/public/robots.txt +0 -5
- data/spec/support/hello_world_3.1.0/script/rails +0 -6
- data/spec/support/hello_world_3.1.0/test/fixtures/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/functional/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/integration/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/test/performance/browsing_test.rb +0 -12
- data/spec/support/hello_world_3.1.0/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.1.0/test/unit/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/vendor/assets/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.1.0/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/Gemfile +0 -38
- data/spec/support/hello_world_3.2.13/README.rdoc +0 -261
- data/spec/support/hello_world_3.2.13/Rakefile +0 -7
- data/spec/support/hello_world_3.2.13/app/assets/images/rails.png +0 -0
- data/spec/support/hello_world_3.2.13/app/assets/javascripts/application.js +0 -15
- data/spec/support/hello_world_3.2.13/app/assets/stylesheets/application.css +0 -13
- data/spec/support/hello_world_3.2.13/app/controllers/application_controller.rb +0 -3
- data/spec/support/hello_world_3.2.13/app/helpers/application_helper.rb +0 -10
- data/spec/support/hello_world_3.2.13/app/mailers/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/app/models/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/app/models/test.rb +0 -3
- data/spec/support/hello_world_3.2.13/app/views/layouts/application.html.erb +0 -14
- data/spec/support/hello_world_3.2.13/config.ru +0 -4
- data/spec/support/hello_world_3.2.13/config/application.rb +0 -62
- data/spec/support/hello_world_3.2.13/config/boot.rb +0 -6
- data/spec/support/hello_world_3.2.13/config/database.yml +0 -25
- data/spec/support/hello_world_3.2.13/config/environment.rb +0 -5
- data/spec/support/hello_world_3.2.13/config/environments/development.rb +0 -37
- data/spec/support/hello_world_3.2.13/config/environments/production.rb +0 -67
- data/spec/support/hello_world_3.2.13/config/environments/test.rb +0 -37
- data/spec/support/hello_world_3.2.13/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/support/hello_world_3.2.13/config/initializers/inflections.rb +0 -15
- data/spec/support/hello_world_3.2.13/config/initializers/mime_types.rb +0 -5
- data/spec/support/hello_world_3.2.13/config/initializers/secret_token.rb +0 -7
- data/spec/support/hello_world_3.2.13/config/initializers/session_store.rb +0 -8
- data/spec/support/hello_world_3.2.13/config/initializers/wrap_parameters.rb +0 -14
- data/spec/support/hello_world_3.2.13/config/locales/en.yml +0 -5
- data/spec/support/hello_world_3.2.13/config/routes.rb +0 -58
- data/spec/support/hello_world_3.2.13/db/seeds.rb +0 -7
- data/spec/support/hello_world_3.2.13/lib/assets/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/lib/tasks/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/log/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/public/404.html +0 -26
- data/spec/support/hello_world_3.2.13/public/422.html +0 -26
- data/spec/support/hello_world_3.2.13/public/500.html +0 -25
- data/spec/support/hello_world_3.2.13/public/favicon.ico +0 -0
- data/spec/support/hello_world_3.2.13/public/index.html +0 -241
- data/spec/support/hello_world_3.2.13/public/robots.txt +0 -5
- data/spec/support/hello_world_3.2.13/script/rails +0 -6
- data/spec/support/hello_world_3.2.13/test/fixtures/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/functional/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/integration/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/test/performance/browsing_test.rb +0 -12
- data/spec/support/hello_world_3.2.13/test/test_helper.rb +0 -13
- data/spec/support/hello_world_3.2.13/test/unit/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/assets/javascripts/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/assets/stylesheets/.gitkeep +0 -0
- data/spec/support/hello_world_3.2.13/vendor/plugins/.gitkeep +0 -0
- data/spec/support/hello_world_padrino/.components +0 -9
- data/spec/support/hello_world_padrino/.gitignore +0 -8
- data/spec/support/hello_world_padrino/Gemfile +0 -42
- data/spec/support/hello_world_padrino/Rakefile +0 -6
