dawnscanner 1.6.8 → 2.0.0.rc4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.ruby-version +1 -1
- data/Changelog.md +27 -1
- data/LICENSE.txt +1 -1
- data/README.md +59 -57
- data/Rakefile +10 -242
- data/Roadmap.md +15 -23
- data/VERSION +1 -1
- data/bin/dawn +17 -273
- data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
- data/dawnscanner.gemspec +10 -9
- data/doc/change.sh +13 -0
- data/doc/kickstart_kb.tar.gz +0 -0
- data/doc/knowledge_base.rb +650 -0
- data/docs/.placeholder +0 -0
- data/docs/CNAME +1 -0
- data/docs/_config.yml +1 -0
- data/lib/dawn/cli/dawn_cli.rb +139 -0
- data/lib/dawn/core.rb +8 -7
- data/lib/dawn/engine.rb +93 -34
- data/lib/dawn/gemfile_lock.rb +2 -2
- data/lib/dawn/kb/basic_check.rb +1 -2
- data/lib/dawn/kb/combo_check.rb +1 -1
- data/lib/dawn/kb/dependency_check.rb +1 -1
- data/lib/dawn/kb/operating_system_check.rb +1 -1
- data/lib/dawn/kb/pattern_match_check.rb +10 -9
- data/lib/dawn/kb/ruby_version_check.rb +11 -10
- data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
- data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
- data/lib/dawn/kb/version_check.rb +41 -24
- data/lib/dawn/knowledge_base.rb +259 -595
- data/lib/dawn/reporter.rb +2 -1
- data/lib/dawn/utils.rb +5 -2
- data/lib/dawn/version.rb +5 -5
- data/lib/dawnscanner.rb +7 -6
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
- data/spec/lib/kb/dependency_check.yml +29 -0
- metadata +30 -496
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
- data/lib/dawn/kb/cve_2004_0755.rb +0 -33
- data/lib/dawn/kb/cve_2004_0983.rb +0 -31
- data/lib/dawn/kb/cve_2005_1992.rb +0 -31
- data/lib/dawn/kb/cve_2005_2337.rb +0 -33
- data/lib/dawn/kb/cve_2006_1931.rb +0 -30
- data/lib/dawn/kb/cve_2006_2582.rb +0 -28
- data/lib/dawn/kb/cve_2006_3694.rb +0 -31
- data/lib/dawn/kb/cve_2006_4112.rb +0 -27
- data/lib/dawn/kb/cve_2006_5467.rb +0 -28
- data/lib/dawn/kb/cve_2006_6303.rb +0 -28
- data/lib/dawn/kb/cve_2006_6852.rb +0 -27
- data/lib/dawn/kb/cve_2006_6979.rb +0 -29
- data/lib/dawn/kb/cve_2007_0469.rb +0 -29
- data/lib/dawn/kb/cve_2007_5162.rb +0 -28
- data/lib/dawn/kb/cve_2007_5379.rb +0 -27
- data/lib/dawn/kb/cve_2007_5380.rb +0 -29
- data/lib/dawn/kb/cve_2007_5770.rb +0 -30
- data/lib/dawn/kb/cve_2007_6077.rb +0 -31
- data/lib/dawn/kb/cve_2007_6612.rb +0 -30
- data/lib/dawn/kb/cve_2008_1145.rb +0 -38
- data/lib/dawn/kb/cve_2008_1891.rb +0 -38
- data/lib/dawn/kb/cve_2008_2376.rb +0 -30
- data/lib/dawn/kb/cve_2008_2662.rb +0 -33
- data/lib/dawn/kb/cve_2008_2663.rb +0 -32
- data/lib/dawn/kb/cve_2008_2664.rb +0 -33
- data/lib/dawn/kb/cve_2008_2725.rb +0 -31
- data/lib/dawn/kb/cve_2008_3655.rb +0 -37
- data/lib/dawn/kb/cve_2008_3657.rb +0 -37
- data/lib/dawn/kb/cve_2008_3790.rb +0 -30
- data/lib/dawn/kb/cve_2008_3905.rb +0 -36
- data/lib/dawn/kb/cve_2008_4094.rb +0 -27
- data/lib/dawn/kb/cve_2008_4310.rb +0 -100
- data/lib/dawn/kb/cve_2008_5189.rb +0 -27
- data/lib/dawn/kb/cve_2008_7248.rb +0 -27
- data/lib/dawn/kb/cve_2009_4078.rb +0 -29
- data/lib/dawn/kb/cve_2009_4124.rb +0 -30
- data/lib/dawn/kb/cve_2009_4214.rb +0 -27
- data/lib/dawn/kb/cve_2010_1330.rb +0 -28
- data/lib/dawn/kb/cve_2010_2489.rb +0 -60
- data/lib/dawn/kb/cve_2010_3933.rb +0 -27
- data/lib/dawn/kb/cve_2011_0188.rb +0 -67
- data/lib/dawn/kb/cve_2011_0446.rb +0 -28
- data/lib/dawn/kb/cve_2011_0447.rb +0 -28
- data/lib/dawn/kb/cve_2011_0739.rb +0 -28
- data/lib/dawn/kb/cve_2011_0995.rb +0 -61
- data/lib/dawn/kb/cve_2011_1004.rb +0 -34
- data/lib/dawn/kb/cve_2011_1005.rb +0 -31
- data/lib/dawn/kb/cve_2011_2197.rb +0 -27
- data/lib/dawn/kb/cve_2011_2686.rb +0 -29
- data/lib/dawn/kb/cve_2011_2705.rb +0 -32
- data/lib/dawn/kb/cve_2011_2929.rb +0 -27
- data/lib/dawn/kb/cve_2011_2930.rb +0 -28
- data/lib/dawn/kb/cve_2011_2931.rb +0 -30
- data/lib/dawn/kb/cve_2011_2932.rb +0 -27
- data/lib/dawn/kb/cve_2011_3009.rb +0 -28
- data/lib/dawn/kb/cve_2011_3186.rb +0 -29
- data/lib/dawn/kb/cve_2011_3187.rb +0 -29
- data/lib/dawn/kb/cve_2011_4319.rb +0 -30
