RubyGems - dawnscanner - Versions diffs - 1.6.8 → 2.0.0.rc4 - Mend

dawnscanner 1.6.8 → 2.0.0.rc4

Files changed (387) hide show

checksums.yaml +5 -5
data/.gitignore +1 -0
data/.ruby-version +1 -1
data/Changelog.md +27 -1
data/LICENSE.txt +1 -1
data/README.md +59 -57
data/Rakefile +10 -242
data/Roadmap.md +15 -23
data/VERSION +1 -1
data/bin/dawn +17 -273
data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
data/dawnscanner.gemspec +10 -9
data/doc/change.sh +13 -0
data/doc/kickstart_kb.tar.gz +0 -0
data/doc/knowledge_base.rb +650 -0
data/docs/.placeholder +0 -0
data/docs/CNAME +1 -0
data/docs/_config.yml +1 -0
data/lib/dawn/cli/dawn_cli.rb +139 -0
data/lib/dawn/core.rb +8 -7
data/lib/dawn/engine.rb +93 -34
data/lib/dawn/gemfile_lock.rb +2 -2
data/lib/dawn/kb/basic_check.rb +1 -2
data/lib/dawn/kb/combo_check.rb +1 -1
data/lib/dawn/kb/dependency_check.rb +1 -1
data/lib/dawn/kb/operating_system_check.rb +1 -1
data/lib/dawn/kb/pattern_match_check.rb +10 -9
data/lib/dawn/kb/ruby_version_check.rb +11 -10
data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
data/lib/dawn/kb/version_check.rb +41 -24
data/lib/dawn/knowledge_base.rb +259 -595
data/lib/dawn/reporter.rb +2 -1
data/lib/dawn/utils.rb +5 -2
data/lib/dawn/version.rb +5 -5
data/lib/dawnscanner.rb +7 -6
data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
data/spec/lib/kb/dependency_check.yml +29 -0
metadata +30 -496
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
data/lib/dawn/kb/cve_2004_0755.rb +0 -33
data/lib/dawn/kb/cve_2004_0983.rb +0 -31
data/lib/dawn/kb/cve_2005_1992.rb +0 -31
data/lib/dawn/kb/cve_2005_2337.rb +0 -33
data/lib/dawn/kb/cve_2006_1931.rb +0 -30
data/lib/dawn/kb/cve_2006_2582.rb +0 -28
data/lib/dawn/kb/cve_2006_3694.rb +0 -31
data/lib/dawn/kb/cve_2006_4112.rb +0 -27
data/lib/dawn/kb/cve_2006_5467.rb +0 -28
data/lib/dawn/kb/cve_2006_6303.rb +0 -28
data/lib/dawn/kb/cve_2006_6852.rb +0 -27
data/lib/dawn/kb/cve_2006_6979.rb +0 -29
data/lib/dawn/kb/cve_2007_0469.rb +0 -29
data/lib/dawn/kb/cve_2007_5162.rb +0 -28
data/lib/dawn/kb/cve_2007_5379.rb +0 -27
data/lib/dawn/kb/cve_2007_5380.rb +0 -29
data/lib/dawn/kb/cve_2007_5770.rb +0 -30
data/lib/dawn/kb/cve_2007_6077.rb +0 -31
data/lib/dawn/kb/cve_2007_6612.rb +0 -30
data/lib/dawn/kb/cve_2008_1145.rb +0 -38
data/lib/dawn/kb/cve_2008_1891.rb +0 -38
data/lib/dawn/kb/cve_2008_2376.rb +0 -30
data/lib/dawn/kb/cve_2008_2662.rb +0 -33
data/lib/dawn/kb/cve_2008_2663.rb +0 -32
data/lib/dawn/kb/cve_2008_2664.rb +0 -33
data/lib/dawn/kb/cve_2008_2725.rb +0 -31
data/lib/dawn/kb/cve_2008_3655.rb +0 -37
data/lib/dawn/kb/cve_2008_3657.rb +0 -37
data/lib/dawn/kb/cve_2008_3790.rb +0 -30
data/lib/dawn/kb/cve_2008_3905.rb +0 -36
data/lib/dawn/kb/cve_2008_4094.rb +0 -27
data/lib/dawn/kb/cve_2008_4310.rb +0 -100
data/lib/dawn/kb/cve_2008_5189.rb +0 -27
data/lib/dawn/kb/cve_2008_7248.rb +0 -27
data/lib/dawn/kb/cve_2009_4078.rb +0 -29
data/lib/dawn/kb/cve_2009_4124.rb +0 -30
data/lib/dawn/kb/cve_2009_4214.rb +0 -27
data/lib/dawn/kb/cve_2010_1330.rb +0 -28
data/lib/dawn/kb/cve_2010_2489.rb +0 -60
data/lib/dawn/kb/cve_2010_3933.rb +0 -27
data/lib/dawn/kb/cve_2011_0188.rb +0 -67
data/lib/dawn/kb/cve_2011_0446.rb +0 -28
data/lib/dawn/kb/cve_2011_0447.rb +0 -28
data/lib/dawn/kb/cve_2011_0739.rb +0 -28
data/lib/dawn/kb/cve_2011_0995.rb +0 -61
data/lib/dawn/kb/cve_2011_1004.rb +0 -34
data/lib/dawn/kb/cve_2011_1005.rb +0 -31
data/lib/dawn/kb/cve_2011_2197.rb +0 -27
data/lib/dawn/kb/cve_2011_2686.rb +0 -29
data/lib/dawn/kb/cve_2011_2705.rb +0 -32
data/lib/dawn/kb/cve_2011_2929.rb +0 -27
data/lib/dawn/kb/cve_2011_2930.rb +0 -28
data/lib/dawn/kb/cve_2011_2931.rb +0 -30
data/lib/dawn/kb/cve_2011_2932.rb +0 -27
data/lib/dawn/kb/cve_2011_3009.rb +0 -28
