dawnscanner 1.6.1 → 1.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.ruby-version +1 -1
- data/.travis.yml +2 -0
- data/Changelog.md +10 -1
- data/KnowledgeBase.md +10 -4
- data/README.md +1 -1
- data/Rakefile +12 -8
- data/VERSION +1 -1
- data/checksum/dawnscanner-1.6.1.gem.sha1 +1 -0
- data/lib/dawn/kb/cve_2016_2097.rb +35 -0
- data/lib/dawn/kb/cve_2016_2098.rb +34 -0
- data/lib/dawn/knowledge_base.rb +4 -0
- data/lib/dawn/version.rb +4 -4
- data/spec/lib/dawn/codesake_core_spec.rb +1 -1
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +451 -441
- data/spec/lib/dawn/codesake_padrino_engine_disabled.rb +11 -11
- data/spec/lib/dawn/codesake_rails_engine_disabled.rb +2 -2
- data/spec/lib/dawn/codesake_sinatra_engine_disabled.rb +36 -36
- data/spec/lib/kb/codesake_cve_2013_0175_spec.rb +6 -6
- data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +7 -7
- data/spec/lib/kb/codesake_dependency_version_check_spec.rb +10 -10
- data/spec/lib/kb/codesake_deprecation_check_spec.rb +11 -11
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +4 -4
- data/spec/lib/kb/codesake_version_check_spec.rb +42 -42
- data/spec/lib/kb/cve_2011_2705_spec.rb +7 -7
- data/spec/lib/kb/cve_2011_2930_spec.rb +6 -6
- data/spec/lib/kb/cve_2011_3009_spec.rb +4 -4
- data/spec/lib/kb/cve_2011_3187_spec.rb +4 -4
- data/spec/lib/kb/cve_2011_4319_spec.rb +9 -9
- data/spec/lib/kb/cve_2011_5036_spec.rb +21 -21
- data/spec/lib/kb/cve_2012_1098_spec.rb +7 -7
- data/spec/lib/kb/cve_2012_2139_spec.rb +3 -3
- data/spec/lib/kb/cve_2012_2671_spec.rb +4 -4
- data/spec/lib/kb/cve_2012_6109_spec.rb +25 -25
- data/spec/lib/kb/cve_2012_6684_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_0162_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_0183_spec.rb +11 -11
- data/spec/lib/kb/cve_2013_0184_spec.rb +26 -26
- data/spec/lib/kb/cve_2013_0256_spec.rb +6 -6
- data/spec/lib/kb/cve_2013_0262_spec.rb +9 -9
- data/spec/lib/kb/cve_2013_0263_spec.rb +1 -1
- data/spec/lib/kb/cve_2013_1607_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_1655_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_1756_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_2090_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_2105_spec.rb +1 -1
- data/spec/lib/kb/cve_2013_2119_spec.rb +5 -5
- data/spec/lib/kb/cve_2013_2512_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_2513_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_2516_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4203_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4413_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4489_spec.rb +11 -11
- data/spec/lib/kb/cve_2013_4491_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_4593_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_5647_spec.rb +3 -3
- data/spec/lib/kb/cve_2013_5671_spec.rb +4 -4
- data/spec/lib/kb/cve_2013_6416_spec.rb +5 -5
- data/spec/lib/kb/cve_2013_6459_spec.rb +2 -2
- data/spec/lib/kb/cve_2013_7086_spec.rb +3 -3
- data/spec/lib/kb/cve_2014_0036_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_0080_spec.rb +5 -5
- data/spec/lib/kb/cve_2014_0081_spec.rb +10 -10
- data/spec/lib/kb/cve_2014_0082_spec.rb +8 -8
- data/spec/lib/kb/cve_2014_0130_spec.rb +3 -3
- data/spec/lib/kb/cve_2014_1233_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_1234_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_2322_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_2538_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_3482_spec.rb +2 -2
- data/spec/lib/kb/cve_2014_3483_spec.rb +5 -5
- data/spec/lib/kb/cve_2014_7818_spec.rb +8 -8
- data/spec/lib/kb/cve_2014_7819_spec.rb +32 -32
- data/spec/lib/kb/cve_2014_7829_spec.rb +10 -10
- data/spec/lib/kb/cve_2014_9490_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_1819_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_1840_spec.rb +7 -7
- data/spec/lib/kb/cve_2015_2963_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_3224_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_3225_spec.rb +5 -5
