dawnscanner 1.6.8 → 2.0.0.rc4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (387) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +1 -0
  3. data/.ruby-version +1 -1
  4. data/Changelog.md +27 -1
  5. data/LICENSE.txt +1 -1
  6. data/README.md +59 -57
  7. data/Rakefile +10 -242
  8. data/Roadmap.md +15 -23
  9. data/VERSION +1 -1
  10. data/bin/dawn +17 -273
  11. data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
  12. data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
  13. data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
  14. data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
  15. data/dawnscanner.gemspec +10 -9
  16. data/doc/change.sh +13 -0
  17. data/doc/kickstart_kb.tar.gz +0 -0
  18. data/doc/knowledge_base.rb +650 -0
  19. data/docs/.placeholder +0 -0
  20. data/docs/CNAME +1 -0
  21. data/docs/_config.yml +1 -0
  22. data/lib/dawn/cli/dawn_cli.rb +139 -0
  23. data/lib/dawn/core.rb +8 -7
  24. data/lib/dawn/engine.rb +93 -34
  25. data/lib/dawn/gemfile_lock.rb +2 -2
  26. data/lib/dawn/kb/basic_check.rb +1 -2
  27. data/lib/dawn/kb/combo_check.rb +1 -1
  28. data/lib/dawn/kb/dependency_check.rb +1 -1
  29. data/lib/dawn/kb/operating_system_check.rb +1 -1
  30. data/lib/dawn/kb/pattern_match_check.rb +10 -9
  31. data/lib/dawn/kb/ruby_version_check.rb +11 -10
  32. data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
  33. data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
  34. data/lib/dawn/kb/version_check.rb +41 -24
  35. data/lib/dawn/knowledge_base.rb +259 -595
  36. data/lib/dawn/reporter.rb +2 -1
  37. data/lib/dawn/utils.rb +5 -2
  38. data/lib/dawn/version.rb +5 -5
  39. data/lib/dawnscanner.rb +7 -6
  40. data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
  41. data/spec/lib/kb/dependency_check.yml +29 -0
  42. metadata +30 -496
  43. checksums.yaml.gz.sig +0 -0
  44. data.tar.gz.sig +0 -0
  45. data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
  46. data/lib/dawn/kb/cve_2004_0755.rb +0 -33
  47. data/lib/dawn/kb/cve_2004_0983.rb +0 -31
  48. data/lib/dawn/kb/cve_2005_1992.rb +0 -31
  49. data/lib/dawn/kb/cve_2005_2337.rb +0 -33
  50. data/lib/dawn/kb/cve_2006_1931.rb +0 -30
  51. data/lib/dawn/kb/cve_2006_2582.rb +0 -28
  52. data/lib/dawn/kb/cve_2006_3694.rb +0 -31
  53. data/lib/dawn/kb/cve_2006_4112.rb +0 -27
  54. data/lib/dawn/kb/cve_2006_5467.rb +0 -28
  55. data/lib/dawn/kb/cve_2006_6303.rb +0 -28
  56. data/lib/dawn/kb/cve_2006_6852.rb +0 -27
  57. data/lib/dawn/kb/cve_2006_6979.rb +0 -29
  58. data/lib/dawn/kb/cve_2007_0469.rb +0 -29
  59. data/lib/dawn/kb/cve_2007_5162.rb +0 -28
  60. data/lib/dawn/kb/cve_2007_5379.rb +0 -27
  61. data/lib/dawn/kb/cve_2007_5380.rb +0 -29
  62. data/lib/dawn/kb/cve_2007_5770.rb +0 -30
  63. data/lib/dawn/kb/cve_2007_6077.rb +0 -31
  64. data/lib/dawn/kb/cve_2007_6612.rb +0 -30
  65. data/lib/dawn/kb/cve_2008_1145.rb +0 -38
  66. data/lib/dawn/kb/cve_2008_1891.rb +0 -38
  67. data/lib/dawn/kb/cve_2008_2376.rb +0 -30
  68. data/lib/dawn/kb/cve_2008_2662.rb +0 -33
  69. data/lib/dawn/kb/cve_2008_2663.rb +0 -32
  70. data/lib/dawn/kb/cve_2008_2664.rb +0 -33
  71. data/lib/dawn/kb/cve_2008_2725.rb +0 -31
  72. data/lib/dawn/kb/cve_2008_3655.rb +0 -37
  73. data/lib/dawn/kb/cve_2008_3657.rb +0 -37
  74. data/lib/dawn/kb/cve_2008_3790.rb +0 -30
  75. data/lib/dawn/kb/cve_2008_3905.rb +0 -36
  76. data/lib/dawn/kb/cve_2008_4094.rb +0 -27
  77. data/lib/dawn/kb/cve_2008_4310.rb +0 -100
  78. data/lib/dawn/kb/cve_2008_5189.rb +0 -27
  79. data/lib/dawn/kb/cve_2008_7248.rb +0 -27
  80. data/lib/dawn/kb/cve_2009_4078.rb +0 -29
  81. data/lib/dawn/kb/cve_2009_4124.rb +0 -30
  82. data/lib/dawn/kb/cve_2009_4214.rb +0 -27
  83. data/lib/dawn/kb/cve_2010_1330.rb +0 -28
  84. data/lib/dawn/kb/cve_2010_2489.rb +0 -60
  85. data/lib/dawn/kb/cve_2010_3933.rb +0 -27
  86. data/lib/dawn/kb/cve_2011_0188.rb +0 -67
  87. data/lib/dawn/kb/cve_2011_0446.rb +0 -28
  88. data/lib/dawn/kb/cve_2011_0447.rb +0 -28
  89. data/lib/dawn/kb/cve_2011_0739.rb +0 -28
  90. data/lib/dawn/kb/cve_2011_0995.rb +0 -61
  91. data/lib/dawn/kb/cve_2011_1004.rb +0 -34
  92. data/lib/dawn/kb/cve_2011_1005.rb +0 -31
  93. data/lib/dawn/kb/cve_2011_2197.rb +0 -27
  94. data/lib/dawn/kb/cve_2011_2686.rb +0 -29
  95. data/lib/dawn/kb/cve_2011_2705.rb +0 -32
  96. data/lib/dawn/kb/cve_2011_2929.rb +0 -27
  97. data/lib/dawn/kb/cve_2011_2930.rb +0 -28
  98. data/lib/dawn/kb/cve_2011_2931.rb +0 -30
  99. data/lib/dawn/kb/cve_2011_2932.rb +0 -27
