dawnscanner 1.6.8 → 2.0.0.rc4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (387) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +1 -0
  3. data/.ruby-version +1 -1
  4. data/Changelog.md +27 -1
  5. data/LICENSE.txt +1 -1
  6. data/README.md +59 -57
  7. data/Rakefile +10 -242
  8. data/Roadmap.md +15 -23
  9. data/VERSION +1 -1
  10. data/bin/dawn +17 -273
  11. data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
  12. data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
  13. data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
  14. data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
  15. data/dawnscanner.gemspec +10 -9
  16. data/doc/change.sh +13 -0
  17. data/doc/kickstart_kb.tar.gz +0 -0
  18. data/doc/knowledge_base.rb +650 -0
  19. data/docs/.placeholder +0 -0
  20. data/docs/CNAME +1 -0
  21. data/docs/_config.yml +1 -0
  22. data/lib/dawn/cli/dawn_cli.rb +139 -0
  23. data/lib/dawn/core.rb +8 -7
  24. data/lib/dawn/engine.rb +93 -34
  25. data/lib/dawn/gemfile_lock.rb +2 -2
  26. data/lib/dawn/kb/basic_check.rb +1 -2
  27. data/lib/dawn/kb/combo_check.rb +1 -1
  28. data/lib/dawn/kb/dependency_check.rb +1 -1
  29. data/lib/dawn/kb/operating_system_check.rb +1 -1
  30. data/lib/dawn/kb/pattern_match_check.rb +10 -9
  31. data/lib/dawn/kb/ruby_version_check.rb +11 -10
  32. data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
  33. data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
  34. data/lib/dawn/kb/version_check.rb +41 -24
  35. data/lib/dawn/knowledge_base.rb +259 -595
  36. data/lib/dawn/reporter.rb +2 -1
  37. data/lib/dawn/utils.rb +5 -2
  38. data/lib/dawn/version.rb +5 -5
  39. data/lib/dawnscanner.rb +7 -6
  40. data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
  41. data/spec/lib/kb/dependency_check.yml +29 -0
  42. metadata +30 -496
  43. checksums.yaml.gz.sig +0 -0
  44. data.tar.gz.sig +0 -0
  45. data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
  46. data/lib/dawn/kb/cve_2004_0755.rb +0 -33
  47. data/lib/dawn/kb/cve_2004_0983.rb +0 -31
  48. data/lib/dawn/kb/cve_2005_1992.rb +0 -31
  49. data/lib/dawn/kb/cve_2005_2337.rb +0 -33
  50. data/lib/dawn/kb/cve_2006_1931.rb +0 -30
  51. data/lib/dawn/kb/cve_2006_2582.rb +0 -28
  52. data/lib/dawn/kb/cve_2006_3694.rb +0 -31
  53. data/lib/dawn/kb/cve_2006_4112.rb +0 -27
  54. data/lib/dawn/kb/cve_2006_5467.rb +0 -28
  55. data/lib/dawn/kb/cve_2006_6303.rb +0 -28
  56. data/lib/dawn/kb/cve_2006_6852.rb +0 -27
  57. data/lib/dawn/kb/cve_2006_6979.rb +0 -29
  58. data/lib/dawn/kb/cve_2007_0469.rb +0 -29
  59. data/lib/dawn/kb/cve_2007_5162.rb +0 -28
  60. data/lib/dawn/kb/cve_2007_5379.rb +0 -27
  61. data/lib/dawn/kb/cve_2007_5380.rb +0 -29
  62. data/lib/dawn/kb/cve_2007_5770.rb +0 -30
  63. data/lib/dawn/kb/cve_2007_6077.rb +0 -31
  64. data/lib/dawn/kb/cve_2007_6612.rb +0 -30
  65. data/lib/dawn/kb/cve_2008_1145.rb +0 -38
  66. data/lib/dawn/kb/cve_2008_1891.rb +0 -38
  67. data/lib/dawn/kb/cve_2008_2376.rb +0 -30
  68. data/lib/dawn/kb/cve_2008_2662.rb +0 -33
  69. data/lib/dawn/kb/cve_2008_2663.rb +0 -32
  70. data/lib/dawn/kb/cve_2008_2664.rb +0 -33
  71. data/lib/dawn/kb/cve_2008_2725.rb +0 -31
  72. data/lib/dawn/kb/cve_2008_3655.rb +0 -37
  73. data/lib/dawn/kb/cve_2008_3657.rb +0 -37
  74. data/lib/dawn/kb/cve_2008_3790.rb +0 -30
  75. data/lib/dawn/kb/cve_2008_3905.rb +0 -36
  76. data/lib/dawn/kb/cve_2008_4094.rb +0 -27
  77. data/lib/dawn/kb/cve_2008_4310.rb +0 -100
  78. data/lib/dawn/kb/cve_2008_5189.rb +0 -27
  79. data/lib/dawn/kb/cve_2008_7248.rb +0 -27
  80. data/lib/dawn/kb/cve_2009_4078.rb +0 -29
  81. data/lib/dawn/kb/cve_2009_4124.rb +0 -30
  82. data/lib/dawn/kb/cve_2009_4214.rb +0 -27
  83. data/lib/dawn/kb/cve_2010_1330.rb +0 -28
  84. data/lib/dawn/kb/cve_2010_2489.rb +0 -60
  85. data/lib/dawn/kb/cve_2010_3933.rb +0 -27
  86. data/lib/dawn/kb/cve_2011_0188.rb +0 -67
  87. data/lib/dawn/kb/cve_2011_0446.rb +0 -28
  88. data/lib/dawn/kb/cve_2011_0447.rb +0 -28
  89. data/lib/dawn/kb/cve_2011_0739.rb +0 -28
  90. data/lib/dawn/kb/cve_2011_0995.rb +0 -61
  91. data/lib/dawn/kb/cve_2011_1004.rb +0 -34
  92. data/lib/dawn/kb/cve_2011_1005.rb +0 -31
  93. data/lib/dawn/kb/cve_2011_2197.rb +0 -27
  94. data/lib/dawn/kb/cve_2011_2686.rb +0 -29
  95. data/lib/dawn/kb/cve_2011_2705.rb +0 -32
  96. data/lib/dawn/kb/cve_2011_2929.rb +0 -27
  97. data/lib/dawn/kb/cve_2011_2930.rb +0 -28
  98. data/lib/dawn/kb/cve_2011_2931.rb +0 -30
