RubyGems - dawnscanner - Versions diffs - 1.6.8 → 2.0.0.rc4 - Mend

dawnscanner 1.6.8 → 2.0.0.rc4

Files changed (387) hide show

checksums.yaml +5 -5
data/.gitignore +1 -0
data/.ruby-version +1 -1
data/Changelog.md +27 -1
data/LICENSE.txt +1 -1
data/README.md +59 -57
data/Rakefile +10 -242
data/Roadmap.md +15 -23
data/VERSION +1 -1
data/bin/dawn +17 -273
data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
data/dawnscanner.gemspec +10 -9
data/doc/change.sh +13 -0
data/doc/kickstart_kb.tar.gz +0 -0
data/doc/knowledge_base.rb +650 -0
data/docs/.placeholder +0 -0
data/docs/CNAME +1 -0
data/docs/_config.yml +1 -0
data/lib/dawn/cli/dawn_cli.rb +139 -0
data/lib/dawn/core.rb +8 -7
data/lib/dawn/engine.rb +93 -34
data/lib/dawn/gemfile_lock.rb +2 -2
data/lib/dawn/kb/basic_check.rb +1 -2
data/lib/dawn/kb/combo_check.rb +1 -1
data/lib/dawn/kb/dependency_check.rb +1 -1
data/lib/dawn/kb/operating_system_check.rb +1 -1
data/lib/dawn/kb/pattern_match_check.rb +10 -9
data/lib/dawn/kb/ruby_version_check.rb +11 -10
data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
data/lib/dawn/kb/version_check.rb +41 -24
data/lib/dawn/knowledge_base.rb +259 -595
data/lib/dawn/reporter.rb +2 -1
data/lib/dawn/utils.rb +5 -2
data/lib/dawn/version.rb +5 -5
data/lib/dawnscanner.rb +7 -6
data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
data/spec/lib/kb/dependency_check.yml +29 -0
metadata +30 -496
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
data/lib/dawn/kb/cve_2004_0755.rb +0 -33
data/lib/dawn/kb/cve_2004_0983.rb +0 -31
data/lib/dawn/kb/cve_2005_1992.rb +0 -31
data/lib/dawn/kb/cve_2005_2337.rb +0 -33
data/lib/dawn/kb/cve_2006_1931.rb +0 -30
data/lib/dawn/kb/cve_2006_2582.rb +0 -28
data/lib/dawn/kb/cve_2006_3694.rb +0 -31
data/lib/dawn/kb/cve_2006_4112.rb +0 -27
data/lib/dawn/kb/cve_2006_5467.rb +0 -28
data/lib/dawn/kb/cve_2006_6303.rb +0 -28
data/lib/dawn/kb/cve_2006_6852.rb +0 -27
data/lib/dawn/kb/cve_2006_6979.rb +0 -29
data/lib/dawn/kb/cve_2007_0469.rb +0 -29
data/lib/dawn/kb/cve_2007_5162.rb +0 -28
data/lib/dawn/kb/cve_2007_5379.rb +0 -27
data/lib/dawn/kb/cve_2007_5380.rb +0 -29
data/lib/dawn/kb/cve_2007_5770.rb +0 -30
data/lib/dawn/kb/cve_2007_6077.rb +0 -31
data/lib/dawn/kb/cve_2007_6612.rb +0 -30
data/lib/dawn/kb/cve_2008_1145.rb +0 -38
data/lib/dawn/kb/cve_2008_1891.rb +0 -38
data/lib/dawn/kb/cve_2008_2376.rb +0 -30
data/lib/dawn/kb/cve_2008_2662.rb +0 -33
data/lib/dawn/kb/cve_2008_2663.rb +0 -32
data/lib/dawn/kb/cve_2008_2664.rb +0 -33
data/lib/dawn/kb/cve_2008_2725.rb +0 -31
data/lib/dawn/kb/cve_2008_3655.rb +0 -37
data/lib/dawn/kb/cve_2008_3657.rb +0 -37
data/lib/dawn/kb/cve_2008_3790.rb +0 -30
data/lib/dawn/kb/cve_2008_3905.rb +0 -36
data/lib/dawn/kb/cve_2008_4094.rb +0 -27
