RubyGems - dawnscanner - Versions diffs - 1.6.8 → 2.0.0.rc4 - Mend

dawnscanner 1.6.8 → 2.0.0.rc4

Files changed (387) hide show

checksums.yaml +5 -5
data/.gitignore +1 -0
data/.ruby-version +1 -1
data/Changelog.md +27 -1
data/LICENSE.txt +1 -1
data/README.md +59 -57
data/Rakefile +10 -242
data/Roadmap.md +15 -23
data/VERSION +1 -1
data/bin/dawn +17 -273
data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
data/dawnscanner.gemspec +10 -9
data/doc/change.sh +13 -0
data/doc/kickstart_kb.tar.gz +0 -0
data/doc/knowledge_base.rb +650 -0
data/docs/.placeholder +0 -0
data/docs/CNAME +1 -0
data/docs/_config.yml +1 -0
data/lib/dawn/cli/dawn_cli.rb +139 -0
data/lib/dawn/core.rb +8 -7
data/lib/dawn/engine.rb +93 -34
data/lib/dawn/gemfile_lock.rb +2 -2
data/lib/dawn/kb/basic_check.rb +1 -2
data/lib/dawn/kb/combo_check.rb +1 -1
data/lib/dawn/kb/dependency_check.rb +1 -1
data/lib/dawn/kb/operating_system_check.rb +1 -1
data/lib/dawn/kb/pattern_match_check.rb +10 -9
data/lib/dawn/kb/ruby_version_check.rb +11 -10
data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
data/lib/dawn/kb/version_check.rb +41 -24
data/lib/dawn/knowledge_base.rb +259 -595
data/lib/dawn/reporter.rb +2 -1
data/lib/dawn/utils.rb +5 -2
data/lib/dawn/version.rb +5 -5
data/lib/dawnscanner.rb +7 -6
data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
data/spec/lib/kb/dependency_check.yml +29 -0
metadata +30 -496
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
data/lib/dawn/kb/cve_2004_0755.rb +0 -33
data/lib/dawn/kb/cve_2004_0983.rb +0 -31
data/lib/dawn/kb/cve_2005_1992.rb +0 -31
data/lib/dawn/kb/cve_2005_2337.rb +0 -33
data/lib/dawn/kb/cve_2006_1931.rb +0 -30
data/lib/dawn/kb/cve_2006_2582.rb +0 -28
data/lib/dawn/kb/cve_2006_3694.rb +0 -31
data/lib/dawn/kb/cve_2006_4112.rb +0 -27
data/lib/dawn/kb/cve_2006_5467.rb +0 -28
data/lib/dawn/kb/cve_2006_6303.rb +0 -28
data/lib/dawn/kb/cve_2006_6852.rb +0 -27
data/lib/dawn/kb/cve_2006_6979.rb +0 -29
data/lib/dawn/kb/cve_2007_0469.rb +0 -29
data/lib/dawn/kb/cve_2007_5162.rb +0 -28
data/lib/dawn/kb/cve_2007_5379.rb +0 -27
data/lib/dawn/kb/cve_2007_5380.rb +0 -29
data/lib/dawn/kb/cve_2007_5770.rb +0 -30
data/lib/dawn/kb/cve_2007_6077.rb +0 -31
data/lib/dawn/kb/cve_2007_6612.rb +0 -30
data/lib/dawn/kb/cve_2008_1145.rb +0 -38
data/lib/dawn/kb/cve_2008_1891.rb +0 -38
data/lib/dawn/kb/cve_2008_2376.rb +0 -30
data/lib/dawn/kb/cve_2008_2662.rb +0 -33
data/lib/dawn/kb/cve_2008_2663.rb +0 -32
data/lib/dawn/kb/cve_2008_2664.rb +0 -33
data/lib/dawn/kb/cve_2008_2725.rb +0 -31
data/lib/dawn/kb/cve_2008_3655.rb +0 -37
data/lib/dawn/kb/cve_2008_3657.rb +0 -37
data/lib/dawn/kb/cve_2008_3790.rb +0 -30
data/lib/dawn/kb/cve_2008_3905.rb +0 -36
data/lib/dawn/kb/cve_2008_4094.rb +0 -27