- data/spec/lib/kb/cve_2015_3226_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_3227_spec.rb +5 -5
- data/spec/lib/kb/cve_2015_3448_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_4020_spec.rb +4 -4
- data/spec/lib/kb/cve_2015_5312_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7497_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7498_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7499_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7500_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_7519_spec.rb +4 -4
- data/spec/lib/kb/cve_2015_7541_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_7576_spec.rb +11 -11
- data/spec/lib/kb/cve_2015_7577_spec.rb +11 -11
- data/spec/lib/kb/cve_2015_7578_spec.rb +2 -2
- data/spec/lib/kb/cve_2015_7579_spec.rb +4 -4
- data/spec/lib/kb/cve_2015_7581_spec.rb +11 -11
- data/spec/lib/kb/cve_2015_8241_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_8242_spec.rb +6 -6
- data/spec/lib/kb/cve_2015_8317_spec.rb +6 -6
- data/spec/lib/kb/cve_2016_0751_spec.rb +11 -11
- data/spec/lib/kb/cve_2016_0752_spec.rb +11 -11
- data/spec/lib/kb/cve_2016_0753_spec.rb +11 -11
- data/spec/lib/kb/cve_2016_2097_spec.rb +35 -0
- data/spec/lib/kb/cve_2016_2098_spec.rb +39 -0
- data/spec/lib/kb/osvdb_105971_spec.rb +2 -2
- data/spec/lib/kb/osvdb_108530_spec.rb +3 -3
- data/spec/lib/kb/osvdb_108563_spec.rb +2 -2
- data/spec/lib/kb/osvdb_108569_spec.rb +2 -2
- data/spec/lib/kb/osvdb_108570_spec.rb +2 -2
- data/spec/lib/kb/osvdb_115654_spec.rb +2 -2
- data/spec/lib/kb/osvdb_116010_spec.rb +2 -2
- data/spec/lib/kb/osvdb_117903_spec.rb +4 -4
- data/spec/lib/kb/osvdb_118830_spec.rb +2 -2
- data/spec/lib/kb/osvdb_118954_spec.rb +3 -3
- data/spec/lib/kb/osvdb_119878_spec.rb +21 -21
- data/spec/lib/kb/osvdb_119927_spec.rb +2 -2
- data/spec/lib/kb/osvdb_120415_spec.rb +2 -2
- data/spec/lib/kb/osvdb_120857_spec.rb +6 -6
- data/spec/lib/kb/osvdb_121701_spec.rb +2 -2
- data/spec/lib/kb/owasp_ror_cheatsheet_disabled.rb +10 -10
- metadata +9 -2
- metadata.gz.sig +0 -0
@@ -6,22 +6,22 @@ describe "The CVE-2015-3225 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when vulnerable rack gem is used (1.5.3)" do
|
8
8
|
@check.dependencies = [{:name=>"rack", :version=>'1.5.3'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when vulnerable rack gem is used (1.6.1)" do
|
12
12
|
@check.dependencies = [{:name=>"rack", :version=>'1.6.1'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is not reported when safe rack gem is used (1.5.4)" do
|
16
16
|
@check.dependencies = [{:name=>"rack", :version=>'1.5.4'}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(false)
|
18
18
|
end
|
19
19
|
it "is not reported when safe rack gem is used (1.5.5)" do
|
20
20
|
@check.dependencies = [{:name=>"rack", :version=>'1.5.5'}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
it "is not reported when safe rack gem is used (1.6.3)" do
|
24
24
|
@check.dependencies = [{:name=>"rack", :version=>'1.6.3'}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
end
|
@@ -7,27 +7,27 @@ describe "The CVE-2015-3226 vulnerability" do
|
|
7
7
|
|
8
8
|
it "is reported when vulnerable active_support gem is used (3.x.x)" do
|
9
9
|
@check.dependencies = [{:name=>"activesupport", :version=>'3.2.11'}]
|
10
|
-
@check.vuln
|
10
|
+
expect(@check.vuln?).to eq(true)
|
11
11
|
end
|
12
12
|
it "is reported when vulnerable active_support gem is used (4.1.11)" do
|
13
13
|
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
|
14
|
-
@check.vuln
|
14
|
+
expect(@check.vuln?).to eq(true)
|
15
15
|
end
|
16
16
|
it "is reported when vulnerable active_support gem is used (4.2.2)" do
|
17
17
|
@check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
|
18
|
-
@check.vuln
|
18
|
+
expect(@check.vuln?).to eq(true)
|
19
19
|
end
|
20
20
|
it "is not reported when safe active_support gem is used (4.1.12)" do
|
21
21
|
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
|
22
|
-
@check.vuln
|
22
|
+
expect(@check.vuln?).to eq(false)
|
23
23
|
end
|
24
24
|
it "is not reported when safe active_support gem is used (4.1.13)" do
