dawnscanner 1.6.8 → 2.0.0.rc4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.ruby-version +1 -1
- data/Changelog.md +27 -1
- data/LICENSE.txt +1 -1
- data/README.md +59 -57
- data/Rakefile +10 -242
- data/Roadmap.md +15 -23
- data/VERSION +1 -1
- data/bin/dawn +17 -273
- data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
- data/dawnscanner.gemspec +10 -9
- data/doc/change.sh +13 -0
- data/doc/kickstart_kb.tar.gz +0 -0
- data/doc/knowledge_base.rb +650 -0
- data/docs/.placeholder +0 -0
- data/docs/CNAME +1 -0
- data/docs/_config.yml +1 -0
- data/lib/dawn/cli/dawn_cli.rb +139 -0
- data/lib/dawn/core.rb +8 -7
- data/lib/dawn/engine.rb +93 -34
- data/lib/dawn/gemfile_lock.rb +2 -2
- data/lib/dawn/kb/basic_check.rb +1 -2
- data/lib/dawn/kb/combo_check.rb +1 -1
- data/lib/dawn/kb/dependency_check.rb +1 -1
- data/lib/dawn/kb/operating_system_check.rb +1 -1
- data/lib/dawn/kb/pattern_match_check.rb +10 -9
- data/lib/dawn/kb/ruby_version_check.rb +11 -10
- data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
- data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
- data/lib/dawn/kb/version_check.rb +41 -24
- data/lib/dawn/knowledge_base.rb +259 -595
- data/lib/dawn/reporter.rb +2 -1
- data/lib/dawn/utils.rb +5 -2
- data/lib/dawn/version.rb +5 -5
- data/lib/dawnscanner.rb +7 -6
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
- data/spec/lib/kb/dependency_check.yml +29 -0
- metadata +30 -496
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
- data/lib/dawn/kb/cve_2004_0755.rb +0 -33
- data/lib/dawn/kb/cve_2004_0983.rb +0 -31
- data/lib/dawn/kb/cve_2005_1992.rb +0 -31
- data/lib/dawn/kb/cve_2005_2337.rb +0 -33
- data/lib/dawn/kb/cve_2006_1931.rb +0 -30
- data/lib/dawn/kb/cve_2006_2582.rb +0 -28
- data/lib/dawn/kb/cve_2006_3694.rb +0 -31
- data/lib/dawn/kb/cve_2006_4112.rb +0 -27
- data/lib/dawn/kb/cve_2006_5467.rb +0 -28
- data/lib/dawn/kb/cve_2006_6303.rb +0 -28
- data/lib/dawn/kb/cve_2006_6852.rb +0 -27
- data/lib/dawn/kb/cve_2006_6979.rb +0 -29
- data/lib/dawn/kb/cve_2007_0469.rb +0 -29
- data/lib/dawn/kb/cve_2007_5162.rb +0 -28
- data/lib/dawn/kb/cve_2007_5379.rb +0 -27
- data/lib/dawn/kb/cve_2007_5380.rb +0 -29
- data/lib/dawn/kb/cve_2007_5770.rb +0 -30
- data/lib/dawn/kb/cve_2007_6077.rb +0 -31
- data/lib/dawn/kb/cve_2007_6612.rb +0 -30
- data/lib/dawn/kb/cve_2008_1145.rb +0 -38
- data/lib/dawn/kb/cve_2008_1891.rb +0 -38
- data/lib/dawn/kb/cve_2008_2376.rb +0 -30
- data/lib/dawn/kb/cve_2008_2662.rb +0 -33
- data/lib/dawn/kb/cve_2008_2663.rb +0 -32
- data/lib/dawn/kb/cve_2008_2664.rb +0 -33
- data/lib/dawn/kb/cve_2008_2725.rb +0 -31
- data/lib/dawn/kb/cve_2008_3655.rb +0 -37
- data/lib/dawn/kb/cve_2008_3657.rb +0 -37
- data/lib/dawn/kb/cve_2008_3790.rb +0 -30
- data/lib/dawn/kb/cve_2008_3905.rb +0 -36
- data/lib/dawn/kb/cve_2008_4094.rb +0 -27
- data/lib/dawn/kb/cve_2008_4310.rb +0 -100
- data/lib/dawn/kb/cve_2008_5189.rb +0 -27
- data/lib/dawn/kb/cve_2008_7248.rb +0 -27
- data/lib/dawn/kb/cve_2009_4078.rb +0 -29
- data/lib/dawn/kb/cve_2009_4124.rb +0 -30
- data/lib/dawn/kb/cve_2009_4214.rb +0 -27
- data/lib/dawn/kb/cve_2010_1330.rb +0 -28
- data/lib/dawn/kb/cve_2010_2489.rb +0 -60
- data/lib/dawn/kb/cve_2010_3933.rb +0 -27
- data/lib/dawn/kb/cve_2011_0188.rb +0 -67
- data/lib/dawn/kb/cve_2011_0446.rb +0 -28
- data/lib/dawn/kb/cve_2011_0447.rb +0 -28
- data/lib/dawn/kb/cve_2011_0739.rb +0 -28
- data/lib/dawn/kb/cve_2011_0995.rb +0 -61
- data/lib/dawn/kb/cve_2011_1004.rb +0 -34
- data/lib/dawn/kb/cve_2011_1005.rb +0 -31
- data/lib/dawn/kb/cve_2011_2197.rb +0 -27
- data/lib/dawn/kb/cve_2011_2686.rb +0 -29
- data/lib/dawn/kb/cve_2011_2705.rb +0 -32
- data/lib/dawn/kb/cve_2011_2929.rb +0 -27
- data/lib/dawn/kb/cve_2011_2930.rb +0 -28
- data/lib/dawn/kb/cve_2011_2931.rb +0 -30
- data/lib/dawn/kb/cve_2011_2932.rb +0 -27
- data/lib/dawn/kb/cve_2011_3009.rb +0 -28
- data/lib/dawn/kb/cve_2011_3186.rb +0 -29
- data/lib/dawn/kb/cve_2011_3187.rb +0 -29
- data/lib/dawn/kb/cve_2011_4319.rb +0 -30
- data/lib/dawn/kb/cve_2011_4815.rb +0 -28
- data/lib/dawn/kb/cve_2011_5036.rb +0 -26
- data/lib/dawn/kb/cve_2012_1098.rb +0 -30
- data/lib/dawn/kb/cve_2012_1099.rb +0 -27
- data/lib/dawn/kb/cve_2012_1241.rb +0 -27
