RubyGems - dawnscanner - Versions diffs - 1.6.1 → 1.6.2 - Mend

dawnscanner 1.6.1 → 1.6.2

Files changed (124) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.ruby-version +1 -1
data/.travis.yml +2 -0
data/Changelog.md +10 -1
data/KnowledgeBase.md +10 -4
data/README.md +1 -1
data/Rakefile +12 -8
data/VERSION +1 -1
data/checksum/dawnscanner-1.6.1.gem.sha1 +1 -0
data/lib/dawn/kb/cve_2016_2097.rb +35 -0
data/lib/dawn/kb/cve_2016_2098.rb +34 -0
data/lib/dawn/knowledge_base.rb +4 -0
data/lib/dawn/version.rb +4 -4
data/spec/lib/dawn/codesake_core_spec.rb +1 -1
data/spec/lib/dawn/codesake_knowledgebase_spec.rb +451 -441
data/spec/lib/dawn/codesake_padrino_engine_disabled.rb +11 -11
data/spec/lib/dawn/codesake_rails_engine_disabled.rb +2 -2
data/spec/lib/dawn/codesake_sinatra_engine_disabled.rb +36 -36
data/spec/lib/kb/codesake_cve_2013_0175_spec.rb +6 -6
data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +7 -7
data/spec/lib/kb/codesake_dependency_version_check_spec.rb +10 -10
data/spec/lib/kb/codesake_deprecation_check_spec.rb +11 -11
data/spec/lib/kb/codesake_ruby_version_check_spec.rb +4 -4
data/spec/lib/kb/codesake_version_check_spec.rb +42 -42
data/spec/lib/kb/cve_2011_2705_spec.rb +7 -7
data/spec/lib/kb/cve_2011_2930_spec.rb +6 -6
data/spec/lib/kb/cve_2011_3009_spec.rb +4 -4
data/spec/lib/kb/cve_2011_3187_spec.rb +4 -4
data/spec/lib/kb/cve_2011_4319_spec.rb +9 -9
data/spec/lib/kb/cve_2011_5036_spec.rb +21 -21
data/spec/lib/kb/cve_2012_1098_spec.rb +7 -7
data/spec/lib/kb/cve_2012_2139_spec.rb +3 -3
data/spec/lib/kb/cve_2012_2671_spec.rb +4 -4
data/spec/lib/kb/cve_2012_6109_spec.rb +25 -25
data/spec/lib/kb/cve_2012_6684_spec.rb +2 -2
data/spec/lib/kb/cve_2013_0162_spec.rb +4 -4
data/spec/lib/kb/cve_2013_0183_spec.rb +11 -11
data/spec/lib/kb/cve_2013_0184_spec.rb +26 -26
data/spec/lib/kb/cve_2013_0256_spec.rb +6 -6
data/spec/lib/kb/cve_2013_0262_spec.rb +9 -9
data/spec/lib/kb/cve_2013_0263_spec.rb +1 -1
data/spec/lib/kb/cve_2013_1607_spec.rb +2 -2
data/spec/lib/kb/cve_2013_1655_spec.rb +4 -4
data/spec/lib/kb/cve_2013_1756_spec.rb +4 -4
data/spec/lib/kb/cve_2013_2090_spec.rb +2 -2
data/spec/lib/kb/cve_2013_2105_spec.rb +1 -1
data/spec/lib/kb/cve_2013_2119_spec.rb +5 -5
data/spec/lib/kb/cve_2013_2512_spec.rb +2 -2
data/spec/lib/kb/cve_2013_2513_spec.rb +2 -2
data/spec/lib/kb/cve_2013_2516_spec.rb +2 -2
data/spec/lib/kb/cve_2013_4203_spec.rb +2 -2
data/spec/lib/kb/cve_2013_4413_spec.rb +2 -2
data/spec/lib/kb/cve_2013_4489_spec.rb +11 -11
data/spec/lib/kb/cve_2013_4491_spec.rb +2 -2
data/spec/lib/kb/cve_2013_4593_spec.rb +2 -2
data/spec/lib/kb/cve_2013_5647_spec.rb +3 -3
data/spec/lib/kb/cve_2013_5671_spec.rb +4 -4
data/spec/lib/kb/cve_2013_6416_spec.rb +5 -5
data/spec/lib/kb/cve_2013_6459_spec.rb +2 -2
data/spec/lib/kb/cve_2013_7086_spec.rb +3 -3
