dawnscanner 1.6.8 → 2.0.0.rc4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.ruby-version +1 -1
- data/Changelog.md +27 -1
- data/LICENSE.txt +1 -1
- data/README.md +59 -57
- data/Rakefile +10 -242
- data/Roadmap.md +15 -23
- data/VERSION +1 -1
- data/bin/dawn +17 -273
- data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
- data/dawnscanner.gemspec +10 -9
- data/doc/change.sh +13 -0
- data/doc/kickstart_kb.tar.gz +0 -0
- data/doc/knowledge_base.rb +650 -0
- data/docs/.placeholder +0 -0
- data/docs/CNAME +1 -0
- data/docs/_config.yml +1 -0
- data/lib/dawn/cli/dawn_cli.rb +139 -0
- data/lib/dawn/core.rb +8 -7
- data/lib/dawn/engine.rb +93 -34
- data/lib/dawn/gemfile_lock.rb +2 -2
- data/lib/dawn/kb/basic_check.rb +1 -2
- data/lib/dawn/kb/combo_check.rb +1 -1
- data/lib/dawn/kb/dependency_check.rb +1 -1
- data/lib/dawn/kb/operating_system_check.rb +1 -1
- data/lib/dawn/kb/pattern_match_check.rb +10 -9
- data/lib/dawn/kb/ruby_version_check.rb +11 -10
- data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
- data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
- data/lib/dawn/kb/version_check.rb +41 -24
- data/lib/dawn/knowledge_base.rb +259 -595
- data/lib/dawn/reporter.rb +2 -1
- data/lib/dawn/utils.rb +5 -2
- data/lib/dawn/version.rb +5 -5
- data/lib/dawnscanner.rb +7 -6
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
- data/spec/lib/kb/dependency_check.yml +29 -0
- metadata +30 -496
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
- data/lib/dawn/kb/cve_2004_0755.rb +0 -33
- data/lib/dawn/kb/cve_2004_0983.rb +0 -31
- data/lib/dawn/kb/cve_2005_1992.rb +0 -31
- data/lib/dawn/kb/cve_2005_2337.rb +0 -33
- data/lib/dawn/kb/cve_2006_1931.rb +0 -30
- data/lib/dawn/kb/cve_2006_2582.rb +0 -28
- data/lib/dawn/kb/cve_2006_3694.rb +0 -31
- data/lib/dawn/kb/cve_2006_4112.rb +0 -27
- data/lib/dawn/kb/cve_2006_5467.rb +0 -28
- data/lib/dawn/kb/cve_2006_6303.rb +0 -28
- data/lib/dawn/kb/cve_2006_6852.rb +0 -27
- data/lib/dawn/kb/cve_2006_6979.rb +0 -29
- data/lib/dawn/kb/cve_2007_0469.rb +0 -29
- data/lib/dawn/kb/cve_2007_5162.rb +0 -28
- data/lib/dawn/kb/cve_2007_5379.rb +0 -27
- data/lib/dawn/kb/cve_2007_5380.rb +0 -29
- data/lib/dawn/kb/cve_2007_5770.rb +0 -30
- data/lib/dawn/kb/cve_2007_6077.rb +0 -31
- data/lib/dawn/kb/cve_2007_6612.rb +0 -30
- data/lib/dawn/kb/cve_2008_1145.rb +0 -38
- data/lib/dawn/kb/cve_2008_1891.rb +0 -38
- data/lib/dawn/kb/cve_2008_2376.rb +0 -30
- data/lib/dawn/kb/cve_2008_2662.rb +0 -33
- data/lib/dawn/kb/cve_2008_2663.rb +0 -32
- data/lib/dawn/kb/cve_2008_2664.rb +0 -33
- data/lib/dawn/kb/cve_2008_2725.rb +0 -31
- data/lib/dawn/kb/cve_2008_3655.rb +0 -37
- data/lib/dawn/kb/cve_2008_3657.rb +0 -37
- data/lib/dawn/kb/cve_2008_3790.rb +0 -30
- data/lib/dawn/kb/cve_2008_3905.rb +0 -36
- data/lib/dawn/kb/cve_2008_4094.rb +0 -27
- data/lib/dawn/kb/cve_2008_4310.rb +0 -100
- data/lib/dawn/kb/cve_2008_5189.rb +0 -27
- data/lib/dawn/kb/cve_2008_7248.rb +0 -27
- data/lib/dawn/kb/cve_2009_4078.rb +0 -29
- data/lib/dawn/kb/cve_2009_4124.rb +0 -30
- data/lib/dawn/kb/cve_2009_4214.rb +0 -27
- data/lib/dawn/kb/cve_2010_1330.rb +0 -28
- data/lib/dawn/kb/cve_2010_2489.rb +0 -60
- data/lib/dawn/kb/cve_2010_3933.rb +0 -27
- data/lib/dawn/kb/cve_2011_0188.rb +0 -67
- data/lib/dawn/kb/cve_2011_0446.rb +0 -28
- data/lib/dawn/kb/cve_2011_0447.rb +0 -28
- data/lib/dawn/kb/cve_2011_0739.rb +0 -28
- data/lib/dawn/kb/cve_2011_0995.rb +0 -61
- data/lib/dawn/kb/cve_2011_1004.rb +0 -34
- data/lib/dawn/kb/cve_2011_1005.rb +0 -31
- data/lib/dawn/kb/cve_2011_2197.rb +0 -27
- data/lib/dawn/kb/cve_2011_2686.rb +0 -29
- data/lib/dawn/kb/cve_2011_2705.rb +0 -32
- data/lib/dawn/kb/cve_2011_2929.rb +0 -27
- data/lib/dawn/kb/cve_2011_2930.rb +0 -28
- data/lib/dawn/kb/cve_2011_2931.rb +0 -30
- data/lib/dawn/kb/cve_2011_2932.rb +0 -27
- data/lib/dawn/kb/cve_2011_3009.rb +0 -28
- data/lib/dawn/kb/cve_2011_3186.rb +0 -29
- data/lib/dawn/kb/cve_2011_3187.rb +0 -29
- data/lib/dawn/kb/cve_2011_4319.rb +0 -30
- data/lib/dawn/kb/cve_2011_4815.rb +0 -28
- data/lib/dawn/kb/cve_2011_5036.rb +0 -26
- data/lib/dawn/kb/cve_2012_1098.rb +0 -30
- data/lib/dawn/kb/cve_2012_1099.rb +0 -27
- data/lib/dawn/kb/cve_2012_1241.rb +0 -27
- data/lib/dawn/kb/cve_2012_2139.rb +0 -26
- data/lib/dawn/kb/cve_2012_2140.rb +0 -27
- data/lib/dawn/kb/cve_2012_2660.rb +0 -28