data/lib/dawn/kb/cve_2011_3186.rb +0 -29
data/lib/dawn/kb/cve_2011_3187.rb +0 -29
data/lib/dawn/kb/cve_2011_4319.rb +0 -30
data/lib/dawn/kb/cve_2011_4815.rb +0 -28
data/lib/dawn/kb/cve_2011_5036.rb +0 -26
data/lib/dawn/kb/cve_2012_1098.rb +0 -30
data/lib/dawn/kb/cve_2012_1099.rb +0 -27
data/lib/dawn/kb/cve_2012_1241.rb +0 -27
data/lib/dawn/kb/cve_2012_2139.rb +0 -26
data/lib/dawn/kb/cve_2012_2140.rb +0 -27
data/lib/dawn/kb/cve_2012_2660.rb +0 -28
data/lib/dawn/kb/cve_2012_2661.rb +0 -27
data/lib/dawn/kb/cve_2012_2671.rb +0 -28
data/lib/dawn/kb/cve_2012_2694.rb +0 -30
data/lib/dawn/kb/cve_2012_2695.rb +0 -27
data/lib/dawn/kb/cve_2012_3424.rb +0 -29
data/lib/dawn/kb/cve_2012_3463.rb +0 -27
data/lib/dawn/kb/cve_2012_3464.rb +0 -27
data/lib/dawn/kb/cve_2012_3465.rb +0 -26
data/lib/dawn/kb/cve_2012_4464.rb +0 -27
data/lib/dawn/kb/cve_2012_4466.rb +0 -27
data/lib/dawn/kb/cve_2012_4481.rb +0 -26
data/lib/dawn/kb/cve_2012_4522.rb +0 -27
data/lib/dawn/kb/cve_2012_5370.rb +0 -27
data/lib/dawn/kb/cve_2012_5371.rb +0 -27
data/lib/dawn/kb/cve_2012_5380.rb +0 -28
data/lib/dawn/kb/cve_2012_6109.rb +0 -25
data/lib/dawn/kb/cve_2012_6134.rb +0 -27
data/lib/dawn/kb/cve_2012_6496.rb +0 -28
data/lib/dawn/kb/cve_2012_6497.rb +0 -28
data/lib/dawn/kb/cve_2012_6684.rb +0 -28
data/lib/dawn/kb/cve_2013_0155.rb +0 -29
data/lib/dawn/kb/cve_2013_0156.rb +0 -27
data/lib/dawn/kb/cve_2013_0162.rb +0 -28
data/lib/dawn/kb/cve_2013_0175.rb +0 -27
data/lib/dawn/kb/cve_2013_0183.rb +0 -25
data/lib/dawn/kb/cve_2013_0184.rb +0 -25
data/lib/dawn/kb/cve_2013_0233.rb +0 -26
data/lib/dawn/kb/cve_2013_0256.rb +0 -59
data/lib/dawn/kb/cve_2013_0262.rb +0 -26
data/lib/dawn/kb/cve_2013_0263.rb +0 -26
data/lib/dawn/kb/cve_2013_0269.rb +0 -27
data/lib/dawn/kb/cve_2013_0276.rb +0 -28
data/lib/dawn/kb/cve_2013_0277.rb +0 -25
data/lib/dawn/kb/cve_2013_0284.rb +0 -27
data/lib/dawn/kb/cve_2013_0285.rb +0 -27
data/lib/dawn/kb/cve_2013_0333.rb +0 -28
data/lib/dawn/kb/cve_2013_0334.rb +0 -25
data/lib/dawn/kb/cve_2013_1607.rb +0 -25
data/lib/dawn/kb/cve_2013_1655.rb +0 -65
data/lib/dawn/kb/cve_2013_1656.rb +0 -28
data/lib/dawn/kb/cve_2013_1756.rb +0 -26
data/lib/dawn/kb/cve_2013_1800.rb +0 -26
data/lib/dawn/kb/cve_2013_1801.rb +0 -27
data/lib/dawn/kb/cve_2013_1802.rb +0 -27
data/lib/dawn/kb/cve_2013_1812.rb +0 -27
data/lib/dawn/kb/cve_2013_1821.rb +0 -28
data/lib/dawn/kb/cve_2013_1854.rb +0 -26
data/lib/dawn/kb/cve_2013_1855.rb +0 -25
data/lib/dawn/kb/cve_2013_1856.rb +0 -26
data/lib/dawn/kb/cve_2013_1857.rb +0 -27
data/lib/dawn/kb/cve_2013_1875.rb +0 -27
data/lib/dawn/kb/cve_2013_1898.rb +0 -27
data/lib/dawn/kb/cve_2013_1911.rb +0 -28
data/lib/dawn/kb/cve_2013_1933.rb +0 -27
data/lib/dawn/kb/cve_2013_1947.rb +0 -27
data/lib/dawn/kb/cve_2013_1948.rb +0 -27
data/lib/dawn/kb/cve_2013_2065.rb +0 -29
data/lib/dawn/kb/cve_2013_2090.rb +0 -28
data/lib/dawn/kb/cve_2013_2105.rb +0 -26
data/lib/dawn/kb/cve_2013_2119.rb +0 -27
data/lib/dawn/kb/cve_2013_2512.rb +0 -26
data/lib/dawn/kb/cve_2013_2513.rb +0 -25
data/lib/dawn/kb/cve_2013_2516.rb +0 -26
data/lib/dawn/kb/cve_2013_2615.rb +0 -27
data/lib/dawn/kb/cve_2013_2616.rb +0 -27
data/lib/dawn/kb/cve_2013_2617.rb +0 -28
data/lib/dawn/kb/cve_2013_3221.rb +0 -27
data/lib/dawn/kb/cve_2013_4164.rb +0 -30
data/lib/dawn/kb/cve_2013_4203.rb +0 -25
data/lib/dawn/kb/cve_2013_4389.rb +0 -26
data/lib/dawn/kb/cve_2013_4413.rb +0 -27
data/lib/dawn/kb/cve_2013_4457.rb +0 -29
data/lib/dawn/kb/cve_2013_4478.rb +0 -26
data/lib/dawn/kb/cve_2013_4479.rb +0 -26
data/lib/dawn/kb/cve_2013_4489.rb +0 -28
data/lib/dawn/kb/cve_2013_4491.rb +0 -29
data/lib/dawn/kb/cve_2013_4492.rb +0 -29
data/lib/dawn/kb/cve_2013_4562.rb +0 -27
data/lib/dawn/kb/cve_2013_4593.rb +0 -27