data/lib/dawn/kb/cve_2008_4310.rb +0 -100
data/lib/dawn/kb/cve_2008_5189.rb +0 -27
data/lib/dawn/kb/cve_2008_7248.rb +0 -27
data/lib/dawn/kb/cve_2009_4078.rb +0 -29
data/lib/dawn/kb/cve_2009_4124.rb +0 -30
data/lib/dawn/kb/cve_2009_4214.rb +0 -27
data/lib/dawn/kb/cve_2010_1330.rb +0 -28
data/lib/dawn/kb/cve_2010_2489.rb +0 -60
data/lib/dawn/kb/cve_2010_3933.rb +0 -27
data/lib/dawn/kb/cve_2011_0188.rb +0 -67
data/lib/dawn/kb/cve_2011_0446.rb +0 -28
data/lib/dawn/kb/cve_2011_0447.rb +0 -28
data/lib/dawn/kb/cve_2011_0739.rb +0 -28
data/lib/dawn/kb/cve_2011_0995.rb +0 -61
data/lib/dawn/kb/cve_2011_1004.rb +0 -34
data/lib/dawn/kb/cve_2011_1005.rb +0 -31
data/lib/dawn/kb/cve_2011_2197.rb +0 -27
data/lib/dawn/kb/cve_2011_2686.rb +0 -29
data/lib/dawn/kb/cve_2011_2705.rb +0 -32
data/lib/dawn/kb/cve_2011_2929.rb +0 -27
data/lib/dawn/kb/cve_2011_2930.rb +0 -28
data/lib/dawn/kb/cve_2011_2931.rb +0 -30
data/lib/dawn/kb/cve_2011_2932.rb +0 -27
data/lib/dawn/kb/cve_2011_3009.rb +0 -28
data/lib/dawn/kb/cve_2011_3186.rb +0 -29
data/lib/dawn/kb/cve_2011_3187.rb +0 -29
data/lib/dawn/kb/cve_2011_4319.rb +0 -30
data/lib/dawn/kb/cve_2011_4815.rb +0 -28
data/lib/dawn/kb/cve_2011_5036.rb +0 -26
data/lib/dawn/kb/cve_2012_1098.rb +0 -30
data/lib/dawn/kb/cve_2012_1099.rb +0 -27
data/lib/dawn/kb/cve_2012_1241.rb +0 -27
data/lib/dawn/kb/cve_2012_2139.rb +0 -26
data/lib/dawn/kb/cve_2012_2140.rb +0 -27
data/lib/dawn/kb/cve_2012_2660.rb +0 -28
data/lib/dawn/kb/cve_2012_2661.rb +0 -27
data/lib/dawn/kb/cve_2012_2671.rb +0 -28
data/lib/dawn/kb/cve_2012_2694.rb +0 -30
data/lib/dawn/kb/cve_2012_2695.rb +0 -27
data/lib/dawn/kb/cve_2012_3424.rb +0 -29
data/lib/dawn/kb/cve_2012_3463.rb +0 -27
data/lib/dawn/kb/cve_2012_3464.rb +0 -27
data/lib/dawn/kb/cve_2012_3465.rb +0 -26
data/lib/dawn/kb/cve_2012_4464.rb +0 -27
data/lib/dawn/kb/cve_2012_4466.rb +0 -27
data/lib/dawn/kb/cve_2012_4481.rb +0 -26
data/lib/dawn/kb/cve_2012_4522.rb +0 -27
data/lib/dawn/kb/cve_2012_5370.rb +0 -27
data/lib/dawn/kb/cve_2012_5371.rb +0 -27
data/lib/dawn/kb/cve_2012_5380.rb +0 -28
data/lib/dawn/kb/cve_2012_6109.rb +0 -25
data/lib/dawn/kb/cve_2012_6134.rb +0 -27
data/lib/dawn/kb/cve_2012_6496.rb +0 -28
data/lib/dawn/kb/cve_2012_6497.rb +0 -28
data/lib/dawn/kb/cve_2012_6684.rb +0 -28
data/lib/dawn/kb/cve_2013_0155.rb +0 -29
data/lib/dawn/kb/cve_2013_0156.rb +0 -27
data/lib/dawn/kb/cve_2013_0162.rb +0 -28
data/lib/dawn/kb/cve_2013_0175.rb +0 -27
data/lib/dawn/kb/cve_2013_0183.rb +0 -25
data/lib/dawn/kb/cve_2013_0184.rb +0 -25
data/lib/dawn/kb/cve_2013_0233.rb +0 -26
data/lib/dawn/kb/cve_2013_0256.rb +0 -59
data/lib/dawn/kb/cve_2013_0262.rb +0 -26
data/lib/dawn/kb/cve_2013_0263.rb +0 -26
data/lib/dawn/kb/cve_2013_0269.rb +0 -27
data/lib/dawn/kb/cve_2013_0276.rb +0 -28
