RubyGems - dawnscanner - Versions diffs - 1.6.8 → 2.0.0.rc4 - Mend

dawnscanner 1.6.8 → 2.0.0.rc4

Files changed (387) hide show

checksums.yaml +5 -5
data/.gitignore +1 -0
data/.ruby-version +1 -1
data/Changelog.md +27 -1
data/LICENSE.txt +1 -1
data/README.md +59 -57
data/Rakefile +10 -242
data/Roadmap.md +15 -23
data/VERSION +1 -1
data/bin/dawn +17 -273
data/checksum/dawnscanner-1.6.8.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc1.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc2.gem.sha1 +1 -0
data/checksum/dawnscanner-2.0.0.rc3.gem.sha1 +1 -0
data/dawnscanner.gemspec +10 -9
data/doc/change.sh +13 -0
data/doc/kickstart_kb.tar.gz +0 -0
data/doc/knowledge_base.rb +650 -0
data/docs/.placeholder +0 -0
data/docs/CNAME +1 -0
data/docs/_config.yml +1 -0
data/lib/dawn/cli/dawn_cli.rb +139 -0
data/lib/dawn/core.rb +8 -7
data/lib/dawn/engine.rb +93 -34
data/lib/dawn/gemfile_lock.rb +2 -2
data/lib/dawn/kb/basic_check.rb +1 -2
data/lib/dawn/kb/combo_check.rb +1 -1
data/lib/dawn/kb/dependency_check.rb +1 -1
data/lib/dawn/kb/operating_system_check.rb +1 -1
data/lib/dawn/kb/pattern_match_check.rb +10 -9
data/lib/dawn/kb/ruby_version_check.rb +11 -10
data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
data/lib/dawn/kb/unsafe_depedency_check.rb +44 -0
data/lib/dawn/kb/version_check.rb +41 -24
data/lib/dawn/knowledge_base.rb +259 -595
data/lib/dawn/reporter.rb +2 -1
data/lib/dawn/utils.rb +5 -2
data/lib/dawn/version.rb +5 -5
data/lib/dawnscanner.rb +7 -6
data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +29 -0
data/spec/lib/kb/dependency_check.yml +29 -0
metadata +30 -496
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/certs/paolo_at_dawnscanner_dot_org.pem +0 -21
data/lib/dawn/kb/cve_2004_0755.rb +0 -33
data/lib/dawn/kb/cve_2004_0983.rb +0 -31
data/lib/dawn/kb/cve_2005_1992.rb +0 -31
data/lib/dawn/kb/cve_2005_2337.rb +0 -33
data/lib/dawn/kb/cve_2006_1931.rb +0 -30
data/lib/dawn/kb/cve_2006_2582.rb +0 -28
data/lib/dawn/kb/cve_2006_3694.rb +0 -31
data/lib/dawn/kb/cve_2006_4112.rb +0 -27
data/lib/dawn/kb/cve_2006_5467.rb +0 -28
data/lib/dawn/kb/cve_2006_6303.rb +0 -28
data/lib/dawn/kb/cve_2006_6852.rb +0 -27
data/lib/dawn/kb/cve_2006_6979.rb +0 -29
data/lib/dawn/kb/cve_2007_0469.rb +0 -29
data/lib/dawn/kb/cve_2007_5162.rb +0 -28
data/lib/dawn/kb/cve_2007_5379.rb +0 -27
data/lib/dawn/kb/cve_2007_5380.rb +0 -29
data/lib/dawn/kb/cve_2007_5770.rb +0 -30
data/lib/dawn/kb/cve_2007_6077.rb +0 -31
data/lib/dawn/kb/cve_2007_6612.rb +0 -30
data/lib/dawn/kb/cve_2008_1145.rb +0 -38
data/lib/dawn/kb/cve_2008_1891.rb +0 -38
data/lib/dawn/kb/cve_2008_2376.rb +0 -30
data/lib/dawn/kb/cve_2008_2662.rb +0 -33
data/lib/dawn/kb/cve_2008_2663.rb +0 -32
data/lib/dawn/kb/cve_2008_2664.rb +0 -33
data/lib/dawn/kb/cve_2008_2725.rb +0 -31
data/lib/dawn/kb/cve_2008_3655.rb +0 -37
