RubyGems - dawnscanner - Versions diffs - 1.3.1 → 1.3.5 - Mend

dawnscanner 1.3.1 → 1.3.5

Files changed (59) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/BUGS.md +14 -0
data/Changelog.md +27 -1
data/KnowledgeBase.md +19 -2
data/LICENSE.txt +2 -2
data/README.md +2 -2
data/Rakefile +100 -0
data/Roadmap.md +25 -11
data/VERSION +16 -0
data/bin/dawn +9 -5
data/checksum/dawnscanner-1.3.1.gem.sha1 +1 -0
data/dawnscanner.gemspec +5 -6
data/lib/dawn/kb/basic_check.rb +25 -10
data/lib/dawn/kb/cve_2004_0755.rb +3 -0
data/lib/dawn/kb/cve_2004_0983.rb +3 -0
data/lib/dawn/kb/cve_2005_1992.rb +3 -0
data/lib/dawn/kb/cve_2005_2337.rb +3 -0
data/lib/dawn/kb/cve_2006_3694.rb +2 -0
data/lib/dawn/kb/cve_2007_0469.rb +2 -0
data/lib/dawn/kb/cve_2007_5380.rb +2 -0
data/lib/dawn/kb/cve_2007_6077.rb +2 -0
data/lib/dawn/kb/cve_2007_6612.rb +2 -0
data/lib/dawn/kb/cve_2013_6416.rb +1 -1
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +28 -0
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +28 -0
data/lib/dawn/kb/cve_2015_2963.rb +27 -0
data/lib/dawn/kb/cve_2015_3224.rb +26 -0
data/lib/dawn/kb/cve_2015_3225.rb +28 -0
data/lib/dawn/kb/cve_2015_3226.rb +27 -0
data/lib/dawn/kb/cve_2015_3227.rb +27 -0
data/lib/dawn/kb/osvdb_118579.rb +31 -0
data/lib/dawn/kb/osvdb_118830.rb +32 -0
data/lib/dawn/kb/osvdb_118954.rb +31 -0
data/lib/dawn/kb/osvdb_119878.rb +32 -0
data/lib/dawn/kb/osvdb_119927.rb +33 -0
data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +1 -1
data/lib/dawn/knowledge_base.rb +34 -0
data/lib/dawn/logger.rb +16 -0
data/lib/dawn/reporter.rb +19 -19
data/lib/dawn/utils.rb +2 -2
data/lib/dawn/version.rb +5 -24
data/lib/dawnscanner.rb +2 -1
data/spec/lib/dawn/codesake_knowledgebase_spec.rb +66 -15
data/spec/lib/kb/cve_2015_1840_spec.rb +35 -0
data/spec/lib/kb/cve_2015_2963_spec.rb +17 -0
data/spec/lib/kb/cve_2015_3224_spec.rb +16 -0
data/spec/lib/kb/cve_2015_3225_spec.rb +23 -0
data/spec/lib/kb/cve_2015_3226_spec.rb +29 -0
data/spec/lib/kb/cve_2015_3227_spec.rb +23 -0
data/spec/lib/kb/osvdb_118579_spec.rb +8 -0
data/spec/lib/kb/osvdb_118830_spec.rb +16 -0
data/spec/lib/kb/osvdb_118954_spec.rb +8 -0
data/spec/lib/kb/osvdb_119878_spec.rb +17 -0
data/spec/lib/kb/osvdb_119927_spec.rb +16 -0
data/spec/spec_helper.rb +3 -2
metadata +63 -21
metadata.gz.sig +0 -0

data/spec/lib/kb/osvdb_118579_spec.rb ADDED Viewed

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The OSVDB_118579 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_118579.new
+		# @check.debug = true
+	end
+	it "We are not currently aware of a solution for this vulnerability."
+end

data/spec/lib/kb/osvdb_118830_spec.rb ADDED Viewed

@@ -0,0 +1,16 @@
+require 'spec_helper'
+describe "The OSVDB_118830 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_118830.new
+		# @check.debug = true
+	end
+  it "is reported when a vulnerable version it has been found (2.1.1)" do
+    @check.dependencies = [{:name=>"doorkeeper", :version=>"2.1.1"}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when a safe version it has been found (2.1.2)" do
+    @check.dependencies = [{:name=>"doorkeepr", :version=>"2.1.2"}]
+    @check.vuln?.should   == false
+  end
+end

data/spec/lib/kb/osvdb_118954_spec.rb ADDED Viewed

@@ -0,0 +1,8 @@
+require 'spec_helper'
+describe "The OSVDB_118954 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_118954.new
+		# @check.debug = true
+	end
+	it "Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the source code repository (e.g. GIT, CVS, SVN) that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor links in the references section for more information"
+end