data/lib/dawn/kb/cve_2013_0277.rb +0 -25
data/lib/dawn/kb/cve_2013_0284.rb +0 -27
data/lib/dawn/kb/cve_2013_0285.rb +0 -27
data/lib/dawn/kb/cve_2013_0333.rb +0 -28
data/lib/dawn/kb/cve_2013_0334.rb +0 -25
data/lib/dawn/kb/cve_2013_1607.rb +0 -25
data/lib/dawn/kb/cve_2013_1655.rb +0 -65
data/lib/dawn/kb/cve_2013_1656.rb +0 -28
data/lib/dawn/kb/cve_2013_1756.rb +0 -26
data/lib/dawn/kb/cve_2013_1800.rb +0 -26
data/lib/dawn/kb/cve_2013_1801.rb +0 -27
data/lib/dawn/kb/cve_2013_1802.rb +0 -27
data/lib/dawn/kb/cve_2013_1812.rb +0 -27
data/lib/dawn/kb/cve_2013_1821.rb +0 -28
data/lib/dawn/kb/cve_2013_1854.rb +0 -26
data/lib/dawn/kb/cve_2013_1855.rb +0 -25
data/lib/dawn/kb/cve_2013_1856.rb +0 -26
data/lib/dawn/kb/cve_2013_1857.rb +0 -27
data/lib/dawn/kb/cve_2013_1875.rb +0 -27
data/lib/dawn/kb/cve_2013_1898.rb +0 -27
data/lib/dawn/kb/cve_2013_1911.rb +0 -28
data/lib/dawn/kb/cve_2013_1933.rb +0 -27
data/lib/dawn/kb/cve_2013_1947.rb +0 -27
data/lib/dawn/kb/cve_2013_1948.rb +0 -27
data/lib/dawn/kb/cve_2013_2065.rb +0 -29
data/lib/dawn/kb/cve_2013_2090.rb +0 -28
data/lib/dawn/kb/cve_2013_2105.rb +0 -26
data/lib/dawn/kb/cve_2013_2119.rb +0 -27
data/lib/dawn/kb/cve_2013_2512.rb +0 -26
data/lib/dawn/kb/cve_2013_2513.rb +0 -25
data/lib/dawn/kb/cve_2013_2516.rb +0 -26
data/lib/dawn/kb/cve_2013_2615.rb +0 -27
data/lib/dawn/kb/cve_2013_2616.rb +0 -27
data/lib/dawn/kb/cve_2013_2617.rb +0 -28
data/lib/dawn/kb/cve_2013_3221.rb +0 -27
data/lib/dawn/kb/cve_2013_4164.rb +0 -30
data/lib/dawn/kb/cve_2013_4203.rb +0 -25
data/lib/dawn/kb/cve_2013_4389.rb +0 -26
data/lib/dawn/kb/cve_2013_4413.rb +0 -27
data/lib/dawn/kb/cve_2013_4457.rb +0 -29
data/lib/dawn/kb/cve_2013_4478.rb +0 -26
data/lib/dawn/kb/cve_2013_4479.rb +0 -26
data/lib/dawn/kb/cve_2013_4489.rb +0 -28
data/lib/dawn/kb/cve_2013_4491.rb +0 -29
data/lib/dawn/kb/cve_2013_4492.rb +0 -29
data/lib/dawn/kb/cve_2013_4562.rb +0 -27
data/lib/dawn/kb/cve_2013_4593.rb +0 -27
data/lib/dawn/kb/cve_2013_5647.rb +0 -29
data/lib/dawn/kb/cve_2013_5671.rb +0 -26
data/lib/dawn/kb/cve_2013_6414.rb +0 -30
data/lib/dawn/kb/cve_2013_6415.rb +0 -29
data/lib/dawn/kb/cve_2013_6416.rb +0 -29
data/lib/dawn/kb/cve_2013_6417.rb +0 -30
data/lib/dawn/kb/cve_2013_6421.rb +0 -28
data/lib/dawn/kb/cve_2013_6459.rb +0 -28
data/lib/dawn/kb/cve_2013_6460.rb +0 -53
data/lib/dawn/kb/cve_2013_6461.rb +0 -57
data/lib/dawn/kb/cve_2013_7086.rb +0 -27
data/lib/dawn/kb/cve_2014_0036.rb +0 -27
data/lib/dawn/kb/cve_2014_0080.rb +0 -29
data/lib/dawn/kb/cve_2014_0081.rb +0 -27
data/lib/dawn/kb/cve_2014_0082.rb +0 -27
data/lib/dawn/kb/cve_2014_0130.rb +0 -27
data/lib/dawn/kb/cve_2014_1233.rb +0 -27
data/lib/dawn/kb/cve_2014_1234.rb +0 -26
data/lib/dawn/kb/cve_2014_2322.rb +0 -28
