dawnscanner 1.4.2 → 1.5.0

data/spec/lib/kb/osvdb_115654_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The OSVDB_115654 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_115654.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"raven-ruby", :version=>"0.12.1"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"raven-ruby", :version=>"0.12.2"}]
+		@check.vuln?.should   == false
+	end
+end

data/spec/lib/kb/osvdb_116010_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The OSVDB_116010 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_116010.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"doorkeeper", :version=>"1.4.0"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"doorkeeper", :version=>"1.4.1"}]
+		@check.vuln?.should   == false
+	end
+end

data/spec/lib/kb/osvdb_117903_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+describe "The OSVDB_117903 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_117903.new
+		# @check.debug = true
+	end
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"ruby-saml", :version=>"0.7.2"}]
+    @check.vuln?.should   == true
+  end
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"ruby-saml", :version=>"0.8.1"}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"ruby-saml", :version=>"0.7.3"}]
+    @check.vuln?.should   == false
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"ruby-saml", :version=>"0.8.2"}]
+    @check.vuln?.should   == false
+  end
+end

data/spec/lib/kb/osvdb_118954_spec.rb

@@ -4,5 +4,17 @@ describe "The OSVDB_118954 vulnerability" do
 		@check = Dawn::Kb::OSVDB_118954.new
 		# @check.debug = true
 	end
-	it "Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the source code repository (e.g. GIT, CVS, SVN) that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor links in the references section for more information"
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"rails", :version=>"4.2.0"}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"rails", :version=>"4.2.1.rc3"}]
+    @check.vuln?.should   == false
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"rails", :version=>"4.0.3"}]
+    @check.vuln?.should   == false
+  end
+
 end

data/spec/lib/kb/osvdb_119878_spec.rb

@@ -4,14 +4,13 @@ describe "The OSVDB_119878 vulnerability" do
 		@check = Dawn::Kb::OSVDB_119878.new
 		# @check.debug = true
 	end
-  it "is not fixed as the time we're writing this: 4.4.2015"
-   # it "is reported when a vulnerable version it has been found (0.7.3)" do
-    # @check.dependencies = [{:name=>"rest-client", :version=>"0.7.3"}]
-    # @check.vuln?.should   == true
-  # end
-  # it "is not reported when a safe version it has been found (0.8.0)" do
-    # @check.dependencies = [{:name=>"rest-client", :version=>"0.8.0"}]
-    # @check.vuln?.should   == false
-  # end
+  it "is reported when a vulnerable version it has been found (1.8.0)" do
+    @check.dependencies = [{:name=>"rest-client", :version=>"1.8.0"}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when a safe version it has been found (2.0.0.rc1)" do
+    @check.dependencies = [{:name=>"rest-client", :version=>"2.0.0.rc1"}]
+    @check.vuln?.should   == false
+  end
 
 end

data/spec/lib/kb/osvdb_120415_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+describe "The OSVDB_120415 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_120415.new
+		# @check.debug = true
+	end
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"redcarpet", :version=>"3.2.2"}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"redcarpet", :version=>"3.2.3"}]
+    @check.vuln?.should   == false
+  end
+
+end

data/spec/lib/kb/osvdb_120857_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+describe "The OSVDB_120857 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_120857.new
+		# @check.debug = true
+	end
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"refile", :version=>"0.5.2"}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"refile", :version=>"0.5.4"}]
+    @check.vuln?.should   == false
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"refile", :version=>"0.4.4"}]
+    @check.vuln?.should   == false
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"refile", :version=>"0.3.4"}]
+    @check.vuln?.should   == false
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"refile", :version=>"0.2.4"}]
+    @check.vuln?.should   == false
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"refile", :version=>"0.1.4"}]
+    @check.vuln?.should   == false
+  end
+
+end

