dawnscanner 1.6.8 → 2.0.0.rc4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.ruby-version +1 -1
- data/Changelog.md +27 -1
- data/LICENSE.txt +1 -1
- data/README.md +59 -57
- data/Rakefile +10 -242
- data/Roadmap.md +15 -23
- data/VERSION +1 -1
- data/bin/dawn +17 -273
- data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
- data/dawnscanner.gemspec +10 -9
- data/doc/change.sh +13 -0
- data/doc/kickstart_kb.tar.gz +0 -0
- data/doc/knowledge_base.rb +650 -0
- data/docs/.placeholder +0 -0
- data/docs/CNAME +1 -0
- data/docs/_config.yml +1 -0
- data/lib/dawn/cli/dawn_cli.rb +139 -0
- data/lib/dawn/core.rb +8 -7
- data/lib/dawn/engine.rb +93 -34
- data/lib/dawn/gemfile_lock.rb +2 -2
- data/lib/dawn/kb/basic_check.rb +1 -2
- data/lib/dawn/kb/combo_check.rb +1 -1
- data/lib/dawn/kb/dependency_check.rb +1 -1
- data/lib/dawn/kb/operating_system_check.rb +1 -1
- data/lib/dawn/kb/pattern_match_check.rb +10 -9
- data/lib/dawn/kb/ruby_version_check.rb +11 -10
- data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
- data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
- data/lib/dawn/kb/version_check.rb +41 -24
- data/lib/dawn/knowledge_base.rb +259 -595
- data/lib/dawn/reporter.rb +2 -1
- data/lib/dawn/utils.rb +5 -2
- data/lib/dawn/version.rb +5 -5
- data/lib/dawnscanner.rb +7 -6
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
- data/spec/lib/kb/dependency_check.yml +29 -0
- metadata +30 -496
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
- data/lib/dawn/kb/cve_2004_0755.rb +0 -33
- data/lib/dawn/kb/cve_2004_0983.rb +0 -31
- data/lib/dawn/kb/cve_2005_1992.rb +0 -31
- data/lib/dawn/kb/cve_2005_2337.rb +0 -33
- data/lib/dawn/kb/cve_2006_1931.rb +0 -30
- data/lib/dawn/kb/cve_2006_2582.rb +0 -28
- data/lib/dawn/kb/cve_2006_3694.rb +0 -31
- data/lib/dawn/kb/cve_2006_4112.rb +0 -27
- data/lib/dawn/kb/cve_2006_5467.rb +0 -28
- data/lib/dawn/kb/cve_2006_6303.rb +0 -28
- data/lib/dawn/kb/cve_2006_6852.rb +0 -27
- data/lib/dawn/kb/cve_2006_6979.rb +0 -29
- data/lib/dawn/kb/cve_2007_0469.rb +0 -29
- data/lib/dawn/kb/cve_2007_5162.rb +0 -28
- data/lib/dawn/kb/cve_2007_5379.rb +0 -27
- data/lib/dawn/kb/cve_2007_5380.rb +0 -29
- data/lib/dawn/kb/cve_2007_5770.rb +0 -30
- data/lib/dawn/kb/cve_2007_6077.rb +0 -31
- data/lib/dawn/kb/cve_2007_6612.rb +0 -30
- data/lib/dawn/kb/cve_2008_1145.rb +0 -38
- data/lib/dawn/kb/cve_2008_1891.rb +0 -38
- data/lib/dawn/kb/cve_2008_2376.rb +0 -30
- data/lib/dawn/kb/cve_2008_2662.rb +0 -33
- data/lib/dawn/kb/cve_2008_2663.rb +0 -32
- data/lib/dawn/kb/cve_2008_2664.rb +0 -33
- data/lib/dawn/kb/cve_2008_2725.rb +0 -31
- data/lib/dawn/kb/cve_2008_3655.rb +0 -37
- data/lib/dawn/kb/cve_2008_3657.rb +0 -37
- data/lib/dawn/kb/cve_2008_3790.rb +0 -30
- data/lib/dawn/kb/cve_2008_3905.rb +0 -36
- data/lib/dawn/kb/cve_2008_4094.rb +0 -27
- data/lib/dawn/kb/cve_2008_4310.rb +0 -100
- data/lib/dawn/kb/cve_2008_5189.rb +0 -27
- data/lib/dawn/kb/cve_2008_7248.rb +0 -27
- data/lib/dawn/kb/cve_2009_4078.rb +0 -29
- data/lib/dawn/kb/cve_2009_4124.rb +0 -30
- data/lib/dawn/kb/cve_2009_4214.rb +0 -27
- data/lib/dawn/kb/cve_2010_1330.rb +0 -28
- data/lib/dawn/kb/cve_2010_2489.rb +0 -60
- data/lib/dawn/kb/cve_2010_3933.rb +0 -27
- data/lib/dawn/kb/cve_2011_0188.rb +0 -67
- data/lib/dawn/kb/cve_2011_0446.rb +0 -28
- data/lib/dawn/kb/cve_2011_0447.rb +0 -28
- data/lib/dawn/kb/cve_2011_0739.rb +0 -28
- data/lib/dawn/kb/cve_2011_0995.rb +0 -61
- data/lib/dawn/kb/cve_2011_1004.rb +0 -34
- data/lib/dawn/kb/cve_2011_1005.rb +0 -31
- data/lib/dawn/kb/cve_2011_2197.rb +0 -27
- data/lib/dawn/kb/cve_2011_2686.rb +0 -29
- data/lib/dawn/kb/cve_2011_2705.rb +0 -32
- data/lib/dawn/kb/cve_2011_2929.rb +0 -27
- data/lib/dawn/kb/cve_2011_2930.rb +0 -28
- data/lib/dawn/kb/cve_2011_2931.rb +0 -30
- data/lib/dawn/kb/cve_2011_2932.rb +0 -27
- data/lib/dawn/kb/cve_2011_3009.rb +0 -28
- data/lib/dawn/kb/cve_2011_3186.rb +0 -29
- data/lib/dawn/kb/cve_2011_3187.rb +0 -29
- data/lib/dawn/kb/cve_2011_4319.rb +0 -30
- data/lib/dawn/kb/cve_2011_4815.rb +0 -28
- data/lib/dawn/kb/cve_2011_5036.rb +0 -26
- data/lib/dawn/kb/cve_2012_1098.rb +0 -30
- data/lib/dawn/kb/cve_2012_1099.rb +0 -27
- data/lib/dawn/kb/cve_2012_1241.rb +0 -27
- data/lib/dawn/kb/cve_2012_2139.rb +0 -26