  100. data/lib/dawn/kb/cve_2011_3009.rb +0 -28
  101. data/lib/dawn/kb/cve_2011_3186.rb +0 -29
  102. data/lib/dawn/kb/cve_2011_3187.rb +0 -29
  103. data/lib/dawn/kb/cve_2011_4319.rb +0 -30
  104. data/lib/dawn/kb/cve_2011_4815.rb +0 -28
  105. data/lib/dawn/kb/cve_2011_5036.rb +0 -26
  106. data/lib/dawn/kb/cve_2012_1098.rb +0 -30
  107. data/lib/dawn/kb/cve_2012_1099.rb +0 -27
  108. data/lib/dawn/kb/cve_2012_1241.rb +0 -27
  109. data/lib/dawn/kb/cve_2012_2139.rb +0 -26
  110. data/lib/dawn/kb/cve_2012_2140.rb +0 -27
  111. data/lib/dawn/kb/cve_2012_2660.rb +0 -28
  112. data/lib/dawn/kb/cve_2012_2661.rb +0 -27
  113. data/lib/dawn/kb/cve_2012_2671.rb +0 -28
  114. data/lib/dawn/kb/cve_2012_2694.rb +0 -30
  115. data/lib/dawn/kb/cve_2012_2695.rb +0 -27
  116. data/lib/dawn/kb/cve_2012_3424.rb +0 -29
  117. data/lib/dawn/kb/cve_2012_3463.rb +0 -27
  118. data/lib/dawn/kb/cve_2012_3464.rb +0 -27
  119. data/lib/dawn/kb/cve_2012_3465.rb +0 -26
  120. data/lib/dawn/kb/cve_2012_4464.rb +0 -27
  121. data/lib/dawn/kb/cve_2012_4466.rb +0 -27
  122. data/lib/dawn/kb/cve_2012_4481.rb +0 -26
  123. data/lib/dawn/kb/cve_2012_4522.rb +0 -27
  124. data/lib/dawn/kb/cve_2012_5370.rb +0 -27
  125. data/lib/dawn/kb/cve_2012_5371.rb +0 -27
  126. data/lib/dawn/kb/cve_2012_5380.rb +0 -28
  127. data/lib/dawn/kb/cve_2012_6109.rb +0 -25
  128. data/lib/dawn/kb/cve_2012_6134.rb +0 -27
  129. data/lib/dawn/kb/cve_2012_6496.rb +0 -28
  130. data/lib/dawn/kb/cve_2012_6497.rb +0 -28
  131. data/lib/dawn/kb/cve_2012_6684.rb +0 -28
  132. data/lib/dawn/kb/cve_2013_0155.rb +0 -29
  133. data/lib/dawn/kb/cve_2013_0156.rb +0 -27
  134. data/lib/dawn/kb/cve_2013_0162.rb +0 -28
  135. data/lib/dawn/kb/cve_2013_0175.rb +0 -27
  136. data/lib/dawn/kb/cve_2013_0183.rb +0 -25
  137. data/lib/dawn/kb/cve_2013_0184.rb +0 -25
  138. data/lib/dawn/kb/cve_2013_0233.rb +0 -26
  139. data/lib/dawn/kb/cve_2013_0256.rb +0 -59
  140. data/lib/dawn/kb/cve_2013_0262.rb +0 -26
  141. data/lib/dawn/kb/cve_2013_0263.rb +0 -26
  142. data/lib/dawn/kb/cve_2013_0269.rb +0 -27
  143. data/lib/dawn/kb/cve_2013_0276.rb +0 -28
  144. data/lib/dawn/kb/cve_2013_0277.rb +0 -25
  145. data/lib/dawn/kb/cve_2013_0284.rb +0 -27
  146. data/lib/dawn/kb/cve_2013_0285.rb +0 -27
  147. data/lib/dawn/kb/cve_2013_0333.rb +0 -28
  148. data/lib/dawn/kb/cve_2013_0334.rb +0 -25
  149. data/lib/dawn/kb/cve_2013_1607.rb +0 -25
  150. data/lib/dawn/kb/cve_2013_1655.rb +0 -65
  151. data/lib/dawn/kb/cve_2013_1656.rb +0 -28
  152. data/lib/dawn/kb/cve_2013_1756.rb +0 -26
  153. data/lib/dawn/kb/cve_2013_1800.rb +0 -26
  154. data/lib/dawn/kb/cve_2013_1801.rb +0 -27
  155. data/lib/dawn/kb/cve_2013_1802.rb +0 -27
  156. data/lib/dawn/kb/cve_2013_1812.rb +0 -27
  157. data/lib/dawn/kb/cve_2013_1821.rb +0 -28
  158. data/lib/dawn/kb/cve_2013_1854.rb +0 -26
  159. data/lib/dawn/kb/cve_2013_1855.rb +0 -25
  160. data/lib/dawn/kb/cve_2013_1856.rb +0 -26
  161. data/lib/dawn/kb/cve_2013_1857.rb +0 -27
  162. data/lib/dawn/kb/cve_2013_1875.rb +0 -27
  163. data/lib/dawn/kb/cve_2013_1898.rb +0 -27
  164. data/lib/dawn/kb/cve_2013_1911.rb +0 -28
  165. data/lib/dawn/kb/cve_2013_1933.rb +0 -27
  166. data/lib/dawn/kb/cve_2013_1947.rb +0 -27
  167. data/lib/dawn/kb/cve_2013_1948.rb +0 -27
  168. data/lib/dawn/kb/cve_2013_2065.rb +0 -29
  169. data/lib/dawn/kb/cve_2013_2090.rb +0 -28
  170. data/lib/dawn/kb/cve_2013_2105.rb +0 -26
  171. data/lib/dawn/kb/cve_2013_2119.rb +0 -27
  172. data/lib/dawn/kb/cve_2013_2512.rb +0 -26
  173. data/lib/dawn/kb/cve_2013_2513.rb +0 -25
  174. data/lib/dawn/kb/cve_2013_2516.rb +0 -26
  175. data/lib/dawn/kb/cve_2013_2615.rb +0 -27
  176. data/lib/dawn/kb/cve_2013_2616.rb +0 -27
  177. data/lib/dawn/kb/cve_2013_2617.rb +0 -28
  178. data/lib/dawn/kb/cve_2013_3221.rb +0 -27
  179. data/lib/dawn/kb/cve_2013_4164.rb +0 -30
  180. data/lib/dawn/kb/cve_2013_4203.rb +0 -25
  181. data/lib/dawn/kb/cve_2013_4389.rb +0 -26
  182. data/lib/dawn/kb/cve_2013_4413.rb +0 -27
  183. data/lib/dawn/kb/cve_2013_4457.rb +0 -29
  184. data/lib/dawn/kb/cve_2013_4478.rb +0 -26
  185. data/lib/dawn/kb/cve_2013_4479.rb +0 -26
  186. data/lib/dawn/kb/cve_2013_4489.rb +0 -28
  187. data/lib/dawn/kb/cve_2013_4491.rb +0 -29
  188. data/lib/dawn/kb/cve_2013_4492.rb +0 -29
  189. data/lib/dawn/kb/cve_2013_4562.rb +0 -27
  190. data/lib/dawn/kb/cve_2013_4593.rb +0 -27
  191. data/lib/dawn/kb/cve_2013_5647.rb +0 -29
  192. data/lib/dawn/kb/cve_2013_5671.rb +0 -26
  193. data/lib/dawn/kb/cve_2013_6414.rb +0 -30
