dawnscanner 1.3.0 → 1.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1b30d65a04af4cd34b129b0c0239e6b8201f95fb
-  data.tar.gz: 0aed7efd5f30659bfdea8b52376ec3d23a4d7a3e
+  metadata.gz: 3f0312208553d247840f6a71da2e0ef95c8c223d
+  data.tar.gz: 5122a815d28cc9d701374407d04cf0c0b78e1b48
 SHA512:
-  metadata.gz: ba85cc6a84e4a3f0d766631aa71dfc1db749b8890bb1f5156fc0cd0205364a97172823a73897857318db9f9b71f63b8fd73bd107f4634a9053537778c7b9b41b
-  data.tar.gz: 0c96b639355d9e7d06d9609632adb7566842a0cd662407c8e71812efc8ef153aee20620da0ea65232475fa0b65e95557be6357d93b05413ad29ee5f2d0e48b81
+  metadata.gz: aef798632ca975c2c04b67a434a69e3ce5852ef83fc28ecf4e1e781b3f7e79adde54c6bb20459bcf7249acfe3968c77ef02cf4c87183c497c186fb6794f1cabe
+  data.tar.gz: 14f385eb24b0745a67eaa8fd7e177e6a456b2c298434f794f54b2c952417f49ed728fdab3dc5592face49983de1e485b986905931bc6556d05be96019c4959e1

data/.ruby-gemset

@@ -1 +1 @@
-codesake
+dawnscanner

data/.ruby-version

@@ -1 +1 @@
-2.0.0
+2.2.0

data/Roadmap.md

@@ -1,11 +1,11 @@
 # Codesake Dawn - roadmap
 
-Codesake::Dawn is a static analysis security scanner for ruby written web applications.
+Dawnscanner is a static analysis security scanner for ruby written web applications.
 It supports [Sinatra](http://www.sinatrarb.com),
 [Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
 frameworks.
 
-This is an ongoing roadmap for the Codesake::Dawn source code review tool.
+This is an ongoing roadmap for the Dawnscanner source code review tool.
 
 _latest update: Mon Mar 31 13:01:21 CEST 2014_
 
@@ -13,7 +13,7 @@ _latest update: Mon Mar 31 13:01:21 CEST 2014_
 
 * create a task to check for new CVE in NVD website
 * SQLite3 integration for saving data. Each project will have its own SQLite
-  database containing reviews, findings and all. A table with Codesake::Dawn version it
+  database containing reviews, findings and all. A table with Dawnscanner version it
   created the database will be inserted as well
 * add a language check. It will handle a ruby script as input and a
   ruby\_parser line as unsafe pattern. It will compile the ruby and look for
@@ -33,7 +33,7 @@ _latest update: Mon Mar 31 13:01:21 CEST 2014_
 * Cross Site Scripting detection: it must be done for all MVC frameworks
   (including Rack) and it must cover either reflected than stored attack
   patterns
-* Add a --github option to Codesake::Dawn to clone a remote repository, perform
+* Add a --github option to Dawnscanner to clone a remote repository, perform
   a bundle install and do a code review.
 * Add support for github hooks
 * Add premilinary SQL injection detection for Ruby on Rails
@@ -47,13 +47,13 @@ _latest update: Mon Mar 31 13:01:21 CEST 2014_
 
 # Spinoff projects
 
-Codesake::Dawn is a security scanner for ruby code. Modern web applications
+Dawnscanner is a security scanner for ruby code. Modern web applications
 however are wrote in a plenty of great technologies deserving a good tool for
 security scan.
 
 Node.js and Go are very promising programming languages and a tool similiar to
-Codesake::Dawn can be wrote also to support them:
+Dawnscanner can be wrote also to support them:
 
-Initially they were in the Codesake::Dawn roadmap for a 2.0.0 version. However
+Initially they were in the Dawnscanner roadmap for a 2.0.0 version. However
 we decide to drop this in the name of being focused on ruby programming
 language.

data/bin/dawn

@@ -7,7 +7,7 @@ require 'terminal-table'
 require 'justify'
 
 require 'codesake-commons'
-require 'codesake-dawn'
+require 'dawnscanner'
 
 APPNAME = File.basename($0)
 LIST_KNOWN_FRAMEWORK  = %w(rails sinatra padrino)
@@ -58,7 +58,7 @@ opts.quiet=true
 engine  = nil
 
