dawnscanner 1.6.8 → 2.0.0.rc4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (387) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +1 -0
  3. data/.ruby-version +1 -1
  4. data/Changelog.md +27 -1
  5. data/LICENSE.txt +1 -1
  6. data/README.md +59 -57
  7. data/Rakefile +10 -242
  8. data/Roadmap.md +15 -23
  9. data/VERSION +1 -1
  10. data/bin/dawn +17 -273
  11. data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
  12. data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
  13. data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
  14. data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
  15. data/dawnscanner.gemspec +10 -9
  16. data/doc/change.sh +13 -0
  17. data/doc/kickstart_kb.tar.gz +0 -0
  18. data/doc/knowledge_base.rb +650 -0
  19. data/docs/.placeholder +0 -0
  20. data/docs/CNAME +1 -0
  21. data/docs/_config.yml +1 -0
  22. data/lib/dawn/cli/dawn_cli.rb +139 -0
  23. data/lib/dawn/core.rb +8 -7
  24. data/lib/dawn/engine.rb +93 -34
  25. data/lib/dawn/gemfile_lock.rb +2 -2
  26. data/lib/dawn/kb/basic_check.rb +1 -2
  27. data/lib/dawn/kb/combo_check.rb +1 -1
  28. data/lib/dawn/kb/dependency_check.rb +1 -1
  29. data/lib/dawn/kb/operating_system_check.rb +1 -1
  30. data/lib/dawn/kb/pattern_match_check.rb +10 -9
  31. data/lib/dawn/kb/ruby_version_check.rb +11 -10
  32. data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
  33. data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
  34. data/lib/dawn/kb/version_check.rb +41 -24
  35. data/lib/dawn/knowledge_base.rb +259 -595
  36. data/lib/dawn/reporter.rb +2 -1
  37. data/lib/dawn/utils.rb +5 -2
  38. data/lib/dawn/version.rb +5 -5
  39. data/lib/dawnscanner.rb +7 -6
  40. data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
  41. data/spec/lib/kb/dependency_check.yml +29 -0
  42. metadata +30 -496
  43. checksums.yaml.gz.sig +0 -0
  44. data.tar.gz.sig +0 -0
  45. data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
  46. data/lib/dawn/kb/cve_2004_0755.rb +0 -33
  47. data/lib/dawn/kb/cve_2004_0983.rb +0 -31
  48. data/lib/dawn/kb/cve_2005_1992.rb +0 -31
  49. data/lib/dawn/kb/cve_2005_2337.rb +0 -33
  50. data/lib/dawn/kb/cve_2006_1931.rb +0 -30
  51. data/lib/dawn/kb/cve_2006_2582.rb +0 -28
  52. data/lib/dawn/kb/cve_2006_3694.rb +0 -31
  53. data/lib/dawn/kb/cve_2006_4112.rb +0 -27
  54. data/lib/dawn/kb/cve_2006_5467.rb +0 -28
  55. data/lib/dawn/kb/cve_2006_6303.rb +0 -28
  56. data/lib/dawn/kb/cve_2006_6852.rb +0 -27
  57. data/lib/dawn/kb/cve_2006_6979.rb +0 -29
  58. data/lib/dawn/kb/cve_2007_0469.rb +0 -29
  59. data/lib/dawn/kb/cve_2007_5162.rb +0 -28
  60. data/lib/dawn/kb/cve_2007_5379.rb +0 -27
  61. data/lib/dawn/kb/cve_2007_5380.rb +0 -29
  62. data/lib/dawn/kb/cve_2007_5770.rb +0 -30
  63. data/lib/dawn/kb/cve_2007_6077.rb +0 -31
  64. data/lib/dawn/kb/cve_2007_6612.rb +0 -30
  65. data/lib/dawn/kb/cve_2008_1145.rb +0 -38
  66. data/lib/dawn/kb/cve_2008_1891.rb +0 -38
  67. data/lib/dawn/kb/cve_2008_2376.rb +0 -30
  68. data/lib/dawn/kb/cve_2008_2662.rb +0 -33
  69. data/lib/dawn/kb/cve_2008_2663.rb +0 -32
  70. data/lib/dawn/kb/cve_2008_2664.rb +0 -33
  71. data/lib/dawn/kb/cve_2008_2725.rb +0 -31
  72. data/lib/dawn/kb/cve_2008_3655.rb +0 -37
  73. data/lib/dawn/kb/cve_2008_3657.rb +0 -37
  74. data/lib/dawn/kb/cve_2008_3790.rb +0 -30
  75. data/lib/dawn/kb/cve_2008_3905.rb +0 -36
  76. data/lib/dawn/kb/cve_2008_4094.rb +0 -27
  77. data/lib/dawn/kb/cve_2008_4310.rb +0 -100
  78. data/lib/dawn/kb/cve_2008_5189.rb +0 -27
  79. data/lib/dawn/kb/cve_2008_7248.rb +0 -27
  80. data/lib/dawn/kb/cve_2009_4078.rb +0 -29
  81. data/lib/dawn/kb/cve_2009_4124.rb +0 -30
  82. data/lib/dawn/kb/cve_2009_4214.rb +0 -27
  83. data/lib/dawn/kb/cve_2010_1330.rb +0 -28
  84. data/lib/dawn/kb/cve_2010_2489.rb +0 -60
  85. data/lib/dawn/kb/cve_2010_3933.rb +0 -27
  86. data/lib/dawn/kb/cve_2011_0188.rb +0 -67
  87. data/lib/dawn/kb/cve_2011_0446.rb +0 -28
  88. data/lib/dawn/kb/cve_2011_0447.rb +0 -28
  89. data/lib/dawn/kb/cve_2011_0739.rb +0 -28
  90. data/lib/dawn/kb/cve_2011_0995.rb +0 -61
  91. data/lib/dawn/kb/cve_2011_1004.rb +0 -34
  92. data/lib/dawn/kb/cve_2011_1005.rb +0 -31
  93. data/lib/dawn/kb/cve_2011_2197.rb +0 -27
  94. data/lib/dawn/kb/cve_2011_2686.rb +0 -29
  95. data/lib/dawn/kb/cve_2011_2705.rb +0 -32
  96. data/lib/dawn/kb/cve_2011_2929.rb +0 -27
