dawnscanner 1.6.8 → 2.0.0.rc4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (387) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +1 -0
  3. data/.ruby-version +1 -1
  4. data/Changelog.md +27 -1
  5. data/LICENSE.txt +1 -1
  6. data/README.md +59 -57
  7. data/Rakefile +10 -242
  8. data/Roadmap.md +15 -23
  9. data/VERSION +1 -1
  10. data/bin/dawn +17 -273
  11. data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
  12. data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
  13. data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
  14. data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
  15. data/dawnscanner.gemspec +10 -9
  16. data/doc/change.sh +13 -0
  17. data/doc/kickstart_kb.tar.gz +0 -0
  18. data/doc/knowledge_base.rb +650 -0
  19. data/docs/.placeholder +0 -0
  20. data/docs/CNAME +1 -0
  21. data/docs/_config.yml +1 -0
  22. data/lib/dawn/cli/dawn_cli.rb +139 -0
  23. data/lib/dawn/core.rb +8 -7
  24. data/lib/dawn/engine.rb +93 -34
  25. data/lib/dawn/gemfile_lock.rb +2 -2
  26. data/lib/dawn/kb/basic_check.rb +1 -2
  27. data/lib/dawn/kb/combo_check.rb +1 -1
  28. data/lib/dawn/kb/dependency_check.rb +1 -1
  29. data/lib/dawn/kb/operating_system_check.rb +1 -1
  30. data/lib/dawn/kb/pattern_match_check.rb +10 -9
  31. data/lib/dawn/kb/ruby_version_check.rb +11 -10
  32. data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
  33. data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
  34. data/lib/dawn/kb/version_check.rb +41 -24
  35. data/lib/dawn/knowledge_base.rb +259 -595
  36. data/lib/dawn/reporter.rb +2 -1
  37. data/lib/dawn/utils.rb +5 -2
  38. data/lib/dawn/version.rb +5 -5
  39. data/lib/dawnscanner.rb +7 -6
  40. data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
  41. data/spec/lib/kb/dependency_check.yml +29 -0
  42. metadata +30 -496
  43. checksums.yaml.gz.sig +0 -0
  44. data.tar.gz.sig +0 -0
  45. data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
  46. data/lib/dawn/kb/cve_2004_0755.rb +0 -33
  47. data/lib/dawn/kb/cve_2004_0983.rb +0 -31
  48. data/lib/dawn/kb/cve_2005_1992.rb +0 -31
  49. data/lib/dawn/kb/cve_2005_2337.rb +0 -33
  50. data/lib/dawn/kb/cve_2006_1931.rb +0 -30
  51. data/lib/dawn/kb/cve_2006_2582.rb +0 -28
  52. data/lib/dawn/kb/cve_2006_3694.rb +0 -31
  53. data/lib/dawn/kb/cve_2006_4112.rb +0 -27
  54. data/lib/dawn/kb/cve_2006_5467.rb +0 -28
  55. data/lib/dawn/kb/cve_2006_6303.rb +0 -28
  56. data/lib/dawn/kb/cve_2006_6852.rb +0 -27
  57. data/lib/dawn/kb/cve_2006_6979.rb +0 -29
  58. data/lib/dawn/kb/cve_2007_0469.rb +0 -29
  59. data/lib/dawn/kb/cve_2007_5162.rb +0 -28
  60. data/lib/dawn/kb/cve_2007_5379.rb +0 -27
  61. data/lib/dawn/kb/cve_2007_5380.rb +0 -29
  62. data/lib/dawn/kb/cve_2007_5770.rb +0 -30
  63. data/lib/dawn/kb/cve_2007_6077.rb +0 -31
  64. data/lib/dawn/kb/cve_2007_6612.rb +0 -30
  65. data/lib/dawn/kb/cve_2008_1145.rb +0 -38
  66. data/lib/dawn/kb/cve_2008_1891.rb +0 -38
  67. data/lib/dawn/kb/cve_2008_2376.rb +0 -30
  68. data/lib/dawn/kb/cve_2008_2662.rb +0 -33
  69. data/lib/dawn/kb/cve_2008_2663.rb +0 -32
  70. data/lib/dawn/kb/cve_2008_2664.rb +0 -33
  71. data/lib/dawn/kb/cve_2008_2725.rb +0 -31
  72. data/lib/dawn/kb/cve_2008_3655.rb +0 -37
  73. data/lib/dawn/kb/cve_2008_3657.rb +0 -37
  74. data/lib/dawn/kb/cve_2008_3790.rb +0 -30
  75. data/lib/dawn/kb/cve_2008_3905.rb +0 -36
  76. data/lib/dawn/kb/cve_2008_4094.rb +0 -27
  77. data/lib/dawn/kb/cve_2008_4310.rb +0 -100
  78. data/lib/dawn/kb/cve_2008_5189.rb +0 -27
  79. data/lib/dawn/kb/cve_2008_7248.rb +0 -27
  80. data/lib/dawn/kb/cve_2009_4078.rb +0 -29
  81. data/lib/dawn/kb/cve_2009_4124.rb +0 -30
  82. data/lib/dawn/kb/cve_2009_4214.rb +0 -27
  83. data/lib/dawn/kb/cve_2010_1330.rb +0 -28
  84. data/lib/dawn/kb/cve_2010_2489.rb +0 -60
  85. data/lib/dawn/kb/cve_2010_3933.rb +0 -27
  86. data/lib/dawn/kb/cve_2011_0188.rb +0 -67
  87. data/lib/dawn/kb/cve_2011_0446.rb +0 -28
  88. data/lib/dawn/kb/cve_2011_0447.rb +0 -28
  89. data/lib/dawn/kb/cve_2011_0739.rb +0 -28
  90. data/lib/dawn/kb/cve_2011_0995.rb +0 -61
  91. data/lib/dawn/kb/cve_2011_1004.rb +0 -34
  92. data/lib/dawn/kb/cve_2011_1005.rb +0 -31
  93. data/lib/dawn/kb/cve_2011_2197.rb +0 -27
  94. data/lib/dawn/kb/cve_2011_2686.rb +0 -29
  95. data/lib/dawn/kb/cve_2011_2705.rb +0 -32
  96. data/lib/dawn/kb/cve_2011_2929.rb +0 -27
  97. data/lib/dawn/kb/cve_2011_2930.rb +0 -28
  98. data/lib/dawn/kb/cve_2011_2931.rb +0 -30
