dawnscanner 1.6.8 → 2.0.0.rc4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (387) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +1 -0
  3. data/.ruby-version +1 -1
  4. data/Changelog.md +27 -1
  5. data/LICENSE.txt +1 -1
  6. data/README.md +59 -57
  7. data/Rakefile +10 -242
  8. data/Roadmap.md +15 -23
  9. data/VERSION +1 -1
  10. data/bin/dawn +17 -273
  11. data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
  12. data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
  13. data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
  14. data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
  15. data/dawnscanner.gemspec +10 -9
  16. data/doc/change.sh +13 -0
  17. data/doc/kickstart_kb.tar.gz +0 -0
  18. data/doc/knowledge_base.rb +650 -0
  19. data/docs/.placeholder +0 -0
  20. data/docs/CNAME +1 -0
  21. data/docs/_config.yml +1 -0
  22. data/lib/dawn/cli/dawn_cli.rb +139 -0
  23. data/lib/dawn/core.rb +8 -7
  24. data/lib/dawn/engine.rb +93 -34
  25. data/lib/dawn/gemfile_lock.rb +2 -2
  26. data/lib/dawn/kb/basic_check.rb +1 -2
  27. data/lib/dawn/kb/combo_check.rb +1 -1
  28. data/lib/dawn/kb/dependency_check.rb +1 -1
  29. data/lib/dawn/kb/operating_system_check.rb +1 -1
  30. data/lib/dawn/kb/pattern_match_check.rb +10 -9
  31. data/lib/dawn/kb/ruby_version_check.rb +11 -10
  32. data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
  33. data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
  34. data/lib/dawn/kb/version_check.rb +41 -24
  35. data/lib/dawn/knowledge_base.rb +259 -595
  36. data/lib/dawn/reporter.rb +2 -1
  37. data/lib/dawn/utils.rb +5 -2
  38. data/lib/dawn/version.rb +5 -5
  39. data/lib/dawnscanner.rb +7 -6
  40. data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
  41. data/spec/lib/kb/dependency_check.yml +29 -0
  42. metadata +30 -496
  43. checksums.yaml.gz.sig +0 -0
  44. data.tar.gz.sig +0 -0
  45. data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
  46. data/lib/dawn/kb/cve_2004_0755.rb +0 -33
  47. data/lib/dawn/kb/cve_2004_0983.rb +0 -31
  48. data/lib/dawn/kb/cve_2005_1992.rb +0 -31
  49. data/lib/dawn/kb/cve_2005_2337.rb +0 -33
  50. data/lib/dawn/kb/cve_2006_1931.rb +0 -30
  51. data/lib/dawn/kb/cve_2006_2582.rb +0 -28
  52. data/lib/dawn/kb/cve_2006_3694.rb +0 -31
  53. data/lib/dawn/kb/cve_2006_4112.rb +0 -27
  54. data/lib/dawn/kb/cve_2006_5467.rb +0 -28
  55. data/lib/dawn/kb/cve_2006_6303.rb +0 -28
  56. data/lib/dawn/kb/cve_2006_6852.rb +0 -27
  57. data/lib/dawn/kb/cve_2006_6979.rb +0 -29
  58. data/lib/dawn/kb/cve_2007_0469.rb +0 -29
  59. data/lib/dawn/kb/cve_2007_5162.rb +0 -28
  60. data/lib/dawn/kb/cve_2007_5379.rb +0 -27
  61. data/lib/dawn/kb/cve_2007_5380.rb +0 -29
  62. data/lib/dawn/kb/cve_2007_5770.rb +0 -30
  63. data/lib/dawn/kb/cve_2007_6077.rb +0 -31
  64. data/lib/dawn/kb/cve_2007_6612.rb +0 -30
  65. data/lib/dawn/kb/cve_2008_1145.rb +0 -38
  66. data/lib/dawn/kb/cve_2008_1891.rb +0 -38
  67. data/lib/dawn/kb/cve_2008_2376.rb +0 -30
  68. data/lib/dawn/kb/cve_2008_2662.rb +0 -33
  69. data/lib/dawn/kb/cve_2008_2663.rb +0 -32
  70. data/lib/dawn/kb/cve_2008_2664.rb +0 -33
  71. data/lib/dawn/kb/cve_2008_2725.rb +0 -31
  72. data/lib/dawn/kb/cve_2008_3655.rb +0 -37
  73. data/lib/dawn/kb/cve_2008_3657.rb +0 -37
  74. data/lib/dawn/kb/cve_2008_3790.rb +0 -30
  75. data/lib/dawn/kb/cve_2008_3905.rb +0 -36
  76. data/lib/dawn/kb/cve_2008_4094.rb +0 -27
  77. data/lib/dawn/kb/cve_2008_4310.rb +0 -100
  78. data/lib/dawn/kb/cve_2008_5189.rb +0 -27
  79. data/lib/dawn/kb/cve_2008_7248.rb +0 -27
  80. data/lib/dawn/kb/cve_2009_4078.rb +0 -29
  81. data/lib/dawn/kb/cve_2009_4124.rb +0 -30
  82. data/lib/dawn/kb/cve_2009_4214.rb +0 -27
  83. data/lib/dawn/kb/cve_2010_1330.rb +0 -28
  84. data/lib/dawn/kb/cve_2010_2489.rb +0 -60
  85. data/lib/dawn/kb/cve_2010_3933.rb +0 -27
  86. data/lib/dawn/kb/cve_2011_0188.rb +0 -67
  87. data/lib/dawn/kb/cve_2011_0446.rb +0 -28
  88. data/lib/dawn/kb/cve_2011_0447.rb +0 -28
  89. data/lib/dawn/kb/cve_2011_0739.rb +0 -28
  90. data/lib/dawn/kb/cve_2011_0995.rb +0 -61
  91. data/lib/dawn/kb/cve_2011_1004.rb +0 -34
  92. data/lib/dawn/kb/cve_2011_1005.rb +0 -31
  93. data/lib/dawn/kb/cve_2011_2197.rb +0 -27
  94. data/lib/dawn/kb/cve_2011_2686.rb +0 -29
  95. data/lib/dawn/kb/cve_2011_2705.rb +0 -32
  96. data/lib/dawn/kb/cve_2011_2929.rb +0 -27
  97. data/lib/dawn/kb/cve_2011_2930.rb +0 -28
  98. data/lib/dawn/kb/cve_2011_2931.rb +0 -30
  99. data/lib/dawn/kb/cve_2011_2932.rb +0 -27
  100. data/lib/dawn/kb/cve_2011_3009.rb +0 -28
  101. data/lib/dawn/kb/cve_2011_3186.rb +0 -29
  102. data/lib/dawn/kb/cve_2011_3187.rb +0 -29
  103. data/lib/dawn/kb/cve_2011_4319.rb +0 -30