data/lib/dawn/kb/cve_2013_5647.rb +0 -29
data/lib/dawn/kb/cve_2013_5671.rb +0 -26
data/lib/dawn/kb/cve_2013_6414.rb +0 -30
data/lib/dawn/kb/cve_2013_6415.rb +0 -29
data/lib/dawn/kb/cve_2013_6416.rb +0 -29
data/lib/dawn/kb/cve_2013_6417.rb +0 -30
data/lib/dawn/kb/cve_2013_6421.rb +0 -28
data/lib/dawn/kb/cve_2013_6459.rb +0 -28
data/lib/dawn/kb/cve_2013_6460.rb +0 -53
data/lib/dawn/kb/cve_2013_6461.rb +0 -57
data/lib/dawn/kb/cve_2013_7086.rb +0 -27
data/lib/dawn/kb/cve_2014_0036.rb +0 -27
data/lib/dawn/kb/cve_2014_0080.rb +0 -29
data/lib/dawn/kb/cve_2014_0081.rb +0 -27
data/lib/dawn/kb/cve_2014_0082.rb +0 -27
data/lib/dawn/kb/cve_2014_0130.rb +0 -27
data/lib/dawn/kb/cve_2014_1233.rb +0 -27
data/lib/dawn/kb/cve_2014_1234.rb +0 -26
data/lib/dawn/kb/cve_2014_2322.rb +0 -28
data/lib/dawn/kb/cve_2014_2525.rb +0 -59
data/lib/dawn/kb/cve_2014_2538.rb +0 -26
data/lib/dawn/kb/cve_2014_3482.rb +0 -28
data/lib/dawn/kb/cve_2014_3483.rb +0 -28
data/lib/dawn/kb/cve_2014_3916.rb +0 -29
data/lib/dawn/kb/cve_2014_4975.rb +0 -28
data/lib/dawn/kb/cve_2014_7818.rb +0 -27
data/lib/dawn/kb/cve_2014_7819.rb +0 -31
data/lib/dawn/kb/cve_2014_7829.rb +0 -30
data/lib/dawn/kb/cve_2014_8090.rb +0 -30
data/lib/dawn/kb/cve_2014_9490.rb +0 -29
data/lib/dawn/kb/cve_2015_1819.rb +0 -34
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
data/lib/dawn/kb/cve_2015_2963.rb +0 -27
data/lib/dawn/kb/cve_2015_3224.rb +0 -26
data/lib/dawn/kb/cve_2015_3225.rb +0 -28
data/lib/dawn/kb/cve_2015_3226.rb +0 -27
data/lib/dawn/kb/cve_2015_3227.rb +0 -28
data/lib/dawn/kb/cve_2015_3448.rb +0 -29
data/lib/dawn/kb/cve_2015_4020.rb +0 -34
data/lib/dawn/kb/cve_2015_5312.rb +0 -30
data/lib/dawn/kb/cve_2015_7497.rb +0 -32
data/lib/dawn/kb/cve_2015_7498.rb +0 -32
data/lib/dawn/kb/cve_2015_7499.rb +0 -32
data/lib/dawn/kb/cve_2015_7500.rb +0 -32
data/lib/dawn/kb/cve_2015_7519.rb +0 -31
data/lib/dawn/kb/cve_2015_7541.rb +0 -31
data/lib/dawn/kb/cve_2015_7576.rb +0 -35
data/lib/dawn/kb/cve_2015_7577.rb +0 -34
data/lib/dawn/kb/cve_2015_7578.rb +0 -30
data/lib/dawn/kb/cve_2015_7579.rb +0 -30
data/lib/dawn/kb/cve_2015_7581.rb +0 -33
data/lib/dawn/kb/cve_2015_8241.rb +0 -32
data/lib/dawn/kb/cve_2015_8242.rb +0 -32
data/lib/dawn/kb/cve_2015_8317.rb +0 -32
data/lib/dawn/kb/cve_2016_0751.rb +0 -32
data/lib/dawn/kb/cve_2016_0752.rb +0 -35
data/lib/dawn/kb/cve_2016_0753.rb +0 -31
data/lib/dawn/kb/cve_2016_2097.rb +0 -35
data/lib/dawn/kb/cve_2016_2098.rb +0 -35
data/lib/dawn/kb/cve_2016_5697.rb +0 -30
data/lib/dawn/kb/cve_2016_6316.rb +0 -33
data/lib/dawn/kb/cve_2016_6317.rb +0 -32
data/lib/dawn/kb/cve_2016_6582.rb +0 -43
data/lib/dawn/kb/not_revised_code.rb +0 -22
data/lib/dawn/kb/osvdb_105971.rb +0 -29
data/lib/dawn/kb/osvdb_108530.rb +0 -27
data/lib/dawn/kb/osvdb_108563.rb +0 -28
data/lib/dawn/kb/osvdb_108569.rb +0 -28
data/lib/dawn/kb/osvdb_108570.rb +0 -27
data/lib/dawn/kb/osvdb_115654.rb +0 -33
data/lib/dawn/kb/osvdb_116010.rb +0 -30
data/lib/dawn/kb/osvdb_117903.rb +0 -30
data/lib/dawn/kb/osvdb_118579.rb +0 -31
data/lib/dawn/kb/osvdb_118830.rb +0 -32
data/lib/dawn/kb/osvdb_118954.rb +0 -33
data/lib/dawn/kb/osvdb_119878.rb +0 -32
data/lib/dawn/kb/osvdb_119927.rb +0 -33
data/lib/dawn/kb/osvdb_120415.rb +0 -31
data/lib/dawn/kb/osvdb_120857.rb +0 -34
data/lib/dawn/kb/osvdb_121701.rb +0 -30
data/lib/dawn/kb/osvdb_132234.rb +0 -34
data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
data/lib/dawn/knowledge_base_experimental.rb +0 -245
data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
metadata.gz.sig +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: be00270c083b8265e402c4db5af3a5ea77097978
-  data.tar.gz: 1abf4048b91c6a0f8a4c3116880c4c11dbe58a60
+SHA256:
+  metadata.gz: b9ae4a53a59b132a6ce6c85407f0d4fddd88eda75958474a1aee0ce2369b4cf4
