dawnscanner 1.6.4 → 1.6.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +3 -3
  4. data/Changelog.md +6 -0
  5. data/README.md +1 -1
  6. data/VERSION +1 -1
  7. data/checksum/dawnscanner-1.6.4.gem.sha1 +1 -0
  8. data/code_of_conduct.md +1 -1
  9. data/lib/dawn/kb/cve_2014_2538.rb +2 -2
  10. data/lib/dawn/version.rb +4 -4
  11. data/spec/lib/kb/cve_2014_2538_spec.rb +4 -4
  12. metadata +4 -3
  13. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1770d53c5bcc2080977c8b8f7521992f44476e3d
4
- data.tar.gz: 88228854cf954cbfc41987386911f8e4a0676f56
3
+ metadata.gz: 0ce6cb500c1349a538cfc5f24e7f890d53e36acf
4
+ data.tar.gz: 2ac0fc78293cfdf85aaa143d72c9204148c6313f
5
5
  SHA512:
6
- metadata.gz: 2d2178017f290351bd071b625a21ca3459acae8af3d9bd535f53cbd2a16d7fca2bcebfb47c224f14d495257b6f99ee27f304c9c8c407826fcc4a730f5085d284
7
- data.tar.gz: 73a7d4485773cfb82e8b8a09a5eacd1c985c4d36fc359d86d5a6773f1ebba0be4c01af2927dc398bbec3f0177e44a440daa21ea69b1594434005c73f94e5db82
6
+ metadata.gz: f754ff1ee23e8d46b97af3d2141f3d024efe4f5aa0a1ff3ddc03be6bb9b0d42265ee3b475700c02246211e3bb71951b78b1f623fab85d517b1da1affbea2addf
7
+ data.tar.gz: 7fa6f07e3845f660ba07b525f036f2e9bc8081f534e43e3a07c375c2c86fb04424394d7f72453a65a24c40af33bcd3fb98eb4cca147a4f51ed434d899936ae5a
checksums.yaml.gz.sig CHANGED
Binary file
data.tar.gz.sig CHANGED
@@ -1,3 +1,3 @@
1
- E/��W��D[��4�����z�:�Q�0��Sü]��&��=Vy�\��:��a����⌈1|�s�p�߆\
2
- *��
3
- ��[Pe~YeAd~� ���
1
+ �'D5��x&����R;A&�:'Jc�#N~�`������p
2
+ �������)ܢY�D%|2�;�1��0�>�,�yK_�a�d^+���u12�H[IC����>AX�~)�c���s�l�Vo#�����)�h���n�Y;V0���b���^�&Ȗ�ÓoܿA��sK��Vp�����@joVmc�~2a�|�SK6¿(}���������m��H��bvk݈ߗ�6�C����c )�R�W�776(��
3
+ }��Vs��
data/Changelog.md CHANGED
@@ -7,6 +7,12 @@ frameworks.
7
7
 
8
8
  _latest update: Tue Sep 27 23:32:32 CEST 2016_
9
9
 
10
+ ## Version 1.6.5 - codename: Tow Mater (2016-09-30)
11
+
12
+ * Issue #212 - CVE-2014-2538 is marked as being vulnerable to rack-ssl 1.3.4.
13
+ The check was triggered for rack-ssl version < 1.4.0. However 1.3.4 is marked
14
+ as safe, so the check has to be changed as well.
15
+
10
16
  ## Version 1.6.4 - codename: Tow Mater (2016-09-27)
11
17
 
12
18
  * Issue #199 - CVE-2015-4020 seems to give the wrong Solution
data/README.md CHANGED
@@ -24,7 +24,7 @@ box:
24
24
 
25
25
  ---
26
26
 
27
- dawnscanner version 1.6.2 has 229 security checks loaded in its knowledge
27
+ dawnscanner version 1.6.4 has 229 security checks loaded in its knowledge
28
28
  base. Most of them are CVE bulletins applying to gems or the ruby interpreter
29
29
  itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.
30
30
 
data/VERSION CHANGED
@@ -12,4 +12,4 @@
12
12
  # | "Guido" | x.x.0 |
13
13
  # | "Luigi" | x.x.0 |
14
14
  # | "Doc Hudson" | x.x.0 |
15
- 1.6.4 - Tow Mater
15
+ 1.6.5 - Tow Mater
data/checksum/dawnscanner-1.6.4.gem.sha1 ADDED
@@ -0,0 +1 @@
1
+ 48c66fae96ae125e6f9aa386b68a346c65fb1a0c
data/code_of_conduct.md CHANGED
@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
55
55
  ## Enforcement
56
56
 
