dawnscanner 1.4.2 → 1.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.ruby-version +1 -1
- data/Changelog.md +85 -9
- data/KnowledgeBase.md +206 -5
- data/README.md +25 -25
- data/Rakefile +19 -5
- data/Roadmap.md +104 -46
- data/VERSION +10 -10
- data/bin/dawn +96 -15
- data/checksum/dawnscanner-1.4.2.gem.sha1 +1 -0
- data/dawnscanner.gemspec +21 -4
- data/doc/dawn_1_5_announcement.md +66 -0
- data/doc/{codesake-dawn.yaml.sample → dawnscanner.yaml.sample} +0 -0
- data/doc/new_knowledge_base_v1.0.md +78 -0
- data/lib/dawn/core.rb +22 -28
- data/lib/dawn/engine.rb +111 -54
- data/lib/dawn/kb/basic_check.rb +3 -0
- data/lib/dawn/kb/cve_2014_3483.rb +1 -0
- data/lib/dawn/kb/cve_2015_1819.rb +34 -0
- data/lib/dawn/kb/cve_2015_4020.rb +34 -0
- data/lib/dawn/kb/gem_check.rb +43 -0
- data/lib/dawn/kb/osvdb_115654.rb +33 -0
- data/lib/dawn/kb/osvdb_116010.rb +30 -0
- data/lib/dawn/kb/osvdb_117903.rb +30 -0
- data/lib/dawn/kb/osvdb_118954.rb +5 -3
- data/lib/dawn/kb/osvdb_119878.rb +3 -3
- data/lib/dawn/kb/osvdb_120415.rb +31 -0
- data/lib/dawn/kb/osvdb_120857.rb +34 -0
- data/lib/dawn/kb/osvdb_121701.rb +30 -0
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +23 -31
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +16 -20
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +31 -31
- data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +22 -22
- data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +23 -23
- data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +25 -25
- data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +21 -21
- data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +24 -24
- data/lib/dawn/kb/version_check.rb +4 -0
- data/lib/dawn/knowledge_base.rb +36 -4
- data/lib/dawn/registry.rb +43 -0
- data/lib/dawn/reporter.rb +88 -47
- data/lib/dawn/utils.rb +3 -4
- data/lib/dawn/version.rb +4 -4
- data/lib/dawnscanner.rb +4 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +40 -0
- data/spec/lib/kb/cve_2014_3483_spec.rb +5 -1
- data/spec/lib/kb/cve_2015_1819_spec.rb +16 -0
- data/spec/lib/kb/cve_2015_4020_spec.rb +24 -0
- data/spec/lib/kb/osvdb_115654_spec.rb +15 -0
- data/spec/lib/kb/osvdb_116010_spec.rb +15 -0
- data/spec/lib/kb/osvdb_117903_spec.rb +23 -0
- data/spec/lib/kb/osvdb_118954_spec.rb +13 -1
- data/spec/lib/kb/osvdb_119878_spec.rb +8 -9
- data/spec/lib/kb/osvdb_120415_spec.rb +16 -0
- data/spec/lib/kb/osvdb_120857_spec.rb +32 -0
- data/spec/lib/kb/osvdb_121701_spec.rb +15 -0
- metadata +153 -12
- metadata.gz.sig +0 -0
- data/BUGS.md +0 -14
metadata.gz.sig
CHANGED
Binary file
|
data/BUGS.md
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
# Dawnscanner - BUGS
|
2
|
-
|
3
|
-
In this file you will find bugs I (thesp0nge) will find during development
|
4
|
-
tests. This is a memo file for [github
|
5
|
-
issues](https://github.com/thesp0nge/dawnscanner/issues) opened by myself, I
|
6
|
-
can use when I'm offline.
|
7
|
-
|
8
|
-
| ID | Description | Status |
|
9
|
-
|----|------------------------|--------|
|
10
|
-
| B1 | when reviewing a Rails app, Source checks are not wired up. We must understand how to enable source checks in engines: source_check.rb:77:in `is_this_precondition_met?': undefined method `deep_each' for nil:NilClass | open |
|
11
|
-
| B2 | when reviewing a Sinatra app, we've got this error: engine.rb:42:in `[]': no implicit conversion of Symbol into Integer (TypeError) | open |
|
12
|
-
|----|------------------------|--------|
|
13
|
-
|
14
|
-
_last updated: Tue Jan 13 17:19:05 CET 2015_
|