- data/lib/dawn/kb/cve_2011_4815.rb +0 -28
- data/lib/dawn/kb/cve_2011_5036.rb +0 -26
- data/lib/dawn/kb/cve_2012_1098.rb +0 -30
- data/lib/dawn/kb/cve_2012_1099.rb +0 -27
- data/lib/dawn/kb/cve_2012_1241.rb +0 -27
- data/lib/dawn/kb/cve_2012_2139.rb +0 -26
- data/lib/dawn/kb/cve_2012_2140.rb +0 -27
- data/lib/dawn/kb/cve_2012_2660.rb +0 -28
- data/lib/dawn/kb/cve_2012_2661.rb +0 -27
- data/lib/dawn/kb/cve_2012_2671.rb +0 -28
- data/lib/dawn/kb/cve_2012_2694.rb +0 -30
- data/lib/dawn/kb/cve_2012_2695.rb +0 -27
- data/lib/dawn/kb/cve_2012_3424.rb +0 -29
- data/lib/dawn/kb/cve_2012_3463.rb +0 -27
- data/lib/dawn/kb/cve_2012_3464.rb +0 -27
- data/lib/dawn/kb/cve_2012_3465.rb +0 -26
- data/lib/dawn/kb/cve_2012_4464.rb +0 -27
- data/lib/dawn/kb/cve_2012_4466.rb +0 -27
- data/lib/dawn/kb/cve_2012_4481.rb +0 -26
- data/lib/dawn/kb/cve_2012_4522.rb +0 -27
- data/lib/dawn/kb/cve_2012_5370.rb +0 -27
- data/lib/dawn/kb/cve_2012_5371.rb +0 -27
- data/lib/dawn/kb/cve_2012_5380.rb +0 -28
- data/lib/dawn/kb/cve_2012_6109.rb +0 -25
- data/lib/dawn/kb/cve_2012_6134.rb +0 -27
- data/lib/dawn/kb/cve_2012_6496.rb +0 -28
- data/lib/dawn/kb/cve_2012_6497.rb +0 -28
- data/lib/dawn/kb/cve_2012_6684.rb +0 -28
- data/lib/dawn/kb/cve_2013_0155.rb +0 -29
- data/lib/dawn/kb/cve_2013_0156.rb +0 -27
- data/lib/dawn/kb/cve_2013_0162.rb +0 -28
- data/lib/dawn/kb/cve_2013_0175.rb +0 -27
- data/lib/dawn/kb/cve_2013_0183.rb +0 -25
- data/lib/dawn/kb/cve_2013_0184.rb +0 -25
- data/lib/dawn/kb/cve_2013_0233.rb +0 -26
- data/lib/dawn/kb/cve_2013_0256.rb +0 -59
- data/lib/dawn/kb/cve_2013_0262.rb +0 -26
- data/lib/dawn/kb/cve_2013_0263.rb +0 -26
- data/lib/dawn/kb/cve_2013_0269.rb +0 -27
- data/lib/dawn/kb/cve_2013_0276.rb +0 -28
- data/lib/dawn/kb/cve_2013_0277.rb +0 -25
- data/lib/dawn/kb/cve_2013_0284.rb +0 -27
- data/lib/dawn/kb/cve_2013_0285.rb +0 -27
- data/lib/dawn/kb/cve_2013_0333.rb +0 -28
- data/lib/dawn/kb/cve_2013_0334.rb +0 -25
- data/lib/dawn/kb/cve_2013_1607.rb +0 -25
- data/lib/dawn/kb/cve_2013_1655.rb +0 -65
- data/lib/dawn/kb/cve_2013_1656.rb +0 -28
- data/lib/dawn/kb/cve_2013_1756.rb +0 -26
- data/lib/dawn/kb/cve_2013_1800.rb +0 -26
- data/lib/dawn/kb/cve_2013_1801.rb +0 -27
- data/lib/dawn/kb/cve_2013_1802.rb +0 -27
- data/lib/dawn/kb/cve_2013_1812.rb +0 -27
- data/lib/dawn/kb/cve_2013_1821.rb +0 -28
- data/lib/dawn/kb/cve_2013_1854.rb +0 -26
- data/lib/dawn/kb/cve_2013_1855.rb +0 -25
- data/lib/dawn/kb/cve_2013_1856.rb +0 -26
- data/lib/dawn/kb/cve_2013_1857.rb +0 -27
- data/lib/dawn/kb/cve_2013_1875.rb +0 -27
- data/lib/dawn/kb/cve_2013_1898.rb +0 -27
- data/lib/dawn/kb/cve_2013_1911.rb +0 -28
- data/lib/dawn/kb/cve_2013_1933.rb +0 -27
- data/lib/dawn/kb/cve_2013_1947.rb +0 -27
- data/lib/dawn/kb/cve_2013_1948.rb +0 -27
- data/lib/dawn/kb/cve_2013_2065.rb +0 -29
- data/lib/dawn/kb/cve_2013_2090.rb +0 -28
- data/lib/dawn/kb/cve_2013_2105.rb +0 -26
- data/lib/dawn/kb/cve_2013_2119.rb +0 -27
- data/lib/dawn/kb/cve_2013_2512.rb +0 -26
- data/lib/dawn/kb/cve_2013_2513.rb +0 -25
- data/lib/dawn/kb/cve_2013_2516.rb +0 -26
- data/lib/dawn/kb/cve_2013_2615.rb +0 -27
- data/lib/dawn/kb/cve_2013_2616.rb +0 -27
- data/lib/dawn/kb/cve_2013_2617.rb +0 -28
- data/lib/dawn/kb/cve_2013_3221.rb +0 -27
- data/lib/dawn/kb/cve_2013_4164.rb +0 -30
- data/lib/dawn/kb/cve_2013_4203.rb +0 -25
- data/lib/dawn/kb/cve_2013_4389.rb +0 -26
- data/lib/dawn/kb/cve_2013_4413.rb +0 -27
- data/lib/dawn/kb/cve_2013_4457.rb +0 -29
- data/lib/dawn/kb/cve_2013_4478.rb +0 -26
- data/lib/dawn/kb/cve_2013_4479.rb +0 -26
- data/lib/dawn/kb/cve_2013_4489.rb +0 -28
- data/lib/dawn/kb/cve_2013_4491.rb +0 -29
- data/lib/dawn/kb/cve_2013_4492.rb +0 -29
- data/lib/dawn/kb/cve_2013_4562.rb +0 -27
- data/lib/dawn/kb/cve_2013_4593.rb +0 -27
- data/lib/dawn/kb/cve_2013_5647.rb +0 -29
- data/lib/dawn/kb/cve_2013_5671.rb +0 -26
- data/lib/dawn/kb/cve_2013_6414.rb +0 -30
- data/lib/dawn/kb/cve_2013_6415.rb +0 -29
- data/lib/dawn/kb/cve_2013_6416.rb +0 -29
- data/lib/dawn/kb/cve_2013_6417.rb +0 -30
