codesake-dawn 1.0.3 → 1.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 55e45f0694c9d8e0b4e0475e3cee65a259ed12c3
-  data.tar.gz: e9361f5ffc986c29e65d7e366c4ab48c726450d0
+  metadata.gz: 914a2707ab6f6f0ddf7966e68d892631f10442e2
+  data.tar.gz: c699f50ca63a6faaa85ce13cf173cd00f0824e8a
 SHA512:
-  metadata.gz: 5abf4f9ad44b51c2c5d4fb4fe4d091fcc22455e2dd69ce1a978a1dd971c443ff929f01be40cf0ba49990b283e85eb8906aa45d581eeedcf6a4692be25a8c5d42
-  data.tar.gz: 39230e2a742133875462018cbc768690f3992a2e5edf76038380f415e587648123aa92f2e2cc1ea74649559091e4340e87d5f0b560ea11518dbb3426b3a468b0
+  metadata.gz: 3384ce19d54e70a4cda683b45840f6c77a78dabffc78507f5b734ed539f0b82d83c2a13578aa256e68aad31af159657080aa73e3f5edcef72193902a8adfc293
+  data.tar.gz: 9afe07268b10933f21dd169dd9bae01b9ceb3f668f475ea5a354cc43e93d096b4b502581f739cf4c834703e7f6458dee8808e70fa307af726d1915a41dc44a9d

data/Changelog.md

@@ -7,6 +7,24 @@ frameworks.
 
 _latest update: Fri Jan 24 07:57:58 CET 2014_
 
+## Version 1.0.4 - codename: Lightning McQueen (2014-03-14)
+
+* Backporting of some CVEs introduced in 2014 from the development branch.
+  Since it will take some time to improve dawn 1.1 and since I forgot to merge
+  some useful CVE released since January also in master, I do it know. Please
+  note that, due to a big change in DependencyCheck class the check against
+  CVE-2014-0080 will be only available with dawn 1.1.
+
+  Backported checks are:
+    + CVE-2014-1233: The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.
+    + CVE-2014-1234: The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.
+    + CVE-2014-0081: Multiple cross-site scripting (XSS) vulnerabilities in rails
+    + CVE-2014-0082: Denial of service in Rails before 3.2.17
+
+  New security checks are for Owasp ROR Cheatsheet:
+    + Check for safe redirect and forward
+    + Check for sensitive file
+
 ## Version 1.0.3 - codename: Lightning McQueen (2014-02-13)
 
