dawnscanner 1.6.1 → 1.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.ruby-version +1 -1
- data/.travis.yml +2 -0
- data/Changelog.md +10 -1
- data/KnowledgeBase.md +10 -4
- data/README.md +1 -1
- data/Rakefile +12 -8
- data/VERSION +1 -1
- data/checksum/dawnscanner-1.6.1.gem.sha1 +1 -0
- data/lib/dawn/kb/cve_2016_2097.rb +35 -0
- data/lib/dawn/kb/cve_2016_2098.rb +34 -0
- data/lib/dawn/knowledge_base.rb +4 -0
- data/lib/dawn/version.rb +4 -4
- data/spec/lib/dawn/codesake_core_spec.rb +1 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +451 -441
- data/spec/lib/dawn/codesake_padrino_engine_disabled.rb +11 -11
- data/spec/lib/dawn/codesake_rails_engine_disabled.rb +2 -2
- data/spec/lib/dawn/codesake_sinatra_engine_disabled.rb +36 -36
- data/spec/lib/kb/codesake_cve_2013_0175_spec.rb +6 -6
- data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +7 -7
- data/spec/lib/kb/codesake_dependency_version_check_spec.rb +10 -10
- data/spec/lib/kb/codesake_deprecation_check_spec.rb +11 -11
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +4 -4
- data/spec/lib/kb/codesake_version_check_spec.rb +42 -42
- data/spec/lib/kb/cve_2011_2705_spec.rb +7 -7
- data/spec/lib/kb/cve_2011_2930_spec.rb +6 -6
- data/spec/lib/kb/cve_2011_3009_spec.rb +4 -4
- data/spec/lib/kb/cve_2011_3187_spec.rb +4 -4
- data/spec/lib/kb/cve_2011_4319_spec.rb +9 -9
- data/spec/lib/kb/cve_2011_5036_spec.rb +21 -21
- data/spec/lib/kb/cve_2012_1098_spec.rb +7 -7
- data/spec/lib/kb/cve_2012_2139_spec.rb +3 -3
- data/spec/lib/kb/cve_2012_2671_spec.rb +4 -4
- data/spec/lib/kb/cve_2012_6109_spec.rb +25 -25
- data/spec/lib/kb/cve_2012_6684_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_0162_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_0183_spec.rb +11 -11
- data/spec/lib/kb/cve_2013_0184_spec.rb +26 -26
- data/spec/lib/kb/cve_2013_0256_spec.rb +6 -6
- data/spec/lib/kb/cve_2013_0262_spec.rb +9 -9
- data/spec/lib/kb/cve_2013_0263_spec.rb +1 -1
- data/spec/lib/kb/cve_2013_1607_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_1655_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_1756_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_2090_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_2105_spec.rb +1 -1
- data/spec/lib/kb/cve_2013_2119_spec.rb +5 -5
- data/spec/lib/kb/cve_2013_2512_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_2513_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_2516_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4203_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4413_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4489_spec.rb +11 -11
- data/spec/lib/kb/cve_2013_4491_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4593_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_5647_spec.rb +3 -3
- data/spec/lib/kb/cve_2013_5671_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_6416_spec.rb +5 -5
- data/spec/lib/kb/cve_2013_6459_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_7086_spec.rb +3 -3
- data/spec/lib/kb/cve_2014_0036_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_0080_spec.rb +5 -5
- data/spec/lib/kb/cve_2014_0081_spec.rb +10 -10
- data/spec/lib/kb/cve_2014_0082_spec.rb +8 -8
- data/spec/lib/kb/cve_2014_0130_spec.rb +3 -3
- data/spec/lib/kb/cve_2014_1233_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_1234_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_2322_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_2538_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_3482_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_3483_spec.rb +5 -5
- data/spec/lib/kb/cve_2014_7818_spec.rb +8 -8
- data/spec/lib/kb/cve_2014_7819_spec.rb +32 -32
- data/spec/lib/kb/cve_2014_7829_spec.rb +10 -10