- data/lib/dawn/kb/cve_2012_2139.rb +0 -26
- data/lib/dawn/kb/cve_2012_2140.rb +0 -27
- data/lib/dawn/kb/cve_2012_2660.rb +0 -28
- data/lib/dawn/kb/cve_2012_2661.rb +0 -27
- data/lib/dawn/kb/cve_2012_2671.rb +0 -28
- data/lib/dawn/kb/cve_2012_2694.rb +0 -30
- data/lib/dawn/kb/cve_2012_2695.rb +0 -27
- data/lib/dawn/kb/cve_2012_3424.rb +0 -29
- data/lib/dawn/kb/cve_2012_3463.rb +0 -27
- data/lib/dawn/kb/cve_2012_3464.rb +0 -27
- data/lib/dawn/kb/cve_2012_3465.rb +0 -26
- data/lib/dawn/kb/cve_2012_4464.rb +0 -27
- data/lib/dawn/kb/cve_2012_4466.rb +0 -27
- data/lib/dawn/kb/cve_2012_4481.rb +0 -26
- data/lib/dawn/kb/cve_2012_4522.rb +0 -27
- data/lib/dawn/kb/cve_2012_5370.rb +0 -27
- data/lib/dawn/kb/cve_2012_5371.rb +0 -27
- data/lib/dawn/kb/cve_2012_5380.rb +0 -28
- data/lib/dawn/kb/cve_2012_6109.rb +0 -25
- data/lib/dawn/kb/cve_2012_6134.rb +0 -27
- data/lib/dawn/kb/cve_2012_6496.rb +0 -28
- data/lib/dawn/kb/cve_2012_6497.rb +0 -28
- data/lib/dawn/kb/cve_2012_6684.rb +0 -28
- data/lib/dawn/kb/cve_2013_0155.rb +0 -29
- data/lib/dawn/kb/cve_2013_0156.rb +0 -27
- data/lib/dawn/kb/cve_2013_0162.rb +0 -28
- data/lib/dawn/kb/cve_2013_0175.rb +0 -27
- data/lib/dawn/kb/cve_2013_0183.rb +0 -25
- data/lib/dawn/kb/cve_2013_0184.rb +0 -25
- data/lib/dawn/kb/cve_2013_0233.rb +0 -26
- data/lib/dawn/kb/cve_2013_0256.rb +0 -59
- data/lib/dawn/kb/cve_2013_0262.rb +0 -26
- data/lib/dawn/kb/cve_2013_0263.rb +0 -26
- data/lib/dawn/kb/cve_2013_0269.rb +0 -27
- data/lib/dawn/kb/cve_2013_0276.rb +0 -28
- data/lib/dawn/kb/cve_2013_0277.rb +0 -25
- data/lib/dawn/kb/cve_2013_0284.rb +0 -27
- data/lib/dawn/kb/cve_2013_0285.rb +0 -27
- data/lib/dawn/kb/cve_2013_0333.rb +0 -28
- data/lib/dawn/kb/cve_2013_0334.rb +0 -25
- data/lib/dawn/kb/cve_2013_1607.rb +0 -25
- data/lib/dawn/kb/cve_2013_1655.rb +0 -65
- data/lib/dawn/kb/cve_2013_1656.rb +0 -28
- data/lib/dawn/kb/cve_2013_1756.rb +0 -26
- data/lib/dawn/kb/cve_2013_1800.rb +0 -26
- data/lib/dawn/kb/cve_2013_1801.rb +0 -27
- data/lib/dawn/kb/cve_2013_1802.rb +0 -27
- data/lib/dawn/kb/cve_2013_1812.rb +0 -27
- data/lib/dawn/kb/cve_2013_1821.rb +0 -28
- data/lib/dawn/kb/cve_2013_1854.rb +0 -26
- data/lib/dawn/kb/cve_2013_1855.rb +0 -25
- data/lib/dawn/kb/cve_2013_1856.rb +0 -26
- data/lib/dawn/kb/cve_2013_1857.rb +0 -27
- data/lib/dawn/kb/cve_2013_1875.rb +0 -27
- data/lib/dawn/kb/cve_2013_1898.rb +0 -27
- data/lib/dawn/kb/cve_2013_1911.rb +0 -28
- data/lib/dawn/kb/cve_2013_1933.rb +0 -27
- data/lib/dawn/kb/cve_2013_1947.rb +0 -27
- data/lib/dawn/kb/cve_2013_1948.rb +0 -27
- data/lib/dawn/kb/cve_2013_2065.rb +0 -29
- data/lib/dawn/kb/cve_2013_2090.rb +0 -28
- data/lib/dawn/kb/cve_2013_2105.rb +0 -26
- data/lib/dawn/kb/cve_2013_2119.rb +0 -27
- data/lib/dawn/kb/cve_2013_2512.rb +0 -26
- data/lib/dawn/kb/cve_2013_2513.rb +0 -25
- data/lib/dawn/kb/cve_2013_2516.rb +0 -26
- data/lib/dawn/kb/cve_2013_2615.rb +0 -27
- data/lib/dawn/kb/cve_2013_2616.rb +0 -27
- data/lib/dawn/kb/cve_2013_2617.rb +0 -28
- data/lib/dawn/kb/cve_2013_3221.rb +0 -27
- data/lib/dawn/kb/cve_2013_4164.rb +0 -30
- data/lib/dawn/kb/cve_2013_4203.rb +0 -25
- data/lib/dawn/kb/cve_2013_4389.rb +0 -26
- data/lib/dawn/kb/cve_2013_4413.rb +0 -27
- data/lib/dawn/kb/cve_2013_4457.rb +0 -29
- data/lib/dawn/kb/cve_2013_4478.rb +0 -26
- data/lib/dawn/kb/cve_2013_4479.rb +0 -26
- data/lib/dawn/kb/cve_2013_4489.rb +0 -28
- data/lib/dawn/kb/cve_2013_4491.rb +0 -29
- data/lib/dawn/kb/cve_2013_4492.rb +0 -29
- data/lib/dawn/kb/cve_2013_4562.rb +0 -27
- data/lib/dawn/kb/cve_2013_4593.rb +0 -27
- data/lib/dawn/kb/cve_2013_5647.rb +0 -29
- data/lib/dawn/kb/cve_2013_5671.rb +0 -26
- data/lib/dawn/kb/cve_2013_6414.rb +0 -30
- data/lib/dawn/kb/cve_2013_6415.rb +0 -29
- data/lib/dawn/kb/cve_2013_6416.rb +0 -29
- data/lib/dawn/kb/cve_2013_6417.rb +0 -30
- data/lib/dawn/kb/cve_2013_6421.rb +0 -28
- data/lib/dawn/kb/cve_2013_6459.rb +0 -28
- data/lib/dawn/kb/cve_2013_6460.rb +0 -53
- data/lib/dawn/kb/cve_2013_6461.rb +0 -57
- data/lib/dawn/kb/cve_2013_7086.rb +0 -27
- data/lib/dawn/kb/cve_2014_0036.rb +0 -27
- data/lib/dawn/kb/cve_2014_0080.rb +0 -29
- data/lib/dawn/kb/cve_2014_0081.rb +0 -27
- data/lib/dawn/kb/cve_2014_0082.rb +0 -27
- data/lib/dawn/kb/cve_2014_0130.rb +0 -27