  99. data/lib/dawn/kb/cve_2011_2932.rb +0 -27
  100. data/lib/dawn/kb/cve_2011_3009.rb +0 -28
  101. data/lib/dawn/kb/cve_2011_3186.rb +0 -29
  102. data/lib/dawn/kb/cve_2011_3187.rb +0 -29
  103. data/lib/dawn/kb/cve_2011_4319.rb +0 -30
  104. data/lib/dawn/kb/cve_2011_4815.rb +0 -28
  105. data/lib/dawn/kb/cve_2011_5036.rb +0 -26
  106. data/lib/dawn/kb/cve_2012_1098.rb +0 -30
  107. data/lib/dawn/kb/cve_2012_1099.rb +0 -27
  108. data/lib/dawn/kb/cve_2012_1241.rb +0 -27
  109. data/lib/dawn/kb/cve_2012_2139.rb +0 -26
  110. data/lib/dawn/kb/cve_2012_2140.rb +0 -27
  111. data/lib/dawn/kb/cve_2012_2660.rb +0 -28
  112. data/lib/dawn/kb/cve_2012_2661.rb +0 -27
  113. data/lib/dawn/kb/cve_2012_2671.rb +0 -28
  114. data/lib/dawn/kb/cve_2012_2694.rb +0 -30
  115. data/lib/dawn/kb/cve_2012_2695.rb +0 -27
  116. data/lib/dawn/kb/cve_2012_3424.rb +0 -29
  117. data/lib/dawn/kb/cve_2012_3463.rb +0 -27
  118. data/lib/dawn/kb/cve_2012_3464.rb +0 -27
  119. data/lib/dawn/kb/cve_2012_3465.rb +0 -26
  120. data/lib/dawn/kb/cve_2012_4464.rb +0 -27
  121. data/lib/dawn/kb/cve_2012_4466.rb +0 -27
  122. data/lib/dawn/kb/cve_2012_4481.rb +0 -26
  123. data/lib/dawn/kb/cve_2012_4522.rb +0 -27
  124. data/lib/dawn/kb/cve_2012_5370.rb +0 -27
  125. data/lib/dawn/kb/cve_2012_5371.rb +0 -27
  126. data/lib/dawn/kb/cve_2012_5380.rb +0 -28
  127. data/lib/dawn/kb/cve_2012_6109.rb +0 -25
  128. data/lib/dawn/kb/cve_2012_6134.rb +0 -27
  129. data/lib/dawn/kb/cve_2012_6496.rb +0 -28
  130. data/lib/dawn/kb/cve_2012_6497.rb +0 -28
  131. data/lib/dawn/kb/cve_2012_6684.rb +0 -28
  132. data/lib/dawn/kb/cve_2013_0155.rb +0 -29
  133. data/lib/dawn/kb/cve_2013_0156.rb +0 -27
  134. data/lib/dawn/kb/cve_2013_0162.rb +0 -28
  135. data/lib/dawn/kb/cve_2013_0175.rb +0 -27
  136. data/lib/dawn/kb/cve_2013_0183.rb +0 -25
  137. data/lib/dawn/kb/cve_2013_0184.rb +0 -25
  138. data/lib/dawn/kb/cve_2013_0233.rb +0 -26
  139. data/lib/dawn/kb/cve_2013_0256.rb +0 -59
  140. data/lib/dawn/kb/cve_2013_0262.rb +0 -26
  141. data/lib/dawn/kb/cve_2013_0263.rb +0 -26
  142. data/lib/dawn/kb/cve_2013_0269.rb +0 -27
  143. data/lib/dawn/kb/cve_2013_0276.rb +0 -28
  144. data/lib/dawn/kb/cve_2013_0277.rb +0 -25
  145. data/lib/dawn/kb/cve_2013_0284.rb +0 -27
  146. data/lib/dawn/kb/cve_2013_0285.rb +0 -27
  147. data/lib/dawn/kb/cve_2013_0333.rb +0 -28
  148. data/lib/dawn/kb/cve_2013_0334.rb +0 -25
  149. data/lib/dawn/kb/cve_2013_1607.rb +0 -25
  150. data/lib/dawn/kb/cve_2013_1655.rb +0 -65
  151. data/lib/dawn/kb/cve_2013_1656.rb +0 -28
  152. data/lib/dawn/kb/cve_2013_1756.rb +0 -26
  153. data/lib/dawn/kb/cve_2013_1800.rb +0 -26
  154. data/lib/dawn/kb/cve_2013_1801.rb +0 -27
  155. data/lib/dawn/kb/cve_2013_1802.rb +0 -27
  156. data/lib/dawn/kb/cve_2013_1812.rb +0 -27
  157. data/lib/dawn/kb/cve_2013_1821.rb +0 -28
  158. data/lib/dawn/kb/cve_2013_1854.rb +0 -26
  159. data/lib/dawn/kb/cve_2013_1855.rb +0 -25
  160. data/lib/dawn/kb/cve_2013_1856.rb +0 -26
  161. data/lib/dawn/kb/cve_2013_1857.rb +0 -27
  162. data/lib/dawn/kb/cve_2013_1875.rb +0 -27
  163. data/lib/dawn/kb/cve_2013_1898.rb +0 -27
  164. data/lib/dawn/kb/cve_2013_1911.rb +0 -28
  165. data/lib/dawn/kb/cve_2013_1933.rb +0 -27
  166. data/lib/dawn/kb/cve_2013_1947.rb +0 -27
  167. data/lib/dawn/kb/cve_2013_1948.rb +0 -27
  168. data/lib/dawn/kb/cve_2013_2065.rb +0 -29
  169. data/lib/dawn/kb/cve_2013_2090.rb +0 -28
  170. data/lib/dawn/kb/cve_2013_2105.rb +0 -26
  171. data/lib/dawn/kb/cve_2013_2119.rb +0 -27
  172. data/lib/dawn/kb/cve_2013_2512.rb +0 -26
  173. data/lib/dawn/kb/cve_2013_2513.rb +0 -25
  174. data/lib/dawn/kb/cve_2013_2516.rb +0 -26
  175. data/lib/dawn/kb/cve_2013_2615.rb +0 -27
  176. data/lib/dawn/kb/cve_2013_2616.rb +0 -27
  177. data/lib/dawn/kb/cve_2013_2617.rb +0 -28
  178. data/lib/dawn/kb/cve_2013_3221.rb +0 -27
  179. data/lib/dawn/kb/cve_2013_4164.rb +0 -30
  180. data/lib/dawn/kb/cve_2013_4203.rb +0 -25
  181. data/lib/dawn/kb/cve_2013_4389.rb +0 -26
  182. data/lib/dawn/kb/cve_2013_4413.rb +0 -27
  183. data/lib/dawn/kb/cve_2013_4457.rb +0 -29
  184. data/lib/dawn/kb/cve_2013_4478.rb +0 -26
  185. data/lib/dawn/kb/cve_2013_4479.rb +0 -26
  186. data/lib/dawn/kb/cve_2013_4489.rb +0 -28
  187. data/lib/dawn/kb/cve_2013_4491.rb +0 -29
  188. data/lib/dawn/kb/cve_2013_4492.rb +0 -29
  189. data/lib/dawn/kb/cve_2013_4562.rb +0 -27
  190. data/lib/dawn/kb/cve_2013_4593.rb +0 -27
  191. data/lib/dawn/kb/cve_2013_5647.rb +0 -29
  192. data/lib/dawn/kb/cve_2013_5671.rb +0 -26
