dawnscanner 1.6.8 → 2.0.0.rc4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.ruby-version +1 -1
- data/Changelog.md +27 -1
- data/LICENSE.txt +1 -1
- data/README.md +59 -57
- data/Rakefile +10 -242
- data/Roadmap.md +15 -23
- data/VERSION +1 -1
- data/bin/dawn +17 -273
- data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
- data/dawnscanner.gemspec +10 -9
- data/doc/change.sh +13 -0
- data/doc/kickstart_kb.tar.gz +0 -0
- data/doc/knowledge_base.rb +650 -0
- data/docs/.placeholder +0 -0
- data/docs/CNAME +1 -0
- data/docs/_config.yml +1 -0
- data/lib/dawn/cli/dawn_cli.rb +139 -0
- data/lib/dawn/core.rb +8 -7
- data/lib/dawn/engine.rb +93 -34
- data/lib/dawn/gemfile_lock.rb +2 -2
- data/lib/dawn/kb/basic_check.rb +1 -2
- data/lib/dawn/kb/combo_check.rb +1 -1
- data/lib/dawn/kb/dependency_check.rb +1 -1
- data/lib/dawn/kb/operating_system_check.rb +1 -1
- data/lib/dawn/kb/pattern_match_check.rb +10 -9
- data/lib/dawn/kb/ruby_version_check.rb +11 -10
- data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
- data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
- data/lib/dawn/kb/version_check.rb +41 -24
- data/lib/dawn/knowledge_base.rb +259 -595
- data/lib/dawn/reporter.rb +2 -1
- data/lib/dawn/utils.rb +5 -2
- data/lib/dawn/version.rb +5 -5
- data/lib/dawnscanner.rb +7 -6
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
- data/spec/lib/kb/dependency_check.yml +29 -0
- metadata +30 -496
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
- data/lib/dawn/kb/cve_2004_0755.rb +0 -33
- data/lib/dawn/kb/cve_2004_0983.rb +0 -31
- data/lib/dawn/kb/cve_2005_1992.rb +0 -31
- data/lib/dawn/kb/cve_2005_2337.rb +0 -33
- data/lib/dawn/kb/cve_2006_1931.rb +0 -30
- data/lib/dawn/kb/cve_2006_2582.rb +0 -28
- data/lib/dawn/kb/cve_2006_3694.rb +0 -31
- data/lib/dawn/kb/cve_2006_4112.rb +0 -27
- data/lib/dawn/kb/cve_2006_5467.rb +0 -28
- data/lib/dawn/kb/cve_2006_6303.rb +0 -28
- data/lib/dawn/kb/cve_2006_6852.rb +0 -27
- data/lib/dawn/kb/cve_2006_6979.rb +0 -29
- data/lib/dawn/kb/cve_2007_0469.rb +0 -29
- data/lib/dawn/kb/cve_2007_5162.rb +0 -28
- data/lib/dawn/kb/cve_2007_5379.rb +0 -27
- data/lib/dawn/kb/cve_2007_5380.rb +0 -29
- data/lib/dawn/kb/cve_2007_5770.rb +0 -30
- data/lib/dawn/kb/cve_2007_6077.rb +0 -31
- data/lib/dawn/kb/cve_2007_6612.rb +0 -30
- data/lib/dawn/kb/cve_2008_1145.rb +0 -38
- data/lib/dawn/kb/cve_2008_1891.rb +0 -38
- data/lib/dawn/kb/cve_2008_2376.rb +0 -30
- data/lib/dawn/kb/cve_2008_2662.rb +0 -33
- data/lib/dawn/kb/cve_2008_2663.rb +0 -32
- data/lib/dawn/kb/cve_2008_2664.rb +0 -33
- data/lib/dawn/kb/cve_2008_2725.rb +0 -31
- data/lib/dawn/kb/cve_2008_3655.rb +0 -37
- data/lib/dawn/kb/cve_2008_3657.rb +0 -37
- data/lib/dawn/kb/cve_2008_3790.rb +0 -30
- data/lib/dawn/kb/cve_2008_3905.rb +0 -36
- data/lib/dawn/kb/cve_2008_4094.rb +0 -27
- data/lib/dawn/kb/cve_2008_4310.rb +0 -100
- data/lib/dawn/kb/cve_2008_5189.rb +0 -27
- data/lib/dawn/kb/cve_2008_7248.rb +0 -27
- data/lib/dawn/kb/cve_2009_4078.rb +0 -29
- data/lib/dawn/kb/cve_2009_4124.rb +0 -30
- data/lib/dawn/kb/cve_2009_4214.rb +0 -27
- data/lib/dawn/kb/cve_2010_1330.rb +0 -28
- data/lib/dawn/kb/cve_2010_2489.rb +0 -60
- data/lib/dawn/kb/cve_2010_3933.rb +0 -27
- data/lib/dawn/kb/cve_2011_0188.rb +0 -67
- data/lib/dawn/kb/cve_2011_0446.rb +0 -28
- data/lib/dawn/kb/cve_2011_0447.rb +0 -28
- data/lib/dawn/kb/cve_2011_0739.rb +0 -28
- data/lib/dawn/kb/cve_2011_0995.rb +0 -61
- data/lib/dawn/kb/cve_2011_1004.rb +0 -34
- data/lib/dawn/kb/cve_2011_1005.rb +0 -31
- data/lib/dawn/kb/cve_2011_2197.rb +0 -27
- data/lib/dawn/kb/cve_2011_2686.rb +0 -29
- data/lib/dawn/kb/cve_2011_2705.rb +0 -32
- data/lib/dawn/kb/cve_2011_2929.rb +0 -27
- data/lib/dawn/kb/cve_2011_2930.rb +0 -28
- data/lib/dawn/kb/cve_2011_2931.rb +0 -30
