dawnscanner 1.2.99

Sign up to get free protection for your applications and to get access to all the features.
Files changed (306) hide show
  1. checksums.yaml +7 -0
  2. checksums.yaml.gz.sig +4 -0
  3. data.tar.gz.sig +0 -0
  4. data/.gitignore +19 -0
  5. data/.ruby-gemset +1 -0
  6. data/.ruby-version +1 -0
  7. data/.travis.yml +8 -0
  8. data/Changelog.md +412 -0
  9. data/Gemfile +4 -0
  10. data/KnowledgeBase.md +213 -0
  11. data/LICENSE.txt +22 -0
  12. data/README.md +354 -0
  13. data/Rakefile +250 -0
  14. data/Roadmap.md +59 -0
  15. data/bin/dawn +210 -0
  16. data/certs/paolo_at_codesake_dot_com.pem +21 -0
  17. data/checksum/.placeholder +0 -0
  18. data/checksum/codesake-dawn-1.1.0.gem.sha512 +1 -0
  19. data/checksum/codesake-dawn-1.1.0.rc1.gem.sha512 +1 -0
  20. data/checksum/codesake-dawn-1.1.1.gem.sha512 +1 -0
  21. data/checksum/codesake-dawn-1.1.2.gem.sha512 +1 -0
  22. data/checksum/codesake-dawn-1.1.3.gem.sha512 +1 -0
  23. data/checksum/codesake-dawn-1.2.0.gem.sha512 +1 -0
  24. data/checksum/codesake-dawn-1.2.99.gem.sha512 +1 -0
  25. data/dawnscanner.gemspec +43 -0
  26. data/doc/codesake-dawn.yaml.sample +26 -0
  27. data/doc/dawn_1_0_announcement.md +139 -0
  28. data/doc/dawn_1_1_announcement.md +67 -0
  29. data/doc/dawn_1_2_announcement.md +69 -0
  30. data/features/dawn_complains_about_an_incorrect_command_line.feature.disabled +21 -0
  31. data/features/dawn_scan_a_secure_sinatra_app.feature.disabled +31 -0
  32. data/features/dawn_scan_a_vulnerable_sinatra_app.feature.disabled +36 -0
  33. data/features/step_definition/dawn_steps.rb +19 -0
  34. data/features/support/env.rb +1 -0
  35. data/lib/codesake-dawn.rb +12 -0
  36. data/lib/codesake/dawn/core.rb +175 -0
  37. data/lib/codesake/dawn/engine.rb +380 -0
  38. data/lib/codesake/dawn/gemfile_lock.rb +12 -0
  39. data/lib/codesake/dawn/kb/basic_check.rb +228 -0
  40. data/lib/codesake/dawn/kb/combo_check.rb +64 -0
  41. data/lib/codesake/dawn/kb/cve_2004_0755.rb +32 -0
  42. data/lib/codesake/dawn/kb/cve_2004_0983.rb +30 -0
  43. data/lib/codesake/dawn/kb/cve_2005_1992.rb +30 -0
  44. data/lib/codesake/dawn/kb/cve_2005_2337.rb +32 -0
  45. data/lib/codesake/dawn/kb/cve_2006_1931.rb +32 -0
  46. data/lib/codesake/dawn/kb/cve_2006_2582.rb +30 -0
  47. data/lib/codesake/dawn/kb/cve_2006_3694.rb +31 -0
  48. data/lib/codesake/dawn/kb/cve_2006_4112.rb +29 -0
  49. data/lib/codesake/dawn/kb/cve_2006_5467.rb +30 -0
  50. data/lib/codesake/dawn/kb/cve_2006_6303.rb +30 -0
  51. data/lib/codesake/dawn/kb/cve_2006_6852.rb +29 -0
  52. data/lib/codesake/dawn/kb/cve_2006_6979.rb +31 -0
  53. data/lib/codesake/dawn/kb/cve_2007_0469.rb +29 -0
  54. data/lib/codesake/dawn/kb/cve_2007_5162.rb +30 -0
  55. data/lib/codesake/dawn/kb/cve_2007_5379.rb +29 -0
  56. data/lib/codesake/dawn/kb/cve_2007_5380.rb +29 -0
  57. data/lib/codesake/dawn/kb/cve_2007_5770.rb +32 -0
  58. data/lib/codesake/dawn/kb/cve_2007_6077.rb +31 -0
  59. data/lib/codesake/dawn/kb/cve_2007_6612.rb +30 -0
  60. data/lib/codesake/dawn/kb/cve_2008_1145.rb +40 -0
  61. data/lib/codesake/dawn/kb/cve_2008_1891.rb +40 -0
  62. data/lib/codesake/dawn/kb/cve_2008_2376.rb +32 -0
  63. data/lib/codesake/dawn/kb/cve_2008_2662.rb +35 -0
  64. data/lib/codesake/dawn/kb/cve_2008_2663.rb +34 -0
  65. data/lib/codesake/dawn/kb/cve_2008_2664.rb +35 -0
  66. data/lib/codesake/dawn/kb/cve_2008_2725.rb +33 -0
  67. data/lib/codesake/dawn/kb/cve_2008_3655.rb +39 -0
  68. data/lib/codesake/dawn/kb/cve_2008_3657.rb +39 -0
  69. data/lib/codesake/dawn/kb/cve_2008_3790.rb +32 -0
  70. data/lib/codesake/dawn/kb/cve_2008_3905.rb +38 -0
  71. data/lib/codesake/dawn/kb/cve_2008_4094.rb +29 -0
  72. data/lib/codesake/dawn/kb/cve_2008_4310.rb +103 -0
  73. data/lib/codesake/dawn/kb/cve_2008_5189.rb +29 -0
  74. data/lib/codesake/dawn/kb/cve_2008_7248.rb +29 -0
  75. data/lib/codesake/dawn/kb/cve_2009_4078.rb +31 -0
  76. data/lib/codesake/dawn/kb/cve_2009_4124.rb +32 -0
  77. data/lib/codesake/dawn/kb/cve_2009_4214.rb +29 -0
  78. data/lib/codesake/dawn/kb/cve_2010_1330.rb +30 -0
  79. data/lib/codesake/dawn/kb/cve_2010_2489.rb +62 -0
  80. data/lib/codesake/dawn/kb/cve_2010_3933.rb +29 -0
  81. data/lib/codesake/dawn/kb/cve_2011_0188.rb +69 -0
  82. data/lib/codesake/dawn/kb/cve_2011_0446.rb +30 -0
