dawnscanner 1.4.2 → 1.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (61) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/.ruby-version +1 -1
  5. data/Changelog.md +85 -9
  6. data/KnowledgeBase.md +206 -5
  7. data/README.md +25 -25
  8. data/Rakefile +19 -5
  9. data/Roadmap.md +104 -46
  10. data/VERSION +10 -10
  11. data/bin/dawn +96 -15
  12. data/checksum/dawnscanner-1.4.2.gem.sha1 +1 -0
  13. data/dawnscanner.gemspec +21 -4
  14. data/doc/dawn_1_5_announcement.md +66 -0
  15. data/doc/{codesake-dawn.yaml.sample → dawnscanner.yaml.sample} +0 -0
  16. data/doc/new_knowledge_base_v1.0.md +78 -0
  17. data/lib/dawn/core.rb +22 -28
  18. data/lib/dawn/engine.rb +111 -54
  19. data/lib/dawn/kb/basic_check.rb +3 -0
  20. data/lib/dawn/kb/cve_2014_3483.rb +1 -0
  21. data/lib/dawn/kb/cve_2015_1819.rb +34 -0
  22. data/lib/dawn/kb/cve_2015_4020.rb +34 -0
  23. data/lib/dawn/kb/gem_check.rb +43 -0
  24. data/lib/dawn/kb/osvdb_115654.rb +33 -0
  25. data/lib/dawn/kb/osvdb_116010.rb +30 -0
  26. data/lib/dawn/kb/osvdb_117903.rb +30 -0
  27. data/lib/dawn/kb/osvdb_118954.rb +5 -3
  28. data/lib/dawn/kb/osvdb_119878.rb +3 -3
  29. data/lib/dawn/kb/osvdb_120415.rb +31 -0
  30. data/lib/dawn/kb/osvdb_120857.rb +34 -0
  31. data/lib/dawn/kb/osvdb_121701.rb +30 -0
  32. data/lib/dawn/kb/owasp_ror_cheatsheet.rb +23 -31
  33. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +16 -20
  34. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +31 -31
  35. data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +22 -22
  36. data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +23 -23
  37. data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +25 -25
  38. data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +21 -21
  39. data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +24 -24
  40. data/lib/dawn/kb/version_check.rb +4 -0
  41. data/lib/dawn/knowledge_base.rb +36 -4
  42. data/lib/dawn/registry.rb +43 -0
  43. data/lib/dawn/reporter.rb +88 -47
  44. data/lib/dawn/utils.rb +3 -4
  45. data/lib/dawn/version.rb +4 -4
  46. data/lib/dawnscanner.rb +4 -1
  47. data/spec/lib/dawn/codesake_knowledgebase_spec.rb +40 -0
  48. data/spec/lib/kb/cve_2014_3483_spec.rb +5 -1
  49. data/spec/lib/kb/cve_2015_1819_spec.rb +16 -0
  50. data/spec/lib/kb/cve_2015_4020_spec.rb +24 -0
  51. data/spec/lib/kb/osvdb_115654_spec.rb +15 -0
  52. data/spec/lib/kb/osvdb_116010_spec.rb +15 -0
  53. data/spec/lib/kb/osvdb_117903_spec.rb +23 -0
  54. data/spec/lib/kb/osvdb_118954_spec.rb +13 -1
  55. data/spec/lib/kb/osvdb_119878_spec.rb +8 -9
  56. data/spec/lib/kb/osvdb_120415_spec.rb +16 -0
  57. data/spec/lib/kb/osvdb_120857_spec.rb +32 -0
  58. data/spec/lib/kb/osvdb_121701_spec.rb +15 -0
  59. metadata +153 -12
  60. metadata.gz.sig +0 -0
  61. data/BUGS.md +0 -14
metadata.gz.sig CHANGED
Binary file
data/BUGS.md DELETED
@@ -1,14 +0,0 @@
1
- # Dawnscanner - BUGS
2
-
3
- In this file you will find bugs I (thesp0nge) will find during development
4
- tests. This is a memo file for [github
5
- issues](https://github.com/thesp0nge/dawnscanner/issues) opened by myself, I
6
- can use when I'm offline.
7
-
8
- | ID | Description | Status |
9
- |----|------------------------|--------|
10
- | B1 | when reviewing a Rails app, Source checks are not wired up. We must understand how to enable source checks in engines: source_check.rb:77:in `is_this_precondition_met?': undefined method `deep_each' for nil:NilClass | open |
11
- | B2 | when reviewing a Sinatra app, we've got this error: engine.rb:42:in `[]': no implicit conversion of Symbol into Integer (TypeError) | open |
12
- |----|------------------------|--------|
13
-
14
- _last updated: Tue Jan 13 17:19:05 CET 2015_