dawnscanner 1.5.2 → 1.6.0

data/spec/lib/kb/cve_2015_7577_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+describe "The CVE-2015-7577 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_7577.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0.beta.1"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"4.2.5"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"4.1.14"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"3.2.22"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"4.2.5.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"4.2.6"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"4.1.14.2"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"4.1.15"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"3.2.22.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"3.2.23"}]
+		@check.vuln?.should   == false
+	end
+end

data/spec/lib/kb/cve_2015_7578_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The CVE-2015-7578 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_7578.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.2"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.3"}]
+		@check.vuln?.should   == false
+	end
+end

data/spec/lib/kb/cve_2015_7579_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+describe "The CVE-2015-7579 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_7579.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.2"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+		@check.dependencies = [{:name=>"", :version=>"1.0.3"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+		@check.dependencies = [{:name=>"", :version=>"1.0.0"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+		@check.dependencies = [{:name=>"", :version=>"1.0.1"}]
+		@check.vuln?.should   == false
+	end
+end

data/spec/lib/kb/cve_2015_7581_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+describe "The CVE-2015-7581 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_7581.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"3.2.23"}]
+		@check.vuln?.should   == false
+	end
+end

data/spec/lib/kb/cve_2015_8241_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+describe "The CVE-2015-8241 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_8241.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
+		@check.vuln?.should   == false
+	end
+end

data/spec/lib/kb/cve_2015_8242_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+describe "The CVE-2015-8242 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_8242.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
+		@check.vuln?.should   == false
+	end
+end

data/spec/lib/kb/cve_2015_8317_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+describe "The CVE-2015-8317 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2015_8317.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
+		@check.vuln?.should   == false
+	end
+end

data/spec/lib/kb/cve_2016_0751_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+describe "The CVE-2016-0751 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2016_0751.new
+		# @check.debug = true
+	end
+it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"", :version=>"5.0.0"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"", :version=>"4.2.5.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"", :version=>"4.2.6"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"", :version=>"4.1.14.2"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"", :version=>"4.1.15"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"", :version=>"3.2.22.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"", :version=>"3.2.23"}]
+		@check.vuln?.should   == false
+	end
+end

data/spec/lib/kb/cve_2016_0752_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+describe "The CVE-2016-0752 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2016_0752.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"5.0.0.beta.1"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"4.2.5"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"4.1.14"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"3.2.22"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"5.0.0"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"4.2.5.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"4.2.6"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"4.1.14.2"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"4.1.15"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"3.2.22.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"3.2.23"}]
+		@check.vuln?.should   == false
+	end
+end