 * Fixing issue #37. Now the rake task is successfully loaded when you require

data/KnowledgeBase.md

@@ -1,10 +1,21 @@
 # Codesake::Dawn Knowledge base
 
-The knowledge base library for Codesake::Dawn version 1.0.0 contains 142 security checks.
+The knowledge base library for Codesake::Dawn version 1.0.4 contains 152 security checks.
 ---
 * Not revised code: Analyzing comments, it seems your code is waiting from some review from you. Please consider take action before putting it in production.
 This check will analyze the source code looking for the following patterns: XXX, TO_CHECK, CHECKME, CHECK and FIXME
-* Owasp Ror Cheatsheet: This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from rails core.  The Rails framework abstracts developers from quite a bit of tedious work and provides the means to accomplish complex tasks quickly and with ease. New developers, those unfamiliar with the inner-workings of Rails, likely need a basic set of guidelines to secure fundamental aspects of their application. The intended purpose of this doc is to be that guide.
+* Owasp Ror CheatSheet: Command Injection: Ruby offers a function called "eval" which will dynamically build new Ruby code based on Strings. It also has a number of ways to call system commands. While the power of these commands is quite useful, extreme care should be taken when using them in a Rails based application. Usually, its just a bad idea. If need be, a whitelist of possible values should be used and any input should be validated as thoroughly as possible. The Ruby Security Reviewer's Guide has a section on injection and there are a number of OWASP references for it, starting at the top: Command Injection.
+* Owasp Ror CheatSheet: Cross Site Request Forgery: Ruby on Rails has specific, built in support for CSRF tokens. To enable it, or ensure that it is enabled, find the base ApplicationController and look for the protect_from_forgery directive. Note that by default Rails does not provide CSRF protection for any HTTP GET request.
+* Owasp Ror CheatSheet: Session management: By default, Ruby on Rails uses a Cookie based session store. What that means is that unless you change something, the session will not expire on the server. That means that some default applications may be vulnerable to replay attacks. It also means that sensitive information should never be put in the session.
+* Owasp Ror CheatSheet: Mass Assignement in model: Although the major issue with Mass Assignment has been fixed by default in base Rails specifically when generating new projects, it still applies to older and upgraded projects so it is important to understand the issue and to ensure that only attributes that are intended to be modifiable are exposed.
+* Owasp Ror CheatSheet: Security Related Headers: To set a header value, simply access the response.headers object as a hash inside your controller (often in a before/after_filter). Rails 4 provides the "default_headers" functionality that will automatically apply the values supplied. This works for most headers in almost all cases.
+* Owasp Ror CheatSheet: Check for safe redirect and forward:           Web applications often require the ability to dynamically redirect users based on client-supplied data. To clarify, dynamic redirection usually entails the client including a URL in a parameter within a request to the application. Once received by the application, the user is redirected to the URL specified in the request. For example:
+            http://www.example.com/redirect?url=http://www.example_commerce_site.com/checkout
+          The above request would redirect the user to http://www.example.com/checkout. The security concern associated with this functionality is leveraging an organization’s trusted brand to phish users and trick them into visiting a malicious site, in our example, “badhacker.com”. Example:
+            http://www.example.com/redirect?url=http://badhacker.com
+          The most basic, but restrictive protection is to use the :only_path option. Setting this to true will essentially strip out any host information.
+
+* Owasp Ror CheatSheet: Sensitive Files: Many Ruby on Rails apps are open source and hosted on publicly available source code repositories. Whether that is the case or the code is committed to a corporate source control system, there are certain files that should be either excluded or carefully managed.
 * Simple Form XSS - 20131129: There is a XSS vulnerability on Simple Form's label, hint and error options. When Simple Form creates a label, hint or error message it marks the text as being HTML safe, even though it may contain HTML tags. In applications where the text of these helpers can be provided by the users, malicious values can be provided and Simple Form will mark it as safe.
 * Nokogiri - Denial of service - 20131217: There is a vulnerability in Nokogiri when using JRuby where the parser can enter an infinite loop and exhaust the process memory. Nokogiri users on JRuby using the native Java extension.  Attackers can send XML documents with carefully crafted documents which can cause the XML processor to enter an infinite loop, causing the server to run out of memory and crash.
 * Nokogiri - Entity expasion denial of service - 20131217: There is an entity expansion vulnerability in Nokogiri when using JRuby. Nokogiri users on JRuby using the native Java extension.  Attackers can send
@@ -148,6 +159,10 @@ XML documents with carefully crafted entity expansion strings which can cause th
 * [CVE-2013-6421](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6421): The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path.
 * [CVE-2013-6459](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459): Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
 * [CVE-2013-7086](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7086): The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
+* [CVE-2014-1233](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1233): The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.
+* [CVE-2014-1234](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1234): The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.
+* [CVE-2014-0081](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081): Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
+* [CVE-2014-0082](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082): actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
 
 
-_Last updated: Tue 21 Jan 15:45:13 CET 2014_
+_Last updated: Fri 14 Mar 08:36:40 CET 2014_

data/lib/codesake/dawn/kb/cve_2014_0081.rb

@@ -0,0 +1,28 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-02-21
+			class CVE_2014_0081
+				include DependencyCheck
+
+				def initialize
+          message = "Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper."
+           super({
+            :name=>"CVE-2014-0081",
+            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
+            :release_date => Date.new(2014, 2, 20),
+            :cwe=>"79",
+            :owasp=>"A3", 
+            :applies=>["rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade rails version at least to 3.2.17, 4.0.3 or 4.1.0.beta2. As a general rule, using the latest stable rails version is recommended.",
+            :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ"]
+           })
+
+           self.safe_dependencies = [{:name=>"rails", :version=>['3.2.17', '4.0.3', '4.1.0.beta2', '3.1.99999', '3.0.99999', '2.99999.99999', '1.99999.99999']}]
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2014_0082.rb