  83. data/lib/codesake/dawn/kb/cve_2011_0447.rb +30 -0
  84. data/lib/codesake/dawn/kb/cve_2011_0739.rb +30 -0
  85. data/lib/codesake/dawn/kb/cve_2011_0995.rb +63 -0
  86. data/lib/codesake/dawn/kb/cve_2011_1004.rb +36 -0
  87. data/lib/codesake/dawn/kb/cve_2011_1005.rb +33 -0
  88. data/lib/codesake/dawn/kb/cve_2011_2197.rb +29 -0
  89. data/lib/codesake/dawn/kb/cve_2011_2686.rb +31 -0
  90. data/lib/codesake/dawn/kb/cve_2011_2705.rb +34 -0
  91. data/lib/codesake/dawn/kb/cve_2011_2929.rb +29 -0
  92. data/lib/codesake/dawn/kb/cve_2011_2930.rb +30 -0
  93. data/lib/codesake/dawn/kb/cve_2011_2931.rb +32 -0
  94. data/lib/codesake/dawn/kb/cve_2011_2932.rb +29 -0
  95. data/lib/codesake/dawn/kb/cve_2011_3009.rb +30 -0
  96. data/lib/codesake/dawn/kb/cve_2011_3186.rb +31 -0
  97. data/lib/codesake/dawn/kb/cve_2011_3187.rb +31 -0
  98. data/lib/codesake/dawn/kb/cve_2011_4319.rb +31 -0
  99. data/lib/codesake/dawn/kb/cve_2011_4815.rb +30 -0
  100. data/lib/codesake/dawn/kb/cve_2011_5036.rb +28 -0
  101. data/lib/codesake/dawn/kb/cve_2012_1098.rb +32 -0
  102. data/lib/codesake/dawn/kb/cve_2012_1099.rb +29 -0
  103. data/lib/codesake/dawn/kb/cve_2012_1241.rb +29 -0
  104. data/lib/codesake/dawn/kb/cve_2012_2139.rb +28 -0
  105. data/lib/codesake/dawn/kb/cve_2012_2140.rb +29 -0
  106. data/lib/codesake/dawn/kb/cve_2012_2660.rb +30 -0
  107. data/lib/codesake/dawn/kb/cve_2012_2661.rb +29 -0
  108. data/lib/codesake/dawn/kb/cve_2012_2671.rb +30 -0
  109. data/lib/codesake/dawn/kb/cve_2012_2694.rb +32 -0
  110. data/lib/codesake/dawn/kb/cve_2012_2695.rb +29 -0
  111. data/lib/codesake/dawn/kb/cve_2012_3424.rb +31 -0
  112. data/lib/codesake/dawn/kb/cve_2012_3463.rb +29 -0
  113. data/lib/codesake/dawn/kb/cve_2012_3464.rb +29 -0
  114. data/lib/codesake/dawn/kb/cve_2012_3465.rb +28 -0
  115. data/lib/codesake/dawn/kb/cve_2012_4464.rb +29 -0
  116. data/lib/codesake/dawn/kb/cve_2012_4466.rb +29 -0
  117. data/lib/codesake/dawn/kb/cve_2012_4481.rb +28 -0
  118. data/lib/codesake/dawn/kb/cve_2012_4522.rb +29 -0
  119. data/lib/codesake/dawn/kb/cve_2012_5370.rb +29 -0
  120. data/lib/codesake/dawn/kb/cve_2012_5371.rb +29 -0
  121. data/lib/codesake/dawn/kb/cve_2012_5380.rb +30 -0
  122. data/lib/codesake/dawn/kb/cve_2012_6109.rb +27 -0
  123. data/lib/codesake/dawn/kb/cve_2012_6134.rb +29 -0
  124. data/lib/codesake/dawn/kb/cve_2012_6496.rb +30 -0
  125. data/lib/codesake/dawn/kb/cve_2012_6497.rb +30 -0
  126. data/lib/codesake/dawn/kb/cve_2013_0155.rb +31 -0
  127. data/lib/codesake/dawn/kb/cve_2013_0156.rb +29 -0
  128. data/lib/codesake/dawn/kb/cve_2013_0162.rb +30 -0
  129. data/lib/codesake/dawn/kb/cve_2013_0175.rb +29 -0
  130. data/lib/codesake/dawn/kb/cve_2013_0183.rb +27 -0
  131. data/lib/codesake/dawn/kb/cve_2013_0184.rb +27 -0
  132. data/lib/codesake/dawn/kb/cve_2013_0233.rb +28 -0
  133. data/lib/codesake/dawn/kb/cve_2013_0256.rb +61 -0
  134. data/lib/codesake/dawn/kb/cve_2013_0262.rb +28 -0
  135. data/lib/codesake/dawn/kb/cve_2013_0263.rb +28 -0
  136. data/lib/codesake/dawn/kb/cve_2013_0269.rb +29 -0
  137. data/lib/codesake/dawn/kb/cve_2013_0276.rb +30 -0
  138. data/lib/codesake/dawn/kb/cve_2013_0277.rb +27 -0
  139. data/lib/codesake/dawn/kb/cve_2013_0284.rb +29 -0
  140. data/lib/codesake/dawn/kb/cve_2013_0285.rb +29 -0
  141. data/lib/codesake/dawn/kb/cve_2013_0333.rb +30 -0
  142. data/lib/codesake/dawn/kb/cve_2013_1607.rb +27 -0
  143. data/lib/codesake/dawn/kb/cve_2013_1655.rb +67 -0
  144. data/lib/codesake/dawn/kb/cve_2013_1656.rb +30 -0
  145. data/lib/codesake/dawn/kb/cve_2013_1756.rb +28 -0
  146. data/lib/codesake/dawn/kb/cve_2013_1800.rb +28 -0
  147. data/lib/codesake/dawn/kb/cve_2013_1801.rb +29 -0
  148. data/lib/codesake/dawn/kb/cve_2013_1802.rb +29 -0
  149. data/lib/codesake/dawn/kb/cve_2013_1812.rb +29 -0
  150. data/lib/codesake/dawn/kb/cve_2013_1821.rb +30 -0
  151. data/lib/codesake/dawn/kb/cve_2013_1854.rb +28 -0
  152. data/lib/codesake/dawn/kb/cve_2013_1855.rb +27 -0
  153. data/lib/codesake/dawn/kb/cve_2013_1856.rb +28 -0
  154. data/lib/codesake/dawn/kb/cve_2013_1857.rb +29 -0
  155. data/lib/codesake/dawn/kb/cve_2013_1875.rb +29 -0
  156. data/lib/codesake/dawn/kb/cve_2013_1898.rb +29 -0
  157. data/lib/codesake/dawn/kb/cve_2013_1911.rb +30 -0