  97. data/lib/dawn/kb/cve_2011_2930.rb +0 -28
  98. data/lib/dawn/kb/cve_2011_2931.rb +0 -30
  99. data/lib/dawn/kb/cve_2011_2932.rb +0 -27
  100. data/lib/dawn/kb/cve_2011_3009.rb +0 -28
  101. data/lib/dawn/kb/cve_2011_3186.rb +0 -29
  102. data/lib/dawn/kb/cve_2011_3187.rb +0 -29
  103. data/lib/dawn/kb/cve_2011_4319.rb +0 -30
  104. data/lib/dawn/kb/cve_2011_4815.rb +0 -28
  105. data/lib/dawn/kb/cve_2011_5036.rb +0 -26
  106. data/lib/dawn/kb/cve_2012_1098.rb +0 -30
  107. data/lib/dawn/kb/cve_2012_1099.rb +0 -27
  108. data/lib/dawn/kb/cve_2012_1241.rb +0 -27
  109. data/lib/dawn/kb/cve_2012_2139.rb +0 -26
  110. data/lib/dawn/kb/cve_2012_2140.rb +0 -27
  111. data/lib/dawn/kb/cve_2012_2660.rb +0 -28
  112. data/lib/dawn/kb/cve_2012_2661.rb +0 -27
  113. data/lib/dawn/kb/cve_2012_2671.rb +0 -28
  114. data/lib/dawn/kb/cve_2012_2694.rb +0 -30
  115. data/lib/dawn/kb/cve_2012_2695.rb +0 -27
  116. data/lib/dawn/kb/cve_2012_3424.rb +0 -29
  117. data/lib/dawn/kb/cve_2012_3463.rb +0 -27
  118. data/lib/dawn/kb/cve_2012_3464.rb +0 -27
  119. data/lib/dawn/kb/cve_2012_3465.rb +0 -26
  120. data/lib/dawn/kb/cve_2012_4464.rb +0 -27
  121. data/lib/dawn/kb/cve_2012_4466.rb +0 -27
  122. data/lib/dawn/kb/cve_2012_4481.rb +0 -26
  123. data/lib/dawn/kb/cve_2012_4522.rb +0 -27
  124. data/lib/dawn/kb/cve_2012_5370.rb +0 -27
  125. data/lib/dawn/kb/cve_2012_5371.rb +0 -27
  126. data/lib/dawn/kb/cve_2012_5380.rb +0 -28
  127. data/lib/dawn/kb/cve_2012_6109.rb +0 -25
  128. data/lib/dawn/kb/cve_2012_6134.rb +0 -27
  129. data/lib/dawn/kb/cve_2012_6496.rb +0 -28
  130. data/lib/dawn/kb/cve_2012_6497.rb +0 -28
  131. data/lib/dawn/kb/cve_2012_6684.rb +0 -28
  132. data/lib/dawn/kb/cve_2013_0155.rb +0 -29
  133. data/lib/dawn/kb/cve_2013_0156.rb +0 -27
  134. data/lib/dawn/kb/cve_2013_0162.rb +0 -28
  135. data/lib/dawn/kb/cve_2013_0175.rb +0 -27
  136. data/lib/dawn/kb/cve_2013_0183.rb +0 -25
  137. data/lib/dawn/kb/cve_2013_0184.rb +0 -25
  138. data/lib/dawn/kb/cve_2013_0233.rb +0 -26
  139. data/lib/dawn/kb/cve_2013_0256.rb +0 -59
  140. data/lib/dawn/kb/cve_2013_0262.rb +0 -26
  141. data/lib/dawn/kb/cve_2013_0263.rb +0 -26
  142. data/lib/dawn/kb/cve_2013_0269.rb +0 -27
  143. data/lib/dawn/kb/cve_2013_0276.rb +0 -28
  144. data/lib/dawn/kb/cve_2013_0277.rb +0 -25
  145. data/lib/dawn/kb/cve_2013_0284.rb +0 -27
  146. data/lib/dawn/kb/cve_2013_0285.rb +0 -27
  147. data/lib/dawn/kb/cve_2013_0333.rb +0 -28
  148. data/lib/dawn/kb/cve_2013_0334.rb +0 -25
  149. data/lib/dawn/kb/cve_2013_1607.rb +0 -25
  150. data/lib/dawn/kb/cve_2013_1655.rb +0 -65
  151. data/lib/dawn/kb/cve_2013_1656.rb +0 -28
  152. data/lib/dawn/kb/cve_2013_1756.rb +0 -26
  153. data/lib/dawn/kb/cve_2013_1800.rb +0 -26
  154. data/lib/dawn/kb/cve_2013_1801.rb +0 -27
  155. data/lib/dawn/kb/cve_2013_1802.rb +0 -27
  156. data/lib/dawn/kb/cve_2013_1812.rb +0 -27
  157. data/lib/dawn/kb/cve_2013_1821.rb +0 -28
  158. data/lib/dawn/kb/cve_2013_1854.rb +0 -26
  159. data/lib/dawn/kb/cve_2013_1855.rb +0 -25
  160. data/lib/dawn/kb/cve_2013_1856.rb +0 -26
  161. data/lib/dawn/kb/cve_2013_1857.rb +0 -27
  162. data/lib/dawn/kb/cve_2013_1875.rb +0 -27
  163. data/lib/dawn/kb/cve_2013_1898.rb +0 -27
  164. data/lib/dawn/kb/cve_2013_1911.rb +0 -28
  165. data/lib/dawn/kb/cve_2013_1933.rb +0 -27
  166. data/lib/dawn/kb/cve_2013_1947.rb +0 -27
  167. data/lib/dawn/kb/cve_2013_1948.rb +0 -27
  168. data/lib/dawn/kb/cve_2013_2065.rb +0 -29
  169. data/lib/dawn/kb/cve_2013_2090.rb +0 -28
  170. data/lib/dawn/kb/cve_2013_2105.rb +0 -26
  171. data/lib/dawn/kb/cve_2013_2119.rb +0 -27
  172. data/lib/dawn/kb/cve_2013_2512.rb +0 -26
  173. data/lib/dawn/kb/cve_2013_2513.rb +0 -25
  174. data/lib/dawn/kb/cve_2013_2516.rb +0 -26
  175. data/lib/dawn/kb/cve_2013_2615.rb +0 -27
  176. data/lib/dawn/kb/cve_2013_2616.rb +0 -27
  177. data/lib/dawn/kb/cve_2013_2617.rb +0 -28
  178. data/lib/dawn/kb/cve_2013_3221.rb +0 -27
  179. data/lib/dawn/kb/cve_2013_4164.rb +0 -30
  180. data/lib/dawn/kb/cve_2013_4203.rb +0 -25
  181. data/lib/dawn/kb/cve_2013_4389.rb +0 -26
  182. data/lib/dawn/kb/cve_2013_4413.rb +0 -27
  183. data/lib/dawn/kb/cve_2013_4457.rb +0 -29
  184. data/lib/dawn/kb/cve_2013_4478.rb +0 -26
  185. data/lib/dawn/kb/cve_2013_4479.rb +0 -26
  186. data/lib/dawn/kb/cve_2013_4489.rb +0 -28
  187. data/lib/dawn/kb/cve_2013_4491.rb +0 -29
  188. data/lib/dawn/kb/cve_2013_4492.rb +0 -29