- data/lib/dawn/kb/cve_2012_2661.rb +0 -27
- data/lib/dawn/kb/cve_2012_2671.rb +0 -28
- data/lib/dawn/kb/cve_2012_2694.rb +0 -30
- data/lib/dawn/kb/cve_2012_2695.rb +0 -27
- data/lib/dawn/kb/cve_2012_3424.rb +0 -29
- data/lib/dawn/kb/cve_2012_3463.rb +0 -27
- data/lib/dawn/kb/cve_2012_3464.rb +0 -27
- data/lib/dawn/kb/cve_2012_3465.rb +0 -26
- data/lib/dawn/kb/cve_2012_4464.rb +0 -27
- data/lib/dawn/kb/cve_2012_4466.rb +0 -27
- data/lib/dawn/kb/cve_2012_4481.rb +0 -26
- data/lib/dawn/kb/cve_2012_4522.rb +0 -27
- data/lib/dawn/kb/cve_2012_5370.rb +0 -27
- data/lib/dawn/kb/cve_2012_5371.rb +0 -27
- data/lib/dawn/kb/cve_2012_5380.rb +0 -28
- data/lib/dawn/kb/cve_2012_6109.rb +0 -25
- data/lib/dawn/kb/cve_2012_6134.rb +0 -27
- data/lib/dawn/kb/cve_2012_6496.rb +0 -28
- data/lib/dawn/kb/cve_2012_6497.rb +0 -28
- data/lib/dawn/kb/cve_2012_6684.rb +0 -28
- data/lib/dawn/kb/cve_2013_0155.rb +0 -29
- data/lib/dawn/kb/cve_2013_0156.rb +0 -27
- data/lib/dawn/kb/cve_2013_0162.rb +0 -28
- data/lib/dawn/kb/cve_2013_0175.rb +0 -27
- data/lib/dawn/kb/cve_2013_0183.rb +0 -25
- data/lib/dawn/kb/cve_2013_0184.rb +0 -25
- data/lib/dawn/kb/cve_2013_0233.rb +0 -26
- data/lib/dawn/kb/cve_2013_0256.rb +0 -59
- data/lib/dawn/kb/cve_2013_0262.rb +0 -26
- data/lib/dawn/kb/cve_2013_0263.rb +0 -26
- data/lib/dawn/kb/cve_2013_0269.rb +0 -27
- data/lib/dawn/kb/cve_2013_0276.rb +0 -28
- data/lib/dawn/kb/cve_2013_0277.rb +0 -25
- data/lib/dawn/kb/cve_2013_0284.rb +0 -27
- data/lib/dawn/kb/cve_2013_0285.rb +0 -27
- data/lib/dawn/kb/cve_2013_0333.rb +0 -28
- data/lib/dawn/kb/cve_2013_0334.rb +0 -25
- data/lib/dawn/kb/cve_2013_1607.rb +0 -25
- data/lib/dawn/kb/cve_2013_1655.rb +0 -65
- data/lib/dawn/kb/cve_2013_1656.rb +0 -28
- data/lib/dawn/kb/cve_2013_1756.rb +0 -26
- data/lib/dawn/kb/cve_2013_1800.rb +0 -26
- data/lib/dawn/kb/cve_2013_1801.rb +0 -27
- data/lib/dawn/kb/cve_2013_1802.rb +0 -27
- data/lib/dawn/kb/cve_2013_1812.rb +0 -27
- data/lib/dawn/kb/cve_2013_1821.rb +0 -28
- data/lib/dawn/kb/cve_2013_1854.rb +0 -26
- data/lib/dawn/kb/cve_2013_1855.rb +0 -25
- data/lib/dawn/kb/cve_2013_1856.rb +0 -26
- data/lib/dawn/kb/cve_2013_1857.rb +0 -27
- data/lib/dawn/kb/cve_2013_1875.rb +0 -27
- data/lib/dawn/kb/cve_2013_1898.rb +0 -27
- data/lib/dawn/kb/cve_2013_1911.rb +0 -28
- data/lib/dawn/kb/cve_2013_1933.rb +0 -27
- data/lib/dawn/kb/cve_2013_1947.rb +0 -27
- data/lib/dawn/kb/cve_2013_1948.rb +0 -27
- data/lib/dawn/kb/cve_2013_2065.rb +0 -29
- data/lib/dawn/kb/cve_2013_2090.rb +0 -28
- data/lib/dawn/kb/cve_2013_2105.rb +0 -26
- data/lib/dawn/kb/cve_2013_2119.rb +0 -27
- data/lib/dawn/kb/cve_2013_2512.rb +0 -26
- data/lib/dawn/kb/cve_2013_2513.rb +0 -25
- data/lib/dawn/kb/cve_2013_2516.rb +0 -26
- data/lib/dawn/kb/cve_2013_2615.rb +0 -27
- data/lib/dawn/kb/cve_2013_2616.rb +0 -27
- data/lib/dawn/kb/cve_2013_2617.rb +0 -28
- data/lib/dawn/kb/cve_2013_3221.rb +0 -27
- data/lib/dawn/kb/cve_2013_4164.rb +0 -30
- data/lib/dawn/kb/cve_2013_4203.rb +0 -25
- data/lib/dawn/kb/cve_2013_4389.rb +0 -26
- data/lib/dawn/kb/cve_2013_4413.rb +0 -27
- data/lib/dawn/kb/cve_2013_4457.rb +0 -29
- data/lib/dawn/kb/cve_2013_4478.rb +0 -26
- data/lib/dawn/kb/cve_2013_4479.rb +0 -26
- data/lib/dawn/kb/cve_2013_4489.rb +0 -28
- data/lib/dawn/kb/cve_2013_4491.rb +0 -29
- data/lib/dawn/kb/cve_2013_4492.rb +0 -29
- data/lib/dawn/kb/cve_2013_4562.rb +0 -27
- data/lib/dawn/kb/cve_2013_4593.rb +0 -27
- data/lib/dawn/kb/cve_2013_5647.rb +0 -29
- data/lib/dawn/kb/cve_2013_5671.rb +0 -26
- data/lib/dawn/kb/cve_2013_6414.rb +0 -30
- data/lib/dawn/kb/cve_2013_6415.rb +0 -29
- data/lib/dawn/kb/cve_2013_6416.rb +0 -29
- data/lib/dawn/kb/cve_2013_6417.rb +0 -30
- data/lib/dawn/kb/cve_2013_6421.rb +0 -28
- data/lib/dawn/kb/cve_2013_6459.rb +0 -28
- data/lib/dawn/kb/cve_2013_6460.rb +0 -53
- data/lib/dawn/kb/cve_2013_6461.rb +0 -57
- data/lib/dawn/kb/cve_2013_7086.rb +0 -27
- data/lib/dawn/kb/cve_2014_0036.rb +0 -27
- data/lib/dawn/kb/cve_2014_0080.rb +0 -29
- data/lib/dawn/kb/cve_2014_0081.rb +0 -27
- data/lib/dawn/kb/cve_2014_0082.rb +0 -27
- data/lib/dawn/kb/cve_2014_0130.rb +0 -27
- data/lib/dawn/kb/cve_2014_1233.rb +0 -27
- data/lib/dawn/kb/cve_2014_1234.rb +0 -26
- data/lib/dawn/kb/cve_2014_2322.rb +0 -28
- data/lib/dawn/kb/cve_2014_2525.rb +0 -59
- data/lib/dawn/kb/cve_2014_2538.rb +0 -26
- data/lib/dawn/kb/cve_2014_3482.rb +0 -28