data/lib/dawn/kb/cve_2008_3657.rb +0 -37
data/lib/dawn/kb/cve_2008_3790.rb +0 -30
data/lib/dawn/kb/cve_2008_3905.rb +0 -36
data/lib/dawn/kb/cve_2008_4094.rb +0 -27
data/lib/dawn/kb/cve_2008_4310.rb +0 -100
data/lib/dawn/kb/cve_2008_5189.rb +0 -27
data/lib/dawn/kb/cve_2008_7248.rb +0 -27
data/lib/dawn/kb/cve_2009_4078.rb +0 -29
data/lib/dawn/kb/cve_2009_4124.rb +0 -30
data/lib/dawn/kb/cve_2009_4214.rb +0 -27
data/lib/dawn/kb/cve_2010_1330.rb +0 -28
data/lib/dawn/kb/cve_2010_2489.rb +0 -60
data/lib/dawn/kb/cve_2010_3933.rb +0 -27
data/lib/dawn/kb/cve_2011_0188.rb +0 -67
data/lib/dawn/kb/cve_2011_0446.rb +0 -28
data/lib/dawn/kb/cve_2011_0447.rb +0 -28
data/lib/dawn/kb/cve_2011_0739.rb +0 -28
data/lib/dawn/kb/cve_2011_0995.rb +0 -61
data/lib/dawn/kb/cve_2011_1004.rb +0 -34
data/lib/dawn/kb/cve_2011_1005.rb +0 -31
data/lib/dawn/kb/cve_2011_2197.rb +0 -27
data/lib/dawn/kb/cve_2011_2686.rb +0 -29
data/lib/dawn/kb/cve_2011_2705.rb +0 -32
data/lib/dawn/kb/cve_2011_2929.rb +0 -27
data/lib/dawn/kb/cve_2011_2930.rb +0 -28
data/lib/dawn/kb/cve_2011_2931.rb +0 -30
data/lib/dawn/kb/cve_2011_2932.rb +0 -27
data/lib/dawn/kb/cve_2011_3009.rb +0 -28
data/lib/dawn/kb/cve_2011_3186.rb +0 -29
data/lib/dawn/kb/cve_2011_3187.rb +0 -29
data/lib/dawn/kb/cve_2011_4319.rb +0 -30
data/lib/dawn/kb/cve_2011_4815.rb +0 -28
data/lib/dawn/kb/cve_2011_5036.rb +0 -26
data/lib/dawn/kb/cve_2012_1098.rb +0 -30
data/lib/dawn/kb/cve_2012_1099.rb +0 -27
data/lib/dawn/kb/cve_2012_1241.rb +0 -27
data/lib/dawn/kb/cve_2012_2139.rb +0 -26
data/lib/dawn/kb/cve_2012_2140.rb +0 -27
data/lib/dawn/kb/cve_2012_2660.rb +0 -28
data/lib/dawn/kb/cve_2012_2661.rb +0 -27
data/lib/dawn/kb/cve_2012_2671.rb +0 -28
data/lib/dawn/kb/cve_2012_2694.rb +0 -30
data/lib/dawn/kb/cve_2012_2695.rb +0 -27
data/lib/dawn/kb/cve_2012_3424.rb +0 -29
data/lib/dawn/kb/cve_2012_3463.rb +0 -27
data/lib/dawn/kb/cve_2012_3464.rb +0 -27
data/lib/dawn/kb/cve_2012_3465.rb +0 -26
data/lib/dawn/kb/cve_2012_4464.rb +0 -27
data/lib/dawn/kb/cve_2012_4466.rb +0 -27
data/lib/dawn/kb/cve_2012_4481.rb +0 -26
data/lib/dawn/kb/cve_2012_4522.rb +0 -27
data/lib/dawn/kb/cve_2012_5370.rb +0 -27
data/lib/dawn/kb/cve_2012_5371.rb +0 -27
data/lib/dawn/kb/cve_2012_5380.rb +0 -28
data/lib/dawn/kb/cve_2012_6109.rb +0 -25
data/lib/dawn/kb/cve_2012_6134.rb +0 -27
data/lib/dawn/kb/cve_2012_6496.rb +0 -28
data/lib/dawn/kb/cve_2012_6497.rb +0 -28
data/lib/dawn/kb/cve_2012_6684.rb +0 -28
data/lib/dawn/kb/cve_2013_0155.rb +0 -29
data/lib/dawn/kb/cve_2013_0156.rb +0 -27
data/lib/dawn/kb/cve_2013_0162.rb +0 -28
data/lib/dawn/kb/cve_2013_0175.rb +0 -27
data/lib/dawn/kb/cve_2013_0183.rb +0 -25
data/lib/dawn/kb/cve_2013_0184.rb +0 -25
data/lib/dawn/kb/cve_2013_0233.rb +0 -26
data/lib/dawn/kb/cve_2013_0256.rb +0 -59
data/lib/dawn/kb/cve_2013_0262.rb +0 -26
data/lib/dawn/kb/cve_2013_0263.rb +0 -26