- data/lib/dawn/kb/cve_2013_6421.rb +0 -28
- data/lib/dawn/kb/cve_2013_6459.rb +0 -28
- data/lib/dawn/kb/cve_2013_6460.rb +0 -53
- data/lib/dawn/kb/cve_2013_6461.rb +0 -57
- data/lib/dawn/kb/cve_2013_7086.rb +0 -27
- data/lib/dawn/kb/cve_2014_0036.rb +0 -27
- data/lib/dawn/kb/cve_2014_0080.rb +0 -29
- data/lib/dawn/kb/cve_2014_0081.rb +0 -27
- data/lib/dawn/kb/cve_2014_0082.rb +0 -27
- data/lib/dawn/kb/cve_2014_0130.rb +0 -27
- data/lib/dawn/kb/cve_2014_1233.rb +0 -27
- data/lib/dawn/kb/cve_2014_1234.rb +0 -26
- data/lib/dawn/kb/cve_2014_2322.rb +0 -28
- data/lib/dawn/kb/cve_2014_2525.rb +0 -59
- data/lib/dawn/kb/cve_2014_2538.rb +0 -26
- data/lib/dawn/kb/cve_2014_3482.rb +0 -28
- data/lib/dawn/kb/cve_2014_3483.rb +0 -28
- data/lib/dawn/kb/cve_2014_3916.rb +0 -29
- data/lib/dawn/kb/cve_2014_4975.rb +0 -28
- data/lib/dawn/kb/cve_2014_7818.rb +0 -27
- data/lib/dawn/kb/cve_2014_7819.rb +0 -31
- data/lib/dawn/kb/cve_2014_7829.rb +0 -30
- data/lib/dawn/kb/cve_2014_8090.rb +0 -30
- data/lib/dawn/kb/cve_2014_9490.rb +0 -29
- data/lib/dawn/kb/cve_2015_1819.rb +0 -34
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
- data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
- data/lib/dawn/kb/cve_2015_2963.rb +0 -27
- data/lib/dawn/kb/cve_2015_3224.rb +0 -26
- data/lib/dawn/kb/cve_2015_3225.rb +0 -28
- data/lib/dawn/kb/cve_2015_3226.rb +0 -27
- data/lib/dawn/kb/cve_2015_3227.rb +0 -28
- data/lib/dawn/kb/cve_2015_3448.rb +0 -29
- data/lib/dawn/kb/cve_2015_4020.rb +0 -34
- data/lib/dawn/kb/cve_2015_5312.rb +0 -30
- data/lib/dawn/kb/cve_2015_7497.rb +0 -32
- data/lib/dawn/kb/cve_2015_7498.rb +0 -32
- data/lib/dawn/kb/cve_2015_7499.rb +0 -32
- data/lib/dawn/kb/cve_2015_7500.rb +0 -32
- data/lib/dawn/kb/cve_2015_7519.rb +0 -31
- data/lib/dawn/kb/cve_2015_7541.rb +0 -31
- data/lib/dawn/kb/cve_2015_7576.rb +0 -35
- data/lib/dawn/kb/cve_2015_7577.rb +0 -34
- data/lib/dawn/kb/cve_2015_7578.rb +0 -30
- data/lib/dawn/kb/cve_2015_7579.rb +0 -30
- data/lib/dawn/kb/cve_2015_7581.rb +0 -33
- data/lib/dawn/kb/cve_2015_8241.rb +0 -32
- data/lib/dawn/kb/cve_2015_8242.rb +0 -32
- data/lib/dawn/kb/cve_2015_8317.rb +0 -32
- data/lib/dawn/kb/cve_2016_0751.rb +0 -32
- data/lib/dawn/kb/cve_2016_0752.rb +0 -35
- data/lib/dawn/kb/cve_2016_0753.rb +0 -31
- data/lib/dawn/kb/cve_2016_2097.rb +0 -35
- data/lib/dawn/kb/cve_2016_2098.rb +0 -35
- data/lib/dawn/kb/cve_2016_5697.rb +0 -30
- data/lib/dawn/kb/cve_2016_6316.rb +0 -33
- data/lib/dawn/kb/cve_2016_6317.rb +0 -32
- data/lib/dawn/kb/cve_2016_6582.rb +0 -43
- data/lib/dawn/kb/not_revised_code.rb +0 -22
- data/lib/dawn/kb/osvdb_105971.rb +0 -29
- data/lib/dawn/kb/osvdb_108530.rb +0 -27
- data/lib/dawn/kb/osvdb_108563.rb +0 -28
- data/lib/dawn/kb/osvdb_108569.rb +0 -28
- data/lib/dawn/kb/osvdb_108570.rb +0 -27
- data/lib/dawn/kb/osvdb_115654.rb +0 -33
- data/lib/dawn/kb/osvdb_116010.rb +0 -30
- data/lib/dawn/kb/osvdb_117903.rb +0 -30
- data/lib/dawn/kb/osvdb_118579.rb +0 -31
- data/lib/dawn/kb/osvdb_118830.rb +0 -32
- data/lib/dawn/kb/osvdb_118954.rb +0 -33
- data/lib/dawn/kb/osvdb_119878.rb +0 -32
- data/lib/dawn/kb/osvdb_119927.rb +0 -33
- data/lib/dawn/kb/osvdb_120415.rb +0 -31
- data/lib/dawn/kb/osvdb_120857.rb +0 -34
- data/lib/dawn/kb/osvdb_121701.rb +0 -30
- data/lib/dawn/kb/osvdb_132234.rb +0 -34
- data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
- data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
- data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
- data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
- data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
- data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
- data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
- data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
- data/lib/dawn/knowledge_base_experimental.rb +0 -245
- data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
- data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
- data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
