codesake-dawn 1.2.0 → 1.2.99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +1 -1
  3. data.tar.gz.sig +0 -0
  4. data/Changelog.md +5 -0
  5. data/README.md +1 -1
  6. data/checksum/codesake-dawn-1.2.0.gem.sha512 +1 -0
  7. data/codesake-dawn.gemspec +7 -4
  8. data/lib/codesake/dawn/sinatra.rb +2 -1
  9. data/lib/codesake/dawn/version.rb +2 -2
  10. metadata +51 -52
  11. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e522602b2fa152943afdffcd24542df92560031d
4
- data.tar.gz: e6e6ec7e1b4ee9bdbc8ddbe44f89664a685022a0
3
+ metadata.gz: 95dce45134e3321ecc1d89800a0dbe4a3ae6b743
4
+ data.tar.gz: 58c106ebf872601bbf42bd0a2fa0dabf8f999fc3
5
5
  SHA512:
6
- metadata.gz: cebd297a2651ce699f417ee3c392015cd816b51a94c7af558955fee6e87f3e7b640ea022919de994a0efbd568234f933a1089f4cda9e3b8d7332b6056e95ee37
7
- data.tar.gz: 8b2227e6e41eed184e85e91d0e116cc3571c64fa0510b2685fa892ab0f58a447ed258aa80b361356d71b0d4ecc41bbffaea5e54e2644cde3094ec9799e5d4b29
6
+ metadata.gz: 0770f10e626d85e2b13e3314cac0131375d11bb4be856056f7f23cddb7e3a2c2f6c162f2f956ca1563c93f938e97cb4c5649218a0cb1a591bce297d82fc593ee
7
+ data.tar.gz: fd434cc8bd28e8ed90f9ad484f02d1d635136e0269ba27ccf79a5d538446ec957a5d4f97d618240d449017c4c5ffaa69413c0800b140849ced66b44570be591a
checksums.yaml.gz.sig CHANGED
@@ -1 +1 @@
1
- f�����Ә��DjxtMh���W�������.s)=�\��ג���� o݃�/[b�aE7�Z����$�7TIѕ�T5\=�Z��~;�$ֆ����l?B<��G��q[�6���^��]�R+�5˧��ۨ�;�
1
+ �W�)v}k�[m�OX�� �ֱ
data.tar.gz.sig CHANGED
Binary file
data/Changelog.md CHANGED
@@ -7,6 +7,11 @@ frameworks.
7
7
 
8
8
  _latest update: Fri Jul 11 18:06:30 CEST 2014_
9
9
 
10
+ ## Version 1.2.99 - codename: Lightning McQueen (2015-01-07)
11
+
12
+ * Add a deprecation message. This is the last codesake-dawn release. New gem
13
+ will be called dawnscanner.
14
+
10
15
  ## Version 1.2.0 - codename: Lightning McQueen (2014-07-14)
11
16
 
12
17
  * Adding a check for OSVDB-108569: information disclosure in backup_checksum
data/README.md CHANGED
@@ -22,7 +22,7 @@ MVC (Model View Controller) frameworks, like:
22
22
 
23
23
  ---
24
24
 
25
- Codesake::Dawn version 1.1 has 171 security checks loaded in its knowledge
25
+ Codesake::Dawn version 1.2 has 180 security checks loaded in its knowledge
26
26
  base. Most of them are CVE bulletins applying to gems or the ruby interpreter
27
27
  itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.
28
28
 
data/checksum/codesake-dawn-1.2.0.gem.sha512 ADDED
@@ -0,0 +1 @@
1
+ d4b0aba5ecc9277c7994170065199c3fc37c04fbb31bad844339d8b9a2c6cab162664140d5bbafae61e0c33a2e44cb4ac2ffa909b0bd59ff945c8e908fa6975d
data/codesake-dawn.gemspec CHANGED
@@ -8,8 +8,8 @@ Gem::Specification.new do |gem|
8
8
  gem.version = Codesake::Dawn::VERSION
9
9
  gem.authors = ["Paolo Perego"]
10
10
  gem.email = ["paolo@codesake.com"]
11
- gem.description = %q{Codesake::Dawn is a security source code scanner for ruby powered code. It is especially designed for web applications, but it works also with general purpose ruby scripts. Codesake::Dawn supports all major MVC frameworks like ruby on rails, padrino and sinatra; it provides more than 150 security checks with their own mitigation suggestion.}
12
- gem.summary = %q{Codesake::Dawn is a security source code scanner for ruby powered code. It is crafted with love to make your sinatra, padrino and ruby on rails web applications secure.}
11
+ gem.description = %q{Codesake::Dawn is a security source code scanner for ruby powered code. Starting from January 07, 2015 this gem is renamed to dawnscanner and this version is no longer supported. Please, upgrade your Gemfile.}
12
+ gem.summary = %q{Codesake::Dawn is a security source code scanner for ruby powered code. Starting from January 07, 2015 this gem is renamed to dawnscanner and this version is no longer supported. Please, upgrade your Gemfile.}
13
13
  gem.homepage = "http://dawn.codesake.com"
14
14
 