  189. data/lib/dawn/kb/cve_2013_4562.rb +0 -27
  190. data/lib/dawn/kb/cve_2013_4593.rb +0 -27
  191. data/lib/dawn/kb/cve_2013_5647.rb +0 -29
  192. data/lib/dawn/kb/cve_2013_5671.rb +0 -26
  193. data/lib/dawn/kb/cve_2013_6414.rb +0 -30
  194. data/lib/dawn/kb/cve_2013_6415.rb +0 -29
  195. data/lib/dawn/kb/cve_2013_6416.rb +0 -29
  196. data/lib/dawn/kb/cve_2013_6417.rb +0 -30
  197. data/lib/dawn/kb/cve_2013_6421.rb +0 -28
  198. data/lib/dawn/kb/cve_2013_6459.rb +0 -28
  199. data/lib/dawn/kb/cve_2013_6460.rb +0 -53
  200. data/lib/dawn/kb/cve_2013_6461.rb +0 -57
  201. data/lib/dawn/kb/cve_2013_7086.rb +0 -27
  202. data/lib/dawn/kb/cve_2014_0036.rb +0 -27
  203. data/lib/dawn/kb/cve_2014_0080.rb +0 -29
  204. data/lib/dawn/kb/cve_2014_0081.rb +0 -27
  205. data/lib/dawn/kb/cve_2014_0082.rb +0 -27
  206. data/lib/dawn/kb/cve_2014_0130.rb +0 -27
  207. data/lib/dawn/kb/cve_2014_1233.rb +0 -27
  208. data/lib/dawn/kb/cve_2014_1234.rb +0 -26
  209. data/lib/dawn/kb/cve_2014_2322.rb +0 -28
  210. data/lib/dawn/kb/cve_2014_2525.rb +0 -59
  211. data/lib/dawn/kb/cve_2014_2538.rb +0 -26
  212. data/lib/dawn/kb/cve_2014_3482.rb +0 -28
  213. data/lib/dawn/kb/cve_2014_3483.rb +0 -28
  214. data/lib/dawn/kb/cve_2014_3916.rb +0 -29
  215. data/lib/dawn/kb/cve_2014_4975.rb +0 -28
  216. data/lib/dawn/kb/cve_2014_7818.rb +0 -27
  217. data/lib/dawn/kb/cve_2014_7819.rb +0 -31
  218. data/lib/dawn/kb/cve_2014_7829.rb +0 -30
  219. data/lib/dawn/kb/cve_2014_8090.rb +0 -30
  220. data/lib/dawn/kb/cve_2014_9490.rb +0 -29
  221. data/lib/dawn/kb/cve_2015_1819.rb +0 -34
  222. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
  223. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
  224. data/lib/dawn/kb/cve_2015_2963.rb +0 -27
  225. data/lib/dawn/kb/cve_2015_3224.rb +0 -26
  226. data/lib/dawn/kb/cve_2015_3225.rb +0 -28
  227. data/lib/dawn/kb/cve_2015_3226.rb +0 -27
  228. data/lib/dawn/kb/cve_2015_3227.rb +0 -28
  229. data/lib/dawn/kb/cve_2015_3448.rb +0 -29
  230. data/lib/dawn/kb/cve_2015_4020.rb +0 -34
  231. data/lib/dawn/kb/cve_2015_5312.rb +0 -30
  232. data/lib/dawn/kb/cve_2015_7497.rb +0 -32
  233. data/lib/dawn/kb/cve_2015_7498.rb +0 -32
  234. data/lib/dawn/kb/cve_2015_7499.rb +0 -32
  235. data/lib/dawn/kb/cve_2015_7500.rb +0 -32
  236. data/lib/dawn/kb/cve_2015_7519.rb +0 -31
  237. data/lib/dawn/kb/cve_2015_7541.rb +0 -31
  238. data/lib/dawn/kb/cve_2015_7576.rb +0 -35
  239. data/lib/dawn/kb/cve_2015_7577.rb +0 -34
  240. data/lib/dawn/kb/cve_2015_7578.rb +0 -30
  241. data/lib/dawn/kb/cve_2015_7579.rb +0 -30
  242. data/lib/dawn/kb/cve_2015_7581.rb +0 -33
  243. data/lib/dawn/kb/cve_2015_8241.rb +0 -32
  244. data/lib/dawn/kb/cve_2015_8242.rb +0 -32
  245. data/lib/dawn/kb/cve_2015_8317.rb +0 -32
  246. data/lib/dawn/kb/cve_2016_0751.rb +0 -32
  247. data/lib/dawn/kb/cve_2016_0752.rb +0 -35
  248. data/lib/dawn/kb/cve_2016_0753.rb +0 -31
  249. data/lib/dawn/kb/cve_2016_2097.rb +0 -35
  250. data/lib/dawn/kb/cve_2016_2098.rb +0 -35
  251. data/lib/dawn/kb/cve_2016_5697.rb +0 -30
  252. data/lib/dawn/kb/cve_2016_6316.rb +0 -33
  253. data/lib/dawn/kb/cve_2016_6317.rb +0 -32
  254. data/lib/dawn/kb/cve_2016_6582.rb +0 -43
  255. data/lib/dawn/kb/not_revised_code.rb +0 -22
  256. data/lib/dawn/kb/osvdb_105971.rb +0 -29
  257. data/lib/dawn/kb/osvdb_108530.rb +0 -27
  258. data/lib/dawn/kb/osvdb_108563.rb +0 -28
  259. data/lib/dawn/kb/osvdb_108569.rb +0 -28
  260. data/lib/dawn/kb/osvdb_108570.rb +0 -27
  261. data/lib/dawn/kb/osvdb_115654.rb +0 -33
  262. data/lib/dawn/kb/osvdb_116010.rb +0 -30
  263. data/lib/dawn/kb/osvdb_117903.rb +0 -30
  264. data/lib/dawn/kb/osvdb_118579.rb +0 -31
  265. data/lib/dawn/kb/osvdb_118830.rb +0 -32
  266. data/lib/dawn/kb/osvdb_118954.rb +0 -33
  267. data/lib/dawn/kb/osvdb_119878.rb +0 -32
  268. data/lib/dawn/kb/osvdb_119927.rb +0 -33
  269. data/lib/dawn/kb/osvdb_120415.rb +0 -31
  270. data/lib/dawn/kb/osvdb_120857.rb +0 -34
  271. data/lib/dawn/kb/osvdb_121701.rb +0 -30
  272. data/lib/dawn/kb/osvdb_132234.rb +0 -34
  273. data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
  274. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
  275. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
  276. data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
  277. data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