data/lib/dawn/kb/cve_2008_4310.rb +0 -100
data/lib/dawn/kb/cve_2008_5189.rb +0 -27
data/lib/dawn/kb/cve_2008_7248.rb +0 -27
data/lib/dawn/kb/cve_2009_4078.rb +0 -29
data/lib/dawn/kb/cve_2009_4124.rb +0 -30
data/lib/dawn/kb/cve_2009_4214.rb +0 -27
data/lib/dawn/kb/cve_2010_1330.rb +0 -28
data/lib/dawn/kb/cve_2010_2489.rb +0 -60
data/lib/dawn/kb/cve_2010_3933.rb +0 -27
data/lib/dawn/kb/cve_2011_0188.rb +0 -67
data/lib/dawn/kb/cve_2011_0446.rb +0 -28
data/lib/dawn/kb/cve_2011_0447.rb +0 -28
data/lib/dawn/kb/cve_2011_0739.rb +0 -28
data/lib/dawn/kb/cve_2011_0995.rb +0 -61
data/lib/dawn/kb/cve_2011_1004.rb +0 -34
data/lib/dawn/kb/cve_2011_1005.rb +0 -31
data/lib/dawn/kb/cve_2011_2197.rb +0 -27
data/lib/dawn/kb/cve_2011_2686.rb +0 -29
data/lib/dawn/kb/cve_2011_2705.rb +0 -32
data/lib/dawn/kb/cve_2011_2929.rb +0 -27
data/lib/dawn/kb/cve_2011_2930.rb +0 -28
data/lib/dawn/kb/cve_2011_2931.rb +0 -30
data/lib/dawn/kb/cve_2011_2932.rb +0 -27
data/lib/dawn/kb/cve_2011_3009.rb +0 -28
data/lib/dawn/kb/cve_2011_3186.rb +0 -29
data/lib/dawn/kb/cve_2011_3187.rb +0 -29
data/lib/dawn/kb/cve_2011_4319.rb +0 -30
data/lib/dawn/kb/cve_2011_4815.rb +0 -28
data/lib/dawn/kb/cve_2011_5036.rb +0 -26
data/lib/dawn/kb/cve_2012_1098.rb +0 -30
data/lib/dawn/kb/cve_2012_1099.rb +0 -27
data/lib/dawn/kb/cve_2012_1241.rb +0 -27
data/lib/dawn/kb/cve_2012_2139.rb +0 -26
data/lib/dawn/kb/cve_2012_2140.rb +0 -27
data/lib/dawn/kb/cve_2012_2660.rb +0 -28
data/lib/dawn/kb/cve_2012_2661.rb +0 -27
data/lib/dawn/kb/cve_2012_2671.rb +0 -28
data/lib/dawn/kb/cve_2012_2694.rb +0 -30
data/lib/dawn/kb/cve_2012_2695.rb +0 -27
data/lib/dawn/kb/cve_2012_3424.rb +0 -29
data/lib/dawn/kb/cve_2012_3463.rb +0 -27
data/lib/dawn/kb/cve_2012_3464.rb +0 -27
data/lib/dawn/kb/cve_2012_3465.rb +0 -26
data/lib/dawn/kb/cve_2012_4464.rb +0 -27
data/lib/dawn/kb/cve_2012_4466.rb +0 -27
data/lib/dawn/kb/cve_2012_4481.rb +0 -26
data/lib/dawn/kb/cve_2012_4522.rb +0 -27
data/lib/dawn/kb/cve_2012_5370.rb +0 -27
data/lib/dawn/kb/cve_2012_5371.rb +0 -27
data/lib/dawn/kb/cve_2012_5380.rb +0 -28
data/lib/dawn/kb/cve_2012_6109.rb +0 -25
data/lib/dawn/kb/cve_2012_6134.rb +0 -27
data/lib/dawn/kb/cve_2012_6496.rb +0 -28
data/lib/dawn/kb/cve_2012_6497.rb +0 -28
data/lib/dawn/kb/cve_2012_6684.rb +0 -28
data/lib/dawn/kb/cve_2013_0155.rb +0 -29
data/lib/dawn/kb/cve_2013_0156.rb +0 -27
data/lib/dawn/kb/cve_2013_0162.rb +0 -28
data/lib/dawn/kb/cve_2013_0175.rb +0 -27
data/lib/dawn/kb/cve_2013_0183.rb +0 -25
data/lib/dawn/kb/cve_2013_0184.rb +0 -25
data/lib/dawn/kb/cve_2013_0233.rb +0 -26
data/lib/dawn/kb/cve_2013_0256.rb +0 -59
data/lib/dawn/kb/cve_2013_0262.rb +0 -26
data/lib/dawn/kb/cve_2013_0263.rb +0 -26
data/lib/dawn/kb/cve_2013_0269.rb +0 -27
data/lib/dawn/kb/cve_2013_0276.rb +0 -28
