dawnscanner 1.2.99

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in codesake_dawn.gemspec
+gemspec

data/KnowledgeBase.md

@@ -0,0 +1,213 @@
+# Codesake::Dawn Knowledge base
+
+The knowledge base library for Codesake::Dawn version 1.2.0 contains 180 security checks.
+---
+* Simple Form XSS - 20131129: There is a XSS vulnerability on Simple Form's label, hint and error options. When Simple Form creates a label, hint or error message it marks the text as being HTML safe, even though it may contain HTML tags. In applications where the text of these helpers can be provided by the users, malicious values can be provided and Simple Form will mark it as safe.
+* [CVE-2004-0755](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0755): The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
+* [CVE-2004-0983](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983): The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
+* [CVE-2005-1992](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1992): The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
+* [CVE-2005-2337](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2337): Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
+* [CVE-2006-1931](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931): The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
+* [CVE-2006-2582](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2582): The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors.
+* [CVE-2006-3694](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694): Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
+* [CVE-2006-4112](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112): Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.
+* [CVE-2006-5467](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5467): The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
+* [CVE-2006-6303](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303): The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
+* [CVE-2006-6852](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6852): Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.20061127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information.
+* [CVE-2006-6979](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6979): The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.
+* [CVE-2007-0469](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0469): The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.
+* [CVE-2007-5162](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5162): The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
+* [CVE-2007-5379](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379): Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.
+* [CVE-2007-5380](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380): Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
+* [CVE-2007-5770](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5770): The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
+* [CVE-2007-6077](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077): The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380. It has been reviewed in 2012 and it affects also 2.3.x, 3.0.x and 3.1.x.
+* [CVE-2007-6612](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6612): Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e").
+* [CVE-2008-1145](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1145): Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash () path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
+* [CVE-2008-1891](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1891): Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option.
+* [CVE-2008-2376](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2376): Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
+* [CVE-2008-2662](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662): Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
+* [CVE-2008-2663](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663): Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
+* [CVE-2008-2664](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664): The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
+* [CVE-2008-2725](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725): Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.
+* [CVE-2008-3655](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655): Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
+* [CVE-2008-3657](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657): The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
+* [CVE-2008-3790](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790): The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
+* [CVE-2008-3905](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905): resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
+* [CVE-2008-4094](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094): Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
+* [CVE-2008-4310](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4310): httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
+* [CVE-2008-5189](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189): CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
+* [CVE-2008-7248](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248): Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
+* [CVE-2009-4078](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4078): Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
+* [CVE-2009-4124](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4124): Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.
+* [CVE-2009-4214](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214): Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.
+* [CVE-2010-1330](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1330): The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
+* [CVE-2010-2489](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2489): Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files
+* [CVE-2010-3933](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3933): Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
+* [CVE-2011-0188](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0188): The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."
+* [CVE-2011-0446](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446): Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value. Please note that victim must voluntarily interact with attack mechanism
+* [CVE-2011-0447](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447): Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696.
+* [CVE-2011-0739](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0739): The deliver function in the sendmail delivery agent (lib/mail/network/delivery_methods/sendmail.rb) in Ruby Mail gem 2.2.14 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail address.
+* [CVE-2011-0995](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0995): The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
+* [CVE-2011-1004](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1004): The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
+* [CVE-2011-1005](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1005): The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
+* [CVE-2011-2197](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2197): The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.
+* [CVE-2011-2686](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2686): Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
+* [CVE-2011-2705](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2705): The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
+* [CVE-2011-2929](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2929): The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."
+* [CVE-2011-2930](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930): Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.
+* [CVE-2011-2931](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931): Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.
+* [CVE-2011-2932](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932): Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."
+* [CVE-2011-3009](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3009): Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
+* [CVE-2011-3186](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186): CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.
+* [CVE-2011-3187](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3187): The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.
+* [CVE-2011-4319](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4319): Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring.
+* [CVE-2011-4815](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4815): Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
+* [CVE-2011-5036](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5036): Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
+* [CVE-2012-1098](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098): Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.
+* [CVE-2012-1099](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099): Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.
+* [CVE-2012-1241](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1241): GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document.
+* [CVE-2012-2139](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2139): Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
+* [CVE-2012-2140](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2140): The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
+* [CVE-2012-2660](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2660): actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694.
+* [CVE-2012-2661](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661): The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.