+  data.tar.gz: '01479eaa5129162d83ddcce897f74f250b5fe4b0cbe5e7c5e3bb2444b9cffce8'
 SHA512:
-  metadata.gz: 733ab01256a79072b93276bf4cd7b737effa5c46cbe0263c7a512dd1d2c52d0059d5d235cbc841aeac0c230b5df10eaf9cd3ab90cfa2d6f37861d7fcd759574e
-  data.tar.gz: 26e104ea9e588b0e3251e10897daa63cb8a92a165a7f558ff19498b48f931f2956f3e21147dcfc0307743f3c56bec191a47f4fd79c7daf22ba7459b953ccbd7f
+  metadata.gz: b2ddc397e425922f848612c1244b8e0ace964a766673b9a6f70317e441c00dd35c2687de1040fcfa0ef5203c5f7304d274e4a9091637670a8b5c3ccefec33804
+  data.tar.gz: '0345397057005fcd021910298c1befb282eddfcad7e13f876e5d36a8715579d71990dd18bcb9cd3ca3f8387fe99e962ad8e97224d5060dad1f711f49a82e62d2'

data/.gitignore CHANGED Viewed

@@ -19,3 +19,4 @@ test/tmp
 test/version_tmp
 tmp
 db/*
+tags

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 2.3.1
1	+ 3

data/Changelog.md CHANGED Viewed

@@ -5,7 +5,33 @@ It supports [Sinatra](http://www.sinatrarb.com),
 [Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
 frameworks.
-_latest update: Tue Nov  1 22:47:56 CET 2016_
+_latest update: mer 28 nov 2018, 11.03.53, CET_
+## Version 2.0.0 - codename: Finn McMissile (2019-xx-xx)
+* New knowledge base, YAML based and distributed separately from the ruby gem.
+* New CLI based on Thor library. Please read README.md file to know how to
+  invoke dawn the right way or use the 'dawn help' command
+* Added a new debug\_verbosely API for engines and checks
+* Removed rake osvdb[name] and rake cve[name] tasks
+* Adding telemetry
+* Dawn::Utils include refactory. Now it's available application wide
+* debug information refactory.
+* engine class, apply_all method now accepts an optional parameter containing a
+  list of security checks to be excluded (issue #230).
+* Fix issue #244. Now the KB path is no more hardcoded but it is relative to
+  $HOME and 'dawnscanner' folder where results are stored.
+* Fix issue #245. Pattern matching check is skipped on empty files.
+## Version 1.6.9 - codename: Tow Mater (2018-11-28)
+* Removed signing certificate. This will solve issue #233 and #229
+* Removed datamapper support. I will change to active\_record sooner or later.
+  This will solve issue #232 and issue #218
+## Version 1.6.8 - codename: Tow Mater (2017-04-07)
+* Update signing certficate
 ## Version 1.6.7 - codename: Tow Mater (2016-11-24)

data/LICENSE.txt CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright (c) 2013-2015 Paolo Perego
+Copyright (c) 2013-2021 Paolo Perego
 MIT License

data/README.md CHANGED Viewed

@@ -1,22 +1,40 @@
 # Dawnscanner - The raising security scanner for ruby web applications
-dawnscanner is a source code scanner designed to review your ruby code for security
-issues.
+dawnscanner is a source code scanner designed to review your web applications for
+security issues.
-dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but
-all its features are unleashed when dealing with web applications source code.
-dawnscanner is able to scan major MVC (Model View Controller) frameworks, out of the
-box:
+dawnscanner is able to scan web applications written in Ruby and it supports all
+major MVC (Model View Controller) frameworks, out of the box:
 * [Ruby on Rails](http://rubyonrails.org)
 * [Sinatra](http://www.sinatrarb.com)
 * [Padrino](http://www.padrinorb.com)
+## Quick update from April, 2019
+We just released version 2.0.0 release candidate 1 with a YAML powered revamped
+knowledge base. Please note that dawnscanner will include a telemetry facility
+sending a POST  on https://dawnscanner.org/telemetry with an application id and
+some information about version and knowledge base.
+We won't now and ever collect your source code on our side.
