dawnscanner 1.2.99

data/spec/lib/kb/cve_2013_2516_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The CVE-2013-2516 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_2516.new
+		# @check.debug = true
+	end
+  it "is reported when a fileutils gem version 0.7 is detected" do
+    @check.dependencies = [{:name=>"fileutils", :version=>"0.7"}]
+    @check.vuln?.should   be_true
+  end
+  it "is not reported when a fileutils gem version 0.8 is detected" do
+    @check.dependencies = [{:name=>"fileutils", :version=>"0.8"}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/cve_2013_4203_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The CVE-2013-4203 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_4203.new
+		# @check.debug = true
+	end
+  it "is reported when a vulnerable rgpg version is detected (0.2.2)" do
+    @check.dependencies = [{:name=>"rgpg", :version=>"0.2.2"}]
+    @check.vuln?.should   be_true
+  end
+  it "is not reported when a safe rgpg version is detected (0.2.3)" do
+    @check.dependencies = [{:name=>"rgpg", :version=>"0.2.3"}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/cve_2013_4413_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+describe "The CVE-2013-4413 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_4413.new
+		# @check.debug = true
+	end
+
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"wicked", :version=>"1.0.0"}]
+    @check.vuln?.should   be_true
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"wicked", :version=>"1.0.1"}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/cve_2013_4489_spec.rb

@@ -0,0 +1,63 @@
+require 'spec_helper'
+describe "The CVE-2013-4489 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_4489.new
+		# @check.debug = true
+	end
+
+  
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"grit", :version=>"5.2"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"grit", :version=>"5.3"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"grit", :version=>"5.4"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"grit", :version=>"6.0"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"grit", :version=>"6.1"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"grit", :version=>"6.2"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"grit", :version=>"5.1"}]
+    @check.vuln?.should   be_false
+  end
+
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"grit", :version=>"5.0"}]
+    @check.vuln?.should   be_false
+  end
+
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"grit", :version=>"3.2"}]
+    @check.vuln?.should   be_false
+  end
+
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"grit", :version=>"5.4.1"}]
+    @check.vuln?.should   be_false
+  end
+
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"grit", :version=>"6.2.3"}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/cve_2013_4593_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+describe "The CVE-2013-4593 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_4593.new
+		# @check.debug = true
+	end
+
+  it "is reported when a omniauth-facebook gem version 1.5.0 is detected" do
+    @check.dependencies = [{:name=>"omniauth-facebook", :version=>"1.5.0"}]
+    @check.vuln?.should   be_true
+  end
+  it "is not reported when a omniauth-facebook gem version 1.5.1 is detected" do
+    @check.dependencies = [{:name=>"omniauth-facebook", :version=>"1.5.1"}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/cve_2013_5647_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+describe "The CVE-2013-5647 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_5647.new
+		# @check.debug = true
+	end
+  it "fires when vulnerable sounder 1.0.1 version is userd" do
+    @check.dependencies = [{:name=>"sounder", :version=>'1.0.1'}]
+    @check.vuln?.should   be_true
+  end
+  it "doesn't fire when sounder not vulnerable version is used" do
+    @check.dependencies = [{:name=>"sounder", :version=>'1.0.2'}]
+    @check.vuln?.should   be_false
+  end
+  it "doesn't fire when a very old sounder version is used" do
+    @check.dependencies = [{:name=>"sounder", :version=>'0.9.2'}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/cve_2013_5671_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+describe "The CVE-2013-5671 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_5671.new
+		# @check.debug = true
+	end
+
+  it "is reported when a fog-dragonfly gem version 0.8.2 is detected" do
+    @check.dependencies = [{:name=>"fog-dragonfly", :version=>"0.8.2"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when a fog-dragonfly gem version 0.8.0 is detected" do
+    @check.dependencies = [{:name=>"fog-dragonfly", :version=>"0.8.0"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is reported when a fog-dragonfly gem version 0.7.5 is detected" do
+    @check.dependencies = [{:name=>"fog-dragonfly", :version=>"0.7.5"}]
+    @check.vuln?.should   be_true
+  end
+
+  it "is not reported when a paratrooper-pingdom gem version 0.8.3 is detected" do
+    @check.dependencies = [{:name=>"fog-dragonfly", :version=>"0.8.3"}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/cve_2013_6416_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+describe "The CVE-2013-6416 vulnerability" do
+  before(:all) do 
+    @check = Codesake::Dawn::Kb::CVE_2013_6416.new
+    # @check.debug = true
+  end
+  it "is detected if vulnerable version of rails rubygem is detected" do
+    @check.dependencies=[{:name=>"rails", :version=>'4.0.1'}]
+    @check.vuln?.should   be_true
+  end
+  it "is ignored if rails version is 3.2.x" do 
+    @check.dependencies=[{:name=>"rails", :version=>'3.2.16'}]
+    @check.vuln?.should   be_false
+  end
+
+  it "is ignored if rails version is 3.1.x" do 
+    @check.dependencies=[{:name=>"rails", :version=>'3.1.16'}]
+    @check.vuln?.should   be_false
+  end
+  it "is ignored if rails version is 3.0.x" do 
+    @check.dependencies=[{:name=>"rails", :version=>'3.0.16'}]
+    @check.vuln?.should   be_false
+  end
+  it "is ignored if rails version is 2.3.x" do 
+    @check.dependencies=[{:name=>"rails", :version=>'2.3.16'}]
+    @check.vuln?.should   be_false
+  end
+
+
+end