- data/spec/lib/kb/cve_2014_9490_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_1819_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_1840_spec.rb +7 -7
- data/spec/lib/kb/cve_2015_2963_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_3224_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_3225_spec.rb +5 -5
- data/spec/lib/kb/cve_2015_3226_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_3227_spec.rb +5 -5
- data/spec/lib/kb/cve_2015_3448_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_4020_spec.rb +4 -4
- data/spec/lib/kb/cve_2015_5312_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7497_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7498_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7499_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7500_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7519_spec.rb +4 -4
- data/spec/lib/kb/cve_2015_7541_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_7576_spec.rb +11 -11
- data/spec/lib/kb/cve_2015_7577_spec.rb +11 -11
- data/spec/lib/kb/cve_2015_7578_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_7579_spec.rb +4 -4
- data/spec/lib/kb/cve_2015_7581_spec.rb +11 -11
- data/spec/lib/kb/cve_2015_8241_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_8242_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_8317_spec.rb +6 -6
- data/spec/lib/kb/cve_2016_0751_spec.rb +11 -11
- data/spec/lib/kb/cve_2016_0752_spec.rb +11 -11
- data/spec/lib/kb/cve_2016_0753_spec.rb +11 -11
- data/spec/lib/kb/cve_2016_2097_spec.rb +35 -0
- data/spec/lib/kb/cve_2016_2098_spec.rb +39 -0
- data/spec/lib/kb/osvdb_105971_spec.rb +2 -2
- data/spec/lib/kb/osvdb_108530_spec.rb +3 -3
- data/spec/lib/kb/osvdb_108563_spec.rb +2 -2
- data/spec/lib/kb/osvdb_108569_spec.rb +2 -2
- data/spec/lib/kb/osvdb_108570_spec.rb +2 -2
- data/spec/lib/kb/osvdb_115654_spec.rb +2 -2
- data/spec/lib/kb/osvdb_116010_spec.rb +2 -2
- data/spec/lib/kb/osvdb_117903_spec.rb +4 -4
- data/spec/lib/kb/osvdb_118830_spec.rb +2 -2
- data/spec/lib/kb/osvdb_118954_spec.rb +3 -3
- data/spec/lib/kb/osvdb_119878_spec.rb +21 -21
- data/spec/lib/kb/osvdb_119927_spec.rb +2 -2
- data/spec/lib/kb/osvdb_120415_spec.rb +2 -2
- data/spec/lib/kb/osvdb_120857_spec.rb +6 -6
- data/spec/lib/kb/osvdb_121701_spec.rb +2 -2
- data/spec/lib/kb/owasp_ror_cheatsheet_disabled.rb +10 -10
- metadata +9 -2
- metadata.gz.sig +0 -0
@@ -6,30 +6,30 @@ describe "The CVE-2011-2705 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "fires when ruby 1.8.7-p351 is detected" do
|
8
8
|
@check.detected_ruby ={:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p351"}
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "fires when ruby 1.9.0 any patchlevel is detected" do
|
12
12
|
@check.detected_ruby ={:engine=>"ruby", :version=>"1.9.0", :patchlevel=>"p351"}
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "fires when ruby 1.9.1 any patchlevel is detected" do
|
16
16
|
@check.detected_ruby ={:engine=>"ruby", :version=>"1.9.1", :patchlevel=>"p351"}
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "fires when ruby 1.9.2-p289 is detected" do
|
20
20
|
@check.detected_ruby ={:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"p289"}
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(true)
|
22
22
|
end
|
23
23
|
it "doesn't fire when ruby 1.8.7-p352 is detected" do
|
24
24
|
@check.detected_ruby ={:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p352"}
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
it "doesn't fire when ruby 1.9.2-p290 is detected" do
|
28
28
|
@check.detected_ruby ={:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"p290"}
|
29
|
-
@check.vuln
|
29
|
+
expect(@check.vuln?).to eq(false)