  158. data/lib/codesake/dawn/kb/cve_2013_1933.rb +29 -0
  159. data/lib/codesake/dawn/kb/cve_2013_1947.rb +29 -0
  160. data/lib/codesake/dawn/kb/cve_2013_1948.rb +29 -0
  161. data/lib/codesake/dawn/kb/cve_2013_2065.rb +31 -0
  162. data/lib/codesake/dawn/kb/cve_2013_2090.rb +30 -0
  163. data/lib/codesake/dawn/kb/cve_2013_2105.rb +28 -0
  164. data/lib/codesake/dawn/kb/cve_2013_2119.rb +29 -0
  165. data/lib/codesake/dawn/kb/cve_2013_2512.rb +28 -0
  166. data/lib/codesake/dawn/kb/cve_2013_2513.rb +27 -0
  167. data/lib/codesake/dawn/kb/cve_2013_2516.rb +28 -0
  168. data/lib/codesake/dawn/kb/cve_2013_2615.rb +29 -0
  169. data/lib/codesake/dawn/kb/cve_2013_2616.rb +29 -0
  170. data/lib/codesake/dawn/kb/cve_2013_2617.rb +30 -0
  171. data/lib/codesake/dawn/kb/cve_2013_3221.rb +29 -0
  172. data/lib/codesake/dawn/kb/cve_2013_4164.rb +32 -0
  173. data/lib/codesake/dawn/kb/cve_2013_4203.rb +27 -0
  174. data/lib/codesake/dawn/kb/cve_2013_4389.rb +28 -0
  175. data/lib/codesake/dawn/kb/cve_2013_4413.rb +29 -0
  176. data/lib/codesake/dawn/kb/cve_2013_4457.rb +31 -0
  177. data/lib/codesake/dawn/kb/cve_2013_4478.rb +28 -0
  178. data/lib/codesake/dawn/kb/cve_2013_4479.rb +28 -0
  179. data/lib/codesake/dawn/kb/cve_2013_4489.rb +30 -0
  180. data/lib/codesake/dawn/kb/cve_2013_4491.rb +30 -0
  181. data/lib/codesake/dawn/kb/cve_2013_4492.rb +31 -0
  182. data/lib/codesake/dawn/kb/cve_2013_4562.rb +29 -0
  183. data/lib/codesake/dawn/kb/cve_2013_4593.rb +29 -0
  184. data/lib/codesake/dawn/kb/cve_2013_5647.rb +31 -0
  185. data/lib/codesake/dawn/kb/cve_2013_5671.rb +28 -0
  186. data/lib/codesake/dawn/kb/cve_2013_6414.rb +31 -0
  187. data/lib/codesake/dawn/kb/cve_2013_6415.rb +30 -0
  188. data/lib/codesake/dawn/kb/cve_2013_6416.rb +31 -0
  189. data/lib/codesake/dawn/kb/cve_2013_6417.rb +31 -0
  190. data/lib/codesake/dawn/kb/cve_2013_6421.rb +30 -0
  191. data/lib/codesake/dawn/kb/cve_2013_6459.rb +30 -0
  192. data/lib/codesake/dawn/kb/cve_2013_6460.rb +55 -0
  193. data/lib/codesake/dawn/kb/cve_2013_6461.rb +59 -0
  194. data/lib/codesake/dawn/kb/cve_2013_7086.rb +29 -0
  195. data/lib/codesake/dawn/kb/cve_2014_0036.rb +29 -0
  196. data/lib/codesake/dawn/kb/cve_2014_0080.rb +30 -0
  197. data/lib/codesake/dawn/kb/cve_2014_0081.rb +28 -0
  198. data/lib/codesake/dawn/kb/cve_2014_0082.rb +29 -0
  199. data/lib/codesake/dawn/kb/cve_2014_0130.rb +28 -0
  200. data/lib/codesake/dawn/kb/cve_2014_1233.rb +29 -0
  201. data/lib/codesake/dawn/kb/cve_2014_1234.rb +28 -0
  202. data/lib/codesake/dawn/kb/cve_2014_2322.rb +30 -0
  203. data/lib/codesake/dawn/kb/cve_2014_2525.rb +61 -0
  204. data/lib/codesake/dawn/kb/cve_2014_2538.rb +28 -0
  205. data/lib/codesake/dawn/kb/cve_2014_3482.rb +30 -0
  206. data/lib/codesake/dawn/kb/cve_2014_3483.rb +29 -0
  207. data/lib/codesake/dawn/kb/dependency_check.rb +86 -0
  208. data/lib/codesake/dawn/kb/deprecation_check.rb +40 -0
  209. data/lib/codesake/dawn/kb/not_revised_code.rb +24 -0
  210. data/lib/codesake/dawn/kb/operating_system_check.rb +98 -0
  211. data/lib/codesake/dawn/kb/osvdb_105971.rb +31 -0
  212. data/lib/codesake/dawn/kb/osvdb_108530.rb +29 -0
  213. data/lib/codesake/dawn/kb/osvdb_108563.rb +30 -0
  214. data/lib/codesake/dawn/kb/osvdb_108569.rb +30 -0
  215. data/lib/codesake/dawn/kb/osvdb_108570.rb +29 -0
  216. data/lib/codesake/dawn/kb/owasp_ror_cheatsheet.rb +41 -0
  217. data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +22 -0
  218. data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +59 -0
  219. data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +30 -0
  220. data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/csrf.rb +31 -0
  221. data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +35 -0
  222. data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +38 -0
  223. data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +31 -0
  224. data/lib/codesake/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +33 -0
  225. data/lib/codesake/dawn/kb/pattern_match_check.rb +129 -0
  226. data/lib/codesake/dawn/kb/ruby_version_check.rb +91 -0
  227. data/lib/codesake/dawn/kb/simpleform_xss_20131129.rb +30 -0
  228. data/lib/codesake/dawn/kb/version_check.rb +418 -0