- data/lib/dawn/kb/cve_2014_3483.rb +0 -28
- data/lib/dawn/kb/cve_2014_3916.rb +0 -29
- data/lib/dawn/kb/cve_2014_4975.rb +0 -28
- data/lib/dawn/kb/cve_2014_7818.rb +0 -27
- data/lib/dawn/kb/cve_2014_7819.rb +0 -31
- data/lib/dawn/kb/cve_2014_7829.rb +0 -30
- data/lib/dawn/kb/cve_2014_8090.rb +0 -30
- data/lib/dawn/kb/cve_2014_9490.rb +0 -29
- data/lib/dawn/kb/cve_2015_1819.rb +0 -34
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
- data/lib/dawn/kb/cve_2015_2963.rb +0 -27
- data/lib/dawn/kb/cve_2015_3224.rb +0 -26
- data/lib/dawn/kb/cve_2015_3225.rb +0 -28
- data/lib/dawn/kb/cve_2015_3226.rb +0 -27
- data/lib/dawn/kb/cve_2015_3227.rb +0 -28
- data/lib/dawn/kb/cve_2015_3448.rb +0 -29
- data/lib/dawn/kb/cve_2015_4020.rb +0 -34
- data/lib/dawn/kb/cve_2015_5312.rb +0 -30
- data/lib/dawn/kb/cve_2015_7497.rb +0 -32
- data/lib/dawn/kb/cve_2015_7498.rb +0 -32
- data/lib/dawn/kb/cve_2015_7499.rb +0 -32
- data/lib/dawn/kb/cve_2015_7500.rb +0 -32
- data/lib/dawn/kb/cve_2015_7519.rb +0 -31
- data/lib/dawn/kb/cve_2015_7541.rb +0 -31
- data/lib/dawn/kb/cve_2015_7576.rb +0 -35
- data/lib/dawn/kb/cve_2015_7577.rb +0 -34
- data/lib/dawn/kb/cve_2015_7578.rb +0 -30
- data/lib/dawn/kb/cve_2015_7579.rb +0 -30
- data/lib/dawn/kb/cve_2015_7581.rb +0 -33
- data/lib/dawn/kb/cve_2015_8241.rb +0 -32
- data/lib/dawn/kb/cve_2015_8242.rb +0 -32
- data/lib/dawn/kb/cve_2015_8317.rb +0 -32
- data/lib/dawn/kb/cve_2016_0751.rb +0 -32
- data/lib/dawn/kb/cve_2016_0752.rb +0 -35
- data/lib/dawn/kb/cve_2016_0753.rb +0 -31
- data/lib/dawn/kb/cve_2016_2097.rb +0 -35
- data/lib/dawn/kb/cve_2016_2098.rb +0 -35
- data/lib/dawn/kb/cve_2016_5697.rb +0 -30
- data/lib/dawn/kb/cve_2016_6316.rb +0 -33
- data/lib/dawn/kb/cve_2016_6317.rb +0 -32
- data/lib/dawn/kb/cve_2016_6582.rb +0 -43
- data/lib/dawn/kb/not_revised_code.rb +0 -22
- data/lib/dawn/kb/osvdb_105971.rb +0 -29
- data/lib/dawn/kb/osvdb_108530.rb +0 -27
- data/lib/dawn/kb/osvdb_108563.rb +0 -28
- data/lib/dawn/kb/osvdb_108569.rb +0 -28
- data/lib/dawn/kb/osvdb_108570.rb +0 -27
- data/lib/dawn/kb/osvdb_115654.rb +0 -33
- data/lib/dawn/kb/osvdb_116010.rb +0 -30
- data/lib/dawn/kb/osvdb_117903.rb +0 -30
- data/lib/dawn/kb/osvdb_118579.rb +0 -31
- data/lib/dawn/kb/osvdb_118830.rb +0 -32
- data/lib/dawn/kb/osvdb_118954.rb +0 -33
- data/lib/dawn/kb/osvdb_119878.rb +0 -32
- data/lib/dawn/kb/osvdb_119927.rb +0 -33
- data/lib/dawn/kb/osvdb_120415.rb +0 -31
- data/lib/dawn/kb/osvdb_120857.rb +0 -34
- data/lib/dawn/kb/osvdb_121701.rb +0 -30
- data/lib/dawn/kb/osvdb_132234.rb +0 -34
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
- data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
- data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
- data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
- data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
- data/lib/dawn/knowledge_base_experimental.rb +0 -245
- data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
- data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
- data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
- data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
- data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
- data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
- data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
- data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
- data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
- data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
- data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
- data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
- data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
- data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
- data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
- data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
- data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
- data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
- data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
- data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
- data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
- data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
- data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
- data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
- data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