+## Quick update from November, 2018
+As you can see dawnscanner is on hold since more then an year. Sorry for that.
+It's life. I was overwhelmed by tons of stuff and I dedicated free time to
+Offensive Security certifications. True to be told, I'm starting OSCE journey
+really soon.
+The dawnscanner project will be updated soon with new security checks and
+kickstarted again.
+Paolo
 ---
 [![Gem Version](https://badge.fury.io/rb/dawnscanner.png)](http://badge.fury.io/rb/dawnscanner)
 [![Build Status](https://travis-ci.org/thesp0nge/dawnscanner.png?branch=master)](https://travis-ci.org/thesp0nge/dawnscanner)
-[![Dependency Status](https://gemnasium.com/thesp0nge/dawnscanner.png)](https://gemnasium.com/thesp0nge/dawnscanner)
 [![Coverage Status](https://coveralls.io/repos/thesp0nge/dawnscanner/badge.png)](https://coveralls.io/r/thesp0nge/dawnscanner)
 [![Code Triagers Badge](https://www.codetriage.com/thesp0nge/dawnscanner/badges/users.svg)](https://www.codetriage.com/thesp0nge/dawnscanner)
 [![Inline docs](http://inch-ci.org/github/thesp0nge/dawnscanner.png?branch=master)](http://inch-ci.org/github/thesp0nge/dawnscanner)
@@ -50,30 +68,11 @@ application.
 ## Installation
-dawnscanner rubygem is cryptographically signed. To be sure the gem you
-install hasn’t been tampered, you must first add ```paolo@dawnscanner.org```
-public signing certificate as trusted to your gem specific keyring.
-```
-$ gem cert --add <(curl -Ls https://raw.githubusercontent.com/thesp0nge/dawnscanner/master/certs/paolo_at_dawnscanner_dot_org.pem)
-```
 You can install latest dawnscanner version, fetching it from
 [Rubygems](https://rubygems.org) by typing:
 ```
-$ gem install dawnscanner -P MediumSecurity
-```
-The MediumSecurity trust profile will verify signed gems, but allow the
-installation of unsigned dependencies. This is necessary because not all of
-dawnscanner’s dependencies are signed, so we cannot use HighSecurity.
-In order to install a release candidate version, the gem install command line
-is the following:
-```
-$ gem install dawnscanner --pre -P MediumSecurity
+$ gem install dawnscanner
 ```
 If you want to add dawn to your project Gemfile, you must add the following:
@@ -123,44 +122,47 @@ $ dawn -h
 Usage: dawn [options] target_directory
 Examples:
-  $ dawn a_sinatra_webapp_directory
-  $ dawn -C the_rails_blog_engine
-  $ dawn -C --json a_sinatra_webapp_directory
-  $ dawn --ascii-tabular-report my_rails_blog_ecommerce
-  $ dawn --html -F my_report.html my_rails_blog_ecommerce
-   -r, --rails          force dawn to consider the target a rails application
-   -s, --sinatra        force dawn to consider the target a sinatra application
-   -p, --padrino        force dawn to consider the target a padrino application
-   -G, --gem-lock       force dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock
-   -a, --ascii-tabular-report   cause dawn to format findings using table in ascii art
-   -j, --json                   cause dawn to format findings using json
-   -C, --count-only             dawn will only count vulnerabilities (useful for scripts)
-   -z, --exit-on-warn           dawn will return number of found vulnerabilities as exit code
-   -F, --file filename          tells dawn to write output to filename
-   -c, --config-file filename   tells dawn to load configuration from filename
+	$ dawn a_sinatra_webapp_directory
+	$ dawn -C the_rails_blog_engine
+	$ dawn -C --json a_sinatra_webapp_directory
+	$ dawn --ascii-tabular-report my_rails_blog_ecommerce
+	$ dawn --html -F my_report.html my_rails_blog_ecommerce
+   -G, --gem-lock				force dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock (DEPRECATED)
+   -d, --dependencies				force dawn to scan only for vulnerabilities affecting dependencies in Gemfile.lock
+Reporting
+   -a, --ascii-tabular-report			cause dawn to format findings using tables in ascii art (DEPRECATED)
+   -j, --json					cause dawn to format findings using json
+   -K, --console					cause dawn to format findings using plain ascii text
+   -C, --count-only				dawn will only count vulnerabilities (useful for scripts)
+   -z, --exit-on-warn				dawn will return number of found vulnerabilities as exit code
+   -F, --file filename				tells dawn to write output to filename
+   -c, --config-file filename			tells dawn to load configuration from filename
 Disable security check family
-       --disable-cve-bulletins  disable all CVE security checks
-       --disable-code-quality   disable all code quality checks
-       --disable-code-style     disable all code style checks
-       --disable-owasp-ror-cheatsheet   disable all Owasp Ruby on Rails cheatsheet checks
-       --disable-owasp-top-10           disable all Owasp Top 10 checks
+       --disable-cve-bulletins			disable all CVE security checks
+       --disable-code-quality			disable all code quality checks
+       --disable-code-style			disable all code style checks
+       --disable-owasp-ror-cheatsheet		disable all Owasp Ruby on Rails cheatsheet checks
+       --disable-owasp-top-10			disable all Owasp Top 10 checks
-Flags useful to query dawnscanner
+Flags useful to query Dawn
-       -S, --search-knowledge-base [check_name]   search check_name in the knowledge base
-           --list-knowledge-base                  list knowledge-base content
-           --list-known-families                  list security check families contained in dawn's knowledge base
-           --list-known-framework                 list ruby MVC frameworks supported by dawn
+   -S, --search-knowledge-base [check_name]	search check_name in the knowledge base
+       --list-knowledge-base			list knowledge-base content
+       --list-known-families			list security check families contained in dawn's knowledge base
+       --list-known-framework			list ruby MVC frameworks supported by dawn
+       --list-scan-registry			list past scan informations stored in scan registry
 Service flags
-   -D, --debug                                  enters dawn debug mode
-   -V, --verbose                                the output will be more verbose
-   -v, --version                                show version information
-   -h, --help                                   show this help
+   -D, --debug					enters dawn debug mode
+   -V, --verbose				the output will be more verbose
+   -v, --version				show version information
+   -h, --help					show this help
 ```
 ### Rake task

data/Rakefile CHANGED Viewed

@@ -8,7 +8,6 @@ require 'cucumber/rake/task'
 require 'fileutils'
 require "dawn/utils"
 require "dawn/knowledge_base"
-require "dawn/knowledge_base_experimental"
 Cucumber::Rake::Task.new(:features) do |t|
   t.cucumber_opts = "features --format pretty -x"
@@ -45,7 +44,7 @@ namespace :version do
       f.puts("module Dawn")
       puts "#{branch_name}|"
-      if branch_name != "master"
+      if branch_name != "main"
         av = version.split('.')