  104. data/lib/dawn/kb/cve_2011_4815.rb +0 -28
  105. data/lib/dawn/kb/cve_2011_5036.rb +0 -26
  106. data/lib/dawn/kb/cve_2012_1098.rb +0 -30
  107. data/lib/dawn/kb/cve_2012_1099.rb +0 -27
  108. data/lib/dawn/kb/cve_2012_1241.rb +0 -27
  109. data/lib/dawn/kb/cve_2012_2139.rb +0 -26
  110. data/lib/dawn/kb/cve_2012_2140.rb +0 -27
  111. data/lib/dawn/kb/cve_2012_2660.rb +0 -28
  112. data/lib/dawn/kb/cve_2012_2661.rb +0 -27
  113. data/lib/dawn/kb/cve_2012_2671.rb +0 -28
  114. data/lib/dawn/kb/cve_2012_2694.rb +0 -30
  115. data/lib/dawn/kb/cve_2012_2695.rb +0 -27
  116. data/lib/dawn/kb/cve_2012_3424.rb +0 -29
  117. data/lib/dawn/kb/cve_2012_3463.rb +0 -27
  118. data/lib/dawn/kb/cve_2012_3464.rb +0 -27
  119. data/lib/dawn/kb/cve_2012_3465.rb +0 -26
  120. data/lib/dawn/kb/cve_2012_4464.rb +0 -27
  121. data/lib/dawn/kb/cve_2012_4466.rb +0 -27
  122. data/lib/dawn/kb/cve_2012_4481.rb +0 -26
  123. data/lib/dawn/kb/cve_2012_4522.rb +0 -27
  124. data/lib/dawn/kb/cve_2012_5370.rb +0 -27
  125. data/lib/dawn/kb/cve_2012_5371.rb +0 -27
  126. data/lib/dawn/kb/cve_2012_5380.rb +0 -28
  127. data/lib/dawn/kb/cve_2012_6109.rb +0 -25
  128. data/lib/dawn/kb/cve_2012_6134.rb +0 -27
  129. data/lib/dawn/kb/cve_2012_6496.rb +0 -28
  130. data/lib/dawn/kb/cve_2012_6497.rb +0 -28
  131. data/lib/dawn/kb/cve_2012_6684.rb +0 -28
  132. data/lib/dawn/kb/cve_2013_0155.rb +0 -29
  133. data/lib/dawn/kb/cve_2013_0156.rb +0 -27
  134. data/lib/dawn/kb/cve_2013_0162.rb +0 -28
  135. data/lib/dawn/kb/cve_2013_0175.rb +0 -27
  136. data/lib/dawn/kb/cve_2013_0183.rb +0 -25
  137. data/lib/dawn/kb/cve_2013_0184.rb +0 -25
  138. data/lib/dawn/kb/cve_2013_0233.rb +0 -26
  139. data/lib/dawn/kb/cve_2013_0256.rb +0 -59
  140. data/lib/dawn/kb/cve_2013_0262.rb +0 -26
  141. data/lib/dawn/kb/cve_2013_0263.rb +0 -26
  142. data/lib/dawn/kb/cve_2013_0269.rb +0 -27
  143. data/lib/dawn/kb/cve_2013_0276.rb +0 -28
  144. data/lib/dawn/kb/cve_2013_0277.rb +0 -25
  145. data/lib/dawn/kb/cve_2013_0284.rb +0 -27
  146. data/lib/dawn/kb/cve_2013_0285.rb +0 -27
  147. data/lib/dawn/kb/cve_2013_0333.rb +0 -28
  148. data/lib/dawn/kb/cve_2013_0334.rb +0 -25
  149. data/lib/dawn/kb/cve_2013_1607.rb +0 -25
  150. data/lib/dawn/kb/cve_2013_1655.rb +0 -65
  151. data/lib/dawn/kb/cve_2013_1656.rb +0 -28
  152. data/lib/dawn/kb/cve_2013_1756.rb +0 -26
  153. data/lib/dawn/kb/cve_2013_1800.rb +0 -26
  154. data/lib/dawn/kb/cve_2013_1801.rb +0 -27
  155. data/lib/dawn/kb/cve_2013_1802.rb +0 -27
  156. data/lib/dawn/kb/cve_2013_1812.rb +0 -27
  157. data/lib/dawn/kb/cve_2013_1821.rb +0 -28
  158. data/lib/dawn/kb/cve_2013_1854.rb +0 -26
  159. data/lib/dawn/kb/cve_2013_1855.rb +0 -25
  160. data/lib/dawn/kb/cve_2013_1856.rb +0 -26
  161. data/lib/dawn/kb/cve_2013_1857.rb +0 -27
  162. data/lib/dawn/kb/cve_2013_1875.rb +0 -27
  163. data/lib/dawn/kb/cve_2013_1898.rb +0 -27
  164. data/lib/dawn/kb/cve_2013_1911.rb +0 -28
  165. data/lib/dawn/kb/cve_2013_1933.rb +0 -27
  166. data/lib/dawn/kb/cve_2013_1947.rb +0 -27
  167. data/lib/dawn/kb/cve_2013_1948.rb +0 -27
  168. data/lib/dawn/kb/cve_2013_2065.rb +0 -29
  169. data/lib/dawn/kb/cve_2013_2090.rb +0 -28
  170. data/lib/dawn/kb/cve_2013_2105.rb +0 -26
  171. data/lib/dawn/kb/cve_2013_2119.rb +0 -27
  172. data/lib/dawn/kb/cve_2013_2512.rb +0 -26
  173. data/lib/dawn/kb/cve_2013_2513.rb +0 -25
  174. data/lib/dawn/kb/cve_2013_2516.rb +0 -26
  175. data/lib/dawn/kb/cve_2013_2615.rb +0 -27
  176. data/lib/dawn/kb/cve_2013_2616.rb +0 -27
  177. data/lib/dawn/kb/cve_2013_2617.rb +0 -28
  178. data/lib/dawn/kb/cve_2013_3221.rb +0 -27
  179. data/lib/dawn/kb/cve_2013_4164.rb +0 -30
  180. data/lib/dawn/kb/cve_2013_4203.rb +0 -25
  181. data/lib/dawn/kb/cve_2013_4389.rb +0 -26
  182. data/lib/dawn/kb/cve_2013_4413.rb +0 -27
  183. data/lib/dawn/kb/cve_2013_4457.rb +0 -29
  184. data/lib/dawn/kb/cve_2013_4478.rb +0 -26
  185. data/lib/dawn/kb/cve_2013_4479.rb +0 -26
  186. data/lib/dawn/kb/cve_2013_4489.rb +0 -28
  187. data/lib/dawn/kb/cve_2013_4491.rb +0 -29
  188. data/lib/dawn/kb/cve_2013_4492.rb +0 -29
  189. data/lib/dawn/kb/cve_2013_4562.rb +0 -27
  190. data/lib/dawn/kb/cve_2013_4593.rb +0 -27
  191. data/lib/dawn/kb/cve_2013_5647.rb +0 -29
  192. data/lib/dawn/kb/cve_2013_5671.rb +0 -26
  193. data/lib/dawn/kb/cve_2013_6414.rb +0 -30
  194. data/lib/dawn/kb/cve_2013_6415.rb +0 -29
  195. data/lib/dawn/kb/cve_2013_6416.rb +0 -29
  196. data/lib/dawn/kb/cve_2013_6417.rb +0 -30
  197. data/lib/dawn/kb/cve_2013_6421.rb +0 -28
  198. data/lib/dawn/kb/cve_2013_6459.rb +0 -28
  199. data/lib/dawn/kb/cve_2013_6460.rb +0 -53
  200. data/lib/dawn/kb/cve_2013_6461.rb +0 -57
  201. data/lib/dawn/kb/cve_2013_7086.rb +0 -27
  202. data/lib/dawn/kb/cve_2014_0036.rb +0 -27
