dawnscanner 1.6.8 → 2.0.0.rc4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (387) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +1 -0
  3. data/.ruby-version +1 -1
  4. data/Changelog.md +27 -1
  5. data/LICENSE.txt +1 -1
  6. data/README.md +59 -57
  7. data/Rakefile +10 -242
  8. data/Roadmap.md +15 -23
  9. data/VERSION +1 -1
  10. data/bin/dawn +17 -273
  11. data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
  12. data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
  13. data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
  14. data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
  15. data/dawnscanner.gemspec +10 -9
  16. data/doc/change.sh +13 -0
  17. data/doc/kickstart_kb.tar.gz +0 -0
  18. data/doc/knowledge_base.rb +650 -0
  19. data/docs/.placeholder +0 -0
  20. data/docs/CNAME +1 -0
  21. data/docs/_config.yml +1 -0
  22. data/lib/dawn/cli/dawn_cli.rb +139 -0
  23. data/lib/dawn/core.rb +8 -7
  24. data/lib/dawn/engine.rb +93 -34
  25. data/lib/dawn/gemfile_lock.rb +2 -2
  26. data/lib/dawn/kb/basic_check.rb +1 -2
  27. data/lib/dawn/kb/combo_check.rb +1 -1
  28. data/lib/dawn/kb/dependency_check.rb +1 -1
  29. data/lib/dawn/kb/operating_system_check.rb +1 -1
  30. data/lib/dawn/kb/pattern_match_check.rb +10 -9
  31. data/lib/dawn/kb/ruby_version_check.rb +11 -10
  32. data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
  33. data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
  34. data/lib/dawn/kb/version_check.rb +41 -24
  35. data/lib/dawn/knowledge_base.rb +259 -595
  36. data/lib/dawn/reporter.rb +2 -1
  37. data/lib/dawn/utils.rb +5 -2
  38. data/lib/dawn/version.rb +5 -5
  39. data/lib/dawnscanner.rb +7 -6
  40. data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
  41. data/spec/lib/kb/dependency_check.yml +29 -0
  42. metadata +30 -496
  43. checksums.yaml.gz.sig +0 -0
  44. data.tar.gz.sig +0 -0
  45. data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
  46. data/lib/dawn/kb/cve_2004_0755.rb +0 -33
  47. data/lib/dawn/kb/cve_2004_0983.rb +0 -31
  48. data/lib/dawn/kb/cve_2005_1992.rb +0 -31
  49. data/lib/dawn/kb/cve_2005_2337.rb +0 -33
  50. data/lib/dawn/kb/cve_2006_1931.rb +0 -30
  51. data/lib/dawn/kb/cve_2006_2582.rb +0 -28
  52. data/lib/dawn/kb/cve_2006_3694.rb +0 -31
  53. data/lib/dawn/kb/cve_2006_4112.rb +0 -27
  54. data/lib/dawn/kb/cve_2006_5467.rb +0 -28
  55. data/lib/dawn/kb/cve_2006_6303.rb +0 -28
  56. data/lib/dawn/kb/cve_2006_6852.rb +0 -27
  57. data/lib/dawn/kb/cve_2006_6979.rb +0 -29
  58. data/lib/dawn/kb/cve_2007_0469.rb +0 -29
  59. data/lib/dawn/kb/cve_2007_5162.rb +0 -28
  60. data/lib/dawn/kb/cve_2007_5379.rb +0 -27
  61. data/lib/dawn/kb/cve_2007_5380.rb +0 -29
  62. data/lib/dawn/kb/cve_2007_5770.rb +0 -30
  63. data/lib/dawn/kb/cve_2007_6077.rb +0 -31
  64. data/lib/dawn/kb/cve_2007_6612.rb +0 -30
  65. data/lib/dawn/kb/cve_2008_1145.rb +0 -38
  66. data/lib/dawn/kb/cve_2008_1891.rb +0 -38
  67. data/lib/dawn/kb/cve_2008_2376.rb +0 -30
  68. data/lib/dawn/kb/cve_2008_2662.rb +0 -33
  69. data/lib/dawn/kb/cve_2008_2663.rb +0 -32
  70. data/lib/dawn/kb/cve_2008_2664.rb +0 -33
  71. data/lib/dawn/kb/cve_2008_2725.rb +0 -31
  72. data/lib/dawn/kb/cve_2008_3655.rb +0 -37
  73. data/lib/dawn/kb/cve_2008_3657.rb +0 -37
  74. data/lib/dawn/kb/cve_2008_3790.rb +0 -30
  75. data/lib/dawn/kb/cve_2008_3905.rb +0 -36
  76. data/lib/dawn/kb/cve_2008_4094.rb +0 -27
  77. data/lib/dawn/kb/cve_2008_4310.rb +0 -100
  78. data/lib/dawn/kb/cve_2008_5189.rb +0 -27
  79. data/lib/dawn/kb/cve_2008_7248.rb +0 -27
  80. data/lib/dawn/kb/cve_2009_4078.rb +0 -29
  81. data/lib/dawn/kb/cve_2009_4124.rb +0 -30
  82. data/lib/dawn/kb/cve_2009_4214.rb +0 -27
  83. data/lib/dawn/kb/cve_2010_1330.rb +0 -28
  84. data/lib/dawn/kb/cve_2010_2489.rb +0 -60
  85. data/lib/dawn/kb/cve_2010_3933.rb +0 -27
  86. data/lib/dawn/kb/cve_2011_0188.rb +0 -67
  87. data/lib/dawn/kb/cve_2011_0446.rb +0 -28
  88. data/lib/dawn/kb/cve_2011_0447.rb +0 -28
  89. data/lib/dawn/kb/cve_2011_0739.rb +0 -28
  90. data/lib/dawn/kb/cve_2011_0995.rb +0 -61
  91. data/lib/dawn/kb/cve_2011_1004.rb +0 -34
  92. data/lib/dawn/kb/cve_2011_1005.rb +0 -31
  93. data/lib/dawn/kb/cve_2011_2197.rb +0 -27
  94. data/lib/dawn/kb/cve_2011_2686.rb +0 -29
  95. data/lib/dawn/kb/cve_2011_2705.rb +0 -32
  96. data/lib/dawn/kb/cve_2011_2929.rb +0 -27
  97. data/lib/dawn/kb/cve_2011_2930.rb +0 -28
  98. data/lib/dawn/kb/cve_2011_2931.rb +0 -30
  99. data/lib/dawn/kb/cve_2011_2932.rb +0 -27
  100. data/lib/dawn/kb/cve_2011_3009.rb +0 -28
  101. data/lib/dawn/kb/cve_2011_3186.rb +0 -29
  102. data/lib/dawn/kb/cve_2011_3187.rb +0 -29
  103. data/lib/dawn/kb/cve_2011_4319.rb +0 -30
  104. data/lib/dawn/kb/cve_2011_4815.rb +0 -28
  105. data/lib/dawn/kb/cve_2011_5036.rb +0 -26