         f.puts "    VERSION = \"#{av[0]}.#{av[1]}.#{commit_hash.chop}\""
         f.puts "    CODENAME = \"#{codename.lstrip!.chop}\""
@@ -63,214 +62,6 @@ namespace :version do
   end
 end
-# namespace :check do
-# desc "Create a dependency check"
-# task :dependency, :name do |t, args|
-# end
-# end
-desc "Create a new CVE test"
-task :cve, :name do |t,args|
-  name      = args.name
-  SRC_DIR   = "./lib/dawn/kb/"
-  SPEC_DIR  = "./spec/lib/kb/"
-  raise "### It seems that #{name} is already in Dawn knowledge base" unless Dawn::KnowledgeBase.find(nil, name).nil?
-  raise "### Invalid CVE title: #{name}" if name.nil? or name.empty? or /CVE-\d{4}-\d{4}/.match(name).nil?
-  raise "### No target directory: #{SRC_DIR}" unless Dir.exists?(SRC_DIR)
-  raise "### No rspec directory: #{SPEC_DIR}" unless Dir.exists?(SPEC_DIR)
-  puts "Adding #{name} to knowledge base..."
-  rb_filename = SRC_DIR+name.downcase.gsub("-", "_")+".rb"
-  spec_filename = SPEC_DIR+name.downcase.gsub("-", "_")+"_spec.rb"
-  class_name = name.gsub("-", "_")
-  open(rb_filename, "w") do |file|
-    file.puts "module Dawn"
-    file.puts "\t\tmodule Kb"
-    file.puts "\t\t\t# Automatically created with rake on #{Time.now.strftime('%Y-%m-%d')}"
-    file.puts "\t\t\tclass #{class_name}"
-    file.puts "\t\t\t\t# Include the testing skeleton for this CVE"
-    file.puts "\t\t\t\t# include PatternMatchCheck"
-    file.puts "\t\t\t\t# include DependencyCheck"
-    file.puts "\t\t\t\t# include RubyVersionCheck"
-    file.puts ""
-    file.puts "\t\t\t\tdef initialize"
-    file.puts "\t\t\t\t\ttitle   = \"\""
-    file.puts "\t\t\t\t\tmessage = \"\""
-    file.puts "\t\t\t\tend"
-    file.puts "\t\t\tend"
-    file.puts "\t\tend"
-    file.puts "end"
-  end
-  puts "#{rb_filename} created"
-  open(spec_filename, "w") do |file|
-    file.puts "require 'spec_helper'"
-    file.puts "describe \"The #{name} vulnerability\" do"
-    file.puts "\tbefore(:all) do"
-    file.puts "\t\t@check = Dawn::Kb::#{class_name}.new"
-    file.puts "\t\t# @check.debug = true"
-    file.puts "\tend"
-    file.puts "\tit \"is reported when the vulnerable gem is detected\" do"
-    file.puts "\t\t@check.dependencies = [{:name=>\"\", :version=>\"\"}]"
-    file.puts "\t\texpect(@check.vuln?).to   eq(true)"
-    file.puts "\tend"
-    file.puts "\tit \"is not reported when a fixed release is detected\" do"
-    file.puts "\t\t@check.dependencies = [{:name=>\"\", :version=>\"\"}]"
-    file.puts "\t\texpect(@check.vuln?).to   eq(false)"
-    file.puts "\tend"
-    file.puts "end"
-  end
-  puts "#{spec_filename} created"
-  puts "*** PLEASE IMPLEMENT TEST FOR #{name} IN ./spec/lib/dawn/codesake_knowledgebase_spec.rb in order to reflect changes"
-  puts "*** PLEASE ADD THIS CODE IN ./lib/dawn/knowledge_base.rb in order to reflect changes"
-  puts "require \"dawn/kb/#{class_name.downcase}\""
-  puts "it \"must have test for #{name}\" do"
-  puts "  sc = kb.find(\"#{name}\")"
-  puts "  expect(sc).not_to   be_nil"
-  puts "  expect(sc.class).to eq(Dawn::Kb::#{class_name})"
-  puts "end"
-end
-desc "Create a new OSVDB security check"
-task :osvdb, :name do |t,args|
-  name      = args.name
-  SRC_DIR   = "./lib/dawn/kb/"
-  SPEC_DIR  = "./spec/lib/kb/"
-  raise "### It seems that #{name} is already in Dawn knowledge base" unless Dawn::KnowledgeBase.find(nil, name).nil?
-  raise "### Invalid OSVDB identifier: #{name}" if name.nil? or name.empty? or /\d{6}/.match(name).nil?