data/lib/dawn/kb/cve_2013_0277.rb +0 -25
data/lib/dawn/kb/cve_2013_0284.rb +0 -27
data/lib/dawn/kb/cve_2013_0285.rb +0 -27
data/lib/dawn/kb/cve_2013_0333.rb +0 -28
data/lib/dawn/kb/cve_2013_0334.rb +0 -25
data/lib/dawn/kb/cve_2013_1607.rb +0 -25
data/lib/dawn/kb/cve_2013_1655.rb +0 -65
data/lib/dawn/kb/cve_2013_1656.rb +0 -28
data/lib/dawn/kb/cve_2013_1756.rb +0 -26
data/lib/dawn/kb/cve_2013_1800.rb +0 -26
data/lib/dawn/kb/cve_2013_1801.rb +0 -27
data/lib/dawn/kb/cve_2013_1802.rb +0 -27
data/lib/dawn/kb/cve_2013_1812.rb +0 -27
data/lib/dawn/kb/cve_2013_1821.rb +0 -28
data/lib/dawn/kb/cve_2013_1854.rb +0 -26
data/lib/dawn/kb/cve_2013_1855.rb +0 -25
data/lib/dawn/kb/cve_2013_1856.rb +0 -26
data/lib/dawn/kb/cve_2013_1857.rb +0 -27
data/lib/dawn/kb/cve_2013_1875.rb +0 -27
data/lib/dawn/kb/cve_2013_1898.rb +0 -27
data/lib/dawn/kb/cve_2013_1911.rb +0 -28
data/lib/dawn/kb/cve_2013_1933.rb +0 -27
data/lib/dawn/kb/cve_2013_1947.rb +0 -27
data/lib/dawn/kb/cve_2013_1948.rb +0 -27
data/lib/dawn/kb/cve_2013_2065.rb +0 -29
data/lib/dawn/kb/cve_2013_2090.rb +0 -28
data/lib/dawn/kb/cve_2013_2105.rb +0 -26
data/lib/dawn/kb/cve_2013_2119.rb +0 -27
data/lib/dawn/kb/cve_2013_2512.rb +0 -26
data/lib/dawn/kb/cve_2013_2513.rb +0 -25
data/lib/dawn/kb/cve_2013_2516.rb +0 -26
data/lib/dawn/kb/cve_2013_2615.rb +0 -27
data/lib/dawn/kb/cve_2013_2616.rb +0 -27
data/lib/dawn/kb/cve_2013_2617.rb +0 -28
data/lib/dawn/kb/cve_2013_3221.rb +0 -27
data/lib/dawn/kb/cve_2013_4164.rb +0 -30
data/lib/dawn/kb/cve_2013_4203.rb +0 -25
data/lib/dawn/kb/cve_2013_4389.rb +0 -26
data/lib/dawn/kb/cve_2013_4413.rb +0 -27
data/lib/dawn/kb/cve_2013_4457.rb +0 -29
data/lib/dawn/kb/cve_2013_4478.rb +0 -26
data/lib/dawn/kb/cve_2013_4479.rb +0 -26
data/lib/dawn/kb/cve_2013_4489.rb +0 -28
data/lib/dawn/kb/cve_2013_4491.rb +0 -29
data/lib/dawn/kb/cve_2013_4492.rb +0 -29
data/lib/dawn/kb/cve_2013_4562.rb +0 -27
data/lib/dawn/kb/cve_2013_4593.rb +0 -27
data/lib/dawn/kb/cve_2013_5647.rb +0 -29
data/lib/dawn/kb/cve_2013_5671.rb +0 -26
data/lib/dawn/kb/cve_2013_6414.rb +0 -30
data/lib/dawn/kb/cve_2013_6415.rb +0 -29
data/lib/dawn/kb/cve_2013_6416.rb +0 -29
data/lib/dawn/kb/cve_2013_6417.rb +0 -30
data/lib/dawn/kb/cve_2013_6421.rb +0 -28
data/lib/dawn/kb/cve_2013_6459.rb +0 -28
data/lib/dawn/kb/cve_2013_6460.rb +0 -53
data/lib/dawn/kb/cve_2013_6461.rb +0 -57
data/lib/dawn/kb/cve_2013_7086.rb +0 -27
data/lib/dawn/kb/cve_2014_0036.rb +0 -27
data/lib/dawn/kb/cve_2014_0080.rb +0 -29
data/lib/dawn/kb/cve_2014_0081.rb +0 -27
data/lib/dawn/kb/cve_2014_0082.rb +0 -27
data/lib/dawn/kb/cve_2014_0130.rb +0 -27
data/lib/dawn/kb/cve_2014_1233.rb +0 -27
data/lib/dawn/kb/cve_2014_1234.rb +0 -26
data/lib/dawn/kb/cve_2014_2322.rb +0 -28
