dawnscanner 1.6.1 → 1.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.ruby-version +1 -1
- data/.travis.yml +2 -0
- data/Changelog.md +10 -1
- data/KnowledgeBase.md +10 -4
- data/README.md +1 -1
- data/Rakefile +12 -8
- data/VERSION +1 -1
- data/checksum/dawnscanner-1.6.1.gem.sha1 +1 -0
- data/lib/dawn/kb/cve_2016_2097.rb +35 -0
- data/lib/dawn/kb/cve_2016_2098.rb +34 -0
- data/lib/dawn/knowledge_base.rb +4 -0
- data/lib/dawn/version.rb +4 -4
- data/spec/lib/dawn/codesake_core_spec.rb +1 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +451 -441
- data/spec/lib/dawn/codesake_padrino_engine_disabled.rb +11 -11
- data/spec/lib/dawn/codesake_rails_engine_disabled.rb +2 -2
- data/spec/lib/dawn/codesake_sinatra_engine_disabled.rb +36 -36
- data/spec/lib/kb/codesake_cve_2013_0175_spec.rb +6 -6
- data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +7 -7
- data/spec/lib/kb/codesake_dependency_version_check_spec.rb +10 -10
- data/spec/lib/kb/codesake_deprecation_check_spec.rb +11 -11
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +4 -4
- data/spec/lib/kb/codesake_version_check_spec.rb +42 -42
- data/spec/lib/kb/cve_2011_2705_spec.rb +7 -7
- data/spec/lib/kb/cve_2011_2930_spec.rb +6 -6
- data/spec/lib/kb/cve_2011_3009_spec.rb +4 -4
- data/spec/lib/kb/cve_2011_3187_spec.rb +4 -4
- data/spec/lib/kb/cve_2011_4319_spec.rb +9 -9
- data/spec/lib/kb/cve_2011_5036_spec.rb +21 -21
- data/spec/lib/kb/cve_2012_1098_spec.rb +7 -7
- data/spec/lib/kb/cve_2012_2139_spec.rb +3 -3
- data/spec/lib/kb/cve_2012_2671_spec.rb +4 -4
- data/spec/lib/kb/cve_2012_6109_spec.rb +25 -25
- data/spec/lib/kb/cve_2012_6684_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_0162_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_0183_spec.rb +11 -11
- data/spec/lib/kb/cve_2013_0184_spec.rb +26 -26
- data/spec/lib/kb/cve_2013_0256_spec.rb +6 -6
- data/spec/lib/kb/cve_2013_0262_spec.rb +9 -9
- data/spec/lib/kb/cve_2013_0263_spec.rb +1 -1
- data/spec/lib/kb/cve_2013_1607_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_1655_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_1756_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_2090_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_2105_spec.rb +1 -1
- data/spec/lib/kb/cve_2013_2119_spec.rb +5 -5
- data/spec/lib/kb/cve_2013_2512_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_2513_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_2516_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4203_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4413_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4489_spec.rb +11 -11
- data/spec/lib/kb/cve_2013_4491_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4593_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_5647_spec.rb +3 -3
- data/spec/lib/kb/cve_2013_5671_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_6416_spec.rb +5 -5
- data/spec/lib/kb/cve_2013_6459_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_7086_spec.rb +3 -3
- data/spec/lib/kb/cve_2014_0036_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_0080_spec.rb +5 -5
- data/spec/lib/kb/cve_2014_0081_spec.rb +10 -10
- data/spec/lib/kb/cve_2014_0082_spec.rb +8 -8
- data/spec/lib/kb/cve_2014_0130_spec.rb +3 -3
- data/spec/lib/kb/cve_2014_1233_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_1234_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_2322_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_2538_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_3482_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_3483_spec.rb +5 -5