- data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
- data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
- data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
- data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
- data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
- data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
- data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
- data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
- data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
- data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
- data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
- data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
- data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
- data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
- data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
- data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
- data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
- data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
- data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
- data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
- data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
- data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
- data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
- data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
- data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
- metadata.gz.sig +0 -0
@@ -1,31 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
describe "The CVE-2011-2930 vulnerability" do
|
3
|
-
before(:all) do
|
4
|
-
@check = Dawn::Kb::CVE_2011_2930.new
|
5
|
-
# @check.debug = true
|
6
|
-
end
|
7
|
-
it "fires when vulnerable rails version is used (2.3.12)" do
|
8
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
|
9
|
-
expect(@check.vuln?).to eq(true)
|
10
|
-
end
|
11
|
-
it "fires when vulnerable rails version is used (3.0.9)" do
|
12
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.9'}]
|
13
|
-
expect(@check.vuln?).to eq(true)
|
14
|
-
end
|
15
|
-
it "fires when vulnerable rails version is used (3.1.0)" do
|
16
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.1.0'}]
|
17
|
-
expect(@check.vuln?).to eq(true)
|
18
|
-
end
|
19
|
-
it "doesn't fire when safe rails version is used (2.3.14)" do
|
20
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.14'}]
|
21
|
-
expect(@check.vuln?).to eq(false)
|
22
|
-
end
|
23
|
-
it "doesn't fire when safe rails version is used (3.0.10)" do
|
24
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
|
25
|
-
expect(@check.vuln?).to eq(false)
|
26
|
-
end
|
27
|
-
it "doesn't fire when safe rails version is used (3.1.1)" do
|
28
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.1.1'}]
|
29
|
-
expect(@check.vuln?).to eq(false)
|
30
|
-
end
|
31
|
-
end
|
@@ -1,25 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
describe "The CVE-2011-3009 vulnerability" do
|
4
|
-
before(:all) do
|
5
|
-
@check = Dawn::Kb::CVE_2011_3009.new
|
6
|
-
# @check.debug = true
|
7
|
-
end
|
8
|
-
it "fires if ruby version is vulnerable (1.8.6-p111)" do
|
9
|
-
@check.detected_ruby = {:engine=>'ruby', :version=>"1.8.6", :patchlevel=>"p111"}
|
10
|
-
expect(@check.vuln?).to eq(true)
|
11
|
-
end
|
12
|
-
it "fires if ruby version is vulnerable (1.8.5-p111)" do
|
13
|
-
@check.detected_ruby = {:engine=>'ruby', :version=>"1.8.5", :patchlevel=>"p111"}
|
14
|
-
expect(@check.vuln?).to eq(true)
|
15
|
-
end
|
16
|
-
it "doesn't fire if ruby version is not vulnerable (1.8.6-p112)" do
|
17
|
-
@check.detected_ruby = {:engine=>'ruby', :version=>"1.8.6", :patchlevel=>"p112"}
|
18
|
-
expect(@check.vuln?).to eq(false)
|
19
|
-
end
|
20
|
-
it "doesn't fire if ruby version is not vulnerable (1.9.2-p112)" do
|
21
|
-
@check.detected_ruby = {:engine=>'ruby', :version=>"1.9.2", :patchlevel=>"p112"}
|
22
|
-
expect(@check.vuln?).to eq(false)
|
23
|
-
end
|
24
|
-
|
25
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
describe "The CVE-2011-3187 vulnerability" do
|
3
|
-
before(:all) do
|
4
|
-
@check = Dawn::Kb::CVE_2011_3187.new
|
5
|
-
# @check.debug = true
|
6
|
-
end
|
7
|
-
it "fires when vulnerable rails version it has been found (3.0.5)" do
|
8
|
-