- data/spec/support/hello_world_padrino/app/app.rb +0 -61
- data/spec/support/hello_world_padrino/config.ru +0 -9
- data/spec/support/hello_world_padrino/config/apps.rb +0 -39
- data/spec/support/hello_world_padrino/config/boot.rb +0 -46
- data/spec/support/hello_world_padrino/config/database.rb +0 -19
- data/spec/support/hello_world_padrino/cucumber.yml +0 -2
- data/spec/support/hello_world_padrino/db/migrate/001_create_users.rb +0 -16
- data/spec/support/hello_world_padrino/dispatcher/app.rb +0 -61
- data/spec/support/hello_world_padrino/features/add.feature +0 -11
- data/spec/support/hello_world_padrino/features/step_definitions/add_steps.rb +0 -15
- data/spec/support/hello_world_padrino/features/support/env.rb +0 -10
- data/spec/support/hello_world_padrino/features/support/url.rb +0 -17
- data/spec/support/hello_world_padrino/models/user.rb +0 -11
- data/spec/support/hello_world_padrino/public/favicon.ico +0 -0
- data/spec/support/hello_world_padrino/public/javascripts/application.js +0 -1
- data/spec/support/hello_world_padrino/public/javascripts/jquery-ujs.js +0 -95
- data/spec/support/hello_world_padrino/public/javascripts/jquery.js +0 -4
- data/spec/support/lorem.txt +0 -23
- data/spec/support/sinatra-safe/.gems +0 -4
- data/spec/support/sinatra-safe/Gemfile +0 -18
- data/spec/support/sinatra-safe/MIT-LICENSE +0 -20
- data/spec/support/sinatra-safe/README.rdoc +0 -35
- data/spec/support/sinatra-safe/Rakefile +0 -32
- data/spec/support/sinatra-safe/application.rb +0 -23
- data/spec/support/sinatra-safe/config.ru +0 -11
- data/spec/support/sinatra-safe/environment.rb +0 -25
- data/spec/support/sinatra-safe/lib/profile.rb +0 -11
- data/spec/support/sinatra-safe/public/main.css +0 -52
- data/spec/support/sinatra-safe/script/console +0 -16
- data/spec/support/sinatra-safe/views/layout.haml +0 -14
- data/spec/support/sinatra-safe/views/root.haml +0 -4
- data/spec/support/sinatra-vulnerable/.gems +0 -4
- data/spec/support/sinatra-vulnerable/Gemfile +0 -17
- data/spec/support/sinatra-vulnerable/MIT-LICENSE +0 -20
- data/spec/support/sinatra-vulnerable/README.rdoc +0 -35
- data/spec/support/sinatra-vulnerable/Rakefile +0 -32
- data/spec/support/sinatra-vulnerable/application.rb +0 -34
- data/spec/support/sinatra-vulnerable/config.ru +0 -11
- data/spec/support/sinatra-vulnerable/disabled.png +0 -0
- data/spec/support/sinatra-vulnerable/environment.rb +0 -25
- data/spec/support/sinatra-vulnerable/lib/profile.rb +0 -11
- data/spec/support/sinatra-vulnerable/public/main.css +0 -52
- data/spec/support/sinatra-vulnerable/script/console +0 -16
- data/spec/support/sinatra-vulnerable/views/layout.haml +0 -14
- data/spec/support/sinatra-vulnerable/views/root.haml +0 -4
- data/spec/support/sinatra-vulnerable/views/xss.haml +0 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b63f07bd799c32b7133442be694cfd87935f2bfb
|
4
|
+
data.tar.gz: 0f593c3a92707e690397f13a16868c23db1a99fc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f58fe979a27fd4ab321d22dab981f1a849a5c08a38865956add328a363749273e0c6b8674157d1ae5fa0b3af5c2dc407fd46fb2ad755188fdd13337b61811704
|
7
|
+
data.tar.gz: 1b40549d2559097dde2840955efc6fbe7d9e906bd841879a20f47ba5ac01497ccf8e4d498f9e8ede8a9a87fab3d114506dbaa44e383b9de589d50e200da12ca8
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
|
1
|
+
2.0.0
|
data/.travis.yml
CHANGED
data/Changelog.md
CHANGED
@@ -5,7 +5,73 @@ It supports [Sinatra](http://www.sinatrarb.com),
|
|
5
5
|
[Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
|
6
6
|
frameworks.
|
7
7
|
|
8
|
-
_latest update:
|
8
|
+
_latest update: Wed Jan 8 23:50:05 CET 2014_
|
9
|
+
|
10
|
+
## Version 1.0.0 - codename: Lightning McQueen (2014-01-10)
|
11
|
+
|
12
|
+
* Fixing issue #19 (https://github.com/codesake/codesake-dawn/issues/19). There
|
13
|
+
was a problem on ```is_a_vulnerable_version?``` routine that flags a security
|
14
|
+
check as vulnerable even if it wasn't. During the dependency check, if the
|
15
|
+
vulnerable gem and the dependency has both major and minor version equal and
|
16
|
+
the patch number tells if the gem is vulnerable or not, this check failed.