data/lib/dawn/kb/cve_2014_2525.rb +0 -59
data/lib/dawn/kb/cve_2014_2538.rb +0 -26
data/lib/dawn/kb/cve_2014_3482.rb +0 -28
data/lib/dawn/kb/cve_2014_3483.rb +0 -28
data/lib/dawn/kb/cve_2014_3916.rb +0 -29
data/lib/dawn/kb/cve_2014_4975.rb +0 -28
data/lib/dawn/kb/cve_2014_7818.rb +0 -27
data/lib/dawn/kb/cve_2014_7819.rb +0 -31
data/lib/dawn/kb/cve_2014_7829.rb +0 -30
data/lib/dawn/kb/cve_2014_8090.rb +0 -30
data/lib/dawn/kb/cve_2014_9490.rb +0 -29
data/lib/dawn/kb/cve_2015_1819.rb +0 -34
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
data/lib/dawn/kb/cve_2015_2963.rb +0 -27
data/lib/dawn/kb/cve_2015_3224.rb +0 -26
data/lib/dawn/kb/cve_2015_3225.rb +0 -28
data/lib/dawn/kb/cve_2015_3226.rb +0 -27
data/lib/dawn/kb/cve_2015_3227.rb +0 -28
data/lib/dawn/kb/cve_2015_3448.rb +0 -29
data/lib/dawn/kb/cve_2015_4020.rb +0 -34
data/lib/dawn/kb/cve_2015_5312.rb +0 -30
data/lib/dawn/kb/cve_2015_7497.rb +0 -32
data/lib/dawn/kb/cve_2015_7498.rb +0 -32
data/lib/dawn/kb/cve_2015_7499.rb +0 -32
data/lib/dawn/kb/cve_2015_7500.rb +0 -32
data/lib/dawn/kb/cve_2015_7519.rb +0 -31
data/lib/dawn/kb/cve_2015_7541.rb +0 -31
data/lib/dawn/kb/cve_2015_7576.rb +0 -35
data/lib/dawn/kb/cve_2015_7577.rb +0 -34
data/lib/dawn/kb/cve_2015_7578.rb +0 -30
data/lib/dawn/kb/cve_2015_7579.rb +0 -30
data/lib/dawn/kb/cve_2015_7581.rb +0 -33
data/lib/dawn/kb/cve_2015_8241.rb +0 -32
data/lib/dawn/kb/cve_2015_8242.rb +0 -32
data/lib/dawn/kb/cve_2015_8317.rb +0 -32
data/lib/dawn/kb/cve_2016_0751.rb +0 -32
data/lib/dawn/kb/cve_2016_0752.rb +0 -35
data/lib/dawn/kb/cve_2016_0753.rb +0 -31
data/lib/dawn/kb/cve_2016_2097.rb +0 -35
data/lib/dawn/kb/cve_2016_2098.rb +0 -35
data/lib/dawn/kb/cve_2016_5697.rb +0 -30
data/lib/dawn/kb/cve_2016_6316.rb +0 -33
data/lib/dawn/kb/cve_2016_6317.rb +0 -32
data/lib/dawn/kb/cve_2016_6582.rb +0 -43
data/lib/dawn/kb/not_revised_code.rb +0 -22
data/lib/dawn/kb/osvdb_105971.rb +0 -29
data/lib/dawn/kb/osvdb_108530.rb +0 -27
data/lib/dawn/kb/osvdb_108563.rb +0 -28
data/lib/dawn/kb/osvdb_108569.rb +0 -28
data/lib/dawn/kb/osvdb_108570.rb +0 -27
data/lib/dawn/kb/osvdb_115654.rb +0 -33
data/lib/dawn/kb/osvdb_116010.rb +0 -30
data/lib/dawn/kb/osvdb_117903.rb +0 -30
data/lib/dawn/kb/osvdb_118579.rb +0 -31
data/lib/dawn/kb/osvdb_118830.rb +0 -32
data/lib/dawn/kb/osvdb_118954.rb +0 -33
data/lib/dawn/kb/osvdb_119878.rb +0 -32
data/lib/dawn/kb/osvdb_119927.rb +0 -33
data/lib/dawn/kb/osvdb_120415.rb +0 -31
data/lib/dawn/kb/osvdb_120857.rb +0 -34
data/lib/dawn/kb/osvdb_121701.rb +0 -30
data/lib/dawn/kb/osvdb_132234.rb +0 -34
data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
data/lib/dawn/knowledge_base_experimental.rb +0 -245
data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
metadata.gz.sig +0 -0