 
-options = Codesake::Dawn::Core.read_conf(Codesake::Dawn::Core.find_conf(true))
+options = Dawn::Core.read_conf(Dawn::Core.find_conf(true))
 check = ""
 guess = {:name=>"", :version=>"", :connected_gems=>[]}
 
@@ -66,10 +66,10 @@ begin
 opts.each do |opt, val|
   case opt
   when '--version'
-    puts "#{Codesake::Dawn::VERSION} [#{Codesake::Dawn::CODENAME}]"
+    puts "#{Dawn::VERSION} [#{Dawn::CODENAME}]"
     Kernel.exit(0)
   when '--config-file'
-    options = Codesake::Dawn::Core.read_conf(val)
+    options = Dawn::Core.read_conf(val)
   when '--disable-cve-bulletins'
     options[:enabled_checks].delete(:cve_bulletin)
   when '--disable-code-quality'
@@ -90,8 +90,8 @@ opts.each do |opt, val|
     options[:enabled_checks].delete(:owasp_top_10_9)
     options[:enabled_checks].delete(:owasp_top_10_10)
   when '--list-known-families'
-    printf "Codesake::Dawn supports following check families:\n\n"
-    puts Codesake::Dawn::Kb::BasicCheck.families
+    printf "Dawn supports following check families:\n\n"
+    puts Dawn::Kb::BasicCheck.families
     Kernel.exit(0)
   when '--json'
     options[:output] = "json"
@@ -111,7 +111,7 @@ opts.each do |opt, val|
     options[:gemfile_scan] = true
     unless val.empty?
       options[:gemfile_name] = val
-      guess = Codesake::Dawn::Core.guess_mvc(val)
+      guess = Dawn::Core.guess_mvc(val)
     end
   when '--verbose'
     options[:verbose]=true
@@ -123,13 +123,13 @@ opts.each do |opt, val|
     options[:exit_on_warn] = true
 
   when '--search-knowledge-base'
-    found = Codesake::Dawn::KnowledgeBase.find(nil, val)
+    found = Dawn::KnowledgeBase.find(nil, val)
     puts "#{val} found in knowledgebase." if found
     puts "#{val} not found in knowledgebase" if ! found
     Kernel.exit(0)
 
   when '--list-knowledge-base'
-    puts Codesake::Dawn::Core.dump_knowledge_base(options[:verbose])
+    puts Dawn::Core.dump_knowledge_base(options[:verbose])
     Kernel.exit(0)
   when '--list-known-framework'
     puts "Ruby MVC framework supported by #{APPNAME}:"
@@ -138,22 +138,22 @@ opts.each do |opt, val|
     end
     Kernel.exit(0)
   when '--help'
-    Kernel.exit(Codesake::Dawn::Core.help)
+    Kernel.exit(Dawn::Core.help)
   end
 end
 rescue GetoptLong::InvalidOption => e
 
-  $logger.helo APPNAME, Codesake::Dawn::VERSION
+  $logger.helo APPNAME, Dawn::VERSION
   $logger.err e.message
-  Kernel.exit(Codesake::Dawn::Core.help)
+  Kernel.exit(Dawn::Core.help)
 end
 
 target=ARGV.shift
 
-$logger.helo APPNAME, Codesake::Dawn::VERSION
+$logger.helo APPNAME, Dawn::VERSION
 trap("INT")   { $logger.die('[INTERRUPTED]') }
 $logger.die("missing target") if target.nil? && options[:gemfile_name].empty?
-$logger.die("invalid directory (#{target})") if options[:gemfile_name].empty?  &&! Codesake::Dawn::Core.is_good_target?(target)
+$logger.die("invalid directory (#{target})") if options[:gemfile_name].empty?  &&! Dawn::Core.is_good_target?(target)
 $logger.die("if scanning Gemfile.lock file you must not force target MVC using one from -r, -s or -p flag") if ! options[:mvc].empty? && options[:gemfile_scan]
 $logger.log("security check enabled: #{options[:enabled_checks]}") if options[:debug]
 