|
17
|
+
* ruby_version_check.rb: fixed an issue on is_vulnerable_patchlevel? that
|
18
|
+
caused a nil pointer exception when ruby interpreter patchlevel was evaluated
|
19
|
+
* ruby_version_check.rb: fixed an issue on is_vulnerable_patchlevel? that loads
|
20
|
+
the safe patchlevels comparing the wrong parameter.
|
21
|
+
* Added a rake task to better integrate codesake-dawn in a continous
|
22
|
+
development workflow. Now when you install codesake-dawn you have a 'rake
|
23
|
+
dawn' task executing the tool on the current directory.
|
24
|
+
* Added a check for CVE-2004-0755
|
25
|
+
* Added a check for CVE-2004-0983
|
26
|
+
* Added a check for CVE-2005-1992
|
27
|
+
* Added a check for CVE-2005-2337
|
28
|
+
* Added a check for CVE-2006-1931
|
29
|
+
* Added a check for CVE-2006-2582
|
30
|
+
* Added a check for CVE-2006-3694
|
31
|
+
* Added a check for CVE-2006-4112
|
32
|
+
* Added a check for CVE-2006-5467
|
33
|
+
* Added a check for CVE-2006-6303
|
34
|
+
* Added a check for CVE-2006-6852
|
35
|
+
* Added a check for CVE-2006-6979
|
36
|
+
* Added a check for CVE-2007-0469
|
37
|
+
* Added a check for CVE-2007-5162
|
38
|
+
* Added a check for CVE-2007-5379
|
39
|
+
* Added a check for CVE-2007-5380
|
40
|
+
* Added a check for CVE-2007-5770
|
41
|
+
* Added a check for CVE-2007-6077
|
42
|
+
* Added a check for CVE-2007-6612
|
43
|
+
* Added a check for CVE-2008-1145
|
44
|
+
* Added a check for CVE-2008-1891
|
45
|
+
* Added a check for CVE-2008-2376
|
46
|
+
* Added a check for CVE-2008-2662
|
47
|
+
* Added a check for CVE-2008-2663
|
48
|
+
* Added a check for CVE-2008-2664
|
49
|
+
* Added a check for CVE-2008-2725
|
50
|
+
* Added a check for CVE-2008-3655
|
51
|
+
* Added a check for CVE-2008-3657
|
52
|
+
* Added a check for CVE-2008-3790
|
53
|
+
* Added a check for CVE-2008-3905
|
54
|
+
* Added a check for CVE-2008-4094
|
55
|
+
* Added a check for CVE-2008-4310
|
56
|
+
* Added a check for CVE-2008-5189
|
57
|
+
* Added a check for CVE-2008-7248
|
58
|
+
* Added a check for CVE-2009-4078
|
59
|
+
* Added a check for CVE-2009-4124
|
60
|
+
* Added a check for CVE-2009-4214
|
61
|
+
* Added a check for CVE-2010-2489
|
62
|
+
* Added a check for CVE-2010-3933
|
63
|
+
* Added a check for CVE-2011-0188
|
64
|
+
* Added a check for CVE-2011-0739
|
65
|
+
* Added a check for CVE-2011-1004
|
66
|
+
* Added a check for CVE-2011-1005
|
67
|
+
* Added a check for CVE-2011-2686
|
68
|
+
* Added a check for CVE-2011-2705
|
69
|
+
* Added a check for CVE-2011-2930
|
70
|
+
* Added a check for CVE-2011-3009
|
71
|
+
* Added a check for CVE-2011-3187
|
72
|
+
* Added a check for CVE-2011-4319
|
73
|
+
* Added a check for CVE-2013-2090
|
74
|
+
|
9
75
|
|
10
76
|
## Version 0.85 - codename: elevator (2013-12-17)
|
11
77
|
|
data/README.md
CHANGED
@@ -1,22 +1,54 @@
|
|
1
|
-
# Codesake::Dawn - The security code
|
1
|
+
# Codesake::Dawn - The security code scanner for Ruby
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
3
|
+
Codesake::Dawn is a source code scanner designed to review your code for
|
4
|
+
security issues.