|
30
30
|
end
|
31
31
|
it "doesn't fire when ruby 1.9.3-p290 is detected" do
|
32
32
|
@check.detected_ruby ={:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p290"}
|
33
|
-
@check.vuln
|
33
|
+
expect(@check.vuln?).to eq(false)
|
34
34
|
end
|
35
35
|
end
|
@@ -6,26 +6,26 @@ describe "The CVE-2011-2930 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "fires when vulnerable rails version is used (2.3.12)" do
|
8
8
|
@check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "fires when vulnerable rails version is used (3.0.9)" do
|
12
12
|
@check.dependencies = [{:name=>"rails", :version=>'3.0.9'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "fires when vulnerable rails version is used (3.1.0)" do
|
16
16
|
@check.dependencies = [{:name=>"rails", :version=>'3.1.0'}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "doesn't fire when safe rails version is used (2.3.14)" do
|
20
20
|
@check.dependencies = [{:name=>"rails", :version=>'2.3.14'}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
it "doesn't fire when safe rails version is used (3.0.10)" do
|
24
24
|
@check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
it "doesn't fire when safe rails version is used (3.1.1)" do
|
28
28
|
@check.dependencies = [{:name=>"rails", :version=>'3.1.1'}]
|
29
|
-
@check.vuln
|
29
|
+
expect(@check.vuln?).to eq(false)
|
30
30
|
end
|
31
31
|
end
|
@@ -7,19 +7,19 @@ describe "The CVE-2011-3009 vulnerability" do
|
|
7
7
|
end
|
8
8
|
it "fires if ruby version is vulnerable (1.8.6-p111)" do
|
9
9
|
@check.detected_ruby = {:engine=>'ruby', :version=>"1.8.6", :patchlevel=>"p111"}
|
10
|
-
@check.vuln
|
10
|
+
expect(@check.vuln?).to eq(true)
|
11
11
|
end
|
12
12
|
it "fires if ruby version is vulnerable (1.8.5-p111)" do
|
13
13
|
@check.detected_ruby = {:engine=>'ruby', :version=>"1.8.5", :patchlevel=>"p111"}
|
14
|
-
@check.vuln
|
14
|
+
expect(@check.vuln?).to eq(true)
|
15
15
|
end
|
16
16
|
it "doesn't fire if ruby version is not vulnerable (1.8.6-p112)" do
|
17
17
|
@check.detected_ruby = {:engine=>'ruby', :version=>"1.8.6", :patchlevel=>"p112"}
|
18
|
-
@check.vuln
|
18
|
+
expect(@check.vuln?).to eq(false)
|
19
19
|
end
|
20
20
|
it "doesn't fire if ruby version is not vulnerable (1.9.2-p112)" do
|
21
21
|
@check.detected_ruby = {:engine=>'ruby', :version=>"1.9.2", :patchlevel=>"p112"}
|
22
|
-
@check.vuln
|
22
|
+
expect(@check.vuln?).to eq(false)
|
23
23
|
end
|
24
24
|
|
25
25
|
end
|
@@ -6,19 +6,19 @@ describe "The CVE-2011-3187 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "fires when vulnerable rails version it has been found (3.0.5)" do
|
8
8
|
@check.dependencies = [{:name=>'rails', :version=>'3.0.5'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "doesn't fire when safe rails version it has been found (3.0.6)" do
|
12
12
|
@check.dependencies = [{:name=>'rails', :version=>'3.0.6'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(false)
|
14
14
|
end
|
15
15
|
it "doesn't fire when safe rails version it has been found (3.1.6)" do
|
16
16
|
@check.dependencies = [{:name=>'rails', :version=>'3.1.6'}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(false)
|
18
18
|
end
|
19
19
|
it "doesn't fire when safe rails version it has been found (2.3.16)" do
|
20
20
|
@check.dependencies = [{:name=>'rails', :version=>'2.3.16'}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
# self.safe_dependencies = [{:name=>"rails", :version=>['3.0.6']}]
|
24
24
|
end
|
@@ -6,39 +6,39 @@ describe "The CVE-2011-4319 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "fires when vulnerable rails version it has been found (2.3.12)" do
|
8
8
|
@check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "fires when vulnerable rails version it has been found (3.0.10)" do