- data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
- data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
- data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
- data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
- data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
- data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
- data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
- data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
- data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
- data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
- data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
- data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
- data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
- data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
- data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
- data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
- data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
- data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
- data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
- data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
- data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
- data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
- data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
- data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
- data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
- data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
- data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
- data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
- data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
- data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
- data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
- data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
- data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
- data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
- data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
- data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
- data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
- data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
- data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
- data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
- data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
- data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
- data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
- data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
- data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
- data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
- data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
- data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
- data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
- data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
- data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
- data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
- data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
- data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
- data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
- data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
- data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
- data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
- data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
- data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
- data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
- data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
- data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
- data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
- data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
- metadata.gz.sig +0 -0
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-7578 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_7578.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.2"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is not reported when a fixed release is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.3"}]
|
|
13
|
-
expect(@check.vuln?).to eq(false)
|
|
14
|
-
end
|
|
15
|
-
end
|
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-7579 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_7579.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.2"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is not reported when a fixed release is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"", :version=>"1.0.3"}]
|
|
13
|
-
expect(@check.vuln?).to eq(false)
|
|
14
|
-
end
|
|
15
|
-
it "is not reported when a fixed release is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"", :version=>"1.0.0"}]
|
|
17
|
-
expect(@check.vuln?).to eq(false)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"", :version=>"1.0.1"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
end
|
|
@@ -1,51 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-7581 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_7581.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is reported when the vulnerable gem is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}]
|
|
21
|
-
expect(@check.vuln?).to eq(true)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.1"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
it "is not reported when a fixed release is detected" do
|
|
32
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}]
|
|
33
|
-
expect(@check.vuln?).to eq(false)
|
|
34
|
-
end
|
|
35
|
-
it "is not reported when a fixed release is detected" do
|
|
36
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}]
|
|
37
|
-
expect(@check.vuln?).to eq(false)
|
|
38
|
-
end
|
|
39
|
-
it "is not reported when a fixed release is detected" do
|
|
40
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}]
|
|
41
|
-
expect(@check.vuln?).to eq(false)
|
|
42
|
-
end
|
|
43
|
-
it "is not reported when a fixed release is detected" do
|
|
44
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.1"}]
|
|
45
|
-
expect(@check.vuln?).to eq(false)
|
|
46
|
-
end
|
|
47
|
-
it "is not reported when a fixed release is detected" do
|
|
48
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.23"}]
|
|
49
|
-
expect(@check.vuln?).to eq(false)
|
|
50
|
-
end
|
|
51
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-8241 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_8241.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-8242 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_8242.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2015-8317 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2015_8317.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
end
|
|
@@ -1,55 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2016-0751 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2016_0751.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is reported when the vulnerable gem is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.0.3"}]
|
|
21
|
-
expect(@check.vuln?).to eq(true)
|
|
22
|
-
end
|
|
23
|
-
it "is reported when the vulnerable gem is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}]
|
|
25
|
-
expect(@check.vuln?).to eq(true)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"", :version=>"5.0.0"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
it "is not reported when a fixed release is detected" do
|
|
32
|
-
@check.dependencies = [{:name=>"", :version=>"4.2.5.1"}]
|
|
33
|
-
expect(@check.vuln?).to eq(false)
|
|
34
|
-
end
|
|
35
|
-
it "is not reported when a fixed release is detected" do
|
|
36
|
-
@check.dependencies = [{:name=>"", :version=>"4.2.6"}]
|
|
37
|
-
expect(@check.vuln?).to eq(false)
|
|
38
|
-
end
|
|
39
|
-
it "is not reported when a fixed release is detected" do
|
|
40
|
-
@check.dependencies = [{:name=>"", :version=>"4.1.14.2"}]