|
5
|
+
|
6
|
+
Codesake::Dawn is able to scan your ruby standalone programs but its main usage
|
7
|
+
is to deal with web applications. It supports applications written using majors
|
8
|
+
MVC (Model View Controller) frameworks, like:
|
9
|
+
|
10
|
+
* [Ruby on Rails](http://rubyonrails.org)
|
11
|
+
* [Sinatra](http://www.sinatrarb.com)
|
12
|
+
* [Padrino](http://www.padrinorb.com)
|
13
|
+
|
14
|
+
---
|
7
15
|
|
8
16
|
[![Gem Version](https://badge.fury.io/rb/codesake-dawn.png)](http://badge.fury.io/rb/codesake-dawn)
|
9
17
|
[![Build Status](https://travis-ci.org/codesake/codesake-dawn.png?branch=master)](https://travis-ci.org/codesake/codesake-dawn)
|
10
18
|
[![Dependency Status](https://gemnasium.com/codesake/codesake-dawn.png)](https://gemnasium.com/codesake/codesake-dawn)
|
11
19
|
[![Coverage Status](https://coveralls.io/repos/codesake/codesake-dawn/badge.png)](https://coveralls.io/r/codesake/codesake-dawn)
|
12
20
|
|
13
|
-
|
21
|
+
---
|
22
|
+
|
23
|
+
Codesake::Dawn version 1.0 has 131 security checks loaded in its knowledge
|
24
|
+
base. Most of them are CVE bulletins, that applies to gems, framework or the
|
25
|
+
ruby interpreter itself.
|
14
26
|
|
15
|
-
|
27
|
+
You candump all security checks in the knowledge base by using the -k
|
28
|
+
flag:
|
29
|
+
|
30
|
+
```
|
31
|
+
$ dawn -k|--list-knowledge-base
|
32
|
+
```
|
16
33
|
|
17
|
-
twitter: [https://twitter.com/codesake](https://twitter.com/codesake) #dawnscanner hashtag
|
18
34
|
|
19
|
-
|
35
|
+
When you run Codesake::Dawn on your code it parses your project Gemfile.lock
|
36
|
+
looking for the gems used and it tries to detect the ruby interpreter version
|
37
|
+
you are using or you declared in your ruby version management tool you like
|
38
|
+
most (RVM, rbenv, ...).
|
39
|
+
|
40
|
+
Then the tool tries to detect the MVC framework your web application uses and
|
41
|
+
it applies the security check accordingly. There checks designed to match rails
|
42
|
+
application or checks that are appliable to any ruby code.
|
43
|
+
|
44
|
+
Codesake::Dawn can also understand the code in your views and to backtrack
|
45
|
+
sinks to spot cross site scripting and sql injections introduced by the code
|
46
|
+
you actually wrote. In the project roadmap this is the code most of the future
|
47
|
+
development effort will be focused on.
|
48
|
+
|
49
|
+
Codesake::Dawn security scan result is a list of vulnerabilities with some
|
50
|
+
mitigation actions you want to follow in order to build a stronger web
|
51
|
+
application.
|
20
52
|
|
21
53
|
## Installation
|
22
54
|
|
@@ -50,36 +82,113 @@ that.
|
|
50
82
|
You can start your code review with dawn very easily. Simply tell the tool
|
51
83
|
where the project root directory.
|
52
84
|
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
85
|
+
Underlying MVC framework is autodetected by dawn using target Gemfile.lock
|
86
|
+
file. If autodetect fails for some reason, the tool will complain about it and
|
87
|
+
you have to specify if it's a rails, sinatra or padrino web application by
|
88
|
+
hand.
|
89
|
+
|
90
|
+
Basic usage is to specify some optional command line option to fit best your
|
91
|
+
needs, and to specify the target directory where your code is stored.
|
57
92
|
|
58
|
-
dawn command line is in this form with options and the target.
|
59
93
|
```
|
60
94
|
$ dawn [options] target
|
61
95
|
```
|
62
96
|
|
63
|
-
|
97
|
+
In case of need, there is a quick command line option reference running ```dawn -h``` at your OS prompt.
|
98
|
+
|
99
|
+
```
|
100
|
+
$ bundle exec dawn -h
|
101
|
+
08:05:21 [*] dawn v1.0.0.rc1 is starting up
|
102
|
+
Usage: dawn [options] target_directory
|
103
|
+
|
104
|
+
|
105
|
+
Examples:$ dawn a_sinatra_webapp_directory
|
106
|
+
$ dawn -C the_rails_blog_engine
|
107
|
+
$ dawn -C --output json a_sinatra_webapp_directory
|
108
|
+
|
109
|
+
-r, --rails force dawn to consider the target a rails application
|
110
|
+
-s, --sinatra force dawn to consider the target a sinatra application
|
111
|
+
-p, --padrino force dawn to consider the target a padrino application
|
112
|
+
-G, --gem-lock force dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock
|
113
|
+
-D, --debug enters dawn debug mode
|
114
|
+
-f, --list-known-framework list ruby MVC frameworks supported by dawn
|
115
|
+
-k, --list-knowledgebase [check_name] list dawn known security checks. If check_name is specified dawn says if check is present or not
|
116
|
+
-o, --output [console, json. csv, html] the output will be in the specified format
|
117
|
+
-V, --verbose the output will be more verbose
|
118
|
+
-C, --count-only dawn will only count vulnerabilities (useful for scripts)
|
119
|
+
-z, --exit-on-warn dawn will return number of found vulnerabilities as exit code
|
120
|
+
-v, --version show version information
|
121
|
+
-h, --help show this help
|
122
|
+
```
|
123
|
+
|
124
|
+
### Codesake::Dawn security scan in action
|
64
125
|
|
65
126
|
As output, dawn will put all security checks that are failed during the scan.