+* [CVE-2012-2671](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2671): The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache.
+* [CVE-2012-2694](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2694): actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660.
+* [CVE-2012-2695](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2695): The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.
+* [CVE-2012-3424](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3424): The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method.
+* [CVE-2012-3463](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3463): Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper.
+* [CVE-2012-3464](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464): Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.
+* [CVE-2012-3465](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465): Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
+* [CVE-2012-4464](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4464): Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.
+* [CVE-2012-4466](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4466): Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.
+* [CVE-2012-4481](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4481): The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
+* [CVE-2012-4522](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4522): The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
+* [CVE-2012-5370](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5370): JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.
+* [CVE-2012-5371](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5371): Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815.
+* [CVE-2012-5380](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5380): ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C: directory, might allow local users to gain privileges via a Trojan horse DLL in the C:Ruby193in directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation.
+* [CVE-2012-6109](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6109): lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
+* [CVE-2012-6134](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6134): Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
+* [CVE-2012-6496](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496): SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.
+* [CVE-2012-6497](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497): The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.
+* [CVE-2013-0155](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155): Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
+* [CVE-2013-0156](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156): active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
+* [CVE-2013-0162](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0162): The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
+* [CVE-2013-0175](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0175): multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
+* [CVE-2013-0183](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0183): multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
+* [CVE-2013-0184](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0184): Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
+* [CVE-2013-0233](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0233): Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
+* [CVE-2013-0256](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0256): darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
+* [CVE-2013-0262](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0262): rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
+* [CVE-2013-0263](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0263): Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.
+* [CVE-2013-0269](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269): The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability."
+* [CVE-2013-0276](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276): ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
+* [CVE-2013-0277](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277): ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
+* [CVE-2013-0284](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0284): Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.
+* [CVE-2013-0285](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0285): The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
+* [CVE-2013-0333](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333): lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
+* [CVE-2013-1607](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1607): PDFKit Gem for Ruby contains a flaw that is due to the program failing to properly validate input during the handling of parameters when generating PDF files. This may allow a remote attacker to potentially execute arbitrary code via the pdfkit generation options.
+* [CVE-2013-1655](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655): Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when
+          running Ruby 1.9.3 or later, allows remote attackers to execute
+          arbitrary code via vectors related to "serialized attributes."
+* [CVE-2013-1656](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1656): Spree Commerce 1.0.x through 1.3.2 allow remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/controllers/spree/admin/payment_methods_controller.rb; and the (2) promotion_action parameter to promotion_actions_controller.rb, (3) promotion_rule parameter to promotion_rules_controller.rb, and (4) calculator_type parameter to promotions_controller.rb in promo/app/controllers/spree/admin/, related to unsafe use of the constantize function.
+* [CVE-2013-1756](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1756): Dragonfly Gem for Ruby contains a flaw that is triggered during the parsing of a specially crafted request. This may allow a remote attacker to execute arbitrary code.
+* [CVE-2013-1800](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1800): The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
+* [CVE-2013-1801](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1801): The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
+* [CVE-2013-1802](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1802): The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
+* [CVE-2013-1812](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1812): The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
+* [CVE-2013-1821](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821): lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 and 2.0.0-p0 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
+* [CVE-2013-1854](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854): The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
+* [CVE-2013-1855](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855): The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
+* [CVE-2013-1856](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1856): The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference.
+* [CVE-2013-1857](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857): The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.
+* [CVE-2013-1875](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1875): command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename.
+* [CVE-2013-1898](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1898): lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
+* [CVE-2013-1911](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1911): lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.
+* [CVE-2013-1933](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1933): The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
+* [CVE-2013-1947](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1947): kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
+* [CVE-2013-1948](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1948): converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
+* [CVE-2013-2065](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2065): Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in tainted objects being accepted as input when a SecurityError exception should be raised.
+* [CVE-2013-2090](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2090): Ruby Gem Creme Fraiche version 0.6 suffers from a remote command injection vulnerability due to unsanitized input.
+* [CVE-2013-2105](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2105): The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.
+* [CVE-2013-2119](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2119): Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
+* [CVE-2013-2512](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2512): ftpd Gem for Ruby contains a flaw that is triggered when handling a specially crafted option or filename that contains a shell character. This may allow a remote attacker to inject arbitrary commands
+* [CVE-2013-2513](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2513): flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands.