- data/spec/lib/kb/cve_2014_7818_spec.rb +8 -8
- data/spec/lib/kb/cve_2014_7819_spec.rb +32 -32
- data/spec/lib/kb/cve_2014_7829_spec.rb +10 -10
- data/spec/lib/kb/cve_2014_9490_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_1819_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_1840_spec.rb +7 -7
- data/spec/lib/kb/cve_2015_2963_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_3224_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_3225_spec.rb +5 -5
- data/spec/lib/kb/cve_2015_3226_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_3227_spec.rb +5 -5
- data/spec/lib/kb/cve_2015_3448_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_4020_spec.rb +4 -4
- data/spec/lib/kb/cve_2015_5312_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7497_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7498_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7499_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7500_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7519_spec.rb +4 -4
- data/spec/lib/kb/cve_2015_7541_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_7576_spec.rb +11 -11
- data/spec/lib/kb/cve_2015_7577_spec.rb +11 -11
- data/spec/lib/kb/cve_2015_7578_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_7579_spec.rb +4 -4
- data/spec/lib/kb/cve_2015_7581_spec.rb +11 -11
- data/spec/lib/kb/cve_2015_8241_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_8242_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_8317_spec.rb +6 -6
- data/spec/lib/kb/cve_2016_0751_spec.rb +11 -11
- data/spec/lib/kb/cve_2016_0752_spec.rb +11 -11
- data/spec/lib/kb/cve_2016_0753_spec.rb +11 -11
- data/spec/lib/kb/cve_2016_2097_spec.rb +35 -0
- data/spec/lib/kb/cve_2016_2098_spec.rb +39 -0
- data/spec/lib/kb/osvdb_105971_spec.rb +2 -2
- data/spec/lib/kb/osvdb_108530_spec.rb +3 -3
- data/spec/lib/kb/osvdb_108563_spec.rb +2 -2
- data/spec/lib/kb/osvdb_108569_spec.rb +2 -2
- data/spec/lib/kb/osvdb_108570_spec.rb +2 -2
- data/spec/lib/kb/osvdb_115654_spec.rb +2 -2
- data/spec/lib/kb/osvdb_116010_spec.rb +2 -2
- data/spec/lib/kb/osvdb_117903_spec.rb +4 -4
- data/spec/lib/kb/osvdb_118830_spec.rb +2 -2
- data/spec/lib/kb/osvdb_118954_spec.rb +3 -3
- data/spec/lib/kb/osvdb_119878_spec.rb +21 -21
- data/spec/lib/kb/osvdb_119927_spec.rb +2 -2
- data/spec/lib/kb/osvdb_120415_spec.rb +2 -2
- data/spec/lib/kb/osvdb_120857_spec.rb +6 -6
- data/spec/lib/kb/osvdb_121701_spec.rb +2 -2
- data/spec/lib/kb/owasp_ror_cheatsheet_disabled.rb +10 -10
- metadata +9 -2
- metadata.gz.sig +0 -0
@@ -7,10 +7,10 @@ describe "The CVE-2014-1234 vulnerability" do
|
|
7
7
|
|
8
8
|
it "is reported when a paratrooper-newrelic gem version 1.0.1 is detected" do
|
9
9
|
@check.dependencies = [{:name=>"paratrooper-newrelic", :version=>"1.0.1"}]
|
10
|
-
@check.vuln
|
10
|
+
expect(@check.vuln?).to eq(true)
|
11
11
|
end
|
12
12
|
it "is not reported when a paratrooper-newrelic gem version 1.0.2 is detected" do
|
13
13
|
@check.dependencies = [{:name=>"paratrooper-newrelic", :version=>"1.0.2"}]
|
14
|
-
@check.vuln
|
14
|
+
expect(@check.vuln?).to eq(false)
|
15
15
|
end
|
16
16
|
end
|
@@ -6,10 +6,10 @@ describe "The CVE-2014-2322 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when a vulnerable arabic prawn gem version is found (0.0.1)" do