- data/lib/dawn/kb/cve_2011_2932.rb +0 -27
- data/lib/dawn/kb/cve_2011_3009.rb +0 -28
- data/lib/dawn/kb/cve_2011_3186.rb +0 -29
- data/lib/dawn/kb/cve_2011_3187.rb +0 -29
- data/lib/dawn/kb/cve_2011_4319.rb +0 -30
- data/lib/dawn/kb/cve_2011_4815.rb +0 -28
- data/lib/dawn/kb/cve_2011_5036.rb +0 -26
- data/lib/dawn/kb/cve_2012_1098.rb +0 -30
- data/lib/dawn/kb/cve_2012_1099.rb +0 -27
- data/lib/dawn/kb/cve_2012_1241.rb +0 -27
- data/lib/dawn/kb/cve_2012_2139.rb +0 -26
- data/lib/dawn/kb/cve_2012_2140.rb +0 -27
- data/lib/dawn/kb/cve_2012_2660.rb +0 -28
- data/lib/dawn/kb/cve_2012_2661.rb +0 -27
- data/lib/dawn/kb/cve_2012_2671.rb +0 -28
- data/lib/dawn/kb/cve_2012_2694.rb +0 -30
- data/lib/dawn/kb/cve_2012_2695.rb +0 -27
- data/lib/dawn/kb/cve_2012_3424.rb +0 -29
- data/lib/dawn/kb/cve_2012_3463.rb +0 -27
- data/lib/dawn/kb/cve_2012_3464.rb +0 -27
- data/lib/dawn/kb/cve_2012_3465.rb +0 -26
- data/lib/dawn/kb/cve_2012_4464.rb +0 -27
- data/lib/dawn/kb/cve_2012_4466.rb +0 -27
- data/lib/dawn/kb/cve_2012_4481.rb +0 -26
- data/lib/dawn/kb/cve_2012_4522.rb +0 -27
- data/lib/dawn/kb/cve_2012_5370.rb +0 -27
- data/lib/dawn/kb/cve_2012_5371.rb +0 -27
- data/lib/dawn/kb/cve_2012_5380.rb +0 -28
- data/lib/dawn/kb/cve_2012_6109.rb +0 -25
- data/lib/dawn/kb/cve_2012_6134.rb +0 -27
- data/lib/dawn/kb/cve_2012_6496.rb +0 -28
- data/lib/dawn/kb/cve_2012_6497.rb +0 -28
- data/lib/dawn/kb/cve_2012_6684.rb +0 -28
- data/lib/dawn/kb/cve_2013_0155.rb +0 -29
- data/lib/dawn/kb/cve_2013_0156.rb +0 -27
- data/lib/dawn/kb/cve_2013_0162.rb +0 -28
- data/lib/dawn/kb/cve_2013_0175.rb +0 -27
- data/lib/dawn/kb/cve_2013_0183.rb +0 -25
- data/lib/dawn/kb/cve_2013_0184.rb +0 -25
- data/lib/dawn/kb/cve_2013_0233.rb +0 -26
- data/lib/dawn/kb/cve_2013_0256.rb +0 -59
- data/lib/dawn/kb/cve_2013_0262.rb +0 -26
- data/lib/dawn/kb/cve_2013_0263.rb +0 -26
- data/lib/dawn/kb/cve_2013_0269.rb +0 -27
- data/lib/dawn/kb/cve_2013_0276.rb +0 -28
- data/lib/dawn/kb/cve_2013_0277.rb +0 -25
- data/lib/dawn/kb/cve_2013_0284.rb +0 -27
- data/lib/dawn/kb/cve_2013_0285.rb +0 -27
- data/lib/dawn/kb/cve_2013_0333.rb +0 -28
- data/lib/dawn/kb/cve_2013_0334.rb +0 -25
- data/lib/dawn/kb/cve_2013_1607.rb +0 -25
- data/lib/dawn/kb/cve_2013_1655.rb +0 -65
- data/lib/dawn/kb/cve_2013_1656.rb +0 -28
- data/lib/dawn/kb/cve_2013_1756.rb +0 -26
- data/lib/dawn/kb/cve_2013_1800.rb +0 -26
- data/lib/dawn/kb/cve_2013_1801.rb +0 -27
- data/lib/dawn/kb/cve_2013_1802.rb +0 -27
- data/lib/dawn/kb/cve_2013_1812.rb +0 -27
- data/lib/dawn/kb/cve_2013_1821.rb +0 -28
- data/lib/dawn/kb/cve_2013_1854.rb +0 -26
- data/lib/dawn/kb/cve_2013_1855.rb +0 -25
- data/lib/dawn/kb/cve_2013_1856.rb +0 -26
- data/lib/dawn/kb/cve_2013_1857.rb +0 -27
- data/lib/dawn/kb/cve_2013_1875.rb +0 -27
- data/lib/dawn/kb/cve_2013_1898.rb +0 -27
- data/lib/dawn/kb/cve_2013_1911.rb +0 -28
- data/lib/dawn/kb/cve_2013_1933.rb +0 -27
- data/lib/dawn/kb/cve_2013_1947.rb +0 -27
- data/lib/dawn/kb/cve_2013_1948.rb +0 -27
- data/lib/dawn/kb/cve_2013_2065.rb +0 -29
- data/lib/dawn/kb/cve_2013_2090.rb +0 -28
- data/lib/dawn/kb/cve_2013_2105.rb +0 -26
- data/lib/dawn/kb/cve_2013_2119.rb +0 -27
- data/lib/dawn/kb/cve_2013_2512.rb +0 -26
- data/lib/dawn/kb/cve_2013_2513.rb +0 -25
- data/lib/dawn/kb/cve_2013_2516.rb +0 -26
- data/lib/dawn/kb/cve_2013_2615.rb +0 -27
- data/lib/dawn/kb/cve_2013_2616.rb +0 -27
- data/lib/dawn/kb/cve_2013_2617.rb +0 -28
- data/lib/dawn/kb/cve_2013_3221.rb +0 -27
- data/lib/dawn/kb/cve_2013_4164.rb +0 -30
- data/lib/dawn/kb/cve_2013_4203.rb +0 -25
- data/lib/dawn/kb/cve_2013_4389.rb +0 -26
- data/lib/dawn/kb/cve_2013_4413.rb +0 -27
- data/lib/dawn/kb/cve_2013_4457.rb +0 -29
- data/lib/dawn/kb/cve_2013_4478.rb +0 -26
- data/lib/dawn/kb/cve_2013_4479.rb +0 -26
