dawnscanner 1.2.99

data/spec/lib/kb/cve_2011_2705_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+describe "The CVE-2011-2705 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2011_2705.new
+		# @check.debug = true
+	end
+  it "fires when ruby 1.8.7-p351 is detected" do
+    @check.detected_ruby ={:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p351"}
+    @check.vuln?.should be_true
+  end
+  it "fires when ruby 1.9.0 any patchlevel is detected" do
+    @check.detected_ruby ={:engine=>"ruby", :version=>"1.9.0", :patchlevel=>"p351"}
+    @check.vuln?.should be_true
+  end
+  it "fires when ruby 1.9.1 any patchlevel is detected" do
+    @check.detected_ruby ={:engine=>"ruby", :version=>"1.9.1", :patchlevel=>"p351"}
+    @check.vuln?.should be_true
+  end
+  it "fires when ruby 1.9.2-p289 is detected" do
+    @check.detected_ruby ={:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"p289"}
+    @check.vuln?.should be_true
+  end
+  it "doesn't fire when ruby 1.8.7-p352 is detected" do
+    @check.detected_ruby ={:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p352"}
+    @check.vuln?.should be_false
+  end
+  it "doesn't fire when ruby 1.9.2-p290 is detected" do
+    @check.detected_ruby ={:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"p290"}
+    @check.vuln?.should be_false
+  end
+  it "doesn't fire when ruby 1.9.3-p290 is detected" do
+    @check.detected_ruby ={:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p290"}
+    @check.vuln?.should be_false
+  end
+end

data/spec/lib/kb/cve_2011_2930_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+describe "The CVE-2011-2930 vulnerability" do
+  before(:all) do
+    @check = Codesake::Dawn::Kb::CVE_2011_2930.new
+    # @check.debug = true
+  end
+  it "fires when vulnerable rails version is used (2.3.12)" do
+    @check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
+    @check.vuln?.should   be_true
+  end
+  it "fires when vulnerable rails version is used (3.0.9)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.0.9'}]
+    @check.vuln?.should   be_true
+  end
+  it "fires when vulnerable rails version is used (3.1.0)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.1.0'}]
+    @check.vuln?.should   be_true
+  end
+  it "doesn't fire when safe rails version is used (2.3.14)" do
+    @check.dependencies = [{:name=>"rails", :version=>'2.3.14'}]
+    @check.vuln?.should   be_false
+  end
+  it "doesn't fire when safe rails version is used (3.0.10)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
+    @check.vuln?.should   be_false
+  end
+  it "doesn't fire when safe rails version is used (3.1.1)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.1.1'}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/cve_2011_3009_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+describe "The CVE-2011-3009 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2011_3009.new
+		# @check.debug = true
+	end
+  it "fires if ruby version is vulnerable (1.8.6-p111)" do
+    @check.detected_ruby = {:engine=>'ruby', :version=>"1.8.6", :patchlevel=>"p111"}
+    @check.vuln?.should    be_true
+  end
+  it "fires if ruby version is vulnerable (1.8.5-p111)" do
+    @check.detected_ruby = {:engine=>'ruby', :version=>"1.8.5", :patchlevel=>"p111"}
+    @check.vuln?.should    be_true
+  end
+  it "doesn't fire if ruby version is not vulnerable (1.8.6-p112)" do
+    @check.detected_ruby = {:engine=>'ruby', :version=>"1.8.6", :patchlevel=>"p112"}
+    @check.vuln?.should    be_false
+  end
+  it "doesn't fire if ruby version is not vulnerable (1.9.2-p112)" do
+    @check.detected_ruby = {:engine=>'ruby', :version=>"1.9.2", :patchlevel=>"p112"}
+    @check.vuln?.should    be_false
+  end
+
+end

data/spec/lib/kb/cve_2011_3187_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+describe "The CVE-2011-3187 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2011_3187.new
+		# @check.debug = true
+	end
+  it "fires when vulnerable rails version it has been found (3.0.5)" do
+    @check.dependencies = [{:name=>'rails', :version=>'3.0.5'}]
+    @check.vuln?.should be_true
+  end
+  it "doesn't fire when safe rails version it has been found (3.0.6)" do
+    @check.dependencies = [{:name=>'rails', :version=>'3.0.6'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't fire when safe rails version it has been found (3.1.6)" do
+    @check.dependencies = [{:name=>'rails', :version=>'3.1.6'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't fire when safe rails version it has been found (2.3.16)" do
+    @check.dependencies = [{:name=>'rails', :version=>'2.3.16'}]
+    @check.vuln?.should be_false
+  end
+          # self.safe_dependencies = [{:name=>"rails", :version=>['3.0.6']}]
+end

data/spec/lib/kb/cve_2011_4319_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper'
+describe "The CVE-2011-4319 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2011_4319.new
+		# @check.debug = true
+	end
+  it "fires when vulnerable rails version it has been found (2.3.12)" do
+    @check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
+    @check.vuln?.should   be_true
+  end
+  it "fires when vulnerable rails version it has been found (3.0.10)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
+    @check.vuln?.should   be_true
+  end
+  it "fires when vulnerable rails version it has been found (3.1.1)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
+    @check.vuln?.should   be_true
+  end
+  it "doesn't fire when safe rails version it has been found (2.3.13)" do
+    @check.dependencies = [{:name=>"rails", :version=>'2.3.13'}]
+    @check.vuln?.should   be_false
+  end
+  it "doesn't fire when safe rails version it has been found (2.3.14)" do
+    @check.dependencies = [{:name=>"rails", :version=>'2.3.14'}]
+    @check.vuln?.should   be_false
+  end
+  it "doesn't fire when safe rails version it has been found (3.0.11)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.0.11'}]
+    @check.vuln?.should   be_false
+  end
+  it "doesn't fire when safe rails version it has been found (3.0.12)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.0.12'}]
+    @check.vuln?.should   be_false
+  end
+  it "doesn't fire when safe rails version it has been found (3.1.2)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.1.2'}]
+    @check.vuln?.should   be_false
+  end
+  it "doesn't fire when safe rails version it has been found (3.2.0)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.0'}]
+    @check.vuln?.should   be_false
+  end
+          # self.safe_dependencies = [{:name=>"rails", :version=>['2.3.13', '3.0.11', '3.1.2']}]
+end