  278. data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
  279. data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
  280. data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
  281. data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
  282. data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
  283. data/lib/dawn/knowledge_base_experimental.rb +0 -245
  284. data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
  285. data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
  286. data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
  287. data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
  288. data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
  289. data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
  290. data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
  291. data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
  292. data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
  293. data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
  294. data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
  295. data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
  296. data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
  297. data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
  298. data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
  299. data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
  300. data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
  301. data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
  302. data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
  303. data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
  304. data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
  305. data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
  306. data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
  307. data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
  308. data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
  309. data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
  310. data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
  311. data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
  312. data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
  313. data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
  314. data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
  315. data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
  316. data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
  317. data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
  318. data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
  319. data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
  320. data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
  321. data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
  322. data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
  323. data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
  324. data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
  325. data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
  326. data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
  327. data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
  328. data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
  329. data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
  330. data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
  331. data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
  332. data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
  333. data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
  334. data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
  335. data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
  336. data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
  337. data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
  338. data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
  339. data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
  340. data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
  341. data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
  342. data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
  343. data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
  344. data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
  345. data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
  346. data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
  347. data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
  348. data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
  349. data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
  350. data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
  351. data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
  352. data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
  353. data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
  354. data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
  355. data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
  356. data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
  357. data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
  358. data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
  359. data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
  360. data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
  361. data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
  362. data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
  363. data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
  364. data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
  365. data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
  366. data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
  367. data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
  368. data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
  369. data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
  370. data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
  371. data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
  372. data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
  373. data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
  374. data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
  375. data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
  376. data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
  377. data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
  378. data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
  379. data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
  380. data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
  381. data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
  382. data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
  383. data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
  384. data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
  385. data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
  386. data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
  387. metadata.gz.sig +0 -0
@@ -1,35 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2016-03-01
4
- class CVE_2016_2098
5
- # Include the testing skeleton for this CVE
6
- # include PatternMatchCheck
7
- include DependencyCheck
8
- # include RubyVersionCheck
9
-
10
- def initialize
11
- message = "There is a possible remote code execution vulnerability in Action Pack. Applications that pass unverified user input to the render method in a
12
- controller or a view may be vulnerable to a code injection."
13
- title = "Possible remote code execution vulnerability in Action Pack"
14
- super({
15
- :title=>title,
16
- :name=> "CVE-2016-2098",
17
- :cve=>"2016-2098",
18
- :osvdb=>"",
19
- :cvss=>"",
20
- :release_date => Date.new(2016, 2, 29),
21
- :cwe=>"",
22
- :owasp=>"A9",
23
- :applies=>["rails", "sinatra", "padrino"],
24
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
25
- :message=>message,
26
- :mitigation=>"Please upgrade actionpack gem to version 3.2.22.2, 4.1.14.2, 4.2.5.2, 5.0.0 or later.",
27
- :aux_links=>['https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ']
28
- })
29
- self.safe_dependencies = [{:name=>"actionpack", :version=>['3.2.22.2', '4.0.9999', '4.1.14.2', '4.2.5.2']}]
30
- self.not_affected = {:name=>"actionpack", :version=>['5.0.x']}
31
-
32
- end
33
- end
34
- end
35
- end
@@ -1,30 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2016-10-02
4
- class CVE_2016_5697
5
- include DependencyCheck
6
-
7
- def initialize
8
- title = "XML signature wrapping attack"
9
- message = "ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements (but past the scheme validator process since 1 of the element was inside the encrypted assertion)."