@check.dependencies = [{:name=>'rails', :version=>'3.0.5'}]
|
9
|
-
expect(@check.vuln?).to eq(true)
|
10
|
-
end
|
11
|
-
it "doesn't fire when safe rails version it has been found (3.0.6)" do
|
12
|
-
@check.dependencies = [{:name=>'rails', :version=>'3.0.6'}]
|
13
|
-
expect(@check.vuln?).to eq(false)
|
14
|
-
end
|
15
|
-
it "doesn't fire when safe rails version it has been found (3.1.6)" do
|
16
|
-
@check.dependencies = [{:name=>'rails', :version=>'3.1.6'}]
|
17
|
-
expect(@check.vuln?).to eq(false)
|
18
|
-
end
|
19
|
-
it "doesn't fire when safe rails version it has been found (2.3.16)" do
|
20
|
-
@check.dependencies = [{:name=>'rails', :version=>'2.3.16'}]
|
21
|
-
expect(@check.vuln?).to eq(false)
|
22
|
-
end
|
23
|
-
# self.safe_dependencies = [{:name=>"rails", :version=>['3.0.6']}]
|
24
|
-
end
|
@@ -1,44 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
describe "The CVE-2011-4319 vulnerability" do
|
3
|
-
before(:all) do
|
4
|
-
@check = Dawn::Kb::CVE_2011_4319.new
|
5
|
-
# @check.debug = true
|
6
|
-
end
|
7
|
-
it "fires when vulnerable rails version it has been found (2.3.12)" do
|
8
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
|
9
|
-
expect(@check.vuln?).to eq(true)
|
10
|
-
end
|
11
|
-
it "fires when vulnerable rails version it has been found (3.0.10)" do
|
12
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
|
13
|
-
expect(@check.vuln?).to eq(true)
|
14
|
-
end
|
15
|
-
it "fires when vulnerable rails version it has been found (3.1.1)" do
|
16
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.10'}]
|
17
|
-
expect(@check.vuln?).to eq(true)
|
18
|
-
end
|
19
|
-
it "doesn't fire when safe rails version it has been found (2.3.13)" do
|
20
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.13'}]
|
21
|
-
expect(@check.vuln?).to eq(false)
|
22
|
-
end
|
23
|
-
it "doesn't fire when safe rails version it has been found (2.3.14)" do
|
24
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.14'}]
|
25
|
-
expect(@check.vuln?).to eq(false)
|
26
|
-
end
|
27
|
-
it "doesn't fire when safe rails version it has been found (3.0.11)" do
|
28
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.11'}]
|
29
|
-
expect(@check.vuln?).to eq(false)
|
30
|
-
end
|
31
|
-
it "doesn't fire when safe rails version it has been found (3.0.12)" do
|
32
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.12'}]
|
33
|
-
expect(@check.vuln?).to eq(false)
|
34
|
-
end
|
35
|
-
it "doesn't fire when safe rails version it has been found (3.1.2)" do
|
36
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.1.2'}]
|
37
|
-
expect(@check.vuln?).to eq(false)
|
38
|
-
end
|
39
|
-
it "doesn't fire when safe rails version it has been found (3.2.0)" do
|
40
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.2.0'}]
|
41
|
-
expect(@check.vuln?).to eq(false)
|
42
|
-
end
|
43
|
-
# self.safe_dependencies = [{:name=>"rails", :version=>['2.3.13', '3.0.11', '3.1.2']}]
|
44
|
-
end
|
@@ -1,95 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
describe "The CVE-2011-5036 vulnerability" do
|
3
|
-
before(:all) do
|
4
|
-
@check = Dawn::Kb::CVE_2011_5036.new
|
5
|
-
# @check.debug = true
|
6
|
-
end
|
7
|
-
it "is reported when the vulnerable gem is detected - 1.0.1" do
|
8
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.0.1"}]
|
9
|
-
expect(@check.vuln?).to eq(true)
|
10
|
-
end
|
11
|
-
|
12
|
-
it "is reported when the vulnerable gem is detected - 0.9.1" do
|
13
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.9.1"}]
|
14
|
-
expect(@check.vuln?).to eq(true)
|
15
|
-
end
|
16
|
-
it "is reported when the vulnerable gem is detected - 0.9" do
|
17
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.9"}]
|
18
|
-
expect(@check.vuln?).to eq(true)
|
19
|
-
end
|
20
|
-
it "is reported when the vulnerable gem is detected - 0.4" do
|
21
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.4"}]
|
22
|
-
expect(@check.vuln?).to eq(true)
|
23
|
-
end
|
24
|
-
it "is reported when the vulnerable gem is detected - 0.3" do
|
25
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.3"}]
|
26
|
-
expect(@check.vuln?).to eq(true)
|
27
|
-
end
|
28
|
-
it "is reported when the vulnerable gem is detected - 0.2" do
|
29
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.2"}]
|
30
|
-
expect(@check.vuln?).to eq(true)
|
31
|
-
end
|
32
|
-
it "is reported when the vulnerable gem is detected - 0.1" do