  229. data/lib/codesake/dawn/knowledge_base.rb +513 -0
  230. data/lib/codesake/dawn/padrino.rb +82 -0
  231. data/lib/codesake/dawn/rails.rb +17 -0
  232. data/lib/codesake/dawn/railtie.rb +9 -0
  233. data/lib/codesake/dawn/reporter.rb +280 -0
  234. data/lib/codesake/dawn/sinatra.rb +129 -0
  235. data/lib/codesake/dawn/tasks.rb +27 -0
  236. data/lib/codesake/dawn/utils.rb +21 -0
  237. data/lib/codesake/dawn/version.rb +28 -0
  238. data/lib/tasks/codesake-dawn_tasks.rake +1 -0
  239. data/spec/lib/dawn/codesake_core_spec.rb +9 -0
  240. data/spec/lib/dawn/codesake_knowledgebase_spec.rb +940 -0
  241. data/spec/lib/dawn/codesake_padrino_engine_disabled.rb +45 -0
  242. data/spec/lib/dawn/codesake_rails_engine_disabled.rb +12 -0
  243. data/spec/lib/dawn/codesake_sinatra_engine_disabled.rb +128 -0
  244. data/spec/lib/kb/codesake_cve_2013_0175_spec.rb +35 -0
  245. data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +41 -0
  246. data/spec/lib/kb/codesake_dependency_version_check_spec.rb +76 -0
  247. data/spec/lib/kb/codesake_deprecation_check_spec.rb +56 -0
  248. data/spec/lib/kb/codesake_ruby_version_check_spec.rb +40 -0
  249. data/spec/lib/kb/codesake_version_check_spec.rb +165 -0
  250. data/spec/lib/kb/cve_2011_2705_spec.rb +35 -0
  251. data/spec/lib/kb/cve_2011_2930_spec.rb +31 -0
  252. data/spec/lib/kb/cve_2011_3009_spec.rb +25 -0
  253. data/spec/lib/kb/cve_2011_3187_spec.rb +24 -0
  254. data/spec/lib/kb/cve_2011_4319_spec.rb +44 -0
  255. data/spec/lib/kb/cve_2011_5036_spec.rb +95 -0
  256. data/spec/lib/kb/cve_2012_1098_spec.rb +36 -0
  257. data/spec/lib/kb/cve_2012_2139_spec.rb +20 -0
  258. data/spec/lib/kb/cve_2012_2671_spec.rb +23 -0
  259. data/spec/lib/kb/cve_2012_6109_spec.rb +112 -0
  260. data/spec/lib/kb/cve_2013_0162_spec.rb +23 -0
  261. data/spec/lib/kb/cve_2013_0183_spec.rb +54 -0
  262. data/spec/lib/kb/cve_2013_0184_spec.rb +115 -0
  263. data/spec/lib/kb/cve_2013_0256_spec.rb +34 -0
  264. data/spec/lib/kb/cve_2013_0262_spec.rb +44 -0
  265. data/spec/lib/kb/cve_2013_0263_spec.rb +11 -0
  266. data/spec/lib/kb/cve_2013_1607_spec.rb +15 -0
  267. data/spec/lib/kb/cve_2013_1655_spec.rb +31 -0
  268. data/spec/lib/kb/cve_2013_1756_spec.rb +23 -0
  269. data/spec/lib/kb/cve_2013_2090_spec.rb +15 -0
  270. data/spec/lib/kb/cve_2013_2105_spec.rb +11 -0
  271. data/spec/lib/kb/cve_2013_2119_spec.rb +27 -0
  272. data/spec/lib/kb/cve_2013_2512_spec.rb +15 -0
  273. data/spec/lib/kb/cve_2013_2513_spec.rb +15 -0
  274. data/spec/lib/kb/cve_2013_2516_spec.rb +15 -0
  275. data/spec/lib/kb/cve_2013_4203_spec.rb +15 -0
  276. data/spec/lib/kb/cve_2013_4413_spec.rb +16 -0
  277. data/spec/lib/kb/cve_2013_4489_spec.rb +63 -0
  278. data/spec/lib/kb/cve_2013_4593_spec.rb +16 -0
  279. data/spec/lib/kb/cve_2013_5647_spec.rb +19 -0
  280. data/spec/lib/kb/cve_2013_5671_spec.rb +27 -0
  281. data/spec/lib/kb/cve_2013_6416_spec.rb +31 -0
  282. data/spec/lib/kb/cve_2013_6459_spec.rb +15 -0
  283. data/spec/lib/kb/cve_2013_7086_spec.rb +22 -0
  284. data/spec/lib/kb/cve_2014_0036_spec.rb +15 -0
  285. data/spec/lib/kb/cve_2014_0080_spec.rb +28 -0
  286. data/spec/lib/kb/cve_2014_0081_spec.rb +68 -0
  287. data/spec/lib/kb/cve_2014_0082_spec.rb +52 -0
  288. data/spec/lib/kb/cve_2014_0130_spec.rb +19 -0
  289. data/spec/lib/kb/cve_2014_1233_spec.rb +15 -0
  290. data/spec/lib/kb/cve_2014_1234_spec.rb +16 -0
  291. data/spec/lib/kb/cve_2014_2322_spec.rb +15 -0
  292. data/spec/lib/kb/cve_2014_2538_spec.rb +15 -0
  293. data/spec/lib/kb/cve_2014_3482_spec.rb +15 -0
  294. data/spec/lib/kb/cve_2014_3483_spec.rb +23 -0
  295. data/spec/lib/kb/osvdb_105971_spec.rb +15 -0
  296. data/spec/lib/kb/osvdb_108530_spec.rb +22 -0
  297. data/spec/lib/kb/osvdb_108563_spec.rb +18 -0
  298. data/spec/lib/kb/osvdb_108569_spec.rb +17 -0
  299. data/spec/lib/kb/osvdb_108570_spec.rb +17 -0
  300. data/spec/lib/kb/owasp_ror_cheatsheet_disabled.rb +56 -0
  301. data/spec/spec_helper.rb +11 -0
  302. data/support/bootstrap.js +2027 -0
  303. data/support/bootstrap.min.css +9 -0
  304. data/support/codesake.css +63 -0
  305. metadata +659 -0
  306. metadata.gz.sig +0 -0
@@ -0,0 +1,23 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-0162 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_0162.new
5