|
8
8
|
@check.dependencies = [{:name=>"Arabic-Prawn", :version=>'0.0.1'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is not reported when a sage vulnerable arabic prawn gem version is found (0.0.2)" do
|
12
12
|
@check.dependencies = [{:name=>"Arabic-Prawn", :version=>'0.0.2'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(false)
|
14
14
|
end
|
15
15
|
end
|
@@ -6,10 +6,10 @@ describe "The CVE-2014-2538 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when rack-ssl vulnerable version it has been found (1.3.9)" do
|
8
8
|
@check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.9'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when rack-ssl not vulnerable version it has been found (1.4.0)" do
|
12
12
|
@check.dependencies = [{:name=>'rack-ssl', :version=>'1.4.0'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(false)
|
14
14
|
end
|
15
15
|
end
|
@@ -6,10 +6,10 @@ describe "The CVE-2014-3482 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when a vulnerable version it has been found (3.2.18)" do
|
8
8
|
@check.dependencies = [{:name=>"rails", :version=>"3.2.18"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is not reported when a safe version it has been found (3.2.19)" do
|
12
12
|
@check.dependencies = [{:name=>"rails", :version=>"3.2.19"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(false)
|
14
14
|
end
|
15
15
|
end
|
@@ -6,22 +6,22 @@ describe "The CVE-2014-3483 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when a rails gem version 4.0.6 is detected" do
|
8
8
|
@check.dependencies = [{:name=>"rails", :version=>"4.0.6"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when a rails gem version 4.1.2 is detected" do
|
12
12
|
@check.dependencies = [{:name=>"rails", :version=>"4.1.2"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is not reported when a rails gem version 4.0.7 is detected" do
|
16
16
|
@check.dependencies = [{:name=>"rails", :version=>"4.0.7"}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(false)
|
18
18
|
end
|
19
19
|
it "is not reported when a rails gem version 4.1.3 is detected" do
|
20
20
|
@check.dependencies = [{:name=>"rails", :version=>"4.1.3"}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
it "is not reported when a rails gem version 3.2.21 is detected" do
|
24
24
|
@check.dependencies = [{:name=>"rails", :version=>"3.2.21"}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
end
|
@@ -6,37 +6,37 @@ describe "The CVE-2014-7818 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when vulnerable rails gem is used (3.2.18)" do
|
8
8
|
@check.dependencies = [{:name=>"rails", :version=>'3.2.18'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when vulnerable rails gem is used (4.0.7)" do
|
12
12
|
@check.dependencies = [{:name=>"rails", :version=>'4.0.7'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when vulnerable rails gem is used (4.1.6)" do
|
16
16
|
@check.dependencies = [{:name=>"rails", :version=>'4.1.6'}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "is reported when vulnerable rails gem is used (4.2.0.beta2)" do
|
20
20
|
@check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta2'}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(true)
|
22
22
|
end
|
23
23
|
|
24
24
|
# SAFE VERSIONS
|
25
25
|
it "is not reported when safe rails gem is used (3.2.20)" do
|
26
26
|
@check.dependencies = [{:name=>"rails", :version=>'3.2.20'}]
|
27
|
-