- data/lib/dawn/kb/cve_2012_2140.rb +0 -27
- data/lib/dawn/kb/cve_2012_2660.rb +0 -28
- data/lib/dawn/kb/cve_2012_2661.rb +0 -27
- data/lib/dawn/kb/cve_2012_2671.rb +0 -28
- data/lib/dawn/kb/cve_2012_2694.rb +0 -30
- data/lib/dawn/kb/cve_2012_2695.rb +0 -27
- data/lib/dawn/kb/cve_2012_3424.rb +0 -29
- data/lib/dawn/kb/cve_2012_3463.rb +0 -27
- data/lib/dawn/kb/cve_2012_3464.rb +0 -27
- data/lib/dawn/kb/cve_2012_3465.rb +0 -26
- data/lib/dawn/kb/cve_2012_4464.rb +0 -27
- data/lib/dawn/kb/cve_2012_4466.rb +0 -27
- data/lib/dawn/kb/cve_2012_4481.rb +0 -26
- data/lib/dawn/kb/cve_2012_4522.rb +0 -27
- data/lib/dawn/kb/cve_2012_5370.rb +0 -27
- data/lib/dawn/kb/cve_2012_5371.rb +0 -27
- data/lib/dawn/kb/cve_2012_5380.rb +0 -28
- data/lib/dawn/kb/cve_2012_6109.rb +0 -25
- data/lib/dawn/kb/cve_2012_6134.rb +0 -27
- data/lib/dawn/kb/cve_2012_6496.rb +0 -28
- data/lib/dawn/kb/cve_2012_6497.rb +0 -28
- data/lib/dawn/kb/cve_2012_6684.rb +0 -28
- data/lib/dawn/kb/cve_2013_0155.rb +0 -29
- data/lib/dawn/kb/cve_2013_0156.rb +0 -27
- data/lib/dawn/kb/cve_2013_0162.rb +0 -28
- data/lib/dawn/kb/cve_2013_0175.rb +0 -27
- data/lib/dawn/kb/cve_2013_0183.rb +0 -25
- data/lib/dawn/kb/cve_2013_0184.rb +0 -25
- data/lib/dawn/kb/cve_2013_0233.rb +0 -26
- data/lib/dawn/kb/cve_2013_0256.rb +0 -59
- data/lib/dawn/kb/cve_2013_0262.rb +0 -26
- data/lib/dawn/kb/cve_2013_0263.rb +0 -26
- data/lib/dawn/kb/cve_2013_0269.rb +0 -27
- data/lib/dawn/kb/cve_2013_0276.rb +0 -28
- data/lib/dawn/kb/cve_2013_0277.rb +0 -25
- data/lib/dawn/kb/cve_2013_0284.rb +0 -27
- data/lib/dawn/kb/cve_2013_0285.rb +0 -27
- data/lib/dawn/kb/cve_2013_0333.rb +0 -28
- data/lib/dawn/kb/cve_2013_0334.rb +0 -25
- data/lib/dawn/kb/cve_2013_1607.rb +0 -25
- data/lib/dawn/kb/cve_2013_1655.rb +0 -65
- data/lib/dawn/kb/cve_2013_1656.rb +0 -28
- data/lib/dawn/kb/cve_2013_1756.rb +0 -26
- data/lib/dawn/kb/cve_2013_1800.rb +0 -26
- data/lib/dawn/kb/cve_2013_1801.rb +0 -27
- data/lib/dawn/kb/cve_2013_1802.rb +0 -27
- data/lib/dawn/kb/cve_2013_1812.rb +0 -27
- data/lib/dawn/kb/cve_2013_1821.rb +0 -28
- data/lib/dawn/kb/cve_2013_1854.rb +0 -26
- data/lib/dawn/kb/cve_2013_1855.rb +0 -25
- data/lib/dawn/kb/cve_2013_1856.rb +0 -26
- data/lib/dawn/kb/cve_2013_1857.rb +0 -27
- data/lib/dawn/kb/cve_2013_1875.rb +0 -27
- data/lib/dawn/kb/cve_2013_1898.rb +0 -27
- data/lib/dawn/kb/cve_2013_1911.rb +0 -28
- data/lib/dawn/kb/cve_2013_1933.rb +0 -27
- data/lib/dawn/kb/cve_2013_1947.rb +0 -27
- data/lib/dawn/kb/cve_2013_1948.rb +0 -27
- data/lib/dawn/kb/cve_2013_2065.rb +0 -29
- data/lib/dawn/kb/cve_2013_2090.rb +0 -28
- data/lib/dawn/kb/cve_2013_2105.rb +0 -26
- data/lib/dawn/kb/cve_2013_2119.rb +0 -27
- data/lib/dawn/kb/cve_2013_2512.rb +0 -26
- data/lib/dawn/kb/cve_2013_2513.rb +0 -25
- data/lib/dawn/kb/cve_2013_2516.rb +0 -26
- data/lib/dawn/kb/cve_2013_2615.rb +0 -27
- data/lib/dawn/kb/cve_2013_2616.rb +0 -27
- data/lib/dawn/kb/cve_2013_2617.rb +0 -28
- data/lib/dawn/kb/cve_2013_3221.rb +0 -27
- data/lib/dawn/kb/cve_2013_4164.rb +0 -30
- data/lib/dawn/kb/cve_2013_4203.rb +0 -25
- data/lib/dawn/kb/cve_2013_4389.rb +0 -26
- data/lib/dawn/kb/cve_2013_4413.rb +0 -27
- data/lib/dawn/kb/cve_2013_4457.rb +0 -29
- data/lib/dawn/kb/cve_2013_4478.rb +0 -26
- data/lib/dawn/kb/cve_2013_4479.rb +0 -26
- data/lib/dawn/kb/cve_2013_4489.rb +0 -28
- data/lib/dawn/kb/cve_2013_4491.rb +0 -29
- data/lib/dawn/kb/cve_2013_4492.rb +0 -29
- data/lib/dawn/kb/cve_2013_4562.rb +0 -27
- data/lib/dawn/kb/cve_2013_4593.rb +0 -27
- data/lib/dawn/kb/cve_2013_5647.rb +0 -29
- data/lib/dawn/kb/cve_2013_5671.rb +0 -26
- data/lib/dawn/kb/cve_2013_6414.rb +0 -30
- data/lib/dawn/kb/cve_2013_6415.rb +0 -29
- data/lib/dawn/kb/cve_2013_6416.rb +0 -29
- data/lib/dawn/kb/cve_2013_6417.rb +0 -30
- data/lib/dawn/kb/cve_2013_6421.rb +0 -28
- data/lib/dawn/kb/cve_2013_6459.rb +0 -28
- data/lib/dawn/kb/cve_2013_6460.rb +0 -53
- data/lib/dawn/kb/cve_2013_6461.rb +0 -57
- data/lib/dawn/kb/cve_2013_7086.rb +0 -27
- data/lib/dawn/kb/cve_2014_0036.rb +0 -27
- data/lib/dawn/kb/cve_2014_0080.rb +0 -29
- data/lib/dawn/kb/cve_2014_0081.rb +0 -27
- data/lib/dawn/kb/cve_2014_0082.rb +0 -27
- data/lib/dawn/kb/cve_2014_0130.rb +0 -27
- data/lib/dawn/kb/cve_2014_1233.rb +0 -27