+ # @check.debug = true
6
+ end
7
+ it "is reported when ruby_parser version 1.x is used" do
8
+ @check.dependencies = [{:name=>"ruby_parser", :version=>'1.4.5'}]
9
+ @check.vuln?.should be_true
10
+ end
11
+ it "is reported when ruby_parser version 2.x is used" do
12
+ @check.dependencies = [{:name=>"ruby_parser", :version=>'2.4.5'}]
13
+ @check.vuln?.should be_true
14
+ end
15
+ it "is reported when ruby_parser version 3.0.x is used" do
16
+ @check.dependencies = [{:name=>"ruby_parser", :version=>'3.0.5'}]
17
+ @check.vuln?.should be_true
18
+ end
19
+ it "is not reported when ruby_parser version 3.1.1 is used" do
20
+ @check.dependencies = [{:name=>"ruby_parser", :version=>'3.1.1'}]
21
+ @check.vuln?.should be_false
22
+ end
23
+ end
@@ -0,0 +1,54 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-0183 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_0183.new
5
+ # @check.debug = true
6
+ end
7
+
8
+ it "is reported when the vulnerable gem is detected - 1.3.0" do
9
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
10
+ @check.vuln?.should be_true
11
+ end
12
+
13
+ it "is reported when the vulnerable gem is detected - 1.3.1" do
14
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
15
+ @check.vuln?.should be_true
16
+ end
17
+ it "is reported when the vulnerable gem is detected - 1.3.2" do
18
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
19
+ @check.vuln?.should be_true
20
+ end
21
+ it "is reported when the vulnerable gem is detected - 1.3.3" do
22
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
23
+ @check.vuln?.should be_true
24
+ end
25
+ it "is reported when the vulnerable gem is detected - 1.3.4" do
26
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
27
+ @check.vuln?.should be_true
28
+ end
29
+ it "is reported when the vulnerable gem is detected - 1.3.5" do
30
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
31
+ @check.vuln?.should be_true
32
+ end
33
+ it "is reported when the vulnerable gem is detected - 1.3.6" do
34
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
35
+ @check.vuln?.should be_true
36
+ end
37
+ it "is reported when the vulnerable gem is detected - 1.3.7" do
38
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.7"}]
39
+ @check.vuln?.should be_true
40
+ end
41
+
42
+ it "is reported when the vulnerable gem is detected - 1.4.0" do
43
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
44
+ @check.vuln?.should be_true
45
+ end
46
+ it "is reported when the vulnerable gem is detected - 1.4.1" do
47
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
48
+ @check.vuln?.should be_true
49
+ end
50
+ it "is reported when the vulnerable gem is detected - 1.4.2" do
51
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.2"}]
52
+ @check.vuln?.should be_true
53
+ end
54
+ end
@@ -0,0 +1,115 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-0184 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_0184.new
5
+ # @check.debug = true
6
+ end
7
+
8
+ it "is reported when the vulnerable gem is detected - 1.1.0" do
9
+ @check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
10
+ @check.vuln?.should be_true
11
+ end
12
+ it "is reported when the vulnerable gem is detected - 1.1.3" do
13
+ @check.dependencies = [{:name=>"rack", :version=>"1.1.3"}]
14
+ @check.vuln?.should be_true
15
+ end
16
+ it "is reported when the vulnerable gem is detected - 1.1.2" do
17
+ @check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
18
+ @check.vuln?.should be_true
19
+ end
20
+ it "is reported when the vulnerable gem is detected - 1.1.4" do
21
+ @check.dependencies = [{:name=>"rack", :version=>"1.1.4"}]
22
+ @check.vuln?.should be_true
23
+ end
24
+ it "is reported when the vulnerable gem is detected - 1.2.0" do
25
+ @check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
26
+ @check.vuln?.should be_true
27
+ end
28
+
29
+ it "is reported when the vulnerable gem is detected - 1.2.1" do
30
+ @check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
31
+ @check.vuln?.should be_true
32
+ end
33
+ it "is reported when the vulnerable gem is detected - 1.2.2" do
34
+ @check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
35
+ @check.vuln?.should be_true
36
+ end
37
+ it "is reported when the vulnerable gem is detected - 1.2.3" do