- data/lib/dawn/kb/cve_2014_1233.rb +0 -27
- data/lib/dawn/kb/cve_2014_1234.rb +0 -26
- data/lib/dawn/kb/cve_2014_2322.rb +0 -28
- data/lib/dawn/kb/cve_2014_2525.rb +0 -59
- data/lib/dawn/kb/cve_2014_2538.rb +0 -26
- data/lib/dawn/kb/cve_2014_3482.rb +0 -28
- data/lib/dawn/kb/cve_2014_3483.rb +0 -28
- data/lib/dawn/kb/cve_2014_3916.rb +0 -29
- data/lib/dawn/kb/cve_2014_4975.rb +0 -28
- data/lib/dawn/kb/cve_2014_7818.rb +0 -27
- data/lib/dawn/kb/cve_2014_7819.rb +0 -31
- data/lib/dawn/kb/cve_2014_7829.rb +0 -30
- data/lib/dawn/kb/cve_2014_8090.rb +0 -30
- data/lib/dawn/kb/cve_2014_9490.rb +0 -29
- data/lib/dawn/kb/cve_2015_1819.rb +0 -34
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
- data/lib/dawn/kb/cve_2015_2963.rb +0 -27
- data/lib/dawn/kb/cve_2015_3224.rb +0 -26
- data/lib/dawn/kb/cve_2015_3225.rb +0 -28
- data/lib/dawn/kb/cve_2015_3226.rb +0 -27
- data/lib/dawn/kb/cve_2015_3227.rb +0 -28
- data/lib/dawn/kb/cve_2015_3448.rb +0 -29
- data/lib/dawn/kb/cve_2015_4020.rb +0 -34
- data/lib/dawn/kb/cve_2015_5312.rb +0 -30
- data/lib/dawn/kb/cve_2015_7497.rb +0 -32
- data/lib/dawn/kb/cve_2015_7498.rb +0 -32
- data/lib/dawn/kb/cve_2015_7499.rb +0 -32
- data/lib/dawn/kb/cve_2015_7500.rb +0 -32
- data/lib/dawn/kb/cve_2015_7519.rb +0 -31
- data/lib/dawn/kb/cve_2015_7541.rb +0 -31
- data/lib/dawn/kb/cve_2015_7576.rb +0 -35
- data/lib/dawn/kb/cve_2015_7577.rb +0 -34
- data/lib/dawn/kb/cve_2015_7578.rb +0 -30
- data/lib/dawn/kb/cve_2015_7579.rb +0 -30
- data/lib/dawn/kb/cve_2015_7581.rb +0 -33
- data/lib/dawn/kb/cve_2015_8241.rb +0 -32
- data/lib/dawn/kb/cve_2015_8242.rb +0 -32
- data/lib/dawn/kb/cve_2015_8317.rb +0 -32
- data/lib/dawn/kb/cve_2016_0751.rb +0 -32
- data/lib/dawn/kb/cve_2016_0752.rb +0 -35
- data/lib/dawn/kb/cve_2016_0753.rb +0 -31
- data/lib/dawn/kb/cve_2016_2097.rb +0 -35
- data/lib/dawn/kb/cve_2016_2098.rb +0 -35
- data/lib/dawn/kb/cve_2016_5697.rb +0 -30
- data/lib/dawn/kb/cve_2016_6316.rb +0 -33
- data/lib/dawn/kb/cve_2016_6317.rb +0 -32
- data/lib/dawn/kb/cve_2016_6582.rb +0 -43
- data/lib/dawn/kb/not_revised_code.rb +0 -22
- data/lib/dawn/kb/osvdb_105971.rb +0 -29
- data/lib/dawn/kb/osvdb_108530.rb +0 -27
- data/lib/dawn/kb/osvdb_108563.rb +0 -28
- data/lib/dawn/kb/osvdb_108569.rb +0 -28
- data/lib/dawn/kb/osvdb_108570.rb +0 -27
- data/lib/dawn/kb/osvdb_115654.rb +0 -33
- data/lib/dawn/kb/osvdb_116010.rb +0 -30
- data/lib/dawn/kb/osvdb_117903.rb +0 -30
- data/lib/dawn/kb/osvdb_118579.rb +0 -31
- data/lib/dawn/kb/osvdb_118830.rb +0 -32
- data/lib/dawn/kb/osvdb_118954.rb +0 -33
- data/lib/dawn/kb/osvdb_119878.rb +0 -32
- data/lib/dawn/kb/osvdb_119927.rb +0 -33
- data/lib/dawn/kb/osvdb_120415.rb +0 -31
- data/lib/dawn/kb/osvdb_120857.rb +0 -34
- data/lib/dawn/kb/osvdb_121701.rb +0 -30
- data/lib/dawn/kb/osvdb_132234.rb +0 -34
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
- data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
- data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
- data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
- data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
- data/lib/dawn/knowledge_base_experimental.rb +0 -245
- data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
- data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
- data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
- data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
- data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
- data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
- data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
- data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
- data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
- data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
- data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
- data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
- data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
- data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
- data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
- data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
- data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
- data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