- data/lib/dawn/kb/cve_2014_1234.rb +0 -26
- data/lib/dawn/kb/cve_2014_2322.rb +0 -28
- data/lib/dawn/kb/cve_2014_2525.rb +0 -59
- data/lib/dawn/kb/cve_2014_2538.rb +0 -26
- data/lib/dawn/kb/cve_2014_3482.rb +0 -28
- data/lib/dawn/kb/cve_2014_3483.rb +0 -28
- data/lib/dawn/kb/cve_2014_3916.rb +0 -29
- data/lib/dawn/kb/cve_2014_4975.rb +0 -28
- data/lib/dawn/kb/cve_2014_7818.rb +0 -27
- data/lib/dawn/kb/cve_2014_7819.rb +0 -31
- data/lib/dawn/kb/cve_2014_7829.rb +0 -30
- data/lib/dawn/kb/cve_2014_8090.rb +0 -30
- data/lib/dawn/kb/cve_2014_9490.rb +0 -29
- data/lib/dawn/kb/cve_2015_1819.rb +0 -34
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
- data/lib/dawn/kb/cve_2015_2963.rb +0 -27
- data/lib/dawn/kb/cve_2015_3224.rb +0 -26
- data/lib/dawn/kb/cve_2015_3225.rb +0 -28
- data/lib/dawn/kb/cve_2015_3226.rb +0 -27
- data/lib/dawn/kb/cve_2015_3227.rb +0 -28
- data/lib/dawn/kb/cve_2015_3448.rb +0 -29
- data/lib/dawn/kb/cve_2015_4020.rb +0 -34
- data/lib/dawn/kb/cve_2015_5312.rb +0 -30
- data/lib/dawn/kb/cve_2015_7497.rb +0 -32
- data/lib/dawn/kb/cve_2015_7498.rb +0 -32
- data/lib/dawn/kb/cve_2015_7499.rb +0 -32
- data/lib/dawn/kb/cve_2015_7500.rb +0 -32
- data/lib/dawn/kb/cve_2015_7519.rb +0 -31
- data/lib/dawn/kb/cve_2015_7541.rb +0 -31
- data/lib/dawn/kb/cve_2015_7576.rb +0 -35
- data/lib/dawn/kb/cve_2015_7577.rb +0 -34
- data/lib/dawn/kb/cve_2015_7578.rb +0 -30
- data/lib/dawn/kb/cve_2015_7579.rb +0 -30
- data/lib/dawn/kb/cve_2015_7581.rb +0 -33
- data/lib/dawn/kb/cve_2015_8241.rb +0 -32
- data/lib/dawn/kb/cve_2015_8242.rb +0 -32
- data/lib/dawn/kb/cve_2015_8317.rb +0 -32
- data/lib/dawn/kb/cve_2016_0751.rb +0 -32
- data/lib/dawn/kb/cve_2016_0752.rb +0 -35
- data/lib/dawn/kb/cve_2016_0753.rb +0 -31
- data/lib/dawn/kb/cve_2016_2097.rb +0 -35
- data/lib/dawn/kb/cve_2016_2098.rb +0 -35
- data/lib/dawn/kb/cve_2016_5697.rb +0 -30
- data/lib/dawn/kb/cve_2016_6316.rb +0 -33
- data/lib/dawn/kb/cve_2016_6317.rb +0 -32
- data/lib/dawn/kb/cve_2016_6582.rb +0 -43
- data/lib/dawn/kb/not_revised_code.rb +0 -22
- data/lib/dawn/kb/osvdb_105971.rb +0 -29
- data/lib/dawn/kb/osvdb_108530.rb +0 -27
- data/lib/dawn/kb/osvdb_108563.rb +0 -28
- data/lib/dawn/kb/osvdb_108569.rb +0 -28
- data/lib/dawn/kb/osvdb_108570.rb +0 -27
- data/lib/dawn/kb/osvdb_115654.rb +0 -33
- data/lib/dawn/kb/osvdb_116010.rb +0 -30
- data/lib/dawn/kb/osvdb_117903.rb +0 -30
- data/lib/dawn/kb/osvdb_118579.rb +0 -31
- data/lib/dawn/kb/osvdb_118830.rb +0 -32
- data/lib/dawn/kb/osvdb_118954.rb +0 -33
- data/lib/dawn/kb/osvdb_119878.rb +0 -32
- data/lib/dawn/kb/osvdb_119927.rb +0 -33
- data/lib/dawn/kb/osvdb_120415.rb +0 -31
- data/lib/dawn/kb/osvdb_120857.rb +0 -34
- data/lib/dawn/kb/osvdb_121701.rb +0 -30
- data/lib/dawn/kb/osvdb_132234.rb +0 -34
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
- data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
- data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
- data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
- data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
- data/lib/dawn/knowledge_base_experimental.rb +0 -245
- data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
- data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
- data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
- data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
- data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
- data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
- data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
- data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
- data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
- data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
- data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
- data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
- data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
- data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
- data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
- data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
- data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
- data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
- data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