38
+ @check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
39
+ @check.vuln?.should be_true
40
+ end
41
+ it "is reported when the vulnerable gem is detected - 1.2.4" do
42
+ @check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
43
+ @check.vuln?.should be_true
44
+ end
45
+ it "is reported when the vulnerable gem is detected - 1.2.5" do
46
+ @check.dependencies = [{:name=>"rack", :version=>"1.2.5"}]
47
+ @check.vuln?.should be_true
48
+ end
49
+ it "is reported when the vulnerable gem is detected - 1.2.6" do
50
+ @check.dependencies = [{:name=>"rack", :version=>"1.2.6"}]
51
+ @check.vuln?.should be_true
52
+ end
53
+ it "is reported when the vulnerable gem is detected - 1.3.0" do
54
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
55
+ @check.vuln?.should be_true
56
+ end
57
+
58
+ it "is reported when the vulnerable gem is detected - 1.3.1" do
59
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
60
+ @check.vuln?.should be_true
61
+ end
62
+ it "is reported when the vulnerable gem is detected - 1.3.2" do
63
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
64
+ @check.vuln?.should be_true
65
+ end
66
+ it "is reported when the vulnerable gem is detected - 1.3.3" do
67
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
68
+ @check.vuln?.should be_true
69
+ end
70
+ it "is reported when the vulnerable gem is detected - 1.3.4" do
71
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
72
+ @check.vuln?.should be_true
73
+ end
74
+ it "is reported when the vulnerable gem is detected - 1.3.5" do
75
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
76
+ @check.vuln?.should be_true
77
+ end
78
+ it "is reported when the vulnerable gem is detected - 1.3.6" do
79
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
80
+ @check.vuln?.should be_true
81
+ end
82
+ it "is reported when the vulnerable gem is detected - 1.3.7" do
83
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.7"}]
84
+ @check.vuln?.should be_true
85
+ end
86
+ it "is reported when the vulnerable gem is detected - 1.3.8" do
87
+ @check.dependencies = [{:name=>"rack", :version=>"1.3.8"}]
88
+ @check.vuln?.should be_true
89
+ end
90
+ it "is reported when the vulnerable gem is detected" do
91
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
92
+ @check.vuln?.should be_true
93
+ end
94
+ it "is reported when the vulnerable gem is detected" do
95
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
96
+ @check.vuln?.should be_true
97
+ end
98
+ it "is reported when the vulnerable gem is detected" do
99
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.2"}]
100
+ @check.vuln?.should be_true
101
+ end
102
+ it "is reported when the vulnerable gem is detected" do
103
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.3"}]
104
+ @check.vuln?.should be_true
105
+ end
106
+
107
+ it "is not reported when a fixed release is detected" do
108
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.5"}]
109
+ @check.vuln?.should be_false
110
+ end
111
+ it "is not reported when a fixed release is detected" do
112
+ @check.dependencies = [{:name=>"rack", :version=>"1.5.2"}]
113
+ @check.vuln?.should be_false
114
+ end
115
+ end
@@ -0,0 +1,34 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-0256 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_0256.new
5
+ # @check.debug = true
6
+ end
7
+ it "fires when vulnerable ruby (1.9.3-p382) and rdoc version (2.3.0) has been found" do
8
+ @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"381"}, :dependencies=>[{:name=>"rdoc", :version=>'2.3.0'}, :root_dir=>"."]}
9
+ @check.vuln?.should be_true
10
+ end
11
+ it "fires when vulnerable ruby (1.9.2-p342) and rdoc version (2.3.0) has been found" do
12
+ @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"342"}, :dependencies=>[{:name=>"rdoc", :version=>'2.3.0'}, :root_dir=>"."]}
13
+ @check.vuln?.should be_true
14
+ end
15
+
16
+ it "fires when vulnerable ruby (1.9.3-p382) and rdoc version (3.12) has been found" do
17
+ @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"381"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
18
+ @check.vuln?.should be_true
19
+ end
20
+ it "fires when vulnerable ruby (1.9.2-p342) and rdoc version (3.12) has been found" do
21