data/spec/lib/kb/cve_2014_0036_spec.rb +2 -2
data/spec/lib/kb/cve_2014_0080_spec.rb +5 -5
data/spec/lib/kb/cve_2014_0081_spec.rb +10 -10
data/spec/lib/kb/cve_2014_0082_spec.rb +8 -8
data/spec/lib/kb/cve_2014_0130_spec.rb +3 -3
data/spec/lib/kb/cve_2014_1233_spec.rb +2 -2
data/spec/lib/kb/cve_2014_1234_spec.rb +2 -2
data/spec/lib/kb/cve_2014_2322_spec.rb +2 -2
data/spec/lib/kb/cve_2014_2538_spec.rb +2 -2
data/spec/lib/kb/cve_2014_3482_spec.rb +2 -2
data/spec/lib/kb/cve_2014_3483_spec.rb +5 -5
data/spec/lib/kb/cve_2014_7818_spec.rb +8 -8
data/spec/lib/kb/cve_2014_7819_spec.rb +32 -32
data/spec/lib/kb/cve_2014_7829_spec.rb +10 -10
data/spec/lib/kb/cve_2014_9490_spec.rb +2 -2
data/spec/lib/kb/cve_2015_1819_spec.rb +2 -2
data/spec/lib/kb/cve_2015_1840_spec.rb +7 -7
data/spec/lib/kb/cve_2015_2963_spec.rb +2 -2
data/spec/lib/kb/cve_2015_3224_spec.rb +2 -2
data/spec/lib/kb/cve_2015_3225_spec.rb +5 -5
data/spec/lib/kb/cve_2015_3226_spec.rb +6 -6
data/spec/lib/kb/cve_2015_3227_spec.rb +5 -5
data/spec/lib/kb/cve_2015_3448_spec.rb +2 -2
data/spec/lib/kb/cve_2015_4020_spec.rb +4 -4
data/spec/lib/kb/cve_2015_5312_spec.rb +6 -6
data/spec/lib/kb/cve_2015_7497_spec.rb +6 -6
data/spec/lib/kb/cve_2015_7498_spec.rb +6 -6
data/spec/lib/kb/cve_2015_7499_spec.rb +6 -6
data/spec/lib/kb/cve_2015_7500_spec.rb +6 -6
data/spec/lib/kb/cve_2015_7519_spec.rb +4 -4
data/spec/lib/kb/cve_2015_7541_spec.rb +2 -2
data/spec/lib/kb/cve_2015_7576_spec.rb +11 -11
data/spec/lib/kb/cve_2015_7577_spec.rb +11 -11
data/spec/lib/kb/cve_2015_7578_spec.rb +2 -2
data/spec/lib/kb/cve_2015_7579_spec.rb +4 -4
data/spec/lib/kb/cve_2015_7581_spec.rb +11 -11
data/spec/lib/kb/cve_2015_8241_spec.rb +6 -6
data/spec/lib/kb/cve_2015_8242_spec.rb +6 -6
data/spec/lib/kb/cve_2015_8317_spec.rb +6 -6
data/spec/lib/kb/cve_2016_0751_spec.rb +11 -11
data/spec/lib/kb/cve_2016_0752_spec.rb +11 -11
data/spec/lib/kb/cve_2016_0753_spec.rb +11 -11
data/spec/lib/kb/cve_2016_2097_spec.rb +35 -0
data/spec/lib/kb/cve_2016_2098_spec.rb +39 -0
data/spec/lib/kb/osvdb_105971_spec.rb +2 -2
data/spec/lib/kb/osvdb_108530_spec.rb +3 -3
data/spec/lib/kb/osvdb_108563_spec.rb +2 -2
data/spec/lib/kb/osvdb_108569_spec.rb +2 -2
data/spec/lib/kb/osvdb_108570_spec.rb +2 -2
data/spec/lib/kb/osvdb_115654_spec.rb +2 -2
data/spec/lib/kb/osvdb_116010_spec.rb +2 -2
data/spec/lib/kb/osvdb_117903_spec.rb +4 -4
data/spec/lib/kb/osvdb_118830_spec.rb +2 -2
data/spec/lib/kb/osvdb_118954_spec.rb +3 -3
data/spec/lib/kb/osvdb_119878_spec.rb +21 -21
data/spec/lib/kb/osvdb_119927_spec.rb +2 -2
data/spec/lib/kb/osvdb_120415_spec.rb +2 -2
data/spec/lib/kb/osvdb_120857_spec.rb +6 -6
data/spec/lib/kb/osvdb_121701_spec.rb +2 -2
data/spec/lib/kb/owasp_ror_cheatsheet_disabled.rb +10 -10
metadata +9 -2
metadata.gz.sig +0 -0