|
12
12
|
@check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "fires when vulnerable rails version it has been found (3.1.1)" do
|
16
16
|
@check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "doesn't fire when safe rails version it has been found (2.3.13)" do
|
20
20
|
@check.dependencies = [{:name=>"rails", :version=>'2.3.13'}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
it "doesn't fire when safe rails version it has been found (2.3.14)" do
|
24
24
|
@check.dependencies = [{:name=>"rails", :version=>'2.3.14'}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
it "doesn't fire when safe rails version it has been found (3.0.11)" do
|
28
28
|
@check.dependencies = [{:name=>"rails", :version=>'3.0.11'}]
|
29
|
-
@check.vuln
|
29
|
+
expect(@check.vuln?).to eq(false)
|
30
30
|
end
|
31
31
|
it "doesn't fire when safe rails version it has been found (3.0.12)" do
|
32
32
|
@check.dependencies = [{:name=>"rails", :version=>'3.0.12'}]
|
33
|
-
@check.vuln
|
33
|
+
expect(@check.vuln?).to eq(false)
|
34
34
|
end
|
35
35
|
it "doesn't fire when safe rails version it has been found (3.1.2)" do
|
36
36
|
@check.dependencies = [{:name=>"rails", :version=>'3.1.2'}]
|
37
|
-
@check.vuln
|
37
|
+
expect(@check.vuln?).to eq(false)
|
38
38
|
end
|
39
39
|
it "doesn't fire when safe rails version it has been found (3.2.0)" do
|
40
40
|
@check.dependencies = [{:name=>"rails", :version=>'3.2.0'}]
|
41
|
-
@check.vuln
|
41
|
+
expect(@check.vuln?).to eq(false)
|
42
42
|
end
|
43
43
|
# self.safe_dependencies = [{:name=>"rails", :version=>['2.3.13', '3.0.11', '3.1.2']}]
|
44
44
|
end
|
@@ -6,90 +6,90 @@ describe "The CVE-2011-5036 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected - 1.0.1" do
|
8
8
|
@check.dependencies = [{:name=>"rack", :version=>"1.0.1"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
|
12
12
|
it "is reported when the vulnerable gem is detected - 0.9.1" do
|
13
13
|
@check.dependencies = [{:name=>"rack", :version=>"0.9.1"}]
|
14
|
-
@check.vuln
|
14
|
+
expect(@check.vuln?).to eq(true)
|
15
15
|
end
|
16
16
|
it "is reported when the vulnerable gem is detected - 0.9" do
|
17
17
|
@check.dependencies = [{:name=>"rack", :version=>"0.9"}]
|
18
|
-
@check.vuln
|
18
|
+
expect(@check.vuln?).to eq(true)
|
19
19
|
end
|
20
20
|
it "is reported when the vulnerable gem is detected - 0.4" do
|
21
21
|
@check.dependencies = [{:name=>"rack", :version=>"0.4"}]
|
22
|
-
@check.vuln
|
22
|
+
expect(@check.vuln?).to eq(true)
|
23
23
|
end
|
24
24
|
it "is reported when the vulnerable gem is detected - 0.3" do
|
25
25
|
@check.dependencies = [{:name=>"rack", :version=>"0.3"}]
|
26
|
-
@check.vuln
|
26
|
+
expect(@check.vuln?).to eq(true)
|
27
27
|
end
|
28
28
|
it "is reported when the vulnerable gem is detected - 0.2" do
|
29
29
|
@check.dependencies = [{:name=>"rack", :version=>"0.2"}]
|
30
|
-
@check.vuln
|
30
|
+
expect(@check.vuln?).to eq(true)
|
31
31
|
end
|
32
32
|
it "is reported when the vulnerable gem is detected - 0.1" do
|
33
33
|
@check.dependencies = [{:name=>"rack", :version=>"0.1"}]
|
34
|
-
@check.vuln
|
34
|
+
expect(@check.vuln?).to eq(true)
|
35
35
|
end
|
36
36
|
it "is reported when the vulnerable gem is detected - 1.0.0" do
|
37
37
|
@check.dependencies = [{:name=>"rack", :version=>"1.0.0"}]
|
38
|
-
@check.vuln
|
38
|
+
expect(@check.vuln?).to eq(true)
|
39
39
|
end
|
40
40
|
it "is reported when the vulnerable gem is detected - 1.1.0" do
|
41
41
|
@check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
|
42
|
-
@check.vuln
|
42
|
+
expect(@check.vuln?).to eq(true)
|
43
43
|
end
|
44
44
|
it "is reported when the vulnerable gem is detected - 1.1.2" do