|
25
25
|
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
|
26
|
-
@check.vuln
|
26
|
+
expect(@check.vuln?).to eq(false)
|
27
27
|
end
|
28
28
|
it "is not reported when safe active_support gem is used (4.2.3)" do
|
29
29
|
@check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
|
30
|
-
@check.vuln
|
30
|
+
expect(@check.vuln?).to eq(false)
|
31
31
|
end
|
32
32
|
|
33
33
|
end
|
@@ -6,22 +6,22 @@ describe "The CVE-2015-3227 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when vulnerable active_support gem is used (4.1.11)" do
|
8
8
|
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when vulnerable active_support gem is used (4.2.2)" do
|
12
12
|
@check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is not reported when safe active_support gem is used (4.1.12)" do
|
16
16
|
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(false)
|
18
18
|
end
|
19
19
|
it "is not reported when safe active_support gem is used (4.1.13)" do
|
20
20
|
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
it "is not reported when safe active_support gem is used (4.2.3)" do
|
24
24
|
@check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
end
|
@@ -6,11 +6,11 @@ describe "The CVE-2015-3448 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when vulnerable rest-client gem is used (1.7.2)" do
|
8
8
|
@check.dependencies = [{:name=>"rest-client", :version=>'1.7.2'}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is not reported when safe rest-client gem is used (1.7.3)" do
|
12
12
|
@check.dependencies = [{:name=>"rest-client", :version=>'1.7.3'}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(false)
|
14
14
|
end
|
15
15
|
|
16
16
|
end
|
@@ -6,19 +6,19 @@ describe "The CVE-2015-4020 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable rubygem is detected" do
|
8
8
|
@check.my_gem_version="2.4.3"
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when the vulnerable rubygem is detected" do
|
12
12
|
@check.my_gem_version="2.2.4"
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when the vulnerable rubygem is detected" do
|
16
16
|
@check.my_gem_version="2.0.16"
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "is not reported when a fixed release is detected" do
|
20
20
|
@check.my_gem_version="2.4.9"
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
|
24
24
|
end
|
@@ -6,26 +6,26 @@ describe "The CVE-2015-5312 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected" do
|
8
8
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when the vulnerable gem is detected" do
|
12
12
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when the vulnerable gem is detected" do
|
16
16
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "is not reported when a fixed release is detected" do
|
20
20
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
it "is not reported when a fixed release is detected" do
|
24
24
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
it "is not reported when a fixed release is detected" do
|
28
28
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
29
|
-
@check.vuln
|
29
|
+
expect(@check.vuln?).to eq(false)
|
30
30
|
end
|
31
31
|
end
|
@@ -6,26 +6,26 @@ describe "The CVE-2015-7497 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected" do
|
8
8
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when the vulnerable gem is detected" do
|
12
12
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when the vulnerable gem is detected" do
|
16
16
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "is not reported when a fixed release is detected" do
|
20
20
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
it "is not reported when a fixed release is detected" do
|
24
24
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
it "is not reported when a fixed release is detected" do
|
28
28
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
29
|
-
@check.vuln
|
29
|
+
expect(@check.vuln?).to eq(false)
|
30
30
|
end
|
31
31
|
end
|
@@ -6,26 +6,26 @@ describe "The CVE-2015-7498 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected" do