  193. data/lib/dawn/kb/cve_2013_6414.rb +0 -30
  194. data/lib/dawn/kb/cve_2013_6415.rb +0 -29
  195. data/lib/dawn/kb/cve_2013_6416.rb +0 -29
  196. data/lib/dawn/kb/cve_2013_6417.rb +0 -30
  197. data/lib/dawn/kb/cve_2013_6421.rb +0 -28
  198. data/lib/dawn/kb/cve_2013_6459.rb +0 -28
  199. data/lib/dawn/kb/cve_2013_6460.rb +0 -53
  200. data/lib/dawn/kb/cve_2013_6461.rb +0 -57
  201. data/lib/dawn/kb/cve_2013_7086.rb +0 -27
  202. data/lib/dawn/kb/cve_2014_0036.rb +0 -27
  203. data/lib/dawn/kb/cve_2014_0080.rb +0 -29
  204. data/lib/dawn/kb/cve_2014_0081.rb +0 -27
  205. data/lib/dawn/kb/cve_2014_0082.rb +0 -27
  206. data/lib/dawn/kb/cve_2014_0130.rb +0 -27
  207. data/lib/dawn/kb/cve_2014_1233.rb +0 -27
  208. data/lib/dawn/kb/cve_2014_1234.rb +0 -26
  209. data/lib/dawn/kb/cve_2014_2322.rb +0 -28
  210. data/lib/dawn/kb/cve_2014_2525.rb +0 -59
  211. data/lib/dawn/kb/cve_2014_2538.rb +0 -26
  212. data/lib/dawn/kb/cve_2014_3482.rb +0 -28
  213. data/lib/dawn/kb/cve_2014_3483.rb +0 -28
  214. data/lib/dawn/kb/cve_2014_3916.rb +0 -29
  215. data/lib/dawn/kb/cve_2014_4975.rb +0 -28
  216. data/lib/dawn/kb/cve_2014_7818.rb +0 -27
  217. data/lib/dawn/kb/cve_2014_7819.rb +0 -31
  218. data/lib/dawn/kb/cve_2014_7829.rb +0 -30
  219. data/lib/dawn/kb/cve_2014_8090.rb +0 -30
  220. data/lib/dawn/kb/cve_2014_9490.rb +0 -29
  221. data/lib/dawn/kb/cve_2015_1819.rb +0 -34
  222. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
  223. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
  224. data/lib/dawn/kb/cve_2015_2963.rb +0 -27
  225. data/lib/dawn/kb/cve_2015_3224.rb +0 -26
  226. data/lib/dawn/kb/cve_2015_3225.rb +0 -28
  227. data/lib/dawn/kb/cve_2015_3226.rb +0 -27
  228. data/lib/dawn/kb/cve_2015_3227.rb +0 -28
  229. data/lib/dawn/kb/cve_2015_3448.rb +0 -29
  230. data/lib/dawn/kb/cve_2015_4020.rb +0 -34
  231. data/lib/dawn/kb/cve_2015_5312.rb +0 -30
  232. data/lib/dawn/kb/cve_2015_7497.rb +0 -32
  233. data/lib/dawn/kb/cve_2015_7498.rb +0 -32
  234. data/lib/dawn/kb/cve_2015_7499.rb +0 -32
  235. data/lib/dawn/kb/cve_2015_7500.rb +0 -32
  236. data/lib/dawn/kb/cve_2015_7519.rb +0 -31
  237. data/lib/dawn/kb/cve_2015_7541.rb +0 -31
  238. data/lib/dawn/kb/cve_2015_7576.rb +0 -35
  239. data/lib/dawn/kb/cve_2015_7577.rb +0 -34
  240. data/lib/dawn/kb/cve_2015_7578.rb +0 -30
  241. data/lib/dawn/kb/cve_2015_7579.rb +0 -30
  242. data/lib/dawn/kb/cve_2015_7581.rb +0 -33
  243. data/lib/dawn/kb/cve_2015_8241.rb +0 -32
  244. data/lib/dawn/kb/cve_2015_8242.rb +0 -32
  245. data/lib/dawn/kb/cve_2015_8317.rb +0 -32
  246. data/lib/dawn/kb/cve_2016_0751.rb +0 -32
  247. data/lib/dawn/kb/cve_2016_0752.rb +0 -35
  248. data/lib/dawn/kb/cve_2016_0753.rb +0 -31
  249. data/lib/dawn/kb/cve_2016_2097.rb +0 -35
  250. data/lib/dawn/kb/cve_2016_2098.rb +0 -35
  251. data/lib/dawn/kb/cve_2016_5697.rb +0 -30
  252. data/lib/dawn/kb/cve_2016_6316.rb +0 -33
  253. data/lib/dawn/kb/cve_2016_6317.rb +0 -32
  254. data/lib/dawn/kb/cve_2016_6582.rb +0 -43
  255. data/lib/dawn/kb/not_revised_code.rb +0 -22
  256. data/lib/dawn/kb/osvdb_105971.rb +0 -29
  257. data/lib/dawn/kb/osvdb_108530.rb +0 -27
  258. data/lib/dawn/kb/osvdb_108563.rb +0 -28
  259. data/lib/dawn/kb/osvdb_108569.rb +0 -28
  260. data/lib/dawn/kb/osvdb_108570.rb +0 -27
  261. data/lib/dawn/kb/osvdb_115654.rb +0 -33
  262. data/lib/dawn/kb/osvdb_116010.rb +0 -30
  263. data/lib/dawn/kb/osvdb_117903.rb +0 -30
  264. data/lib/dawn/kb/osvdb_118579.rb +0 -31
  265. data/lib/dawn/kb/osvdb_118830.rb +0 -32
  266. data/lib/dawn/kb/osvdb_118954.rb +0 -33
  267. data/lib/dawn/kb/osvdb_119878.rb +0 -32
  268. data/lib/dawn/kb/osvdb_119927.rb +0 -33
  269. data/lib/dawn/kb/osvdb_120415.rb +0 -31
  270. data/lib/dawn/kb/osvdb_120857.rb +0 -34
  271. data/lib/dawn/kb/osvdb_121701.rb +0 -30
  272. data/lib/dawn/kb/osvdb_132234.rb +0 -34
  273. data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
  274. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
  275. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
  276. data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
  277. data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
  278. data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
  279. data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
  280. data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
  281. data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
  282. data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