data/spec/lib/kb/cve_2014_1234_spec.rb CHANGED

@@ -7,10 +7,10 @@ describe "The CVE-2014-1234 vulnerability" do
   it "is reported when a paratrooper-newrelic gem version 1.0.1 is detected" do
     @check.dependencies = [{:name=>"paratrooper-newrelic", :version=>"1.0.1"}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is not reported when a paratrooper-newrelic gem version 1.0.2 is detected" do
     @check.dependencies = [{:name=>"paratrooper-newrelic", :version=>"1.0.2"}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
 end

data/spec/lib/kb/cve_2014_2322_spec.rb CHANGED

@@ -6,10 +6,10 @@ describe "The CVE-2014-2322 vulnerability" do
 	end
   it "is reported when a vulnerable arabic prawn gem version is found (0.0.1)" do
     @check.dependencies = [{:name=>"Arabic-Prawn", :version=>'0.0.1'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is not reported when a sage vulnerable arabic prawn gem version is found (0.0.2)" do
     @check.dependencies = [{:name=>"Arabic-Prawn", :version=>'0.0.2'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
 end

data/spec/lib/kb/cve_2014_2538_spec.rb CHANGED

@@ -6,10 +6,10 @@ describe "The CVE-2014-2538 vulnerability" do
 	end
   it "is reported when rack-ssl vulnerable version it has been found (1.3.9)" do
     @check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.9'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when rack-ssl not vulnerable version it has been found (1.4.0)" do
     @check.dependencies = [{:name=>'rack-ssl', :version=>'1.4.0'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
 end

data/spec/lib/kb/cve_2014_3482_spec.rb CHANGED

@@ -6,10 +6,10 @@ describe "The CVE-2014-3482 vulnerability" do
 	end
   it "is reported when a vulnerable version it has been found (3.2.18)" do
     @check.dependencies = [{:name=>"rails", :version=>"3.2.18"}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is not reported when a safe version it has been found (3.2.19)" do
     @check.dependencies = [{:name=>"rails", :version=>"3.2.19"}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
 end

data/spec/lib/kb/cve_2014_3483_spec.rb CHANGED

@@ -6,22 +6,22 @@ describe "The CVE-2014-3483 vulnerability" do
 	end
   it "is reported when a rails gem version 4.0.6 is detected" do
     @check.dependencies = [{:name=>"rails", :version=>"4.0.6"}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when a rails gem version 4.1.2 is detected" do
     @check.dependencies = [{:name=>"rails", :version=>"4.1.2"}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is not reported when a rails gem version 4.0.7 is detected" do
     @check.dependencies = [{:name=>"rails", :version=>"4.0.7"}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when a rails gem version 4.1.3 is detected" do
     @check.dependencies = [{:name=>"rails", :version=>"4.1.3"}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when a rails gem version 3.2.21 is detected" do
     @check.dependencies = [{:name=>"rails", :version=>"3.2.21"}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
 end