|
66
|
-
|
67
|
-
|
127
|
+
|
128
|
+
This the result of Codedake::Dawn running against a
|
129
|
+
[Sinatra 1.4.2 web application](https://github.com/thesp0nge/railsberry2013) wrote for a talk I
|
130
|
+
delivered in 2013 at [Railsberry conference](http://www.railsberry.com).
|
131
|
+
|
132
|
+
As you may see, Codesake::Dawn first detects MVC running the application by
|
133
|
+
looking at Gemfile.lock, than it discards all security checks not appliable to
|
134
|
+
Sinatra (49 security checks, in version 1.0, especially designed for Ruby on
|
135
|
+
Rails) and it applies them.
|
136
|
+
|
137
|
+
```
|
138
|
+
$ bundle exec dawn ~/src/hacking/railsberry2013
|
139
|
+
08:09:47 [*] dawn v1.0.0.rc1 is starting up
|
140
|
+
08:09:47 [$] dawn: scanning /Users/thesp0nge/src/hacking/railsberry2013
|
141
|
+
08:09:47 [$] dawn: sinatra v1.4.2 detected
|
142
|
+
08:09:47 [$] dawn: applying all security checks
|
143
|
+
08:09:47 [$] dawn: 82 security checks applied - 0 security checks skipped
|
144
|
+
08:09:47 [$] dawn: 1 vulnerabilities found
|
145
|
+
08:09:47 [$] dawn: CVE-2013-1800 failed
|
146
|
+
08:09:47 [$] dawn: Description: The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
|
147
|
+
08:09:47 [$] dawn: Solution: Please use crack gem version 0.3.2 or above. Correct your gemfile
|
148
|
+
08:09:47 [!] dawn: Evidence:
|
149
|
+
08:09:47 [!] dawn: Vulnerable crack gem version found: 0.3.1
|
150
|
+
08:09:47 [*] dawn is leaving
|
151
|
+
```
|
152
|
+
|
153
|
+
---
|
154
|
+
|
155
|
+
When you run Codesake::Dawn on a web application with up to date dependencies,
|
156
|
+
it's likely to return a friendly _no vulnerabilities found_ message. Keep it up
|
157
|
+
working that way!
|
158
|
+
|
159
|
+
This is Codesake::Dawn running against a Padrino web application I wrote for [a
|
160
|
+
scorecard quiz game about application security](http://scorecard.armoredcode.com).
|
161
|
+
Italian language only. Sorry.
|
162
|
+
|
163
|
+
```
|
164
|
+
08:17:09 [*] dawn v1.0.0.rc1 is starting up
|
165
|
+
08:17:09 [$] dawn: scanning /Users/thesp0nge/src/CORE_PROJECTS/scorecard
|
166
|
+
08:17:09 [$] dawn: padrino v0.11.2 detected
|
167
|
+
08:17:09 [$] dawn: applying all security checks
|
168
|
+
08:17:09 [$] dawn: 82 security checks applied - 0 security checks skipped
|
169
|
+
08:17:09 [*] dawn: no vulnerabilities found.
|
170
|
+
08:17:09 [*] dawn is leaving
|
171
|
+
```
|
172
|
+
|
173
|
+
---
|
174
|
+
|
175
|
+
Last example shows Codesake::Dawn against a very simple Sinatra application
|
176
|
+
designed to be buggy:
|
68
177
|
|
69
178
|
```
|
70
179
|
$ dawn target
|
71
|
-
|
72
|
-
08:28:18 [$] dawn: scanning
|
180
|
+
08:28:18 [*] dawn v1.0.0.rc1 is starting up
|
181
|
+
08:28:18 [$] dawn: scanning /Users/thesp0nge/tmp/sinatra-vulnerable
|
73
182
|
08:28:18 [$] dawn: sinatra v1.2.6 detected
|
74
183
|
08:28:18 [$] dawn: applying all security checks
|
75
|
-
08:28:18 [$] dawn:
|
184
|
+
08:28:18 [$] dawn: 82 security checks applied - 0 security checks skipped
|
76
185
|
08:28:18 [$] dawn: 5 vulnerabilities found
|
77
186
|
08:28:18 [$] dawn: Not revised code failed
|
78
187
|
08:28:18 [$] dawn: Description: Analyzing comments, it seems your code is waiting from some review from you. Please consider take action before putting it in production.
