codesake-dawn 1.0.0.rc1 → 1.0.0.rc2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b63f07bd799c32b7133442be694cfd87935f2bfb
-  data.tar.gz: 0f593c3a92707e690397f13a16868c23db1a99fc
+  metadata.gz: ead6f235a382b5141ff5b4deb9c378820bac7c9f
+  data.tar.gz: 1e4aa5deac922e50082aed79bae96206316da310
 SHA512:
-  metadata.gz: f58fe979a27fd4ab321d22dab981f1a849a5c08a38865956add328a363749273e0c6b8674157d1ae5fa0b3af5c2dc407fd46fb2ad755188fdd13337b61811704
-  data.tar.gz: 1b40549d2559097dde2840955efc6fbe7d9e906bd841879a20f47ba5ac01497ccf8e4d498f9e8ede8a9a87fab3d114506dbaa44e383b9de589d50e200da12ca8
+  metadata.gz: b3e0e711990a83280b447c164592644cd2844ff32ca4feecc391a33a849b6baee36162e09996e01c82a4974eadc082e27560e3c5f85cbf64c58971610d27e68e
+  data.tar.gz: f24b24415371c204bccf23dcb975b7a795dc228738256f40324c95455e966d0f8d4dd8f981e84b6bddebc12cc0c6330eb3e29124739d5679087f79ed3ed69028

data/.travis.yml

@@ -1,8 +1,6 @@
 language: ruby
 rvm:
-  - 1.8.7
   - 1.9.2
   - 1.9.3
   - 2.0.0
   - 2.1.0
-  - jruby

data/Changelog.md

@@ -5,9 +5,9 @@ It supports [Sinatra](http://www.sinatrarb.com),
 [Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
 frameworks. 
 
-_latest update: Wed Jan  8 23:50:05 CET 2014_
+_latest update: Fri Jan 10 08:53:06 CET 2014_
 
-## Version 1.0.0 - codename: Lightning McQueen (2014-01-10)
+## Version 1.0.0 - codename: Lightning McQueen (2014-01-xx)
 
 * Fixing issue #19 (https://github.com/codesake/codesake-dawn/issues/19). There
   was a problem on ```is_a_vulnerable_version?``` routine that flags a security
@@ -21,6 +21,8 @@ _latest update: Wed Jan  8 23:50:05 CET 2014_
 * Added a rake task to better integrate codesake-dawn in a continous
   development workflow. Now when you install codesake-dawn you have a 'rake
   dawn' task executing the tool on the current directory.
+* In BasicCheck::is_vulnerable_version? Added support for the fourth version
+  number. We needed this to implement check for CVE-2013-7086
 * Added a check for CVE-2004-0755
 * Added a check for CVE-2004-0983
 * Added a check for CVE-2005-1992
@@ -70,7 +72,13 @@ _latest update: Wed Jan  8 23:50:05 CET 2014_
 * Added a check for CVE-2011-3009
 * Added a check for CVE-2011-3187
 * Added a check for CVE-2011-4319
+* Added a check for CVE-2013-0256
+* Added a check for CVE-2013-0263
 * Added a check for CVE-2013-2090
+* Added a check for CVE-2013-2119
+* Added a check for CVE-2013-5647
+* Added a check for CVE-2013-6459
+* Added a check for CVE-2013-7086
 
 
 ## Version 0.85 - codename: elevator (2013-12-17)

data/Roadmap.md

@@ -7,10 +7,33 @@ frameworks.
 
 This is an ongoing roadmap for the dawn source code review tool.
 
-_latest update: Thu Jan  9 08:58:00 CET 2014_
+_latest update: Fri Jan 10 17:06:04 CET 2014_
+
+## Version 1.0.0
+
+* CVE-2013-2119
+* CVE-2013-1756
+* CVE-2013-0162
+* CVE-2012-2671
+* CVE-2012-2139
+* CVE-2012-1098
+* CVE-2007-6183
 
 ## Version 1.1.0
 
+* CVE-2014-1234
+* CVE-2014-1233
+* CVE-2013-5671
+* CVE-2013-4593
+* CVE-2013-4489
+* CVE-2013-4413
+* CVE-2013-2516
+* CVE-2013-2513
+* CVE-2013-2512
+* CVE-2013-1607
+* move is\_vulnerable\_version? and is\_vulnerable\_patchlevel? to an adhoc class handling version comparison
+* add @rubysec vulnerability database integration using rake
+* create a task to check for new CVE in NVD website
 * add a language check. It will handle a ruby script as input and a ruby\_parser line as unsafe pattern. It will compile the ruby and look for the unsafe pattern
 * add a check against deprecated ruby / gems version. I will handle MVC gems right now.
 