15
15
  gem.files = `git ls-files`.split($/)
@@ -19,8 +19,11 @@ Gem::Specification.new do |gem|
19
19
 
20
20
  gem.cert_chain = ['certs/paolo_at_codesake_dot_com.pem']
21
21
  gem.signing_key = File.expand_path("~/.ssh/paolo_at_codesake_dot_com-private_key.pem") if $0 =~ /gem\z/
22
- gem.post_install_message = "Thank you for installing \"dawn\", a security source code scanner for Ruby. Start securing your code by running \"dawn project_folder\" right now or just run \"dawn --help\" if you want to explore all possible command line flags.\n\n**PLEASE READ THIS** On November 1st, 2014 codesake-dawn gem will change the name in 'dawn'. On this date the first 'dawn' gem will be published and 'codesake-dawn' will be just a placeholder requiring the new gem."
23
-
22
+ gem.post_install_message = <<-MESSAGE
23
+ ! The 'codesake-dawn' gem has been deprecated and has been replaced by 'dawnscanner'.
24
+ ! See: https://rubygems.org/gems/dawnscanner
25
+ ! And: https://github.com/thesp0nge/dawnscanner
26
+ MESSAGE
24
27
  gem.required_ruby_version = '>= 1.9.2'
25
28
 
26
29
  gem.add_dependency "codesake-commons", "~> 1.0.0"
data/lib/codesake/dawn/sinatra.rb CHANGED
@@ -19,7 +19,7 @@ module Codesake
19
19
  error! if self.appname == ""
20
20
  @views = detect_views
21
21
  @sinks = detect_sinks(self.appname) unless self.appname == ""
22
- @reflected_xss = detect_reflected_xss unless self.appname == ""
22
+ @reflected_xss = detect_reflected_xss unless self.appname == "" || !@views
23
23
  @mount_point = (mp.nil?)? "" : mp
24
24
  end
25
25
 
@@ -117,6 +117,7 @@ module Codesake
117
117
 
118
118
  def detect_views
119
119
  return build_view_array(File.join(self.target, "views")) if File.exist?(File.join(self.target, "views"))
120
+ []
120
121
  end
121
122
 
122
123
  # e = Haml::Engine.new(File.read(template))
data/lib/codesake/dawn/version.rb CHANGED
@@ -19,10 +19,10 @@ module Codesake
19
19
  # | "Luigi" | 7.0.0 |
20
20
  # | "Doc Hudson" | 8.0.0 |
21
21
 
22
- VERSION = "1.2.0"
22
+ VERSION = "1.2.99"
23
23
  CODENAME = "Lightning McQueen"
24
24
  # RELEASE = "(development)"
25
- RELEASE = "20140714"
25
+ RELEASE = "20150107"
26
26
 