  194. data/lib/dawn/kb/cve_2013_6415.rb +0 -29
  195. data/lib/dawn/kb/cve_2013_6416.rb +0 -29
  196. data/lib/dawn/kb/cve_2013_6417.rb +0 -30
  197. data/lib/dawn/kb/cve_2013_6421.rb +0 -28
  198. data/lib/dawn/kb/cve_2013_6459.rb +0 -28
  199. data/lib/dawn/kb/cve_2013_6460.rb +0 -53
  200. data/lib/dawn/kb/cve_2013_6461.rb +0 -57
  201. data/lib/dawn/kb/cve_2013_7086.rb +0 -27
  202. data/lib/dawn/kb/cve_2014_0036.rb +0 -27
  203. data/lib/dawn/kb/cve_2014_0080.rb +0 -29
  204. data/lib/dawn/kb/cve_2014_0081.rb +0 -27
  205. data/lib/dawn/kb/cve_2014_0082.rb +0 -27
  206. data/lib/dawn/kb/cve_2014_0130.rb +0 -27
  207. data/lib/dawn/kb/cve_2014_1233.rb +0 -27
  208. data/lib/dawn/kb/cve_2014_1234.rb +0 -26
  209. data/lib/dawn/kb/cve_2014_2322.rb +0 -28
  210. data/lib/dawn/kb/cve_2014_2525.rb +0 -59
  211. data/lib/dawn/kb/cve_2014_2538.rb +0 -26
  212. data/lib/dawn/kb/cve_2014_3482.rb +0 -28
  213. data/lib/dawn/kb/cve_2014_3483.rb +0 -28
  214. data/lib/dawn/kb/cve_2014_3916.rb +0 -29
  215. data/lib/dawn/kb/cve_2014_4975.rb +0 -28
  216. data/lib/dawn/kb/cve_2014_7818.rb +0 -27
  217. data/lib/dawn/kb/cve_2014_7819.rb +0 -31
  218. data/lib/dawn/kb/cve_2014_7829.rb +0 -30
  219. data/lib/dawn/kb/cve_2014_8090.rb +0 -30
  220. data/lib/dawn/kb/cve_2014_9490.rb +0 -29
  221. data/lib/dawn/kb/cve_2015_1819.rb +0 -34
  222. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
  223. data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
  224. data/lib/dawn/kb/cve_2015_2963.rb +0 -27
  225. data/lib/dawn/kb/cve_2015_3224.rb +0 -26
  226. data/lib/dawn/kb/cve_2015_3225.rb +0 -28
  227. data/lib/dawn/kb/cve_2015_3226.rb +0 -27
  228. data/lib/dawn/kb/cve_2015_3227.rb +0 -28
  229. data/lib/dawn/kb/cve_2015_3448.rb +0 -29
  230. data/lib/dawn/kb/cve_2015_4020.rb +0 -34
  231. data/lib/dawn/kb/cve_2015_5312.rb +0 -30
  232. data/lib/dawn/kb/cve_2015_7497.rb +0 -32
  233. data/lib/dawn/kb/cve_2015_7498.rb +0 -32
  234. data/lib/dawn/kb/cve_2015_7499.rb +0 -32
  235. data/lib/dawn/kb/cve_2015_7500.rb +0 -32
  236. data/lib/dawn/kb/cve_2015_7519.rb +0 -31
  237. data/lib/dawn/kb/cve_2015_7541.rb +0 -31
  238. data/lib/dawn/kb/cve_2015_7576.rb +0 -35
  239. data/lib/dawn/kb/cve_2015_7577.rb +0 -34
  240. data/lib/dawn/kb/cve_2015_7578.rb +0 -30
  241. data/lib/dawn/kb/cve_2015_7579.rb +0 -30
  242. data/lib/dawn/kb/cve_2015_7581.rb +0 -33
  243. data/lib/dawn/kb/cve_2015_8241.rb +0 -32
  244. data/lib/dawn/kb/cve_2015_8242.rb +0 -32
  245. data/lib/dawn/kb/cve_2015_8317.rb +0 -32
  246. data/lib/dawn/kb/cve_2016_0751.rb +0 -32
  247. data/lib/dawn/kb/cve_2016_0752.rb +0 -35
  248. data/lib/dawn/kb/cve_2016_0753.rb +0 -31
  249. data/lib/dawn/kb/cve_2016_2097.rb +0 -35
  250. data/lib/dawn/kb/cve_2016_2098.rb +0 -35
  251. data/lib/dawn/kb/cve_2016_5697.rb +0 -30
  252. data/lib/dawn/kb/cve_2016_6316.rb +0 -33
  253. data/lib/dawn/kb/cve_2016_6317.rb +0 -32
  254. data/lib/dawn/kb/cve_2016_6582.rb +0 -43
  255. data/lib/dawn/kb/not_revised_code.rb +0 -22
  256. data/lib/dawn/kb/osvdb_105971.rb +0 -29
  257. data/lib/dawn/kb/osvdb_108530.rb +0 -27
  258. data/lib/dawn/kb/osvdb_108563.rb +0 -28
  259. data/lib/dawn/kb/osvdb_108569.rb +0 -28
  260. data/lib/dawn/kb/osvdb_108570.rb +0 -27
  261. data/lib/dawn/kb/osvdb_115654.rb +0 -33
  262. data/lib/dawn/kb/osvdb_116010.rb +0 -30
  263. data/lib/dawn/kb/osvdb_117903.rb +0 -30
  264. data/lib/dawn/kb/osvdb_118579.rb +0 -31
  265. data/lib/dawn/kb/osvdb_118830.rb +0 -32
  266. data/lib/dawn/kb/osvdb_118954.rb +0 -33
  267. data/lib/dawn/kb/osvdb_119878.rb +0 -32
  268. data/lib/dawn/kb/osvdb_119927.rb +0 -33
  269. data/lib/dawn/kb/osvdb_120415.rb +0 -31
  270. data/lib/dawn/kb/osvdb_120857.rb +0 -34
  271. data/lib/dawn/kb/osvdb_121701.rb +0 -30
  272. data/lib/dawn/kb/osvdb_132234.rb +0 -34
  273. data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
  274. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
  275. data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
  276. data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
  277. data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
  278. data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
  279. data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
  280. data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
  281. data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
  282. data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
  283. data/lib/dawn/knowledge_base_experimental.rb +0 -245