|
8
8
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when the vulnerable gem is detected" do
|
12
12
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when the vulnerable gem is detected" do
|
16
16
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "is not reported when a fixed release is detected" do
|
20
20
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
it "is not reported when a fixed release is detected" do
|
24
24
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
it "is not reported when a fixed release is detected" do
|
28
28
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
29
|
-
@check.vuln
|
29
|
+
expect(@check.vuln?).to eq(false)
|
30
30
|
end
|
31
31
|
end
|
@@ -6,26 +6,26 @@ describe "The CVE-2015-7499 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected" do
|
8
8
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when the vulnerable gem is detected" do
|
12
12
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when the vulnerable gem is detected" do
|
16
16
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "is not reported when a fixed release is detected" do
|
20
20
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
it "is not reported when a fixed release is detected" do
|
24
24
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
it "is not reported when a fixed release is detected" do
|
28
28
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
29
|
-
@check.vuln
|
29
|
+
expect(@check.vuln?).to eq(false)
|
30
30
|
end
|
31
31
|
end
|
@@ -6,26 +6,26 @@ describe "The CVE-2015-7500 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected" do
|
8
8
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when the vulnerable gem is detected" do
|
12
12
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when the vulnerable gem is detected" do
|
16
16
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "is not reported when a fixed release is detected" do
|
20
20
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
it "is not reported when a fixed release is detected" do
|
24
24
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
it "is not reported when a fixed release is detected" do
|
28
28
|
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
29
|
-
@check.vuln
|
29
|
+
expect(@check.vuln?).to eq(false)
|
30
30
|
end
|
31
31
|
end
|
@@ -6,18 +6,18 @@ describe "The CVE-2015-7519 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected" do
|
8
8
|
@check.dependencies = [{:name=>"passenger", :version=>"4.0.54"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when the vulnerable gem is detected" do
|
12
12
|
@check.dependencies = [{:name=>"passenger", :version=>"5.0.12"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is not reported when a fixed release is detected" do
|
16
16
|
@check.dependencies = [{:name=>"passenger", :version=>"4.0.60"}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(false)
|
18
18
|
end
|
19
19
|
it "is not reported when a fixed release is detected" do
|
20
20
|
@check.dependencies = [{:name=>"passenger", :version=>"5.0.22"}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(false)
|
22
22
|
end
|
23
23
|
end
|
@@ -6,10 +6,10 @@ describe "The CVE-2015-7541 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected" do
|
8
8
|
@check.dependencies = [{:name=>"colorscore", :version=>"0.0.4"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is not reported when a fixed release is detected" do
|
12
12
|
@check.dependencies = [{:name=>"colorscore", :version=>"0.0.5"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(false)
|
14
14
|
end
|
15
15
|
end
|
@@ -6,46 +6,46 @@ describe "The CVE-2015-7576 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected" do
|
8
8
|
@check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when the vulnerable gem is detected" do
|
12
12
|
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when the vulnerable gem is detected" do
|
16
16
|
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "is reported when the vulnerable gem is detected" do