  106. data/lib/dawn/kb/cve_2012_1098.rb +0 -30
  107. data/lib/dawn/kb/cve_2012_1099.rb +0 -27
  108. data/lib/dawn/kb/cve_2012_1241.rb +0 -27
  109. data/lib/dawn/kb/cve_2012_2139.rb +0 -26
  110. data/lib/dawn/kb/cve_2012_2140.rb +0 -27
  111. data/lib/dawn/kb/cve_2012_2660.rb +0 -28
  112. data/lib/dawn/kb/cve_2012_2661.rb +0 -27
  113. data/lib/dawn/kb/cve_2012_2671.rb +0 -28
  114. data/lib/dawn/kb/cve_2012_2694.rb +0 -30
  115. data/lib/dawn/kb/cve_2012_2695.rb +0 -27
  116. data/lib/dawn/kb/cve_2012_3424.rb +0 -29
  117. data/lib/dawn/kb/cve_2012_3463.rb +0 -27
  118. data/lib/dawn/kb/cve_2012_3464.rb +0 -27
  119. data/lib/dawn/kb/cve_2012_3465.rb +0 -26
  120. data/lib/dawn/kb/cve_2012_4464.rb +0 -27
  121. data/lib/dawn/kb/cve_2012_4466.rb +0 -27
  122. data/lib/dawn/kb/cve_2012_4481.rb +0 -26
  123. data/lib/dawn/kb/cve_2012_4522.rb +0 -27
  124. data/lib/dawn/kb/cve_2012_5370.rb +0 -27
  125. data/lib/dawn/kb/cve_2012_5371.rb +0 -27
  126. data/lib/dawn/kb/cve_2012_5380.rb +0 -28
  127. data/lib/dawn/kb/cve_2012_6109.rb +0 -25
  128. data/lib/dawn/kb/cve_2012_6134.rb +0 -27
  129. data/lib/dawn/kb/cve_2012_6496.rb +0 -28
  130. data/lib/dawn/kb/cve_2012_6497.rb +0 -28
  131. data/lib/dawn/kb/cve_2012_6684.rb +0 -28
  132. data/lib/dawn/kb/cve_2013_0155.rb +0 -29
  133. data/lib/dawn/kb/cve_2013_0156.rb +0 -27
  134. data/lib/dawn/kb/cve_2013_0162.rb +0 -28
  135. data/lib/dawn/kb/cve_2013_0175.rb +0 -27
  136. data/lib/dawn/kb/cve_2013_0183.rb +0 -25
  137. data/lib/dawn/kb/cve_2013_0184.rb +0 -25
  138. data/lib/dawn/kb/cve_2013_0233.rb +0 -26
  139. data/lib/dawn/kb/cve_2013_0256.rb +0 -59
  140. data/lib/dawn/kb/cve_2013_0262.rb +0 -26
  141. data/lib/dawn/kb/cve_2013_0263.rb +0 -26
  142. data/lib/dawn/kb/cve_2013_0269.rb +0 -27
  143. data/lib/dawn/kb/cve_2013_0276.rb +0 -28
  144. data/lib/dawn/kb/cve_2013_0277.rb +0 -25
  145. data/lib/dawn/kb/cve_2013_0284.rb +0 -27
  146. data/lib/dawn/kb/cve_2013_0285.rb +0 -27
  147. data/lib/dawn/kb/cve_2013_0333.rb +0 -28
  148. data/lib/dawn/kb/cve_2013_0334.rb +0 -25
  149. data/lib/dawn/kb/cve_2013_1607.rb +0 -25
  150. data/lib/dawn/kb/cve_2013_1655.rb +0 -65
  151. data/lib/dawn/kb/cve_2013_1656.rb +0 -28
  152. data/lib/dawn/kb/cve_2013_1756.rb +0 -26
  153. data/lib/dawn/kb/cve_2013_1800.rb +0 -26
  154. data/lib/dawn/kb/cve_2013_1801.rb +0 -27
  155. data/lib/dawn/kb/cve_2013_1802.rb +0 -27
  156. data/lib/dawn/kb/cve_2013_1812.rb +0 -27
  157. data/lib/dawn/kb/cve_2013_1821.rb +0 -28
  158. data/lib/dawn/kb/cve_2013_1854.rb +0 -26
  159. data/lib/dawn/kb/cve_2013_1855.rb +0 -25
  160. data/lib/dawn/kb/cve_2013_1856.rb +0 -26
  161. data/lib/dawn/kb/cve_2013_1857.rb +0 -27
  162. data/lib/dawn/kb/cve_2013_1875.rb +0 -27
  163. data/lib/dawn/kb/cve_2013_1898.rb +0 -27
  164. data/lib/dawn/kb/cve_2013_1911.rb +0 -28
  165. data/lib/dawn/kb/cve_2013_1933.rb +0 -27
  166. data/lib/dawn/kb/cve_2013_1947.rb +0 -27
  167. data/lib/dawn/kb/cve_2013_1948.rb +0 -27
  168. data/lib/dawn/kb/cve_2013_2065.rb +0 -29
  169. data/lib/dawn/kb/cve_2013_2090.rb +0 -28
  170. data/lib/dawn/kb/cve_2013_2105.rb +0 -26
  171. data/lib/dawn/kb/cve_2013_2119.rb +0 -27
  172. data/lib/dawn/kb/cve_2013_2512.rb +0 -26
  173. data/lib/dawn/kb/cve_2013_2513.rb +0 -25
  174. data/lib/dawn/kb/cve_2013_2516.rb +0 -26
  175. data/lib/dawn/kb/cve_2013_2615.rb +0 -27
  176. data/lib/dawn/kb/cve_2013_2616.rb +0 -27
  177. data/lib/dawn/kb/cve_2013_2617.rb +0 -28
  178. data/lib/dawn/kb/cve_2013_3221.rb +0 -27
  179. data/lib/dawn/kb/cve_2013_4164.rb +0 -30
  180. data/lib/dawn/kb/cve_2013_4203.rb +0 -25
  181. data/lib/dawn/kb/cve_2013_4389.rb +0 -26
  182. data/lib/dawn/kb/cve_2013_4413.rb +0 -27
  183. data/lib/dawn/kb/cve_2013_4457.rb +0 -29
  184. data/lib/dawn/kb/cve_2013_4478.rb +0 -26
  185. data/lib/dawn/kb/cve_2013_4479.rb +0 -26
  186. data/lib/dawn/kb/cve_2013_4489.rb +0 -28
  187. data/lib/dawn/kb/cve_2013_4491.rb +0 -29
  188. data/lib/dawn/kb/cve_2013_4492.rb +0 -29
  189. data/lib/dawn/kb/cve_2013_4562.rb +0 -27
  190. data/lib/dawn/kb/cve_2013_4593.rb +0 -27
  191. data/lib/dawn/kb/cve_2013_5647.rb +0 -29
  192. data/lib/dawn/kb/cve_2013_5671.rb +0 -26
  193. data/lib/dawn/kb/cve_2013_6414.rb +0 -30
  194. data/lib/dawn/kb/cve_2013_6415.rb +0 -29
  195. data/lib/dawn/kb/cve_2013_6416.rb +0 -29
  196. data/lib/dawn/kb/cve_2013_6417.rb +0 -30
  197. data/lib/dawn/kb/cve_2013_6421.rb +0 -28
  198. data/lib/dawn/kb/cve_2013_6459.rb +0 -28
  199. data/lib/dawn/kb/cve_2013_6460.rb +0 -53
  200. data/lib/dawn/kb/cve_2013_6461.rb +0 -57
  201. data/lib/dawn/kb/cve_2013_7086.rb +0 -27
  202. data/lib/dawn/kb/cve_2014_0036.rb +0 -27
  203. data/lib/dawn/kb/cve_2014_0080.rb +0 -29
  204. data/lib/dawn/kb/cve_2014_0081.rb +0 -27