|
|
41
|
-
expect(@check.vuln?).to eq(false)
|
|
42
|
-
end
|
|
43
|
-
it "is not reported when a fixed release is detected" do
|
|
44
|
-
@check.dependencies = [{:name=>"", :version=>"4.1.15"}]
|
|
45
|
-
expect(@check.vuln?).to eq(false)
|
|
46
|
-
end
|
|
47
|
-
it "is not reported when a fixed release is detected" do
|
|
48
|
-
@check.dependencies = [{:name=>"", :version=>"3.2.22.1"}]
|
|
49
|
-
expect(@check.vuln?).to eq(false)
|
|
50
|
-
end
|
|
51
|
-
it "is not reported when a fixed release is detected" do
|
|
52
|
-
@check.dependencies = [{:name=>"", :version=>"3.2.23"}]
|
|
53
|
-
expect(@check.vuln?).to eq(false)
|
|
54
|
-
end
|
|
55
|
-
end
|
|
@@ -1,51 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2016-0752 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2016_0752.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"actionview", :version=>"5.0.0.beta.1"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"actionview", :version=>"4.2.5"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"actionview", :version=>"4.1.14"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is reported when the vulnerable gem is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"actionview", :version=>"3.2.22"}]
|
|
21
|
-
expect(@check.vuln?).to eq(true)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"actionview", :version=>"5.0.0"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"actionview", :version=>"4.2.5.1"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
it "is not reported when a fixed release is detected" do
|
|
32
|
-
@check.dependencies = [{:name=>"actionview", :version=>"4.2.6"}]
|
|
33
|
-
expect(@check.vuln?).to eq(false)
|
|
34
|
-
end
|
|
35
|
-
it "is not reported when a fixed release is detected" do
|
|
36
|
-
@check.dependencies = [{:name=>"actionview", :version=>"4.1.14.2"}]
|
|
37
|
-
expect(@check.vuln?).to eq(false)
|
|
38
|
-
end
|
|
39
|
-
it "is not reported when a fixed release is detected" do
|
|
40
|
-
@check.dependencies = [{:name=>"actionview", :version=>"4.1.15"}]
|
|
41
|
-
expect(@check.vuln?).to eq(false)
|
|
42
|
-
end
|
|
43
|
-
it "is not reported when a fixed release is detected" do
|
|
44
|
-
@check.dependencies = [{:name=>"actionview", :version=>"3.2.22.1"}]
|
|
45
|
-
expect(@check.vuln?).to eq(false)
|
|
46
|
-
end
|
|
47
|
-
it "is not reported when a fixed release is detected" do
|
|
48
|
-
@check.dependencies = [{:name=>"actionview", :version=>"3.2.23"}]
|
|
49
|
-
expect(@check.vuln?).to eq(false)
|
|
50
|
-
end
|
|
51
|
-
end
|
|
@@ -1,51 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2016-0753 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2016_0753.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"activemodel", :version=>"5.0.0.beta.1"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"activemodel", :version=>"4.2.5"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"activemodel", :version=>"4.1.14"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is reported when the vulnerable gem is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"activemodel", :version=>"3.2.22"}]
|
|
21
|
-
expect(@check.vuln?).to eq(true)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"activemodel", :version=>"5.0.0"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"activemodel", :version=>"4.2.5.1"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
it "is not reported when a fixed release is detected" do
|
|
32
|
-
@check.dependencies = [{:name=>"activemodel", :version=>"4.2.6"}]
|
|
33
|
-
expect(@check.vuln?).to eq(false)
|
|
34
|
-
end
|
|
35
|
-
it "is not reported when a fixed release is detected" do
|
|
36
|
-
@check.dependencies = [{:name=>"activemodel", :version=>"4.1.14.2"}]
|
|
37
|
-
expect(@check.vuln?).to eq(false)
|
|
38
|
-
end
|
|
39
|
-
it "is not reported when a fixed release is detected" do
|
|
40
|
-
@check.dependencies = [{:name=>"activemodel", :version=>"4.1.15"}]
|
|
41
|
-
expect(@check.vuln?).to eq(false)