data/lib/dawn/kb/cve_2013_0269.rb +0 -27
data/lib/dawn/kb/cve_2013_0276.rb +0 -28
data/lib/dawn/kb/cve_2013_0277.rb +0 -25
data/lib/dawn/kb/cve_2013_0284.rb +0 -27
data/lib/dawn/kb/cve_2013_0285.rb +0 -27
data/lib/dawn/kb/cve_2013_0333.rb +0 -28
data/lib/dawn/kb/cve_2013_0334.rb +0 -25
data/lib/dawn/kb/cve_2013_1607.rb +0 -25
data/lib/dawn/kb/cve_2013_1655.rb +0 -65
data/lib/dawn/kb/cve_2013_1656.rb +0 -28
data/lib/dawn/kb/cve_2013_1756.rb +0 -26
data/lib/dawn/kb/cve_2013_1800.rb +0 -26
data/lib/dawn/kb/cve_2013_1801.rb +0 -27
data/lib/dawn/kb/cve_2013_1802.rb +0 -27
data/lib/dawn/kb/cve_2013_1812.rb +0 -27
data/lib/dawn/kb/cve_2013_1821.rb +0 -28
data/lib/dawn/kb/cve_2013_1854.rb +0 -26
data/lib/dawn/kb/cve_2013_1855.rb +0 -25
data/lib/dawn/kb/cve_2013_1856.rb +0 -26
data/lib/dawn/kb/cve_2013_1857.rb +0 -27
data/lib/dawn/kb/cve_2013_1875.rb +0 -27
data/lib/dawn/kb/cve_2013_1898.rb +0 -27
data/lib/dawn/kb/cve_2013_1911.rb +0 -28
data/lib/dawn/kb/cve_2013_1933.rb +0 -27
data/lib/dawn/kb/cve_2013_1947.rb +0 -27
data/lib/dawn/kb/cve_2013_1948.rb +0 -27
data/lib/dawn/kb/cve_2013_2065.rb +0 -29
data/lib/dawn/kb/cve_2013_2090.rb +0 -28
data/lib/dawn/kb/cve_2013_2105.rb +0 -26
data/lib/dawn/kb/cve_2013_2119.rb +0 -27
data/lib/dawn/kb/cve_2013_2512.rb +0 -26
data/lib/dawn/kb/cve_2013_2513.rb +0 -25
data/lib/dawn/kb/cve_2013_2516.rb +0 -26
data/lib/dawn/kb/cve_2013_2615.rb +0 -27
data/lib/dawn/kb/cve_2013_2616.rb +0 -27
data/lib/dawn/kb/cve_2013_2617.rb +0 -28
data/lib/dawn/kb/cve_2013_3221.rb +0 -27
data/lib/dawn/kb/cve_2013_4164.rb +0 -30
data/lib/dawn/kb/cve_2013_4203.rb +0 -25
data/lib/dawn/kb/cve_2013_4389.rb +0 -26
data/lib/dawn/kb/cve_2013_4413.rb +0 -27
data/lib/dawn/kb/cve_2013_4457.rb +0 -29
data/lib/dawn/kb/cve_2013_4478.rb +0 -26
data/lib/dawn/kb/cve_2013_4479.rb +0 -26
data/lib/dawn/kb/cve_2013_4489.rb +0 -28
data/lib/dawn/kb/cve_2013_4491.rb +0 -29
data/lib/dawn/kb/cve_2013_4492.rb +0 -29
data/lib/dawn/kb/cve_2013_4562.rb +0 -27
data/lib/dawn/kb/cve_2013_4593.rb +0 -27
data/lib/dawn/kb/cve_2013_5647.rb +0 -29
data/lib/dawn/kb/cve_2013_5671.rb +0 -26
data/lib/dawn/kb/cve_2013_6414.rb +0 -30
data/lib/dawn/kb/cve_2013_6415.rb +0 -29
data/lib/dawn/kb/cve_2013_6416.rb +0 -29
data/lib/dawn/kb/cve_2013_6417.rb +0 -30
data/lib/dawn/kb/cve_2013_6421.rb +0 -28
data/lib/dawn/kb/cve_2013_6459.rb +0 -28
data/lib/dawn/kb/cve_2013_6460.rb +0 -53
data/lib/dawn/kb/cve_2013_6461.rb +0 -57
data/lib/dawn/kb/cve_2013_7086.rb +0 -27
data/lib/dawn/kb/cve_2014_0036.rb +0 -27
data/lib/dawn/kb/cve_2014_0080.rb +0 -29
data/lib/dawn/kb/cve_2014_0081.rb +0 -27
data/lib/dawn/kb/cve_2014_0082.rb +0 -27
data/lib/dawn/kb/cve_2014_0130.rb +0 -27
data/lib/dawn/kb/cve_2014_1233.rb +0 -27
data/lib/dawn/kb/cve_2014_1234.rb +0 -26
data/lib/dawn/kb/cve_2014_2322.rb +0 -28
data/lib/dawn/kb/cve_2014_2525.rb +0 -59