  99. data/lib/dawn/kb/cve_2011_2932.rb +0 -27
  100. data/lib/dawn/kb/cve_2011_3009.rb +0 -28
  101. data/lib/dawn/kb/cve_2011_3186.rb +0 -29
  102. data/lib/dawn/kb/cve_2011_3187.rb +0 -29
  103. data/lib/dawn/kb/cve_2011_4319.rb +0 -30
  104. data/lib/dawn/kb/cve_2011_4815.rb +0 -28
  105. data/lib/dawn/kb/cve_2011_5036.rb +0 -26
  106. data/lib/dawn/kb/cve_2012_1098.rb +0 -30
  107. data/lib/dawn/kb/cve_2012_1099.rb +0 -27
  108. data/lib/dawn/kb/cve_2012_1241.rb +0 -27
  109. data/lib/dawn/kb/cve_2012_2139.rb +0 -26
  110. data/lib/dawn/kb/cve_2012_2140.rb +0 -27
  111. data/lib/dawn/kb/cve_2012_2660.rb +0 -28
  112. data/lib/dawn/kb/cve_2012_2661.rb +0 -27
  113. data/lib/dawn/kb/cve_2012_2671.rb +0 -28
  114. data/lib/dawn/kb/cve_2012_2694.rb +0 -30
  115. data/lib/dawn/kb/cve_2012_2695.rb +0 -27
  116. data/lib/dawn/kb/cve_2012_3424.rb +0 -29
  117. data/lib/dawn/kb/cve_2012_3463.rb +0 -27
  118. data/lib/dawn/kb/cve_2012_3464.rb +0 -27
  119. data/lib/dawn/kb/cve_2012_3465.rb +0 -26
  120. data/lib/dawn/kb/cve_2012_4464.rb +0 -27
  121. data/lib/dawn/kb/cve_2012_4466.rb +0 -27
  122. data/lib/dawn/kb/cve_2012_4481.rb +0 -26
  123. data/lib/dawn/kb/cve_2012_4522.rb +0 -27
  124. data/lib/dawn/kb/cve_2012_5370.rb +0 -27
  125. data/lib/dawn/kb/cve_2012_5371.rb +0 -27
  126. data/lib/dawn/kb/cve_2012_5380.rb +0 -28
  127. data/lib/dawn/kb/cve_2012_6109.rb +0 -25
  128. data/lib/dawn/kb/cve_2012_6134.rb +0 -27
  129. data/lib/dawn/kb/cve_2012_6496.rb +0 -28
  130. data/lib/dawn/kb/cve_2012_6497.rb +0 -28
  131. data/lib/dawn/kb/cve_2012_6684.rb +0 -28
  132. data/lib/dawn/kb/cve_2013_0155.rb +0 -29
  133. data/lib/dawn/kb/cve_2013_0156.rb +0 -27
  134. data/lib/dawn/kb/cve_2013_0162.rb +0 -28
  135. data/lib/dawn/kb/cve_2013_0175.rb +0 -27
  136. data/lib/dawn/kb/cve_2013_0183.rb +0 -25
  137. data/lib/dawn/kb/cve_2013_0184.rb +0 -25
  138. data/lib/dawn/kb/cve_2013_0233.rb +0 -26
  139. data/lib/dawn/kb/cve_2013_0256.rb +0 -59
  140. data/lib/dawn/kb/cve_2013_0262.rb +0 -26
  141. data/lib/dawn/kb/cve_2013_0263.rb +0 -26
  142. data/lib/dawn/kb/cve_2013_0269.rb +0 -27
  143. data/lib/dawn/kb/cve_2013_0276.rb +0 -28
  144. data/lib/dawn/kb/cve_2013_0277.rb +0 -25
  145. data/lib/dawn/kb/cve_2013_0284.rb +0 -27
  146. data/lib/dawn/kb/cve_2013_0285.rb +0 -27
  147. data/lib/dawn/kb/cve_2013_0333.rb +0 -28
  148. data/lib/dawn/kb/cve_2013_0334.rb +0 -25
  149. data/lib/dawn/kb/cve_2013_1607.rb +0 -25
  150. data/lib/dawn/kb/cve_2013_1655.rb +0 -65
  151. data/lib/dawn/kb/cve_2013_1656.rb +0 -28
  152. data/lib/dawn/kb/cve_2013_1756.rb +0 -26
  153. data/lib/dawn/kb/cve_2013_1800.rb +0 -26
  154. data/lib/dawn/kb/cve_2013_1801.rb +0 -27
  155. data/lib/dawn/kb/cve_2013_1802.rb +0 -27
  156. data/lib/dawn/kb/cve_2013_1812.rb +0 -27
  157. data/lib/dawn/kb/cve_2013_1821.rb +0 -28
  158. data/lib/dawn/kb/cve_2013_1854.rb +0 -26
  159. data/lib/dawn/kb/cve_2013_1855.rb +0 -25
  160. data/lib/dawn/kb/cve_2013_1856.rb +0 -26
  161. data/lib/dawn/kb/cve_2013_1857.rb +0 -27
  162. data/lib/dawn/kb/cve_2013_1875.rb +0 -27
  163. data/lib/dawn/kb/cve_2013_1898.rb +0 -27
  164. data/lib/dawn/kb/cve_2013_1911.rb +0 -28
  165. data/lib/dawn/kb/cve_2013_1933.rb +0 -27
  166. data/lib/dawn/kb/cve_2013_1947.rb +0 -27
  167. data/lib/dawn/kb/cve_2013_1948.rb +0 -27
  168. data/lib/dawn/kb/cve_2013_2065.rb +0 -29
  169. data/lib/dawn/kb/cve_2013_2090.rb +0 -28
  170. data/lib/dawn/kb/cve_2013_2105.rb +0 -26
  171. data/lib/dawn/kb/cve_2013_2119.rb +0 -27
  172. data/lib/dawn/kb/cve_2013_2512.rb +0 -26
  173. data/lib/dawn/kb/cve_2013_2513.rb +0 -25
  174. data/lib/dawn/kb/cve_2013_2516.rb +0 -26
  175. data/lib/dawn/kb/cve_2013_2615.rb +0 -27
  176. data/lib/dawn/kb/cve_2013_2616.rb +0 -27
  177. data/lib/dawn/kb/cve_2013_2617.rb +0 -28
  178. data/lib/dawn/kb/cve_2013_3221.rb +0 -27
  179. data/lib/dawn/kb/cve_2013_4164.rb +0 -30
  180. data/lib/dawn/kb/cve_2013_4203.rb +0 -25
  181. data/lib/dawn/kb/cve_2013_4389.rb +0 -26
  182. data/lib/dawn/kb/cve_2013_4413.rb +0 -27
  183. data/lib/dawn/kb/cve_2013_4457.rb +0 -29
  184. data/lib/dawn/kb/cve_2013_4478.rb +0 -26
  185. data/lib/dawn/kb/cve_2013_4479.rb +0 -26
  186. data/lib/dawn/kb/cve_2013_4489.rb +0 -28
  187. data/lib/dawn/kb/cve_2013_4491.rb +0 -29
  188. data/lib/dawn/kb/cve_2013_4492.rb +0 -29
  189. data/lib/dawn/kb/cve_2013_4562.rb +0 -27
  190. data/lib/dawn/kb/cve_2013_4593.rb +0 -27
  191. data/lib/dawn/kb/cve_2013_5647.rb +0 -29
  192. data/lib/dawn/kb/cve_2013_5671.rb +0 -26