@check.vuln
|
27
|
+
expect(@check.vuln?).to eq(false)
|
28
28
|
end
|
29
29
|
it "is not reported when safe rails gem is used (4.0.11)" do
|
30
30
|
@check.dependencies = [{:name=>"rails", :version=>'4.0.11'}]
|
31
|
-
@check.vuln
|
31
|
+
expect(@check.vuln?).to eq(false)
|
32
32
|
end
|
33
33
|
it "is not reported when safe rails gem is used (4.1.7)" do
|
34
34
|
@check.dependencies = [{:name=>"rails", :version=>'4.1.7'}]
|
35
|
-
@check.vuln
|
35
|
+
expect(@check.vuln?).to eq(false)
|
36
36
|
end
|
37
37
|
it "is not reported when safe rails gem is used (4.2.0.beta3)" do
|
38
38
|
@check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta3'}]
|
39
|
-
@check.vuln
|
39
|
+
expect(@check.vuln?).to eq(false)
|
40
40
|
end
|
41
41
|
|
42
42
|
end
|
@@ -7,132 +7,132 @@ describe "The CVE-2014-7819 vulnerability" do
|
|
7
7
|
# Vulnerable versions
|
8
8
|
it "is reported when vulnerable rails gem is used (4.1.7)" do
|
9
9
|
@check.dependencies = [{:name=>"rails", :version=>'4.1.7'}]
|
10
|
-
@check.vuln
|
10
|
+
expect(@check.vuln?).to eq(true)
|
11
11
|
end
|
12
12
|
it "is reported when vulnerable rails gem is used (3.2.17)" do
|
13
13
|
@check.dependencies = [{:name=>"rails", :version=>'3.2.17'}]
|
14
|
-
@check.vuln
|
14
|
+
expect(@check.vuln?).to eq(true)
|
15
15
|
end
|
16
16
|
it "is reported when vulnerable sprockets gem is used (2.0.5)" do
|
17
17
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.0.5'}]
|
18
|
-
@check.vuln
|
18
|
+
expect(@check.vuln?).to eq(true)
|
19
19
|
end
|
20
20
|
it "is reported when vulnerable sprockets gem is used (2.1.3)" do
|
21
21
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.1.3'}]
|
22
|
-
@check.vuln
|
22
|
+
expect(@check.vuln?).to eq(true)
|
23
23
|
end
|
24
24
|
it "is reported when vulnerable sprockets gem is used (2.2.2)" do
|
25
25
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.2.2'}]
|
26
|
-
@check.vuln
|
26
|
+
expect(@check.vuln?).to eq(true)
|
27
27
|
end
|
28
28
|
it "is reported when vulnerable sprockets gem is used (2.3.2)" do
|
29
29
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.3.2'}]
|
30
|
-
@check.vuln
|
30
|
+
expect(@check.vuln?).to eq(true)
|
31
31
|
end
|
32
32
|
it "is reported when vulnerable sprockets gem is used (2.4.5)" do
|
33
33
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.4.5'}]
|
34
|
-
@check.vuln
|
34
|
+
expect(@check.vuln?).to eq(true)
|
35
35
|
end
|
36
36
|
it "is reported when vulnerable sprockets gem is used (2.5.0)" do
|
37
37
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.5.0'}]
|
38
|
-
@check.vuln
|
38
|
+
expect(@check.vuln?).to eq(true)
|
39
39
|
end
|
40
40
|
it "is reported when vulnerable sprockets gem is used (2.6.0)" do
|
41
41
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.6.0'}]
|
42
|
-
@check.vuln
|
42
|
+
expect(@check.vuln?).to eq(true)
|
43
43
|
end
|
44
44
|
it "is reported when vulnerable sprockets gem is used (2.7.0)" do
|
45
45
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.7.0'}]
|
46
|
-
@check.vuln
|
46
|
+
expect(@check.vuln?).to eq(true)
|
47
47
|
end
|
48
48
|
it "is reported when vulnerable sprockets gem is used (2.8.2)" do
|
49
49
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.8.2'}]
|
50
|
-
@check.vuln
|
50
|
+
expect(@check.vuln?).to eq(true)
|
51
51
|
end
|
52
52
|
it "is reported when vulnerable sprockets gem is used (2.9.3)" do
|
53
53
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.9.3'}]