@@ -0,0 +1,29 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-02-21
+			class CVE_2014_0082
+				include DependencyCheck
+
+				def initialize
+          message = "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers."
+
+           super({
+            :name=>"CVE-2014-0082",
+            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            :release_date => Date.new(2014, 2, 20),
+            :cwe=>"20",
+            :owasp=>"A9", 
+            :applies=>["rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade rails version at least to 3.2.17. As a general rule, using the latest stable rails version is recommended.",
+            :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"]
+           })
+
+           self.safe_dependencies = [{:name=>"rails", :version=>['3.2.17', '3.1.9999', '3.0.99999', '2.99999.99999', '1.99999.99999']}]
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2014_1233.rb

@@ -0,0 +1,29 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-02-05
+			class CVE_2014_1233
+				include DependencyCheck
+
+				def initialize
+          message = "The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process."
+
+          super({
+            :name=>"CVE-2014-1233",
+            :cvss=>"AV:L/AC:L/Au:N/C:P/I:N/A:N",
+            :release_date => Date.new(2014, 01, 10),
+            :cwe=>"200",
+            :owasp=>"A9", 
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade paratrooper-pingdom version up to version 1.0.0.",
+            :aux_links=>["http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html"]
+          })
+
+          self.safe_dependencies = [{:name=>"paratrooper-pingdom", :version=>['1.0.1']}]
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2014_1234.rb

@@ -0,0 +1,28 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-02-05
+			class CVE_2014_1234
+				include DependencyCheck
+
+				def initialize
+          message = "The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process."
+          super({
+            :name=>"CVE-2014-1234",
+            :cvss=>"AV:L/AC:L/Au:N/C:P/I:N/A:N",
+            :release_date => Date.new(2014, 01, 10),
+            :cwe=>"200",
+            :owasp=>"A9", 
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade paratrooper-newrelic version up to version 1.0.1.",
+            :aux_links=>["http://www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html"]
+          })
+
+          self.safe_dependencies = [{:name=>"paratrooper-newrelic", :version=>['1.0.2']}]
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb

@@ -0,0 +1,22 @@
+require 'anemone'
+require 'httpclient'
+
+
+# Yes, I was buit just for RubyDay 2012 talk demo
+#
+
+h=HTTPClient.new()
+Anemone.crawl(ARGV[0]) do |anemone|
+  anemone.on_every_page do |page|
+      response = h.get(page.url)
+      puts "Original: #{page.url}: #{response.code}"
+      response = h.get(page.url.to_s.split(";")[0].concat(".bak"))
+      puts "BAK: #{page.url.to_s.split(";")[0].concat(".bak")}: #{response.code}"
+      response = h.get(page.url.to_s.split(";")[0].concat(".old"))
+      puts "OLD: #{page.url.to_s.split(";")[0].concat(".old")}: #{response.code}"
+      response = h.get(page.url.to_s.split(";")[0].concat("~"))
+      puts "~: #{page.url.to_s.split(";")[0].concat("~")}: #{response.code}"
+  end
+end
+
+# http://localhost:8080/HacmeBooks

