dawnscanner 1.4.2 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/.ruby-version +1 -1
  5. data/Changelog.md +85 -9
  6. data/KnowledgeBase.md +206 -5
  7. data/README.md +25 -25
  8. data/Rakefile +19 -5
  9. data/Roadmap.md +104 -46
  10. data/VERSION +10 -10
  11. data/bin/dawn +96 -15
  12. data/checksum/dawnscanner-1.4.2.gem.sha1 +1 -0
  13. data/dawnscanner.gemspec +21 -4
  14. data/doc/dawn_1_5_announcement.md +66 -0
  15. data/doc/{codesake-dawn.yaml.sample → dawnscanner.yaml.sample} +0 -0
  16. data/doc/new_knowledge_base_v1.0.md +78 -0
  17. data/lib/dawn/core.rb +22 -28
  18. data/lib/dawn/engine.rb +111 -54
  19. data/lib/dawn/kb/basic_check.rb +3 -0
  20. data/lib/dawn/kb/cve_2014_3483.rb +1 -0
  21. data/lib/dawn/kb/cve_2015_1819.rb +34 -0
  22. data/lib/dawn/kb/cve_2015_4020.rb +34 -0
  23. data/lib/dawn/kb/gem_check.rb +43 -0
  24. data/lib/dawn/kb/osvdb_115654.rb +33 -0
  25. data/lib/dawn/kb/osvdb_116010.rb +30 -0
  26. data/lib/dawn/kb/osvdb_117903.rb +30 -0
  27. data/lib/dawn/kb/osvdb_118954.rb +5 -3
  28. data/lib/dawn/kb/osvdb_119878.rb +3 -3
  29. data/lib/dawn/kb/osvdb_120415.rb +31 -0
  30. data/lib/dawn/kb/osvdb_120857.rb +34 -0
  31. data/lib/dawn/kb/osvdb_121701.rb +30 -0
  32. data/lib/dawn/kb/owasp_ror_cheatsheet.rb +23 -31
  33. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +16 -20
  34. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +31 -31
  35. data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +22 -22
  36. data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +23 -23
  37. data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +25 -25
  38. data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +21 -21
  39. data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +24 -24
  40. data/lib/dawn/kb/version_check.rb +4 -0
  41. data/lib/dawn/knowledge_base.rb +36 -4
  42. data/lib/dawn/registry.rb +43 -0
  43. data/lib/dawn/reporter.rb +88 -47
  44. data/lib/dawn/utils.rb +3 -4
  45. data/lib/dawn/version.rb +4 -4
  46. data/lib/dawnscanner.rb +4 -1
  47. data/spec/lib/dawn/codesake_knowledgebase_spec.rb +40 -0
  48. data/spec/lib/kb/cve_2014_3483_spec.rb +5 -1
  49. data/spec/lib/kb/cve_2015_1819_spec.rb +16 -0
  50. data/spec/lib/kb/cve_2015_4020_spec.rb +24 -0
  51. data/spec/lib/kb/osvdb_115654_spec.rb +15 -0
  52. data/spec/lib/kb/osvdb_116010_spec.rb +15 -0
  53. data/spec/lib/kb/osvdb_117903_spec.rb +23 -0
  54. data/spec/lib/kb/osvdb_118954_spec.rb +13 -1
  55. data/spec/lib/kb/osvdb_119878_spec.rb +8 -9
  56. data/spec/lib/kb/osvdb_120415_spec.rb +16 -0
  57. data/spec/lib/kb/osvdb_120857_spec.rb +32 -0
  58. data/spec/lib/kb/osvdb_121701_spec.rb +15 -0
  59. metadata +153 -12
  60. metadata.gz.sig +0 -0
  61. data/BUGS.md +0 -14
metadata.gz.sig CHANGED
Binary file
data/BUGS.md DELETED
@@ -1,14 +0,0 @@
1
- # Dawnscanner - BUGS
2
-
3
- In this file you will find bugs I (thesp0nge) will find during development
4
- tests. This is a memo file for [github
5
- issues](https://github.com/thesp0nge/dawnscanner/issues) opened by myself, I
6
- can use when I'm offline.
7
-
8
- | ID | Description | Status |
9
- |----|------------------------|--------|
10
- | B1 | when reviewing a Rails app, Source checks are not wired up. We must understand how to enable source checks in engines: source_check.rb:77:in `is_this_precondition_met?': undefined method `deep_each' for nil:NilClass | open |
11
- | B2 | when reviewing a Sinatra app, we've got this error: engine.rb:42:in `[]': no implicit conversion of Symbol into Integer (TypeError) | open |
12
- |----|------------------------|--------|
13
-
14
- _last updated: Tue Jan 13 17:19:05 CET 2015_