  205. data/lib/dawn/kb/cve_2014_0082.rb +0 -27
  206. data/lib/dawn/kb/cve_2014_0130.rb +0 -27
  207. data/lib/dawn/kb/cve_2014_1233.rb +0 -27
  208. data/lib/dawn/kb/cve_2014_1234.rb +0 -26
  209. data/lib/dawn/kb/cve_2014_2322.rb +0 -28
  210. data/lib/dawn/kb/cve_2014_2525.rb +0 -59
  211. data/lib/dawn/kb/cve_2014_2538.rb +0 -26
  212. data/lib/dawn/kb/cve_2014_3482.rb +0 -28
  213. data/lib/dawn/kb/cve_2014_3483.rb +0 -28
  214. data/lib/dawn/kb/cve_2014_3916.rb +0 -29
  215. data/lib/dawn/kb/cve_2014_4975.rb +0 -28
  216. data/lib/dawn/kb/cve_2014_7818.rb +0 -27
  217. data/lib/dawn/kb/cve_2014_7819.rb +0 -31
  218. data/lib/dawn/kb/cve_2014_7829.rb +0 -30
  219. data/lib/dawn/kb/cve_2014_8090.rb +0 -30
  220. data/lib/dawn/kb/cve_2014_9490.rb +0 -29
  221. data/lib/dawn/kb/cve_2015_1819.rb +0 -34
  222. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
  223. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
  224. data/lib/dawn/kb/cve_2015_2963.rb +0 -27
  225. data/lib/dawn/kb/cve_2015_3224.rb +0 -26
  226. data/lib/dawn/kb/cve_2015_3225.rb +0 -28
  227. data/lib/dawn/kb/cve_2015_3226.rb +0 -27
  228. data/lib/dawn/kb/cve_2015_3227.rb +0 -28
  229. data/lib/dawn/kb/cve_2015_3448.rb +0 -29
  230. data/lib/dawn/kb/cve_2015_4020.rb +0 -34
  231. data/lib/dawn/kb/cve_2015_5312.rb +0 -30
  232. data/lib/dawn/kb/cve_2015_7497.rb +0 -32
  233. data/lib/dawn/kb/cve_2015_7498.rb +0 -32
  234. data/lib/dawn/kb/cve_2015_7499.rb +0 -32
  235. data/lib/dawn/kb/cve_2015_7500.rb +0 -32
  236. data/lib/dawn/kb/cve_2015_7519.rb +0 -31
  237. data/lib/dawn/kb/cve_2015_7541.rb +0 -31
  238. data/lib/dawn/kb/cve_2015_7576.rb +0 -35
  239. data/lib/dawn/kb/cve_2015_7577.rb +0 -34
  240. data/lib/dawn/kb/cve_2015_7578.rb +0 -30
  241. data/lib/dawn/kb/cve_2015_7579.rb +0 -30
  242. data/lib/dawn/kb/cve_2015_7581.rb +0 -33
  243. data/lib/dawn/kb/cve_2015_8241.rb +0 -32
  244. data/lib/dawn/kb/cve_2015_8242.rb +0 -32
  245. data/lib/dawn/kb/cve_2015_8317.rb +0 -32
  246. data/lib/dawn/kb/cve_2016_0751.rb +0 -32
  247. data/lib/dawn/kb/cve_2016_0752.rb +0 -35
  248. data/lib/dawn/kb/cve_2016_0753.rb +0 -31
  249. data/lib/dawn/kb/cve_2016_2097.rb +0 -35
  250. data/lib/dawn/kb/cve_2016_2098.rb +0 -35
  251. data/lib/dawn/kb/cve_2016_5697.rb +0 -30
  252. data/lib/dawn/kb/cve_2016_6316.rb +0 -33
  253. data/lib/dawn/kb/cve_2016_6317.rb +0 -32
  254. data/lib/dawn/kb/cve_2016_6582.rb +0 -43
  255. data/lib/dawn/kb/not_revised_code.rb +0 -22
  256. data/lib/dawn/kb/osvdb_105971.rb +0 -29
  257. data/lib/dawn/kb/osvdb_108530.rb +0 -27
  258. data/lib/dawn/kb/osvdb_108563.rb +0 -28
  259. data/lib/dawn/kb/osvdb_108569.rb +0 -28
  260. data/lib/dawn/kb/osvdb_108570.rb +0 -27
  261. data/lib/dawn/kb/osvdb_115654.rb +0 -33
  262. data/lib/dawn/kb/osvdb_116010.rb +0 -30
  263. data/lib/dawn/kb/osvdb_117903.rb +0 -30
  264. data/lib/dawn/kb/osvdb_118579.rb +0 -31
  265. data/lib/dawn/kb/osvdb_118830.rb +0 -32
  266. data/lib/dawn/kb/osvdb_118954.rb +0 -33
  267. data/lib/dawn/kb/osvdb_119878.rb +0 -32
  268. data/lib/dawn/kb/osvdb_119927.rb +0 -33
  269. data/lib/dawn/kb/osvdb_120415.rb +0 -31
  270. data/lib/dawn/kb/osvdb_120857.rb +0 -34
  271. data/lib/dawn/kb/osvdb_121701.rb +0 -30
  272. data/lib/dawn/kb/osvdb_132234.rb +0 -34
  273. data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
  274. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
  275. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
  276. data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
  277. data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
  278. data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
  279. data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
  280. data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
  281. data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
  282. data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
  283. data/lib/dawn/knowledge_base_experimental.rb +0 -245
  284. data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
  285. data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
  286. data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
  287. data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
  288. data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
  289. data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
  290. data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
  291. data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
  292. data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
  293. data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
  294. data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
  295. data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
  296. data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