|
45
45
|
@check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
|
46
|
-
@check.vuln
|
46
|
+
expect(@check.vuln?).to eq(true)
|
47
47
|
end
|
48
48
|
it "is reported when the vulnerable gem is detected - 1.2.0" do
|
49
49
|
@check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
|
50
|
-
@check.vuln
|
50
|
+
expect(@check.vuln?).to eq(true)
|
51
51
|
end
|
52
52
|
|
53
53
|
it "is reported when the vulnerable gem is detected - 1.2.1" do
|
54
54
|
@check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
|
55
|
-
@check.vuln
|
55
|
+
expect(@check.vuln?).to eq(true)
|
56
56
|
end
|
57
57
|
it "is reported when the vulnerable gem is detected - 1.2.2" do
|
58
58
|
@check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
|
59
|
-
@check.vuln
|
59
|
+
expect(@check.vuln?).to eq(true)
|
60
60
|
end
|
61
61
|
it "is reported when the vulnerable gem is detected - 1.2.3" do
|
62
62
|
|
63
63
|
@check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
|
64
|
-
@check.vuln
|
64
|
+
expect(@check.vuln?).to eq(true)
|
65
65
|
end
|
66
66
|
it "is reported when the vulnerable gem is detected - 1.2.4" do
|
67
67
|
@check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
|
68
|
-
@check.vuln
|
68
|
+
expect(@check.vuln?).to eq(true)
|
69
69
|
end
|
70
70
|
it "is reported when the vulnerable gem is detected - 1.3.0" do
|
71
71
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
|
72
|
-
@check.vuln
|
72
|
+
expect(@check.vuln?).to eq(true)
|
73
73
|
end
|
74
74
|
|
75
75
|
it "is reported when the vulnerable gem is detected - 1.3.1" do
|
76
76
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
|
77
|
-
@check.vuln
|
77
|
+
expect(@check.vuln?).to eq(true)
|
78
78
|
end
|
79
79
|
it "is reported when the vulnerable gem is detected - 1.3.2" do
|
80
80
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
|
81
|
-
@check.vuln
|
81
|
+
expect(@check.vuln?).to eq(true)
|
82
82
|
end
|
83
83
|
it "is reported when the vulnerable gem is detected - 1.3.3" do
|
84
84
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
|
85
|
-
@check.vuln
|
85
|
+
expect(@check.vuln?).to eq(true)
|
86
86
|
end
|
87
87
|
it "is reported when the vulnerable gem is detected - 1.3.4" do
|
88
88
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
|
89
|
-
@check.vuln
|
89
|
+
expect(@check.vuln?).to eq(true)
|
90
90
|
end
|
91
91
|
it "is reported when the vulnerable gem is detected - 1.3.5" do
|
92
92
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
|
93
|
-
@check.vuln
|
93
|
+
expect(@check.vuln?).to eq(true)
|
94
94
|
end
|
95
95
|
end
|
@@ -6,31 +6,31 @@ describe "The CVE-2012-1098 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "fires when vulnerable rails version it has been found (3.0.11)" do
|
8
8
|
@check.dependencies = [{:name=>"rails", :version=>'3.0.11'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "fires when vulnerable rails version it has been found (3.1.3)" do
|
12
12
|
@check.dependencies = [{:name=>"rails", :version=>'3.1.3'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "fires when vulnerable rails version it has been found (3.2.1)" do
|
16
16
|
@check.dependencies = [{:name=>"rails", :version=>'3.2.1'}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "doesn't fire when non vulnerable rails version it has been found (3.2.2)" do
|
20
20
|
@check.dependencies = [{:name=>"rails", :version=>'3.2.2'}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
it "doesn't fire when non vulnerable rails version it has been found (3.2.4)" do
|
24
24
|
@check.dependencies = [{:name=>"rails", :version=>'3.2.4'}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
it "doesn't fire when non vulnerable rails version it has been found (3.1.4)" do