data/spec/lib/kb/osvdb_119878_spec.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require 'spec_helper'
+describe "The OSVDB_119878 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_119878.new
+		# @check.debug = true
+	end
+  it "is not fixed as the time we're writing this: 4.4.2015"
+   # it "is reported when a vulnerable version it has been found (0.7.3)" do
+    # @check.dependencies = [{:name=>"rest-client", :version=>"0.7.3"}]
+    # @check.vuln?.should   == true
+  # end
+  # it "is not reported when a safe version it has been found (0.8.0)" do
+    # @check.dependencies = [{:name=>"rest-client", :version=>"0.8.0"}]
+    # @check.vuln?.should   == false
+  # end
+end

data/spec/lib/kb/osvdb_119927_spec.rb ADDED Viewed

@@ -0,0 +1,16 @@
+require 'spec_helper'
+describe "The OSVDB_119927 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_119927.new
+		# @check.debug = true
+	end
+  it "is reported when a vulnerable version it has been found (0.7.3)" do
+    @check.dependencies = [{:name=>"http", :version=>"0.7.3"}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when a safe version it has been found (0.8.0)" do
+    @check.dependencies = [{:name=>"http", :version=>"0.8.0"}]
+    @check.vuln?.should   == false
+  end
+end

data/spec/spec_helper.rb CHANGED Viewed

@@ -1,11 +1,12 @@
 require 'coveralls'
 require 'dawnscanner'
-require 'codesake-commons'
 def give_a_number
   require 'securerandom'
   return SecureRandom.random_number(9999)
 end
-$logger  = Codesake::Commons::Logging.instance
+require 'logger'
+$logger = Logger.new(STDOUT)
+$logger.datetime_format = '%Y-%m-%d %H:%M:%S'
 Coveralls.wear!