  297. data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
  298. data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
  299. data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
  300. data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
  301. data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
  302. data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
  303. data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
  304. data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
  305. data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
  306. data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
  307. data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
  308. data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
  309. data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
  310. data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
  311. data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
  312. data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
  313. data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
  314. data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
  315. data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
  316. data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
  317. data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
  318. data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
  319. data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
  320. data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
  321. data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
  322. data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
  323. data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
  324. data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
  325. data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
  326. data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
  327. data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
  328. data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
  329. data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
  330. data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
  331. data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
  332. data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
  333. data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
  334. data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
  335. data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
  336. data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
  337. data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
  338. data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
  339. data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
  340. data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
  341. data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
  342. data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
  343. data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
  344. data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
  345. data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
  346. data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
  347. data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
  348. data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
  349. data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
  350. data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
  351. data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
  352. data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
  353. data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
  354. data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
  355. data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
  356. data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
  357. data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
  358. data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
  359. data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
  360. data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
  361. data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
  362. data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
  363. data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
  364. data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
  365. data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
  366. data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
  367. data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
  368. data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
  369. data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
  370. data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
  371. data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
  372. data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
  373. data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
  374. data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
  375. data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
  376. data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
  377. data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
  378. data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
  379. data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
  380. data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
  381. data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
  382. data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
  383. data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
  384. data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
  385. data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
  386. data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
  387. metadata.gz.sig +0 -0
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2011-2930 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2011_2930.new
5
- # @check.debug = true
6
- end
7
- it "fires when vulnerable rails version is used (2.3.12)" do
8
- @check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "fires when vulnerable rails version is used (3.0.9)" do
12
- @check.dependencies = [{:name=>"rails", :version=>'3.0.9'}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "fires when vulnerable rails version is used (3.1.0)" do
16
- @check.dependencies = [{:name=>"rails", :version=>'3.1.0'}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "doesn't fire when safe rails version is used (2.3.14)" do
20
- @check.dependencies = [{:name=>"rails", :version=>'2.3.14'}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "doesn't fire when safe rails version is used (3.0.10)" do
24
- @check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "doesn't fire when safe rails version is used (3.1.1)" do
28
- @check.dependencies = [{:name=>"rails", :version=>'3.1.1'}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,25 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe "The CVE-2011-3009 vulnerability" do
4
- before(:all) do
5
- @check = Dawn::Kb::CVE_2011_3009.new
6
- # @check.debug = true
7
- end
8
- it "fires if ruby version is vulnerable (1.8.6-p111)" do
9
- @check.detected_ruby = {:engine=>'ruby', :version=>"1.8.6", :patchlevel=>"p111"}
10
- expect(@check.vuln?).to eq(true)
11
- end
12
- it "fires if ruby version is vulnerable (1.8.5-p111)" do
13
- @check.detected_ruby = {:engine=>'ruby', :version=>"1.8.5", :patchlevel=>"p111"}
14
- expect(@check.vuln?).to eq(true)
15
- end
16
- it "doesn't fire if ruby version is not vulnerable (1.8.6-p112)" do
17
- @check.detected_ruby = {:engine=>'ruby', :version=>"1.8.6", :patchlevel=>"p112"}
18
- expect(@check.vuln?).to eq(false)
19
- end
20
- it "doesn't fire if ruby version is not vulnerable (1.9.2-p112)" do
21
- @check.detected_ruby = {:engine=>'ruby', :version=>"1.9.2", :patchlevel=>"p112"}
22
- expect(@check.vuln?).to eq(false)
23
- end
24
-
25
- end
@@ -1,24 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2011-3187 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2011_3187.new
5
- # @check.debug = true
6
- end
7
- it "fires when vulnerable rails version it has been found (3.0.5)" do
8
- @check.dependencies = [{:name=>'rails', :version=>'3.0.5'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "doesn't fire when safe rails version it has been found (3.0.6)" do
12
- @check.dependencies = [{:name=>'rails', :version=>'3.0.6'}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
- it "doesn't fire when safe rails version it has been found (3.1.6)" do
16
- @check.dependencies = [{:name=>'rails', :version=>'3.1.6'}]
17
- expect(@check.vuln?).to eq(false)
18
- end
19
- it "doesn't fire when safe rails version it has been found (2.3.16)" do
20
- @check.dependencies = [{:name=>'rails', :version=>'2.3.16'}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- # self.safe_dependencies = [{:name=>"rails", :version=>['3.0.6']}]
24
- end
@@ -1,44 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2011-4319 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2011_4319.new
5
- # @check.debug = true
6
- end
7
- it "fires when vulnerable rails version it has been found (2.3.12)" do
8
- @check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "fires when vulnerable rails version it has been found (3.0.10)" do
12
- @check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "fires when vulnerable rails version it has been found (3.1.1)" do
16