data/lib/dawn/kb/cve_2014_2538.rb +0 -26
data/lib/dawn/kb/cve_2014_3482.rb +0 -28
data/lib/dawn/kb/cve_2014_3483.rb +0 -28
data/lib/dawn/kb/cve_2014_3916.rb +0 -29
data/lib/dawn/kb/cve_2014_4975.rb +0 -28
data/lib/dawn/kb/cve_2014_7818.rb +0 -27
data/lib/dawn/kb/cve_2014_7819.rb +0 -31
data/lib/dawn/kb/cve_2014_7829.rb +0 -30
data/lib/dawn/kb/cve_2014_8090.rb +0 -30
data/lib/dawn/kb/cve_2014_9490.rb +0 -29
data/lib/dawn/kb/cve_2015_1819.rb +0 -34
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
data/lib/dawn/kb/cve_2015_2963.rb +0 -27
data/lib/dawn/kb/cve_2015_3224.rb +0 -26
data/lib/dawn/kb/cve_2015_3225.rb +0 -28
data/lib/dawn/kb/cve_2015_3226.rb +0 -27
data/lib/dawn/kb/cve_2015_3227.rb +0 -28
data/lib/dawn/kb/cve_2015_3448.rb +0 -29
data/lib/dawn/kb/cve_2015_4020.rb +0 -34
data/lib/dawn/kb/cve_2015_5312.rb +0 -30
data/lib/dawn/kb/cve_2015_7497.rb +0 -32
data/lib/dawn/kb/cve_2015_7498.rb +0 -32
data/lib/dawn/kb/cve_2015_7499.rb +0 -32
data/lib/dawn/kb/cve_2015_7500.rb +0 -32
data/lib/dawn/kb/cve_2015_7519.rb +0 -31
data/lib/dawn/kb/cve_2015_7541.rb +0 -31
data/lib/dawn/kb/cve_2015_7576.rb +0 -35
data/lib/dawn/kb/cve_2015_7577.rb +0 -34
data/lib/dawn/kb/cve_2015_7578.rb +0 -30
data/lib/dawn/kb/cve_2015_7579.rb +0 -30
data/lib/dawn/kb/cve_2015_7581.rb +0 -33
data/lib/dawn/kb/cve_2015_8241.rb +0 -32
data/lib/dawn/kb/cve_2015_8242.rb +0 -32
data/lib/dawn/kb/cve_2015_8317.rb +0 -32
data/lib/dawn/kb/cve_2016_0751.rb +0 -32
data/lib/dawn/kb/cve_2016_0752.rb +0 -35
data/lib/dawn/kb/cve_2016_0753.rb +0 -31
data/lib/dawn/kb/cve_2016_2097.rb +0 -35
data/lib/dawn/kb/cve_2016_2098.rb +0 -35
data/lib/dawn/kb/cve_2016_5697.rb +0 -30
data/lib/dawn/kb/cve_2016_6316.rb +0 -33
data/lib/dawn/kb/cve_2016_6317.rb +0 -32
data/lib/dawn/kb/cve_2016_6582.rb +0 -43
data/lib/dawn/kb/not_revised_code.rb +0 -22
data/lib/dawn/kb/osvdb_105971.rb +0 -29
data/lib/dawn/kb/osvdb_108530.rb +0 -27
data/lib/dawn/kb/osvdb_108563.rb +0 -28
data/lib/dawn/kb/osvdb_108569.rb +0 -28
data/lib/dawn/kb/osvdb_108570.rb +0 -27
data/lib/dawn/kb/osvdb_115654.rb +0 -33
data/lib/dawn/kb/osvdb_116010.rb +0 -30
data/lib/dawn/kb/osvdb_117903.rb +0 -30
data/lib/dawn/kb/osvdb_118579.rb +0 -31
data/lib/dawn/kb/osvdb_118830.rb +0 -32
data/lib/dawn/kb/osvdb_118954.rb +0 -33
data/lib/dawn/kb/osvdb_119878.rb +0 -32
data/lib/dawn/kb/osvdb_119927.rb +0 -33
data/lib/dawn/kb/osvdb_120415.rb +0 -31
data/lib/dawn/kb/osvdb_120857.rb +0 -34
data/lib/dawn/kb/osvdb_121701.rb +0 -30
data/lib/dawn/kb/osvdb_132234.rb +0 -34
data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
data/lib/dawn/knowledge_base_experimental.rb +0 -245
data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
data/spec/lib/kb/cve_2016_2098_spec.rb +0 -55
data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
data/spec/lib/kb/osvdb_132234_spec.rb +0 -15
metadata.gz.sig +0 -0