data/lib/codesake/dawn/kb/basic_check.rb

@@ -115,11 +115,22 @@ module Codesake
           fixes.each do |fv|
             fixes_v_array = fv.split(".").map! { |n| n.to_i }
 
+            debug_me "target_array = #{target_v_array}"
+            debug_me "fixes_array = #{fixes_v_array}"
             if target_v_array[0] == fixes_v_array[0]
               ret = true if target_v_array[1] < fixes_v_array[1] # same major but previous minor
               if target_v_array[1] == fixes_v_array[1] 
                 ret = true if target_v_array[2] < fixes_v_array[2] 
-                ret = false if target_v_array[2] >= fixes_v_array[2] 
+                # In order to support CVE-2013-7086 security check we must be able to 
+                # hande the 'fourth' version number -> 1.5.0.4 
+                debug_me "target array count = #{target_v_array.count}"
+                debug_me "fixes array count = #{fixes_v_array.count}"
+                debug_me "same patchlevel?: #{(target_v_array[2] == fixes_v_array[2])}"
+                if (target_v_array[2] == fixes_v_array[2]) && target_v_array.count == 4 && fixes_v_array.count == 4
+                  ret = true if target_v_array[3] < fixes_v_array[3]
+                  ret = false if target_v_array[3] >= fixes_v_array[3]
+                end
+                ret = false if target_v_array[2] > fixes_v_array[2] 
 
               end
             end

data/lib/codesake/dawn/kb/cve_2013_0256.rb

@@ -0,0 +1,61 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-01-14
+			class CVE_2013_0256_a
+
+        include DependencyCheck
+
+				def initialize
+          message = "CVE_2013_0256_b: rdoc gem is vulnerable"
+
+          super({
+            :name=>"CVE-2013-0256-b",
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+          })
+
+          self.safe_dependencies = [{:name=>"rdoc", :version=>['2.3.1', '3.13', '4.0.0']}]
+
+        end
+      end
+			class CVE_2013_0256_b
+        include RubyVersionCheck
+        def initialize
+          message = "CVE_2013_0256_b: ruby 1.9.x before 1.9.3-p383 and 2.0.0 before rc2 have problems"
+          super({
+            :name=>"CVE-2013-0256-b",
+            :kind=>Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
+          })
+          self.safe_rubies = [
+            {:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p383"}, 
+            {:engine=>"ruby", :version=>"2.0.0", :patchlevel=>"p0"}
+          ]
+        end
+
+
+      end
+
+			class CVE_2013_0256
+				include ComboCheck
+
+				def initialize
+          message = "darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL."
+          super({
+            :name=>"CVE-2013-0256",
+            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
+            :release_date => Date.new(2013, 3, 1),
+            :cwe=>"79",
+            :owasp=>"A3", 
+            :applies=>["sinatra", "padrino", "rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::COMBO_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade rdoc version at least to 2.3.1, 3.13 or 4.0.0. As a general rule, using the latest stable version is recommended.",
+            :aux_links=>["http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2"],
+            :checks=>[CVE_2013_0256_a.new, CVE_2013_0256_b.new]
+          })
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2013_0263.rb

@@ -0,0 +1,29 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-01-14
+			class CVE_2013_0263
+				include DependencyCheck
+
+				def initialize
+          message = "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time."
+           super({
+            :name=>"CVE-2013-0263",
+            :cvss=>"AV:N/AC:H/Au:N/C:P/I:P/A:P",
+            :release_date => Date.new(2013, 8, 2),
+            :cwe=>"",
+            :owasp=>"A9", 
+            :applies=>["sinatra", "padrino", "rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade rack version to 1.5.2, 1.4.5, 1.3.10, 1.2.8, 1.1.6 As a general rule, using the latest stable version is recommended.",
+            :aux_links=>["https://groups.google.com/forum/#%21msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ"]
+          })
+
+          self.safe_dependencies = [{:name=>"rack", :version=>['1.5.2', '1.4.5', '1.3.10', '1.2.8', '1.1.6']}]
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2013_2119.rb

@@ -0,0 +1,29 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-01-10
+			class CVE_2013_2119
+				include DependencyCheck
+
+				def initialize
+          message = "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem."
+           super({
+            :name=>"CVE-2013-2119",
+            :cvss=>"AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            :release_date => Date.new(2014, 1, 3),
+            :cwe=>"16",
+            :owasp=>"A9", 
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade passenger to version 3.0.21, 4.0.5 or above",
+            :aux_links=>["http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/", "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/"]
+          })
+
+          self.safe_dependencies = [{:name=>"passenger", :version=>['4.0.5', '3.0.21']}]
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2013_5647.rb