- @check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "doesn't fire when safe rails version it has been found (2.3.13)" do
20
- @check.dependencies = [{:name=>"rails", :version=>'2.3.13'}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "doesn't fire when safe rails version it has been found (2.3.14)" do
24
- @check.dependencies = [{:name=>"rails", :version=>'2.3.14'}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "doesn't fire when safe rails version it has been found (3.0.11)" do
28
- @check.dependencies = [{:name=>"rails", :version=>'3.0.11'}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "doesn't fire when safe rails version it has been found (3.0.12)" do
32
- @check.dependencies = [{:name=>"rails", :version=>'3.0.12'}]
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- it "doesn't fire when safe rails version it has been found (3.1.2)" do
36
- @check.dependencies = [{:name=>"rails", :version=>'3.1.2'}]
37
- expect(@check.vuln?).to eq(false)
38
- end
39
- it "doesn't fire when safe rails version it has been found (3.2.0)" do
40
- @check.dependencies = [{:name=>"rails", :version=>'3.2.0'}]
41
- expect(@check.vuln?).to eq(false)
42
- end
43
- # self.safe_dependencies = [{:name=>"rails", :version=>['2.3.13', '3.0.11', '3.1.2']}]
44
- end
@@ -1,95 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2011-5036 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2011_5036.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected - 1.0.1" do
8
- @check.dependencies = [{:name=>"rack", :version=>"1.0.1"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
-
12
- it "is reported when the vulnerable gem is detected - 0.9.1" do
13
- @check.dependencies = [{:name=>"rack", :version=>"0.9.1"}]
14
- expect(@check.vuln?).to eq(true)
15
- end
16
- it "is reported when the vulnerable gem is detected - 0.9" do
17
- @check.dependencies = [{:name=>"rack", :version=>"0.9"}]
18
- expect(@check.vuln?).to eq(true)
19
- end
20
- it "is reported when the vulnerable gem is detected - 0.4" do
21
- @check.dependencies = [{:name=>"rack", :version=>"0.4"}]
22
- expect(@check.vuln?).to eq(true)
23
- end
24
- it "is reported when the vulnerable gem is detected - 0.3" do
25
- @check.dependencies = [{:name=>"rack", :version=>"0.3"}]
26
- expect(@check.vuln?).to eq(true)
27
- end
28
- it "is reported when the vulnerable gem is detected - 0.2" do
29
- @check.dependencies = [{:name=>"rack", :version=>"0.2"}]
30
- expect(@check.vuln?).to eq(true)
31
- end
32
- it "is reported when the vulnerable gem is detected - 0.1" do
33
- @check.dependencies = [{:name=>"rack", :version=>"0.1"}]
34
- expect(@check.vuln?).to eq(true)
35
- end
36
- it "is reported when the vulnerable gem is detected - 1.0.0" do
37
- @check.dependencies = [{:name=>"rack", :version=>"1.0.0"}]
38
- expect(@check.vuln?).to eq(true)
39
- end
40
- it "is reported when the vulnerable gem is detected - 1.1.0" do
41
- @check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
42
- expect(@check.vuln?).to eq(true)
43
- end
44
- it "is reported when the vulnerable gem is detected - 1.1.2" do
45
- @check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
46
- expect(@check.vuln?).to eq(true)
47
- end
48
- it "is reported when the vulnerable gem is detected - 1.2.0" do
49
- @check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
50
- expect(@check.vuln?).to eq(true)
51
- end
52
-
53
- it "is reported when the vulnerable gem is detected - 1.2.1" do
54
- @check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
55
- expect(@check.vuln?).to eq(true)
56
- end
57
- it "is reported when the vulnerable gem is detected - 1.2.2" do
58
- @check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
59
- expect(@check.vuln?).to eq(true)
60
- end
61
- it "is reported when the vulnerable gem is detected - 1.2.3" do
62
-
63
- @check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
64
- expect(@check.vuln?).to eq(true)
65
- end
66
- it "is reported when the vulnerable gem is detected - 1.2.4" do
67
- @check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
68
- expect(@check.vuln?).to eq(true)
69
- end
70
- it "is reported when the vulnerable gem is detected - 1.3.0" do
71
- @check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
72
- expect(@check.vuln?).to eq(true)
73
- end
74
-
75
- it "is reported when the vulnerable gem is detected - 1.3.1" do
76
- @check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
77
- expect(@check.vuln?).to eq(true)
78
- end
79
- it "is reported when the vulnerable gem is detected - 1.3.2" do
80
- @check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
81
- expect(@check.vuln?).to eq(true)
82
- end
83
- it "is reported when the vulnerable gem is detected - 1.3.3" do
84
- @check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
85