  193. data/lib/dawn/kb/cve_2013_6414.rb +0 -30
  194. data/lib/dawn/kb/cve_2013_6415.rb +0 -29
  195. data/lib/dawn/kb/cve_2013_6416.rb +0 -29
  196. data/lib/dawn/kb/cve_2013_6417.rb +0 -30
  197. data/lib/dawn/kb/cve_2013_6421.rb +0 -28
  198. data/lib/dawn/kb/cve_2013_6459.rb +0 -28
  199. data/lib/dawn/kb/cve_2013_6460.rb +0 -53
  200. data/lib/dawn/kb/cve_2013_6461.rb +0 -57
  201. data/lib/dawn/kb/cve_2013_7086.rb +0 -27
  202. data/lib/dawn/kb/cve_2014_0036.rb +0 -27
  203. data/lib/dawn/kb/cve_2014_0080.rb +0 -29
  204. data/lib/dawn/kb/cve_2014_0081.rb +0 -27
  205. data/lib/dawn/kb/cve_2014_0082.rb +0 -27
  206. data/lib/dawn/kb/cve_2014_0130.rb +0 -27
  207. data/lib/dawn/kb/cve_2014_1233.rb +0 -27
  208. data/lib/dawn/kb/cve_2014_1234.rb +0 -26
  209. data/lib/dawn/kb/cve_2014_2322.rb +0 -28
  210. data/lib/dawn/kb/cve_2014_2525.rb +0 -59
  211. data/lib/dawn/kb/cve_2014_2538.rb +0 -26
  212. data/lib/dawn/kb/cve_2014_3482.rb +0 -28
  213. data/lib/dawn/kb/cve_2014_3483.rb +0 -28
  214. data/lib/dawn/kb/cve_2014_3916.rb +0 -29
  215. data/lib/dawn/kb/cve_2014_4975.rb +0 -28
  216. data/lib/dawn/kb/cve_2014_7818.rb +0 -27
  217. data/lib/dawn/kb/cve_2014_7819.rb +0 -31
  218. data/lib/dawn/kb/cve_2014_7829.rb +0 -30
  219. data/lib/dawn/kb/cve_2014_8090.rb +0 -30
  220. data/lib/dawn/kb/cve_2014_9490.rb +0 -29
  221. data/lib/dawn/kb/cve_2015_1819.rb +0 -34
  222. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
  223. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
  224. data/lib/dawn/kb/cve_2015_2963.rb +0 -27
  225. data/lib/dawn/kb/cve_2015_3224.rb +0 -26
  226. data/lib/dawn/kb/cve_2015_3225.rb +0 -28
  227. data/lib/dawn/kb/cve_2015_3226.rb +0 -27
  228. data/lib/dawn/kb/cve_2015_3227.rb +0 -28
  229. data/lib/dawn/kb/cve_2015_3448.rb +0 -29
  230. data/lib/dawn/kb/cve_2015_4020.rb +0 -34
  231. data/lib/dawn/kb/cve_2015_5312.rb +0 -30
  232. data/lib/dawn/kb/cve_2015_7497.rb +0 -32
  233. data/lib/dawn/kb/cve_2015_7498.rb +0 -32
  234. data/lib/dawn/kb/cve_2015_7499.rb +0 -32
  235. data/lib/dawn/kb/cve_2015_7500.rb +0 -32
  236. data/lib/dawn/kb/cve_2015_7519.rb +0 -31
  237. data/lib/dawn/kb/cve_2015_7541.rb +0 -31
  238. data/lib/dawn/kb/cve_2015_7576.rb +0 -35
  239. data/lib/dawn/kb/cve_2015_7577.rb +0 -34
  240. data/lib/dawn/kb/cve_2015_7578.rb +0 -30
  241. data/lib/dawn/kb/cve_2015_7579.rb +0 -30
  242. data/lib/dawn/kb/cve_2015_7581.rb +0 -33
  243. data/lib/dawn/kb/cve_2015_8241.rb +0 -32
  244. data/lib/dawn/kb/cve_2015_8242.rb +0 -32
  245. data/lib/dawn/kb/cve_2015_8317.rb +0 -32
  246. data/lib/dawn/kb/cve_2016_0751.rb +0 -32
  247. data/lib/dawn/kb/cve_2016_0752.rb +0 -35
  248. data/lib/dawn/kb/cve_2016_0753.rb +0 -31
  249. data/lib/dawn/kb/cve_2016_2097.rb +0 -35
  250. data/lib/dawn/kb/cve_2016_2098.rb +0 -35
  251. data/lib/dawn/kb/cve_2016_5697.rb +0 -30
  252. data/lib/dawn/kb/cve_2016_6316.rb +0 -33
  253. data/lib/dawn/kb/cve_2016_6317.rb +0 -32
  254. data/lib/dawn/kb/cve_2016_6582.rb +0 -43
  255. data/lib/dawn/kb/not_revised_code.rb +0 -22
  256. data/lib/dawn/kb/osvdb_105971.rb +0 -29
  257. data/lib/dawn/kb/osvdb_108530.rb +0 -27
  258. data/lib/dawn/kb/osvdb_108563.rb +0 -28
  259. data/lib/dawn/kb/osvdb_108569.rb +0 -28
  260. data/lib/dawn/kb/osvdb_108570.rb +0 -27
  261. data/lib/dawn/kb/osvdb_115654.rb +0 -33
  262. data/lib/dawn/kb/osvdb_116010.rb +0 -30
  263. data/lib/dawn/kb/osvdb_117903.rb +0 -30
  264. data/lib/dawn/kb/osvdb_118579.rb +0 -31
  265. data/lib/dawn/kb/osvdb_118830.rb +0 -32
  266. data/lib/dawn/kb/osvdb_118954.rb +0 -33
  267. data/lib/dawn/kb/osvdb_119878.rb +0 -32
  268. data/lib/dawn/kb/osvdb_119927.rb +0 -33
  269. data/lib/dawn/kb/osvdb_120415.rb +0 -31
  270. data/lib/dawn/kb/osvdb_120857.rb +0 -34
  271. data/lib/dawn/kb/osvdb_121701.rb +0 -30
  272. data/lib/dawn/kb/osvdb_132234.rb +0 -34
  273. data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
  274. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
  275. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
  276. data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
  277. data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
  278. data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
  279. data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
  280. data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
  281. data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
  282. data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