|
54
|
-
@check.vuln
|
54
|
+
expect(@check.vuln?).to eq(true)
|
55
55
|
end
|
56
56
|
it "is reported when vulnerable sprockets gem is used (2.10.1)" do
|
57
57
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.10.1'}]
|
58
|
-
@check.vuln
|
58
|
+
expect(@check.vuln?).to eq(true)
|
59
59
|
end
|
60
60
|
it "is reported when vulnerable sprockets gem is used (2.11.2)" do
|
61
61
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.11.2'}]
|
62
|
-
@check.vuln
|
62
|
+
expect(@check.vuln?).to eq(true)
|
63
63
|
end
|
64
64
|
it "is reported when vulnerable sprockets gem is used (2.12.2)" do
|
65
65
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.12.2'}]
|
66
|
-
@check.vuln
|
66
|
+
expect(@check.vuln?).to eq(true)
|
67
67
|
end
|
68
68
|
it "is reported when vulnerable sprockets gem is used (3.0.0.beta2)" do
|
69
69
|
@check.dependencies = [{:name=>"sprockets", :version=>'3.0.0.beta2'}]
|
70
|
-
@check.vuln
|
70
|
+
expect(@check.vuln?).to eq(true)
|
71
71
|
end
|
72
72
|
# Safe versions
|
73
73
|
it "is not reported when safe rails gem is used (4.1.8)" do
|
74
74
|
@check.dependencies = [{:name=>"rails", :version=>'4.1.8'}]
|
75
|
-
@check.vuln
|
75
|
+
expect(@check.vuln?).to eq(false)
|
76
76
|
end
|
77
77
|
it "is not reported when safe rails gem is used (3.2.18)" do
|
78
78
|
@check.dependencies = [{:name=>"rails", :version=>'3.2.18'}]
|
79
|
-
@check.vuln
|
79
|
+
expect(@check.vuln?).to eq(false)
|
80
80
|
end
|
81
81
|
it "is not reported when safe sprockets gem is used (2.0.6)" do
|
82
82
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.0.6'}]
|
83
|
-
@check.vuln
|
83
|
+
expect(@check.vuln?).to eq(false)
|
84
84
|
end
|
85
85
|
it "is not reported when safe sprockets gem is used (2.1.4)" do
|
86
86
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.1.4'}]
|
87
|
-
@check.vuln
|
87
|
+
expect(@check.vuln?).to eq(false)
|
88
88
|
end
|
89
89
|
it "is not reported when safe sprockets gem is used (2.2.3)" do
|
90
90
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.2.3'}]
|
91
|
-
@check.vuln
|
91
|
+
expect(@check.vuln?).to eq(false)
|
92
92
|
end
|
93
93
|
it "is not reported when safe sprockets gem is used (2.3.3)" do
|
94
94
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.3.3'}]
|
95
|
-
@check.vuln
|
95
|
+
expect(@check.vuln?).to eq(false)
|
96
96
|
end
|
97
97
|
it "is not reported when safe sprockets gem is used (2.4.6)" do
|
98
98
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.4.6'}]
|
99
|
-
@check.vuln
|
99
|
+
expect(@check.vuln?).to eq(false)
|
100
100
|
end
|
101
101
|
it "is not reported when safe sprockets gem is used (2.5.6)" do
|
102
102
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.5.6'}]
|
103
|
-
@check.vuln
|
103
|
+
expect(@check.vuln?).to eq(false)
|
104
104
|
end
|
105
105
|
it "is not reported when safe sprockets gem is used (2.6.6)" do
|
106
106
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.6.6'}]
|
107
|
-
@check.vuln
|
107
|
+
expect(@check.vuln?).to eq(false)
|
108
108
|
end
|
109
109
|
it "is not reported when safe sprockets gem is used (2.7.6)" do
|
110
110
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.7.6'}]
|
111
|
-
@check.vuln
|
111
|
+
expect(@check.vuln?).to eq(false)
|
112
112
|
end
|
113
113
|
it "is not reported when safe sprockets gem is used (2.8.6)" do
|
114
114
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.8.6'}]
|
115
|
-
@check.vuln
|
115
|
+