+ @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"342"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
22
+ @check.vuln?.should be_true
23
+ end
24
+
25
+ it "doesn't fire when not vulnerable ruby (1.9.3-p383) is found but vulnerable rdoc version (3.12) has been found" do
26
+ @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"383"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
27
+ @check.vuln?.should be_false
28
+ end
29
+
30
+ it "doesn't fire when vulnerable ruby (1.9.3-p382) is found but not vulnerable rdoc version (3.13) has been found" do
31
+ @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"322"}, :dependencies=>[{:name=>"rdoc", :version=>'3.13'}, :root_dir=>"."]}
32
+ @check.vuln?.should be_false
33
+ end
34
+ end
@@ -0,0 +1,44 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-0262 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_0262.new
5
+ # @check.debug = true
6
+ end
7
+
8
+ it "is reported when the vulnerable gem is detected" do
9
+ @check.dependencies = [{:name=>"rack", :version=>"1.5.0"}]
10
+ @check.vuln?.should be_true
11
+ end
12
+ it "is reported when the vulnerable gem is detected" do
13
+ @check.dependencies = [{:name=>"rack", :version=>"1.5.1"}]
14
+ @check.vuln?.should be_true
15
+ end
16
+ it "is reported when the vulnerable gem is detected" do
17
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
18
+ @check.vuln?.should be_true
19
+ end
20
+ it "is reported when the vulnerable gem is detected" do
21
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
22
+ @check.vuln?.should be_true
23
+ end
24
+ it "is reported when the vulnerable gem is detected" do
25
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.2"}]
26
+ @check.vuln?.should be_true
27
+ end
28
+ it "is reported when the vulnerable gem is detected" do
29
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.3"}]
30
+ @check.vuln?.should be_true
31
+ end
32
+ it "is reported when the vulnerable gem is detected" do
33
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.4"}]
34
+ @check.vuln?.should be_true
35
+ end
36
+ it "is not reported when a fixed release is detected" do
37
+ @check.dependencies = [{:name=>"rack", :version=>"1.4.5"}]
38
+ @check.vuln?.should be_false
39
+ end
40
+ it "is not reported when a fixed release is detected" do
41
+ @check.dependencies = [{:name=>"rack", :version=>"1.5.2"}]
42
+ @check.vuln?.should be_false
43
+ end
44
+ end
@@ -0,0 +1,11 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-0263 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_0263.new
5
+ # @check.debug = true
6
+ end
7
+ it "is not reported when rack version 1.4.5 is used" do
8
+ @check.dependencies = [{:name=>"rack", :version=>'1.4.5'}]
9
+ @check.vuln?.should be_false
10
+ end
11
+ end
@@ -0,0 +1,15 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-1607 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_1607.new
5
+ # @check.debug = true
6
+ end
7
+ it "is reported when a pdfkit gem version 0.5.2 is detected" do
8
+ @check.dependencies = [{:name=>"pdfkit", :version=>"0.5.2"}]
9
+ @check.vuln?.should be_true
10
+ end
11
+ it "is not reported when a pdfkit gem version 0.5.3 is detected" do
12
+ @check.dependencies = [{:name=>"pdfkit", :version=>"0.5.3"}]
13
+ @check.vuln?.should be_false
14
+ end
15
+ end
@@ -0,0 +1,31 @@
1
+ require 'spec_helper'
2
+
3
+ describe "The CVE-2013-1655 vulnerability" do
4
+ before(:all) do
5
+ @check = Codesake::Dawn::Kb::CVE_2013_1655.new
6
+ # @check.debug = true
7
+ end
8
+ it "is detected if vulnerable version of puppet rubygem is detect when running on ruby 1.9.3 and 2.0.0" do
9
+ @check.options[:dependencies]=[{:name=>"puppet", :version=>'2.7.20'}]
10
+ @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p342"}
11
+ @check.vuln?.should be_true
12
+ end
13
+ it "is ignored if only vulnerable version of puppet rubygem has been found" do
14
+ @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p358"}
15
+ @check.vuln?.should be_false
16
+ end
17
+
18
+ it "is ignored if only the vulnerable ruby interpreter version has been found" do
19
+ @check.options[:dependencies]=[{:name=>"puppet", :version=>'8.7.21'}]
20
+ @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p342"}
21
+ # @check.dump_status
22
+ @check.vuln?.should be_false
23
