RubyGems - dawnscanner - Versions diffs - 1.6.9 → 2.0.0.rc1 - Mend

dawnscanner 1.6.9 → 2.0.0.rc1

Files changed (366) hide show

checksums.yaml +4 -4
data/.ruby-version +1 -1
data/Changelog.md +8 -0
data/LICENSE.txt +1 -1
data/Rakefile +6 -239
data/VERSION +1 -1
data/bin/dawn +6 -46
data/dawnscanner.gemspec +6 -1
data/doc/change.sh +13 -0
data/doc/knowledge_base.rb +650 -0
data/lib/dawn/cli/dawn_cli.rb +103 -0
data/lib/dawn/engine.rb +9 -11
data/lib/dawn/gemfile_lock.rb +2 -2
data/lib/dawn/kb/basic_check.rb +1 -0
data/lib/dawn/kb/combo_check.rb +1 -1
data/lib/dawn/kb/dependency_check.rb +1 -1
data/lib/dawn/kb/pattern_match_check.rb +1 -1
data/lib/dawn/kb/ruby_version_check.rb +11 -10
data/lib/dawn/kb/{gem_check.rb → rubygem_check.rb} +1 -1
data/lib/dawn/kb/version_check.rb +25 -25
data/lib/dawn/knowledge_base.rb +211 -588
data/lib/dawn/utils.rb +5 -2
data/lib/dawn/version.rb +5 -5
data/lib/dawnscanner.rb +4 -3
metadata +23 -450
data/lib/dawn/kb/cve_2004_0755.rb +0 -33
data/lib/dawn/kb/cve_2004_0983.rb +0 -31
data/lib/dawn/kb/cve_2005_1992.rb +0 -31
data/lib/dawn/kb/cve_2005_2337.rb +0 -33
data/lib/dawn/kb/cve_2006_1931.rb +0 -30
data/lib/dawn/kb/cve_2006_2582.rb +0 -28
data/lib/dawn/kb/cve_2006_3694.rb +0 -31
data/lib/dawn/kb/cve_2006_4112.rb +0 -27
data/lib/dawn/kb/cve_2006_5467.rb +0 -28
data/lib/dawn/kb/cve_2006_6303.rb +0 -28
data/lib/dawn/kb/cve_2006_6852.rb +0 -27
data/lib/dawn/kb/cve_2006_6979.rb +0 -29
data/lib/dawn/kb/cve_2007_0469.rb +0 -29
data/lib/dawn/kb/cve_2007_5162.rb +0 -28
data/lib/dawn/kb/cve_2007_5379.rb +0 -27
data/lib/dawn/kb/cve_2007_5380.rb +0 -29
data/lib/dawn/kb/cve_2007_5770.rb +0 -30
data/lib/dawn/kb/cve_2007_6077.rb +0 -31
data/lib/dawn/kb/cve_2007_6612.rb +0 -30
data/lib/dawn/kb/cve_2008_1145.rb +0 -38
data/lib/dawn/kb/cve_2008_1891.rb +0 -38
data/lib/dawn/kb/cve_2008_2376.rb +0 -30
data/lib/dawn/kb/cve_2008_2662.rb +0 -33
data/lib/dawn/kb/cve_2008_2663.rb +0 -32
data/lib/dawn/kb/cve_2008_2664.rb +0 -33
data/lib/dawn/kb/cve_2008_2725.rb +0 -31
data/lib/dawn/kb/cve_2008_3655.rb +0 -37
data/lib/dawn/kb/cve_2008_3657.rb +0 -37
data/lib/dawn/kb/cve_2008_3790.rb +0 -30
data/lib/dawn/kb/cve_2008_3905.rb +0 -36
data/lib/dawn/kb/cve_2008_4094.rb +0 -27
data/lib/dawn/kb/cve_2008_4310.rb +0 -100
data/lib/dawn/kb/cve_2008_5189.rb +0 -27
data/lib/dawn/kb/cve_2008_7248.rb +0 -27
data/lib/dawn/kb/cve_2009_4078.rb +0 -29
data/lib/dawn/kb/cve_2009_4124.rb +0 -30
data/lib/dawn/kb/cve_2009_4214.rb +0 -27
data/lib/dawn/kb/cve_2010_1330.rb +0 -28
data/lib/dawn/kb/cve_2010_2489.rb +0 -60
data/lib/dawn/kb/cve_2010_3933.rb +0 -27
data/lib/dawn/kb/cve_2011_0188.rb +0 -67
data/lib/dawn/kb/cve_2011_0446.rb +0 -28
data/lib/dawn/kb/cve_2011_0447.rb +0 -28
data/lib/dawn/kb/cve_2011_0739.rb +0 -28
data/lib/dawn/kb/cve_2011_0995.rb +0 -61
data/lib/dawn/kb/cve_2011_1004.rb +0 -34
data/lib/dawn/kb/cve_2011_1005.rb +0 -31
data/lib/dawn/kb/cve_2011_2197.rb +0 -27
data/lib/dawn/kb/cve_2011_2686.rb +0 -29
data/lib/dawn/kb/cve_2011_2705.rb +0 -32
data/lib/dawn/kb/cve_2011_2929.rb +0 -27
data/lib/dawn/kb/cve_2011_2930.rb +0 -28
data/lib/dawn/kb/cve_2011_2931.rb +0 -30
data/lib/dawn/kb/cve_2011_2932.rb +0 -27