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dawnscanner
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.3.5
 platform: ruby
 authors:
 - Paolo Perego
@@ -30,22 +30,8 @@ cert_chain:
   1zH2rpK27DW5pOeHUEJn31+gGd111ogP5tYruPV7Qgfy2jUrUPmP67v7nRNlgd84
   Z5mHj9jGk4wgMQy2pk4GDwsXiirZfI0z2WZfySqEldE=
   -----END CERTIFICATE-----
-date: 2015-02-19 00:00:00.000000000 Z
+date: 2015-07-29 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: codesake-commons
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.0.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: cvss
   requirement: !ruby/object:Gem::Requirement
@@ -172,6 +158,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: logger-colors
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
@@ -256,9 +256,12 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Dawn is a security source code scanner for ruby powered code.
+description: Dawn is a security source code scanner for ruby powered code. It is especially
+  designed for web applications, but it works also with general purpose ruby scripts.
+  Dawn supports all major MVC frameworks like ruby on rails, padrino and sinatra;
+  it provides more than 150 security checks with their own mitigation suggestion.
 email:
-- paolo@codesake.com
+- paolo@dawnscanner.org
 executables:
 - dawn
 extensions: []
@@ -268,6 +271,7 @@ files:
 - ".ruby-gemset"
 - ".ruby-version"
 - ".travis.yml"
+- BUGS.md
 - Changelog.md
 - Gemfile
 - KnowledgeBase.md
@@ -275,6 +279,7 @@ files:
 - README.md
 - Rakefile
 - Roadmap.md
+- VERSION
 - bin/dawn
 - certs/paolo_at_dawnscanner_dot_org.pem
 - checksum/.placeholder
@@ -287,6 +292,7 @@ files:
 - checksum/codesake-dawn-1.2.99.gem.sha512
 - checksum/dawnscanner-1.2.99.gem.sha1
 - checksum/dawnscanner-1.3.0.gem.sha1
+- checksum/dawnscanner-1.3.1.gem.sha1
 - dawnscanner.gemspec
 - doc/codesake-dawn.yaml.sample
 - doc/dawn_1_0_announcement.md
@@ -468,6 +474,13 @@ files:
 - lib/dawn/kb/cve_2014_2538.rb
 - lib/dawn/kb/cve_2014_3482.rb
 - lib/dawn/kb/cve_2014_3483.rb
+- lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb
+- lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb
+- lib/dawn/kb/cve_2015_2963.rb
+- lib/dawn/kb/cve_2015_3224.rb
+- lib/dawn/kb/cve_2015_3225.rb
+- lib/dawn/kb/cve_2015_3226.rb
+- lib/dawn/kb/cve_2015_3227.rb
 - lib/dawn/kb/dependency_check.rb
 - lib/dawn/kb/deprecation_check.rb
 - lib/dawn/kb/not_revised_code.rb
@@ -477,6 +490,11 @@ files:
 - lib/dawn/kb/osvdb_108563.rb
 - lib/dawn/kb/osvdb_108569.rb
 - lib/dawn/kb/osvdb_108570.rb
+- lib/dawn/kb/osvdb_118579.rb
+- lib/dawn/kb/osvdb_118830.rb
+- lib/dawn/kb/osvdb_118954.rb
+- lib/dawn/kb/osvdb_119878.rb
+- lib/dawn/kb/osvdb_119927.rb
 - lib/dawn/kb/owasp_ror_cheatsheet.rb
 - lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb
 - lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb
@@ -491,6 +509,7 @@ files:
 - lib/dawn/kb/simpleform_xss_20131129.rb
 - lib/dawn/kb/version_check.rb
 - lib/dawn/knowledge_base.rb
+- lib/dawn/logger.rb
 - lib/dawn/padrino.rb
 - lib/dawn/rails.rb
 - lib/dawn/railtie.rb
@@ -557,17 +576,28 @@ files:
 - spec/lib/kb/cve_2014_2538_spec.rb
 - spec/lib/kb/cve_2014_3482_spec.rb
 - spec/lib/kb/cve_2014_3483_spec.rb
+- spec/lib/kb/cve_2015_1840_spec.rb
+- spec/lib/kb/cve_2015_2963_spec.rb
+- spec/lib/kb/cve_2015_3224_spec.rb
+- spec/lib/kb/cve_2015_3225_spec.rb
+- spec/lib/kb/cve_2015_3226_spec.rb
+- spec/lib/kb/cve_2015_3227_spec.rb
 - spec/lib/kb/osvdb_105971_spec.rb
 - spec/lib/kb/osvdb_108530_spec.rb
 - spec/lib/kb/osvdb_108563_spec.rb
 - spec/lib/kb/osvdb_108569_spec.rb
 - spec/lib/kb/osvdb_108570_spec.rb
+- spec/lib/kb/osvdb_118579_spec.rb
+- spec/lib/kb/osvdb_118830_spec.rb
+- spec/lib/kb/osvdb_118954_spec.rb
+- spec/lib/kb/osvdb_119878_spec.rb
+- spec/lib/kb/osvdb_119927_spec.rb
 - spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
 - spec/spec_helper.rb
 - support/bootstrap.js
 - support/bootstrap.min.css
 - support/codesake.css
-homepage: http://dawn.codesake.com
+homepage: http://dawnscanner.org
 licenses: []
 metadata: {}
 post_install_message:
@@ -586,10 +616,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.6
+rubygems_version: 2.4.8
 signing_key:
 specification_version: 4
-summary: Codesake::Dawn is a security source code scanner for ruby powered code.
+summary: Dawn is a security source code scanner for ruby powered code. It is crafted
+  with love to make your sinatra, padrino and ruby on rails web applications secure.
 test_files:
 - features/dawn_complains_about_an_incorrect_command_line.feature.disabled
 - features/dawn_scan_a_secure_sinatra_app.feature.disabled
@@ -652,10 +683,21 @@ test_files:
 - spec/lib/kb/cve_2014_2538_spec.rb
 - spec/lib/kb/cve_2014_3482_spec.rb
 - spec/lib/kb/cve_2014_3483_spec.rb
+- spec/lib/kb/cve_2015_1840_spec.rb
+- spec/lib/kb/cve_2015_2963_spec.rb
+- spec/lib/kb/cve_2015_3224_spec.rb
+- spec/lib/kb/cve_2015_3225_spec.rb
+- spec/lib/kb/cve_2015_3226_spec.rb
+- spec/lib/kb/cve_2015_3227_spec.rb
 - spec/lib/kb/osvdb_105971_spec.rb
 - spec/lib/kb/osvdb_108530_spec.rb
 - spec/lib/kb/osvdb_108563_spec.rb
 - spec/lib/kb/osvdb_108569_spec.rb
 - spec/lib/kb/osvdb_108570_spec.rb
+- spec/lib/kb/osvdb_118579_spec.rb
+- spec/lib/kb/osvdb_118830_spec.rb
+- spec/lib/kb/osvdb_118954_spec.rb
+- spec/lib/kb/osvdb_119878_spec.rb
+- spec/lib/kb/osvdb_119927_spec.rb
 - spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
 - spec/spec_helper.rb

metadata.gz.sig CHANGED Viewed

Binary file