- data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
- data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
- data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
- data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
- data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
- data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
- data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
- data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
- data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
- data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
- data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
- data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
- data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
- data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
- data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
- data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
- data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
- data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
- data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
- data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
- data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
- data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
- data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
- data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
- data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
- data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
- data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
- data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
- data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
- data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
- data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
- data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
- metadata.gz.sig +0 -0
|
@@ -1,54 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-0183 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_0183.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
|
|
8
|
-
it "is reported when the vulnerable gem is detected - 1.3.0" do
|
|
9
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
|
|
10
|
-
expect(@check.vuln?).to eq(true)
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
it "is reported when the vulnerable gem is detected - 1.3.1" do
|
|
14
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
|
|
15
|
-
expect(@check.vuln?).to eq(true)
|
|
16
|
-
end
|
|
17
|
-
it "is reported when the vulnerable gem is detected - 1.3.2" do
|
|
18
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
|
|
19
|
-
expect(@check.vuln?).to eq(true)
|
|
20
|
-
end
|
|
21
|
-
it "is reported when the vulnerable gem is detected - 1.3.3" do
|
|
22
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
|
|
23
|
-
expect(@check.vuln?).to eq(true)
|
|
24
|
-
end
|
|
25
|
-
it "is reported when the vulnerable gem is detected - 1.3.4" do
|
|
26
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
|
|
27
|
-
expect(@check.vuln?).to eq(true)
|
|
28
|
-
end
|
|
29
|
-
it "is reported when the vulnerable gem is detected - 1.3.5" do
|
|
30
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
|
|
31
|
-
expect(@check.vuln?).to eq(true)
|
|
32
|
-
end
|
|
33
|
-
it "is reported when the vulnerable gem is detected - 1.3.6" do
|
|
34
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
|
|
35
|
-
expect(@check.vuln?).to eq(true)
|
|
36
|
-
end
|
|
37
|
-
it "is reported when the vulnerable gem is detected - 1.3.7" do
|
|
38
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.7"}]
|
|
39
|
-
expect(@check.vuln?).to eq(true)
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
it "is reported when the vulnerable gem is detected - 1.4.0" do
|
|
43
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
|
|
44
|
-
expect(@check.vuln?).to eq(true)
|
|
45
|
-
end
|
|
46
|
-
it "is reported when the vulnerable gem is detected - 1.4.1" do
|
|
47
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
|
|
48
|
-
expect(@check.vuln?).to eq(true)
|
|
49
|
-
end
|
|
50
|
-
it "is reported when the vulnerable gem is detected - 1.4.2" do