  284. data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
  285. data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
  286. data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
  287. data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
  288. data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
  289. data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
  290. data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
  291. data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
  292. data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
  293. data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
  294. data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
  295. data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
  296. data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
  297. data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
  298. data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
  299. data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
  300. data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
  301. data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
  302. data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
  303. data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
  304. data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
  305. data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
  306. data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
  307. data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
  308. data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
  309. data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
  310. data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
  311. data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
  312. data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
  313. data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
  314. data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
  315. data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
  316. data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
  317. data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
  318. data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
  319. data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
  320. data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
  321. data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
  322. data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
  323. data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
  324. data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
  325. data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
  326. data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
  327. data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
  328. data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
  329. data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
  330. data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
  331. data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
  332. data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
  333. data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
  334. data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
  335. data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
  336. data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
  337. data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
  338. data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
  339. data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
  340. data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
  341. data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
  342. data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
  343. data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
  344. data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
  345. data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
  346. data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
  347. data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
  348. data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
  349. data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
  350. data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
  351. data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
  352. data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
  353. data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
  354. data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
  355. data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
  356. data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
  357. data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
  358. data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
  359. data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
  360. data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
  361. data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
  362. data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
  363. data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
  364. data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
  365. data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
  366. data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
  367. data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
  368. data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
  369. data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
  370. data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
  371. data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
  372. data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
  373. data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
  374. data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
  375. data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
  376. data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
  377. data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
  378. data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
  379. data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
  380. data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
  381. data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
  382. data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
  383. data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
  384. data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
  385. data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
  386. data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
  387. metadata.gz.sig +0 -0
@@ -1,15 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7578 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7578.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.2"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is not reported when a fixed release is detected" do
12
- @check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.3"}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
- end
@@ -1,23 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7579 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7579.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.2"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is not reported when a fixed release is detected" do
12
- @check.dependencies = [{:name=>"", :version=>"1.0.3"}]
13
- expect(@check.vuln?).to eq(false)
14
- end
15
- it "is not reported when a fixed release is detected" do
16
- @check.dependencies = [{:name=>"", :version=>"1.0.0"}]
17
- expect(@check.vuln?).to eq(false)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"", :version=>"1.0.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- end
@@ -1,51 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-7581 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_7581.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is reported when the vulnerable gem is detected" do
20
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}]
21
- expect(@check.vuln?).to eq(true)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.1"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "is not reported when a fixed release is detected" do
32
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}]
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- it "is not reported when a fixed release is detected" do
36
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}]
37
- expect(@check.vuln?).to eq(false)
38
- end
39
- it "is not reported when a fixed release is detected" do
40
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}]
41
- expect(@check.vuln?).to eq(false)
42
- end
43
- it "is not reported when a fixed release is detected" do
44
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.1"}]
45
- expect(@check.vuln?).to eq(false)
46
- end
47
- it "is not reported when a fixed release is detected" do
48