data/lib/dawn/kb/cve_2011_3009.rb +0 -28
data/lib/dawn/kb/cve_2011_3186.rb +0 -29
data/lib/dawn/kb/cve_2011_3187.rb +0 -29
data/lib/dawn/kb/cve_2011_4319.rb +0 -30
data/lib/dawn/kb/cve_2011_4815.rb +0 -28
data/lib/dawn/kb/cve_2011_5036.rb +0 -26
data/lib/dawn/kb/cve_2012_1098.rb +0 -30
data/lib/dawn/kb/cve_2012_1099.rb +0 -27
data/lib/dawn/kb/cve_2012_1241.rb +0 -27
data/lib/dawn/kb/cve_2012_2139.rb +0 -26
data/lib/dawn/kb/cve_2012_2140.rb +0 -27
data/lib/dawn/kb/cve_2012_2660.rb +0 -28
data/lib/dawn/kb/cve_2012_2661.rb +0 -27
data/lib/dawn/kb/cve_2012_2671.rb +0 -28
data/lib/dawn/kb/cve_2012_2694.rb +0 -30
data/lib/dawn/kb/cve_2012_2695.rb +0 -27
data/lib/dawn/kb/cve_2012_3424.rb +0 -29
data/lib/dawn/kb/cve_2012_3463.rb +0 -27
data/lib/dawn/kb/cve_2012_3464.rb +0 -27
data/lib/dawn/kb/cve_2012_3465.rb +0 -26
data/lib/dawn/kb/cve_2012_4464.rb +0 -27
data/lib/dawn/kb/cve_2012_4466.rb +0 -27
data/lib/dawn/kb/cve_2012_4481.rb +0 -26
data/lib/dawn/kb/cve_2012_4522.rb +0 -27
data/lib/dawn/kb/cve_2012_5370.rb +0 -27
data/lib/dawn/kb/cve_2012_5371.rb +0 -27
data/lib/dawn/kb/cve_2012_5380.rb +0 -28
data/lib/dawn/kb/cve_2012_6109.rb +0 -25
data/lib/dawn/kb/cve_2012_6134.rb +0 -27
data/lib/dawn/kb/cve_2012_6496.rb +0 -28
data/lib/dawn/kb/cve_2012_6497.rb +0 -28
data/lib/dawn/kb/cve_2012_6684.rb +0 -28
data/lib/dawn/kb/cve_2013_0155.rb +0 -29
data/lib/dawn/kb/cve_2013_0156.rb +0 -27
data/lib/dawn/kb/cve_2013_0162.rb +0 -28
data/lib/dawn/kb/cve_2013_0175.rb +0 -27
data/lib/dawn/kb/cve_2013_0183.rb +0 -25
data/lib/dawn/kb/cve_2013_0184.rb +0 -25
data/lib/dawn/kb/cve_2013_0233.rb +0 -26
data/lib/dawn/kb/cve_2013_0256.rb +0 -59
data/lib/dawn/kb/cve_2013_0262.rb +0 -26
data/lib/dawn/kb/cve_2013_0263.rb +0 -26
data/lib/dawn/kb/cve_2013_0269.rb +0 -27
data/lib/dawn/kb/cve_2013_0276.rb +0 -28
data/lib/dawn/kb/cve_2013_0277.rb +0 -25
data/lib/dawn/kb/cve_2013_0284.rb +0 -27
data/lib/dawn/kb/cve_2013_0285.rb +0 -27
data/lib/dawn/kb/cve_2013_0333.rb +0 -28
data/lib/dawn/kb/cve_2013_0334.rb +0 -25
data/lib/dawn/kb/cve_2013_1607.rb +0 -25
data/lib/dawn/kb/cve_2013_1655.rb +0 -65
data/lib/dawn/kb/cve_2013_1656.rb +0 -28
data/lib/dawn/kb/cve_2013_1756.rb +0 -26
data/lib/dawn/kb/cve_2013_1800.rb +0 -26
data/lib/dawn/kb/cve_2013_1801.rb +0 -27
data/lib/dawn/kb/cve_2013_1802.rb +0 -27
data/lib/dawn/kb/cve_2013_1812.rb +0 -27
data/lib/dawn/kb/cve_2013_1821.rb +0 -28
data/lib/dawn/kb/cve_2013_1854.rb +0 -26
data/lib/dawn/kb/cve_2013_1855.rb +0 -25
data/lib/dawn/kb/cve_2013_1856.rb +0 -26
data/lib/dawn/kb/cve_2013_1857.rb +0 -27
data/lib/dawn/kb/cve_2013_1875.rb +0 -27
data/lib/dawn/kb/cve_2013_1898.rb +0 -27
data/lib/dawn/kb/cve_2013_1911.rb +0 -28
data/lib/dawn/kb/cve_2013_1933.rb +0 -27
data/lib/dawn/kb/cve_2013_1947.rb +0 -27
data/lib/dawn/kb/cve_2013_1948.rb +0 -27
data/lib/dawn/kb/cve_2013_2065.rb +0 -29
data/lib/dawn/kb/cve_2013_2090.rb +0 -28
data/lib/dawn/kb/cve_2013_2105.rb +0 -26
data/lib/dawn/kb/cve_2013_2119.rb +0 -27
data/lib/dawn/kb/cve_2013_2512.rb +0 -26
data/lib/dawn/kb/cve_2013_2513.rb +0 -25
data/lib/dawn/kb/cve_2013_2516.rb +0 -26
data/lib/dawn/kb/cve_2013_2615.rb +0 -27
data/lib/dawn/kb/cve_2013_2616.rb +0 -27