|
|
51
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.2"}]
|
|
52
|
-
expect(@check.vuln?).to eq(true)
|
|
53
|
-
end
|
|
54
|
-
end
|
|
@@ -1,115 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-0184 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_0184.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
|
|
8
|
-
it "is reported when the vulnerable gem is detected - 1.1.0" do
|
|
9
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
|
|
10
|
-
expect(@check.vuln?).to eq(true)
|
|
11
|
-
end
|
|
12
|
-
it "is reported when the vulnerable gem is detected - 1.1.3" do
|
|
13
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.3"}]
|
|
14
|
-
expect(@check.vuln?).to eq(true)
|
|
15
|
-
end
|
|
16
|
-
it "is reported when the vulnerable gem is detected - 1.1.2" do
|
|
17
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
|
|
18
|
-
expect(@check.vuln?).to eq(true)
|
|
19
|
-
end
|
|
20
|
-
it "is reported when the vulnerable gem is detected - 1.1.4" do
|
|
21
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.1.4"}]
|
|
22
|
-
expect(@check.vuln?).to eq(true)
|
|
23
|
-
end
|
|
24
|
-
it "is reported when the vulnerable gem is detected - 1.2.0" do
|
|
25
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
|
|
26
|
-
expect(@check.vuln?).to eq(true)
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
it "is reported when the vulnerable gem is detected - 1.2.1" do
|
|
30
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
|
|
31
|
-
expect(@check.vuln?).to eq(true)
|
|
32
|
-
end
|
|
33
|
-
it "is reported when the vulnerable gem is detected - 1.2.2" do
|
|
34
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
|
|
35
|
-
expect(@check.vuln?).to eq(true)
|
|
36
|
-
end
|
|
37
|
-
it "is reported when the vulnerable gem is detected - 1.2.3" do
|
|
38
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
|
|
39
|
-
expect(@check.vuln?).to eq(true)
|
|
40
|
-
end
|
|
41
|
-
it "is reported when the vulnerable gem is detected - 1.2.4" do
|
|
42
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
|
|
43
|
-
expect(@check.vuln?).to eq(true)
|
|
44
|
-
end
|
|
45
|
-
it "is reported when the vulnerable gem is detected - 1.2.5" do
|
|
46
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.5"}]
|
|
47
|
-
expect(@check.vuln?).to eq(true)
|
|
48
|
-
end
|
|
49
|
-
it "is reported when the vulnerable gem is detected - 1.2.6" do
|
|
50
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.2.6"}]
|
|
51
|
-
expect(@check.vuln?).to eq(true)
|
|
52
|
-
end
|
|
53
|
-
it "is reported when the vulnerable gem is detected - 1.3.0" do
|
|
54
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
|
|
55
|
-
expect(@check.vuln?).to eq(true)
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
it "is reported when the vulnerable gem is detected - 1.3.1" do
|
|
59
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
|
|
60
|
-
expect(@check.vuln?).to eq(true)
|
|
61
|
-
end
|
|
62
|
-
it "is reported when the vulnerable gem is detected - 1.3.2" do
|
|
63
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
|
|
64
|
-
expect(@check.vuln?).to eq(true)
|
|
65
|
-
end
|
|
66
|
-
it "is reported when the vulnerable gem is detected - 1.3.3" do
|
|
67
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
|
|
68
|
-
expect(@check.vuln?).to eq(true)
|
|
69
|
-
end
|
|
70
|
-
it "is reported when the vulnerable gem is detected - 1.3.4" do
|
|
71
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
|
|
72
|
-
expect(@check.vuln?).to eq(true)
|
|
73
|
-
end
|
|
74
|
-
it "is reported when the vulnerable gem is detected - 1.3.5" do
|
|
75
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
|
|
76
|
-
expect(@check.vuln?).to eq(true)
|
|
77
|
-
end
|
|
78
|
-
it "is reported when the vulnerable gem is detected - 1.3.6" do
|
|
79
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
|
|
80
|
-
expect(@check.vuln?).to eq(true)
|
|
81
|
-
end
|
|
82
|
-
it "is reported when the vulnerable gem is detected - 1.3.7" do
|
|
83
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.7"}]
|
|
84
|
-
expect(@check.vuln?).to eq(true)
|
|
85
|
-
end
|
|
86
|
-
it "is reported when the vulnerable gem is detected - 1.3.8" do