data/spec/lib/kb/cve_2011_5036_spec.rb

@@ -0,0 +1,95 @@
+require 'spec_helper'
+describe "The CVE-2011-5036 vulnerability" do
+  before(:all) do
+    @check = Codesake::Dawn::Kb::CVE_2011_5036.new
+    # @check.debug = true
+  end
+  it "is reported when the vulnerable gem is detected - 1.0.1" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.0.1"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected - 0.9.1" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.9.1"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 0.9" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.9"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 0.4" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.4"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 0.3" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.3"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 0.2" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.2"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 0.1" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.1"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.0.0" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.0.0"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.1.0" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.1.2" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.2.0" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected - 1.2.1" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.2.2" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.2.3" do
+
+    @check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.2.4" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.3.0" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected - 1.3.1" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.3.2" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.3.3" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.3.4" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.3.5" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
+    @check.vuln?.should   be_true
+  end
+end

data/spec/lib/kb/cve_2012_1098_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+describe "The CVE-2012-1098 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2012_1098.new
+		# @check.debug = true
+	end
+  it "fires when vulnerable rails version it has been found (3.0.11)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.0.11'}]
+    @check.vuln?.should   be_true
+  end
+  it "fires when vulnerable rails version it has been found (3.1.3)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.1.3'}]
+    @check.vuln?.should   be_true
+  end
+  it "fires when vulnerable rails version it has been found (3.2.1)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.1'}]
+    @check.vuln?.should   be_true
+  end
+  it "doesn't fire when non vulnerable rails version it has been found (3.2.2)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.2'}]
+    @check.vuln?.should   be_false
+  end
+  it "doesn't fire when non vulnerable rails version it has been found (3.2.4)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.4'}]
+    @check.vuln?.should   be_false
+  end
+  it "doesn't fire when non vulnerable rails version it has been found (3.1.4)" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.1.4'}]
+    # @check.debug = true
+    @check.vuln?.should   be_false
+  end
+  it "doesn't fire when rails version older than 3.x.y it has been found" do
+    @check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/cve_2012_2139_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+describe "The CVE-2012-2139 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2012_2139.new
+		# @check.debug = true
+	end
+  it "is reported when mail_gem version 2.4.3 is used" do
+    @check.dependencies = [{:name=>"mail_gem", :version=>"2.4.3"}]
+    @check.vuln?.should be_true
+  end
+  it "is reported when mail_gem version 2.3.3 is used" do
+    @check.dependencies = [{:name=>"mail_gem", :version=>"2.3.3"}]
+    @check.vuln?.should be_true
+  end
+
+  it "is not reported when mail_gem version 2.4.4 is used" do
+    @check.dependencies = [{:name=>"mail_gem", :version=>"2.4.4"}]
+    @check.vuln?.should be_false
+  end
+end

data/spec/lib/kb/cve_2012_2671_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+describe "The CVE-2012-2671 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2012_2671.new
+		# @check.debug = true
+	end
+  it "is reported when ruby-cache version 0.5 is used" do
+    @check.dependencies = [{:name=>"rack-cache", :version=>'0.5'}]
+    @check.vuln?.should be_true
+  end
+  it "is reported when ruby-cache version 0.8 is used" do
+    @check.dependencies = [{:name=>"rack-cache", :version=>'0.8'}]
+    @check.vuln?.should be_true
+  end
+  it "is reported when ruby-cache version 1.1.1 is used" do
+    @check.dependencies = [{:name=>"rack-cache", :version=>'1.1.1'}]
+    @check.vuln?.should be_true
+  end
+  it "is not reported when ruby-cache version 1.1.2 is used" do
+    @check.dependencies = [{:name=>"rack-cache", :version=>'1.1.2'}]
+    @check.vuln?.should be_false
+  end
+end

data/spec/lib/kb/cve_2012_6109_spec.rb

@@ -0,0 +1,112 @@
+require 'spec_helper'
+describe "The CVE-2012-6109 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2012_6109.new
+		# @check.debug = true
+	end
+  it "is reported when the vulnerable gem is detected - 1.0.1" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.0.1"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected - 0.9.1" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.9.1"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 0.9" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.9"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 0.4" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.4"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 0.3" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.3"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 0.2" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.2"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 0.1" do
+    @check.dependencies = [{:name=>"rack", :version=>"0.1"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.0.0" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.0.0"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.1.0" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.1.3" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.1.3"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.1.2" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.2.0" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected - 1.2.1" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.2.2" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.2.3" do
+
+    @check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.2.4" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.3.0" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected - 1.3.1" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.3.2" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.3.3" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.3.4" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.3.5" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.3.6" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected - 1.4.0" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when the vulnerable gem is detected - 1.4.1" do
+    @check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
+    @check.vuln?.should   be_true
+  end
+end