@@ -164,18 +164,18 @@ $logger.log("security check enabled: #{options[:enabled_checks]}") if options[:d
 unless options[:gemfile_scan]
   begin
     if options[:mvc].empty?
-      engine = Codesake::Dawn::Core.detect_mvc(target)
+      engine = Dawn::Core.detect_mvc(target)
       $logger.log("using #{engine.class.name} engine via autodect") if options[:debug]
     else
-      engine = Codesake::Dawn::Rails.new(target)      if options[:mvc] == :rails
-      engine = Codesake::Dawn::Sinatra.new(target)    if options[:mvc] == :sinatra
-      engine = Codesake::Dawn::Padrino.new(target)    if options[:mvc] == :padrino
+      engine = Dawn::Rails.new(target)      if options[:mvc] == :rails
+      engine = Dawn::Sinatra.new(target)    if options[:mvc] == :sinatra
+      engine = Dawn::Padrino.new(target)    if options[:mvc] == :padrino
     end
   rescue ArgumentError => e
     $logger.die(e.message)
   end
 else
-  engine = Codesake::Dawn::GemfileLock.new(target, options[:gemfile_name], guess) # if options[:gemfile_scan]
+  engine = Dawn::GemfileLock.new(target, options[:gemfile_name], guess) # if options[:gemfile_scan]
 end
 
 $logger.die("ruby framework auto detect failed. Please force if rails, sinatra or padrino with -r, -s or -p flags") if engine.nil?
@@ -194,7 +194,7 @@ if options[:debug]
 end
 
 $logger.die "missing target framework option" if engine.nil?
-$logger.warn "this is a development Codesake::Dawn version" if Codesake::Dawn::RELEASE == "(development)"
+$logger.warn "this is a development Dawn version" if Dawn::RELEASE == "(development)"
 $logger.die "nothing to do on #{target}" if ! options[:gemfile_scan] && ! engine.can_apply? 
 
 engine.load_knowledge_base(options[:enabled_checks])
@@ -206,5 +206,5 @@ if options[:output] == "count"
   Kernel.exit(0)
 end
 
-Codesake::Dawn::Reporter.new({:engine=>engine, :apply_all_code=>ret, :format=>options[:output].to_sym, :filename=>options[:filename]}).report
+Dawn::Reporter.new({:engine=>engine, :apply_all_code=>ret, :format=>options[:output].to_sym, :filename=>options[:filename]}).report
 $logger.bye

data/checksum/dawnscanner-1.3.0.gem.sha1

@@ -0,0 +1 @@
+d15d8d596f4305f6f9c23ec23462844ff49a5743

data/lib/dawn/core.rb

@@ -30,7 +30,7 @@ module Dawn
       printf "\n       --disable-code-style\t\t\tdisable all code style checks"
       printf "\n       --disable-owasp-ror-cheatsheet\t\tdisable all Owasp Ruby on Rails cheatsheet checks"
       printf "\n       --disable-owasp-top-10\t\t\tdisable all Owasp Top 10 checks"
-      printf "\n\nFlags useful to query Codesake::Dawn\n"
+      printf "\n\nFlags useful to query Dawn\n"
       printf "\n   -S, --search-knowledge-base [check_name]\tsearch check_name in the knowledge base"
       printf "\n       --list-knowledge-base\t\t\tlist knowledge-base content"
       printf "\n       --list-known-families\t\t\tlist security check families contained in dawn's knowledge base"
@@ -45,7 +45,7 @@ module Dawn
     end
 
     def self.dump_knowledge_base(verbose = false)
-      kb = Codesake::Dawn::KnowledgeBase.new
+      kb = Dawn::KnowledgeBase.new
       lines = []
       lines << "Security checks currently supported:\n"
 
@@ -99,11 +99,11 @@ module Dawn
       lockfile = Bundler::LockfileParser.new(Bundler.read_file("Gemfile.lock"))
       Dir.chdir(my_dir)
       lockfile.specs.each do |s|
-        return Codesake::Dawn::Rails.new(target)    if s.name == "rails"
-        return Codesake::Dawn::Padrino.new(target)  if s.name == "padrino"
+        return Dawn::Rails.new(target)    if s.name == "rails"
+        return Dawn::Padrino.new(target)  if s.name == "padrino"
       end
 
-      return Codesake::Dawn::Sinatra.new(target)
+      return Dawn::Sinatra.new(target)
     end
 
     def self.is_good_target?(target)
@@ -124,14 +124,14 @@ module Dawn
         return fn if File.exist?(fn)
       end
 