|
|
87
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.3.8"}]
|
|
88
|
-
expect(@check.vuln?).to eq(true)
|
|
89
|
-
end
|
|
90
|
-
it "is reported when the vulnerable gem is detected" do
|
|
91
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
|
|
92
|
-
expect(@check.vuln?).to eq(true)
|
|
93
|
-
end
|
|
94
|
-
it "is reported when the vulnerable gem is detected" do
|
|
95
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
|
|
96
|
-
expect(@check.vuln?).to eq(true)
|
|
97
|
-
end
|
|
98
|
-
it "is reported when the vulnerable gem is detected" do
|
|
99
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.2"}]
|
|
100
|
-
expect(@check.vuln?).to eq(true)
|
|
101
|
-
end
|
|
102
|
-
it "is reported when the vulnerable gem is detected" do
|
|
103
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.3"}]
|
|
104
|
-
expect(@check.vuln?).to eq(true)
|
|
105
|
-
end
|
|
106
|
-
|
|
107
|
-
it "is not reported when a fixed release is detected" do
|
|
108
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.5"}]
|
|
109
|
-
expect(@check.vuln?).to eq(false)
|
|
110
|
-
end
|
|
111
|
-
it "is not reported when a fixed release is detected" do
|
|
112
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.5.2"}]
|
|
113
|
-
expect(@check.vuln?).to eq(false)
|
|
114
|
-
end
|
|
115
|
-
end
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-0256 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_0256.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "fires when vulnerable ruby (1.9.3-p382) and rdoc version (2.3.0) has been found" do
|
|
8
|
-
@check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"381"}, :dependencies=>[{:name=>"rdoc", :version=>'2.3.0'}, :root_dir=>"."]}
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "fires when vulnerable ruby (1.9.2-p342) and rdoc version (2.3.0) has been found" do
|
|
12
|
-
@check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"342"}, :dependencies=>[{:name=>"rdoc", :version=>'2.3.0'}, :root_dir=>"."]}
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
it "fires when vulnerable ruby (1.9.3-p382) and rdoc version (3.12) has been found" do
|
|
17
|
-
@check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"381"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
|
|
18
|
-
expect(@check.vuln?).to eq(true)
|
|
19
|
-
end
|
|
20
|
-
it "fires when vulnerable ruby (1.9.2-p342) and rdoc version (3.12) has been found" do
|
|
21
|
-
@check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"342"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
|
|
22
|
-
expect(@check.vuln?).to eq(true)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
it "doesn't fire when not vulnerable ruby (1.9.3-p383) is found but vulnerable rdoc version (3.12) has been found" do
|
|
26
|
-
@check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"383"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
|
|
27
|
-
expect(@check.vuln?).to eq(false)
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
it "doesn't fire when vulnerable ruby (1.9.3-p382) is found but not vulnerable rdoc version (3.13) has been found" do
|
|
31
|
-
@check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"322"}, :dependencies=>[{:name=>"rdoc", :version=>'3.13'}, :root_dir=>"."]}
|
|
32
|
-
expect(@check.vuln?).to eq(false)
|
|
33
|
-
end
|
|
34
|
-
end
|
|
@@ -1,44 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-0262 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_0262.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
|
|
8
|
-
it "is reported when the vulnerable gem is detected" do
|
|
9
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.5.0"}]
|
|
10
|
-
expect(@check.vuln?).to eq(true)
|
|
11
|
-
end
|
|
12
|
-
it "is reported when the vulnerable gem is detected" do
|
|
13
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.5.1"}]
|
|
14
|
-
expect(@check.vuln?).to eq(true)
|
|
15
|
-
end
|
|
16
|
-
it "is reported when the vulnerable gem is detected" do
|
|
17
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
|
|
18
|
-
expect(@check.vuln?).to eq(true)
|
|
19
|
-
end
|
|
20
|
-
it "is reported when the vulnerable gem is detected" do
|
|
21