@@ -0,0 +1,30 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-01-14
+			class CVE_2013_5647
+				include DependencyCheck
+
+				def initialize
+          message = "lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename."
+
+         super({
+            :name=>"CVE-2013-5647",
+            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            :release_date => Date.new(2013, 8, 29),
+            :cwe=>"94",
+            :owasp=>"A9", 
+            :applies=>["sinatra", "padrino", "rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade sounder version up to 1.0.1. As a general rule, using the latest stable version is recommended.",
+            :aux_links=>["http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html"]
+          })
+
+          self.safe_dependencies = [{:name=>"sounder", :version=>['1.0.2']}]
+ 
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2013_6459.rb

@@ -0,0 +1,30 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-01-14
+			class CVE_2013_6459
+				include DependencyCheck
+
+				def initialize
+          message = "Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links."
+          
+          super({
+            :name=>"CVE-2013-6459",
+            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
+            :release_date => Date.new(2013, 12, 31),
+            :cwe=>"79",
+            :owasp=>"A3", 
+            :applies=>["sinatra", "padrino", "rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade will_paginage version to 3.0.5. As a general rule, using the latest stable version is recommended.",
+            :aux_links=>["https://github.com/mislav/will_paginate/releases/tag/v3.0.5"]
+          })
+
+          self.safe_dependencies = [{:name=>"will_paginate", :version=>['3.0.5']}]
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2013_7086.rb

@@ -0,0 +1,29 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-01-10
+			class CVE_2013_7086
+				include DependencyCheck
+
+				def initialize
+          message = "The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message."
+          super({
+            :name=>"CVE-2013-7086",
+            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            :release_date => Date.new(2013, 12, 19),
+            :cwe=>"94",
+            :owasp=>"A9", 
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade webbynode up to version 1.0.5.3",
+            :aux_links=>["http://xforce.iss.net/xforce/xfdb/89705"]
+          })
+
+          self.safe_dependencies = [{:name=>"webbynode", :version=>['1.0.5.4']}]
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/knowledge_base.rb

@@ -129,6 +129,8 @@ require "codesake/dawn/kb/cve_2013_0155"
 require "codesake/dawn/kb/cve_2013_0156"
 require "codesake/dawn/kb/cve_2013_0175"
 require "codesake/dawn/kb/cve_2013_0233"
+require "codesake/dawn/kb/cve_2013_0256"
+require "codesake/dawn/kb/cve_2013_0263"
 require "codesake/dawn/kb/cve_2013_0269"
 require "codesake/dawn/kb/cve_2013_0276"
 require "codesake/dawn/kb/cve_2013_0277"
@@ -154,6 +156,7 @@ require "codesake/dawn/kb/cve_2013_1947"
 require "codesake/dawn/kb/cve_2013_1948"
 require "codesake/dawn/kb/cve_2013_2065"
 require "codesake/dawn/kb/cve_2013_2090"
+require "codesake/dawn/kb/cve_2013_2119"
 require "codesake/dawn/kb/cve_2013_2615"
 require "codesake/dawn/kb/cve_2013_2616"
 require "codesake/dawn/kb/cve_2013_2617"
@@ -166,11 +169,17 @@ require "codesake/dawn/kb/cve_2013_4479"
 require "codesake/dawn/kb/cve_2013_4491"
 require "codesake/dawn/kb/cve_2013_4492"
 require "codesake/dawn/kb/cve_2013_4562"
+require "codesake/dawn/kb/cve_2013_5647"
 require "codesake/dawn/kb/cve_2013_6414"
 require "codesake/dawn/kb/cve_2013_6415"
 require "codesake/dawn/kb/cve_2013_6416"
 require "codesake/dawn/kb/cve_2013_6417"
 require "codesake/dawn/kb/cve_2013_6421"
+require "codesake/dawn/kb/cve_2013_6459"
+require "codesake/dawn/kb/cve_2013_7086"
+
+# CVE - 2014
+# require "codesake/dawn/kb/cve_2014_1234"
 