expect(@check.vuln?).to eq(false)
|
116
116
|
end
|
117
117
|
it "is not reported when safe sprockets gem is used (2.9.6)" do
|
118
118
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.9.6'}]
|
119
|
-
@check.vuln
|
119
|
+
expect(@check.vuln?).to eq(false)
|
120
120
|
end
|
121
121
|
it "is not reported when safe sprockets gem is used (2.10.6)" do
|
122
122
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.10.6'}]
|
123
|
-
@check.vuln
|
123
|
+
expect(@check.vuln?).to eq(false)
|
124
124
|
end
|
125
125
|
it "is not reported when safe sprockets gem is used (2.11.6)" do
|
126
126
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.11.6'}]
|
127
|
-
@check.vuln
|
127
|
+
expect(@check.vuln?).to eq(false)
|
128
128
|
end
|
129
129
|
it "is not reported when safe sprockets gem is used (2.12.6)" do
|
130
130
|
@check.dependencies = [{:name=>"sprockets", :version=>'2.12.6'}]
|
131
|
-
@check.vuln
|
131
|
+
expect(@check.vuln?).to eq(false)
|
132
132
|
end
|
133
133
|
it "is not reported when safe sprockets gem is used (3.0.0.beta3)" do
|
134
134
|
@check.dependencies = [{:name=>"sprockets", :version=>'3.0.0.beta3'}]
|
135
|
-
@check.vuln
|
135
|
+
expect(@check.vuln?).to eq(false)
|
136
136
|
end
|
137
137
|
|
138
138
|
|
@@ -6,44 +6,44 @@ describe "The CVE-2014-7829 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when vulnerable rails gem is used (3.2.20)" do
|
8
8
|
@check.dependencies = [{:name=>"rails", :version=>'3.2.20'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when vulnerable rails gem is used (3.1.20)" do
|
12
12
|
@check.dependencies = [{:name=>"rails", :version=>'3.1.20'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when vulnerable rails gem is used (3.0.20)" do
|
16
16
|
@check.dependencies = [{:name=>"rails", :version=>'3.0.20'}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "is reported when vulnerable rails gem is used (4.0.11)" do
|
20
20
|
@check.dependencies = [{:name=>"rails", :version=>'4.0.11'}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(true)
|
22
22
|
end
|
23
23
|
it "is reported when vulnerable rails gem is used (4.1.7)" do
|
24
24
|
@check.dependencies = [{:name=>"rails", :version=>'4.1.7'}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(true)
|
26
26
|
end
|
27
27
|
it "is reported when vulnerable rails gem is used (4.2.0.beta3)" do
|
28
28
|
@check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta3'}]
|
29
|
-
@check.vuln
|
29
|
+
expect(@check.vuln?).to eq(true)
|
30
30
|
end
|
31
31
|
|
32
32
|
it "is not reported when safe rails gem is used (3.2.21)" do
|
33
33
|
@check.dependencies = [{:name=>"rails", :version=>'3.2.21'}]
|
34
|
-
@check.vuln
|
34
|
+
expect(@check.vuln?).to eq(false)
|
35
35
|
end
|
36
36
|
it "is not reported when safe rails gem is used (4.0.12)" do
|
37
37
|
@check.dependencies = [{:name=>"rails", :version=>'4.0.12'}]
|
38
|
-
@check.vuln
|
38
|
+
expect(@check.vuln?).to eq(false)
|
39
39
|
end
|
40
40
|
it "is not reported when safe rails gem is used (4.1.8)" do
|
41
41
|
@check.dependencies = [{:name=>"rails", :version=>'4.1.8'}]
|
42
|
-
@check.vuln
|
42
|
+
expect(@check.vuln?).to eq(false)
|
43
43
|
end
|
44
44
|
it "is not reported when safe rails gem is used (4.2.0.beta4)" do
|
45
45
|
@check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta4'}]
|
46
|
-
@check.vuln
|
46
|
+
expect(@check.vuln?).to eq(false)
|
47
47
|
end
|
48
48
|
|
49
49
|
it "is reported when..."