- data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
- data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
- data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
- data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
- data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
- data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
- data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
- data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
- data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
- data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
- data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
- data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
- data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
- data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
- data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
- data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
- data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
- data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
- data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
- data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
- data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
- data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
- data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
- data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
- data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
- data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
- data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
- data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
- data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
- data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
- data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
- metadata.gz.sig +0 -0
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2011-2930 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2011_2930.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "fires when vulnerable rails version is used (2.3.12)" do
|
|
8
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "fires when vulnerable rails version is used (3.0.9)" do
|
|
12
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.9'}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "fires when vulnerable rails version is used (3.1.0)" do
|
|
16
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.1.0'}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "doesn't fire when safe rails version is used (2.3.14)" do
|
|
20
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.14'}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "doesn't fire when safe rails version is used (3.0.10)" do
|
|
24
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "doesn't fire when safe rails version is used (3.1.1)" do
|
|
28
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.1.1'}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe "The CVE-2011-3009 vulnerability" do
|
|
4
|
-
before(:all) do
|
|
5
|
-
@check = Dawn::Kb::CVE_2011_3009.new
|
|
6
|
-
# @check.debug = true
|
|
7
|
-
end
|
|
8
|
-
it "fires if ruby version is vulnerable (1.8.6-p111)" do
|
|
9
|
-
@check.detected_ruby = {:engine=>'ruby', :version=>"1.8.6", :patchlevel=>"p111"}
|
|
10
|
-
expect(@check.vuln?).to eq(true)
|
|
11
|
-
end
|
|
12
|
-
it "fires if ruby version is vulnerable (1.8.5-p111)" do
|
|
13
|
-
@check.detected_ruby = {:engine=>'ruby', :version=>"1.8.5", :patchlevel=>"p111"}
|
|
14
|
-
expect(@check.vuln?).to eq(true)
|
|
15
|
-
end
|
|
16
|
-
it "doesn't fire if ruby version is not vulnerable (1.8.6-p112)" do
|
|
17
|
-
@check.detected_ruby = {:engine=>'ruby', :version=>"1.8.6", :patchlevel=>"p112"}
|
|
18
|
-
expect(@check.vuln?).to eq(false)
|
|
19
|
-
end
|
|
20
|
-
it "doesn't fire if ruby version is not vulnerable (1.9.2-p112)" do
|
|
21
|
-
@check.detected_ruby = {:engine=>'ruby', :version=>"1.9.2", :patchlevel=>"p112"}
|
|
22
|
-
expect(@check.vuln?).to eq(false)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
end