data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb

@@ -0,0 +1,45 @@
+module Codesake
+  module Dawn
+    module Kb
+      module OwaspRorCheatSheet
+
+        class CheckForSafeRedirectAndForward
+          include PatternMatchCheck
+
+          def initialize
+            message = <<EOT
+          Web applications often require the ability to dynamically redirect users based on client-supplied data. To clarify, dynamic redirection usually entails the client including a URL in a parameter within a request to the application. Once received by the application, the user is redirected to the URL specified in the request. For example:
+            http://www.example.com/redirect?url=http://www.example_commerce_site.com/checkout
+          The above request would redirect the user to http://www.example.com/checkout. The security concern associated with this functionality is leveraging an organization’s trusted brand to phish users and trick them into visiting a malicious site, in our example, “badhacker.com”. Example:
+            http://www.example.com/redirect?url=http://badhacker.com
+          The most basic, but restrictive protection is to use the :only_path option. Setting this to true will essentially strip out any host information.
+
+EOT
+
+            super({
+              :name=>"Owasp Ror CheatSheet: Check for safe redirect and forward",
+              :kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
+              :applies=>["rails"],
+              :glob=>"*.rb",
+              :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
+              :message=>message,
+              :attack_pattern => ["redirect_to"],
+              :mitigation=>"The most basic, but restrictive protection is to use the :only_path option. Setting this to true will essentially strip out any host information."
+            })
+            # @debug = true
+
+          end
+          def vuln?
+            super
+            ret = []
+            @evidences.each do |ev|
+              ret << ev unless ev[:matches].include? ":only_path => true"
+            end
+            @evidences = ret unless ret.empty?
+            return @evidences.empty?
+          end
+        end
+      end
+    end
+  end
+end

data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb

@@ -0,0 +1,29 @@
+module Codesake
+  module Dawn
+    module Kb
+      module OwaspRorCheatSheet
+
+        class SensitiveFiles
+          include PatternMatchCheck
+
+          def initialize
+            message = "Many Ruby on Rails apps are open source and hosted on publicly available source code repositories. Whether that is the case or the code is committed to a corporate source control system, there are certain files that should be either excluded or carefully managed." 
+
+            super({
+              :name=>"Owasp Ror CheatSheet: Sensitive Files",
+              :kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
+              :applies=>["rails"],
+              :glob=>".gitignore",
+              :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
+              :message=>message,
+              :attack_pattern => ["/config/database.yml", "/config/initializers/secret_token.rb", "/db/seeds.rb", "/db/*.sqlite3"],
+              :mitigation=>"Put sensitive files in your repository gitignore file"
+            })
+            # @debug = true
+
+          end
+        end
+      end
+    end
+  end
+end

data/lib/codesake/dawn/knowledge_base.rb

@@ -18,6 +18,8 @@ require 'codesake/dawn/kb/owasp_ror_cheatsheet/csrf'
 require 'codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database'
 require 'codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model'
 require 'codesake/dawn/kb/owasp_ror_cheatsheet/security_related_headers'
+require 'codesake/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward'
+require 'codesake/dawn/kb/owasp_ror_cheatsheet/sensitive_files'
 
 # Security checks with no or pending CVE
 
@@ -193,8 +195,11 @@ require "codesake/dawn/kb/cve_2013_6459"
 require "codesake/dawn/kb/cve_2013_7086"
 
 # CVE - 2014
-# require "codesake/dawn/kb/cve_2014_1234"
 
+require "codesake/dawn/kb/cve_2014_0081"
+require "codesake/dawn/kb/cve_2014_0082"
+require "codesake/dawn/kb/cve_2014_1233"
+require "codesake/dawn/kb/cve_2014_1234"
 
 module Codesake
   module Dawn
@@ -263,7 +268,8 @@ module Codesake
           Codesake::Dawn::Kb::OwaspRorCheatSheet::SessionStoredInDatabase.new,
           Codesake::Dawn::Kb::OwaspRorCheatSheet::MassAssignmentInModel.new, 
           Codesake::Dawn::Kb::OwaspRorCheatSheet::SecurityRelatedHeaders.new, 
-          # Codesake::Dawn::Kb::OwaspRorCheatsheet.new,
+          Codesake::Dawn::Kb::OwaspRorCheatSheet::CheckForSafeRedirectAndForward.new,
+          Codesake::Dawn::Kb::OwaspRorCheatSheet::SensitiveFiles.new,
           Codesake::Dawn::Kb::SimpleForm_Xss_20131129.new,
           Codesake::Dawn::Kb::NokogiriDos20131217.new,
           Codesake::Dawn::Kb::Nokogiri_EntityExpansion_Dos_20131217.new,
@@ -404,6 +410,10 @@ module Codesake
           Codesake::Dawn::Kb::CVE_2013_6421.new, 
           Codesake::Dawn::Kb::CVE_2013_6459.new, 
           Codesake::Dawn::Kb::CVE_2013_7086.new, 
+          Codesake::Dawn::Kb::CVE_2014_1233.new,
+          Codesake::Dawn::Kb::CVE_2014_1234.new,
+          Codesake::Dawn::Kb::CVE_2014_0081.new, 
+          Codesake::Dawn::Kb::CVE_2014_0082.new, 
 