|
79
188
|
This check will analyze the source code looking for the following patterns: XXX, TO_CHECK, CHECKME, CHECK and FIXME
|
80
189
|
08:28:18 [$] dawn: Solution: Please review the file fixing the issue.
|
81
190
|
08:28:18 [!] dawn: Evidence:
|
82
|
-
08:28:18 [!] dawn: {:filename=>"
|
191
|
+
08:28:18 [!] dawn: {:filename=>"/Users/thesp0nge/tmp/sinatra-vulnerable/application.rb", :matches=>[{:match=>"# FIXME: I must raise an error here\n", :line=>30}]}
|
83
192
|
08:28:18 [$] dawn: CVE-2013-0269 failed
|
84
193
|
08:28:18 [$] dawn: Description: The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."
|
85
194
|
08:28:18 [$] dawn: Solution: Please upgrade JSON gem to version 1.5.5, 1.6.8 or 1.7.7 or latest version available
|
@@ -100,15 +209,15 @@ This check will analyze the source code looking for the following patterns: XXX,
|
|
100
209
|
08:28:18 [*] dawn is leaving
|
101
210
|
```
|
102
211
|
|
212
|
+
---
|
103
213
|
|
104
|
-
|
105
|
-
flag:
|
214
|
+
## Useful links
|
106
215
|
|
107
|
-
|
108
|
-
$ dawn -k|--list-knowledge-base
|
109
|
-
```
|
216
|
+
Project homepage: [http://dawn.codesake.com](http://dawn.codesake.com)
|
110
217
|
|
111
|
-
|
218
|
+
Twitter progile: [@dawnscanner](https://twitter.com/dawnscanner)
|
219
|
+
|
220
|
+
Github repository: [https://github.com/codesake/codesake\-dawn](https://github.com/codesake/codesake-dawn)
|
112
221
|
|
113
222
|
## Supporters
|
114
223
|
|
@@ -119,7 +228,6 @@ If you're a proud codesake-dawn user, if you find it useful, if you integrated
|
|
119
228
|
it in your release process and if you want to openly support the project you
|
120
229
|
can put your reference here.
|
121
230
|
|
122
|
-
|
123
231
|
You can support the project by forking the repo, adding a success story, a
|
124
232
|
statement saying how do you feel the tool or your company logo as well and then
|
125
233
|
submitting a pull request.
|
@@ -138,7 +246,7 @@ Thank you for your support.
|
|
138
246
|
|
139
247
|
## LICENSE
|
140
248
|
|
141
|
-
Copyright (c) 2013 Paolo Perego
|
249
|
+
Copyright (c) 2013, 2014 Paolo Perego
|
142
250
|
|
143
251
|
MIT License
|
144
252
|
|
data/Rakefile
CHANGED
@@ -23,7 +23,7 @@ task :default => [ :spec, :features ]
|
|
23
23
|
task :test => :spec
|
24
24
|
|
25
25
|
desc "Create a new CVE test"
|
26
|
-
task :
|
26
|
+
task :cve, :name do |t,args|
|
27
27
|
name = args.name
|
28
28
|
SRC_DIR = "./lib/codesake/dawn/kb/"
|
29
29
|
SPEC_DIR = "./spec/lib/kb/"
|
@@ -59,6 +59,19 @@ task :new_cve, :name do |t,args|
|
|
59
59
|
end
|
60
60
|
puts "#{rb_filename} created"
|
61
61
|
|
62
|
+
open(spec_filename, "w") do |file|
|
63
|
+
file.puts "require 'spec_helper'"
|
64
|
+
|
65
|
+
file.puts "describe \"The #{name} vulnerability\" do"
|
66
|
+
file.puts "\tbefore(:all) do"
|
67
|
+
file.puts "\t\t@check = Codesake::Dawn::Kb::#{class_name}.new"
|
68
|
+
file.puts "\t\t# @check.debug = true"
|
69
|
+
file.puts "\tend"
|
70
|
+
file.puts "\tit \"needs some test...\""
|
71
|
+
file.puts "end"
|
72
|
+
end
|
73
|
+
puts "#{spec_filename} created"
|
74
|
+
|
62
75
|
puts "*** PLEASE IMPLEMENT TEST FOR #{name} IN spec/lib/dawn/codesake_knowledgebase_spec.rb in order to reflect changes"
|
63
76
|
puts "*** PLEASE ADD THIS CODE IN lib/codesake/dawn/knowledge_base.rb in order to reflect changes"
|
64
77
|
puts "require \"codesake/dawn/kb/#{class_name.downcase}\""