  203. data/lib/dawn/kb/cve_2014_0080.rb +0 -29
  204. data/lib/dawn/kb/cve_2014_0081.rb +0 -27
  205. data/lib/dawn/kb/cve_2014_0082.rb +0 -27
  206. data/lib/dawn/kb/cve_2014_0130.rb +0 -27
  207. data/lib/dawn/kb/cve_2014_1233.rb +0 -27
  208. data/lib/dawn/kb/cve_2014_1234.rb +0 -26
  209. data/lib/dawn/kb/cve_2014_2322.rb +0 -28
  210. data/lib/dawn/kb/cve_2014_2525.rb +0 -59
  211. data/lib/dawn/kb/cve_2014_2538.rb +0 -26
  212. data/lib/dawn/kb/cve_2014_3482.rb +0 -28
  213. data/lib/dawn/kb/cve_2014_3483.rb +0 -28
  214. data/lib/dawn/kb/cve_2014_3916.rb +0 -29
  215. data/lib/dawn/kb/cve_2014_4975.rb +0 -28
  216. data/lib/dawn/kb/cve_2014_7818.rb +0 -27
  217. data/lib/dawn/kb/cve_2014_7819.rb +0 -31
  218. data/lib/dawn/kb/cve_2014_7829.rb +0 -30
  219. data/lib/dawn/kb/cve_2014_8090.rb +0 -30
  220. data/lib/dawn/kb/cve_2014_9490.rb +0 -29
  221. data/lib/dawn/kb/cve_2015_1819.rb +0 -34
  222. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
  223. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
  224. data/lib/dawn/kb/cve_2015_2963.rb +0 -27
  225. data/lib/dawn/kb/cve_2015_3224.rb +0 -26
  226. data/lib/dawn/kb/cve_2015_3225.rb +0 -28
  227. data/lib/dawn/kb/cve_2015_3226.rb +0 -27
  228. data/lib/dawn/kb/cve_2015_3227.rb +0 -28
  229. data/lib/dawn/kb/cve_2015_3448.rb +0 -29
  230. data/lib/dawn/kb/cve_2015_4020.rb +0 -34
  231. data/lib/dawn/kb/cve_2015_5312.rb +0 -30
  232. data/lib/dawn/kb/cve_2015_7497.rb +0 -32
  233. data/lib/dawn/kb/cve_2015_7498.rb +0 -32
  234. data/lib/dawn/kb/cve_2015_7499.rb +0 -32
  235. data/lib/dawn/kb/cve_2015_7500.rb +0 -32
  236. data/lib/dawn/kb/cve_2015_7519.rb +0 -31
  237. data/lib/dawn/kb/cve_2015_7541.rb +0 -31
  238. data/lib/dawn/kb/cve_2015_7576.rb +0 -35
  239. data/lib/dawn/kb/cve_2015_7577.rb +0 -34
  240. data/lib/dawn/kb/cve_2015_7578.rb +0 -30
  241. data/lib/dawn/kb/cve_2015_7579.rb +0 -30
  242. data/lib/dawn/kb/cve_2015_7581.rb +0 -33
  243. data/lib/dawn/kb/cve_2015_8241.rb +0 -32
  244. data/lib/dawn/kb/cve_2015_8242.rb +0 -32
  245. data/lib/dawn/kb/cve_2015_8317.rb +0 -32
  246. data/lib/dawn/kb/cve_2016_0751.rb +0 -32
  247. data/lib/dawn/kb/cve_2016_0752.rb +0 -35
  248. data/lib/dawn/kb/cve_2016_0753.rb +0 -31
  249. data/lib/dawn/kb/cve_2016_2097.rb +0 -35
  250. data/lib/dawn/kb/cve_2016_2098.rb +0 -35
  251. data/lib/dawn/kb/cve_2016_5697.rb +0 -30
  252. data/lib/dawn/kb/cve_2016_6316.rb +0 -33
  253. data/lib/dawn/kb/cve_2016_6317.rb +0 -32
  254. data/lib/dawn/kb/cve_2016_6582.rb +0 -43
  255. data/lib/dawn/kb/not_revised_code.rb +0 -22
  256. data/lib/dawn/kb/osvdb_105971.rb +0 -29
  257. data/lib/dawn/kb/osvdb_108530.rb +0 -27
  258. data/lib/dawn/kb/osvdb_108563.rb +0 -28
  259. data/lib/dawn/kb/osvdb_108569.rb +0 -28
  260. data/lib/dawn/kb/osvdb_108570.rb +0 -27
  261. data/lib/dawn/kb/osvdb_115654.rb +0 -33
  262. data/lib/dawn/kb/osvdb_116010.rb +0 -30
  263. data/lib/dawn/kb/osvdb_117903.rb +0 -30
  264. data/lib/dawn/kb/osvdb_118579.rb +0 -31
  265. data/lib/dawn/kb/osvdb_118830.rb +0 -32
  266. data/lib/dawn/kb/osvdb_118954.rb +0 -33
  267. data/lib/dawn/kb/osvdb_119878.rb +0 -32
  268. data/lib/dawn/kb/osvdb_119927.rb +0 -33
  269. data/lib/dawn/kb/osvdb_120415.rb +0 -31
  270. data/lib/dawn/kb/osvdb_120857.rb +0 -34
  271. data/lib/dawn/kb/osvdb_121701.rb +0 -30
  272. data/lib/dawn/kb/osvdb_132234.rb +0 -34
  273. data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
  274. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
  275. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
  276. data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
  277. data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
  278. data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
  279. data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
  280. data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
  281. data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
  282. data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
  283. data/lib/dawn/knowledge_base_experimental.rb +0 -245
  284. data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
  285. data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
  286. data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
  287. data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
  288. data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
  289. data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
  290. data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
  291. data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
  292. data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
  293. data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