-  raise "### No target directory: #{SRC_DIR}" unless Dir.exists?(SRC_DIR)
-  raise "### No rspec directory: #{SPEC_DIR}" unless Dir.exists?(SPEC_DIR)
-  puts "Adding #{name} to knowledge base..."
-  name = "OSVDB_"+name
-  rb_filename = SRC_DIR+name.downcase.gsub("-", "_")+".rb"
-  spec_filename = SPEC_DIR+name.downcase.gsub("-", "_")+"_spec.rb"
-  class_name = name.gsub("-", "_")
-  open(rb_filename, "w") do |file|
-    file.puts "module Dawn"
-    file.puts "\t\tmodule Kb"
-    file.puts "\t\t\t# Automatically created with rake on #{Time.now.strftime('%Y-%m-%d')}"
-    file.puts "\t\t\tclass #{class_name}"
-    file.puts "\t\t\t\t# Include the testing skeleton for this Security Check"
-    file.puts "\t\t\t\t# include PatternMatchCheck"
-    file.puts "\t\t\t\t# include DependencyCheck"
-    file.puts "\t\t\t\t# include RubyVersionCheck"
-    file.puts ""
-    file.puts "\t\t\t\tdef initialize"
-    file.puts "\t\t\t\t\ttitle   = \"\""
-    file.puts "\t\t\t\t\tmessage = \"\""
-    file.puts "\t\t\t\tend"
-    file.puts "\t\t\tend"
-    file.puts "\t\tend"
-    file.puts "end"
-  end
-  puts "#{rb_filename} created"
-  open(spec_filename, "w") do |file|
-    file.puts "require 'spec_helper'"
-    file.puts "describe \"The #{name} vulnerability\" do"
-    file.puts "\tbefore(:all) do"
-    file.puts "\t\t@check = Dawn::Kb::#{class_name}.new"
-    file.puts "\t\t# @check.debug = true"
-    file.puts "\tend"
-    file.puts "\tit \"is reported when the vulnerable gem is detected\" do"
-    file.puts "\t\t@check.dependencies = [{:name=>\"\", :version=>\"\"}]"
-    file.puts "\t\texpect(@check.vuln?).to   eq(true)"
-    file.puts "\tend"
-    file.puts "\tit \"is not reported when a fixed release is detected\" do"
-    file.puts "\t\t@check.dependencies = [{:name=>\"\", :version=>\"\"}]"
-    file.puts "\t\texpect(@check.vuln?).to   eq(false)"
-    file.puts "\tend"
-    file.puts "end"
-  end
-  puts "#{spec_filename} created"
-  puts "*** PLEASE IMPLEMENT TEST FOR #{name} IN ./spec/lib/dawn/codesake_knowledgebase_spec.rb in order to reflect changes"
-  puts "*** PLEASE ADD THIS CODE IN ./lib/dawn/knowledge_base.rb in order to reflect changes"
-  puts "require \"dawn/kb/#{class_name.downcase}\""
-  puts "it \"must have test for #{name}\" do"
-  puts "  sc = kb.find(\"#{name}\")"
-  puts "  expect(sc).not_to   be_nil"
-  puts "  expect(sc.class).to eq(Dawn::Kb::#{class_name})"
-  puts "end"
-end
-desc "Create a new Generic security check"
-task :check, :name do |t,args|
-  name      = args.name
-  SRC_DIR   = "./lib/dawn/kb/"
-  SPEC_DIR  = "./spec/lib/kb/"
-  raise "### It seems that #{name} is already in Dawn knowledge base" unless Dawn::KnowledgeBase.find(nil, name).nil?
-  raise "### No target directory: #{SRC_DIR}" unless Dir.exists?(SRC_DIR)
-  raise "### No rspec directory: #{SPEC_DIR}" unless Dir.exists?(SPEC_DIR)
-  puts "Adding #{name} to knowledge base..."
-  rb_filename = SRC_DIR+name.downcase.gsub("-", "_")+".rb"
-  spec_filename = SPEC_DIR+name.downcase.gsub("-", "_")+"_spec.rb"
-  class_name = name.gsub("-", "_")
-  open(rb_filename, "w") do |file|
-    file.puts "module Dawn"
-    file.puts "\t\tmodule Kb"
-    file.puts "\t\t\t# Automatically created with rake on #{Time.now.strftime('%Y-%m-%d')}"
-    file.puts "\t\t\tclass #{class_name}"
-    file.puts "\t\t\t\t# Include the testing skeleton for this Security Check"
-    file.puts "\t\t\t\t# include PatternMatchCheck"
-    file.puts "\t\t\t\t# include DependencyCheck"
-    file.puts "\t\t\t\t# include RubyVersionCheck"
-    file.puts ""
-    file.puts "\t\t\t\tdef initialize"
-    file.puts "\t\t\t\tend"
-    file.puts "\t\t\tend"
-    file.puts "\t\tend"
-    file.puts "end"
-  end
-  puts "#{rb_filename} created"
-  open(spec_filename, "w") do |file|
-    file.puts "require 'spec_helper'"
-    file.puts "describe \"The #{name} vulnerability\" do"
-    file.puts "\tbefore(:all) do"
-    file.puts "\t\t@check = Dawn::Kb::#{class_name}.new"
-    file.puts "\t\t# @check.debug = true"
-    file.puts "\tend"
-    file.puts "\tit \"is reported when...\""