|
28
28
|
@check.dependencies = [{:name=>"rails", :version=>'3.1.4'}]
|
29
29
|
# @check.debug = true
|
30
|
-
@check.vuln
|
30
|
+
expect(@check.vuln?).to eq(false)
|
31
31
|
end
|
32
32
|
it "doesn't fire when rails version older than 3.x.y it has been found" do
|
33
33
|
@check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
|
34
|
-
@check.vuln
|
34
|
+
expect(@check.vuln?).to eq(false)
|
35
35
|
end
|
36
36
|
end
|
@@ -6,15 +6,15 @@ describe "The CVE-2012-2139 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when mail_gem version 2.4.3 is used" do
|
8
8
|
@check.dependencies = [{:name=>"mail_gem", :version=>"2.4.3"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when mail_gem version 2.3.3 is used" do
|
12
12
|
@check.dependencies = [{:name=>"mail_gem", :version=>"2.3.3"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
|
16
16
|
it "is not reported when mail_gem version 2.4.4 is used" do
|
17
17
|
@check.dependencies = [{:name=>"mail_gem", :version=>"2.4.4"}]
|
18
|
-
@check.vuln
|
18
|
+
expect(@check.vuln?).to eq(false)
|
19
19
|
end
|
20
20
|
end
|
@@ -6,18 +6,18 @@ describe "The CVE-2012-2671 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when ruby-cache version 0.5 is used" do
|
8
8
|
@check.dependencies = [{:name=>"rack-cache", :version=>'0.5'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when ruby-cache version 0.8 is used" do
|
12
12
|
@check.dependencies = [{:name=>"rack-cache", :version=>'0.8'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when ruby-cache version 1.1.1 is used" do
|
16
16
|
@check.dependencies = [{:name=>"rack-cache", :version=>'1.1.1'}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "is not reported when ruby-cache version 1.1.2 is used" do
|
20
20
|
@check.dependencies = [{:name=>"rack-cache", :version=>'1.1.2'}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
end
|
@@ -6,107 +6,107 @@ describe "The CVE-2012-6109 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected - 1.0.1" do
|
8
8
|
@check.dependencies = [{:name=>"rack", :version=>"1.0.1"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
|
12
12
|
it "is reported when the vulnerable gem is detected - 0.9.1" do
|
13
13
|
@check.dependencies = [{:name=>"rack", :version=>"0.9.1"}]
|
14
|
-
@check.vuln
|
14
|
+
expect(@check.vuln?).to eq(true)
|
15
15
|
end
|
16
16
|
it "is reported when the vulnerable gem is detected - 0.9" do
|
17
17
|
@check.dependencies = [{:name=>"rack", :version=>"0.9"}]
|
18
|
-
@check.vuln
|
18
|
+
expect(@check.vuln?).to eq(true)
|
19
19
|
end
|
20
20
|
it "is reported when the vulnerable gem is detected - 0.4" do
|
21
21
|
@check.dependencies = [{:name=>"rack", :version=>"0.4"}]
|
22
|
-
@check.vuln
|
22
|
+
expect(@check.vuln?).to eq(true)
|
23
23
|
end
|
24
24
|
it "is reported when the vulnerable gem is detected - 0.3" do
|
25
25
|
@check.dependencies = [{:name=>"rack", :version=>"0.3"}]
|
26
|
-
@check.vuln
|
26
|
+
expect(@check.vuln?).to eq(true)
|
27
27
|
end
|
28
28
|
it "is reported when the vulnerable gem is detected - 0.2" do
|
29
29
|
@check.dependencies = [{:name=>"rack", :version=>"0.2"}]
|
30
|
-
@check.vuln
|
30
|
+
expect(@check.vuln?).to eq(true)
|
31
31
|
end
|
32
32
|
it "is reported when the vulnerable gem is detected - 0.1" do
|
33
33
|
@check.dependencies = [{:name=>"rack", :version=>"0.1"}]
|
34
|
-
@check.vuln
|
34
|
+
expect(@check.vuln?).to eq(true)
|
35
35
|
end
|
36
36
|
it "is reported when the vulnerable gem is detected - 1.0.0" do
|
37
37
|
@check.dependencies = [{:name=>"rack", :version=>"1.0.0"}]
|
38
|
-
@check.vuln
|
38
|
+
expect(@check.vuln?).to eq(true)
|
39
39
|
end
|
40
40
|
it "is reported when the vulnerable gem is detected - 1.1.0" do