|
33
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.1"}]
|
34
|
-
expect(@check.vuln?).to eq(true)
|
35
|
-
end
|
36
|
-
it "is reported when the vulnerable gem is detected - 1.0.0" do
|
37
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.0.0"}]
|
38
|
-
expect(@check.vuln?).to eq(true)
|
39
|
-
end
|
40
|
-
it "is reported when the vulnerable gem is detected - 1.1.0" do
|
41
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
|
42
|
-
expect(@check.vuln?).to eq(true)
|
43
|
-
end
|
44
|
-
it "is reported when the vulnerable gem is detected - 1.1.2" do
|
45
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
|
46
|
-
expect(@check.vuln?).to eq(true)
|
47
|
-
end
|
48
|
-
it "is reported when the vulnerable gem is detected - 1.2.0" do
|
49
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
|
50
|
-
expect(@check.vuln?).to eq(true)
|
51
|
-
end
|
52
|
-
|
53
|
-
it "is reported when the vulnerable gem is detected - 1.2.1" do
|
54
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
|
55
|
-
expect(@check.vuln?).to eq(true)
|
56
|
-
end
|
57
|
-
it "is reported when the vulnerable gem is detected - 1.2.2" do
|
58
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
|
59
|
-
expect(@check.vuln?).to eq(true)
|
60
|
-
end
|
61
|
-
it "is reported when the vulnerable gem is detected - 1.2.3" do
|
62
|
-
|
63
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
|
64
|
-
expect(@check.vuln?).to eq(true)
|
65
|
-
end
|
66
|
-
it "is reported when the vulnerable gem is detected - 1.2.4" do
|
67
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
|
68
|
-
expect(@check.vuln?).to eq(true)
|
69
|
-
end
|
70
|
-
it "is reported when the vulnerable gem is detected - 1.3.0" do
|
71
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
|
72
|
-
expect(@check.vuln?).to eq(true)
|
73
|
-
end
|
74
|
-
|
75
|
-
it "is reported when the vulnerable gem is detected - 1.3.1" do
|
76
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
|
77
|
-
expect(@check.vuln?).to eq(true)
|
78
|
-
end
|
79
|
-
it "is reported when the vulnerable gem is detected - 1.3.2" do
|
80
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
|
81
|
-
expect(@check.vuln?).to eq(true)
|
82
|
-
end
|
83
|
-
it "is reported when the vulnerable gem is detected - 1.3.3" do
|
84
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
|
85
|
-
expect(@check.vuln?).to eq(true)
|
86
|
-
end
|
87
|
-
it "is reported when the vulnerable gem is detected - 1.3.4" do
|
88
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
|
89
|
-
expect(@check.vuln?).to eq(true)
|
90
|
-
end
|
91
|
-
it "is reported when the vulnerable gem is detected - 1.3.5" do
|
92
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
|
93
|
-
expect(@check.vuln?).to eq(true)
|
94
|
-
end
|
95
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
describe "The CVE-2012-1098 vulnerability" do
|
3
|
-
before(:all) do
|
4
|
-
@check = Dawn::Kb::CVE_2012_1098.new
|
5
|
-
# @check.debug = true
|
6
|
-
end
|
7
|
-
it "fires when vulnerable rails version it has been found (3.0.11)" do
|
8
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.0.11'}]
|
9
|
-
expect(@check.vuln?).to eq(true)
|
10
|
-
end
|
11
|
-
it "fires when vulnerable rails version it has been found (3.1.3)" do
|
12
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.1.3'}]
|
13
|
-
expect(@check.vuln?).to eq(true)
|
14
|
-
end
|
15
|
-
it "fires when vulnerable rails version it has been found (3.2.1)" do
|
16
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.2.1'}]
|
17
|
-
expect(@check.vuln?).to eq(true)
|
18
|
-
end
|
19
|
-
it "doesn't fire when non vulnerable rails version it has been found (3.2.2)" do
|
20
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.2.2'}]
|
21
|
-
expect(@check.vuln?).to eq(false)
|
22
|
-
end
|
23
|
-
it "doesn't fire when non vulnerable rails version it has been found (3.2.4)" do
|
24
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.2.4'}]
|
25
|
-
expect(@check.vuln?).to eq(false)
|
26
|
-
end
|
27
|
-
it "doesn't fire when non vulnerable rails version it has been found (3.1.4)" do
|
28
|
-
@check.dependencies = [{:name=>"rails", :version=>'3.1.4'}]
|
29
|
-
# @check.debug = true
|
30
|
-
expect(@check.vuln?).to eq(false)
|
31
|
-
end
|
32
|
-
it "doesn't fire when rails version older than 3.x.y it has been found" do