data/lib/dawn/kb/cve_2007_5379.rb DELETED Viewed

@@ -1,27 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2007_5379
-				include DependencyCheck
-				def initialize
-          message = "Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file."
-          super({
-            :name=>"CVE-2007-5379",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N",
-            :release_date => Date.new(2007, 10, 19),
-            :cwe=>"200",
-            :owasp=>"A9",
-            :applies=>["rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade rails version at least to 1.2.4 or higher. As a general rule, using the latest stable rails version is recommended.",
-            :aux_links=>["http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release"]
-          })
-          self.safe_dependencies = [{:name=>"rails", :version=>['1.2.4']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2007_5380.rb DELETED Viewed

@@ -1,29 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2007_5380
-				include DependencyCheck
-				def initialize
-          message = "Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to \"URL-based sessions.\""
-           super({
-            :name=>"CVE-2007-5380",
-            :cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2007, 10, 19),
-            :cwe=>"",
-            :severity=>:high,
-            :priority=>:high,
-            :owasp=>"A9",
-            :applies=>["rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade rails version at least to 1.2.4 or higher. As a general rule, using the latest stable rails version is recommended.",
-            :aux_links=>["http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release"]
-          })
-          self.safe_dependencies = [{:name=>"rails", :version=>['1.2.4']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2007_5770.rb DELETED Viewed

@@ -1,30 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2007_5770
-				include RubyVersionCheck
-				def initialize
-          message = "The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162."
-          super({
-            :name=>"CVE-2007-5770",
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:P/A:N",
-            :release_date => Date.new(2007, 11, 14),
-            :cwe=>"22",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"Upgrade your ruby interpreter",
-            :aux_links=>["http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656"]
-          })
-          self.safe_rubies = [
-            {:engine=>"ruby", :version=>"1.8.6", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.5", :patchlevel=>"p999"}
-          ]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2007_6077.rb DELETED Viewed

