dawnscanner 1.6.4 → 1.6.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +3 -3
- data/Changelog.md +6 -0
- data/README.md +1 -1
- data/VERSION +1 -1
- data/checksum/dawnscanner-1.6.4.gem.sha1 +1 -0
- data/code_of_conduct.md +1 -1
- data/lib/dawn/kb/cve_2014_2538.rb +2 -2
- data/lib/dawn/version.rb +4 -4
- data/spec/lib/kb/cve_2014_2538_spec.rb +4 -4
- metadata +4 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0ce6cb500c1349a538cfc5f24e7f890d53e36acf
|
4
|
+
data.tar.gz: 2ac0fc78293cfdf85aaa143d72c9204148c6313f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f754ff1ee23e8d46b97af3d2141f3d024efe4f5aa0a1ff3ddc03be6bb9b0d42265ee3b475700c02246211e3bb71951b78b1f623fab85d517b1da1affbea2addf
|
7
|
+
data.tar.gz: 7fa6f07e3845f660ba07b525f036f2e9bc8081f534e43e3a07c375c2c86fb04424394d7f72453a65a24c40af33bcd3fb98eb4cca147a4f51ed434d899936ae5a
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
@@ -1,3 +1,3 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
�'D5��x&����R;A&�:'Jc�#N~�`������p�
|
2
|
+
�������)ܢY�D%|2�;�1��0�>�,�yK_�a�d^+���u12�H[IC����>AX�~)�c���s�l�Vo#�����)�h���n�Y;V0���b���^�&Ȗ�ÓoܿA��sK��Vp�����@joVmc�~2a�|�SK6¿(}���������m��H��bvk݈ߗ�6�C����c)�R�W�776(��
|
3
|
+
}��V�s��
|
data/Changelog.md
CHANGED
@@ -7,6 +7,12 @@ frameworks.
|
|
7
7
|
|
8
8
|
_latest update: Tue Sep 27 23:32:32 CEST 2016_
|
9
9
|
|
10
|
+
## Version 1.6.5 - codename: Tow Mater (2016-09-30)
|
11
|
+
|
12
|
+
* Issue #212 - CVE-2014-2538 is marked as being vulnerable to rack-ssl 1.3.4.
|
13
|
+
The check was triggered for rack-ssl version < 1.4.0. However 1.3.4 is marked
|
14
|
+
as safe, so the check has to be changed as well.
|
15
|
+
|
10
16
|
## Version 1.6.4 - codename: Tow Mater (2016-09-27)
|
11
17
|
|
12
18
|
* Issue #199 - CVE-2015-4020 seems to give the wrong Solution
|
data/README.md
CHANGED
@@ -24,7 +24,7 @@ box:
|
|
24
24
|
|
25
25
|
---
|
26
26
|
|
27
|
-
dawnscanner version 1.6.
|
27
|
+
dawnscanner version 1.6.4 has 229 security checks loaded in its knowledge
|
28
28
|
base. Most of them are CVE bulletins applying to gems or the ruby interpreter
|
29
29
|
itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.
|
30
30
|
|
data/VERSION
CHANGED
@@ -0,0 +1 @@
|
|
1
|
+
48c66fae96ae125e6f9aa386b68a346c65fb1a0c
|
data/code_of_conduct.md
CHANGED
@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
|
|
55
55
|
## Enforcement
|
56
56
|
|
57
57
|
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
58
|
-
reported by contacting the project team at
|
58
|
+
reported by contacting the project team at paolo@dawnscanner.org. All
|
59
59
|
complaints will be reviewed and investigated and will result in a response that
|
60
60
|
is deemed necessary and appropriate to the circumstances. The project team is
|
61
61
|
obligated to maintain confidentiality with regard to the reporter of an incident.
|
@@ -15,11 +15,11 @@
|
|
15
15
|
:applies=>["rails"],
|
16
16
|
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
17
17
|
:message=>message,
|
18
|
-
:mitigation=>"A new version for rack-ssl version it has been released. Pleas upgrade at least to version 1.4
|
18
|
+
:mitigation=>"A new version for rack-ssl version it has been released. Pleas upgrade at least to version 1.3.4 or higher.",
|
19
19
|
:aux_links=>["http://seclists.org/oss-sec/2014/q1/594"]
|
20
20
|
})
|
21
21
|
|
22
|
-
self.safe_dependencies = [{:name=>"rack-ssl", :version=>['1.4
|
22
|
+
self.safe_dependencies = [{:name=>"rack-ssl", :version=>['1.3.4']}]
|
23
23
|
end
|
24
24
|
end
|
25
25
|
end
|
data/lib/dawn/version.rb
CHANGED
@@ -4,12 +4,12 @@ describe "The CVE-2014-2538 vulnerability" do
|
|
4
4
|
@check = Dawn::Kb::CVE_2014_2538.new
|
5
5
|
# @check.debug = true
|
6
6
|
end
|
7
|
-
it "is reported when rack-ssl vulnerable version it has been found (1.3.
|
8
|
-
@check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.
|
7
|
+
it "is reported when rack-ssl vulnerable version it has been found (1.3.2)" do
|
8
|
+
@check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.2'}]
|
9
9
|
expect(@check.vuln?).to eq(true)
|
10
10
|
end
|
11
|
-
it "is reported when rack-ssl not vulnerable version it has been found (1.4
|
12
|
-
@check.dependencies = [{:name=>'rack-ssl', :version=>'1.4
|
11
|
+
it "is reported when rack-ssl not vulnerable version it has been found (1.3.4)" do
|
12
|
+
@check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.4'}]
|
13
13
|
expect(@check.vuln?).to eq(false)
|
14
14
|
end
|
15
15
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dawnscanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.6.
|
4
|
+
version: 1.6.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paolo Perego
|
@@ -30,7 +30,7 @@ cert_chain:
|
|
30
30
|
jm6Bw8fGx65GCWIdgMhH/P0icixcnyrnotnnOrEcmPudIlgEN9qaUYcguOfFBhTH
|
31
31
|
1sGpM7KzrYHU8qJJPrdaX0ezIDL4cN/kA/DxYTfUiMw=
|
32
32
|
-----END CERTIFICATE-----
|
33
|
-
date: 2016-09-
|
33
|
+
date: 2016-09-30 00:00:00.000000000 Z
|
34
34
|
dependencies:
|
35
35
|
- !ruby/object:Gem::Dependency
|
36
36
|
name: cvss
|
@@ -319,6 +319,7 @@ files:
|
|
319
319
|
- checksum/dawnscanner-1.6.1.gem.sha1
|
320
320
|
- checksum/dawnscanner-1.6.2.gem.sha1
|
321
321
|
- checksum/dawnscanner-1.6.3.gem.sha1
|
322
|
+
- checksum/dawnscanner-1.6.4.gem.sha1
|
322
323
|
- code_of_conduct.md
|
323
324
|
- dawnscanner.gemspec
|
324
325
|
- doc/dawn_1_0_announcement.md
|
@@ -723,7 +724,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
723
724
|
version: '0'
|
724
725
|
requirements: []
|
725
726
|
rubyforge_project:
|
726
|
-
rubygems_version: 2.
|
727
|
+
rubygems_version: 2.5.1
|
727
728
|
signing_key:
|
728
729
|
specification_version: 4
|
729
730
|
summary: Dawnscanner is a security source code scanner for ruby powered code. It is
|
metadata.gz.sig
CHANGED
Binary file
|