data/lib/dawn/kb/cve_2013_0285.rb DELETED Viewed

@@ -1,27 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-05-21
-			class CVE_2013_0285
-				include DependencyCheck
-				def initialize
-          message= "The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156."
-           super({
-            :name=>"CVE-2013-0285",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2013, 4, 9),
-            :cwe=>"20",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade nori gem to version 2.0.2, 1.1.4, 1.0.3 or latest version available",
-            :aux_links=>["https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately"]
-          })
-          self.safe_dependencies = [{:name=>"nori", :version=>['1.0.3', '1.1.4', '2.0.2']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_0333.rb DELETED Viewed

@@ -1,28 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-04-30
-			class CVE_2013_0333
-				include DependencyCheck
-				def initialize
-          message = "lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156."
-          super({
-            :name=>"CVE-2013-0333",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2013, 1, 30),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade rails version at least to 2.3.16 or 3.0.20. As a general rule, using the latest stable rails version is recommended.",
-            :aux_links=>["https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo"]
-          })
-          self.safe_dependencies = [{:name=>"rails", :version=>['2.3.16', '3.0.20']}]
-          self.aux_mitigation_gem = {:name=>"yajl", :versione=>['any']}
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_0334.rb DELETED Viewed

@@ -1,25 +0,0 @@
-	module Dawn
-		module Kb
-			class CVE_2013_0334
-				include DependencyCheck
-				def initialize
-          message = "CVE-2013-0334: Bundler Gem for Ruby Multiple Top-level Source Lines Gemfile Handling Gem Installation Spoofing"
-          super({
-            :name=>"CVE-2013-0334",
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:P/A:N",
-            :release_date => Date.new(2014, 8, 13),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade bundler gem to 1.7.0 or later",
-            :aux_links=>["http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0334"]
-          })
-          self.safe_dependencies = [{:name=>"bundler", :version=>['1.7.0']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_1607.rb DELETED Viewed

@@ -1,25 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-02-07
-			class CVE_2013_1607
-				include DependencyCheck
-				def initialize
-          message = "PDFKit Gem for Ruby contains a flaw that is due to the program failing to properly validate input during the handling of parameters when generating PDF files. This may allow a remote attacker to potentially execute arbitrary code via the pdfkit generation options."
-          super({
-            :name=>"CVE-2013-1607",
-            :cvss=>"",
-            :release_date => Date.new(2013, 2, 21),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"To mitigate this vulnerability you must upgrade pdfkit gem version to 0.5.3 or higher.",
-            :aux_links=>["https://github.com/pdfkit/pdfkit/issues/164"]
-          })
-          self.safe_dependencies = [{:name=>"pdfkit", :version=>['0.5.3']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_1655.rb DELETED Viewed