  283. data/lib/dawn/knowledge_base_experimental.rb +0 -245
  284. data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
  285. data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
  286. data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
  287. data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
  288. data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
  289. data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
  290. data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
  291. data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
  292. data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
  293. data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
  294. data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
  295. data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
  296. data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
  297. data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
  298. data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
  299. data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
  300. data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
  301. data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
  302. data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
  303. data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
  304. data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
  305. data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
  306. data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
  307. data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
  308. data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
  309. data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
  310. data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
  311. data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
  312. data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
  313. data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
  314. data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
  315. data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
  316. data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
  317. data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
  318. data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
  319. data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
  320. data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
  321. data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
  322. data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
  323. data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
  324. data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
  325. data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
  326. data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
  327. data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
  328. data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
  329. data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
  330. data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
  331. data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
  332. data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
  333. data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
  334. data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
  335. data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
  336. data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
  337. data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
  338. data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
  339. data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
  340. data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
  341. data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
  342. data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
  343. data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
  344. data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
  345. data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
  346. data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
  347. data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
  348. data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
  349. data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
  350. data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
  351. data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
  352. data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
  353. data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
  354. data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
  355. data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
  356. data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
  357. data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
  358. data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
  359. data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
  360. data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
  361. data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
  362. data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
  363. data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
  364. data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
  365. data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
  366. data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
  367. data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
  368. data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
  369. data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
  370. data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
  371. data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
  372. data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
  373. data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
  374. data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
  375. data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
  376. data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
  377. data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
  378. data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
  379. data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
  380. data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
  381. data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
  382. data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
  383. data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
  384. data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
  385. data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
  386. data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
  387. metadata.gz.sig +0 -0
@@ -1,17 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-2963 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_2963.new
5
- # @check.debug = true
6
- end
7
- it "is reported when vulnerable paperclip gem is used 4.2.1)" do
8
- @check.dependencies = [{:name=>"paperclip", :version=>'4.2.1'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
-
12
- it "is reported when not vulnerable paperclip gem is used (4.2.2)" do
13
- @check.dependencies = [{:name=>"paperclip", :version=>'4.2.2'}]
14
- expect(@check.vuln?).to eq(false)
15
- end
16
-
17
- end
@@ -1,16 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-3224 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_3224.new
5
- # @check.debug = true
6
- end
7
- it "is reported when vulnerable web-console gem is used (2.1.2)" do
8
- @check.dependencies = [{:name=>"web-console", :version=>'2.1.2'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is not reported when safe rack gem is used (2.1.3)" do
12
- @check.dependencies = [{:name=>"web-console", :version=>'2.1.3'}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
-
16
- end
@@ -1,27 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-3225 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_3225.new
5
- # @check.debug = true
6
- end
7
- it "is reported when vulnerable rack gem is used (1.5.3)" do
8
- @check.dependencies = [{:name=>"rack", :version=>'1.5.3'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when vulnerable rack gem is used (1.6.1)" do
12
- @check.dependencies = [{:name=>"rack", :version=>'1.6.1'}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is not reported when safe rack gem is used (1.5.4)" do
16
- @check.dependencies = [{:name=>"rack", :version=>'1.5.4'}]
17
- expect(@check.vuln?).to eq(false)
18
- end
19
- it "is not reported when safe rack gem is used (1.5.5)" do
20
- @check.dependencies = [{:name=>"rack", :version=>'1.5.5'}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when safe rack gem is used (1.6.3)" do
24
- @check.dependencies = [{:name=>"rack", :version=>'1.6.3'}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- end