data/lib/dawn/kb/cve_2014_2525.rb +0 -59
data/lib/dawn/kb/cve_2014_2538.rb +0 -26
data/lib/dawn/kb/cve_2014_3482.rb +0 -28
data/lib/dawn/kb/cve_2014_3483.rb +0 -28
data/lib/dawn/kb/cve_2014_3916.rb +0 -29
data/lib/dawn/kb/cve_2014_4975.rb +0 -28
data/lib/dawn/kb/cve_2014_7818.rb +0 -27
data/lib/dawn/kb/cve_2014_7819.rb +0 -31
data/lib/dawn/kb/cve_2014_7829.rb +0 -30
data/lib/dawn/kb/cve_2014_8090.rb +0 -30
data/lib/dawn/kb/cve_2014_9490.rb +0 -29
data/lib/dawn/kb/cve_2015_1819.rb +0 -34
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
data/lib/dawn/kb/cve_2015_2963.rb +0 -27
data/lib/dawn/kb/cve_2015_3224.rb +0 -26
data/lib/dawn/kb/cve_2015_3225.rb +0 -28
data/lib/dawn/kb/cve_2015_3226.rb +0 -27
data/lib/dawn/kb/cve_2015_3227.rb +0 -28
data/lib/dawn/kb/cve_2015_3448.rb +0 -29
data/lib/dawn/kb/cve_2015_4020.rb +0 -34
data/lib/dawn/kb/cve_2015_5312.rb +0 -30
data/lib/dawn/kb/cve_2015_7497.rb +0 -32
data/lib/dawn/kb/cve_2015_7498.rb +0 -32
data/lib/dawn/kb/cve_2015_7499.rb +0 -32
data/lib/dawn/kb/cve_2015_7500.rb +0 -32
data/lib/dawn/kb/cve_2015_7519.rb +0 -31
data/lib/dawn/kb/cve_2015_7541.rb +0 -31
data/lib/dawn/kb/cve_2015_7576.rb +0 -35
data/lib/dawn/kb/cve_2015_7577.rb +0 -34
data/lib/dawn/kb/cve_2015_7578.rb +0 -30
data/lib/dawn/kb/cve_2015_7579.rb +0 -30
data/lib/dawn/kb/cve_2015_7581.rb +0 -33
data/lib/dawn/kb/cve_2015_8241.rb +0 -32
data/lib/dawn/kb/cve_2015_8242.rb +0 -32
data/lib/dawn/kb/cve_2015_8317.rb +0 -32
data/lib/dawn/kb/cve_2016_0751.rb +0 -32
data/lib/dawn/kb/cve_2016_0752.rb +0 -35
data/lib/dawn/kb/cve_2016_0753.rb +0 -31
data/lib/dawn/kb/cve_2016_2097.rb +0 -35
data/lib/dawn/kb/cve_2016_2098.rb +0 -35
data/lib/dawn/kb/cve_2016_5697.rb +0 -30
data/lib/dawn/kb/cve_2016_6316.rb +0 -33
data/lib/dawn/kb/cve_2016_6317.rb +0 -32
data/lib/dawn/kb/cve_2016_6582.rb +0 -43
data/lib/dawn/kb/not_revised_code.rb +0 -22
data/lib/dawn/kb/osvdb_105971.rb +0 -29
data/lib/dawn/kb/osvdb_108530.rb +0 -27
data/lib/dawn/kb/osvdb_108563.rb +0 -28
data/lib/dawn/kb/osvdb_108569.rb +0 -28
data/lib/dawn/kb/osvdb_108570.rb +0 -27
data/lib/dawn/kb/osvdb_115654.rb +0 -33
data/lib/dawn/kb/osvdb_116010.rb +0 -30
data/lib/dawn/kb/osvdb_117903.rb +0 -30
data/lib/dawn/kb/osvdb_118579.rb +0 -31
data/lib/dawn/kb/osvdb_118830.rb +0 -32
data/lib/dawn/kb/osvdb_118954.rb +0 -33
data/lib/dawn/kb/osvdb_119878.rb +0 -32
data/lib/dawn/kb/osvdb_119927.rb +0 -33
data/lib/dawn/kb/osvdb_120415.rb +0 -31
data/lib/dawn/kb/osvdb_120857.rb +0 -34
data/lib/dawn/kb/osvdb_121701.rb +0 -30
data/lib/dawn/kb/osvdb_132234.rb +0 -34
data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
data/lib/dawn/knowledge_base_experimental.rb +0 -245
data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
metadata.gz.sig +0 -0