  294. data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
  295. data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
  296. data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
  297. data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
  298. data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
  299. data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
  300. data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
  301. data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
  302. data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
  303. data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
  304. data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
  305. data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
  306. data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
  307. data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
  308. data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
  309. data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
  310. data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
  311. data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
  312. data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
  313. data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
  314. data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
  315. data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
  316. data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
  317. data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
  318. data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
  319. data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
  320. data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
  321. data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
  322. data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
  323. data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
  324. data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
  325. data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
  326. data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
  327. data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
  328. data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
  329. data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
  330. data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
  331. data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
  332. data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
  333. data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
  334. data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
  335. data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
  336. data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
  337. data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
  338. data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
  339. data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
  340. data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
  341. data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
  342. data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
  343. data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
  344. data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
  345. data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
  346. data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
  347. data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
  348. data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
  349. data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
  350. data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
  351. data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
  352. data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
  353. data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
  354. data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
  355. data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
  356. data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
  357. data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
  358. data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
  359. data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
  360. data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
  361. data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
  362. data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
  363. data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
  364. data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
  365. data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
  366. data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
  367. data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
  368. data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
  369. data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
  370. data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
  371. data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
  372. data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
  373. data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
  374. data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
  375. data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
  376. data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
  377. data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
  378. data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
  379. data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
  380. data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
  381. data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
  382. data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
  383. data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
  384. data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
  385. data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
  386. data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
  387. metadata.gz.sig +0 -0
@@ -1,54 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-0183 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_0183.new
5
- # @check.debug = true
6
- end
7
-
8
- it "is reported when the vulnerable gem is detected - 1.3.0" do
9
- @check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
10
- expect(@check.vuln?).to eq(true)
11
- end
12
-
13
- it "is reported when the vulnerable gem is detected - 1.3.1" do
14
- @check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
15
- expect(@check.vuln?).to eq(true)
16
- end
17
- it "is reported when the vulnerable gem is detected - 1.3.2" do
18
- @check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
19
- expect(@check.vuln?).to eq(true)
20
- end
21
- it "is reported when the vulnerable gem is detected - 1.3.3" do
22
- @check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
23
- expect(@check.vuln?).to eq(true)
24
- end
25
- it "is reported when the vulnerable gem is detected - 1.3.4" do
26
- @check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
27
- expect(@check.vuln?).to eq(true)
28
- end
29
- it "is reported when the vulnerable gem is detected - 1.3.5" do
30
- @check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
31
- expect(@check.vuln?).to eq(true)
32
- end
33
- it "is reported when the vulnerable gem is detected - 1.3.6" do
34
- @check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
35
- expect(@check.vuln?).to eq(true)
36
- end
37
- it "is reported when the vulnerable gem is detected - 1.3.7" do
38
- @check.dependencies = [{:name=>"rack", :version=>"1.3.7"}]
39
- expect(@check.vuln?).to eq(true)
40
- end
41
-
42
- it "is reported when the vulnerable gem is detected - 1.4.0" do
43
- @check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
44
- expect(@check.vuln?).to eq(true)
45
- end
46
- it "is reported when the vulnerable gem is detected - 1.4.1" do
47
- @check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
48
- expect(@check.vuln?).to eq(true)
49
- end
50
- it "is reported when the vulnerable gem is detected - 1.4.2" do
51
- @check.dependencies = [{:name=>"rack", :version=>"1.4.2"}]
52
- expect(@check.vuln?).to eq(true)
53
- end
54
- end
@@ -1,115 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-0184 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_0184.new
5
- # @check.debug = true
6
- end
7
-
8
- it "is reported when the vulnerable gem is detected - 1.1.0" do
9
- @check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
10
- expect(@check.vuln?).to eq(true)
11
- end
12
- it "is reported when the vulnerable gem is detected - 1.1.3" do
13
- @check.dependencies = [{:name=>"rack", :version=>"1.1.3"}]
14
- expect(@check.vuln?).to eq(true)
15
- end
16
- it "is reported when the vulnerable gem is detected - 1.1.2" do
17
- @check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
18
- expect(@check.vuln?).to eq(true)
19
- end
20
- it "is reported when the vulnerable gem is detected - 1.1.4" do
21
- @check.dependencies = [{:name=>"rack", :version=>"1.1.4"}]
22
- expect(@check.vuln?).to eq(true)
23
- end
24
- it "is reported when the vulnerable gem is detected - 1.2.0" do
25
- @check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
26
- expect(@check.vuln?).to eq(true)
27
- end
28
-
29
- it "is reported when the vulnerable gem is detected - 1.2.1" do
30