 
 module Codesake
@@ -323,6 +332,8 @@ module Codesake
           Codesake::Dawn::Kb::CVE_2013_0156.new,
           Codesake::Dawn::Kb::CVE_2013_0175.new,
           Codesake::Dawn::Kb::CVE_2013_0233.new,
+          Codesake::Dawn::Kb::CVE_2013_0256.new,
+          Codesake::Dawn::Kb::CVE_2013_0263.new,
           Codesake::Dawn::Kb::CVE_2013_0269.new,
           Codesake::Dawn::Kb::CVE_2013_0276.new,
           Codesake::Dawn::Kb::CVE_2013_0277.new,
@@ -348,6 +359,7 @@ module Codesake
           Codesake::Dawn::Kb::CVE_2013_1948.new, 
           Codesake::Dawn::Kb::CVE_2013_2065.new, 
           Codesake::Dawn::Kb::CVE_2013_2090.new, 
+          Codesake::Dawn::Kb::CVE_2013_2119.new, 
           Codesake::Dawn::Kb::CVE_2013_2615.new, 
           Codesake::Dawn::Kb::CVE_2013_2616.new, 
           Codesake::Dawn::Kb::CVE_2013_2617.new, 
@@ -360,11 +372,14 @@ module Codesake
           Codesake::Dawn::Kb::CVE_2013_4491.new,
           Codesake::Dawn::Kb::CVE_2013_4492.new,
           Codesake::Dawn::Kb::CVE_2013_4562.new, 
+          Codesake::Dawn::Kb::CVE_2013_5647.new, 
           Codesake::Dawn::Kb::CVE_2013_6414.new, 
           Codesake::Dawn::Kb::CVE_2013_6415.new, 
           Codesake::Dawn::Kb::CVE_2013_6416.new, 
           Codesake::Dawn::Kb::CVE_2013_6417.new, 
           Codesake::Dawn::Kb::CVE_2013_6421.new, 
+          Codesake::Dawn::Kb::CVE_2013_6459.new, 
+          Codesake::Dawn::Kb::CVE_2013_7086.new, 
 
         ]
       end

data/lib/codesake/dawn/version.rb

@@ -10,9 +10,9 @@ module Codesake
     # "Finn McMissile"  - v 1.3.0
     # "Fillmore"        - v 1.4.0
 
-    VERSION   = "1.0.0.rc1"
+    VERSION   = "1.0.0.rc2"
     CODENAME  = "Lightning McQueen"
-    RELEASE   = "20140110"
+    RELEASE   = "20140114"
 
   end
 end

data/spec/lib/dawn/codesake_knowledgebase_spec.rb

@@ -712,5 +712,35 @@ end
   sc = kb.find("CVE-2007-5162")
   sc.should_not   be_nil
   sc.class.should == Codesake::Dawn::Kb::CVE_2007_5162
+end
+  it "must have test for CVE-2013-2119" do
+  sc = kb.find("CVE-2013-2119")
+  sc.should_not   be_nil
+  sc.class.should == Codesake::Dawn::Kb::CVE_2013_2119
+end
+  it "must have test for CVE-2013-7086" do
+  sc = kb.find("CVE-2013-7086")
+  sc.should_not   be_nil
+  sc.class.should == Codesake::Dawn::Kb::CVE_2013_7086
+end
+  it "must have test for CVE-2013-6459" do
+  sc = kb.find("CVE-2013-6459")
+  sc.should_not   be_nil
+  sc.class.should == Codesake::Dawn::Kb::CVE_2013_6459
+end
+  it "must have test for CVE-2013-5647" do
+  sc = kb.find("CVE-2013-5647")
+  sc.should_not   be_nil
+  sc.class.should == Codesake::Dawn::Kb::CVE_2013_5647
+end
+  it "must have test for CVE-2013-0263" do
+  sc = kb.find("CVE-2013-0263")
+  sc.should_not   be_nil
+  sc.class.should == Codesake::Dawn::Kb::CVE_2013_0263
+end
+  it "must have test for CVE-2013-0256" do
+  sc = kb.find("CVE-2013-0256")
+  sc.should_not   be_nil
+  sc.class.should == Codesake::Dawn::Kb::CVE_2013_0256
 end
 end

data/spec/lib/kb/cve_2013_0256_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2013-0256 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_0256.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2013_0263_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2013-0263 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_0263.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2013_2119_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2013-2119 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_2119.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2013_5647_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2013-5647 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_5647.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2013_6459_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The CVE-2013-6459 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_6459.new
+		# @check.debug = true
+	end
+	it "needs some test..."
+end