data/lib/dawn/kb/cve_2015_1819.rb DELETED Viewed

@@ -1,34 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2015-12-03
-			class CVE_2015_1819
-				# Include the testing skeleton for this CVE
-				# include PatternMatchCheck
-				include DependencyCheck
-				# include RubyVersionCheck
-				def initialize
-          title="Nokogiri denial of service (DoS) Memory Consumption"
-          message="Nokogiri versions before 1.6.6.4 contain a vulnerable version of libxml2 as a C extension. The vulnerability allows for memory consumption denial of service."
-          super({
-            :title=>title,
-            :name=> "CVE-2015-1819",
-            :cve=>"2015-1819",
-            :osvdb=>"",
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
-            :release_date => Date.new(2015, 8, 14),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade nokogiri gem to version 1.6.6.4 or later.",
-            :aux_links=>[""]
-           })
-          self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.6.4']}]
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb DELETED Viewed

@@ -1,28 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2015-07-29
-			class CVE_2015_1840_a
-				include DependencyCheck
-				def initialize
-          message = "jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value."
-          super({
-            :name=>"CVE-2015-1840",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N",
-            :release_date => Date.new(2015, 7, 26),
-            :cwe=>"200",
-            :owasp=>"A8",
-            :applies=>["rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade jquery-ujs and jquery-rails gems to latest version.",
-            :aux_links=>["https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md", "https://github.com/rails/jquery-ujs/blob/master/CHANGELOG.md"]
-           })
-          self.save_major = true
-          self.safe_dependencies = [{:name=>"jquery-rails", :version=>['4.0.2', '3.1.3']}]
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb DELETED Viewed

@@ -1,28 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2015-07-29
-			class CVE_2015_1840_b
-				include DependencyCheck
-				def initialize
-          message = "jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value."
-          super({
-            :name=>"CVE-2015-1840",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N",
-            :release_date => Date.new(2015, 7, 26),
-            :cwe=>"200",
-            :owasp=>"A8",
-            :applies=>["rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade jquery-ujs and jquery-rails gems to latest version.",
-            :aux_links=>["https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md", "https://github.com/rails/jquery-ujs/blob/master/CHANGELOG.md"]
-           })
-          self.safe_dependencies = [{:name=>"jquery-ujs", :version=>['1.0.4']}]
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_2963.rb DELETED Viewed