27
27
  end
28
28
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: codesake-dawn
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.2.99
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paolo Perego
@@ -30,237 +30,235 @@ cert_chain:
30
30
  Fh7BfxFDBZdj1mI2V+I+IYYMPKIouvwX3r7NTZgZ4TYuKVpOk9VSCxzhrPhnl4kb
31
31
  1LyVQIFlhF6nL0casp0ixer8N60=
32
32
  -----END CERTIFICATE-----
33
- date: 2014-07-14 00:00:00.000000000 Z
33
+ date: 2015-01-07 00:00:00.000000000 Z
34
34
  dependencies:
35
35
  - !ruby/object:Gem::Dependency
36
36
  name: codesake-commons
37
37
  requirement: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - ~>
39
+ - - "~>"
40
40
  - !ruby/object:Gem::Version
41
41
  version: 1.0.0
42
42
  type: :runtime
43
43
  prerelease: false
44
44
  version_requirements: !ruby/object:Gem::Requirement
45
45
  requirements:
46
- - - ~>
46
+ - - "~>"
47
47
  - !ruby/object:Gem::Version
48
48
  version: 1.0.0
49
49
  - !ruby/object:Gem::Dependency
50
50
  name: cvss
51
51
  requirement: !ruby/object:Gem::Requirement
52
52
  requirements:
53
- - - '>='
53
+ - - ">="
54
54
  - !ruby/object:Gem::Version
55
55
  version: '0'
56
56
  type: :runtime
57
57
  prerelease: false
58
58
  version_requirements: !ruby/object:Gem::Requirement
59
59
  requirements:
60
- - - '>='
60
+ - - ">="
61
61
  - !ruby/object:Gem::Version
62
62
  version: '0'
63
63
  - !ruby/object:Gem::Dependency
64
64
  name: haml
65
65
  requirement: !ruby/object:Gem::Requirement
66
66
  requirements:
67
- - - '>='
67
+ - - ">="
68
68
  - !ruby/object:Gem::Version
69
69
  version: '0'
70
70
  type: :runtime
71
71
  prerelease: false
72
72
  version_requirements: !ruby/object:Gem::Requirement
73
73
  requirements:
74
- - - '>='
74
+ - - ">="
75
75
  - !ruby/object:Gem::Version
76
76
  version: '0'
77
77
  - !ruby/object:Gem::Dependency
78
78
  name: parser
79
79
  requirement: !ruby/object:Gem::Requirement
80
80
  requirements:
81
- - - '>='
81
+ - - ">="
82
82
  - !ruby/object:Gem::Version
83
83
  version: '0'
84
84
  type: :runtime
85
85
  prerelease: false
86
86
  version_requirements: !ruby/object:Gem::Requirement
87
87
  requirements:
88
- - - '>='
88
+ - - ">="
89
89
  - !ruby/object:Gem::Version
90
90
  version: '0'
91
91
  - !ruby/object:Gem::Dependency
92
92
  name: ptools
93
93
  requirement: !ruby/object:Gem::Requirement
94
94
  requirements:
95
- - - '>='
95
+ - - ">="
96
96
  - !ruby/object:Gem::Version
97
97
  version: '0'
98
98
  type: :runtime
99
99
  prerelease: false
100
100
  version_requirements: !ruby/object:Gem::Requirement
101
101
  requirements:
102
- - - '>='
102
+ - - ">="
103
103
  - !ruby/object:Gem::Version
104
104
  version: '0'
105
105
  - !ruby/object:Gem::Dependency
106
106
  name: ruby_parser
107
107
  requirement: !ruby/object:Gem::Requirement
108
108
  requirements:
109
- - - '>='
109
+ - - ">="
110
110
  - !ruby/object:Gem::Version
111
111
  version: '0'
112
112
  type: :runtime
113
113
  prerelease: false
114
114
  version_requirements: !ruby/object:Gem::Requirement
115
115
  requirements:
116
- - - '>='
116
+ - - ">="
117
117
  - !ruby/object:Gem::Version
118
118
  version: '0'
119
119
  - !ruby/object:Gem::Dependency
120
120
  name: sys-uname
121
121
  requirement: !ruby/object:Gem::Requirement
122
122
  requirements:
123
- - - '>='
123
+ - - ">="
124
124
  - !ruby/object:Gem::Version
125
125
  version: '0'
126
126
  type: :runtime
127
127
  prerelease: false
128
128
  version_requirements: !ruby/object:Gem::Requirement
129
129
  requirements:
130
- - - '>='
130
+ - - ">="
131
131
  - !ruby/object:Gem::Version
132
132
  version: '0'
133
133
  - !ruby/object:Gem::Dependency
134
134
  name: grit
135
135
  requirement: !ruby/object:Gem::Requirement
136
136