data/lib/dawn/kb/cve_2013_2617.rb +0 -28
data/lib/dawn/kb/cve_2013_3221.rb +0 -27
data/lib/dawn/kb/cve_2013_4164.rb +0 -30
data/lib/dawn/kb/cve_2013_4203.rb +0 -25
data/lib/dawn/kb/cve_2013_4389.rb +0 -26
data/lib/dawn/kb/cve_2013_4413.rb +0 -27
data/lib/dawn/kb/cve_2013_4457.rb +0 -29
data/lib/dawn/kb/cve_2013_4478.rb +0 -26
data/lib/dawn/kb/cve_2013_4479.rb +0 -26
data/lib/dawn/kb/cve_2013_4489.rb +0 -28
data/lib/dawn/kb/cve_2013_4491.rb +0 -29
data/lib/dawn/kb/cve_2013_4492.rb +0 -29
data/lib/dawn/kb/cve_2013_4562.rb +0 -27
data/lib/dawn/kb/cve_2013_4593.rb +0 -27
data/lib/dawn/kb/cve_2013_5647.rb +0 -29
data/lib/dawn/kb/cve_2013_5671.rb +0 -26
data/lib/dawn/kb/cve_2013_6414.rb +0 -30
data/lib/dawn/kb/cve_2013_6415.rb +0 -29
data/lib/dawn/kb/cve_2013_6416.rb +0 -29
data/lib/dawn/kb/cve_2013_6417.rb +0 -30
data/lib/dawn/kb/cve_2013_6421.rb +0 -28
data/lib/dawn/kb/cve_2013_6459.rb +0 -28
data/lib/dawn/kb/cve_2013_6460.rb +0 -53
data/lib/dawn/kb/cve_2013_6461.rb +0 -57
data/lib/dawn/kb/cve_2013_7086.rb +0 -27
data/lib/dawn/kb/cve_2014_0036.rb +0 -27
data/lib/dawn/kb/cve_2014_0080.rb +0 -29
data/lib/dawn/kb/cve_2014_0081.rb +0 -27
data/lib/dawn/kb/cve_2014_0082.rb +0 -27
data/lib/dawn/kb/cve_2014_0130.rb +0 -27
data/lib/dawn/kb/cve_2014_1233.rb +0 -27
data/lib/dawn/kb/cve_2014_1234.rb +0 -26
data/lib/dawn/kb/cve_2014_2322.rb +0 -28
data/lib/dawn/kb/cve_2014_2525.rb +0 -59
data/lib/dawn/kb/cve_2014_2538.rb +0 -26
data/lib/dawn/kb/cve_2014_3482.rb +0 -28
data/lib/dawn/kb/cve_2014_3483.rb +0 -28
data/lib/dawn/kb/cve_2014_3916.rb +0 -29
data/lib/dawn/kb/cve_2014_4975.rb +0 -28
data/lib/dawn/kb/cve_2014_7818.rb +0 -27
data/lib/dawn/kb/cve_2014_7819.rb +0 -31
data/lib/dawn/kb/cve_2014_7829.rb +0 -30
data/lib/dawn/kb/cve_2014_8090.rb +0 -30
data/lib/dawn/kb/cve_2014_9490.rb +0 -29
data/lib/dawn/kb/cve_2015_1819.rb +0 -34
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_a.rb +0 -28
data/lib/dawn/kb/cve_2015_1840/cve_2015_1840_b.rb +0 -28
data/lib/dawn/kb/cve_2015_2963.rb +0 -27
data/lib/dawn/kb/cve_2015_3224.rb +0 -26
data/lib/dawn/kb/cve_2015_3225.rb +0 -28
data/lib/dawn/kb/cve_2015_3226.rb +0 -27
data/lib/dawn/kb/cve_2015_3227.rb +0 -28
data/lib/dawn/kb/cve_2015_3448.rb +0 -29
data/lib/dawn/kb/cve_2015_4020.rb +0 -34
data/lib/dawn/kb/cve_2015_5312.rb +0 -30
data/lib/dawn/kb/cve_2015_7497.rb +0 -32
data/lib/dawn/kb/cve_2015_7498.rb +0 -32
data/lib/dawn/kb/cve_2015_7499.rb +0 -32
data/lib/dawn/kb/cve_2015_7500.rb +0 -32
data/lib/dawn/kb/cve_2015_7519.rb +0 -31
data/lib/dawn/kb/cve_2015_7541.rb +0 -31
data/lib/dawn/kb/cve_2015_7576.rb +0 -35
data/lib/dawn/kb/cve_2015_7577.rb +0 -34
data/lib/dawn/kb/cve_2015_7578.rb +0 -30
data/lib/dawn/kb/cve_2015_7579.rb +0 -30
data/lib/dawn/kb/cve_2015_7581.rb +0 -33
data/lib/dawn/kb/cve_2015_8241.rb +0 -32
data/lib/dawn/kb/cve_2015_8242.rb +0 -32
data/lib/dawn/kb/cve_2015_8317.rb +0 -32
data/lib/dawn/kb/cve_2016_0751.rb +0 -32
data/lib/dawn/kb/cve_2016_0752.rb +0 -35
data/lib/dawn/kb/cve_2016_0753.rb +0 -31
data/lib/dawn/kb/cve_2016_2097.rb +0 -35
data/lib/dawn/kb/cve_2016_2098.rb +0 -35
data/lib/dawn/kb/cve_2016_5697.rb +0 -30
data/lib/dawn/kb/cve_2016_6316.rb +0 -33