-      # Codesake::Dawn didn't find a config file.
+      # Dawn didn't find a config file.
       # If create_if_none flag is set to false, than I'll return nil so the
       # read_conf method will return the default configuration
       return nil unless create_if_none
 
       # If create_if_none flag is set to true, than I'll create a config file
       # on the current directory with the default configuration.
-      conf = {"config"=>{:verbose=>false, :output=>"console", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Codesake::Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}}
+      conf = {"config"=>{:verbose=>false, :output=>"console", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}}
 
       # Calculate the conf file path
       conf_path = File.expand_path('~') +'/.'+conf_name
@@ -145,7 +145,7 @@ module Dawn
     end
 
     def self.read_conf(file=nil)
-      conf = {:verbose=>false, :output=>"console", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Codesake::Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}
+      conf = {:verbose=>false, :output=>"console", :mvc=>"", :gemfile_scan=>false, :gemfile_name=>"", :filename=>nil, :debug=>false, :exit_on_warn => false, :enabled_checks=> Dawn::Kb::BasicCheck::ALLOWED_FAMILIES}
       begin
         return conf if file.nil?
         file = file.chop if (not file.nil? and file.end_with? '/')

data/lib/dawn/engine.rb

@@ -73,7 +73,7 @@ module Dawn
 
       if $logger.nil?
         $logger  = Codesake::Commons::Logging.instance
-        $logger.helo "dawn-engine", Codesake::Dawn::VERSION
+        $logger.helo "dawn-engine", Dawn::VERSION
 
       end
       $logger.warn "pattern matching security checks are disabled for Gemfile.lock scan" if @name == "Gemfile.lock"
@@ -161,10 +161,10 @@ module Dawn
     def load_knowledge_base(enabled_checks=[])
       debug_me("load_knowledge_base called. Enabled checks are: #{enabled_checks}")
       if @name == "Gemfile.lock"
-        @checks = Codesake::Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all if @force.empty?
-        @checks = Codesake::Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all_by_mvc(@force) unless @force.empty? 
+        @checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all if @force.empty?
+        @checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all_by_mvc(@force) unless @force.empty? 
       else
-        @checks = Codesake::Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all_by_mvc(@name) 
+        @checks = Dawn::KnowledgeBase.new({:enabled_checks=>enabled_checks}).all_by_mvc(@name) 
 
       end
       debug_me("#{@checks.count} checks loaded")
@@ -239,21 +239,21 @@ module Dawn
 
       @checks.each do |check|
         if check.name == name
-          unless ((check.kind == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK || check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK ) && @name == "Gemfile.lock")
+          unless ((check.kind == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK || check.kind == Dawn::KnowledgeBase::COMBO_CHECK ) && @name == "Gemfile.lock")
             debug_me "applying check #{check.name}" 
             @applied_checks += 1
             @applied << { :name=>name }
             check.ruby_version = @ruby_version[:version]
-            check.detected_ruby  = @ruby_version if check.kind == Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK
-            check.dependencies = self.connected_gems if check.kind == Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK
-            check.root_dir = self.target if check.kind  == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
-            check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+            check.detected_ruby  = @ruby_version if check.kind == Dawn::KnowledgeBase::RUBY_VERSION_CHECK
+            check.dependencies = self.connected_gems if check.kind == Dawn::KnowledgeBase::DEPENDENCY_CHECK
+            check.root_dir = self.target if check.kind  == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK
+            check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Dawn::KnowledgeBase::COMBO_CHECK
 
             check_vuln = check.vuln?
 
-            @vulnerabilities  << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind !=  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+            @vulnerabilities  << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind !=  Dawn::KnowledgeBase::COMBO_CHECK
 
-            @vulnerabilities  << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind ==  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+            @vulnerabilities  << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind ==  Dawn::KnowledgeBase::COMBO_CHECK
 
             @mitigated_issues << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check.mitigated?
             return true
@@ -290,22 +290,22 @@ module Dawn
       end
 
       @checks.each do |check|
-        unless ((check.kind == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK || check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK ) && @gemfile_lock_sudo)
+        unless ((check.kind == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK || check.kind == Dawn::KnowledgeBase::COMBO_CHECK ) && @gemfile_lock_sudo)
 