  requirements:
137
- - - '>='
137
+ - - ">="
138
138
  - !ruby/object:Gem::Version
139
139
  version: '0'
140
140
  type: :runtime
141
141
  prerelease: false
142
142
  version_requirements: !ruby/object:Gem::Requirement
143
143
  requirements:
144
- - - '>='
144
+ - - ">="
145
145
  - !ruby/object:Gem::Version
146
146
  version: '0'
147
147
  - !ruby/object:Gem::Dependency
148
148
  name: terminal-table
149
149
  requirement: !ruby/object:Gem::Requirement
150
150
  requirements:
151
- - - '>='
151
+ - - ">="
152
152
  - !ruby/object:Gem::Version
153
153
  version: '0'
154
154
  type: :runtime
155
155
  prerelease: false
156
156
  version_requirements: !ruby/object:Gem::Requirement
157
157
  requirements:
158
- - - '>='
158
+ - - ">="
159
159
  - !ruby/object:Gem::Version
160
160
  version: '0'
161
161
  - !ruby/object:Gem::Dependency
162
162
  name: justify
163
163
  requirement: !ruby/object:Gem::Requirement
164
164
  requirements:
165
- - - '>='
165
+ - - ">="
166
166
  - !ruby/object:Gem::Version
167
167
  version: '0'
168
168
  type: :runtime
169
169
  prerelease: false
170
170
  version_requirements: !ruby/object:Gem::Requirement
171
171
  requirements:
172
- - - '>='
172
+ - - ">="
173
173
  - !ruby/object:Gem::Version
174
174
  version: '0'
175
175
  - !ruby/object:Gem::Dependency
176
176
  name: coveralls
177
177
  requirement: !ruby/object:Gem::Requirement
178
178
  requirements:
179
- - - '>='
179
+ - - ">="
180
180
  - !ruby/object:Gem::Version
181
181
  version: '0'
182
182
  type: :runtime
183
183
  prerelease: false
184
184
  version_requirements: !ruby/object:Gem::Requirement
185
185
  requirements:
186
- - - '>='
186
+ - - ">="
187
187
  - !ruby/object:Gem::Version
188
188
  version: '0'
189
189
  - !ruby/object:Gem::Dependency
190
190
  name: rake
191
191
  requirement: !ruby/object:Gem::Requirement
192
192
  requirements:
193
- - - '>='
193
+ - - ">="
194
194
  - !ruby/object:Gem::Version
195
195
  version: '0'
196
196
  type: :development
197
197
  prerelease: false
198
198
  version_requirements: !ruby/object:Gem::Requirement
199
199
  requirements:
200
- - - '>='
200
+ - - ">="
201
201
  - !ruby/object:Gem::Version
202
202
  version: '0'
203
203
  - !ruby/object:Gem::Dependency
204
204
  name: rspec
205
205
  requirement: !ruby/object:Gem::Requirement
206
206
  requirements:
207
- - - '>='
207
+ - - ">="
208
208
  - !ruby/object:Gem::Version
209
209
  version: '0'
210
210
  type: :development
211
211
  prerelease: false
212
212
  version_requirements: !ruby/object:Gem::Requirement
213
213
  requirements:
214
- - - '>='
214
+ - - ">="
215
215
  - !ruby/object:Gem::Version
216
216
  version: '0'
217
217
  - !ruby/object:Gem::Dependency
218
218
  name: tomdoc
219
219
  requirement: !ruby/object:Gem::Requirement
220
220
  requirements:
221
- - - '>='
221
+ - - ">="
222
222
  - !ruby/object:Gem::Version
223
223
  version: '0'
224
224
  type: :development
225
225
  prerelease: false
226
226
  version_requirements: !ruby/object:Gem::Requirement
227
227
  requirements:
228
- - - '>='
228
+ - - ">="
229
229
  - !ruby/object:Gem::Version
230
230
  version: '0'
231
231
  - !ruby/object:Gem::Dependency
232
232
  name: aruba
233
233
  requirement: !ruby/object:Gem::Requirement
234
234
  requirements:
235
- - - '>='
235
+ - - ">="
236
236
  - !ruby/object:Gem::Version
237
237
  version: '0'
238
238
  type: :development
239
239
  prerelease: false
240
240
  version_requirements: !ruby/object:Gem::Requirement
241
241
  requirements:
242
- - - '>='
242
+ - - ">="
243
243
  - !ruby/object:Gem::Version
244
244
  version: '0'
245
245
  - !ruby/object:Gem::Dependency
246
246
  name: simplecov
247
247
  requirement: !ruby/object:Gem::Requirement
248
248