  283. data/lib/dawn/knowledge_base_experimental.rb +0 -245
  284. data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
  285. data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
  286. data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
  287. data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
  288. data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
  289. data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
  290. data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
  291. data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
  292. data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
  293. data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
  294. data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
  295. data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
  296. data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
  297. data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
  298. data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
  299. data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
  300. data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
  301. data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
  302. data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
  303. data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
  304. data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
  305. data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
  306. data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
  307. data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
  308. data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
  309. data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
  310. data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
  311. data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
  312. data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
  313. data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
  314. data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
  315. data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
  316. data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
  317. data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
  318. data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
  319. data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
  320. data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
  321. data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
  322. data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
  323. data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
  324. data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
  325. data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
  326. data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
  327. data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
  328. data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
  329. data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
  330. data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
  331. data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
  332. data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
  333. data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
  334. data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
  335. data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
  336. data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
  337. data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
  338. data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
  339. data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
  340. data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
  341. data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
  342. data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
  343. data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
  344. data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
  345. data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
  346. data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
  347. data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
  348. data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
  349. data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
  350. data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
  351. data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
  352. data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
  353. data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
  354. data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
  355. data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
  356. data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
  357. data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
  358. data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
  359. data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
  360. data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
  361. data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
  362. data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
  363. data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
  364. data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
  365. data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
  366. data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
  367. data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
  368. data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
  369. data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
  370. data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
  371. data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
  372. data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
  373. data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
  374. data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
  375. data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
  376. data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
  377. data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
  378. data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
  379. data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
  380. data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
  381. data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
  382. data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
  383. data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
  384. data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
  385. data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
  386. data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
  387. metadata.gz.sig +0 -0
@@ -1,17 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-2963 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_2963.new
5
- # @check.debug = true
6
- end
7
- it "is reported when vulnerable paperclip gem is used 4.2.1)" do
8
- @check.dependencies = [{:name=>"paperclip", :version=>'4.2.1'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
-
12
- it "is reported when not vulnerable paperclip gem is used (4.2.2)" do
13
- @check.dependencies = [{:name=>"paperclip", :version=>'4.2.2'}]
14
- expect(@check.vuln?).to eq(false)
15
- end
16
-
17
- end
@@ -1,16 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-3224 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_3224.new
5
- # @check.debug = true
6
- end
7
- it "is reported when vulnerable web-console gem is used (2.1.2)" do
8
- @check.dependencies = [{:name=>"web-console", :version=>'2.1.2'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is not reported when safe rack gem is used (2.1.3)" do
12
- @check.dependencies = [{:name=>"web-console", :version=>'2.1.3'}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
-
16
- end
@@ -1,27 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-3225 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_3225.new
5
- # @check.debug = true
6
- end
7
- it "is reported when vulnerable rack gem is used (1.5.3)" do
8
- @check.dependencies = [{:name=>"rack", :version=>'1.5.3'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when vulnerable rack gem is used (1.6.1)" do
12
- @check.dependencies = [{:name=>"rack", :version=>'1.6.1'}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is not reported when safe rack gem is used (1.5.4)" do
16
- @check.dependencies = [{:name=>"rack", :version=>'1.5.4'}]
17
- expect(@check.vuln?).to eq(false)
18
- end
19
- it "is not reported when safe rack gem is used (1.5.5)" do
20
- @check.dependencies = [{:name=>"rack", :version=>'1.5.5'}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when safe rack gem is used (1.6.3)" do
24
- @check.dependencies = [{:name=>"rack", :version=>'1.6.3'}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- end