|
@@ -74,7 +87,7 @@ end
|
|
74
87
|
|
75
88
|
|
76
89
|
desc "Create a new Generic security check"
|
77
|
-
task :
|
90
|
+
task :check, :name do |t,args|
|
78
91
|
name = args.name
|
79
92
|
SRC_DIR = "./lib/codesake/dawn/kb/"
|
80
93
|
SPEC_DIR = "./spec/lib/kb/"
|
@@ -109,6 +122,20 @@ task :new_check, :name do |t,args|
|
|
109
122
|
end
|
110
123
|
puts "#{rb_filename} created"
|
111
124
|
|
125
|
+
open(spec_filename, "w") do |file|
|
126
|
+
file.puts "require 'spec_helper'"
|
127
|
+
|
128
|
+
file.puts "describe \"The #{name} vulnerability\" do"
|
129
|
+
file.puts "\tbefore(:all) do"
|
130
|
+
file.puts "\t\t@check = Codesake::Dawn::Kb::#{class_name}.new"
|
131
|
+
file.puts "\t\t# @check.debug = true"
|
132
|
+
file.puts "\tend"
|
133
|
+
file.puts "\tit \"needs some test...\""
|
134
|
+
file.puts "end"
|
135
|
+
end
|
136
|
+
puts "#{spec_filename} created"
|
137
|
+
|
138
|
+
|
112
139
|
puts "*** PLEASE IMPLEMENT TEST FOR #{name} IN spec/lib/dawn/codesake_knowledgebase_spec.rb in order to reflect changes"
|
113
140
|
puts "*** PLEASE ADD THIS CODE IN lib/codesake/dawn/knowledge_base.rb in order to reflect changes"
|
114
141
|
puts "require \"codesake/dawn/kb/#{class_name.downcase}\""
|
data/Roadmap.md
CHANGED
@@ -7,51 +7,15 @@ frameworks.
|
|
7
7
|
|
8
8
|
This is an ongoing roadmap for the dawn source code review tool.
|
9
9
|
|
10
|
-
_latest update:
|
10
|
+
_latest update: Thu Jan 9 08:58:00 CET 2014_
|
11
11
|
|
12
|
-
## Version 0
|
12
|
+
## Version 1.1.0
|
13
|
+
|
14
|
+
* add a language check. It will handle a ruby script as input and a ruby\_parser line as unsafe pattern. It will compile the ruby and look for the unsafe pattern
|
15
|
+
* add a check against deprecated ruby / gems version. I will handle MVC gems right now.
|
16
|
+
|
17
|
+
## Version 1.2.0
|
13
18
|
|
14
|
-
* adding test for CVE-2013-2090 _if CVE will be approved_
|
15
|
-
* adding test for CVE-2013-2065 _if CVE will be approved_
|
16
|
-
* adding test for CVE-2011-3186
|
17
|
-
* adding test for CVE-2011-2197
|
18
|
-
* adding test for CVE-2011-2932
|
19
|
-
* adding test for CVE-2011-0447
|
20
|
-
* adding test for CVE-2011-0995
|
21
|
-
* adding test for CVE-2011-0446
|
22
|
-
* adding test for CVE-2011-2929
|
23
|
-
* adding test for CVE-2011-1005
|
24
|
-
* adding test for CVE-2010-3933
|
25
|
-
* adding test for CVE-2011-4319
|
26
|
-
* adding test for CVE-2011-3009
|
27
|
-
* adding test for CVE-2011-1004
|
28
|
-
* adding test for CVE-2010-3119
|
29
|
-
* adding test for CVE-2011-2930
|
30
|
-
* adding test for CVE-2011-2854
|
31
|
-
* adding test for CVE-2011-3187
|
32
|
-
* adding test for CVE-2011-2686
|
33
|
-
* adding test for CVE-2011-2705
|
34
|
-
* adding test for CVE-2011-0188
|
35
|
-
* adding test for CVE-2011-0446
|
36
|
-
* adding test for CVE-2010-3933
|
37
|
-
* adding test for CVE-2011-0739
|
38
|
-
* adding test for CVE-2010-3928
|
39
|
-
* adding test for CVE-2008-7248
|
40
|
-
* adding test for CVE-2009-4124
|
41
|
-
* adding test for CVE-2010-0541
|
42
|
-
* adding test for CVE-2010-2489
|
43
|
-
* adding test for CVE-2009-3857
|
44
|
-
* adding test for CVE-2009-4078
|
45
|
-
* adding test for CVE-2009-4214
|
46
|
-
* adding test for CVE-2008-4310
|
47
|
-
* adding test for CVE-2009-0161
|
48
|
-
* adding test for CVE-2008-5189
|
49
|
-
* adding test for CVE-2008-3657
|
50
|
-
* adding test for CVE-2008-2376