+* [CVE-2013-2516](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2516): fileutils Gem for Ruby contains a flaw in file_utils.rb. The issue is triggered when handling a specially crafted URL containing a command after a delimiter (;). This may allow a remote attacker to potentially execute arbitrary commands.
+* [CVE-2013-2615](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2615): lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
+* [CVE-2013-2616](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2616): lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
+* [CVE-2013-2617](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2617): lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
+* [CVE-2013-3221](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221): The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.
+* [CVE-2013-4164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164): Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable.
+* [CVE-2013-4203](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4203): The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
+* [CVE-2013-4389](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389): Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
+* [CVE-2013-4413](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4413): Wicked Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the 'the_step' parameter upon submission to the render_redirect.rb script. This may allow a remote attacker to gain access to arbitrary files.
+* [CVE-2013-4457](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4457): The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.
+* [CVE-2013-4478](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4478): Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
+* [CVE-2013-4479](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4479): lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.
+* [CVE-2013-4489](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4489): There is a remote code execution vulnerability in the code search feature of GitLab provided by the grit gem.
+* [CVE-2013-4491](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491): Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.
+* [CVE-2013-4492](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4492): Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
+* [CVE-2013-4562](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4562): Because of the way that omniauth-facebook supports setting a per-request state parameter by storing it in the session, it is possible to circumvent the automatic CSRF protection. Therefore the CSRF added in 1.4.1 should be considered broken. If you are currently providing a custom state, you will need to store and retrieve this yourself (for example, by using the session store) to use 1.5.0.
+* [CVE-2013-4593](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4593): omniauth-facebook Gem for Ruby contains a flaw that is due to the application supporting passing the access token via the URL. This may allow a remote attacker to bypass authentication and authenticate as another user.
+* [CVE-2013-5647](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5647): lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
+* [CVE-2013-5671](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5671): fog-dragonfly Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the imagemagickutils.rb script. This may allow a remote attacker to execute arbitrary commands.
+* [CVE-2013-6414](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414): actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.
+* [CVE-2013-6415](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415): Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.
+* [CVE-2013-6416](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6416): Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.
+* [CVE-2013-6417](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417): actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.
+* [CVE-2013-6421](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6421): The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path.
+* [CVE-2013-6459](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459): Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
+* [CVE-2013-6460](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6460): There is a vulnerability in Nokogiri when using JRuby where the parser can enter an infinite loop and exhaust the process memory. Nokogiri users on JRuby using the native Java extension.  Attackers can send XML documents with carefully crafted documents which can cause the XML processor to enter an infinite loop, causing the server to run out of memory and crash.
+* [CVE-2013-6461](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6461): There is an entity expansion vulnerability in Nokogiri when using JRuby. Nokogiri users on JRuby using the native Java extension.  Attackers can send
+XML documents with carefully crafted entity expansion strings which can cause the server to run out of memory and crash.
+* [CVE-2013-7086](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7086): The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
+* [CVE-2014-0036](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0036): rbovirt Gem for Ruby contains a flaw related to certificate validation. The issue is due to the program failing to validate SSL certificates. This may allow an attacker with access to network traffic (e.g. MiTM, DNS cache poisoning) to spoof the SSL server via an arbitrary certificate that appears valid. Such an attack would allow for the interception of sensitive traffic, and potentially allow for the injection of content into the SSL stream.
+* [CVE-2014-0080](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0080): SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving  (backslash) characters that are not properly handled in operations on array columns.
+* [CVE-2014-0081](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081): Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
+* [CVE-2014-0082](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082): actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
+* [CVE-2014-0130](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130): The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name.  This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the rails application server.
+* [CVE-2014-1233](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1233): The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.
+* [CVE-2014-1234](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1234): The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.
+* [CVE-2014-2322](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2322): Arabic Prawn Gem for Ruby contains a flaw in the ib/string_utf_support.rb file. The issue is due to the program failing to sanitize user input. This may allow a remote attacker to inject arbitrary commands.
+* [CVE-2014-2525](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525): 
+* [CVE-2014-2538](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2538): rack-ssl Gem for Ruby contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the program does not validate input passed via error messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
+* [CVE-2014-3482](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482): Ruby on Rails contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the PostgreSQL adapter for Active Record not properly sanitizing user-supplied input when quoting bitstrings. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
+* [CVE-2014-3483](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483): Ruby on Rails contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the PostgreSQL adapter for Active Record not properly sanitizing user-supplied input when quoting ranges. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
+* [OSVDB-105971](http://osvdb.org/show/osvdb/105971): sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.