@@ -1,35 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-3226 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_3226.new
5
- # @check.debug = true
6
- end
7
-
8
- it "is reported when vulnerable active_support gem is used (3.x.x)" do
9
- @check.dependencies = [{:name=>"activesupport", :version=>'3.2.11'}]
10
- expect(@check.vuln?).to eq(true)
11
- end
12
- it "is reported when vulnerable active_support gem is used (4.1.11)" do
13
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
14
- expect(@check.vuln?).to eq(true)
15
- end
16
- it "is reported when vulnerable active_support gem is used (4.2.2)" do
17
- @check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
18
- expect(@check.vuln?).to eq(true)
19
- end
20
- it "is not reported when safe active_support gem is used (4.1.12)" do
21
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
22
- expect(@check.vuln?).to eq(false)
23
- end
24
- it "is not reported when safe active_support gem is used (4.1.13)" do
25
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
26
- expect(@check.vuln?).to eq(false)
27
- end
28
- it "is not reported when safe active_support gem is used (4.2.3)" do
29
- @check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
30
- expect(@check.vuln?).to eq(false)
31
- end
32
-
33
-
34
-
35
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-3227 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_3227.new
5
- end
6
- it "is reported when vulnerable active_support gem is used (4.1.11)" do
7
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
8
- expect(@check.vuln?).to eq(true)
9
- end
10
- it "is reported when vulnerable active_support gem is used (4.2.2)" do
11
- @check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
12
- expect(@check.vuln?).to eq(true)
13
- end
14
- it "is not reported when safe active_support gem is used (4.1.12)" do
15
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
16
- expect(@check.vuln?).to eq(false)
17
- end
18
- it "is not reported when safe active_support gem is used (4.1.13)" do
19
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
20
- expect(@check.vuln?).to eq(false)
21
- end
22
- it "is not reported when safe active_support gem is used (4.2.3)" do
23
- @check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
24
- expect(@check.vuln?).to eq(false)
25
- end
26
- it "is not reported when safe active_support gem is used (3.2.22)" do
27
- @check.dependencies = [{:name=>"activesupport", :version=>'3.2.22'}]
28
- expect(@check.vuln?).to eq(false)
29
- end
30
-
31
- end
@@ -1,16 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-3448 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_3448.new
5
- # @check.debug = true
6
- end
7
- it "is reported when vulnerable rest-client gem is used (1.7.2)" do
8
- @check.dependencies = [{:name=>"rest-client", :version=>'1.7.2'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is not reported when safe rest-client gem is used (1.7.3)" do
12
- @check.dependencies = [{:name=>"rest-client", :version=>'1.7.3'}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
-
16
- end
@@ -1,24 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-4020 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_4020.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable rubygem is detected" do
8
- @check.my_gem_version="2.4.3"
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable rubygem is detected" do
12
- @check.my_gem_version="2.2.4"
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable rubygem is detected" do
16
- @check.my_gem_version="2.0.16"
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.my_gem_version="2.4.9"
21
- expect(@check.vuln?).to eq(false)
22
- end
23
-
24
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-5312 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_5312.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7497 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7497.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7498 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7498.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7499 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7499.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7500 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7500.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,23 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7519 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7519.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"passenger", :version=>"4.0.54"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"passenger", :version=>"5.0.12"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is not reported when a fixed release is detected" do