+ end
24
+
25
+ it "is ignored if none of the prerequisites have been met" do
26
+ @check.options[:dependencies]=[{:name=>"puppet", :version=>'8.7.21'}]
27
+ @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p342"}
28
+ # @check.dump_status
29
+ @check.vuln?.should be_false
30
+ end
31
+ end
@@ -0,0 +1,23 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-1756 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_1756.new
5
+ # @check.debug = true
6
+ end
7
+ it "is reported when dragonfly version 0.9.12 is used" do
8
+ @check.dependencies = [{:name=>"dragonfly", :version=>'0.9.12'}]
9
+ @check.vuln?.should be_true
10
+ end
11
+ it "is reported when dragonfly version 0.8.12 is used" do
12
+ @check.dependencies = [{:name=>"dragonfly", :version=>'0.8.12'}]
13
+ @check.vuln?.should be_true
14
+ end
15
+ it "is reported when dragonfly version 0.7.12 is used" do
16
+ @check.dependencies = [{:name=>"dragonfly", :version=>'0.7.12'}]
17
+ @check.vuln?.should be_true
18
+ end
19
+ it "is not reported when dragonfly version 0.9.13 is used" do
20
+ @check.dependencies = [{:name=>"dragonfly", :version=>'0.9.13'}]
21
+ @check.vuln?.should be_false
22
+ end
23
+ end
@@ -0,0 +1,15 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-2090 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_2090.new
5
+ # @check.debug = true
6
+ end
7
+ it "fires when vulnerable cremefraiche version is used" do
8
+ @check.dependencies = [{:name=>"cremefraiche", :version=>'0.6.1'}]
9
+ @check.vuln?.should be_true
10
+ end
11
+ it "doesn't fire when not vulnerable cremefraiche version is used" do
12
+ @check.dependencies = [{:name=>"cremefraiche", :version=>'0.6.2'}]
13
+ @check.vuln?.should be_false
14
+ end
15
+ end
@@ -0,0 +1,11 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-2105 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_2105.new
5
+ # @check.debug = true
6
+ end
7
+ it "is reported when show_in_browser vulnerable version is reported (0.0.3)" do
8
+ @check.dependencies = [{:name=>'show_in_browser', :version=>'0.0.3'}]
9
+ @check.vuln?.should be_true
10
+ end
11
+ end
@@ -0,0 +1,27 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-2119 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_2119.new
5
+ # @check.debug = true
6
+ end
7
+ it "fires when vulnerable passenger version is used" do
8
+ @check.dependencies = [{:name=>"passenger", :version=>"4.0.4"}]
9
+ @check.vuln?.should be_true
10
+ end
11
+ it "fires when vulnerable passenger version is used" do
12
+ @check.dependencies = [{:name=>"passenger", :version=>"4.0.0"}]
13
+ @check.vuln?.should be_true
14
+ end
15
+ it "fires when vulnerable passenger version is used" do
16
+ @check.dependencies = [{:name=>"passenger", :version=>"3.0.20"}]
17
+ @check.vuln?.should be_true
18
+ end
19
+ it "doesn't fire when not vulnerable passenger version is used" do
20
+ @check.dependencies = [{:name=>"passenger", :version=>"4.0.5"}]
21
+ @check.vuln?.should be_false
22
+ end
23
+ it "doesn't fire when not vulnerable passenger version is used" do
24
+ @check.dependencies = [{:name=>"passenger", :version=>"3.0.21"}]
25
+ @check.vuln?.should be_false
26
+ end
27
+ end
@@ -0,0 +1,15 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-2512 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_2512.new
5
+ # @check.debug = true
6
+ end
7
+ it "is reported when a ftpd gem version 0.2.1 is detected" do
8
+ @check.dependencies = [{:name=>"ftpd", :version=>"0.2.1"}]
9
+ @check.vuln?.should be_true
10
+ end
11
+ it "is not reported when a ftpd gem version 0.2.2 is detected" do
12
+ @check.dependencies = [{:name=>"ftpd", :version=>"0.2.2"}]
13
+ @check.vuln?.should be_false
14
+ end
15
+ end
@@ -0,0 +1,15 @@
1
+ require 'spec_helper'
2
+ describe "The CVE-2013-2513 vulnerability" do
3
+ before(:all) do
4
+ @check = Codesake::Dawn::Kb::CVE_2013_2513.new
5
+ # @check.debug = true
6
+ end
7
+ it "is reported when a flash_tool gem version 0.6.0 is detected" do
8
+ @check.dependencies = [{:name=>"flash_tool", :version=>"0.6.0"}]
9
+ @check.vuln?.should be_true
10
+ end
11
+ it "is not reported when a flash_tool gem version 0.6.1 is detected" do
12
+ @check.dependencies = [{:name=>"flash_tool", :version=>"0.6.1"}]
13
+ @check.vuln?.should be_false
14
+ end
15
+ end