@@ -1,35 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-3226 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_3226.new
5
- # @check.debug = true
6
- end
7
-
8
- it "is reported when vulnerable active_support gem is used (3.x.x)" do
9
- @check.dependencies = [{:name=>"activesupport", :version=>'3.2.11'}]
10
- expect(@check.vuln?).to eq(true)
11
- end
12
- it "is reported when vulnerable active_support gem is used (4.1.11)" do
13
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
14
- expect(@check.vuln?).to eq(true)
15
- end
16
- it "is reported when vulnerable active_support gem is used (4.2.2)" do
17
- @check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
18
- expect(@check.vuln?).to eq(true)
19
- end
20
- it "is not reported when safe active_support gem is used (4.1.12)" do
21
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
22
- expect(@check.vuln?).to eq(false)
23
- end
24
- it "is not reported when safe active_support gem is used (4.1.13)" do
25
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
26
- expect(@check.vuln?).to eq(false)
27
- end
28
- it "is not reported when safe active_support gem is used (4.2.3)" do
29
- @check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
30
- expect(@check.vuln?).to eq(false)
31
- end
32
-
33
-
34
-
35
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-3227 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_3227.new
5
- end
6
- it "is reported when vulnerable active_support gem is used (4.1.11)" do
7
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
8
- expect(@check.vuln?).to eq(true)
9
- end
10
- it "is reported when vulnerable active_support gem is used (4.2.2)" do
11
- @check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
12
- expect(@check.vuln?).to eq(true)
13
- end
14
- it "is not reported when safe active_support gem is used (4.1.12)" do
15
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
16
- expect(@check.vuln?).to eq(false)
17
- end
18
- it "is not reported when safe active_support gem is used (4.1.13)" do
19
- @check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
20
- expect(@check.vuln?).to eq(false)
21
- end
22
- it "is not reported when safe active_support gem is used (4.2.3)" do
23
- @check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
24
- expect(@check.vuln?).to eq(false)
25
- end
26
- it "is not reported when safe active_support gem is used (3.2.22)" do
27
- @check.dependencies = [{:name=>"activesupport", :version=>'3.2.22'}]
28
- expect(@check.vuln?).to eq(false)
29
- end
30
-
31
- end
@@ -1,16 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-3448 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_3448.new
5
- # @check.debug = true
6
- end
7
- it "is reported when vulnerable rest-client gem is used (1.7.2)" do
8
- @check.dependencies = [{:name=>"rest-client", :version=>'1.7.2'}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is not reported when safe rest-client gem is used (1.7.3)" do
12
- @check.dependencies = [{:name=>"rest-client", :version=>'1.7.3'}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
-
16
- end
@@ -1,24 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-4020 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_4020.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable rubygem is detected" do
8
- @check.my_gem_version="2.4.3"
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable rubygem is detected" do
12
- @check.my_gem_version="2.2.4"
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable rubygem is detected" do
16
- @check.my_gem_version="2.0.16"
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.my_gem_version="2.4.9"
21
- expect(@check.vuln?).to eq(false)
22
- end
23
-
24
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-5312 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_5312.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7497 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7497.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7498 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7498.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7499 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7499.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7500 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7500.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,23 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7519 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7519.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"passenger", :version=>"4.0.54"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"passenger", :version=>"5.0.12"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is not reported when a fixed release is detected" do