16
- @check.dependencies = [{:name=>"passenger", :version=>"4.0.60"}]
17
- expect(@check.vuln?).to eq(false)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"passenger", :version=>"5.0.22"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- end
@@ -1,15 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7541 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7541.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"colorscore", :version=>"0.0.4"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is not reported when a fixed release is detected" do
12
- @check.dependencies = [{:name=>"colorscore", :version=>"0.0.5"}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
- end
@@ -1,51 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7576 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7576.new
5
- @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is reported when the vulnerable gem is detected" do
20
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}]
21
- expect(@check.vuln?).to eq(true)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.1"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "is not reported when a fixed release is detected" do
32
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}]
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- it "is not reported when a fixed release is detected" do
36
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}]
37
- expect(@check.vuln?).to eq(false)
38
- end
39
- it "is not reported when a fixed release is detected" do
40
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}]
41
- expect(@check.vuln?).to eq(false)
42
- end
43
- it "is not reported when a fixed release is detected" do
44
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.1"}]
45
- expect(@check.vuln?).to eq(false)
46
- end
47
- it "is not reported when a fixed release is detected" do
48
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.23"}]
49
- expect(@check.vuln?).to eq(false)
50
- end
51
- end
@@ -1,63 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7577 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7577.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0.beta.1"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"activerecord", :version=>"4.2.5"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"activerecord", :version=>"4.1.14"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is reported when the vulnerable gem is detected" do
20
- @check.dependencies = [{:name=>"activerecord", :version=>"3.1.2"}]
21
- expect(@check.vuln?).to eq(true)
22
- end
23
- it "is reported when the vulnerable gem is detected" do
24
- @check.dependencies = [{:name=>"activerecord", :version=>"3.2.22"}]
25
- expect(@check.vuln?).to eq(true)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "is not reported when a fixed release is detected" do
32
- @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0.1"}]
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- it "is not reported when a fixed release is detected" do
36
- @check.dependencies = [{:name=>"activerecord", :version=>"4.2.5.1"}]
37
- expect(@check.vuln?).to eq(false)
38
- end
39
- it "is not reported when a fixed release is detected" do
40
- @check.dependencies = [{:name=>"activerecord", :version=>"4.2.6"}]
41
- expect(@check.vuln?).to eq(false)
42
- end
43
- it "is not reported when a fixed release is detected" do
44
- @check.dependencies = [{:name=>"activerecord", :version=>"4.1.14.2"}]
45
- expect(@check.vuln?).to eq(false)
46
- end
47
- it "is not reported when a fixed release is detected" do
48
- @check.dependencies = [{:name=>"activerecord", :version=>"4.1.15"}]
49
- expect(@check.vuln?).to eq(false)
50
- end
51
- it "is not reported when a fixed release is detected" do
52
- @check.dependencies = [{:name=>"activerecord", :version=>"3.0.1"}]
53
- expect(@check.vuln?).to eq(false)
54
- end
55
- it "is not reported when a fixed release is detected" do
56
- @check.dependencies = [{:name=>"activerecord", :version=>"3.2.22.1"}]
57
- expect(@check.vuln?).to eq(false)
58
- end
59
- it "is not reported when a fixed release is detected" do
60
- @check.dependencies = [{:name=>"activerecord", :version=>"3.2.23"}]
61
- expect(@check.vuln?).to eq(false)
62
- end
63
- end