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
|
|
22
|
-
expect(@check.vuln?).to eq(true)
|
|
23
|
-
end
|
|
24
|
-
it "is reported when the vulnerable gem is detected" do
|
|
25
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.2"}]
|
|
26
|
-
expect(@check.vuln?).to eq(true)
|
|
27
|
-
end
|
|
28
|
-
it "is reported when the vulnerable gem is detected" do
|
|
29
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.3"}]
|
|
30
|
-
expect(@check.vuln?).to eq(true)
|
|
31
|
-
end
|
|
32
|
-
it "is reported when the vulnerable gem is detected" do
|
|
33
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.4"}]
|
|
34
|
-
expect(@check.vuln?).to eq(true)
|
|
35
|
-
end
|
|
36
|
-
it "is not reported when a fixed release is detected" do
|
|
37
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.4.5"}]
|
|
38
|
-
expect(@check.vuln?).to eq(false)
|
|
39
|
-
end
|
|
40
|
-
it "is not reported when a fixed release is detected" do
|
|
41
|
-
@check.dependencies = [{:name=>"rack", :version=>"1.5.2"}]
|
|
42
|
-
expect(@check.vuln?).to eq(false)
|
|
43
|
-
end
|
|
44
|
-
end
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-0263 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_0263.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is not reported when rack version 1.4.5 is used" do
|
|
8
|
-
@check.dependencies = [{:name=>"rack", :version=>'1.4.5'}]
|
|
9
|
-
expect(@check.vuln?).to eq(false)
|
|
10
|
-
end
|
|
11
|
-
end
|
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-0334 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_0334.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is not reported when bundler version 1.7.0 is used" do
|
|
8
|
-
@check.dependencies = [{:name=>"bundler", :version=>'1.7.0'}]
|
|
9
|
-
expect(@check.vuln?).to eq(false)
|
|
10
|
-
end
|
|
11
|
-
it "is not reported when bundler version 1.7.1 is used" do
|
|
12
|
-
@check.dependencies = [{:name=>"bundler", :version=>'1.7.1'}]
|
|
13
|
-
expect(@check.vuln?).to eq(false)
|
|
14
|
-
end
|
|
15
|
-
it "is not reported when bundler version 1.8.7 is used" do
|
|
16
|
-
@check.dependencies = [{:name=>"bundler", :version=>'1.8.7'}]
|
|
17
|
-
expect(@check.vuln?).to eq(false)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when bundler version 1.10.0.rc is used" do
|
|
20
|
-
@check.dependencies = [{:name=>"bundler", :version=>'1.10.0.rc'}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when bundler version 1.12.5 is used" do
|
|
24
|
-
@check.dependencies = [{:name=>"bundler", :version=>'1.12.5'}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "fires when vulnerable bundler version it has been found (1.6.6)" do
|
|
28
|
-
@check.dependencies = [{:name=>"bundler", :version=>'1.6.6'}]
|
|
29
|
-
expect(@check.vuln?).to eq(true)
|
|
30
|
-
end
|
|
31
|
-
it "fires when vulnerable bundler version it has been found (1.3.0)" do
|
|
32
|
-
@check.dependencies = [{:name=>"bundler", :version=>'1.3.0'}]
|
|
33
|
-
expect(@check.vuln?).to eq(true)
|
|
34
|
-
end
|
|
35
|
-
end
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-1607 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_1607.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when a pdfkit gem version 0.5.2 is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"pdfkit", :version=>"0.5.2"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is not reported when a pdfkit gem version 0.5.3 is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"pdfkit", :version=>"0.5.3"}]
|
|
13
|
-
expect(@check.vuln?).to eq(false)
|
|
14
|
-
end
|
|
15
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe "The CVE-2013-1655 vulnerability" do
|
|
4
|
-
before(:all) do
|
|
5
|
-
@check = Dawn::Kb::CVE_2013_1655.new
|
|
6
|
-
# @check.debug = true
|
|
7
|
-
end
|
|
8
|
-
it "is detected if vulnerable version of puppet rubygem is detect when running on ruby 1.9.3 and 2.0.0" do
|
|
9
|
-
@check.options[:dependencies]=[{:name=>"puppet", :version=>'2.7.20'}]
|
|
10
|
-
@check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p342"}
|
|
11
|
-
expect(@check.vuln?).to eq(true)
|
|
12
|
-
end
|
|
13
|
-
it "is ignored if only vulnerable version of puppet rubygem has been found" do
|
|
14
|
-