10
- super({
11
- :title=>title,
12
- :name=> "CVE-2016-5697",
13
- :cve=>"2016-5697",
14
- :osvdb=>"",
15
- :cvss=>"",
16
- :release_date => Date.new(2016, 6, 24),
17
- :cwe=>"",
18
- :owasp=>"A9",
19
- :applies=>["rails", "sinatra", "padrino"],
20
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
21
- :message=>message,
22
- :mitigation=>"Please upgrade ruby-saml gem to version 1.3.0 which implements 3 extra validations to mitigate this kind of attack.",
23
- :aux_links=>['https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995']
24
- })
25
- self.safe_dependencies = [{:name=>"ruby-saml", :version=>['1.3.0']}]
26
-
27
- end
28
- end
29
- end
30
- end
@@ -1,33 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2016-10-02
4
- class CVE_2016_6316
5
- include DependencyCheck
6
-
7
- def initialize
8
- title = "Possible XSS Vulnerability in Action View"
9
- message = "Text declared as \"HTML safe\" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to an XSS attack."
10
- super({
11
- :title=>title,
12
- :name=> "CVE-2016-6316",
13
- :cve=>"2016-6316",
14
- :osvdb=>"",
15
- :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
16
- :release_date => Date.new(2016, 8, 11),
17
- :cwe=>"",
18
- :owasp=>"A9",
19
- :applies=>["rails", "sinatra", "padrino"],
20
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
21
- :message=>message,
22
- :mitigation=>"Please upgrade actionview gem to version 3.2.22.3, 4.2.7.1, 5.0.0.1 or install latest version.",
23
- :aux_links=>['https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk']
24
- })
25
- self.safe_dependencies = [{:name=>"actionview", :version=>['3.2.22.3', '4.2.7.1', '5.0.0.1']}]
26
- self.not_affected = {:name=>"actionview", :version=>['1.x.x', '2.x.x']}
27
-
28
- self.save_minor=true
29
- self.save_major=true
30
- end
31
- end
32
- end
33
- end
@@ -1,32 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2016-10-02
4
- class CVE_2016_6317
5
- include DependencyCheck
6
-
7
- def initialize
8
- title = "Unsafe Query Generation Risk in Active Record"
9
- message = "Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with “IS NULL” or empty where clauses. This issue does not let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn’t expect it."
10
-
11
- super({
12
- :title=>title,
13
- :name=> "CVE-2016-6317",
14
- :cve=>"2016-6317",
15
- :osvdb=>"",
16
- :cvss=>"AV:N/AC:L/Au:N/C:N/I:P/A:N",
17
- :release_date => Date.new(2016, 8, 11),
18
- :cwe=>"",
19
- :owasp=>"A9",
20
- :applies=>["rails", "sinatra", "padrino"],
21
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
22
- :message=>message,
23
- :mitigation=>"Please upgrade activerecord gem to version 4.2.7.1. Please note that versions 5.0.0 or later are not affected.",
24
- :aux_links=>['https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s']
25
- })
26
- self.safe_dependencies = [{:name=>"activerecord", :version=>['4.2.7.1']}]
27
- self.not_affected = {:name=>"activerecord", :version=>['1.x.x', '2.x.x', '3.x.x', '4.0.x', '4.1.x', '5.0.x']}
28
-
29
- end
30
- end
31
- end
32
- end
@@ -1,43 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2016-10-02
4
- class CVE_2016_6582
5
- # Include the testing skeleton for this CVE
6
- # include PatternMatchCheck
7
- include DependencyCheck
8
- # include RubyVersionCheck
9
-
10
- def initialize
11
- title = "Doorkeeper gem does not revoke tokens & uses wrong auth/auth method"
12
- message = "Doorkeeper failed to implement OAuth 2.0 Token Revocation (RFC 7009) in the following ways:
13
-
14
- Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked
15
- Requests were not properly authenticating the client credentials but were, instead, looking at the access token in a second location
16
- Because of 2, the requests were also not authorizing confidential clients’ ability to revoke a given token. It should only revoke tokens that belong to it.
17
- The security implication is: OAuth 2.0 clients who \"log out\" a user expect to have the corresponding access & refresh tokens revoked, preventing an attacker who may have already hijacked the session from continuing to impersonate the victim. Because of the bug described above, this is not the case. As far as OWASP is concerned, this counts as broken authentication design.
18
-
19
- MITRE has assigned CVE-2016-6582 due to the security issues raised. An attacker, thanks to 1, can replay a hijacked session after a victim logs out/revokes their token. Additionally, thanks to 2 & 3, an attacker via a compromised confidential client could \"grief\" other clients by revoking their tokens (albeit this is an exceptionally narrow attack with little value)."