-    file.puts "end"
-  end
-  puts "#{spec_filename} created"
-  puts "*** PLEASE IMPLEMENT TEST FOR #{name} IN ./spec/lib/dawn/codesake_knowledgebase_spec.rb in order to reflect changes"
-  puts "*** PLEASE ADD THIS CODE IN ./lib/dawn/knowledge_base.rb in order to reflect changes"
-  puts "require \"dawn/kb/#{class_name.downcase}\""
-  puts "it \"must have test for #{name}\" do"
-  puts "  sc = kb.find(\"#{name}\")"
-  puts "  sc.should_not   be_nil"
-  puts "  sc.class.should == Dawn::Kb::#{class_name}"
-  puts "end"
-end
 namespace :kb do
   desc 'Check information lint'
   task :lint do
@@ -283,27 +74,8 @@ namespace :kb do
   desc 'Pack the library for shipping'
   task :pack do
-    YAML_KB = File.join(Dir.pwd, 'db')
-    __kb_pack
-  end
-  desc 'Transform all checks to YAML file and pack the library for shipping'
-  task :to_yaml do
-    YAML_KB = File.join(Dir.pwd, 'db')
-    FileUtils.rm_rf YAML_KB
-    FileUtils.mkdir_p YAML_KB
-    Dawn::KnowledgeBase.new.all.each do |check|
-      out_dir = File.join(YAML_KB, check.check_family.to_s)
-      FileUtils.mkdir_p(out_dir) unless Dir.exists? out_dir
-      filename = File.join(out_dir, check.name.gsub(" ", "_").gsub("-", "_") + '.yml')
-      open(filename, 'w') do |f|
-        f.puts(check.to_yaml)
-      end
-      puts "#{filename} created"
-    end
+    YAML_KB = File.join(Dir.home, "dawnscanner", 'db')
+    FileUtils.mkdir_p(YAML_KB)
     __kb_pack
   end
@@ -393,50 +165,46 @@ end
 def __kb_pack
   if Dir.exists? "#{YAML_KB}/bulletin"
-    system "tar cfvz #{YAML_KB}/bulletin.tar.gz #{YAML_KB}/bulletin"
+    system "tar cfvz #{YAML_KB}/bulletin.tar.gz -C #{YAML_KB} bulletin"
     system "rm -rf #{YAML_KB}/bulletin"
     system "shasum -a 256 #{YAML_KB}/bulletin.tar.gz > #{YAML_KB}/bulletin.tar.gz.sig"
   end
   if Dir.exists? "#{YAML_KB}/generic_check"
-    system "tar cfvz #{YAML_KB}/generic_check.tar.gz #{YAML_KB}/generic_check"
+    system "tar cfvz #{YAML_KB}/generic_check.tar.gz -C #{YAML_KB} generic_check"
     system "rm -rf #{YAML_KB}/generic_check"
     system "shasum -a 256 #{YAML_KB}/generic_check.tar.gz > #{YAML_KB}/generic_check.tar.gz.sig"
   end
   if Dir.exists? "#{YAML_KB}/owasp_ror_cheatsheet"
-    system "tar cfvz #{YAML_KB}/owasp_ror_cheatsheet.tar.gz #{YAML_KB}/owasp_ror_cheatsheet"
+    system "tar cfvz #{YAML_KB}/owasp_ror_cheatsheet.tar.gz -C #{YAML_KB} owasp_ror_cheatsheet"
     system "rm -rf #{YAML_KB}/owasp_ror_cheatsheet"
     system "shasum -a 256 #{YAML_KB}/owasp_ror_cheatsheet.tar.gz > #{YAML_KB}/owasp_ror_cheatsheet.tar.gz.sig"
   end
   if Dir.exists? "#{YAML_KB}/code_style"
-    system "tar cfvz #{YAML_KB}/code_style.tar.gz #{YAML_KB}/code_style"
+    system "tar cfvz #{YAML_KB}/code_style.tar.gz -C #{YAML_KB} code_style"
     system "rm -rf #{YAML_KB}/code_style"
     system "shasum -a 256 #{YAML_KB}/code_style.tar.gz > #{YAML_KB}/code_style.tar.gz.sig"
   end
   if Dir.exists? "#{YAML_KB}/code_quality"
-    system "tar cfvz #{YAML_KB}/code_quality.tar.gz #{YAML_KB}/code_quality"
+    system "tar cfvz #{YAML_KB}/code_quality.tar.gz -C #{YAML_KB} code_quality"
     system "rm -rf #{YAML_KB}/code_quality"
     system "shasum -a 256 #{YAML_KB}/code_quality.tar.gz > #{YAML_KB}/code_quality.tar.gz.sig"
   end
   if Dir.exists? "#{YAML_KB}/owasp_top_10"
-    system "tar cfvz #{YAML_KB}/owasp_top_10.tar.gz #{YAML_KB}/owasp_top_10"
+    system "tar cfvz #{YAML_KB}/owasp_top_10.tar.gz -C #{YAML_KB} owasp_top_10"
     system "rm -rf #{YAML_KB}/owasp_top_10"
     system "shasum -a 256 #{YAML_KB}/owasp_top_10.tar.gz > #{YAML_KB}/owasp_top_10.tar.gz.sig"
   end
   open(File.join(YAML_KB, "kb.yaml"), 'w') do |f|
-    f.puts(Dawn::KnowledgeBaseExperimental.kb_descriptor)
+    f.puts(Dawn::KnowledgeBase.kb_descriptor)
   end
   puts "kb.yaml created"
   system "shasum -a 256 #{YAML_KB}/kb.yaml > #{YAML_KB}/kb.yaml.sig"
-  system "tar cfvz #{YAML_KB}/signatures.tar.gz #{YAML_KB}/*.tar.gz.sig"
-  system "rm -rf #{YAML_KB}/*.tar.gz.sig "
-  puts "#{YAML_KB}/signatures.tar.gz created"
   puts "Library ready to be shipped"
 end