- expect(@check.vuln?).to eq(true)
86
- end
87
- it "is reported when the vulnerable gem is detected - 1.3.4" do
88
- @check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
89
- expect(@check.vuln?).to eq(true)
90
- end
91
- it "is reported when the vulnerable gem is detected - 1.3.5" do
92
- @check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
93
- expect(@check.vuln?).to eq(true)
94
- end
95
- end
@@ -1,36 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2012-1098 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2012_1098.new
5
- # @check.debug = true
6
- end
7
- it "fires when vulnerable rails version it has been found (3.0.11)" do
8
- @check.dependencies = [{:name=>"rails", :version=>'3.0.11'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "fires when vulnerable rails version it has been found (3.1.3)" do
12
- @check.dependencies = [{:name=>"rails", :version=>'3.1.3'}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "fires when vulnerable rails version it has been found (3.2.1)" do
16
- @check.dependencies = [{:name=>"rails", :version=>'3.2.1'}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "doesn't fire when non vulnerable rails version it has been found (3.2.2)" do
20
- @check.dependencies = [{:name=>"rails", :version=>'3.2.2'}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "doesn't fire when non vulnerable rails version it has been found (3.2.4)" do
24
- @check.dependencies = [{:name=>"rails", :version=>'3.2.4'}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "doesn't fire when non vulnerable rails version it has been found (3.1.4)" do
28
- @check.dependencies = [{:name=>"rails", :version=>'3.1.4'}]
29
- # @check.debug = true
30
- expect(@check.vuln?).to eq(false)
31
- end
32
- it "doesn't fire when rails version older than 3.x.y it has been found" do
33
- @check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
34
- expect(@check.vuln?).to eq(false)
35
- end
36
- end
@@ -1,20 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2012-2139 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2012_2139.new
5
- # @check.debug = true
6
- end
7
- it "is reported when mail_gem version 2.4.3 is used" do
8
- @check.dependencies = [{:name=>"mail_gem", :version=>"2.4.3"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when mail_gem version 2.3.3 is used" do
12
- @check.dependencies = [{:name=>"mail_gem", :version=>"2.3.3"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
-
16
- it "is not reported when mail_gem version 2.4.4 is used" do
17
- @check.dependencies = [{:name=>"mail_gem", :version=>"2.4.4"}]
18
- expect(@check.vuln?).to eq(false)
19
- end
20
- end
@@ -1,23 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2012-2671 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2012_2671.new
5
- # @check.debug = true
6
- end
7
- it "is reported when ruby-cache version 0.5 is used" do
8
- @check.dependencies = [{:name=>"rack-cache", :version=>'0.5'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when ruby-cache version 0.8 is used" do
12
- @check.dependencies = [{:name=>"rack-cache", :version=>'0.8'}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when ruby-cache version 1.1.1 is used" do
16
- @check.dependencies = [{:name=>"rack-cache", :version=>'1.1.1'}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when ruby-cache version 1.1.2 is used" do
20
- @check.dependencies = [{:name=>"rack-cache", :version=>'1.1.2'}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- end
@@ -1,112 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2012-6109 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2012_6109.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected - 1.0.1" do
8
- @check.dependencies = [{:name=>"rack", :version=>"1.0.1"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
-
12
- it "is reported when the vulnerable gem is detected - 0.9.1" do
13
- @check.dependencies = [{:name=>"rack", :version=>"0.9.1"}]
14
- expect(@check.vuln?).to eq(true)
15
- end
16
- it "is reported when the vulnerable gem is detected - 0.9" do
17
- @check.dependencies = [{:name=>"rack", :version=>"0.9"}]
18
- expect(@check.vuln?).to eq(true)
19
- end
20
- it "is reported when the vulnerable gem is detected - 0.4" do
21
- @check.dependencies = [{:name=>"rack", :version=>"0.4"}]
22
- expect(@check.vuln?).to eq(true)
23
- end
24
- it "is reported when the vulnerable gem is detected - 0.3" do
25
- @check.dependencies = [{:name=>"rack", :version=>"0.3"}]
26
- expect(@check.vuln?).to eq(true)
27
- end
28
- it "is reported when the vulnerable gem is detected - 0.2" do
29
- @check.dependencies = [{:name=>"rack", :version=>"0.2"}]
30
- expect(@check.vuln?).to eq(true)
31
- end
32
- it "is reported when the vulnerable gem is detected - 0.1" do
33