data/spec/lib/kb/cve_2016_0753_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+describe "The CVE-2016-0753 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2016_0753.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"activemodel", :version=>"5.0.0.beta.1"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"activemodel", :version=>"4.2.5"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"activemodel", :version=>"4.1.14"}]
+		@check.vuln?.should   == true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"activemodel", :version=>"3.2.22"}]
+		@check.vuln?.should   == true
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activemodel", :version=>"5.0.0"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activemodel", :version=>"4.2.5.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activemodel", :version=>"4.2.6"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activemodel", :version=>"4.1.14.2"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activemodel", :version=>"4.1.15"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activemodel", :version=>"3.2.22.1"}]
+		@check.vuln?.should   == false
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activemodel", :version=>"3.2.23"}]
+		@check.vuln?.should   == false
+	end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dawnscanner
 version: !ruby/object:Gem::Version
-  version: 1.5.2
+  version: 1.6.0
 platform: ruby
 authors:
 - Paolo Perego
@@ -30,7 +30,7 @@ cert_chain:
   1zH2rpK27DW5pOeHUEJn31+gGd111ogP5tYruPV7Qgfy2jUrUPmP67v7nRNlgd84
   Z5mHj9jGk4wgMQy2pk4GDwsXiirZfI0z2WZfySqEldE=
   -----END CERTIFICATE-----
-date: 2015-12-16 00:00:00.000000000 Z
+date: 2016-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cvss
@@ -313,6 +313,7 @@ files:
 - checksum/dawnscanner-1.4.2.gem.sha1
 - checksum/dawnscanner-1.5.0.gem.sha1
 - checksum/dawnscanner-1.5.1.gem.sha1
+- checksum/dawnscanner-1.5.2.gem.sha1
 - dawnscanner.gemspec
 - doc/dawn_1_0_announcement.md
 - doc/dawn_1_1_announcement.md
@@ -514,6 +515,24 @@ files:
 - lib/dawn/kb/cve_2015_3227.rb
 - lib/dawn/kb/cve_2015_3448.rb
 - lib/dawn/kb/cve_2015_4020.rb
+- lib/dawn/kb/cve_2015_5312.rb
+- lib/dawn/kb/cve_2015_7497.rb
+- lib/dawn/kb/cve_2015_7498.rb
+- lib/dawn/kb/cve_2015_7499.rb
+- lib/dawn/kb/cve_2015_7500.rb
+- lib/dawn/kb/cve_2015_7519.rb
+- lib/dawn/kb/cve_2015_7541.rb
+- lib/dawn/kb/cve_2015_7576.rb
+- lib/dawn/kb/cve_2015_7577.rb
+- lib/dawn/kb/cve_2015_7578.rb
+- lib/dawn/kb/cve_2015_7579.rb
+- lib/dawn/kb/cve_2015_7581.rb
+- lib/dawn/kb/cve_2015_8241.rb
+- lib/dawn/kb/cve_2015_8242.rb
+- lib/dawn/kb/cve_2015_8317.rb
+- lib/dawn/kb/cve_2016_0751.rb
+- lib/dawn/kb/cve_2016_0752.rb
+- lib/dawn/kb/cve_2016_0753.rb
 - lib/dawn/kb/dependency_check.rb
 - lib/dawn/kb/deprecation_check.rb
 - lib/dawn/kb/gem_check.rb
@@ -632,6 +651,24 @@ files:
 - spec/lib/kb/cve_2015_3227_spec.rb
 - spec/lib/kb/cve_2015_3448_spec.rb
 - spec/lib/kb/cve_2015_4020_spec.rb
+- spec/lib/kb/cve_2015_5312_spec.rb
+- spec/lib/kb/cve_2015_7497_spec.rb
+- spec/lib/kb/cve_2015_7498_spec.rb
+- spec/lib/kb/cve_2015_7499_spec.rb
+- spec/lib/kb/cve_2015_7500_spec.rb
+- spec/lib/kb/cve_2015_7519_spec.rb
+- spec/lib/kb/cve_2015_7541_spec.rb
+- spec/lib/kb/cve_2015_7576_spec.rb
+- spec/lib/kb/cve_2015_7577_spec.rb
+- spec/lib/kb/cve_2015_7578_spec.rb
+- spec/lib/kb/cve_2015_7579_spec.rb
+- spec/lib/kb/cve_2015_7581_spec.rb
+- spec/lib/kb/cve_2015_8241_spec.rb
+- spec/lib/kb/cve_2015_8242_spec.rb
+- spec/lib/kb/cve_2015_8317_spec.rb
+- spec/lib/kb/cve_2016_0751_spec.rb
+- spec/lib/kb/cve_2016_0752_spec.rb
+- spec/lib/kb/cve_2016_0753_spec.rb
 - spec/lib/kb/osvdb_105971_spec.rb
 - spec/lib/kb/osvdb_108530_spec.rb
 - spec/lib/kb/osvdb_108563_spec.rb
@@ -756,6 +793,24 @@ test_files:
 - spec/lib/kb/cve_2015_3227_spec.rb
 - spec/lib/kb/cve_2015_3448_spec.rb
 - spec/lib/kb/cve_2015_4020_spec.rb
+- spec/lib/kb/cve_2015_5312_spec.rb
+- spec/lib/kb/cve_2015_7497_spec.rb
+- spec/lib/kb/cve_2015_7498_spec.rb
+- spec/lib/kb/cve_2015_7499_spec.rb
+- spec/lib/kb/cve_2015_7500_spec.rb
+- spec/lib/kb/cve_2015_7519_spec.rb
+- spec/lib/kb/cve_2015_7541_spec.rb
+- spec/lib/kb/cve_2015_7576_spec.rb
+- spec/lib/kb/cve_2015_7577_spec.rb
+- spec/lib/kb/cve_2015_7578_spec.rb
+- spec/lib/kb/cve_2015_7579_spec.rb
+- spec/lib/kb/cve_2015_7581_spec.rb
+- spec/lib/kb/cve_2015_8241_spec.rb
+- spec/lib/kb/cve_2015_8242_spec.rb
+- spec/lib/kb/cve_2015_8317_spec.rb
+- spec/lib/kb/cve_2016_0751_spec.rb
+- spec/lib/kb/cve_2016_0752_spec.rb
+- spec/lib/kb/cve_2016_0753_spec.rb
 - spec/lib/kb/osvdb_105971_spec.rb
 - spec/lib/kb/osvdb_108530_spec.rb
 - spec/lib/kb/osvdb_108563_spec.rb