@@ -1,65 +0,0 @@
-	module Dawn
-		module Kb
-      class CVE_2013_1655_a
-				include DependencyCheck
-        def initialize
-          message = "CVE-2013-1655: puppet versions 2.7.21 and 3.1.1 are vulnerable"
-          super({
-            :name=>"CVE-2013-1655_a",
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-          })
-          self.safe_dependencies = [{:name=>"puppet", :version=>['2.7.21', '3.1.1']}]
-        end
-      end
-      class CVE_2013_1655_b
-        include RubyVersionCheck
-        def initialize
-          message = "CVE-2013-1655: puppet versions 2.7.21 and 3.1.1 are vulnerable only when running ruby 1.9.3 and 2.0.2"
-          super({
-            :name=>"CVE-2013-1655_b",
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-          })
-          self.safe_rubies = [
-            {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p357"},
-            {:engine=>"ruby", :version=>"1.9.4", :patchlevel=>"p0"},
-            {:engine=>"ruby", :version=>"2.0.1", :patchlevel=>"p0"}]
-        end
-      end
-      class CVE_2013_1655
-        include ComboCheck
-        def initialize
-          message = "Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when
-          running Ruby 1.9.3 or later, allows remote attackers to execute
-          arbitrary code via vectors related to \"serialized attributes.\""
-          super({
-            :name=>"CVE-2013-1655",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2013, 3, 20),
-            :cwe=>"20",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::COMBO_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade puppet gem to a newer version",
-            :aux_links=>["https://puppetlabs.com/security/cve/cve-2013-1655/"],
-            :checks=>[CVE_2013_1655_a.new, CVE_2013_1655_b.new]
-          })
-        end
-      end
-    end
-  end

data/lib/dawn/kb/cve_2013_1656.rb DELETED Viewed

@@ -1,28 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-05-20
-			class CVE_2013_1656
-				include DependencyCheck
-				def initialize
-          message = "Spree Commerce 1.0.x through 1.3.2 allow remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/controllers/spree/admin/payment_methods_controller.rb; and the (2) promotion_action parameter to promotion_actions_controller.rb, (3) promotion_rule parameter to promotion_rules_controller.rb, and (4) calculator_type parameter to promotions_controller.rb in promo/app/controllers/spree/admin/, related to unsafe use of the constantize function."
-          super({
-            :name=>'CVE-2013-1656',
-            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
-            :release_date => Date.new(2013, 3, 8),
-            :cwe=>"20",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind => Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message => message,
-            :mitigation=>"Please upgrade Spree commerce rubygem",
-            :aux_links => ["http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed"]
-          })
-          self.safe_dependencies = [{:name=>"spree", :version=>['1.3.3']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_1756.rb DELETED Viewed

@@ -1,26 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-15
-			class CVE_2013_1756
-				include DependencyCheck
-				def initialize
-          message = "Dragonfly Gem for Ruby contains a flaw that is triggered during the parsing of a specially crafted request. This may allow a remote attacker to execute arbitrary code."
-          super({
-            :name=>'CVE-2013-1756',
-            :cvss=>"",
-            :release_date => Date.new(2013, 2, 19),
-            :cwe=>"20",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind => Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message => message,
-            :mitigation=>"Please upgrade dragonfly gem to 0.9.13. However the maintainer suggests upgrading to 0.9.14 since it fix another non security related bug",
-            :aux_links => ["http://www.osvdb.com/show/osvdb/90647"]
-          })
-          self.safe_dependencies = [{:name=>"dragonfly", :version=>['0.9.13']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_1800.rb DELETED Viewed

@@ -1,26 +0,0 @@
-  module Dawn
-    module Kb
-      class CVE_2013_1800
-        include DependencyCheck
-        def initialize
-          message = "The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156."
-          super({:name=>"CVE-2013-1800",
-                :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-                :release_date => Date.new(2013, 4, 9),
-                :cwe=>"264",
-                :owasp=>"A9",
-                :applies=>["sinatra", "padrino", "rails"],
-                :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-                :message=>message,
-                :mitigation=>"Please use crack gem version 0.3.2 or above. Correct your gemfile"
-          })
-          self.safe_dependencies = [{:name=>'crack', :version=>['0.3.2']}]
-        end
-      end
-    end
-  end

data/lib/dawn/kb/cve_2013_1801.rb DELETED Viewed

@@ -1,27 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-05-21
-			class CVE_2013_1801
-				include DependencyCheck
-				def initialize
-          message = "The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156."
-           super({
-            :name=>"CVE-2013-1801",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2013, 4, 9),
-            :cwe=>"264",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade httparty gem to version 0.9.0 or latest version available",
-            :aux_links=>["https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately"]
-          })
-          self.safe_dependencies = [{:name=>"httparty", :version=>['0.9.0']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_1802.rb DELETED Viewed