+* OSVDB-105971: sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.
+* [OSVDB-108569](http://osvdb.org/show/osvdb/108569): backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.
+* OSVDB-108569: backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.
+* [OSVDB-108570](http://osvdb.org/show/osvdb/108570): backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
+* OSVDB-108570: backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
+* [OSVDB-108530](http://osvdb.org/show/osvdb/108530): kajam Gem for Ruby contains a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
+* OSVDB-108530: kajam Gem for Ruby contains a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
+* [OSVDB-108563](http://osvdb.org/show/osvdb/108563): gyazo Gem for Ruby contains a flaw in client.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
+* OSVDB-108563: gyazo Gem for Ruby contains a flaw in client.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands.
+* Owasp Ror CheatSheet: Command Injection: Ruby offers a function called "eval" which will dynamically build new Ruby code based on Strings. It also has a number of ways to call system commands. While the power of these commands is quite useful, extreme care should be taken when using them in a Rails based application. Usually, its just a bad idea. If need be, a whitelist of possible values should be used and any input should be validated as thoroughly as possible. The Ruby Security Reviewer's Guide has a section on injection and there are a number of OWASP references for it, starting at the top: Command Injection.
+* Owasp Ror CheatSheet: Cross Site Request Forgery: Ruby on Rails has specific, built in support for CSRF tokens. To enable it, or ensure that it is enabled, find the base ApplicationController and look for the protect_from_forgery directive. Note that by default Rails does not provide CSRF protection for any HTTP GET request.
+* Owasp Ror CheatSheet: Session management: By default, Ruby on Rails uses a Cookie based session store. What that means is that unless you change something, the session will not expire on the server. That means that some default applications may be vulnerable to replay attacks. It also means that sensitive information should never be put in the session.
+* Owasp Ror CheatSheet: Mass Assignement in model: Although the major issue with Mass Assignment has been fixed by default in base Rails specifically when generating new projects, it still applies to older and upgraded projects so it is important to understand the issue and to ensure that only attributes that are intended to be modifiable are exposed.
+* Owasp Ror CheatSheet: Security Related Headers: To set a header value, simply access the response.headers object as a hash inside your controller (often in a before/after_filter). Rails 4 provides the "default_headers" functionality that will automatically apply the values supplied. This works for most headers in almost all cases.
+* Owasp Ror CheatSheet: Check for safe redirect and forward: Web applications often require the ability to dynamically redirect users based
+on client-supplied data. To clarify, dynamic redirection usually entails the
+client including a URL in a parameter within a request to the application. Once
+received by the application, the user is redirected to the URL specified in the
+request.
+
+For example: http://www.example.com/redirect?url=http://www.example_commerce_site.com/checkout
+
+The above request would redirect the user to http://www.example.com/checkout.
+
+The security concern associated with this functionality is leveraging an
+organization's trusted brand to phish users and trick them into visiting a
+malicious site, in our example, "badhacker.com".
+
+Example: http://www.example.com/redirect?url=http://badhacker.com
+
+The most basic, but restrictive protection is to use the :only_path option.
+Setting this to true will essentially strip out any host information.
+* Owasp Ror CheatSheet: Sensitive Files: Many Ruby on Rails apps are open source and hosted on publicly available source code repositories. Whether that is the case or the code is committed to a corporate source control system, there are certain files that should be either excluded or carefully managed.
+* Not revised code: Analyzing comments, it seems your code is waiting from some review from you. Please consider take action before putting it in production.
+This check will analyze the source code looking for the following patterns: XXX, TO_CHECK, CHECKME, CHECK and FIXME
+
+
+_Last updated: Tue 08 Jul 17:59:10 CEST 2014_

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Paolo Perego
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,354 @@
+# Codesake::Dawn - The security code scanner for Ruby
+
+Codesake::Dawn is a source code scanner designed to review your code for
+security issues.