|
20
20
|
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(true)
|
22
22
|
end
|
23
23
|
it "is not reported when a fixed release is detected" do
|
24
24
|
@check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
it "is not reported when a fixed release is detected" do
|
28
28
|
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.1"}]
|
29
|
-
@check.vuln
|
29
|
+
expect(@check.vuln?).to eq(false)
|
30
30
|
end
|
31
31
|
it "is not reported when a fixed release is detected" do
|
32
32
|
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}]
|
33
|
-
@check.vuln
|
33
|
+
expect(@check.vuln?).to eq(false)
|
34
34
|
end
|
35
35
|
it "is not reported when a fixed release is detected" do
|
36
36
|
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}]
|
37
|
-
@check.vuln
|
37
|
+
expect(@check.vuln?).to eq(false)
|
38
38
|
end
|
39
39
|
it "is not reported when a fixed release is detected" do
|
40
40
|
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}]
|
41
|
-
@check.vuln
|
41
|
+
expect(@check.vuln?).to eq(false)
|
42
42
|
end
|
43
43
|
it "is not reported when a fixed release is detected" do
|
44
44
|
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.1"}]
|
45
|
-
@check.vuln
|
45
|
+
expect(@check.vuln?).to eq(false)
|
46
46
|
end
|
47
47
|
it "is not reported when a fixed release is detected" do
|
48
48
|
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.23"}]
|
49
|
-
@check.vuln
|
49
|
+
expect(@check.vuln?).to eq(false)
|
50
50
|
end
|
51
51
|
end
|
@@ -6,46 +6,46 @@ describe "The CVE-2015-7577 vulnerability" do
|
|
6
6
|
end
|
7
7
|
it "is reported when the vulnerable gem is detected" do
|
8
8
|
@check.dependencies = [{:name=>"activerecord", :version=>"5.0.0.beta.1"}]
|
9
|
-
@check.vuln
|
9
|
+
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
11
|
it "is reported when the vulnerable gem is detected" do
|
12
12
|
@check.dependencies = [{:name=>"activerecord", :version=>"4.2.5"}]
|
13
|
-
@check.vuln
|
13
|
+
expect(@check.vuln?).to eq(true)
|
14
14
|
end
|
15
15
|
it "is reported when the vulnerable gem is detected" do
|
16
16
|
@check.dependencies = [{:name=>"activerecord", :version=>"4.1.14"}]
|
17
|
-
@check.vuln
|
17
|
+
expect(@check.vuln?).to eq(true)
|
18
18
|
end
|
19
19
|
it "is reported when the vulnerable gem is detected" do
|
20
20
|
@check.dependencies = [{:name=>"activerecord", :version=>"3.2.22"}]
|
21
|
-
@check.vuln
|
21
|
+
expect(@check.vuln?).to eq(true)
|
22
22
|
end
|
23
23
|
it "is not reported when a fixed release is detected" do
|
24
24
|
@check.dependencies = [{:name=>"activerecord", :version=>"5.0.0"}]
|
25
|
-
@check.vuln
|
25
|
+
expect(@check.vuln?).to eq(false)
|
26
26
|
end
|
27
27
|
it "is not reported when a fixed release is detected" do
|
28
28
|
@check.dependencies = [{:name=>"activerecord", :version=>"4.2.5.1"}]
|
29
|
-
@check.vuln
|
29
|
+
expect(@check.vuln?).to eq(false)
|
30
30
|
end
|
31
31
|
it "is not reported when a fixed release is detected" do
|
32
32
|
@check.dependencies = [{:name=>"activerecord", :version=>"4.2.6"}]
|
33
|
-
@check.vuln
|
33
|
+
expect(@check.vuln?).to eq(false)
|
34
34
|
end
|
35
35
|
it "is not reported when a fixed release is detected" do
|
36
36
|
@check.dependencies = [{:name=>"activerecord", :version=>"4.1.14.2"}]
|
37
|
-
@check.vuln
|
37
|
+
expect(@check.vuln?).to eq(false)
|
38
38
|
end
|
39
39
|
it "is not reported when a fixed release is detected" do
|
40
40
|
@check.dependencies = [{:name=>"activerecord", :version=>"4.1.15"}]
|
41
|
-
@check.vuln
|
41
|
+
expect(@check.vuln?).to eq(false)
|
42
42
|
end
|
43
43
|
it "is not reported when a fixed release is detected" do
|
44
44
|
@check.dependencies = [{:name=>"activerecord", :version=>"3.2.22.1"}]
|
45
|
-
@check.vuln
|
45
|
+
expect(@check.vuln?).to eq(false)
|
46
46
|
end
|
47
47
|
it "is not reported when a fixed release is detected" do
|
48
48
|
@check.dependencies = [{:name=>"activerecord", :version=>"3.2.23"}]
|
49
|
-
@check.vuln
|
49
|
+
expect(@check.vuln?).to eq(false)
|
50
50
|
end
|
51
51
|
end
|