@@ -1,31 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2007_6077
-				include DependencyCheck
-				def initialize
-          message = "The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380. It has been reviewed in 2012 and it affects also 2.3.x, 3.0.x and 3.1.x."
-          super({
-            :name=>"CVE-2007-6077",
-            :cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2007, 11, 21),
-            :cwe=>"362",
-            :severity=>:high,
-            :priority=>:high,
-            :owasp=>"A9",
-            :applies=>["rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade rails version at least to 1.2.7, 2.1.3, 2.3.13, 3.0.15, 3.1.7, 3.2.7 or higher. As a general rule, using the latest stable rails version is recommended.",
-            :aux_links=>["http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release"]
-          })
-          self.safe_dependencies = [{:name=>"rails", :version=>['1.2.7', '2.1.3', '2.3.13', '3.0.15', '3.1.7', '3.2.7', '2.0.999', '1.9.999', '1.2.999', '1.1.999', '0.999.999']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2007_6612.rb DELETED Viewed

@@ -1,30 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2007_6612
-				include DependencyCheck
-				def initialize
-          message = "Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (\".%252e\")."
-          super({
-            :name=>"CVE-2007-6612",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:N",
-            :release_date => Date.new(2008, 3, 1),
-            :cwe=>"",
-            :severity=>:high,
-            :priority=>:high,
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade mongrel to version 1.1.3 or above",
-            :aux_links=>["http://www.securityfocus.com/bid/27133"]
-          })
-          self.safe_dependencies = [{:name=>"mongrel", :version=>['1.1.3']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2008_1145.rb DELETED Viewed

@@ -1,38 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2008_1145
-				include RubyVersionCheck
-				def initialize
-          message = "Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) \"..%5c\" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option."
-          super({
-            :name=>"CVE-2008-1145",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N",
-            :release_date => Date.new(2008, 3, 4),
-            :cwe=>"22",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"Upgrade your ruby interpreter",
-            :aux_links=>["http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"]
-          })
-          self.safe_rubies = [
-            {:engine=>"ruby", :version=>"1.9.0", :patchlevel=>"p2"},
-            {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p22"},
-            {:engine=>"ruby", :version=>"1.8.6", :patchlevel=>"p114"},
-            {:engine=>"ruby", :version=>"1.8.5", :patchlevel=>"p115"},
-            {:engine=>"ruby", :version=>"1.8.4", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.3", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.2", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.1", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.0", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.6.999", :patchlevel=>"p999"}
-          ]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2008_1891.rb DELETED Viewed

@@ -1,38 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2008_1891
-				include RubyVersionCheck
-				def initialize
-          message = "Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option."
-          super({
-            :name=>"CVE-2008-1891",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N",
-            :release_date => Date.new(2008, 4, 18),
-            :cwe=>"22",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"Upgrade your ruby interpreter",
-            :aux_links=>["http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"]
-          })
-          self.safe_rubies = [
-            {:engine=>"ruby", :version=>"1.9.0", :patchlevel=>"p2"},
-            {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p22"},
-            {:engine=>"ruby", :version=>"1.8.6", :patchlevel=>"p230"},
-            {:engine=>"ruby", :version=>"1.8.5", :patchlevel=>"p231"},
-            {:engine=>"ruby", :version=>"1.8.4", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.3", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.2", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.1", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.0", :patchlevel=>"p999"}
-          ]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2008_2376.rb DELETED Viewed

@@ -1,30 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2008_2376
-				include RubyVersionCheck
-				def initialize
-          message = "Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows."
-          super({
-            :name=>"CVE-2008-2376",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2008, 7, 9),
-            :cwe=>"189",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"Upgrade your ruby interpreter",
-            :aux_links=>["http://www.openwall.com/lists/oss-security/2008/07/02/3"]
-          })
-          self.safe_rubies = [
-            {:engine=>"ruby", :version=>"1.8.6", :patchlevel=>"p231"}
-          ]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2008_2662.rb DELETED Viewed

@@ -1,33 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2008_2662
-				include RubyVersionCheck
-				def initialize
-          message = "Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change."
-          super({
-            :name=>"CVE-2008-2662",
-            :cvss=>"AV:N/AC:L/Au:N/C:C/I:C/A:C",
-            :release_date => Date.new(2008, 6, 24),
-            :cwe=>"189",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"Upgrade your ruby interpreter",
-            :aux_links=>["http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"]
-          })
-          self.safe_rubies = [
-            {:engine=>"ruby", :version=>"1.9.0", :patchlevel=>"p2"},
-            {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p22"},
-            {:engine=>"ruby", :version=>"1.8.6", :patchlevel=>"p230"},
-            {:engine=>"ruby", :version=>"1.8.5", :patchlevel=>"p231"}
-          ]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2008_2663.rb DELETED Viewed