- @check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
31
- expect(@check.vuln?).to eq(true)
32
- end
33
- it "is reported when the vulnerable gem is detected - 1.2.2" do
34
- @check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
35
- expect(@check.vuln?).to eq(true)
36
- end
37
- it "is reported when the vulnerable gem is detected - 1.2.3" do
38
- @check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
39
- expect(@check.vuln?).to eq(true)
40
- end
41
- it "is reported when the vulnerable gem is detected - 1.2.4" do
42
- @check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
43
- expect(@check.vuln?).to eq(true)
44
- end
45
- it "is reported when the vulnerable gem is detected - 1.2.5" do
46
- @check.dependencies = [{:name=>"rack", :version=>"1.2.5"}]
47
- expect(@check.vuln?).to eq(true)
48
- end
49
- it "is reported when the vulnerable gem is detected - 1.2.6" do
50
- @check.dependencies = [{:name=>"rack", :version=>"1.2.6"}]
51
- expect(@check.vuln?).to eq(true)
52
- end
53
- it "is reported when the vulnerable gem is detected - 1.3.0" do
54
- @check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
55
- expect(@check.vuln?).to eq(true)
56
- end
57
-
58
- it "is reported when the vulnerable gem is detected - 1.3.1" do
59
- @check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
60
- expect(@check.vuln?).to eq(true)
61
- end
62
- it "is reported when the vulnerable gem is detected - 1.3.2" do
63
- @check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
64
- expect(@check.vuln?).to eq(true)
65
- end
66
- it "is reported when the vulnerable gem is detected - 1.3.3" do
67
- @check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
68
- expect(@check.vuln?).to eq(true)
69
- end
70
- it "is reported when the vulnerable gem is detected - 1.3.4" do
71
- @check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
72
- expect(@check.vuln?).to eq(true)
73
- end
74
- it "is reported when the vulnerable gem is detected - 1.3.5" do
75
- @check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
76
- expect(@check.vuln?).to eq(true)
77
- end
78
- it "is reported when the vulnerable gem is detected - 1.3.6" do
79
- @check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
80
- expect(@check.vuln?).to eq(true)
81
- end
82
- it "is reported when the vulnerable gem is detected - 1.3.7" do
83
- @check.dependencies = [{:name=>"rack", :version=>"1.3.7"}]
84
- expect(@check.vuln?).to eq(true)
85
- end
86
- it "is reported when the vulnerable gem is detected - 1.3.8" do
87
- @check.dependencies = [{:name=>"rack", :version=>"1.3.8"}]
88
- expect(@check.vuln?).to eq(true)
89
- end
90
- it "is reported when the vulnerable gem is detected" do
91
- @check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
92
- expect(@check.vuln?).to eq(true)
93
- end
94
- it "is reported when the vulnerable gem is detected" do
95
- @check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
96
- expect(@check.vuln?).to eq(true)
97
- end
98
- it "is reported when the vulnerable gem is detected" do
99
- @check.dependencies = [{:name=>"rack", :version=>"1.4.2"}]
100
- expect(@check.vuln?).to eq(true)
101
- end
102
- it "is reported when the vulnerable gem is detected" do
103
- @check.dependencies = [{:name=>"rack", :version=>"1.4.3"}]
104
- expect(@check.vuln?).to eq(true)
105
- end
106
-
107
- it "is not reported when a fixed release is detected" do
108
- @check.dependencies = [{:name=>"rack", :version=>"1.4.5"}]
109
- expect(@check.vuln?).to eq(false)
110
- end
111
- it "is not reported when a fixed release is detected" do
112
- @check.dependencies = [{:name=>"rack", :version=>"1.5.2"}]
113
- expect(@check.vuln?).to eq(false)
114
- end
115
- end
@@ -1,34 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-0256 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_0256.new
5
- # @check.debug = true
6
- end
7
- it "fires when vulnerable ruby (1.9.3-p382) and rdoc version (2.3.0) has been found" do
8
- @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"381"}, :dependencies=>[{:name=>"rdoc", :version=>'2.3.0'}, :root_dir=>"."]}
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "fires when vulnerable ruby (1.9.2-p342) and rdoc version (2.3.0) has been found" do
12
- @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"342"}, :dependencies=>[{:name=>"rdoc", :version=>'2.3.0'}, :root_dir=>"."]}
13
- expect(@check.vuln?).to eq(true)
14
- end
15
-
16
- it "fires when vulnerable ruby (1.9.3-p382) and rdoc version (3.12) has been found" do
17
- @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"381"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
18
- expect(@check.vuln?).to eq(true)
19
- end
20
- it "fires when vulnerable ruby (1.9.2-p342) and rdoc version (3.12) has been found" do