|
@@ -7,11 +7,11 @@ describe "The CVE-2014-9490 vulnerability" do
|
|
7
7
|
|
8
8
|
it "is reported when vulnerable raven-ruby gem is used (0.12.1)" do
|
9
9
|
@check.dependencies = [{:name=>"raven-ruby", :version=>'0.12.1'}]
|
10
|
-
@check.vuln
|
10
|
+
expect(@check.vuln?).to eq(true)
|
11
11
|
end
|
12
12
|
it "is not reported when safe raven-ruby gem is used (0.12.2)" do
|
13
13
|
@check.dependencies = [{:name=>"raven-ruby", :version=>'0.12.2'}]
|
14
|
-
@check.vuln
|
14
|
+
expect(@check.vuln?).to eq(false)
|
15
15
|
end
|
16
16
|
|
17
17
|
end
|
@@ -6,11 +6,11 @@ describe "The CVE-2015-1819 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected" do
|
8
8
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.6.3"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is not reported when a fixed release is detected" do
|
12
12
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.6.4"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(false)
|
14
14
|
end
|
15
15
|
|
16
16
|
end
|
@@ -6,32 +6,32 @@ describe "The CVE-2015-1840 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when vulnerable jquery-rails gem is used (3.1.2)" do
|
8
8
|
@check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.2'}]
|
9
|
-
@check_a.vuln
|
9
|
+
expect(@check_a.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when vulnerable jquery-rails gem is used 4.0.1)" do
|
12
12
|
@check_a.dependencies = [{:name=>"jquery-rails", :version=>'4.0.1'}]
|
13
|
-
@check_a.vuln
|
13
|
+
expect(@check_a.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when vulnerable jquery-ujs gem is used 1.0.3)" do
|
16
16
|
@check_b.dependencies = [{:name=>"jquery-ujs", :version=>'1.0.3'}]
|
17
|
-
@check_b.vuln
|
17
|
+
expect(@check_b.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
|
20
20
|
it "is reported when vulnerable jquery-rails gem is used (3.1.3)" do
|
21
21
|
@check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.3'}]
|
22
|
-
@check_a.vuln
|
22
|
+
expect(@check_a.vuln?).to eq(false)
|
23
23
|
end
|
24
24
|
it "is reported when vulnerable jquery-rails gem is used (3.1.4)" do
|
25
25
|
@check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.4'}]
|
26
|
-
@check_a.vuln
|
26
|
+
expect(@check_a.vuln?).to eq(false)
|
27
27
|
end
|
28
28
|
it "is reported when vulnerable jquery-rails gem is used 4.0.2)" do
|
29
29
|
@check_a.dependencies = [{:name=>"jquery-rails", :version=>'4.0.2'}]
|
30
|
-
@check_a.vuln
|
30
|
+
expect(@check_a.vuln?).to eq(false)
|
31
31
|
end
|
32
32
|
it "is reported when vulnerable jquery-ujs gem is used 1.0.4)" do
|
33
33
|
@check_b.dependencies = [{:name=>"jquery-ujs", :version=>'1.0.4'}]
|
34
|
-
@check_b.vuln
|
34
|
+
expect(@check_b.vuln?).to eq(false)
|
35
35
|
end
|
36
36
|
|
37
37
|
|
@@ -6,12 +6,12 @@ describe "The CVE-2015-2963 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when vulnerable paperclip gem is used 4.2.1)" do
|
8
8
|
@check.dependencies = [{:name=>"paperclip", :version=>'4.2.1'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
|
12
12
|
it "is reported when not vulnerable paperclip gem is used (4.2.2)" do
|
13
13
|
@check.dependencies = [{:name=>"paperclip", :version=>'4.2.2'}]
|
14
|
-
@check.vuln
|
14
|
+
expect(@check.vuln?).to eq(false)
|
15
15
|
end
|
16
16
|
|
17
17
|
end
|
@@ -6,11 +6,11 @@ describe "The CVE-2015-3224 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when vulnerable web-console gem is used (2.1.2)" do
|
8
8
|
@check.dependencies = [{:name=>"web-console", :version=>'2.1.2'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is not reported when safe rack gem is used (2.1.3)" do
|
12
12
|
@check.dependencies = [{:name=>"web-console", :version=>'2.1.3'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(false)
|
14
14
|
end
|
15
15
|
|
16
16
|
end
|