- data/lib/dawn/kb/cve_2013_4489.rb +0 -28
- data/lib/dawn/kb/cve_2013_4491.rb +0 -29
- data/lib/dawn/kb/cve_2013_4492.rb +0 -29
- data/lib/dawn/kb/cve_2013_4562.rb +0 -27
- data/lib/dawn/kb/cve_2013_4593.rb +0 -27
- data/lib/dawn/kb/cve_2013_5647.rb +0 -29
- data/lib/dawn/kb/cve_2013_5671.rb +0 -26
- data/lib/dawn/kb/cve_2013_6414.rb +0 -30
- data/lib/dawn/kb/cve_2013_6415.rb +0 -29
- data/lib/dawn/kb/cve_2013_6416.rb +0 -29
- data/lib/dawn/kb/cve_2013_6417.rb +0 -30
- data/lib/dawn/kb/cve_2013_6421.rb +0 -28
- data/lib/dawn/kb/cve_2013_6459.rb +0 -28
- data/lib/dawn/kb/cve_2013_6460.rb +0 -53
- data/lib/dawn/kb/cve_2013_6461.rb +0 -57
- data/lib/dawn/kb/cve_2013_7086.rb +0 -27
- data/lib/dawn/kb/cve_2014_0036.rb +0 -27
- data/lib/dawn/kb/cve_2014_0080.rb +0 -29
- data/lib/dawn/kb/cve_2014_0081.rb +0 -27
- data/lib/dawn/kb/cve_2014_0082.rb +0 -27
- data/lib/dawn/kb/cve_2014_0130.rb +0 -27
- data/lib/dawn/kb/cve_2014_1233.rb +0 -27
- data/lib/dawn/kb/cve_2014_1234.rb +0 -26
- data/lib/dawn/kb/cve_2014_2322.rb +0 -28
- data/lib/dawn/kb/cve_2014_2525.rb +0 -59
- data/lib/dawn/kb/cve_2014_2538.rb +0 -26
- data/lib/dawn/kb/cve_2014_3482.rb +0 -28
- data/lib/dawn/kb/cve_2014_3483.rb +0 -28
- data/lib/dawn/kb/cve_2014_3916.rb +0 -29
- data/lib/dawn/kb/cve_2014_4975.rb +0 -28
- data/lib/dawn/kb/cve_2014_7818.rb +0 -27
- data/lib/dawn/kb/cve_2014_7819.rb +0 -31
- data/lib/dawn/kb/cve_2014_7829.rb +0 -30
- data/lib/dawn/kb/cve_2014_8090.rb +0 -30
- data/lib/dawn/kb/cve_2014_9490.rb +0 -29
- data/lib/dawn/kb/cve_2015_1819.rb +0 -34
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
- data/lib/dawn/kb/cve_2015_2963.rb +0 -27
- data/lib/dawn/kb/cve_2015_3224.rb +0 -26
- data/lib/dawn/kb/cve_2015_3225.rb +0 -28
- data/lib/dawn/kb/cve_2015_3226.rb +0 -27
- data/lib/dawn/kb/cve_2015_3227.rb +0 -28
- data/lib/dawn/kb/cve_2015_3448.rb +0 -29
- data/lib/dawn/kb/cve_2015_4020.rb +0 -34
- data/lib/dawn/kb/cve_2015_5312.rb +0 -30
- data/lib/dawn/kb/cve_2015_7497.rb +0 -32
- data/lib/dawn/kb/cve_2015_7498.rb +0 -32
- data/lib/dawn/kb/cve_2015_7499.rb +0 -32
- data/lib/dawn/kb/cve_2015_7500.rb +0 -32
- data/lib/dawn/kb/cve_2015_7519.rb +0 -31
- data/lib/dawn/kb/cve_2015_7541.rb +0 -31
- data/lib/dawn/kb/cve_2015_7576.rb +0 -35
- data/lib/dawn/kb/cve_2015_7577.rb +0 -34
- data/lib/dawn/kb/cve_2015_7578.rb +0 -30
- data/lib/dawn/kb/cve_2015_7579.rb +0 -30
- data/lib/dawn/kb/cve_2015_7581.rb +0 -33
- data/lib/dawn/kb/cve_2015_8241.rb +0 -32
- data/lib/dawn/kb/cve_2015_8242.rb +0 -32
- data/lib/dawn/kb/cve_2015_8317.rb +0 -32
- data/lib/dawn/kb/cve_2016_0751.rb +0 -32
- data/lib/dawn/kb/cve_2016_0752.rb +0 -35
- data/lib/dawn/kb/cve_2016_0753.rb +0 -31
- data/lib/dawn/kb/cve_2016_2097.rb +0 -35
- data/lib/dawn/kb/cve_2016_2098.rb +0 -35
- data/lib/dawn/kb/cve_2016_5697.rb +0 -30
- data/lib/dawn/kb/cve_2016_6316.rb +0 -33
- data/lib/dawn/kb/cve_2016_6317.rb +0 -32
- data/lib/dawn/kb/cve_2016_6582.rb +0 -43
- data/lib/dawn/kb/not_revised_code.rb +0 -22
- data/lib/dawn/kb/osvdb_105971.rb +0 -29
- data/lib/dawn/kb/osvdb_108530.rb +0 -27
- data/lib/dawn/kb/osvdb_108563.rb +0 -28
- data/lib/dawn/kb/osvdb_108569.rb +0 -28
- data/lib/dawn/kb/osvdb_108570.rb +0 -27
- data/lib/dawn/kb/osvdb_115654.rb +0 -33
- data/lib/dawn/kb/osvdb_116010.rb +0 -30
- data/lib/dawn/kb/osvdb_117903.rb +0 -30
- data/lib/dawn/kb/osvdb_118579.rb +0 -31
- data/lib/dawn/kb/osvdb_118830.rb +0 -32
- data/lib/dawn/kb/osvdb_118954.rb +0 -33
- data/lib/dawn/kb/osvdb_119878.rb +0 -32
- data/lib/dawn/kb/osvdb_119927.rb +0 -33
- data/lib/dawn/kb/osvdb_120415.rb +0 -31
- data/lib/dawn/kb/osvdb_120857.rb +0 -34
- data/lib/dawn/kb/osvdb_121701.rb +0 -30
- data/lib/dawn/kb/osvdb_132234.rb +0 -34
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