data/spec/lib/kb/cve_2013_7086_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+describe "The CVE-2013-7086 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_7086.new
+		@check.debug = true
+	end
+	it "is detected for gem 1.0.5.3" do
+    @check.dependencies = [{:name=>"webbynode", :version=>'1.0.5.3'}]
+    @check.vuln?.should  be_true
+  end
+
+  it "is detected for gem 1.0.4.3" do
+    @check.dependencies = [{:name=>"webbynode", :version=>'1.0.4.3'}]
+    @check.vuln?.should  be_true
+  end
+
+  it "is not detected for gem 1.0.5.4" do
+    @check.dependencies = [{:name=>"webbynode", :version=>'1.0.5.4'}]
+    @check.vuln?.should  be_false
+  end
+
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: codesake-dawn
 version: !ruby/object:Gem::Version
-  version: 1.0.0.rc1
+  version: 1.0.0.rc2
 platform: ruby
 authors:
 - Paolo Perego
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-10 00:00:00.000000000 Z
+date: 2014-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: codesake-commons
@@ -324,6 +324,8 @@ files:
 - lib/codesake/dawn/kb/cve_2013_0156.rb
 - lib/codesake/dawn/kb/cve_2013_0175.rb
 - lib/codesake/dawn/kb/cve_2013_0233.rb
+- lib/codesake/dawn/kb/cve_2013_0256.rb
+- lib/codesake/dawn/kb/cve_2013_0263.rb
 - lib/codesake/dawn/kb/cve_2013_0269.rb
 - lib/codesake/dawn/kb/cve_2013_0276.rb
 - lib/codesake/dawn/kb/cve_2013_0277.rb
@@ -349,6 +351,7 @@ files:
 - lib/codesake/dawn/kb/cve_2013_1948.rb
 - lib/codesake/dawn/kb/cve_2013_2065.rb
 - lib/codesake/dawn/kb/cve_2013_2090.rb
+- lib/codesake/dawn/kb/cve_2013_2119.rb
 - lib/codesake/dawn/kb/cve_2013_2615.rb
 - lib/codesake/dawn/kb/cve_2013_2616.rb
 - lib/codesake/dawn/kb/cve_2013_2617.rb
@@ -361,11 +364,14 @@ files:
 - lib/codesake/dawn/kb/cve_2013_4491.rb
 - lib/codesake/dawn/kb/cve_2013_4492.rb
 - lib/codesake/dawn/kb/cve_2013_4562.rb
+- lib/codesake/dawn/kb/cve_2013_5647.rb
 - lib/codesake/dawn/kb/cve_2013_6414.rb
 - lib/codesake/dawn/kb/cve_2013_6415.rb
 - lib/codesake/dawn/kb/cve_2013_6416.rb
 - lib/codesake/dawn/kb/cve_2013_6417.rb
 - lib/codesake/dawn/kb/cve_2013_6421.rb
+- lib/codesake/dawn/kb/cve_2013_6459.rb
+- lib/codesake/dawn/kb/cve_2013_7086.rb
 - lib/codesake/dawn/kb/dependency_check.rb
 - lib/codesake/dawn/kb/nokogiri_dos_20131217.rb
 - lib/codesake/dawn/kb/nokogiri_entityexpansion_dos_20131217.rb
@@ -444,7 +450,13 @@ files:
 - spec/lib/kb/cve_2011_3009_spec.rb
 - spec/lib/kb/cve_2011_3187_spec.rb
 - spec/lib/kb/cve_2011_4319_spec.rb
+- spec/lib/kb/cve_2013_0256_spec.rb
+- spec/lib/kb/cve_2013_0263_spec.rb
 - spec/lib/kb/cve_2013_2090_spec.rb
+- spec/lib/kb/cve_2013_2119_spec.rb
+- spec/lib/kb/cve_2013_5647_spec.rb
+- spec/lib/kb/cve_2013_6459_spec.rb
+- spec/lib/kb/cve_2013_7086_spec.rb
 - spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
 - spec/spec_helper.rb
 homepage: http://dawn.codesake.com
@@ -534,6 +546,12 @@ test_files:
 - spec/lib/kb/cve_2011_3009_spec.rb
 - spec/lib/kb/cve_2011_3187_spec.rb
 - spec/lib/kb/cve_2011_4319_spec.rb
+- spec/lib/kb/cve_2013_0256_spec.rb
+- spec/lib/kb/cve_2013_0263_spec.rb
 - spec/lib/kb/cve_2013_2090_spec.rb
+- spec/lib/kb/cve_2013_2119_spec.rb
+- spec/lib/kb/cve_2013_5647_spec.rb
+- spec/lib/kb/cve_2013_6459_spec.rb
+- spec/lib/kb/cve_2013_7086_spec.rb
 - spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
 - spec/spec_helper.rb