+
+Codesake::Dawn is able to scan your ruby standalone programs but its main usage
+is to deal with web applications. It supports applications written using majors
+MVC (Model View Controller) frameworks, like:
+
+* [Ruby on Rails](http://rubyonrails.org)
+* [Sinatra](http://www.sinatrarb.com)
+* [Padrino](http://www.padrinorb.com)
+
+---
+
+[![Gem Version](https://badge.fury.io/rb/codesake-dawn.png)](http://badge.fury.io/rb/codesake-dawn)
+[![Build Status](https://travis-ci.org/codesake/codesake-dawn.png?branch=master)](https://travis-ci.org/codesake/codesake-dawn)
+[![Dependency Status](https://gemnasium.com/codesake/codesake-dawn.png)](https://gemnasium.com/codesake/codesake-dawn)
+[![Coverage Status](https://coveralls.io/repos/codesake/codesake-dawn/badge.png)](https://coveralls.io/r/codesake/codesake-dawn)
+[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/codesake/codesake-dawn/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
+[![Inline docs](http://inch-ci.org/github/codesake/codesake-dawn.png?branch=master)](http://inch-ci.org/github/codesake/codesake-dawn)
+
+---
+
+Codesake::Dawn version 1.2 has 180 security checks loaded in its knowledge
+base. Most of them are CVE bulletins applying to gems or the ruby interpreter
+itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.
+
+## An overall introduction
+
+When you run Codesake::Dawn on your code it parses your project Gemfile.lock
+looking for the gems used and it tries to detect the ruby interpreter version
+you are using or you declared in your ruby version management tool you like
+most (RVM, rbenv, ...).
+
+Then the tool tries to detect the MVC framework your web application uses and
+it applies the security check accordingly. There checks designed to match rails
+application or checks that are appliable to any ruby code.
+
+Codesake::Dawn can also understand the code in your views and to backtrack
+sinks to spot cross site scripting and sql injections introduced by the code
+you actually wrote. In the project roadmap this is the code most of the future
+development effort will be focused on.
+
+Codesake::Dawn security scan result is a list of vulnerabilities with some
+mitigation actions you want to follow in order to build a stronger web
+application.
+
+## Installation
+
+codesake-dawn rubygem is cryptographically signed. To be sure the gem you
+install hasn’t been tampered, you must first add ```paolo@codesake.com```
+public signing certificate as trusted to your gem specific keyring.
+
+```
+$ gem cert --add <(curl -Ls https://raw.githubusercontent.com/codesake/codesake-dawn/master/certs/paolo_at_codesake_dot_com.pem)
+```
+
+You can install latest Codesake::Dawn version, fetching it from
+[Rubygems](https://rubygems.org) by typing:
+
+```
+$ gem install codesake-dawn -P MediumSecurity
+```
+
+The MediumSecurity trust profile will verify signed gems, but allow the
+installation of unsigned dependencies. This is necessary because not all of
+Codesake::Dawn’s dependencies are signed, so we cannot use HighSecurity.
+
+In order to install a release candidate version, the gem install command line
+is the following:
+
+```
+$ gem install codesake-dawn --pre -P MediumSecurity
+```
+
+If you want to add dawn to your project Gemfile, you must add the following:
+
+    group :development do
+      gem 'codesake-dawn', :require=>false
+    end
+
+And then upgrade your bundle
+
+    $ bundle install
+
+You may want to build it from source, so you have to check it out from github first:
+
+    $ git clone https://github.com/codesake/codesake-dawn.git
+    $ cd codesake-dawn
+    $ bundle install
+    $ rake install
+
+And the codesake-dawn gem will be built in a pkg directory and then installed
+on your system. Please note that you have to manage dependencies on your own
+this way. It makes sense only if you want to hack the code or something like
+that.
+
+## Usage
+
+You can start your code review with Codesake::Dawn very easily. Simply tell the tool
+where the project root directory.
+
+Underlying MVC framework is autodetected by Codesake::Dawn using target Gemfile.lock
+file. If autodetect fails for some reason, the tool will complain about it and
+you have to specify if it's a rails, sinatra or padrino web application by
+hand.
+
+Basic usage is to specify some optional command line option to fit best your
+needs, and to specify the target directory where your code is stored.
+
+```
+$ dawn [options] target
+```
+
+In case of need, there is a quick command line option reference running ```dawn -h``` at your OS prompt.