- data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
- data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
- data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
- data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
- data/lib/dawn/knowledge_base_experimental.rb +0 -245
- data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
- data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
- data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
- data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
- data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
- data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
- data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
- data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
- data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
- data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
- data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
- data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
- data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
- data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
- data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
- data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
- data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
- data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
- data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
- data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
- data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
- data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
- data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
- data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
- data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
- data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
- data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
- data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
- data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
- data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
- data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
- data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
- data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
- data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
- data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
- data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
- data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
- data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
- data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
- data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
- data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
- data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
- data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
- data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
- data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
- data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
- data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
- data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
- data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
- data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
- metadata.gz.sig +0 -0
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-2963 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_2963.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when vulnerable paperclip gem is used 4.2.1)" do
|
|
8
|
-
@check.dependencies = [{:name=>"paperclip", :version=>'4.2.1'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
it "is reported when not vulnerable paperclip gem is used (4.2.2)" do
|
|
13
|
-
@check.dependencies = [{:name=>"paperclip", :version=>'4.2.2'}]
|
|
14
|
-
expect(@check.vuln?).to eq(false)
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
end
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-3224 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_3224.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when vulnerable web-console gem is used (2.1.2)" do
|
|
8
|
-
@check.dependencies = [{:name=>"web-console", :version=>'2.1.2'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is not reported when safe rack gem is used (2.1.3)" do
|
|
12
|
-
@check.dependencies = [{:name=>"web-console", :version=>'2.1.3'}]
|
|
13
|
-
expect(@check.vuln?).to eq(false)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
end
|
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-3225 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_3225.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when vulnerable rack gem is used (1.5.3)" do
|
|
8
|
-
@check.dependencies = [{:name=>"rack", :version=>'1.5.3'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when vulnerable rack gem is used (1.6.1)" do
|
|
12
|
-
@check.dependencies = [{:name=>"rack", :version=>'1.6.1'}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is not reported when safe rack gem is used (1.5.4)" do
|
|
16
|
-
@check.dependencies = [{:name=>"rack", :version=>'1.5.4'}]
|
|
17
|
-
expect(@check.vuln?).to eq(false)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when safe rack gem is used (1.5.5)" do
|
|
20
|
-
@check.dependencies = [{:name=>"rack", :version=>'1.5.5'}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when safe rack gem is used (1.6.3)" do
|
|
24
|
-
@check.dependencies = [{:name=>"rack", :version=>'1.6.3'}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
end
|
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-3226 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_3226.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
|
|
8
|
-
it "is reported when vulnerable active_support gem is used (3.x.x)" do
|
|
9
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'3.2.11'}]
|
|
10
|
-
expect(@check.vuln?).to eq(true)
|
|
11
|
-
end
|
|
12
|
-
it "is reported when vulnerable active_support gem is used (4.1.11)" do
|
|
13
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
|
|
14
|
-
expect(@check.vuln?).to eq(true)
|
|
15
|
-
end
|
|
16
|
-
it "is reported when vulnerable active_support gem is used (4.2.2)" do
|
|
17
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
|
|
18
|
-
expect(@check.vuln?).to eq(true)
|
|
19
|
-
end
|
|
20
|
-
it "is not reported when safe active_support gem is used (4.1.12)" do
|
|
21
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
|
|
22
|
-
expect(@check.vuln?).to eq(false)
|
|
23
|
-
end
|
|
24
|
-
it "is not reported when safe active_support gem is used (4.1.13)" do
|
|
25
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
|
|
26
|
-
expect(@check.vuln?).to eq(false)
|
|
27
|
-
end
|
|
28
|
-
it "is not reported when safe active_support gem is used (4.2.3)" do
|
|
29
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
|
|
30
|
-
expect(@check.vuln?).to eq(false)
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-3227 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_3227.new
|
|
5
|
-
end
|
|
6
|
-
it "is reported when vulnerable active_support gem is used (4.1.11)" do
|
|
7
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
|
|
8
|
-
expect(@check.vuln?).to eq(true)
|
|
9
|
-
end
|
|
10
|
-
it "is reported when vulnerable active_support gem is used (4.2.2)" do
|
|
11
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
|
|
12
|
-
expect(@check.vuln?).to eq(true)
|
|
13
|
-
end
|
|
14
|
-
it "is not reported when safe active_support gem is used (4.1.12)" do