data/lib/dawn/kb/cve_2016_6317.rb +0 -32
data/lib/dawn/kb/cve_2016_6582.rb +0 -43
data/lib/dawn/kb/not_revised_code.rb +0 -22
data/lib/dawn/kb/osvdb_105971.rb +0 -29
data/lib/dawn/kb/osvdb_108530.rb +0 -27
data/lib/dawn/kb/osvdb_108563.rb +0 -28
data/lib/dawn/kb/osvdb_108569.rb +0 -28
data/lib/dawn/kb/osvdb_108570.rb +0 -27
data/lib/dawn/kb/osvdb_115654.rb +0 -33
data/lib/dawn/kb/osvdb_116010.rb +0 -30
data/lib/dawn/kb/osvdb_117903.rb +0 -30
data/lib/dawn/kb/osvdb_118579.rb +0 -31
data/lib/dawn/kb/osvdb_118830.rb +0 -32
data/lib/dawn/kb/osvdb_118954.rb +0 -33
data/lib/dawn/kb/osvdb_119878.rb +0 -32
data/lib/dawn/kb/osvdb_119927.rb +0 -33
data/lib/dawn/kb/osvdb_120415.rb +0 -31
data/lib/dawn/kb/osvdb_120857.rb +0 -34
data/lib/dawn/kb/osvdb_121701.rb +0 -30
data/lib/dawn/kb/osvdb_132234.rb +0 -34
data/lib/dawn/kb/owasp_ror_cheatsheet.rb +0 -33
data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb +0 -18
data/lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb +0 -57
data/lib/dawn/kb/owasp_ror_cheatsheet/command_injection.rb +0 -28
data/lib/dawn/kb/owasp_ror_cheatsheet/csrf.rb +0 -29
data/lib/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb +0 -33
data/lib/dawn/kb/owasp_ror_cheatsheet/security_related_headers.rb +0 -35
data/lib/dawn/kb/owasp_ror_cheatsheet/sensitive_files.rb +0 -29
data/lib/dawn/kb/owasp_ror_cheatsheet/session_stored_in_database.rb +0 -31
data/lib/dawn/kb/simpleform_xss_20131129.rb +0 -28
data/lib/dawn/knowledge_base_experimental.rb +0 -245
data/spec/lib/kb/cve_2011_2705_spec.rb +0 -35
data/spec/lib/kb/cve_2011_2930_spec.rb +0 -31
data/spec/lib/kb/cve_2011_3009_spec.rb +0 -25
data/spec/lib/kb/cve_2011_3187_spec.rb +0 -24
data/spec/lib/kb/cve_2011_4319_spec.rb +0 -44
data/spec/lib/kb/cve_2011_5036_spec.rb +0 -95
data/spec/lib/kb/cve_2012_1098_spec.rb +0 -36
data/spec/lib/kb/cve_2012_2139_spec.rb +0 -20
data/spec/lib/kb/cve_2012_2671_spec.rb +0 -23
data/spec/lib/kb/cve_2012_6109_spec.rb +0 -112
data/spec/lib/kb/cve_2012_6684_spec.rb +0 -16
data/spec/lib/kb/cve_2013_0162_spec.rb +0 -23
data/spec/lib/kb/cve_2013_0183_spec.rb +0 -54
data/spec/lib/kb/cve_2013_0184_spec.rb +0 -115
data/spec/lib/kb/cve_2013_0256_spec.rb +0 -34
data/spec/lib/kb/cve_2013_0262_spec.rb +0 -44
data/spec/lib/kb/cve_2013_0263_spec.rb +0 -11
data/spec/lib/kb/cve_2013_0334_spec.rb +0 -35
data/spec/lib/kb/cve_2013_1607_spec.rb +0 -15
data/spec/lib/kb/cve_2013_1655_spec.rb +0 -31
data/spec/lib/kb/cve_2013_1756_spec.rb +0 -23
data/spec/lib/kb/cve_2013_2090_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2105_spec.rb +0 -11
data/spec/lib/kb/cve_2013_2119_spec.rb +0 -27
data/spec/lib/kb/cve_2013_2512_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2513_spec.rb +0 -15
data/spec/lib/kb/cve_2013_2516_spec.rb +0 -15
data/spec/lib/kb/cve_2013_4203_spec.rb +0 -15
data/spec/lib/kb/cve_2013_4413_spec.rb +0 -16
data/spec/lib/kb/cve_2013_4489_spec.rb +0 -63
data/spec/lib/kb/cve_2013_4491_spec.rb +0 -16
data/spec/lib/kb/cve_2013_4593_spec.rb +0 -16
data/spec/lib/kb/cve_2013_5647_spec.rb +0 -19
data/spec/lib/kb/cve_2013_5671_spec.rb +0 -27
data/spec/lib/kb/cve_2013_6414_spec.rb +0 -26