         ]
       end

data/lib/codesake/dawn/version.rb

@@ -9,17 +9,17 @@ module Codesake
     #
     # Future releases
     #
-    # "Tow Mater"       
-    # "Finn McMissile"  
-    # "Fillmore"        
-    # "Holly Shiftwell" 
-    # "Guido"           
-    # "Luigi"           
+    # "Tow Mater"
+    # "Finn McMissile"
+    # "Fillmore"
+    # "Holly Shiftwell"
+    # "Guido"
+    # "Luigi"
 
-    VERSION   = "1.0.3"
+    VERSION   = "1.0.4"
     CODENAME  = "Lightning McQueen"
     # RELEASE   = "(development)"
-    RELEASE   = "20140213"
+    RELEASE   = "20140314"
 
   end
 end

data/spec/lib/kb/cve_2014_0081_spec.rb

@@ -0,0 +1,68 @@
+require 'spec_helper'
+describe "The CVE-2014-0081 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_0081.new
+		# @check.debug = true
+	end
+  it "affects version 3.2.16" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.16'}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 4.0.0" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.0'}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 4.0.2" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.2'}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 4.0.1" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.1'}]
+    @check.vuln?.should be_true
+  end
+
+  it "affects version 3.1.x" do
+    require 'securerandom'
+    rand = SecureRandom.random_number(9999)
+    version = "3.1.#{rand}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  
+  it "affects version 3.0.x" do
+    require 'securerandom'
+    rand = SecureRandom.random_number(9999)
+    version = "3.0.#{rand}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 2.x.y" do
+    require 'securerandom'
+    rand_min = SecureRandom.random_number(9999)
+    rand_patch = SecureRandom.random_number(9999)
+    version = "2.#{rand_min}.#{rand_patch}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 1.x.y" do
+    require 'securerandom'
+    rand_min = SecureRandom.random_number(9999)
+    rand_patch = SecureRandom.random_number(9999)
+    version = "1.#{rand_min}.#{rand_patch}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+
+  it "doesn't affect version 4.0.3" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.3'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 3.2.17" do 
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.17'}]
+    @check.vuln?.should be_false
+  end
+end

data/spec/lib/kb/cve_2014_0082_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+describe "The CVE-2014-0082 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_0082.new
+		# @check.debug = true
+	end
+  it "affects version 3.0.x" do
+    require 'securerandom'
+    rand = SecureRandom.random_number(9999)
+    version = "3.0.#{rand}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 2.x.y" do
+    require 'securerandom'
+    rand_min = SecureRandom.random_number(9999)
+    rand_patch = SecureRandom.random_number(9999)
+    version = "2.#{rand_min}.#{rand_patch}"
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 1.x.y" do
+    require 'securerandom'
+    rand_min = SecureRandom.random_number(9999)
+    rand_patch = SecureRandom.random_number(9999)
+    version = "1.#{rand_min}.#{rand_patch}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "doesn't affect version 4.0.2" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.2'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 4.0.1" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.1'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 4.0.0" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.0'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 4.0.3" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.3'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 3.2.17" do 
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.17'}]
+    @check.vuln?.should be_false
+  end
+end