- @check.dependencies = [{:name=>"rack", :version=>"0.1"}]
34
- expect(@check.vuln?).to eq(true)
35
- end
36
- it "is reported when the vulnerable gem is detected - 1.0.0" do
37
- @check.dependencies = [{:name=>"rack", :version=>"1.0.0"}]
38
- expect(@check.vuln?).to eq(true)
39
- end
40
- it "is reported when the vulnerable gem is detected - 1.1.0" do
41
- @check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
42
- expect(@check.vuln?).to eq(true)
43
- end
44
- it "is reported when the vulnerable gem is detected - 1.1.3" do
45
- @check.dependencies = [{:name=>"rack", :version=>"1.1.3"}]
46
- expect(@check.vuln?).to eq(true)
47
- end
48
- it "is reported when the vulnerable gem is detected - 1.1.2" do
49
- @check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
50
- expect(@check.vuln?).to eq(true)
51
- end
52
- it "is reported when the vulnerable gem is detected - 1.2.0" do
53
- @check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
54
- expect(@check.vuln?).to eq(true)
55
- end
56
-
57
- it "is reported when the vulnerable gem is detected - 1.2.1" do
58
- @check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
59
- expect(@check.vuln?).to eq(true)
60
- end
61
- it "is reported when the vulnerable gem is detected - 1.2.2" do
62
- @check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
63
- expect(@check.vuln?).to eq(true)
64
- end
65
- it "is reported when the vulnerable gem is detected - 1.2.3" do
66
-
67
- @check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
68
- expect(@check.vuln?).to eq(true)
69
- end
70
- it "is reported when the vulnerable gem is detected - 1.2.4" do
71
- @check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
72
- expect(@check.vuln?).to eq(true)
73
- end
74
- it "is reported when the vulnerable gem is detected - 1.3.0" do
75
- @check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
76
- expect(@check.vuln?).to eq(true)
77
- end
78
-
79
- it "is reported when the vulnerable gem is detected - 1.3.1" do
80
- @check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
81
- expect(@check.vuln?).to eq(true)
82
- end
83
- it "is reported when the vulnerable gem is detected - 1.3.2" do
84
- @check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
85
- expect(@check.vuln?).to eq(true)
86
- end
87
- it "is reported when the vulnerable gem is detected - 1.3.3" do
88
- @check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
89
- expect(@check.vuln?).to eq(true)
90
- end
91
- it "is reported when the vulnerable gem is detected - 1.3.4" do
92
- @check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
93
- expect(@check.vuln?).to eq(true)
94
- end
95
- it "is reported when the vulnerable gem is detected - 1.3.5" do
96
- @check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
97
- expect(@check.vuln?).to eq(true)
98
- end
99
- it "is reported when the vulnerable gem is detected - 1.3.6" do
100
- @check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
101
- expect(@check.vuln?).to eq(true)
102
- end
103
-
104
- it "is reported when the vulnerable gem is detected - 1.4.0" do
105
- @check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
106
- expect(@check.vuln?).to eq(true)
107
- end
108
- it "is reported when the vulnerable gem is detected - 1.4.1" do
109
- @check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
110
- expect(@check.vuln?).to eq(true)
111
- end
112
- end
@@ -1,16 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2012-6684 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2012_6684.new
5
- # @check.debug = true
6
- end
7
- it "is reported when vulnerable raven-ruby gem is used (4.2.9)" do
8
- @check.dependencies = [{:name=>"RedCloth", :version=>'4.2.9'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is not reported when safe raven-ruby gem is used (4.2.10)" do
12
- @check.dependencies = [{:name=>"RedCloth", :version=>'4.2.10'}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
-
16
- end
@@ -1,23 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-0162 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_0162.new
5
- # @check.debug = true
6
- end
7
- it "is reported when ruby_parser version 1.x is used" do
8
- @check.dependencies = [{:name=>"ruby_parser", :version=>'1.4.5'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when ruby_parser version 2.x is used" do
12
- @check.dependencies = [{:name=>"ruby_parser", :version=>'2.4.5'}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when ruby_parser version 3.0.x is used" do
16
- @check.dependencies = [{:name=>"ruby_parser", :version=>'3.0.5'}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when ruby_parser version 3.1.1 is used" do
20
- @check.dependencies = [{:name=>"ruby_parser", :version=>'3.1.1'}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- end