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2011-3187 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2011_3187.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "fires when vulnerable rails version it has been found (3.0.5)" do
|
|
8
|
-
@check.dependencies = [{:name=>'rails', :version=>'3.0.5'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "doesn't fire when safe rails version it has been found (3.0.6)" do
|
|
12
|
-
@check.dependencies = [{:name=>'rails', :version=>'3.0.6'}]
|
|
13
|
-
expect(@check.vuln?).to eq(false)
|
|
14
|
-
end
|
|
15
|
-
it "doesn't fire when safe rails version it has been found (3.1.6)" do
|
|
16
|
-
@check.dependencies = [{:name=>'rails', :version=>'3.1.6'}]
|
|
17
|
-
expect(@check.vuln?).to eq(false)
|
|
18
|
-
end
|
|
19
|
-
it "doesn't fire when safe rails version it has been found (2.3.16)" do
|
|
20
|
-
@check.dependencies = [{:name=>'rails', :version=>'2.3.16'}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
# self.safe_dependencies = [{:name=>"rails", :version=>['3.0.6']}]
|
|
24
|
-
end
|
|
@@ -1,44 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2011-4319 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2011_4319.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "fires when vulnerable rails version it has been found (2.3.12)" do
|
|
8
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "fires when vulnerable rails version it has been found (3.0.10)" do
|
|
12
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "fires when vulnerable rails version it has been found (3.1.1)" do
|
|
16
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "doesn't fire when safe rails version it has been found (2.3.13)" do
|
|
20
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.13'}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "doesn't fire when safe rails version it has been found (2.3.14)" do
|
|
24
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.14'}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "doesn't fire when safe rails version it has been found (3.0.11)" do
|
|
28
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.11'}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
it "doesn't fire when safe rails version it has been found (3.0.12)" do
|
|
32
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.12'}]
|
|
33
|
-
expect(@check.vuln?).to eq(false)
|
|
34
|
-
end
|
|
35
|
-
it "doesn't fire when safe rails version it has been found (3.1.2)" do
|
|
36
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.1.2'}]
|
|
37
|
-
expect(@check.vuln?).to eq(false)
|
|
38
|
-
end
|
|
39
|
-
it "doesn't fire when safe rails version it has been found (3.2.0)" do
|
|
40
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.2.0'}]
|
|
41
|
-
expect(@check.vuln?).to eq(false)
|
|
42
|
-
end
|
|
43
|
-
# self.safe_dependencies = [{:name=>"rails", :version=>['2.3.13', '3.0.11', '3.1.2']}]
|
|
44
|
-
end
|
|
@@ -1,95 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2011-5036 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2011_5036.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected - 1.0.1" do
|
|
8
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.0.1"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
it "is reported when the vulnerable gem is detected - 0.9.1" do
|
|
13
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.9.1"}]
|
|
14
|
-
expect(@check.vuln?).to eq(true)
|
|
15
|
-
end
|
|
16
|
-
it "is reported when the vulnerable gem is detected - 0.9" do
|
|
17
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.9"}]
|
|
18
|
-
expect(@check.vuln?).to eq(true)
|
|
19
|
-
end
|
|
20
|
-
it "is reported when the vulnerable gem is detected - 0.4" do
|
|
21
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.4"}]
|
|
22
|
-
expect(@check.vuln?).to eq(true)
|
|
23
|
-
end
|
|
24
|
-
it "is reported when the vulnerable gem is detected - 0.3" do
|
|
25
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.3"}]
|
|
26
|
-
expect(@check.vuln?).to eq(true)
|
|
27
|
-
end
|
|
28
|
-
it "is reported when the vulnerable gem is detected - 0.2" do
|
|
29
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.2"}]
|
|
30
|
-
expect(@check.vuln?).to eq(true)
|
|
31
|
-
end
|
|
32
|
-
it "is reported when the vulnerable gem is detected - 0.1" do
|