|
33
|
-
@check.dependencies = [{:name=>"rails", :version=>'2.3.12'}]
|
34
|
-
expect(@check.vuln?).to eq(false)
|
35
|
-
end
|
36
|
-
end
|
@@ -1,20 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
describe "The CVE-2012-2139 vulnerability" do
|
3
|
-
before(:all) do
|
4
|
-
@check = Dawn::Kb::CVE_2012_2139.new
|
5
|
-
# @check.debug = true
|
6
|
-
end
|
7
|
-
it "is reported when mail_gem version 2.4.3 is used" do
|
8
|
-
@check.dependencies = [{:name=>"mail_gem", :version=>"2.4.3"}]
|
9
|
-
expect(@check.vuln?).to eq(true)
|
10
|
-
end
|
11
|
-
it "is reported when mail_gem version 2.3.3 is used" do
|
12
|
-
@check.dependencies = [{:name=>"mail_gem", :version=>"2.3.3"}]
|
13
|
-
expect(@check.vuln?).to eq(true)
|
14
|
-
end
|
15
|
-
|
16
|
-
it "is not reported when mail_gem version 2.4.4 is used" do
|
17
|
-
@check.dependencies = [{:name=>"mail_gem", :version=>"2.4.4"}]
|
18
|
-
expect(@check.vuln?).to eq(false)
|
19
|
-
end
|
20
|
-
end
|
@@ -1,23 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
describe "The CVE-2012-2671 vulnerability" do
|
3
|
-
before(:all) do
|
4
|
-
@check = Dawn::Kb::CVE_2012_2671.new
|
5
|
-
# @check.debug = true
|
6
|
-
end
|
7
|
-
it "is reported when ruby-cache version 0.5 is used" do
|
8
|
-
@check.dependencies = [{:name=>"rack-cache", :version=>'0.5'}]
|
9
|
-
expect(@check.vuln?).to eq(true)
|
10
|
-
end
|
11
|
-
it "is reported when ruby-cache version 0.8 is used" do
|
12
|
-
@check.dependencies = [{:name=>"rack-cache", :version=>'0.8'}]
|
13
|
-
expect(@check.vuln?).to eq(true)
|
14
|
-
end
|
15
|
-
it "is reported when ruby-cache version 1.1.1 is used" do
|
16
|
-
@check.dependencies = [{:name=>"rack-cache", :version=>'1.1.1'}]
|
17
|
-
expect(@check.vuln?).to eq(true)
|
18
|
-
end
|
19
|
-
it "is not reported when ruby-cache version 1.1.2 is used" do
|
20
|
-
@check.dependencies = [{:name=>"rack-cache", :version=>'1.1.2'}]
|
21
|
-
expect(@check.vuln?).to eq(false)
|
22
|
-
end
|
23
|
-
end
|
@@ -1,112 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
describe "The CVE-2012-6109 vulnerability" do
|
3
|
-
before(:all) do
|
4
|
-
@check = Dawn::Kb::CVE_2012_6109.new
|
5
|
-
# @check.debug = true
|
6
|
-
end
|
7
|
-
it "is reported when the vulnerable gem is detected - 1.0.1" do
|
8
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.0.1"}]
|
9
|
-
expect(@check.vuln?).to eq(true)
|
10
|
-
end
|
11
|
-
|
12
|
-
it "is reported when the vulnerable gem is detected - 0.9.1" do
|
13
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.9.1"}]
|
14
|
-
expect(@check.vuln?).to eq(true)
|
15
|
-
end
|
16
|
-
it "is reported when the vulnerable gem is detected - 0.9" do
|
17
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.9"}]
|
18
|
-
expect(@check.vuln?).to eq(true)
|
19
|
-
end
|
20
|
-
it "is reported when the vulnerable gem is detected - 0.4" do
|
21
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.4"}]
|
22
|
-
expect(@check.vuln?).to eq(true)
|
23
|
-
end
|
24
|
-
it "is reported when the vulnerable gem is detected - 0.3" do
|
25
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.3"}]
|
26
|
-
expect(@check.vuln?).to eq(true)
|
27
|
-
end
|
28
|
-
it "is reported when the vulnerable gem is detected - 0.2" do
|
29
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.2"}]
|
30
|
-
expect(@check.vuln?).to eq(true)
|
31
|
-
end
|
32
|
-
it "is reported when the vulnerable gem is detected - 0.1" do
|
33
|
-
@check.dependencies = [{:name=>"rack", :version=>"0.1"}]
|
34
|
-
expect(@check.vuln?).to eq(true)
|
35
|
-
end
|
36
|
-
it "is reported when the vulnerable gem is detected - 1.0.0" do
|
37
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.0.0"}]
|
38
|
-
expect(@check.vuln?).to eq(true)
|
39
|
-
end
|
40
|
-
it "is reported when the vulnerable gem is detected - 1.1.0" do
|
41
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
|
42
|
-
expect(@check.vuln?).to eq(true)
|
43
|
-
end
|
44
|
-
it "is reported when the vulnerable gem is detected - 1.1.3" do
|
45
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.3"}]
|
46
|
-
expect(@check.vuln?).to eq(true)
|
47
|
-
end
|
48
|
-
it "is reported when the vulnerable gem is detected - 1.1.2" do
|
49
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
|
50
|
-
expect(@check.vuln?).to eq(true)
|
51
|
-
end
|
52
|
-