data/spec/lib/kb/cve_2013_6416_spec.rb +0 -31
data/spec/lib/kb/cve_2013_6459_spec.rb +0 -15
data/spec/lib/kb/cve_2013_7086_spec.rb +0 -22
data/spec/lib/kb/cve_2014_0036_spec.rb +0 -15
data/spec/lib/kb/cve_2014_0080_spec.rb +0 -33
data/spec/lib/kb/cve_2014_0081_spec.rb +0 -50
data/spec/lib/kb/cve_2014_0082_spec.rb +0 -52
data/spec/lib/kb/cve_2014_0130_spec.rb +0 -19
data/spec/lib/kb/cve_2014_1233_spec.rb +0 -15
data/spec/lib/kb/cve_2014_1234_spec.rb +0 -16
data/spec/lib/kb/cve_2014_2322_spec.rb +0 -15
data/spec/lib/kb/cve_2014_2538_spec.rb +0 -15
data/spec/lib/kb/cve_2014_3482_spec.rb +0 -15
data/spec/lib/kb/cve_2014_3483_spec.rb +0 -27
data/spec/lib/kb/cve_2014_7818_spec.rb +0 -42
data/spec/lib/kb/cve_2014_7819_spec.rb +0 -139
data/spec/lib/kb/cve_2014_7829_spec.rb +0 -50
data/spec/lib/kb/cve_2014_9490_spec.rb +0 -17
data/spec/lib/kb/cve_2015_1819_spec.rb +0 -16
data/spec/lib/kb/cve_2015_1840_spec.rb +0 -39
data/spec/lib/kb/cve_2015_2963_spec.rb +0 -17
data/spec/lib/kb/cve_2015_3224_spec.rb +0 -16
data/spec/lib/kb/cve_2015_3225_spec.rb +0 -27
data/spec/lib/kb/cve_2015_3226_spec.rb +0 -35
data/spec/lib/kb/cve_2015_3227_spec.rb +0 -31
data/spec/lib/kb/cve_2015_3448_spec.rb +0 -16
data/spec/lib/kb/cve_2015_4020_spec.rb +0 -24
data/spec/lib/kb/cve_2015_5312_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7497_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7498_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7499_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7500_spec.rb +0 -31
data/spec/lib/kb/cve_2015_7519_spec.rb +0 -23
data/spec/lib/kb/cve_2015_7541_spec.rb +0 -15
data/spec/lib/kb/cve_2015_7576_spec.rb +0 -51
data/spec/lib/kb/cve_2015_7577_spec.rb +0 -63
data/spec/lib/kb/cve_2015_7578_spec.rb +0 -15
data/spec/lib/kb/cve_2015_7579_spec.rb +0 -23
data/spec/lib/kb/cve_2015_7581_spec.rb +0 -51
data/spec/lib/kb/cve_2015_8241_spec.rb +0 -31
data/spec/lib/kb/cve_2015_8242_spec.rb +0 -31
data/spec/lib/kb/cve_2015_8317_spec.rb +0 -31
data/spec/lib/kb/cve_2016_0751_spec.rb +0 -55
data/spec/lib/kb/cve_2016_0752_spec.rb +0 -51
data/spec/lib/kb/cve_2016_0753_spec.rb +0 -51
data/spec/lib/kb/cve_2016_2097_spec.rb +0 -35
data/spec/lib/kb/cve_2016_2098_spec.rb +0 -59
data/spec/lib/kb/cve_2016_5697_spec.rb +0 -15
data/spec/lib/kb/cve_2016_6316_spec.rb +0 -44
data/spec/lib/kb/cve_2016_6317_spec.rb +0 -35
data/spec/lib/kb/cve_2016_6582_spec.rb +0 -29
data/spec/lib/kb/osvdb_105971_spec.rb +0 -15
data/spec/lib/kb/osvdb_108530_spec.rb +0 -22
data/spec/lib/kb/osvdb_108563_spec.rb +0 -18
data/spec/lib/kb/osvdb_108569_spec.rb +0 -17
data/spec/lib/kb/osvdb_108570_spec.rb +0 -17
data/spec/lib/kb/osvdb_115654_spec.rb +0 -15
data/spec/lib/kb/osvdb_116010_spec.rb +0 -15
data/spec/lib/kb/osvdb_117903_spec.rb +0 -23
data/spec/lib/kb/osvdb_118579_spec.rb +0 -8
data/spec/lib/kb/osvdb_118830_spec.rb +0 -16
data/spec/lib/kb/osvdb_118954_spec.rb +0 -20
data/spec/lib/kb/osvdb_119878_spec.rb +0 -92
data/spec/lib/kb/osvdb_119927_spec.rb +0 -16
data/spec/lib/kb/osvdb_120415_spec.rb +0 -16
data/spec/lib/kb/osvdb_120857_spec.rb +0 -32
data/spec/lib/kb/osvdb_121701_spec.rb +0 -15
data/spec/lib/kb/osvdb_132234_spec.rb +0 -15