|
33
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.1"}]
|
|
34
|
-
expect(@check.vuln?).to eq(true)
|
|
35
|
-
end
|
|
36
|
-
it "is reported when the vulnerable gem is detected - 1.0.0" do
|
|
37
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.0.0"}]
|
|
38
|
-
expect(@check.vuln?).to eq(true)
|
|
39
|
-
end
|
|
40
|
-
it "is reported when the vulnerable gem is detected - 1.1.0" do
|
|
41
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
|
|
42
|
-
expect(@check.vuln?).to eq(true)
|
|
43
|
-
end
|
|
44
|
-
it "is reported when the vulnerable gem is detected - 1.1.2" do
|
|
45
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
|
|
46
|
-
expect(@check.vuln?).to eq(true)
|
|
47
|
-
end
|
|
48
|
-
it "is reported when the vulnerable gem is detected - 1.2.0" do
|
|
49
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
|
|
50
|
-
expect(@check.vuln?).to eq(true)
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
it "is reported when the vulnerable gem is detected - 1.2.1" do
|
|
54
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
|
|
55
|
-
expect(@check.vuln?).to eq(true)
|
|
56
|
-
end
|
|
57
|
-
it "is reported when the vulnerable gem is detected - 1.2.2" do
|
|
58
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
|
|
59
|
-
expect(@check.vuln?).to eq(true)
|
|
60
|
-
end
|
|
61
|
-
it "is reported when the vulnerable gem is detected - 1.2.3" do
|
|
62
|
-
|
|
63
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
|
|
64
|
-
expect(@check.vuln?).to eq(true)
|
|
65
|
-
end
|
|
66
|
-
it "is reported when the vulnerable gem is detected - 1.2.4" do
|
|
67
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
|
|
68
|
-
expect(@check.vuln?).to eq(true)
|
|
69
|
-
end
|
|
70
|
-
it "is reported when the vulnerable gem is detected - 1.3.0" do
|
|
71
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
|
|
72
|
-
expect(@check.vuln?).to eq(true)
|
|
73
|
-
end
|
|
74
|
-
|
|
75
|
-
it "is reported when the vulnerable gem is detected - 1.3.1" do
|
|
76
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
|
|
77
|
-
expect(@check.vuln?).to eq(true)
|
|
78
|
-
end
|
|
79
|
-
it "is reported when the vulnerable gem is detected - 1.3.2" do
|
|
80
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
|
|
81
|
-
expect(@check.vuln?).to eq(true)
|
|
82
|
-
end
|
|
83
|
-
it "is reported when the vulnerable gem is detected - 1.3.3" do
|
|
84
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
|
|
85
|
-
expect(@check.vuln?).to eq(true)
|
|
86
|
-
end
|
|
87
|
-
it "is reported when the vulnerable gem is detected - 1.3.4" do
|
|
88
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
|
|
89
|
-
expect(@check.vuln?).to eq(true)
|
|
90
|
-
end
|
|
91
|
-
it "is reported when the vulnerable gem is detected - 1.3.5" do
|
|
92
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
|
|
93
|
-
expect(@check.vuln?).to eq(true)
|
|
94
|
-
end
|
|
95
|
-
end
|
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2012-1098 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2012_1098.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "fires when vulnerable rails version it has been found (3.0.11)" do
|
|
8
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.11'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "fires when vulnerable rails version it has been found (3.1.3)" do
|
|
12
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.1.3'}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "fires when vulnerable rails version it has been found (3.2.1)" do
|
|
16
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.2.1'}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "doesn't fire when non vulnerable rails version it has been found (3.2.2)" do
|
|
20
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.2.2'}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "doesn't fire when non vulnerable rails version it has been found (3.2.4)" do
|
|
24
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.2.4'}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "doesn't fire when non vulnerable rails version it has been found (3.1.4)" do
|
|
28
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.1.4'}]
|
|
29
|
-