57
57
  Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
- reported by contacting the project team at [INSERT EMAIL ADDRESS]. All
58
+ reported by contacting the project team at paolo@dawnscanner.org. All
59
59
  complaints will be reviewed and investigated and will result in a response that
60
60
  is deemed necessary and appropriate to the circumstances. The project team is
61
61
  obligated to maintain confidentiality with regard to the reporter of an incident.
data/lib/dawn/kb/cve_2014_2538.rb CHANGED
@@ -15,11 +15,11 @@
15
15
  :applies=>["rails"],
16
16
  :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
17
17
  :message=>message,
18
- :mitigation=>"A new version for rack-ssl version it has been released. Pleas upgrade at least to version 1.4.0 or higher.",
18
+ :mitigation=>"A new version for rack-ssl version it has been released. Pleas upgrade at least to version 1.3.4 or higher.",
19
19
  :aux_links=>["http://seclists.org/oss-sec/2014/q1/594"]
20
20
  })
21
21
 
22
- self.safe_dependencies = [{:name=>"rack-ssl", :version=>['1.4.0']}]
22
+ self.safe_dependencies = [{:name=>"rack-ssl", :version=>['1.3.4']}]
23
23
  end
24
24
  end
25
25
  end
data/lib/dawn/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module Dawn
2
- VERSION = "1.6.4"
2
+ VERSION = "1.6.5"
3
3
  CODENAME = "Tow Mater"
4
- RELEASE = "20160927"
5
- BUILD = "9"
6
- COMMIT = "gbd3c8ff"
4
+ RELEASE = "20160930"
5
+ BUILD = "5"
6
+ COMMIT = "g0d1f45a"
7
7
  end
data/spec/lib/kb/cve_2014_2538_spec.rb CHANGED
@@ -4,12 +4,12 @@ describe "The CVE-2014-2538 vulnerability" do
4
4
  @check = Dawn::Kb::CVE_2014_2538.new
5
5
  # @check.debug = true
6
6
  end
7
- it "is reported when rack-ssl vulnerable version it has been found (1.3.9)" do
8
- @check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.9'}]
7
+ it "is reported when rack-ssl vulnerable version it has been found (1.3.2)" do
8
+ @check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.2'}]
9
9
  expect(@check.vuln?).to eq(true)
10
10
  end
11
- it "is reported when rack-ssl not vulnerable version it has been found (1.4.0)" do
12
- @check.dependencies = [{:name=>'rack-ssl', :version=>'1.4.0'}]
11
+ it "is reported when rack-ssl not vulnerable version it has been found (1.3.4)" do
12
+ @check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.4'}]
13
13
  expect(@check.vuln?).to eq(false)
14
14
  end
15
15
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dawnscanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.4
4
+ version: 1.6.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paolo Perego
@@ -30,7 +30,7 @@ cert_chain:
30
30
  jm6Bw8fGx65GCWIdgMhH/P0icixcnyrnotnnOrEcmPudIlgEN9qaUYcguOfFBhTH
31
31
  1sGpM7KzrYHU8qJJPrdaX0ezIDL4cN/kA/DxYTfUiMw=
32
32
  -----END CERTIFICATE-----
33
- date: 2016-09-27 00:00:00.000000000 Z
33
+ date: 2016-09-30 00:00:00.000000000 Z
34
34
  dependencies:
35
35
  - !ruby/object:Gem::Dependency
36
36
  name: cvss
@@ -319,6 +319,7 @@ files:
319
319
  - checksum/dawnscanner-1.6.1.gem.sha1
320
320
  - checksum/dawnscanner-1.6.2.gem.sha1
321
321
  - checksum/dawnscanner-1.6.3.gem.sha1
322
+ - checksum/dawnscanner-1.6.4.gem.sha1
322
323
  - code_of_conduct.md
323
324
  - dawnscanner.gemspec
324
325
  - doc/dawn_1_0_announcement.md
@@ -723,7 +724,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
723
724
  version: '0'
724
725
  requirements: []
725
726
  rubyforge_project:
726
- rubygems_version: 2.4.8
727
+ rubygems_version: 2.5.1
727
728
  signing_key:
728
729
  specification_version: 4
729
730
  summary: Dawnscanner is a security source code scanner for ruby powered code. It is
metadata.gz.sig CHANGED
Binary file