|
51
|
-
* adding test for CVE-2008-3655
|
52
|
-
* adding test for CVE-2008-1145
|
53
|
-
* adding test for CVE-2008-1891
|
54
|
-
* adding test for CVE-2008-2725
|
55
19
|
* adding test for RoRCheatSheet\_2
|
56
20
|
* adding test for RoRCheatSheet\_3
|
57
21
|
* adding test for RoRCheatSheet\_5
|
@@ -71,7 +35,6 @@ _latest update: Fri Dec 13 07:55:54 CET 2013_
|
|
71
35
|
* detect insecure direct object reference in Rails applications
|
72
36
|
* detect SQLi in Sinatra applications
|
73
37
|
* detect SQLi in Padrino applications
|
74
|
-
|
75
38
|
* detect sinks for XSS in Padrino applications
|
76
39
|
* detect reflected XSS in Padrino applications
|
77
40
|
* detect stored XSS in Sinatra applications
|
@@ -81,58 +44,12 @@ _latest update: Fri Dec 13 07:55:54 CET 2013_
|
|
81
44
|
* support ERB for in detect\_views (for both Sinatra and Padrino)
|
82
45
|
* integration with [codesake.com](http://codesake.com) with a public available
|
83
46
|
APIs to be consumed by codesake beta users.
|
84
|
-
|
85
|
-
## Version 1.00
|
86
|
-
|
87
|
-
* adding test for CVE-2008-4310
|
88
|
-
* adding test for CVE-2008-3657
|
89
|
-
* adding test for CVE-2008-1891
|
90
|
-
* adding test for CVE-2007-5162
|
91
|
-
* adding test for CVE-2006-5467
|
92
|
-
* adding test for CVE-2004-0983
|
93
|
-
* adding test for CVE-2008-4094
|
94
|
-
* adding test for CVE-2008-1447
|
95
|
-
* adding test for CVE-2007-6612
|
96
|
-
* adding test for CVE-2007-2666
|
97
|
-
* adding test for CVE-2006-4112
|
98
|
-
* adding test for CVE-2008-3905
|
99
|
-
* adding test for CVE-2008-2662
|
100
|
-
* adding test for CVE-2007-6183
|
101
|
-
* adding test for CVE-2007-2383
|
102
|
-
* adding test for CVE-2006-3694
|
103
|
-
* adding test for CVE-2008-3790
|
104
|
-
* adding test for CVE-2008-2663
|
105
|
-
* adding test for CVE-2007-6077
|
106
|
-
* adding test for CVE-2006-6979
|
107
|
-
* adding test for CVE-2007-6183
|
108
|
-
* adding test for CVE-2007-2383
|
109
|
-
* adding test for CVE-2006-3694
|
110
|
-
* adding test for CVE-2007-2666
|
111
|
-
* adding test for CVE-2006-4112
|
112
|
-
* adding test for CVE-2007-5770
|
113
|
-
* adding test for CVE-2007-0469
|
114
|
-
* adding test for CVE-2006-1931
|
115
|
-
* adding test for CVE-2007-5380
|
116
|
-
* adding test for CVE-2006-6303
|
117
|
-
* adding test for CVE-2005-1992
|
118
|
-
* adding test for CVE-2007-6077
|
119
|
-
* adding test for CVE-2006-6979
|
120
|
-
* adding test for CVE-2006-2582
|
121
|
-
* adding test for CVE-2007-5162
|
122
|
-
* adding test for CVE-2006-5467
|
123
|
-
* adding test for CVE-2004-0983
|
124
|
-
* adding test for CVE-2007-5379
|
125
|
-
* adding test for CVE-2006-6852
|
126
|
-
* adding test for CVE-2005-2337
|
127
|
-
* adding test for CVE-2005-1992
|
128
|
-
* adding test for CVE-2004-0755
|
129
|
-
* adding test for CVE-2004-0983
|
130
47
|
* dedicated web site under dawn.codesake.com
|
131
48
|
* detect SQLi in Rails applications
|
132
49
|
* integration with [codesake.com](http://codesake.com) with a public available
|
133
50
|
APIs to be consumed by codesake users.
|
134
51
|
* automatic mitigation patch generation
|
135
52
|
|
136
|
-
## Version
|
137
|
-
|
138
|
-
*
|
53
|
+
## Version 2.0.0
|
54
|
+
* Add a --github option to dawn to clone a remote repository, perform a bundle install and do a code review.
|
55
|
+
* node.js support
|