           @applied << { :name => name }
           debug_me "applying check #{check.name}" 
           @applied_checks += 1
 
           check.ruby_version = @ruby_version[:version]
-          check.detected_ruby  = @ruby_version if check.kind == Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK
-          check.dependencies = self.connected_gems if check.kind == Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK
-          check.root_dir = self.target if check.kind  == Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK 
-          check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+          check.detected_ruby  = @ruby_version if check.kind == Dawn::KnowledgeBase::RUBY_VERSION_CHECK
+          check.dependencies = self.connected_gems if check.kind == Dawn::KnowledgeBase::DEPENDENCY_CHECK
+          check.root_dir = self.target if check.kind  == Dawn::KnowledgeBase::PATTERN_MATCH_CHECK 
+          check.options = {:detected_ruby => self.ruby_version, :dependencies => self.connected_gems, :root_dir => self.target } if check.kind == Dawn::KnowledgeBase::COMBO_CHECK
           check_vuln = check.vuln?
 
-          @vulnerabilities  << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind !=  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+          @vulnerabilities  << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check_vuln && check.kind !=  Dawn::KnowledgeBase::COMBO_CHECK
 
-          @vulnerabilities  << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind ==  Codesake::Dawn::KnowledgeBase::COMBO_CHECK
+          @vulnerabilities  << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>check.vulnerable_checks} if check_vuln && check.kind ==  Dawn::KnowledgeBase::COMBO_CHECK
 
           @mitigated_issues << {:name=> check.name, :severity=>check.severity, :priority=>check.priority, :kind=>check.check_family, :message=>check.message, :remediation=>check.remediation, :evidences=>check.evidences, :vulnerable_checks=>nil} if check.mitigated?
         else

data/lib/dawn/kb/basic_check.rb

@@ -123,7 +123,7 @@ module Dawn
         if $logger.nil?
           require 'codesake-commons'
           $logger  = Codesake::Commons::Logging.instance
-          $logger.helo "dawn-basic-check", Codesake::Dawn::VERSION
+          $logger.helo "dawn-basic-check", Dawn::VERSION
         end
       end
 

data/lib/dawn/kb/owasp_ror_cheatsheet.rb

@@ -16,16 +16,16 @@ module Codesake
           super({
             :name=>"Owasp Ror Cheatsheet", 
             :applies=>["rails"],
-            :kind=>Codesake::Dawn::KnowledgeBase::COMBO_CHECK,
+            :kind=>Dawn::KnowledgeBase::COMBO_CHECK,
             :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
             :message=>message,
             :mitigation=>"Please refere to the Ruby on Rails cheatsheet available from owasp.org to mitigate this vulnerability",
             :checks=>[
-              Codesake::Dawn::Kb::OwaspRorCheatSheet::CommandInjection.new,
-              Codesake::Dawn::Kb::OwaspRorCheatSheet::Csrf.new,
-              Codesake::Dawn::Kb::OwaspRorCheatSheet::SessionStoredInDatabase.new,
-              Codesake::Dawn::Kb::OwaspRorCheatSheet::MassAssignmentInModel.new, 
-              Codesake::Dawn::Kb::OwaspRorCheatSheet::SecurityRelatedHeaders.new, 
+              Dawn::Kb::OwaspRorCheatSheet::CommandInjection.new,
+              Dawn::Kb::OwaspRorCheatSheet::Csrf.new,
+              Dawn::Kb::OwaspRorCheatSheet::SessionStoredInDatabase.new,
+              Dawn::Kb::OwaspRorCheatSheet::MassAssignmentInModel.new, 
+              Dawn::Kb::OwaspRorCheatSheet::SecurityRelatedHeaders.new, 
 