data/lib/dawn/kb/cve_2013_2617.rb DELETED

@@ -1,28 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-05-27
-			class CVE_2013_2617
-				include DependencyCheck
-				def initialize
-          message = "lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
-          super({
-            :name=>"CVE-2013-2617",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2013, 3, 20),
-            :cwe=>"94",
-            :owasp=>"A9",
-            :applies=>["rails", "padrino", "sinatra"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please consider not using curl rubygem. The project seems to be abandoned and the vulnerability has not been fixed",
-            :aux_links=>["http://seclists.org/fulldisclosure/2013/Mar/124"]
-          })
-          self.safe_dependencies = [{:name=>"curl", :version=>['99.99.99']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_3221.rb DELETED

@@ -1,27 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-05-27
-			class CVE_2013_3221
-				include DependencyCheck
-				def initialize
-          message = "The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the \"typed XML\" feature and a MySQL database."
-           super({
-            :name=>"CVE-2013-3221",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:N",
-            :release_date => Date.new(2013, 4, 22),
-            :cwe=>"20",
-            :owasp=>"A9",
-            :applies=>["rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade rails version at least to 2.3.16, 3.2.9, 3.1.9 or 3.0.21. As a general rule, using the latest stable rails version is recommended.",
-            :aux_links=>["https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain"]
-          })
-          self.safe_dependencies = [{:name=>"railse", :version=>['2.3.16', '3.2.9', '3.1.9', '3.0.21']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4164.rb DELETED