20
-
21
-
22
- super({
23
- :title=>title,
24
- :name=> "CVE-2016-6582",
25
- :cve=>"",
26
- :osvdb=>"",
27
- :cvss=>"",
28
- :release_date => Date.new(2016, 8, 18),
29
- :cwe=>"",
30
- :owasp=>"A9",
31
- :applies=>["rails", "sinatra", "padrino"],
32
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
33
- :message=>message,
34
- :mitigation=>"Please upgrade doorkeeper gem to version 4.2.0 or later.",
35
- :aux_links=>['http://www.openwall.com/lists/oss-security/2016/08/19/2']
36
- })
37
- self.safe_dependencies = [{:name=>"doorkeeper", :version=>['4.2.0']}]
38
-
39
-
40
- end
41
- end
42
- end
43
- end
@@ -1,22 +0,0 @@
1
- module Dawn
2
- module Kb
3
- class NotRevisedCode
4
- include PatternMatchCheck
5
-
6
-
7
- def initialize
8
- super({:name=>"Not revised code",
9
- :cvss=>"",
10
- :release_date=>nil,
11
- :cwe=>"",
12
- :owasp=>"",
13
- :applies=>["sinatra", "rails", "padrino"],
14
- :kind=>Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
15
- :message=>"Analyzing comments, it seems your code is waiting from some review from you. Please consider take action before putting it in production.\nThis check will analyze the source code looking for the following patterns: XXX, TO_CHECK, CHECKME, CHECK and FIXME",
16
- :mitigation=>"Please review the file fixing the issue.",
17
- :attack_pattern => ["XXX", "TO_CHECK", "CHECKME", "CHECK", "FIXME"]
18
- })
19
- end
20
- end
21
- end
22
- end
@@ -1,29 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2014-04-17
4
- class OSVDB_105971
5
- include DependencyCheck
6
-
7
- def initialize
8
- message = "sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands."
9
-
10
- super({
11
- :name=> "OSVDB-105971",
12
- :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
13
- :cve=>"2014-2888",
14
- :osvdb=> "105971",
15
- :release_date => Date.new(2014, 4, 16),
16
- :cwe=>"",
17
- :owasp=>"A9",
18
- :applies=>["rack", "sinatra", "padrino", "rails"],
19
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
20
- :message=>message,
21
- :mitigation=>"Please upgrade sfpagent version at least to 0.4.15. As a general rule, using the latest stable version is recommended.",
22
- :aux_links=>["http://seclists.org/oss-sec/2014/q2/118"]
23
- })
24
- self.safe_dependencies = [{:name=>"sfpagent", :version=>['0.4.15']}]
25
-
26
- end
27
- end
28
- end
29
- end
@@ -1,27 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2014-07-04
4
- class OSVDB_108530
5
- include DependencyCheck
6
-
7
- def initialize
8
- message = "kajam Gem for Ruby contains a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands."
9
- super({
10
- :name=> "OSVDB-108530",
11
- :cvss=>"",
12
- :osvdb=>"108530",
13
- :release_date => Date.new(2014, 6, 30),
14
- :cwe=>"",
15
- :owasp=>"A9",
16
- :applies=>["rack", "sinatra", "padrino", "rails"],
17
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
18
- :message=>message,
19
- :mitigation=>"We are not currently aware of a solution for this vulnerability. Keep track on kajam gem updates",
20
- :aux_links=>["http://www.vapid.dhs.org/advisories/kajam-1.0.3.rc2-2nd-vuln.html"]
21
- })
22
- self.safe_dependencies = [{:name=>"kajam", :version=>['1.0.3.rc3']}]
23
-
24
- end
25
- end
26
- end
27
- end
@@ -1,28 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2014-07-04
4
- class OSVDB_108563
5
- include DependencyCheck
6
-
7
- def initialize
8
- message = "gyazo Gem for Ruby contains a flaw in client.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands."
9
- super({
10
- :name=> "OSVDB-108563",
11
- :cvss=>"",
12
- :cve=>"",
13
- :osvdb=>"108563",
14
- :release_date => Date.new(2014, 6, 30),
15
- :cwe=>"",
16
- :owasp=>"A9",
17
- :applies=>["rack", "sinatra", "padrino", "rails"],
18
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
19
- :message=>message,
20
- :mitigation=>"We are not currently aware of a solution for this vulnerability. Please check gyazo rubygem for updates and apply them as soon as possible",
21
- :aux_links=>["http://www.vapid.dhs.org/advisories/gyazo-1.0.0.html"],
22
- })
23
- self.safe_dependencies = [{:name=>"gyazo", :version=>['1.0.1']}]
24
-
25
- end
26
- end
27
- end
28
- end
@@ -1,28 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2014-07-04
4
- class OSVDB_108569
5
- include DependencyCheck
6
-
7
- def initialize
8
- message = "backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information."
9
-
10
- super({
11
- :name=> "OSVDB-108569",
12
- :osvdb=> "108569",
13
- :cvss=>"",
14
- :release_date => Date.new(2014, 6, 30),
15
- :cwe=>"",
16
- :owasp=>"A9",
17
- :applies=>["rack", "sinatra", "padrino", "rails"],
18
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
19
- :message=>message,
20
- :mitigation=>"We are not currently aware of a solution for this vulnerability. Please check backup_checksum gem for security updates.",
21
- :aux_links=>["http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html"]
22
- })
23
- self.safe_dependencies = [{:name=>"backup_checksum", :version=>['3.0.24']}]
24
-
25
- end
26
- end
27
- end
28
- end
@@ -1,27 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2014-07-04
4
- class OSVDB_108570
5
- include DependencyCheck
6
-
7
- def initialize
8
- message = "backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered when handling metacharacters. This may allow a remote attacker to execute arbitrary commands."