it "is reported when the vulnerable gem is detected - 1.2.0" do
|
53
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
|
54
|
-
expect(@check.vuln?).to eq(true)
|
55
|
-
end
|
56
|
-
|
57
|
-
it "is reported when the vulnerable gem is detected - 1.2.1" do
|
58
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
|
59
|
-
expect(@check.vuln?).to eq(true)
|
60
|
-
end
|
61
|
-
it "is reported when the vulnerable gem is detected - 1.2.2" do
|
62
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
|
63
|
-
expect(@check.vuln?).to eq(true)
|
64
|
-
end
|
65
|
-
it "is reported when the vulnerable gem is detected - 1.2.3" do
|
66
|
-
|
67
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
|
68
|
-
expect(@check.vuln?).to eq(true)
|
69
|
-
end
|
70
|
-
it "is reported when the vulnerable gem is detected - 1.2.4" do
|
71
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
|
72
|
-
expect(@check.vuln?).to eq(true)
|
73
|
-
end
|
74
|
-
it "is reported when the vulnerable gem is detected - 1.3.0" do
|
75
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
|
76
|
-
expect(@check.vuln?).to eq(true)
|
77
|
-
end
|
78
|
-
|
79
|
-
it "is reported when the vulnerable gem is detected - 1.3.1" do
|
80
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
|
81
|
-
expect(@check.vuln?).to eq(true)
|
82
|
-
end
|
83
|
-
it "is reported when the vulnerable gem is detected - 1.3.2" do
|
84
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
|
85
|
-
expect(@check.vuln?).to eq(true)
|
86
|
-
end
|
87
|
-
it "is reported when the vulnerable gem is detected - 1.3.3" do
|
88
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
|
89
|
-
expect(@check.vuln?).to eq(true)
|
90
|
-
end
|
91
|
-
it "is reported when the vulnerable gem is detected - 1.3.4" do
|
92
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
|
93
|
-
expect(@check.vuln?).to eq(true)
|
94
|
-
end
|
95
|
-
it "is reported when the vulnerable gem is detected - 1.3.5" do
|
96
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
|
97
|
-
expect(@check.vuln?).to eq(true)
|
98
|
-
end
|
99
|
-
it "is reported when the vulnerable gem is detected - 1.3.6" do
|
100
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
|
101
|
-
expect(@check.vuln?).to eq(true)
|
102
|
-
end
|
103
|
-
|
104
|
-
it "is reported when the vulnerable gem is detected - 1.4.0" do
|
105
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
|
106
|
-
expect(@check.vuln?).to eq(true)
|
107
|
-
end
|
108
|
-
it "is reported when the vulnerable gem is detected - 1.4.1" do
|
109
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
|
110
|
-
expect(@check.vuln?).to eq(true)
|
111
|
-
end
|
112
|
-
end
|
@@ -1,16 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
describe "The CVE-2012-6684 vulnerability" do
|
3
|
-
before(:all) do
|
4
|
-
@check = Dawn::Kb::CVE_2012_6684.new
|
5
|
-
# @check.debug = true
|
6
|
-
end
|
7
|
-
it "is reported when vulnerable raven-ruby gem is used (4.2.9)" do
|
8
|
-
@check.dependencies = [{:name=>"RedCloth", :version=>'4.2.9'}]
|
9
|
-
expect(@check.vuln?).to eq(true)
|
10
|
-
end
|
11
|
-
it "is not reported when safe raven-ruby gem is used (4.2.10)" do
|
12
|
-
@check.dependencies = [{:name=>"RedCloth", :version=>'4.2.10'}]
|
13
|
-
expect(@check.vuln?).to eq(false)
|
14
|
-
end
|
15
|
-
|
16
|
-
end
|
@@ -1,23 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
describe "The CVE-2013-0162 vulnerability" do
|
3
|
-
before(:all) do
|
4
|
-
@check = Dawn::Kb::CVE_2013_0162.new
|
5
|
-
# @check.debug = true
|
6
|
-
end
|
7
|
-
it "is reported when ruby_parser version 1.x is used" do
|
8
|
-
@check.dependencies = [{:name=>"ruby_parser", :version=>'1.4.5'}]
|
9
|
-
expect(@check.vuln?).to eq(true)
|
10
|
-
end
|
11
|
-
it "is reported when ruby_parser version 2.x is used" do
|
12
|
-
@check.dependencies = [{:name=>"ruby_parser", :version=>'2.4.5'}]
|
13
|
-
expect(@check.vuln?).to eq(true)
|
14
|
-
end
|
15
|
-
it "is reported when ruby_parser version 3.0.x is used" do
|
16
|
-
@check.dependencies = [{:name=>"ruby_parser", :version=>'3.0.5'}]
|
17
|
-
expect(@check.vuln?).to eq(true)
|
18
|
-
end
|
19
|
-
it "is not reported when ruby_parser version 3.1.1 is used" do
|
20
|
-
@check.dependencies = [{:name=>"ruby_parser", :version=>'3.1.1'}]
|
21
|
-
expect(@check.vuln?).to eq(false)
|
22
|
-
end
|
23
|
-
end
|