@@ -1,30 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-11-26
-			class CVE_2013_4164
-				include RubyVersionCheck
-        def initialize
-          message = "Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable."
-          super({
-            :name=>"CVE-2013-4164",
-            :cvss=>"not assigned",
-            :release_date => Date.new(2013, 11, 23),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-            :message=>message,
-            :mitigation=>"All users are recommended to upgrade to Ruby 1.9.3 patchlevel 484, ruby 2.0.0 patchlevel 353 or ruby 2.1.0 preview2.",
-            :aux_links=>["https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/"]
-          })
-          self.safe_rubies = [{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p484"}, {:engine=>"ruby", :version=>"2.0.0", :patchlevel=>"p353"},
-            {:engine=>"ruby", :version=>"2.1.0", :patchlevel=>"preview2"}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4203.rb DELETED

@@ -1,25 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-03-28
-			class CVE_2013_4203
-				include DependencyCheck
-				def initialize
-          message = "The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors."
-           super({
-            :name=>"CVE-2013-4203",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2013, 10, 11),
-            :cwe=>"94",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade rgpg at least to version 0.2.3. As a general rule, using the latest stable rails version is recommended.",
-            :aux_links=>["http://www.openwall.com/lists/oss-security/2013/08/03/2"]
-           })
-           self.safe_dependencies = [{:name=>"rgpg", :version=>['0.2.3']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4389.rb DELETED

@@ -1,26 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-10-22
-			class CVE_2013_4389
-				include DependencyCheck
-				def initialize
-          message = "Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message."
-           super({
-            :name=>'CVE-2013-4389',
-            :cvss=>"AV:N/AC:M/Au:N/C:N/I:N/A:P",
-            :release_date => Date.new(2013, 10, 17),
-            :cwe=>"134",
-            :owasp=>"A9",
-            :applies=>["rails"],
-            :kind => Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message => message,
-            :mitigation=>"Please upgrade rails version at least to 3.0.21, 3.1.10 or 3.2.15. As a general rule, using the latest stable rails version is recommended.",
-            :aux_links => ["https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ"]
-          })
-          self.safe_dependencies = [{:name=>"rails", :version=>['3.0.21', '3.1.10', '3.2.15']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4413.rb DELETED

@@ -1,27 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-02-05
-			class CVE_2013_4413
-				include DependencyCheck
-				def initialize
-          message = "Wicked Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the 'the_step' parameter upon submission to the render_redirect.rb script. This may allow a remote attacker to gain access to arbitrary files."
-          super({
-            :name=>"CVE-2013-4413",
-            :cvss=>"",
-            :release_date => Date.new(2013, 10, 8),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade wicked version up to version 1.0.1.",
-            :aux_links=>["http://schneems.com/post/63478235238/wicked-1-0-1-released-with-critical-security-fix"]
-          })
-          self.safe_dependencies = [{:name=>"wicked", :version=>['1.0.1']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4457.rb DELETED

@@ -1,29 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-11-26
-			class CVE_2013_4457
-				include DependencyCheck
-				def initialize
-          message="The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation."
-          super({
-            :name=>"CVE-2013-4457",
-            :cvss=>"not assigned",
-            :release_date => Date.new(2013, 10, 22),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"You must upgrade to cocain gem version 0.5.3 or later",
-            :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/3XTGFbAJoTg"]
-          })
-          self.save_minor = true
-          self.safe_dependencies = [{:name=>"cocaine", :version=>['0.5.3', '0.4.3', '0.3.0']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4478.rb DELETED

@@ -1,26 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-12-17
-			class CVE_2013_4478
-				include DependencyCheck
-				def initialize
-          message = "Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment."
-          super({
-            :name=>'CVE-2013-4478',
-            :cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2013, 12, 7),
-            :cwe=>"94",
-            :owasp=>"A9",
-            :applies=>["rails", "padrino", "sinatra"],
-            :kind => Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message => message,
-            :mitigation=>"Please upgrade sup rubygem",
-            :aux_links => ["http://www.openwall.com/lists/oss-security/2013/10/30/2"]
-          })
-          self.safe_dependencies = [{:name=>"sup", :version=>['0.13.2.1', '0.14.1.1']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4479.rb DELETED

@@ -1,26 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-12-17
-			class CVE_2013_4479
-				include DependencyCheck
-				def initialize
-          message = "lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment."
-          super({
-            :name=>'CVE-2013-4479',
-            :cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2013, 12, 7),
-            :cwe=>"94",
-            :owasp=>"A9",
-            :applies=>["rails", "padrino", "sinatra"],
-            :kind => Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message => message,
-            :mitigation=>"Please upgrade sup rubygem",
-            :aux_links => ["http://www.openwall.com/lists/oss-security/2013/10/30/2"]
-          })
-          self.safe_dependencies = [{:name=>"sup", :version=>['0.13.2.1', '0.14.1.1']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4489.rb DELETED