9
- super({
10
- :name=> "OSVDB-108570",
11
- :cvss=>"",
12
- :osvdb=> "108570",
13
- :release_date => Date.new(2014, 6, 30),
14
- :cwe=>"",
15
- :owasp=>"A9",
16
- :applies=>["rack", "sinatra", "padrino", "rails"],
17
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
18
- :message=>message,
19
- :mitigation=>"We are not currently aware of a solution for this vulnerability. Please check backup_checksum rubygem for upgrades",
20
- :aux_links=>["http://www.vapid.dhs.org/advisories/backup_checksum-3.0.23.html"]
21
- })
22
- self.safe_dependencies = [{:name=>"backup_checksum", :version=>['3.0.24']}]
23
-
24
- end
25
- end
26
- end
27
- end
@@ -1,33 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2015-12-02
4
- class OSVDB_115654
5
- # Include the testing skeleton for this Security Check
6
- # include PatternMatchCheck
7
- include DependencyCheck
8
- # include RubyVersionCheck
9
-
10
- def initialize
11
- title = "Sentry raven-ruby lib/raven/okjson.rb Exponent / Scientific Notation Value Handling Resource Consumption DoS"
12
- message = "Sentry raven-ruby contains a flaw in the lib/raven/okjson.rb script that is triggered when large numeric values are stored as an exponent or in scientific notation. With a specially crafted request, an attacker can cause the software to consume excessive resources resulting in a denial of service."
13
- super({
14
- :title=>title,
15
- :name=> "OSVDB_115654",
16
- :cve=>"CVE-2014-9490",
17
- :osvdb=>"115654",
18
- :cvss=>"",
19
- :release_date => Date.new(2015, 1, 20),
20
- :cwe=>"",
21
- :owasp=>"A9",
22
- :applies=>["rails", "sinatra", "padrino"],
23
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
24
- :message=>message,
25
- :mitigation=>"Please upgrade raven-ruby gem to version 0.12.2 or later.",
26
- :aux_links=>[""]
27
- })
28
- self.safe_dependencies = [{:name=>"raven-ruby", :version=>['0.12.2']}]
29
-
30
- end
31
- end
32
- end
33
- end
@@ -1,30 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2015-12-03
4
- class OSVDB_116010
5
- include DependencyCheck
6
-
7
- def initialize
8
- title = "Doorkeeper Gem for Ruby access_token Disclosure CSRF"
9
- message = "Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors."
10
- super({
11
- :title=>title,
12
- :name=> "OSVDB_116010",
13
- :cve=>"CVE-2014-8144",
14
- :osvdb=>"116010",
15
- :cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
16
- :release_date => Date.new(2014, 12, 31),
17
- :cwe=>"",
18
- :owasp=>"A9",
19
- :applies=>["rails", "sinatra", "padrino"],
20
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
21
- :message=>message,
22
- :mitigation=>"Please upgrade doorkeeper gem to version 1.4.1 or later.",
23
- :aux_links=>[""]
24
- })
25
- self.safe_dependencies = [{:name=>"doorkeeper", :version=>['1.4.1']}]
26
-
27
- end
28
- end
29
- end
30
- end
@@ -1,30 +0,0 @@
1
- module Dawn
2
- module Kb
3
- # Automatically created with rake on 2015-12-02
4
- class OSVDB_117903
5
- include DependencyCheck
6
-
7
- def initialize
8
- title = "ruby-saml URI SAML Response Handling Remote Command Execution"
9
- message = "ruby-saml contains a flaw that is triggered as the URI value of a SAML response is not properly sanitized through a prepared statement. This may allow a remote attacker to execute arbitrary shell commands on the host machine."
10
- super({
11
- :title=>title,
12
- :name=> "OSVDB_117903",
13
- :cve=>"",
14
- :osvdb=>"117903",
15
- :cvss=>"",
16
- :release_date => Date.new(2015, 1, 7),
17
- :cwe=>"",
18
- :owasp=>"A9",
19
- :applies=>["rails", "sinatra", "padrino"],
20
- :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
21
- :message=>message,
22
- :mitigation=>"Please upgrade ruby-saml gem to version 0.8.2 or later.",
23
- :aux_links=>["https://security.dxw.com/advisories/publicly-exploitable-command-injection-in-ruby-saml-0-7-2-library-can-root-the-host/"]
24
- })
25
- self.safe_dependencies = [{:name=>"ruby-saml", :version=>['0.8.2', '0.7.3']}]
26
-
27
- end
28
- end
29
- end
30
- end