data/spec/lib/kb/cve_2014_1233_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The CVE-2014-1233 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_1233.new
+		# @check.debug = true
+	end
+  it "is reported when a paratrooper-pingdom gem version 1.0.0 is detected" do
+    @check.dependencies = [{:name=>"paratrooper-pingdom", :version=>"1.0.0"}]
+    @check.vuln?.should   be_true
+  end
+  it "is not reported when a paratrooper-pingdom gem version 1.0.1 is detected" do
+    @check.dependencies = [{:name=>"paratrooper-pingdom", :version=>"1.0.1"}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/cve_2014_1234_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+describe "The CVE-2014-1234 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_1234.new
+		# @check.debug = true
+	end
+
+  it "is reported when a paratrooper-newrelic gem version 1.0.1 is detected" do
+    @check.dependencies = [{:name=>"paratrooper-newrelic", :version=>"1.0.1"}]
+    @check.vuln?.should   be_true
+  end
+  it "is not reported when a paratrooper-newrelic gem version 1.0.2 is detected" do
+    @check.dependencies = [{:name=>"paratrooper-newrelic", :version=>"1.0.2"}]
+    @check.vuln?.should   be_false
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: codesake-dawn
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.4
 platform: ruby
 authors:
 - Paolo Perego
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-13 00:00:00.000000000 Z
+date: 2014-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: codesake-commons
@@ -379,16 +379,23 @@ files:
 - lib/codesake/dawn/kb/cve_2013_6421.rb
 - lib/codesake/dawn/kb/cve_2013_6459.rb
 - lib/codesake/dawn/kb/cve_2013_7086.rb
+- lib/codesake/dawn/kb/cve_2014_0081.rb
+- lib/codesake/dawn/kb/cve_2014_0082.rb
+- lib/codesake/dawn/kb/cve_2014_1233.rb
+- lib/codesake/dawn/kb/cve_2014_1234.rb
 - lib/codesake/dawn/kb/dependency_check.rb
 - lib/codesake/dawn/kb/nokogiri_dos_20131217.rb
 - lib/codesake/dawn/kb/nokogiri_entityexpansion_dos_20131217.rb
 - lib/codesake/dawn/kb/not_revised_code.rb
 - lib/codesake/dawn/kb/operating_system_check.rb
 - lib/codesake/dawn/kb/owasp_ror_cheatsheet.rb
+- lib/codesake/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb
+- lib/codesake/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb
 - lib/codesake/dawn/kb/owasp_ror_cheatsheet/command_injection.rb
 - lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb
 - lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb
 - lib/codesake/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb
+- lib/codesake/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb
 - lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb
 - lib/codesake/dawn/kb/pattern_match_check.rb
 - lib/codesake/dawn/kb/ruby_version_check.rb
@@ -429,6 +436,10 @@ files:
 - spec/lib/kb/cve_2013_5647_spec.rb
 - spec/lib/kb/cve_2013_6459_spec.rb
 - spec/lib/kb/cve_2013_7086_spec.rb
+- spec/lib/kb/cve_2014_0081_spec.rb
+- spec/lib/kb/cve_2014_0082_spec.rb
+- spec/lib/kb/cve_2014_1233_spec.rb
+- spec/lib/kb/cve_2014_1234_spec.rb
 - spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
 - spec/spec_helper.rb
 homepage: http://dawn.codesake.com
@@ -450,7 +461,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.1
+rubygems_version: 2.1.11
 signing_key: 
 specification_version: 4
 summary: dawn is a security static source code analyzer for sinatra, padrino and ruby
@@ -488,5 +499,9 @@ test_files:
 - spec/lib/kb/cve_2013_5647_spec.rb
 - spec/lib/kb/cve_2013_6459_spec.rb
 - spec/lib/kb/cve_2013_7086_spec.rb
+- spec/lib/kb/cve_2014_0081_spec.rb
+- spec/lib/kb/cve_2014_0082_spec.rb
+- spec/lib/kb/cve_2014_1233_spec.rb
+- spec/lib/kb/cve_2014_1234_spec.rb
 - spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
 - spec/spec_helper.rb