@check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p358"}
|
|
15
|
-
expect(@check.vuln?).to eq(false)
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
it "is ignored if only the vulnerable ruby interpreter version has been found" do
|
|
19
|
-
@check.options[:dependencies]=[{:name=>"puppet", :version=>'8.7.21'}]
|
|
20
|
-
@check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p342"}
|
|
21
|
-
# @check.dump_status
|
|
22
|
-
expect(@check.vuln?).to eq(false)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
it "is ignored if none of the prerequisites have been met" do
|
|
26
|
-
@check.options[:dependencies]=[{:name=>"puppet", :version=>'8.7.21'}]
|
|
27
|
-
@check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p342"}
|
|
28
|
-
# @check.dump_status
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-1756 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_1756.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when dragonfly version 0.9.12 is used" do
|
|
8
|
-
@check.dependencies = [{:name=>"dragonfly", :version=>'0.9.12'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when dragonfly version 0.8.12 is used" do
|
|
12
|
-
@check.dependencies = [{:name=>"dragonfly", :version=>'0.8.12'}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when dragonfly version 0.7.12 is used" do
|
|
16
|
-
@check.dependencies = [{:name=>"dragonfly", :version=>'0.7.12'}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when dragonfly version 0.9.13 is used" do
|
|
20
|
-
@check.dependencies = [{:name=>"dragonfly", :version=>'0.9.13'}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
end
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-2090 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_2090.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "fires when vulnerable cremefraiche version is used" do
|
|
8
|
-
@check.dependencies = [{:name=>"cremefraiche", :version=>'0.6.1'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "doesn't fire when not vulnerable cremefraiche version is used" do
|
|
12
|
-
@check.dependencies = [{:name=>"cremefraiche", :version=>'0.6.2'}]
|
|
13
|
-
expect(@check.vuln?).to eq(false)
|
|
14
|
-
end
|
|
15
|
-
end
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-2105 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_2105.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when show_in_browser vulnerable version is reported (0.0.3)" do
|
|
8
|
-
@check.dependencies = [{:name=>'show_in_browser', :version=>'0.0.3'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
end
|
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-2119 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_2119.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "fires when vulnerable passenger version is used" do
|
|
8
|
-
@check.dependencies = [{:name=>"passenger", :version=>"4.0.4"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "fires when vulnerable passenger version is used" do
|
|
12
|
-
@check.dependencies = [{:name=>"passenger", :version=>"4.0.0"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "fires when vulnerable passenger version is used" do
|
|
16
|
-
@check.dependencies = [{:name=>"passenger", :version=>"3.0.20"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "doesn't fire when not vulnerable passenger version is used" do
|
|
20
|
-
@check.dependencies = [{:name=>"passenger", :version=>"4.0.5"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "doesn't fire when not vulnerable passenger version is used" do
|
|
24
|
-
@check.dependencies = [{:name=>"passenger", :version=>"3.0.21"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
end
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2013-2512 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2013_2512.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when a ftpd gem version 0.2.1 is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"ftpd", :version=>"0.2.1"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is not reported when a ftpd gem version 0.2.2 is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"ftpd", :version=>"0.2.2"}]
|
|
13
|
-
expect(@check.vuln?).to eq(false)
|
|
14
|
-
end
|
|
15
|
-
end
|