# @check.debug = true
|
|
30
|
-
expect(@check.vuln?).to eq(false)
|
|
31
|
-
end
|
|
32
|
-
it "doesn't fire when rails version older than 3.x.y it has been found" do
|
|
33
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
|
|
34
|
-
expect(@check.vuln?).to eq(false)
|
|
35
|
-
end
|
|
36
|
-
end
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2012-2139 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2012_2139.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when mail_gem version 2.4.3 is used" do
|
|
8
|
-
@check.dependencies = [{:name=>"mail_gem", :version=>"2.4.3"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when mail_gem version 2.3.3 is used" do
|
|
12
|
-
@check.dependencies = [{:name=>"mail_gem", :version=>"2.3.3"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
it "is not reported when mail_gem version 2.4.4 is used" do
|
|
17
|
-
@check.dependencies = [{:name=>"mail_gem", :version=>"2.4.4"}]
|
|
18
|
-
expect(@check.vuln?).to eq(false)
|
|
19
|
-
end
|
|
20
|
-
end
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2012-2671 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2012_2671.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when ruby-cache version 0.5 is used" do
|
|
8
|
-
@check.dependencies = [{:name=>"rack-cache", :version=>'0.5'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when ruby-cache version 0.8 is used" do
|
|
12
|
-
@check.dependencies = [{:name=>"rack-cache", :version=>'0.8'}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when ruby-cache version 1.1.1 is used" do
|
|
16
|
-
@check.dependencies = [{:name=>"rack-cache", :version=>'1.1.1'}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when ruby-cache version 1.1.2 is used" do
|
|
20
|
-
@check.dependencies = [{:name=>"rack-cache", :version=>'1.1.2'}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
end
|
|
@@ -1,112 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2012-6109 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2012_6109.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected - 1.0.1" do
|
|
8
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.0.1"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
it "is reported when the vulnerable gem is detected - 0.9.1" do
|
|
13
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.9.1"}]
|
|
14
|
-
expect(@check.vuln?).to eq(true)
|
|
15
|
-
end
|
|
16
|
-
it "is reported when the vulnerable gem is detected - 0.9" do
|
|
17
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.9"}]
|
|
18
|
-
expect(@check.vuln?).to eq(true)
|
|
19
|
-
end
|
|
20
|
-
it "is reported when the vulnerable gem is detected - 0.4" do
|
|
21
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.4"}]
|
|
22
|
-
expect(@check.vuln?).to eq(true)
|
|
23
|
-
end
|
|
24
|
-
it "is reported when the vulnerable gem is detected - 0.3" do
|
|
25
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.3"}]
|
|
26
|
-
expect(@check.vuln?).to eq(true)
|
|
27
|
-
end
|
|
28
|
-
it "is reported when the vulnerable gem is detected - 0.2" do
|
|
29
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.2"}]
|
|
30
|
-
expect(@check.vuln?).to eq(true)
|
|
31
|
-
end
|
|
32
|
-
it "is reported when the vulnerable gem is detected - 0.1" do
|
|
33
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.1"}]
|
|
34
|
-
expect(@check.vuln?).to eq(true)
|
|
35
|
-
end
|
|
36
|
-
it "is reported when the vulnerable gem is detected - 1.0.0" do
|
|
37
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.0.0"}]
|
|
38
|
-
expect(@check.vuln?).to eq(true)
|
|
39
|
-
end
|
|
40
|
-
it "is reported when the vulnerable gem is detected - 1.1.0" do
|
|
41
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
|
|
42
|
-
expect(@check.vuln?).to eq(true)
|
|
43
|
-
end
|
|
44
|
-
it "is reported when the vulnerable gem is detected - 1.1.3" do
|
|
45
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.3"}]
|
|
46
|
-
expect(@check.vuln?).to eq(true)
|
|
47
|
-
end
|
|
48
|
-
it "is reported when the vulnerable gem is detected - 1.1.2" do
|
|
49
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
|
|
50
|
-
expect(@check.vuln?).to eq(true)
|
|
51
|
-
end
|
|
52
|
-
it "is reported when the vulnerable gem is detected - 1.2.0" do