  requirements:
249
- - - '>='
249
+ - - ">="
250
250
  - !ruby/object:Gem::Version
251
251
  version: '0'
252
252
  type: :development
253
253
  prerelease: false
254
254
  version_requirements: !ruby/object:Gem::Requirement
255
255
  requirements:
256
- - - '>='
256
+ - - ">="
257
257
  - !ruby/object:Gem::Version
258
258
  version: '0'
259
259
  description: Codesake::Dawn is a security source code scanner for ruby powered code.
260
- It is especially designed for web applications, but it works also with general purpose
261
- ruby scripts. Codesake::Dawn supports all major MVC frameworks like ruby on rails,
262
- padrino and sinatra; it provides more than 150 security checks with their own mitigation
263
- suggestion.
260
+ Starting from January 07, 2015 this gem is renamed to dawnscanner and this version
261
+ is no longer supported. Please, upgrade your Gemfile.
264
262
  email:
265
263
  - paolo@codesake.com
266
264
  executables:
@@ -268,10 +266,10 @@ executables:
268
266
  extensions: []
269
267
  extra_rdoc_files: []
270
268
  files:
271
- - .gitignore
272
- - .ruby-gemset
273
- - .ruby-version
274
- - .travis.yml
269
+ - ".gitignore"
270
+ - ".ruby-gemset"
271
+ - ".ruby-version"
272
+ - ".travis.yml"
275
273
  - Changelog.md
276
274
  - Gemfile
277
275
  - KnowledgeBase.md
@@ -287,6 +285,7 @@ files:
287
285
  - checksum/codesake-dawn-1.1.1.gem.sha512
288
286
  - checksum/codesake-dawn-1.1.2.gem.sha512
289
287
  - checksum/codesake-dawn-1.1.3.gem.sha512
288
+ - checksum/codesake-dawn-1.2.0.gem.sha512
290
289
  - codesake-dawn.gemspec
291
290
  - doc/codesake-dawn.yaml.sample
292
291
  - doc/dawn_1_0_announcement.md
@@ -570,31 +569,31 @@ files:
570
569
  homepage: http://dawn.codesake.com
571
570
  licenses: []
572
571
  metadata: {}
573
- post_install_message: |-
574
- Thank you for installing "dawn", a security source code scanner for Ruby. Start securing your code by running "dawn project_folder" right now or just run "dawn --help" if you want to explore all possible command line flags.
575
-
576
- **PLEASE READ THIS** On November 1st, 2014 codesake-dawn gem will change the name in 'dawn'. On this date the first 'dawn' gem will be published and 'codesake-dawn' will be just a placeholder requiring the new gem.
572
+ post_install_message: |
573
+ ! The 'codesake-dawn' gem has been deprecated and has been replaced by 'dawnscanner'.
574
+ ! See: https://rubygems.org/gems/dawnscanner
575
+ ! And: https://github.com/thesp0nge/dawnscanner
577
576
  rdoc_options: []
578
577
  require_paths:
579
578
  - lib
580
579
  required_ruby_version: !ruby/object:Gem::Requirement
581
580
  requirements:
582
- - - '>='
581
+ - - ">="
583
582
  - !ruby/object:Gem::Version
584
583
  version: 1.9.2
585
584
  required_rubygems_version: !ruby/object:Gem::Requirement
586
585
  requirements:
587
- - - '>='
586
+ - - ">="
588
587
  - !ruby/object:Gem::Version
589
588
  version: '0'
590
589
  requirements: []
591
590
  rubyforge_project:
592
- rubygems_version: 2.1.11
591
+ rubygems_version: 2.2.2
593
592
  signing_key:
594
593
  specification_version: 4
595
- summary: Codesake::Dawn is a security source code scanner for ruby powered code. It
596
- is crafted with love to make your sinatra, padrino and ruby on rails web applications
597
- secure.
594
+ summary: Codesake::Dawn is a security source code scanner for ruby powered code. Starting
595
+ from January 07, 2015 this gem is renamed to dawnscanner and this version is no
596
+ longer supported. Please, upgrade your Gemfile.
598
597
  test_files:
599
598
  - features/dawn_complains_about_an_incorrect_command_line.feature.disabled
600
599
  - features/dawn_scan_a_secure_sinatra_app.feature.disabled
metadata.gz.sig CHANGED
Binary file