@@ -1,27 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-05-21
-			class CVE_2013_1802
-				include DependencyCheck
-				def initialize
-          message= "The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156."
-           super({
-            :name=>"CVE-2013-1802",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2013, 4, 9),
-            :cwe=>"264",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade extlib gem to version 0.9.16 or latest version available",
-            :aux_links=>["https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately"]
-          })
-          self.safe_dependencies = [{:name=>"extlib", :version=>['0.9.16']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_1812.rb DELETED Viewed

@@ -1,27 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-12-17
-			class CVE_2013_1812
-				include DependencyCheck
-				def initialize
-          message = "The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack."
-           super({
-            :name=>'CVE-2013-1812',
-            :cvss=>"AV:N/AC:M/Au:N/C:N/I:N/A:P",
-            :release_date => Date.new(2013, 12, 12),
-            :cwe=>"399",
-            :owasp=>"A9",
-            :applies=>["rails", "padrino", "sinatra"],
-            :kind => Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message => message,
-            :mitigation=>"Please upgrade ruby-openid rubygem",
-            :aux_links => ["http://www.openwall.com/lists/oss-security/2013/03/03/8"]
-          })
-          self.safe_dependencies = [{:name=>"ruby-openid", :version=>['2.2.2']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_1821.rb DELETED Viewed

@@ -1,28 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-05-22
-			class CVE_2013_1821
-				include RubyVersionCheck
-				def initialize
-          message="lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 and 2.0.0-p0 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack."
-          super({
-            :name=>"CVE-2013-1821",
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
-            :release_date => Date.new(2013, 4, 9),
-            :cwe=>"20",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade ruby interpreter to 1.9.3-p392 or 2.0.0-p195 or latest version available",
-            :aux_links=>["http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/"]
-          })
-          self.safe_rubies = [{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p392"}, {:engine=>"ruby", :version=>"2.0.0", :patchlevel=>"p195"}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_1854.rb DELETED Viewed

@@ -1,26 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-05-16
-			class CVE_2013_1854
-				include DependencyCheck
-				def initialize
-          message = "The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method."
-          super({
-            :name=>'CVE-2013-1854',
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
-            :release_date => Date.new(2013, 3, 19),
-            :cwe=>"20",
-            :owasp=>"A9",
-            :applies=>["rails"],
-            :kind => Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message => message,
-            :mitigation=>"Please upgrade rails version at least to 2.3.18, 3.1.12 and 3.2.13. As a general rule, using the latest stable rails version is recommended.",
-            :aux_links => ["https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain"]
-          })
-          self.safe_dependencies = [{:name=>"rails", :version=>['2.3.18', '3.2.13', '3.1.12']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_1855.rb DELETED Viewed

@@ -1,25 +0,0 @@
-  module Dawn
-    module Kb
-      class CVE_2013_1855
-				include DependencyCheck
-        def initialize
-          message = "The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \\n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences."
-          super({
-            :name=>'CVE-2013-1855',
-            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
-            :release_date => Date.new(2013, 3, 19),
-            :cwe=>"79",
-            :owasp=>"A3",
-            :applies=>["rails"],
-            :kind => Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message => message,
-            :mitigation=>"Please upgrade rails version at least to 2.3.18, 3.0.8, 3.1.12 and 3.2.13. As a general rule, using the latest stable rails version is recommended.",
-            :aux_links => ["https://groups.google.com/d/msg/rubyonrails-security/4_QHo4BqnN8/_RrdfKk12I4J"]
-          })
-          self.safe_dependencies = [{:name=>"rails", :version=>['2.3.18', '3.0.8', '3.2.13', '3.1.12']}]
-        end
-      end
-    end
-  end

data/lib/dawn/kb/cve_2013_1856.rb DELETED Viewed

@@ -1,26 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-05-16
-			class CVE_2013_1856
-				include DependencyCheck
-				def initialize
-          message= "The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference."
-         super({
-            :name=>'CVE-2013-1856',
-            :cvss=>"AV:N/AC:M/Au:N/C:P/I:N/A:P",
-            :release_date => Date.new(2013, 3, 19),
-            :cwe=>"20",
-            :owasp=>"A9",
-            :applies=>["rails"],
-            :kind => Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message => message,
-            :mitigation=>"Please upgrade rails version at least to 3.1.12 and 3.2.13. As a general rule, using the latest stable rails version is recommended.",
-            :aux_links => ["https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain"]
-          })
-          self.safe_dependencies = [{:name=>"rails", :version=>['3.2.13', '3.1.12']}]
-				end
-			end
-		end
-	end