@@ -1,32 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2008_2663
-				include RubyVersionCheck
-				def initialize
-          message="Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."
-          super({
-            :name=>"CVE-2008-2663",
-            :cvss=>"AV:N/AC:L/Au:N/C:C/I:C/A:C",
-            :release_date => Date.new(2008, 6, 24),
-            :cwe=>"189",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"Upgrade your ruby interpreter",
-            :aux_links=>["http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"]
-          })
-          self.safe_rubies = [
-            {:engine=>"ruby", :version=>"1.9.0", :patchlevel=>"p2"},
-            {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p22"},
-            {:engine=>"ruby", :version=>"1.8.6", :patchlevel=>"p230"},
-            {:engine=>"ruby", :version=>"1.8.5", :patchlevel=>"p231"}
-          ]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2008_2664.rb DELETED Viewed

@@ -1,33 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2008_2664
-				include RubyVersionCheck
-				def initialize
-          message = "The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."
-           super({
-            :name=>"CVE-2008-2664",
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:C",
-            :release_date => Date.new(2008, 6, 24),
-            :cwe=>"399",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"Upgrade your ruby interpreter",
-            :aux_links=>["http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"]
-          })
-          self.safe_rubies = [
-            {:engine=>"ruby", :version=>"1.9.0", :patchlevel=>"p2"},
-            {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p22"},
-            {:engine=>"ruby", :version=>"1.8.6", :patchlevel=>"p230"},
-            {:engine=>"ruby", :version=>"1.8.5", :patchlevel=>"p231"}
-          ]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2008_2725.rb DELETED Viewed

@@ -1,31 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2008_2725
-				include RubyVersionCheck
-				def initialize
-          message = "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the \"REALLOC_N\" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."
-          super({
-            :name=>"CVE-2008-2725",
-            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:C",
-            :release_date => Date.new(2008, 6, 24),
-            :cwe=>"189",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"Upgrade your ruby interpreter",
-            :aux_links=>["http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"]
-          })
-          self.safe_rubies = [
-            {:engine=>"ruby", :version=>"1.9.0", :patchlevel=>"p2"},
-            {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p22"},
-            {:engine=>"ruby", :version=>"1.8.6", :patchlevel=>"p230"},
-            {:engine=>"ruby", :version=>"1.8.5", :patchlevel=>"p231"}
-          ]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2008_3655.rb DELETED Viewed

@@ -1,37 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2008_3655
-				include RubyVersionCheck
-				def initialize
-          message = "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3."
-          super({
-            :name=>"CVE-2008-3655",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2008, 8, 13),
-            :cwe=>"20",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"Upgrade your ruby interpreter",
-            :aux_links=>["http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"]
-          })
-          self.safe_rubies = [
-            {:engine=>"ruby", :version=>"1.9.0", :patchlevel=>"p0"},
-            {:engine=>"ruby", :version=>"1.8.6", :patchlevel=>"p287"},
-            {:engine=>"ruby", :version=>"1.8.5", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.4", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.3", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.2", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.1", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.0", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.6.999", :patchlevel=>"p0"}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2008_3657.rb DELETED Viewed

@@ -1,37 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-09
-			class CVE_2008_3657
-				include RubyVersionCheck
-				def initialize
-          message = "The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check \"taintness\" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen."
-          super({
-            :name=>"CVE-2008-3657",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2008, 8, 13),
-            :cwe=>"20",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"Upgrade your ruby interpreter",
-            :aux_links=>["http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"]
-          })
-          self.safe_rubies = [
-            {:engine=>"ruby", :version=>"1.9.0", :patchlevel=>"p0"},
-            {:engine=>"ruby", :version=>"1.8.6", :patchlevel=>"p287"},
-            {:engine=>"ruby", :version=>"1.8.5", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.4", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.3", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.2", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.1", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.8.0", :patchlevel=>"p999"},
-            {:engine=>"ruby", :version=>"1.6.999", :patchlevel=>"p0"}]
-				end
-			end
-		end
-	end