16
- @check.dependencies = [{:name=>"passenger", :version=>"4.0.60"}]
17
- expect(@check.vuln?).to eq(false)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"passenger", :version=>"5.0.22"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- end
@@ -1,15 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7541 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7541.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"colorscore", :version=>"0.0.4"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is not reported when a fixed release is detected" do
12
- @check.dependencies = [{:name=>"colorscore", :version=>"0.0.5"}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
- end
@@ -1,51 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7576 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7576.new
5
- @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is reported when the vulnerable gem is detected" do
20
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}]
21
- expect(@check.vuln?).to eq(true)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.1"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "is not reported when a fixed release is detected" do
32
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}]
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- it "is not reported when a fixed release is detected" do
36
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}]
37
- expect(@check.vuln?).to eq(false)
38
- end
39
- it "is not reported when a fixed release is detected" do
40
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}]
41
- expect(@check.vuln?).to eq(false)
42
- end
43
- it "is not reported when a fixed release is detected" do
44
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.1"}]
45
- expect(@check.vuln?).to eq(false)
46
- end
47
- it "is not reported when a fixed release is detected" do
48
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.23"}]
49
- expect(@check.vuln?).to eq(false)
50
- end
51
- end
@@ -1,63 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7577 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7577.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0.beta.1"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"activerecord", :version=>"4.2.5"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"activerecord", :version=>"4.1.14"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is reported when the vulnerable gem is detected" do
20
- @check.dependencies = [{:name=>"activerecord", :version=>"3.1.2"}]
21
- expect(@check.vuln?).to eq(true)
22
- end
23
- it "is reported when the vulnerable gem is detected" do
24
- @check.dependencies = [{:name=>"activerecord", :version=>"3.2.22"}]
25
- expect(@check.vuln?).to eq(true)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "is not reported when a fixed release is detected" do
32
- @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0.1"}]
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- it "is not reported when a fixed release is detected" do
36
- @check.dependencies = [{:name=>"activerecord", :version=>"4.2.5.1"}]
37
- expect(@check.vuln?).to eq(false)
38
- end
39
- it "is not reported when a fixed release is detected" do
40
- @check.dependencies = [{:name=>"activerecord", :version=>"4.2.6"}]
41
- expect(@check.vuln?).to eq(false)
42
- end
43
- it "is not reported when a fixed release is detected" do
44
- @check.dependencies = [{:name=>"activerecord", :version=>"4.1.14.2"}]
45
- expect(@check.vuln?).to eq(false)
46
- end
47
- it "is not reported when a fixed release is detected" do
48
- @check.dependencies = [{:name=>"activerecord", :version=>"4.1.15"}]
49
- expect(@check.vuln?).to eq(false)
50
- end
51
- it "is not reported when a fixed release is detected" do
52
- @check.dependencies = [{:name=>"activerecord", :version=>"3.0.1"}]
53
- expect(@check.vuln?).to eq(false)
54
- end
55
- it "is not reported when a fixed release is detected" do
56
- @check.dependencies = [{:name=>"activerecord", :version=>"3.2.22.1"}]
57
- expect(@check.vuln?).to eq(false)
58
- end
59
- it "is not reported when a fixed release is detected" do
60
- @check.dependencies = [{:name=>"activerecord", :version=>"3.2.23"}]
61
- expect(@check.vuln?).to eq(false)
62
- end
63
- end