+
+```
+$ dawn -h
+Usage: dawn [options] target_directory
+
+Examples:
+  $ dawn a_sinatra_webapp_directory
+  $ dawn -C the_rails_blog_engine
+  $ dawn -C --json a_sinatra_webapp_directory
+  $ dawn --ascii-tabular-report my_rails_blog_ecommerce
+  $ dawn --html -F my_report.html my_rails_blog_ecommerce
+
+   -r, --rails          force dawn to consider the target a rails application
+   -s, --sinatra        force dawn to consider the target a sinatra application
+   -p, --padrino        force dawn to consider the target a padrino application
+   -G, --gem-lock       force dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock
+   -a, --ascii-tabular-report   cause dawn to format findings using table in ascii art
+   -j, --json                   cause dawn to format findings using json
+   -C, --count-only             dawn will only count vulnerabilities (useful for scripts)
+   -z, --exit-on-warn           dawn will return number of found vulnerabilities as exit code
+   -F, --file filename          tells dawn to write output to filename
+   -c, --config-file filename   tells dawn to load configuration from filename
+
+Disable security check family
+
+       --disable-cve-bulletins  disable all CVE security checks
+       --disable-code-quality   disable all code quality checks
+       --disable-code-style     disable all code style checks
+       --disable-owasp-ror-cheatsheet   disable all Owasp Ruby on Rails cheatsheet checks
+       --disable-owasp-top-10           disable all Owasp Top 10 checks
+
+Flags useful to query Codesake::Dawn
+
+       -S, --search-knowledge-base [check_name]   search check_name in the knowledge base
+           --list-knowledge-base                  list knowledge-base content
+           --list-known-families                  list security check families contained in dawn's knowledge base
+           --list-known-framework                 list ruby MVC frameworks supported by dawn
+
+Service flags
+
+   -D, --debug                                  enters dawn debug mode
+   -V, --verbose                                the output will be more verbose
+   -v, --version                                show version information
+   -h, --help                                   show this help
+```
+
+### Rake task
+
+To include Codesake::Dawn in your rake task list, you simply have to put this line in your ```Rakefile```
+
+```
+require 'codesake/dawn/tasks'
+```
+
+Then executing ```$ rake -T``` you will have a ```dawn:run``` task you want to execute.
+
+```
+$ rake -T
+...
+rake dawn:run                  # Execute codesake-dawn on the current directory
+...
+```
+
+### Interacting with the knowledge base
+
+You can dump all security checks in the knowledge base this way
+
+```
+$ dawn --list-knowledge-base
+```
+
+Useful in scripts, you can use ```--search-knowledge-base``` or ```-S``` with
+as parameter the check name you want to see if it's implemented as a security
+control or not.
+
+```
+$ dawn -S CVE-2013-6421
+07:59:30 [*] dawn v1.1.0 is starting up
+CVE-2013-6421 found in knowledgebase.
+
+$ dawn -S this_test_does_not_exist
+08:02:17 [*] dawn v1.1.0 is starting up
+this_test_does_not_exist not found in knowledgebase
+```
+
+### Codesake::Dawn security scan in action
+
+As output, Codesake::Dawn will put all security checks that are failed during the scan.
+
+This the result of Codedake::Dawn running against a
+[Sinatra 1.4.2 web application](https://github.com/thesp0nge/railsberry2013) wrote for a talk I
+delivered in 2013 at [Railsberry conference](http://www.railsberry.com).
+
+As you may see, Codesake::Dawn first detects MVC running the application by
+looking at Gemfile.lock, than it discards all security checks not appliable to
+Sinatra (49 security checks, in version 1.0, especially designed for Ruby on
+Rails) and it applies them.
+
+```
+$ dawn ~/src/hacking/railsberry2013
+18:40:27 [*] dawn v1.1.0 is starting up
+18:40:27 [$] dawn: scanning /Users/thesp0nge/src/hacking/railsberry2013
+18:40:27 [$] dawn: sinatra v1.4.2 detected
+18:40:27 [$] dawn: applying all security checks
+18:40:27 [$] dawn: 109 security checks applied - 0 security checks skipped
+18:40:27 [$] dawn: 1 vulnerabilities found
+18:40:27 [!] dawn: CVE-2013-1800 check failed
+18:40:27 [$] dawn: Severity: high
+18:40:27 [$] dawn: Priority: unknown
+18:40:27 [$] dawn: Description: The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
+18:40:27 [$] dawn: Solution: Please use crack gem version 0.3.2 or above. Correct your gemfile
+18:40:27 [$] dawn: Evidence:
+18:40:27 [$] dawn:      Vulnerable crack gem version found: 0.3.1
+18:40:27 [*] dawn is leaving
+```
+
+---
+
+When you run Codesake::Dawn on a web application with up to date dependencies,
+it's likely to return a friendly _no vulnerabilities found_ message. Keep it up
+working that way!