|
|
15
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
|
|
16
|
-
expect(@check.vuln?).to eq(false)
|
|
17
|
-
end
|
|
18
|
-
it "is not reported when safe active_support gem is used (4.1.13)" do
|
|
19
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
|
|
20
|
-
expect(@check.vuln?).to eq(false)
|
|
21
|
-
end
|
|
22
|
-
it "is not reported when safe active_support gem is used (4.2.3)" do
|
|
23
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
|
|
24
|
-
expect(@check.vuln?).to eq(false)
|
|
25
|
-
end
|
|
26
|
-
it "is not reported when safe active_support gem is used (3.2.22)" do
|
|
27
|
-
@check.dependencies = [{:name=>"activesupport", :version=>'3.2.22'}]
|
|
28
|
-
expect(@check.vuln?).to eq(false)
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
end
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-3448 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_3448.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when vulnerable rest-client gem is used (1.7.2)" do
|
|
8
|
-
@check.dependencies = [{:name=>"rest-client", :version=>'1.7.2'}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is not reported when safe rest-client gem is used (1.7.3)" do
|
|
12
|
-
@check.dependencies = [{:name=>"rest-client", :version=>'1.7.3'}]
|
|
13
|
-
expect(@check.vuln?).to eq(false)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
end
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-4020 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_4020.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable rubygem is detected" do
|
|
8
|
-
@check.my_gem_version="2.4.3"
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable rubygem is detected" do
|
|
12
|
-
@check.my_gem_version="2.2.4"
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable rubygem is detected" do
|
|
16
|
-
@check.my_gem_version="2.0.16"
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.my_gem_version="2.4.9"
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-5312 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_5312.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-7497 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_7497.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-7498 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_7498.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-7499 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_7499.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-7500 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_7500.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-7519 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_7519.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"passenger", :version=>"4.0.54"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"passenger", :version=>"5.0.12"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is not reported when a fixed release is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"passenger", :version=>"4.0.60"}]
|
|
17
|
-
expect(@check.vuln?).to eq(false)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"passenger", :version=>"5.0.22"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
end
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-7541 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_7541.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"colorscore", :version=>"0.0.4"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is not reported when a fixed release is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"colorscore", :version=>"0.0.5"}]
|
|
13
|
-
expect(@check.vuln?).to eq(false)
|
|
14
|
-
end
|
|
15
|
-
end
|
|
@@ -1,51 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-7576 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_7576.new