data/spec/lib/kb/cve_2014_7818_spec.rb CHANGED

@@ -6,37 +6,37 @@ describe "The CVE-2014-7818 vulnerability" do
 	end
   it "is reported when vulnerable rails gem is used (3.2.18)" do
     @check.dependencies = [{:name=>"rails", :version=>'3.2.18'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable rails gem is used (4.0.7)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.0.7'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable rails gem is used (4.1.6)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.1.6'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable rails gem is used (4.2.0.beta2)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta2'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   # SAFE VERSIONS
   it "is not reported when safe rails gem is used (3.2.20)" do
     @check.dependencies = [{:name=>"rails", :version=>'3.2.20'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe rails gem is used (4.0.11)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.0.11'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe rails gem is used (4.1.7)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.1.7'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe rails gem is used (4.2.0.beta3)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta3'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
 end

data/spec/lib/kb/cve_2014_7819_spec.rb CHANGED

@@ -7,132 +7,132 @@ describe "The CVE-2014-7819 vulnerability" do
   # Vulnerable versions
   it "is reported when vulnerable rails gem is used (4.1.7)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.1.7'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable rails gem is used (3.2.17)" do
     @check.dependencies = [{:name=>"rails", :version=>'3.2.17'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.0.5)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.0.5'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.1.3)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.1.3'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.2.2)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.2.2'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.3.2)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.3.2'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.4.5)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.4.5'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.5.0)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.5.0'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.6.0)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.6.0'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.7.0)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.7.0'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.8.2)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.8.2'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.9.3)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.9.3'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.10.1)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.10.1'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.11.2)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.11.2'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (2.12.2)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.12.2'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable sprockets gem is used (3.0.0.beta2)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'3.0.0.beta2'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   # Safe versions
   it "is not reported when safe rails gem is used (4.1.8)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.1.8'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe rails gem is used (3.2.18)" do
     @check.dependencies = [{:name=>"rails", :version=>'3.2.18'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.0.6)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.0.6'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.1.4)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.1.4'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.2.3)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.2.3'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.3.3)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.3.3'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.4.6)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.4.6'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.5.6)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.5.6'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.6.6)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.6.6'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.7.6)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.7.6'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.8.6)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.8.6'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.9.6)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.9.6'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.10.6)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.10.6'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.11.6)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.11.6'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (2.12.6)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'2.12.6'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe sprockets gem is used (3.0.0.beta3)" do
     @check.dependencies = [{:name=>"sprockets", :version=>'3.0.0.beta3'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end

data/spec/lib/kb/cve_2014_7829_spec.rb CHANGED

@@ -6,44 +6,44 @@ describe "The CVE-2014-7829 vulnerability" do
 	end
   it "is reported when vulnerable rails gem is used (3.2.20)" do
     @check.dependencies = [{:name=>"rails", :version=>'3.2.20'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable rails gem is used (3.1.20)" do
     @check.dependencies = [{:name=>"rails", :version=>'3.1.20'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable rails gem is used (3.0.20)" do
     @check.dependencies = [{:name=>"rails", :version=>'3.0.20'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable rails gem is used (4.0.11)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.0.11'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable rails gem is used (4.1.7)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.1.7'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when vulnerable rails gem is used (4.2.0.beta3)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta3'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is not reported when safe rails gem is used (3.2.21)" do
     @check.dependencies = [{:name=>"rails", :version=>'3.2.21'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe rails gem is used (4.0.12)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.0.12'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe rails gem is used (4.1.8)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.1.8'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
   it "is not reported when safe rails gem is used (4.2.0.beta4)" do
     @check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta4'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
 	it "is reported when..."