@@ -1,27 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2015-07-29
-			class CVE_2015_2963
-				include DependencyCheck
-				def initialize
-          message = "The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg."
-          super({
-            :name=>"CVE-2015-2963",
-            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
-            :release_date => Date.new(2015, 7, 10),
-            :cwe=>"79",
-            :owasp=>"A1",
-            :applies=>["sinatra", "padrino", "rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade paperclip gem to latest version.",
-            :aux_links=>["https://github.com/thoughtbot/paperclip/commit/9aee4112f36058cd28d5fe4a006d6981bd1eda57","https://robots.thoughtbot.com/paperclip-security-release"]
-           })
-          self.safe_dependencies = [{:name=>"paperclip", :version=>['4.2.2']}]
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_3224.rb DELETED Viewed

@@ -1,26 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2015-07-29
-			class CVE_2015_3224
-				include DependencyCheck
-				def initialize
-          message = "request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request."
-           super({
-            :name=>"CVE-2015-3224",
-            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
-            :release_date => Date.new(2015, 7, 26),
-            :cwe=>"284",
-            :owasp=>"A9",
-            :applies=>["rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade web-console gem to latest version.",
-            :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/lzmz9_ijUFw/HBMPi4zp5NAJ"]
-           })
-           self.safe_dependencies = [{:name=>"web-console", :version=>['2.1.3']}]
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_3225.rb DELETED Viewed

@@ -1,28 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2015-07-29
-			class CVE_2015_3225
-				include DependencyCheck
-				def initialize
-          message = "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth."
-          super({
-            :name=>"CVE-2015-3225",
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
-            :release_date => Date.new(2015, 7, 26),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["sinatra", "padrino", "rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade rack gem to latest version or at least 1.5.4 or 1.6.2.",
-            :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ"]
-           })
-          self.save_minor = true
-          self.safe_dependencies = [{:name=>"rack", :version=>['1.5.4', '1.6.2']}]
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_3226.rb DELETED Viewed

@@ -1,27 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2015-07-29
-			class CVE_2015_3226
-				include DependencyCheck
-				def initialize
-          message = "Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding."
-          super({
-            :name=>"CVE-2015-3226",
-            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
-            :release_date => Date.new(2015, 7, 26),
-            :cwe=>"79",
-            :owasp=>"A3",
-            :applies=>["sinatra", "padrino", "rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade activesupport gem to latest version or at least 4.1.12 or 4.2.3. This is automatically done by upgrading your Rails environment if you are using it.",
-            :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ"]
-           })
-          self.save_minor = true
-          self.safe_dependencies = [{:name=>"activesupport", :version=>['4.1.12', '4.2.3', '3.99.99']}]
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_3227.rb DELETED Viewed

@@ -1,28 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2015-07-29
-			class CVE_2015_3227
-				include DependencyCheck
-				def initialize
-          message = "The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth."
-          super({
-            :name=>"CVE-2015-3227",
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
-            :release_date => Date.new(2015, 7, 26),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["sinatra", "padrino", "rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade activesupport gem to latest version or at least 4.1.12 or 4.2.3. This is automatically done by upgrading your Rails environment if you are using it.",
-            :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J"]
-           })
-          self.save_minor = true
-          self.safe_dependencies = [{:name=>"activesupport", :version=>['4.1.12', '4.2.3']}]
-          self.save_major = true
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_3448.rb DELETED Viewed

@@ -1,29 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2015-07-30
-			class CVE_2015_3448
-				include DependencyCheck
-				def initialize
-          message = "REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log."
-          super({
-            :name=>"CVE-2015-3448",
-            :cvss=>"AV:L/AC:L/Au:N/C:P/I:N/A:N",
-            :release_date => Date.new(2015, 4, 29),
-            :cwe=>"200",
-            :owasp=>"A9",
-            :osvdb=>"117461",
-            :applies=>["sinatra", "padrino", "rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade rest-client gem to the latest version",
-            :aux_links=>["https://github.com/rest-client/rest-client/issues/349","http://www.osvdb.org/117461"]
-           })
-          self.safe_dependencies = [{:name=>"rest-client", :version=>['1.7.3']}]
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_4020.rb DELETED Viewed