|
41
41
|
@check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
|
42
|
-
@check.vuln
|
42
|
+
expect(@check.vuln?).to eq(true)
|
43
43
|
end
|
44
44
|
it "is reported when the vulnerable gem is detected - 1.1.3" do
|
45
45
|
@check.dependencies = [{:name=>"rack", :version=>"1.1.3"}]
|
46
|
-
@check.vuln
|
46
|
+
expect(@check.vuln?).to eq(true)
|
47
47
|
end
|
48
48
|
it "is reported when the vulnerable gem is detected - 1.1.2" do
|
49
49
|
@check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
|
50
|
-
@check.vuln
|
50
|
+
expect(@check.vuln?).to eq(true)
|
51
51
|
end
|
52
52
|
it "is reported when the vulnerable gem is detected - 1.2.0" do
|
53
53
|
@check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
|
54
|
-
@check.vuln
|
54
|
+
expect(@check.vuln?).to eq(true)
|
55
55
|
end
|
56
56
|
|
57
57
|
it "is reported when the vulnerable gem is detected - 1.2.1" do
|
58
58
|
@check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
|
59
|
-
@check.vuln
|
59
|
+
expect(@check.vuln?).to eq(true)
|
60
60
|
end
|
61
61
|
it "is reported when the vulnerable gem is detected - 1.2.2" do
|
62
62
|
@check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
|
63
|
-
@check.vuln
|
63
|
+
expect(@check.vuln?).to eq(true)
|
64
64
|
end
|
65
65
|
it "is reported when the vulnerable gem is detected - 1.2.3" do
|
66
66
|
|
67
67
|
@check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
|
68
|
-
@check.vuln
|
68
|
+
expect(@check.vuln?).to eq(true)
|
69
69
|
end
|
70
70
|
it "is reported when the vulnerable gem is detected - 1.2.4" do
|
71
71
|
@check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
|
72
|
-
@check.vuln
|
72
|
+
expect(@check.vuln?).to eq(true)
|
73
73
|
end
|
74
74
|
it "is reported when the vulnerable gem is detected - 1.3.0" do
|
75
75
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
|
76
|
-
@check.vuln
|
76
|
+
expect(@check.vuln?).to eq(true)
|
77
77
|
end
|
78
78
|
|
79
79
|
it "is reported when the vulnerable gem is detected - 1.3.1" do
|
80
80
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
|
81
|
-
@check.vuln
|
81
|
+
expect(@check.vuln?).to eq(true)
|
82
82
|
end
|
83
83
|
it "is reported when the vulnerable gem is detected - 1.3.2" do
|
84
84
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
|
85
|
-
@check.vuln
|
85
|
+
expect(@check.vuln?).to eq(true)
|
86
86
|
end
|
87
87
|
it "is reported when the vulnerable gem is detected - 1.3.3" do
|
88
88
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
|
89
|
-
@check.vuln
|
89
|
+
expect(@check.vuln?).to eq(true)
|
90
90
|
end
|
91
91
|
it "is reported when the vulnerable gem is detected - 1.3.4" do
|
92
92
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
|
93
|
-
@check.vuln
|
93
|
+
expect(@check.vuln?).to eq(true)
|
94
94
|
end
|
95
95
|
it "is reported when the vulnerable gem is detected - 1.3.5" do
|
96
96
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
|
97
|
-
@check.vuln
|
97
|
+
expect(@check.vuln?).to eq(true)
|
98
98
|
end
|
99
99
|
it "is reported when the vulnerable gem is detected - 1.3.6" do
|
100
100
|
@check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
|
101
|
-
@check.vuln
|
101
|
+
expect(@check.vuln?).to eq(true)
|
102
102
|
end
|
103
103
|
|
104
104
|
it "is reported when the vulnerable gem is detected - 1.4.0" do
|
105
105
|
@check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
|
106
|
-
@check.vuln
|
106
|
+
expect(@check.vuln?).to eq(true)
|
107
107
|
end
|
108
108
|
it "is reported when the vulnerable gem is detected - 1.4.1" do
|
109
109
|
@check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
|
110
|
-
@check.vuln
|
110
|
+
expect(@check.vuln?).to eq(true)
|
111
111
|
end
|
112
112
|
end
|