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.23"}]
49
- expect(@check.vuln?).to eq(false)
50
- end
51
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-8241 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_8241.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-8242 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_8242.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,31 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2015-8317 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2015_8317.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- end
@@ -1,55 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2016-0751 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2016_0751.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is reported when the vulnerable gem is detected" do
20
- @check.dependencies = [{:name=>"actionpack", :version=>"4.0.3"}]
21
- expect(@check.vuln?).to eq(true)
22
- end
23
- it "is reported when the vulnerable gem is detected" do
24
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}]
25
- expect(@check.vuln?).to eq(true)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"", :version=>"5.0.0"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "is not reported when a fixed release is detected" do
32
- @check.dependencies = [{:name=>"", :version=>"4.2.5.1"}]
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- it "is not reported when a fixed release is detected" do
36
- @check.dependencies = [{:name=>"", :version=>"4.2.6"}]
37
- expect(@check.vuln?).to eq(false)
38
- end
39
- it "is not reported when a fixed release is detected" do
40
- @check.dependencies = [{:name=>"", :version=>"4.1.14.2"}]
41
- expect(@check.vuln?).to eq(false)
42
- end
43
- it "is not reported when a fixed release is detected" do
44
- @check.dependencies = [{:name=>"", :version=>"4.1.15"}]
45
- expect(@check.vuln?).to eq(false)
46
- end
47
- it "is not reported when a fixed release is detected" do
48
- @check.dependencies = [{:name=>"", :version=>"3.2.22.1"}]
49
- expect(@check.vuln?).to eq(false)
50
- end
51
- it "is not reported when a fixed release is detected" do
52
- @check.dependencies = [{:name=>"", :version=>"3.2.23"}]
53
- expect(@check.vuln?).to eq(false)
54
- end
55
- end
@@ -1,51 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2016-0752 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2016_0752.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"actionview", :version=>"5.0.0.beta.1"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"actionview", :version=>"4.2.5"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"actionview", :version=>"4.1.14"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is reported when the vulnerable gem is detected" do
20
- @check.dependencies = [{:name=>"actionview", :version=>"3.2.22"}]
21
- expect(@check.vuln?).to eq(true)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"actionview", :version=>"5.0.0"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"actionview", :version=>"4.2.5.1"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "is not reported when a fixed release is detected" do
32
- @check.dependencies = [{:name=>"actionview", :version=>"4.2.6"}]
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- it "is not reported when a fixed release is detected" do
36
- @check.dependencies = [{:name=>"actionview", :version=>"4.1.14.2"}]
37
- expect(@check.vuln?).to eq(false)
38
- end
39
- it "is not reported when a fixed release is detected" do
40
- @check.dependencies = [{:name=>"actionview", :version=>"4.1.15"}]
41
- expect(@check.vuln?).to eq(false)
42
- end
43
- it "is not reported when a fixed release is detected" do
44
- @check.dependencies = [{:name=>"actionview", :version=>"3.2.22.1"}]
45
- expect(@check.vuln?).to eq(false)
46
- end
47
- it "is not reported when a fixed release is detected" do
48
- @check.dependencies = [{:name=>"actionview", :version=>"3.2.23"}]
49
- expect(@check.vuln?).to eq(false)
50
- end
51
- end
@@ -1,51 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2016-0753 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2016_0753.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"activemodel", :version=>"5.0.0.beta.1"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"activemodel", :version=>"4.2.5"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"activemodel", :version=>"4.1.14"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is reported when the vulnerable gem is detected" do
20