|
|
5
|
-
@check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is reported when the vulnerable gem is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}]
|
|
21
|
-
expect(@check.vuln?).to eq(true)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.1"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
it "is not reported when a fixed release is detected" do
|
|
32
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}]
|
|
33
|
-
expect(@check.vuln?).to eq(false)
|
|
34
|
-
end
|
|
35
|
-
it "is not reported when a fixed release is detected" do
|
|
36
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}]
|
|
37
|
-
expect(@check.vuln?).to eq(false)
|
|
38
|
-
end
|
|
39
|
-
it "is not reported when a fixed release is detected" do
|
|
40
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}]
|
|
41
|
-
expect(@check.vuln?).to eq(false)
|
|
42
|
-
end
|
|
43
|
-
it "is not reported when a fixed release is detected" do
|
|
44
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.1"}]
|
|
45
|
-
expect(@check.vuln?).to eq(false)
|
|
46
|
-
end
|
|
47
|
-
it "is not reported when a fixed release is detected" do
|
|
48
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.23"}]
|
|
49
|
-
expect(@check.vuln?).to eq(false)
|
|
50
|
-
end
|
|
51
|
-
end
|
|
@@ -1,63 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-7577 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_7577.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"5.0.0.beta.1"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"4.2.5"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"4.1.14"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is reported when the vulnerable gem is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"3.1.2"}]
|
|
21
|
-
expect(@check.vuln?).to eq(true)
|
|
22
|
-
end
|
|
23
|
-
it "is reported when the vulnerable gem is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"3.2.22"}]
|
|
25
|
-
expect(@check.vuln?).to eq(true)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"5.0.0"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
it "is not reported when a fixed release is detected" do
|
|
32
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"5.0.0.1"}]
|
|
33
|
-
expect(@check.vuln?).to eq(false)
|
|
34
|
-
end
|
|
35
|
-
it "is not reported when a fixed release is detected" do
|
|
36
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"4.2.5.1"}]
|
|
37
|
-
expect(@check.vuln?).to eq(false)
|
|
38
|
-
end
|
|
39
|
-
it "is not reported when a fixed release is detected" do
|
|
40
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"4.2.6"}]
|
|
41
|
-
expect(@check.vuln?).to eq(false)
|
|
42
|
-
end
|
|
43
|
-
it "is not reported when a fixed release is detected" do
|
|
44
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"4.1.14.2"}]
|
|
45
|
-
expect(@check.vuln?).to eq(false)
|
|
46
|
-
end
|
|
47
|
-
it "is not reported when a fixed release is detected" do
|
|
48
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"4.1.15"}]
|
|
49
|
-
expect(@check.vuln?).to eq(false)
|
|
50
|
-
end
|
|
51
|
-
it "is not reported when a fixed release is detected" do
|
|
52
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"3.0.1"}]
|
|
53
|
-
expect(@check.vuln?).to eq(false)
|
|
54
|
-
end
|
|
55
|
-
it "is not reported when a fixed release is detected" do
|
|
56
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"3.2.22.1"}]
|
|
57
|
-
expect(@check.vuln?).to eq(false)
|
|
58
|
-
end
|
|
59
|
-
it "is not reported when a fixed release is detected" do
|
|
60
|
-
@check.dependencies = [{:name=>"activerecord", :version=>"3.2.23"}]
|
|
61
|
-
expect(@check.vuln?).to eq(false)
|
|
62
|
-
end
|
|
63
|
-
end
|