 
             ],

data/lib/dawn/padrino.rb

@@ -52,7 +52,7 @@ module Dawn
               end
 
               target = File.dirname(sinatra_app_rb )
-              apps << Codesake::Dawn::Sinatra.new(target, mp)
+              apps << Dawn::Sinatra.new(target, mp)
             end
           rescue Racc::ParseError => e
             debug_me(e.message)

data/lib/dawn/reporter.rb

@@ -67,8 +67,8 @@ module Dawn
       html_body += "<table class=\"table-striped table-bordered table\">\n"
       html_body += "<thead><tr><td>Key</td><td>Value</td></tr></thead>\n"
       html_body += "<tbody>\n"
-      html_body += "<tr><td>Dawn version</td><td>#{Dawn::VERSION}</td></tr>" unless Codesake::Dawn::RELEASE == "(development)\n"
-      html_body += "<tr><td>Dawn development version</td><td>#{Dawn::VERSION}</td></tr>" if Codesake::Dawn::RELEASE == "(development)\n"
+      html_body += "<tr><td>Dawn version</td><td>#{Dawn::VERSION}</td></tr>" unless Dawn::RELEASE == "(development)\n"
+      html_body += "<tr><td>Dawn development version</td><td>#{Dawn::VERSION}</td></tr>" if Dawn::RELEASE == "(development)\n"
       html_body += "<tr><td>Scan duration</td><td>#{@engine.scan_time.round(3)} sec</td></tr>\n"
       html_body += "<tr><td>Target</td><td>#{@engine.target}</td></tr>\n"
       html_body += "<tr><td>MVC detected framework</td><td>#{@engine.name} v#{@engine.get_mvc_version}</td></tr>" unless @engine.name == "Gemfile.lock\n"
@@ -102,7 +102,7 @@ module Dawn
       html_body += "<div id=\"push\"></div>\n"
       html_body += "<div id=\"footer\">\n"
       html_body += "<div class=\"container\">\n"
-      html_body += "<p class=\"muted credit\">&copy; <a href=\"http://dawn.codesake.com\">Dawn</a> &mdash; #{Time.now.strftime("%Y")} &mdash; engine v#{Codesake::Dawn::VERSION} (#{Codesake::Dawn::RELEASE})</p>\n"
+      html_body += "<p class=\"muted credit\">&copy; <a href=\"http://dawn.codesake.com\">Dawn</a> &mdash; #{Time.now.strftime("%Y")} &mdash; engine v#{Dawn::VERSION} (#{Dawn::RELEASE})</p>\n"
       html_body += "</div>\n"
       html_body += "</div>\n"
       html_body += "</div>\n"
@@ -123,7 +123,7 @@ module Dawn
       # 0_First table: executive summary
       rows = []
       rows << ['Dawn version', Dawn::VERSION] unless Dawn::RELEASE == "(development)"
-      rows << ['Dawn development version', Dawn::VERSION] if Codesake::Dawn::RELEASE == "(development)"
+      rows << ['Dawn development version', Dawn::VERSION] if Dawn::RELEASE == "(development)"
       rows << ['Scan started', @engine.scan_start]
       rows << ['Scan duration', "#{@engine.scan_time.round(3)} sec"]
       rows << ['Target', @engine.target]

data/lib/dawn/version.rb

@@ -18,9 +18,9 @@ module Dawn
   # |   "Luigi"       |  7.0.0  |
   # | "Doc Hudson"    |  8.0.0  |
 
-  VERSION   = "1.3.0"
+  VERSION   = "1.3.1"
   CODENAME  = "Lightning McQueen"
   # RELEASE   = "(development)"
-  RELEASE   = "20150218"
+  RELEASE   = "20150219"
 
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dawnscanner
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.1
 platform: ruby
 authors:
 - Paolo Perego
@@ -30,7 +30,7 @@ cert_chain:
   1zH2rpK27DW5pOeHUEJn31+gGd111ogP5tYruPV7Qgfy2jUrUPmP67v7nRNlgd84
   Z5mHj9jGk4wgMQy2pk4GDwsXiirZfI0z2WZfySqEldE=
   -----END CERTIFICATE-----
-date: 2015-02-18 00:00:00.000000000 Z
+date: 2015-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: codesake-commons
@@ -286,6 +286,7 @@ files:
 - checksum/codesake-dawn-1.2.0.gem.sha512
 - checksum/codesake-dawn-1.2.99.gem.sha512
 - checksum/dawnscanner-1.2.99.gem.sha1
+- checksum/dawnscanner-1.3.0.gem.sha1
 - dawnscanner.gemspec
 - doc/codesake-dawn.yaml.sample
 - doc/dawn_1_0_announcement.md
@@ -585,7 +586,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.6
 signing_key: 
 specification_version: 4
 summary: Codesake::Dawn is a security source code scanner for ruby powered code.