data/spec/lib/kb/osvdb_121701_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The OSVDB_121701 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_121701.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"open-uri-cached", :version=>"0.0.4"}]
+    @check.vuln?.should   == true
+  end
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"open-uri-cached", :version=>"0.0.5"}]
+    @check.vuln?.should   == false
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dawnscanner
 version: !ruby/object:Gem::Version
-  version: 1.4.2
+  version: 1.5.0
 platform: ruby
 authors:
 - Paolo Perego
@@ -30,7 +30,7 @@ cert_chain:
   1zH2rpK27DW5pOeHUEJn31+gGd111ogP5tYruPV7Qgfy2jUrUPmP67v7nRNlgd84
   Z5mHj9jGk4wgMQy2pk4GDwsXiirZfI0z2WZfySqEldE=
   -----END CERTIFICATE-----
-date: 2015-10-13 00:00:00.000000000 Z
+date: 2015-12-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cvss
@@ -61,7 +61,63 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: parser
+  name: ruby_parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sys-uname
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: justify
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: logger-colors
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -89,7 +145,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: ruby_parser
+  name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -103,7 +159,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sys-uname
+  name: dm-sqlite-adapter
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -117,7 +173,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: grit
+  name: data_mapper
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -131,7 +187,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: terminal-table
+  name: code_metrics
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -145,7 +201,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: justify
+  name: metric_fu-Saikuro
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -159,7 +215,63 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: logger-colors
+  name: flay
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: churn
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: flog
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: reek
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cane
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -272,7 +384,6 @@ files:
 - ".ruby-gemset"
 - ".ruby-version"
 - ".travis.yml"
-- BUGS.md
 - Changelog.md
 - Gemfile
 - KnowledgeBase.md
@@ -297,11 +408,14 @@ files:
 - checksum/dawnscanner-1.3.5.gem.sha1
 - checksum/dawnscanner-1.4.0.gem.sha1
 - checksum/dawnscanner-1.4.1.gem.sha1
+- checksum/dawnscanner-1.4.2.gem.sha1
 - dawnscanner.gemspec
-- doc/codesake-dawn.yaml.sample
 - doc/dawn_1_0_announcement.md
 - doc/dawn_1_1_announcement.md
 - doc/dawn_1_2_announcement.md
+- doc/dawn_1_5_announcement.md
+- doc/dawnscanner.yaml.sample
+- doc/new_knowledge_base_v1.0.md
 - features/dawn_complains_about_an_incorrect_command_line.feature.disabled
 - features/dawn_scan_a_secure_sinatra_app.feature.disabled
 - features/dawn_scan_a_vulnerable_sinatra_app.feature.disabled
@@ -486,6 +600,7 @@ files:
 - lib/dawn/kb/cve_2014_7829.rb
 - lib/dawn/kb/cve_2014_8090.rb
 - lib/dawn/kb/cve_2014_9490.rb
+- lib/dawn/kb/cve_2015_1819.rb
 - lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb
 - lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb
 - lib/dawn/kb/cve_2015_2963.rb
@@ -494,8 +609,10 @@ files:
 - lib/dawn/kb/cve_2015_3226.rb
 - lib/dawn/kb/cve_2015_3227.rb