+
+This is Codesake::Dawn running against a Padrino web application I wrote for [a
+scorecard quiz game about application security](http://scorecard.armoredcode.com).
+Italian language only. Sorry.
+
+```
+18:42:39 [*] dawn v1.1.0 is starting up
+18:42:39 [$] dawn: scanning /Users/thesp0nge/src/CORE_PROJECTS/scorecard
+18:42:39 [$] dawn: padrino v0.11.2 detected
+18:42:39 [$] dawn: applying all security checks
+18:42:39 [$] dawn: 109 security checks applied - 0 security checks skipped
+18:42:39 [*] dawn: no vulnerabilities found.
+18:42:39 [*] dawn is leaving
+```
+
+If you need a fancy HTML report about your scan, just ask it to Codesake::Dawn
+with the ```--html``` flag used with the ```--file``` since I wanto to save the
+HTML to disk.
+
+```
+$ dawn /Users/thesp0nge/src/hacking/rt_first_app --html --file report.html
+
+09:00:54 [*] dawn v1.1.0 is starting up
+09:00:54 [*] dawn: report.html created (2952 bytes)
+09:00:54 [*] dawn is leaving
+```
+
+---
+
+## Useful links
+
+Project homepage: [http://dawn.codesake.com](http://dawn.codesake.com)
+
+Twitter profile:  [@dawnscanner](https://twitter.com/dawnscanner)
+
+Github repository:   [https://github.com/codesake/codesake\-dawn](https://github.com/codesake/codesake-dawn)
+
+The list of knowledge base content: [http://dawn.codesake.com/knowledge-base](http://dawn.codesake.com/knowledge-base)
+
+Mailing list: [https://groups.google.com/forum/#!forum/codesake-dawn](https://groups.google.com/forum/#!forum/codesake-dawn)
+
+## Support us
+
+Feedbacks are great and we really love to hear your voice.
+
+If you're a proud codesake-dawn user, if you find it useful, if you integrated
+it in your release process and if you want to openly support the project you
+can put your reference here. Just open an
+[issue](https://github.com/codesake-dawn/issues/new) with a statement saying
+how do you feel the tool and your company logo if any.
+
+More easily you can drop an email to [paolo@codesake.com](mailto:paolo@codesake.com) sending a
+statement about your success story and I'll put on the
+[website](http://dawn.codesake.com/success-stories).
+
+Thank you.
+
+## Thanks to
+
+[saten](https://github.com/saten): first issue posted about a typo in the README
+
+[presidentbeef](https://github.com/presidentbeef): for his outstanding work that inspired me creating dawn and for double check comparison matrix. Issue #2 is yours :)
+
+[marinerJB](https://github.com/marinerJB): for misc bug reports and further ideas
+
+[Matteo](https://github.com/matteocollina): for ideas on API and their usage with [github.com](https://github.com) hooks
+
+## Contribute to Codesake::Dawn
+
+Are you interested in contributing to Codesake::Dawn project? Great, here is
+some very basic rules in order to make rocking pull requests.
+
+First of all, I use the branching model described in [this
+post](http://nvie.com/posts/a-successful-git-branching-model/). There are two
+major branches:
+
+* master: it contains in every moment the code for the latest codesake-dawn
+  released gem. You can't make branches from here unless you're working on a
+  bugfix.
+* development: it contains the unstable code that is going to be the next
+  codesake-dawn realease. You start from here. Pick a task on the Roadmap.md
+  and create a separated branch to work on your feature to. When you're ready
+  (remember to include also spec files), submit your pull request. If the code
+  will be fine, it will be merged into the development tree ready to be include
+  in upcoming gem version.
+
+No branch from master it would be analyzed unless they are related to bugfix.
+In this case, the branch name must be something like _issue\_#xx\_description_
+
+## LICENSE
+
+Copyright (c) 2013, 2014 Paolo Perego
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+
+