data/spec/lib/kb/cve_2013_6459_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The CVE-2013-6459 vulnerability" do
+  before(:all) do
+    @check = Codesake::Dawn::Kb::CVE_2013_6459.new
+    # @check.debug = true
+  end
+  it "fires when will_paginage 3.0.4 vulnerable version is used" do
+    @check.dependencies = [{:name=>"will_paginate", :version=>'3.0.4'}]
+    @check.vuln?.should be_true
+  end
+  it "doesn't fires when will_paginage 3.0.5 safe version is used" do
+    @check.dependencies = [{:name=>"will_paginate", :version=>'3.0.5'}]
+    @check.vuln?.should be_false
+  end
+end

data/spec/lib/kb/cve_2013_7086_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+describe "The CVE-2013-7086 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2013_7086.new
+		# @check.debug = true
+	end
+	it "is detected for gem 1.0.5.3" do
+    @check.dependencies = [{:name=>"webbynode", :version=>'1.0.5.3'}]
+    @check.vuln?.should  be_true
+  end
+
+  it "is detected for gem 1.0.4.3" do
+    @check.dependencies = [{:name=>"webbynode", :version=>'1.0.4.3'}]
+    @check.vuln?.should  be_true
+  end
+
+  it "is not detected for gem 1.0.5.4" do
+    @check.dependencies = [{:name=>"webbynode", :version=>'1.0.5.4'}]
+    @check.vuln?.should  be_false
+  end
+
+end

data/spec/lib/kb/cve_2014_0036_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The CVE-2014-0036 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_0036.new
+		# @check.debug = true
+	end
+  it "is reported when a vulnerable rbovirt gem version is detected (0.0.23)" do
+    @check.dependencies = [{:name=>"rbovirt", :version=>'0.0.23'}]
+    @check.vuln?.should   be_true
+  end
+  it "is not reported when a sage rbovirt gem version is detected (0.0.24)" do
+    @check.dependencies = [{:name=>"rbovirt", :version=>'0.0.24'}]
+    @check.vuln?.should   be_false
+  end
+end

data/spec/lib/kb/cve_2014_0080_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+describe "The CVE-2014-0080 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_0080.new
+		# @check.debug = true
+	end
+  it "affects version 4.0.0" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.0'}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 4.0.2" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.2'}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 4.0.1" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.1'}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 4.1.0.beta1" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.1.0.beta1'}]
+    @check.vuln?.should be_true
+  end
+
+  it "doesn't affect version 4.0.3" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.3'}]
+    @check.vuln?.should be_false
+  end
+end

data/spec/lib/kb/cve_2014_0081_spec.rb

@@ -0,0 +1,68 @@
+require 'spec_helper'
+describe "The CVE-2014-0081 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_0081.new
+		# @check.debug = true
+	end
+  it "affects version 3.2.16" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.16'}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 4.0.0" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.0'}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 4.0.2" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.2'}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 4.0.1" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.1'}]
+    @check.vuln?.should be_true
+  end
+
+  it "affects version 3.1.x" do
+    require 'securerandom'
+    rand = SecureRandom.random_number(9999)
+    version = "3.1.#{rand}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  
+  it "affects version 3.0.x" do
+    require 'securerandom'
+    rand = SecureRandom.random_number(9999)
+    version = "3.0.#{rand}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 2.x.y" do
+    require 'securerandom'
+    rand_min = SecureRandom.random_number(9999)
+    rand_patch = SecureRandom.random_number(9999)
+    version = "2.#{rand_min}.#{rand_patch}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 1.x.y" do
+    require 'securerandom'
+    rand_min = SecureRandom.random_number(9999)
+    rand_patch = SecureRandom.random_number(9999)
+    version = "1.#{rand_min}.#{rand_patch}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+
+  it "doesn't affect version 4.0.3" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.3'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 3.2.17" do 
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.17'}]
+    @check.vuln?.should be_false
+  end
+end

data/spec/lib/kb/cve_2014_0082_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+describe "The CVE-2014-0082 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_0082.new
+		# @check.debug = true
+	end
+  it "affects version 3.0.x" do
+    require 'securerandom'
+    rand = SecureRandom.random_number(9999)
+    version = "3.0.#{rand}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 2.x.y" do
+    require 'securerandom'
+    rand_min = SecureRandom.random_number(9999)
+    rand_patch = SecureRandom.random_number(9999)
+    version = "2.#{rand_min}.#{rand_patch}"
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 1.x.y" do
+    require 'securerandom'
+    rand_min = SecureRandom.random_number(9999)
+    rand_patch = SecureRandom.random_number(9999)
+    version = "1.#{rand_min}.#{rand_patch}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "doesn't affect version 4.0.2" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.2'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 4.0.1" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.1'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 4.0.0" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.0'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 4.0.3" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.3'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 3.2.17" do 
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.17'}]
+    @check.vuln?.should be_false
+  end
+end

data/spec/lib/kb/cve_2014_0130_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+describe "The CVE-2014-0130 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_0130.new
+		# @check.debug = true
+	end
+  it "is reported when rails 4.1.0 is detected" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.1.0'}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when rails 4.0.4 is detected" do
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.4'}]
+    @check.vuln?.should   be_true
+  end
+  it "is reported when rails 3.2.17 is detected" do
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.17'}]
+    @check.vuln?.should   be_true
+  end
+end

data/spec/lib/kb/cve_2014_1233_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The CVE-2014-1233 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_1233.new
+		# @check.debug = true
+	end
+  it "is reported when a paratrooper-pingdom gem version 1.0.0 is detected" do
+    @check.dependencies = [{:name=>"paratrooper-pingdom", :version=>"1.0.0"}]
+    @check.vuln?.should   be_true
+  end
+  it "is not reported when a paratrooper-pingdom gem version 1.0.1 is detected" do
+    @check.dependencies = [{:name=>"paratrooper-pingdom", :version=>"1.0.1"}]
+    @check.vuln?.should   be_false
+  end
+end