 - lib/dawn/kb/cve_2015_3448.rb
+- lib/dawn/kb/cve_2015_4020.rb
 - lib/dawn/kb/dependency_check.rb
 - lib/dawn/kb/deprecation_check.rb
+- lib/dawn/kb/gem_check.rb
 - lib/dawn/kb/not_revised_code.rb
 - lib/dawn/kb/operating_system_check.rb
 - lib/dawn/kb/osvdb_105971.rb
@@ -503,11 +620,17 @@ files:
 - lib/dawn/kb/osvdb_108563.rb
 - lib/dawn/kb/osvdb_108569.rb
 - lib/dawn/kb/osvdb_108570.rb
+- lib/dawn/kb/osvdb_115654.rb
+- lib/dawn/kb/osvdb_116010.rb
+- lib/dawn/kb/osvdb_117903.rb
 - lib/dawn/kb/osvdb_118579.rb
 - lib/dawn/kb/osvdb_118830.rb
 - lib/dawn/kb/osvdb_118954.rb
 - lib/dawn/kb/osvdb_119878.rb
 - lib/dawn/kb/osvdb_119927.rb
+- lib/dawn/kb/osvdb_120415.rb
+- lib/dawn/kb/osvdb_120857.rb
+- lib/dawn/kb/osvdb_121701.rb
 - lib/dawn/kb/owasp_ror_cheatsheet.rb
 - lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb
 - lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb
@@ -526,6 +649,7 @@ files:
 - lib/dawn/padrino.rb
 - lib/dawn/rails.rb
 - lib/dawn/railtie.rb
+- lib/dawn/registry.rb
 - lib/dawn/reporter.rb
 - lib/dawn/sinatra.rb
 - lib/dawn/tasks.rb
@@ -595,6 +719,7 @@ files:
 - spec/lib/kb/cve_2014_7819_spec.rb
 - spec/lib/kb/cve_2014_7829_spec.rb
 - spec/lib/kb/cve_2014_9490_spec.rb
+- spec/lib/kb/cve_2015_1819_spec.rb
 - spec/lib/kb/cve_2015_1840_spec.rb
 - spec/lib/kb/cve_2015_2963_spec.rb
 - spec/lib/kb/cve_2015_3224_spec.rb
@@ -602,23 +727,31 @@ files:
 - spec/lib/kb/cve_2015_3226_spec.rb
 - spec/lib/kb/cve_2015_3227_spec.rb
 - spec/lib/kb/cve_2015_3448_spec.rb
+- spec/lib/kb/cve_2015_4020_spec.rb
 - spec/lib/kb/osvdb_105971_spec.rb
 - spec/lib/kb/osvdb_108530_spec.rb
 - spec/lib/kb/osvdb_108563_spec.rb
 - spec/lib/kb/osvdb_108569_spec.rb
 - spec/lib/kb/osvdb_108570_spec.rb
+- spec/lib/kb/osvdb_115654_spec.rb
+- spec/lib/kb/osvdb_116010_spec.rb
+- spec/lib/kb/osvdb_117903_spec.rb
 - spec/lib/kb/osvdb_118579_spec.rb
 - spec/lib/kb/osvdb_118830_spec.rb
 - spec/lib/kb/osvdb_118954_spec.rb
 - spec/lib/kb/osvdb_119878_spec.rb
 - spec/lib/kb/osvdb_119927_spec.rb
+- spec/lib/kb/osvdb_120415_spec.rb
+- spec/lib/kb/osvdb_120857_spec.rb
+- spec/lib/kb/osvdb_121701_spec.rb
 - spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
 - spec/spec_helper.rb
 - support/bootstrap.js
 - support/bootstrap.min.css
 - support/codesake.css
 homepage: http://dawnscanner.org
-licenses: []
+licenses:
+- MIT
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -710,6 +843,7 @@ test_files:
 - spec/lib/kb/cve_2014_7819_spec.rb
 - spec/lib/kb/cve_2014_7829_spec.rb
 - spec/lib/kb/cve_2014_9490_spec.rb
+- spec/lib/kb/cve_2015_1819_spec.rb
 - spec/lib/kb/cve_2015_1840_spec.rb
 - spec/lib/kb/cve_2015_2963_spec.rb
 - spec/lib/kb/cve_2015_3224_spec.rb
@@ -717,15 +851,22 @@ test_files:
 - spec/lib/kb/cve_2015_3226_spec.rb
 - spec/lib/kb/cve_2015_3227_spec.rb
 - spec/lib/kb/cve_2015_3448_spec.rb
+- spec/lib/kb/cve_2015_4020_spec.rb
 - spec/lib/kb/osvdb_105971_spec.rb
 - spec/lib/kb/osvdb_108530_spec.rb
 - spec/lib/kb/osvdb_108563_spec.rb
 - spec/lib/kb/osvdb_108569_spec.rb
 - spec/lib/kb/osvdb_108570_spec.rb
+- spec/lib/kb/osvdb_115654_spec.rb
+- spec/lib/kb/osvdb_116010_spec.rb
+- spec/lib/kb/osvdb_117903_spec.rb
 - spec/lib/kb/osvdb_118579_spec.rb
 - spec/lib/kb/osvdb_118830_spec.rb
 - spec/lib/kb/osvdb_118954_spec.rb
 - spec/lib/kb/osvdb_119878_spec.rb
 - spec/lib/kb/osvdb_119927_spec.rb
+- spec/lib/kb/osvdb_120415_spec.rb
+- spec/lib/kb/osvdb_120857_spec.rb
+- spec/lib/kb/osvdb_121701_spec.rb
 - spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
 - spec/spec_helper.rb