@@ -1,34 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2015-12-02
-			class CVE_2015_4020
-				# Include the testing skeleton for this CVE
-				# include PatternMatchCheck
-				# include DependencyCheck
-				# include RubyVersionCheck
-        include GemCheck
-				def initialize
-          title="RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record Hostname Validation Request Hijacking"
-          message = "RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a 'DNS hijack attack.'"
-          super({
-            :title=>title,
-            :name=> "CVE-2015-4020",
-            :cve=>"2015-4020",
-            :osvdb=>"122162",
-            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
-            :release_date => Date.new(2015, 8, 25),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::GEM_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade rubygem to version 3.2.3 or later.",
-            :aux_links=>[""]
-           })
-          self.safe_versions = [{:version=>['2.0.17', '2.2.5', '2.4.8']}]
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_5312.rb DELETED Viewed

@@ -1,30 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2016-02-01
-			class CVE_2015_5312
-				include DependencyCheck
-				def initialize
-          message = "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660."
-           super({
-            :title=>title,
-            :name=> "CVE-2015-5312",
-            :cve=>"2015-5312",
-            :osvdb=>"",
-            :cvss=>"AV:N/AC:M/Au:N/C:N/I:N/A:C",
-            :release_date => Date.new(2015, 12, 15),
-            :cwe=>"119",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.",
-            :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"]
-           })
-           self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}]
-           self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']}
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_7497.rb DELETED Viewed

@@ -1,32 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2016-02-02
-			class CVE_2015_7497
-				# Include the testing skeleton for this CVE
-				include DependencyCheck
-				def initialize
-          message ="Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors."
-          super({
-            :title=>title,
-            :name=> "CVE-2015-7497",
-            :cve=>"2015-7497",
-            :osvdb=>"",
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
-            :release_date => Date.new(2015, 12, 15),
-            :cwe=>"119",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.",
-            :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"]
-           })
-           self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}]
-           self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']}
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_7498.rb DELETED Viewed

@@ -1,32 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2016-02-02
-			class CVE_2015_7498
-				# Include the testing skeleton for this CVE
-				include DependencyCheck
-				def initialize
-          message = "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure."
-           super({
-            :title=>title,
-            :name=> "CVE-2015-7498",
-            :cve=>"2015-7498",
-            :osvdb=>"",
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
-            :release_date => Date.new(2015, 12, 15),
-            :cwe=>"119",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.",
-            :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"]
-           })
-           self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}]
-           self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']}
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_7499.rb DELETED Viewed

@@ -1,32 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2016-02-02
-			class CVE_2015_7499
-				# Include the testing skeleton for this CVE
-				include DependencyCheck
-				def initialize
-          message="Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors."
-           super({
-            :title=>title,
-            :name=> "CVE-2015-7499",
-            :cve=>"2015-7499",
-            :osvdb=>"",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N",
-            :release_date => Date.new(2015, 12, 15),
-            :cwe=>"119",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.",
-            :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"]
-           })
-           self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}]
-           self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']}
-				end
-			end
-		end
-end

data/lib/dawn/kb/cve_2015_7500.rb DELETED Viewed

@@ -1,32 +0,0 @@
-module Dawn
-		module Kb
-			# Automatically created with rake on 2016-02-02
-			class CVE_2015_7500
-				# Include the testing skeleton for this CVE
-				include DependencyCheck
-				def initialize
-          message = "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags."
-           super({
-            :title=>title,
-            :name=> "CVE-2015-7500",
-            :cve=>"2015-7500",
-            :osvdb=>"",
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
-            :release_date => Date.new(2015, 12, 15),
-            :cwe=>"119",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade nokogiri gem to version 1.6.7.1 or later.",
-            :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"]
-           })
-           self.safe_dependencies = [{:name=>"nokogiri", :version=>['1.6.7.1']}]
-           self.not_affected = {:name=>"nokogiri", :version=>['1.5.x', '1.4.x', '1.3.x', '1.1.x', '1.0.x', '0.x.x']}
-				end
-			end
-		end
-end