21
- @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"342"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
22
- expect(@check.vuln?).to eq(true)
23
- end
24
-
25
- it "doesn't fire when not vulnerable ruby (1.9.3-p383) is found but vulnerable rdoc version (3.12) has been found" do
26
- @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"383"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
27
- expect(@check.vuln?).to eq(false)
28
- end
29
-
30
- it "doesn't fire when vulnerable ruby (1.9.3-p382) is found but not vulnerable rdoc version (3.13) has been found" do
31
- @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"322"}, :dependencies=>[{:name=>"rdoc", :version=>'3.13'}, :root_dir=>"."]}
32
- expect(@check.vuln?).to eq(false)
33
- end
34
- end
@@ -1,44 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-0262 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_0262.new
5
- # @check.debug = true
6
- end
7
-
8
- it "is reported when the vulnerable gem is detected" do
9
- @check.dependencies = [{:name=>"rack", :version=>"1.5.0"}]
10
- expect(@check.vuln?).to eq(true)
11
- end
12
- it "is reported when the vulnerable gem is detected" do
13
- @check.dependencies = [{:name=>"rack", :version=>"1.5.1"}]
14
- expect(@check.vuln?).to eq(true)
15
- end
16
- it "is reported when the vulnerable gem is detected" do
17
- @check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
18
- expect(@check.vuln?).to eq(true)
19
- end
20
- it "is reported when the vulnerable gem is detected" do
21
- @check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
22
- expect(@check.vuln?).to eq(true)
23
- end
24
- it "is reported when the vulnerable gem is detected" do
25
- @check.dependencies = [{:name=>"rack", :version=>"1.4.2"}]
26
- expect(@check.vuln?).to eq(true)
27
- end
28
- it "is reported when the vulnerable gem is detected" do
29
- @check.dependencies = [{:name=>"rack", :version=>"1.4.3"}]
30
- expect(@check.vuln?).to eq(true)
31
- end
32
- it "is reported when the vulnerable gem is detected" do
33
- @check.dependencies = [{:name=>"rack", :version=>"1.4.4"}]
34
- expect(@check.vuln?).to eq(true)
35
- end
36
- it "is not reported when a fixed release is detected" do
37
- @check.dependencies = [{:name=>"rack", :version=>"1.4.5"}]
38
- expect(@check.vuln?).to eq(false)
39
- end
40
- it "is not reported when a fixed release is detected" do
41
- @check.dependencies = [{:name=>"rack", :version=>"1.5.2"}]
42
- expect(@check.vuln?).to eq(false)
43
- end
44
- end
@@ -1,11 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-0263 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_0263.new
5
- # @check.debug = true
6
- end
7
- it "is not reported when rack version 1.4.5 is used" do
8
- @check.dependencies = [{:name=>"rack", :version=>'1.4.5'}]
9
- expect(@check.vuln?).to eq(false)
10
- end
11
- end
@@ -1,35 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-0334 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_0334.new
5
- # @check.debug = true
6
- end
7
- it "is not reported when bundler version 1.7.0 is used" do
8
- @check.dependencies = [{:name=>"bundler", :version=>'1.7.0'}]
9
- expect(@check.vuln?).to eq(false)
10
- end
11
- it "is not reported when bundler version 1.7.1 is used" do
12
- @check.dependencies = [{:name=>"bundler", :version=>'1.7.1'}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
- it "is not reported when bundler version 1.8.7 is used" do
16
- @check.dependencies = [{:name=>"bundler", :version=>'1.8.7'}]
17
- expect(@check.vuln?).to eq(false)
18
- end
19
- it "is not reported when bundler version 1.10.0.rc is used" do
20
- @check.dependencies = [{:name=>"bundler", :version=>'1.10.0.rc'}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when bundler version 1.12.5 is used" do
24
- @check.dependencies = [{:name=>"bundler", :version=>'1.12.5'}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "fires when vulnerable bundler version it has been found (1.6.6)" do
28
- @check.dependencies = [{:name=>"bundler", :version=>'1.6.6'}]
29
- expect(@check.vuln?).to eq(true)
30
- end
31
- it "fires when vulnerable bundler version it has been found (1.3.0)" do
32
- @check.dependencies = [{:name=>"bundler", :version=>'1.3.0'}]
33
- expect(@check.vuln?).to eq(true)
34
- end
35
- end
@@ -1,15 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-1607 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_1607.new
5
- # @check.debug = true
6
- end
7
- it "is reported when a pdfkit gem version 0.5.2 is detected" do
8
- @check.dependencies = [{:name=>"pdfkit", :version=>"0.5.2"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is not reported when a pdfkit gem version 0.5.3 is detected" do