|
|
53
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
|
|
54
|
-
expect(@check.vuln?).to eq(true)
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
it "is reported when the vulnerable gem is detected - 1.2.1" do
|
|
58
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
|
|
59
|
-
expect(@check.vuln?).to eq(true)
|
|
60
|
-
end
|
|
61
|
-
it "is reported when the vulnerable gem is detected - 1.2.2" do
|
|
62
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
|
|
63
|
-
expect(@check.vuln?).to eq(true)
|
|
64
|
-
end
|
|
65
|
-
it "is reported when the vulnerable gem is detected - 1.2.3" do
|
|
66
|
-
|
|
67
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
|
|
68
|
-
expect(@check.vuln?).to eq(true)
|
|
69
|
-
end
|
|
70
|
-
it "is reported when the vulnerable gem is detected - 1.2.4" do
|
|
71
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
|
|
72
|
-
expect(@check.vuln?).to eq(true)
|
|
73
|
-
end
|
|
74
|
-
it "is reported when the vulnerable gem is detected - 1.3.0" do
|
|
75
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
|
|
76
|
-
expect(@check.vuln?).to eq(true)
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
it "is reported when the vulnerable gem is detected - 1.3.1" do
|
|
80
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
|
|
81
|
-
expect(@check.vuln?).to eq(true)
|
|
82
|
-
end
|
|
83
|
-
it "is reported when the vulnerable gem is detected - 1.3.2" do
|
|
84
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
|
|
85
|
-
expect(@check.vuln?).to eq(true)
|
|
86
|
-
end
|
|
87
|
-
it "is reported when the vulnerable gem is detected - 1.3.3" do
|
|
88
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
|
|
89
|
-
expect(@check.vuln?).to eq(true)
|
|
90
|
-
end
|
|
91
|
-
it "is reported when the vulnerable gem is detected - 1.3.4" do
|
|
92
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
|
|
93
|
-
expect(@check.vuln?).to eq(true)
|
|
94
|
-
end
|
|
95
|
-
it "is reported when the vulnerable gem is detected - 1.3.5" do
|
|
96
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
|
|
97
|
-
expect(@check.vuln?).to eq(true)
|
|
98
|
-
end
|
|
99
|
-
it "is reported when the vulnerable gem is detected - 1.3.6" do
|
|
100
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
|
|
101
|
-
expect(@check.vuln?).to eq(true)
|
|
102
|
-
end
|
|
103
|
-
|
|
104
|
-
it "is reported when the vulnerable gem is detected - 1.4.0" do
|
|
105
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
|
|
106
|
-
expect(@check.vuln?).to eq(true)
|
|
107
|
-
end
|
|
108
|
-
it "is reported when the vulnerable gem is detected - 1.4.1" do
|
|
109
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
|
|
110
|
-
expect(@check.vuln?).to eq(true)
|
|
111
|
-
end
|
|
112
|
-
end
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2012-6684 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2012_6684.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when vulnerable raven-ruby gem is used (4.2.9)" do
|
|
8
|
-
@check.dependencies = [{:name=>"RedCloth", :version=>'4.2.9'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is not reported when safe raven-ruby gem is used (4.2.10)" do
|
|
12
|
-
@check.dependencies = [{:name=>"RedCloth", :version=>'4.2.10'}]
|
|
13
|
-
expect(@check.vuln?).to eq(false)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
end
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-0162 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_0162.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when ruby_parser version 1.x is used" do
|
|
8
|
-
@check.dependencies = [{:name=>"ruby_parser", :version=>'1.4.5'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when ruby_parser version 2.x is used" do
|
|
12
|
-
@check.dependencies = [{:name=>"ruby_parser", :version=>'2.4.5'}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when ruby_parser version 3.0.x is used" do
|
|
16
|
-
@check.dependencies = [{:name=>"ruby_parser", :version=>'3.0.5'}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when ruby_parser version 3.1.1 is used" do
|
|
20
|
-
@check.dependencies = [{:name=>"ruby_parser", :version=>'3.1.1'}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
end
|