|
|
42
|
-
end
|
|
43
|
-
it "is not reported when a fixed release is detected" do
|
|
44
|
-
@check.dependencies = [{:name=>"activemodel", :version=>"3.2.22.1"}]
|
|
45
|
-
expect(@check.vuln?).to eq(false)
|
|
46
|
-
end
|
|
47
|
-
it "is not reported when a fixed release is detected" do
|
|
48
|
-
@check.dependencies = [{:name=>"activemodel", :version=>"3.2.23"}]
|
|
49
|
-
expect(@check.vuln?).to eq(false)
|
|
50
|
-
end
|
|
51
|
-
end
|
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2016-2097 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2016_2097.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"actionview", :version=>"3.2.12"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"actionview", :version=>"4.0.3"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"actionview", :version=>"4.1.2"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is not reported when a fixed release is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"actionview", :version=>"5.0.0"}]
|
|
21
|
-
expect(@check.vuln?).to eq(false)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"actionview", :version=>"3.2.22.2"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"actionview", :version=>"4.1.14.2"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
it "is not reported when a fixed release is detected" do
|
|
32
|
-
@check.dependencies = [{:name=>"actionview", :version=>"4.2.5.2"}]
|
|
33
|
-
expect(@check.vuln?).to eq(false)
|
|
34
|
-
end
|
|
35
|
-
end
|
|
@@ -1,55 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
describe "The CVE-2016-2098 vulnerability" do
|
|
3
|
-
before(:all) do
|
|
4
|
-
@check = Dawn::Kb::CVE_2016_2098.new
|
|
5
|
-
# @check.debug = true
|
|
6
|
-
end
|
|
7
|
-
it "is reported when the vulnerable gem is detected" do
|
|
8
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.12"}]
|
|
9
|
-
expect(@check.vuln?).to eq(true)
|
|
10
|
-
end
|
|
11
|
-
it "is reported when the vulnerable gem is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.0.3"}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "is reported when the vulnerable gem is detected" do
|
|
16
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.2"}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
it "is reported when the vulnerable gem is detected" do
|
|
20
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.2"}]
|
|
21
|
-
expect(@check.vuln?).to eq(true)
|
|
22
|
-
end
|
|
23
|
-
it "is not reported when a fixed release is detected" do
|
|
24
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"5.0"}]
|
|
25
|
-
expect(@check.vuln?).to eq(false)
|
|
26
|
-
end
|
|
27
|
-
it "is not reported when a fixed release is detected" do
|
|
28
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}]
|
|
29
|
-
expect(@check.vuln?).to eq(false)
|
|
30
|
-
end
|
|
31
|
-
it "is not reported when a fixed release is detected" do
|
|
32
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.1"}]
|
|
33
|
-
expect(@check.vuln?).to eq(false)
|
|
34
|
-
end
|
|
35
|
-
it "is not reported when a fixed release is detected" do
|
|
36
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.2"}]
|
|
37
|
-
expect(@check.vuln?).to eq(false)
|
|
38
|
-
end
|
|
39
|
-
it "is not reported when a fixed release is detected" do
|
|
40
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}]
|
|
41
|
-
expect(@check.vuln?).to eq(false)
|
|
42
|
-
end
|
|
43
|
-
it "is not reported when a fixed release is detected" do
|
|
44
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.2"}]
|
|
45
|
-
expect(@check.vuln?).to eq(false)
|
|
46
|
-
end
|
|
47
|
-
it "is not reported when a fixed release is detected" do
|
|
48
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}]
|
|
49
|
-
expect(@check.vuln?).to eq(false)
|
|
50
|
-
end
|
|
51
|
-
it "is not reported when a fixed release is detected" do
|
|
52
|
-
@check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}]
|
|
53
|
-
expect(@check.vuln?).to eq(false)
|
|
54
|
-
end
|
|
55
|
-
end
|