12
- @check.dependencies = [{:name=>"pdfkit", :version=>"0.5.3"}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe "The CVE-2013-1655 vulnerability" do
4
- before(:all) do
5
- @check = Dawn::Kb::CVE_2013_1655.new
6
- # @check.debug = true
7
- end
8
- it "is detected if vulnerable version of puppet rubygem is detect when running on ruby 1.9.3 and 2.0.0" do
9
- @check.options[:dependencies]=[{:name=>"puppet", :version=>'2.7.20'}]
10
- @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p342"}
11
- expect(@check.vuln?).to eq(true)
12
- end
13
- it "is ignored if only vulnerable version of puppet rubygem has been found" do
14
- @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p358"}
15
- expect(@check.vuln?).to eq(false)
16
- end
17
-
18
- it "is ignored if only the vulnerable ruby interpreter version has been found" do
19
- @check.options[:dependencies]=[{:name=>"puppet", :version=>'8.7.21'}]
20
- @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p342"}
21
- # @check.dump_status
22
- expect(@check.vuln?).to eq(false)
23
- end
24
-
25
- it "is ignored if none of the prerequisites have been met" do
26
- @check.options[:dependencies]=[{:name=>"puppet", :version=>'8.7.21'}]
27
- @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p342"}
28
- # @check.dump_status
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,23 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-1756 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_1756.new
5
- # @check.debug = true
6
- end
7
- it "is reported when dragonfly version 0.9.12 is used" do
8
- @check.dependencies = [{:name=>"dragonfly", :version=>'0.9.12'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when dragonfly version 0.8.12 is used" do
12
- @check.dependencies = [{:name=>"dragonfly", :version=>'0.8.12'}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when dragonfly version 0.7.12 is used" do
16
- @check.dependencies = [{:name=>"dragonfly", :version=>'0.7.12'}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when dragonfly version 0.9.13 is used" do
20
- @check.dependencies = [{:name=>"dragonfly", :version=>'0.9.13'}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- end
@@ -1,15 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-2090 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_2090.new
5
- # @check.debug = true
6
- end
7
- it "fires when vulnerable cremefraiche version is used" do
8
- @check.dependencies = [{:name=>"cremefraiche", :version=>'0.6.1'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "doesn't fire when not vulnerable cremefraiche version is used" do
12
- @check.dependencies = [{:name=>"cremefraiche", :version=>'0.6.2'}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
- end
@@ -1,11 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-2105 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_2105.new
5
- # @check.debug = true
6
- end
7
- it "is reported when show_in_browser vulnerable version is reported (0.0.3)" do
8
- @check.dependencies = [{:name=>'show_in_browser', :version=>'0.0.3'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- end
@@ -1,27 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-2119 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_2119.new
5
- # @check.debug = true
6
- end
7
- it "fires when vulnerable passenger version is used" do
8
- @check.dependencies = [{:name=>"passenger", :version=>"4.0.4"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "fires when vulnerable passenger version is used" do
12
- @check.dependencies = [{:name=>"passenger", :version=>"4.0.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "fires when vulnerable passenger version is used" do
16
- @check.dependencies = [{:name=>"passenger", :version=>"3.0.20"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "doesn't fire when not vulnerable passenger version is used" do
20
- @check.dependencies = [{:name=>"passenger", :version=>"4.0.5"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "doesn't fire when not vulnerable passenger version is used" do
24
- @check.dependencies = [{:name=>"passenger", :version=>"3.0.21"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- end
@@ -1,15 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2013-2512 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2013_2512.new
5
- # @check.debug = true
6
- end
7
- it "is reported when a ftpd gem version 0.2.1 is detected" do
8
- @check.dependencies = [{:name=>"ftpd", :version=>"0.2.1"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is not reported when a ftpd gem version 0.2.2 is detected" do
12
- @check.dependencies = [{:name=>"ftpd", :version=>"0.2.2"}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
- end