data/spec/lib/kb/cve_2014_9490_spec.rb CHANGED

@@ -7,11 +7,11 @@ describe "The CVE-2014-9490 vulnerability" do
   it "is reported when vulnerable raven-ruby gem is used (0.12.1)" do
     @check.dependencies = [{:name=>"raven-ruby", :version=>'0.12.1'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is not reported when safe raven-ruby gem is used (0.12.2)" do
     @check.dependencies = [{:name=>"raven-ruby", :version=>'0.12.2'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
 end

data/spec/lib/kb/cve_2015_1819_spec.rb CHANGED

@@ -6,11 +6,11 @@ describe "The CVE-2015-1819 vulnerability" do
 	end
   it "is reported when the vulnerable gem is detected" do
     @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.6.3"}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is not reported when a fixed release is detected" do
     @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.6.4"}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
 end

data/spec/lib/kb/cve_2015_1840_spec.rb CHANGED

@@ -6,32 +6,32 @@ describe "The CVE-2015-1840 vulnerability" do
 	end
   it "is reported when vulnerable jquery-rails gem is used (3.1.2)" do
     @check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.2'}]
-    @check_a.vuln?.should   == true
+    expect(@check_a.vuln?).to   eq(true)
   end
   it "is reported when vulnerable jquery-rails gem is used 4.0.1)" do
     @check_a.dependencies = [{:name=>"jquery-rails", :version=>'4.0.1'}]
-    @check_a.vuln?.should   == true
+    expect(@check_a.vuln?).to   eq(true)
   end
   it "is reported when vulnerable jquery-ujs gem is used 1.0.3)" do
     @check_b.dependencies = [{:name=>"jquery-ujs", :version=>'1.0.3'}]
-    @check_b.vuln?.should   == true
+    expect(@check_b.vuln?).to   eq(true)
   end
   it "is reported when vulnerable jquery-rails gem is used (3.1.3)" do
     @check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.3'}]
-    @check_a.vuln?.should   == false
+    expect(@check_a.vuln?).to   eq(false)
   end
   it "is reported when vulnerable jquery-rails gem is used (3.1.4)" do
     @check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.4'}]
-    @check_a.vuln?.should   == false
+    expect(@check_a.vuln?).to   eq(false)
   end
   it "is reported when vulnerable jquery-rails gem is used 4.0.2)" do
     @check_a.dependencies = [{:name=>"jquery-rails", :version=>'4.0.2'}]
-    @check_a.vuln?.should   == false
+    expect(@check_a.vuln?).to   eq(false)
   end
   it "is reported when vulnerable jquery-ujs gem is used 1.0.4)" do
     @check_b.dependencies = [{:name=>"jquery-ujs", :version=>'1.0.4'}]
-    @check_b.vuln?.should   == false
+    expect(@check_b.vuln?).to   eq(false)
   end

data/spec/lib/kb/cve_2015_2963_spec.rb CHANGED

@@ -6,12 +6,12 @@ describe "The CVE-2015-2963 vulnerability" do
 	end
   it "is reported when vulnerable paperclip gem is used 4.2.1)" do
     @check.dependencies = [{:name=>"paperclip", :version=>'4.2.1'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is reported when not vulnerable paperclip gem is used (4.2.2)" do
     @check.dependencies = [{:name=>"paperclip", :version=>'4.2.2'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
 end

data/spec/lib/kb/cve_2015_3224_spec.rb CHANGED

@@ -6,11 +6,11 @@ describe "The CVE-2015-3224 vulnerability" do
 	end
   it "is reported when vulnerable web-console gem is used (2.1.2)" do
     @check.dependencies = [{:name=>"web-console", :version=>'2.1.2'}]
-    @check.vuln?.should   == true
+    expect(@check.vuln?).to   eq(true)
   end
   it "is not reported when safe rack gem is used (2.1.3)" do
     @check.dependencies = [{:name=>"web-console", :version=>'2.1.3'}]
-    @check.vuln?.should   == false
+    expect(@check.vuln?).to   eq(false)
   end
 end