- @check.dependencies = [{:name=>"activemodel", :version=>"3.2.22"}]
21
- expect(@check.vuln?).to eq(true)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"activemodel", :version=>"5.0.0"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"activemodel", :version=>"4.2.5.1"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "is not reported when a fixed release is detected" do
32
- @check.dependencies = [{:name=>"activemodel", :version=>"4.2.6"}]
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- it "is not reported when a fixed release is detected" do
36
- @check.dependencies = [{:name=>"activemodel", :version=>"4.1.14.2"}]
37
- expect(@check.vuln?).to eq(false)
38
- end
39
- it "is not reported when a fixed release is detected" do
40
- @check.dependencies = [{:name=>"activemodel", :version=>"4.1.15"}]
41
- expect(@check.vuln?).to eq(false)
42
- end
43
- it "is not reported when a fixed release is detected" do
44
- @check.dependencies = [{:name=>"activemodel", :version=>"3.2.22.1"}]
45
- expect(@check.vuln?).to eq(false)
46
- end
47
- it "is not reported when a fixed release is detected" do
48
- @check.dependencies = [{:name=>"activemodel", :version=>"3.2.23"}]
49
- expect(@check.vuln?).to eq(false)
50
- end
51
- end
@@ -1,35 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2016-2097 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2016_2097.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"actionview", :version=>"3.2.12"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"actionview", :version=>"4.0.3"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"actionview", :version=>"4.1.2"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is not reported when a fixed release is detected" do
20
- @check.dependencies = [{:name=>"actionview", :version=>"5.0.0"}]
21
- expect(@check.vuln?).to eq(false)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"actionview", :version=>"3.2.22.2"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"actionview", :version=>"4.1.14.2"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "is not reported when a fixed release is detected" do
32
- @check.dependencies = [{:name=>"actionview", :version=>"4.2.5.2"}]
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- end
@@ -1,55 +0,0 @@
1
- require 'spec_helper'
2
- describe "The CVE-2016-2098 vulnerability" do
3
- before(:all) do
4
- @check = Dawn::Kb::CVE_2016_2098.new
5
- # @check.debug = true
6
- end
7
- it "is reported when the vulnerable gem is detected" do
8
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.12"}]
9
- expect(@check.vuln?).to eq(true)
10
- end
11
- it "is reported when the vulnerable gem is detected" do
12
- @check.dependencies = [{:name=>"actionpack", :version=>"4.0.3"}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "is reported when the vulnerable gem is detected" do
16
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.2"}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
- it "is reported when the vulnerable gem is detected" do
20
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.2"}]
21
- expect(@check.vuln?).to eq(true)
22
- end
23
- it "is not reported when a fixed release is detected" do
24
- @check.dependencies = [{:name=>"actionpack", :version=>"5.0"}]
25
- expect(@check.vuln?).to eq(false)
26
- end
27
- it "is not reported when a fixed release is detected" do
28
- @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}]
29
- expect(@check.vuln?).to eq(false)
30
- end
31
- it "is not reported when a fixed release is detected" do
32
- @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.1"}]
33
- expect(@check.vuln?).to eq(false)
34
- end
35
- it "is not reported when a fixed release is detected" do
36
- @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.2"}]
37
- expect(@check.vuln?).to eq(false)
38
- end
39
- it "is not reported when a fixed release is detected" do
40
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}]
41
- expect(@check.vuln?).to eq(false)
42
- end
43
- it "is not reported when a fixed release is detected" do
44
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.2"}]
45
- expect(@check.vuln?).to eq(false)
46
- end
47
- it "is not reported when a fixed release is detected" do
48
- @check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}]
49
- expect(@check.vuln?).to eq(false)
50
- end
51
- it "is not reported when a fixed release is detected" do
52
- @check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}]
53
- expect(@check.vuln?).to eq(false)
54
- end
55
- end