@@ -1,28 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-02-05
-			class CVE_2013_4489
-				include DependencyCheck
-				def initialize
-          message = "There is a remote code execution vulnerability in the code search feature of GitLab provided by the grit gem."
-          super({
-            :name=>"CVE-2013-4489",
-            :cvss=>"",
-            :release_date => Date.new(2013, 11, 4),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade grit version up to version at least to 5.4.1 or 6.2.3. Using the latest version however is always suggested.",
-            :aux_links=>["http://seclists.org/oss-sec/2013/q4/224"]
-          })
-          self.safe_dependencies = [{:name=>"grit", :version=>[ '5.4.1', '6.2.3' ]}]
-          self.not_affected = {:name=>"grit", :version=>['5.1', '5.0', '4.x', '3.x', '2.x', '1.x', '0.x'], :earlier=>true}
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4491.rb DELETED

@@ -1,29 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-12-11
-			class CVE_2013_4491
-				include DependencyCheck
-				def initialize
-          message = "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem."
-          super({
-            :name=>"CVE-2013-4491",
-            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
-            :release_date => Date.new(2013, 12, 7),
-            :cwe=>"79",
-            :owasp=>"A9",
-            :applies=>["rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade rails to version 3.2.16 or 4.0.2. As a general rule, using the latest stable version is recommended.",
-            :aux_links=>["https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"]
-          })
-          self.save_major = true
-          self.safe_dependencies = [{:name=>"rails", :version=>['3.2.16', '4.0.2', '3.1.9999', '3.0.9999']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4492.rb DELETED

@@ -1,29 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-12-11
-			class CVE_2013_4492
-				include DependencyCheck
-				def initialize
-          message = "Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call."
-          super({
-            :name=>"CVE-2013-4492",
-            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
-            :release_date => Date.new(2013, 12, 7),
-            :cwe=>"79",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade ruby-i18n to version 0.6.6. As a general rule, using the latest stable version is recommended.",
-            :aux_links=>["https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ"]
-          })
-          self.safe_dependencies = [{:name=>"ruby-i18n", :version=>['0.6.6']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4562.rb DELETED

@@ -1,27 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2013-11-26
-			class CVE_2013_4562
-				include DependencyCheck
-				def initialize
-          message = "Because of the way that omniauth-facebook supports setting a per-request state parameter by storing it in the session, it is possible to circumvent the automatic CSRF protection. Therefore the CSRF added in 1.4.1 should be considered broken. If you are currently providing a custom state, you will need to store and retrieve this yourself (for example, by using the session store) to use 1.5.0."
-          super({
-            :name=>"CVE-2013-4562",
-            :cvss=>"not assigned",
-            :release_date => Date.new(2013, 11, 14),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"You must upgrade at least to 1.5.0 or later",
-            :aux_links=>["https://groups.google.com/forum/#!msg/ruby-security-ann/-tJHNlTiPh4/9SJxdEWLIawJ"]
-          })
-          self.safe_dependencies = [{:name=>"omniauth-facebook", :version=>['1.5.0']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_4593.rb DELETED

@@ -1,27 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-02-06
-			class CVE_2013_4593
-				include DependencyCheck
-				def initialize
-          message = "omniauth-facebook Gem for Ruby contains a flaw that is due to the application supporting passing the access token via the URL. This may allow a remote attacker to bypass authentication and authenticate as another user."
-          super({
-            :name=>"CVE-2013-4593",
-            :cvss=>"",
-            :release_date => Date.new(2013, 11, 14),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade omniauth-facebook version to version 1.5.1 or higher.",
-            :aux_links=>["http://seclists.org/oss-sec/2013/q4/309"]
-          })
-          self.safe_dependencies = [{:name=>"omniauth-facebook", :version=>['1.5.1']}]
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_5647.rb DELETED

@@ -1,29 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-01-14
-			class CVE_2013_5647
-				include DependencyCheck
-				def initialize
-          message = "lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename."
-         super({
-            :name=>"CVE-2013-5647",
-            :cvss=>"AV:N/AC:L/Au:N/C:P/I:P/A:P",
-            :release_date => Date.new(2013, 8, 29),
-            :cwe=>"94",
-            :owasp=>"A9",
-            :applies=>["sinatra", "padrino", "rails"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade sounder version up to 1.0.1. As a general rule, using the latest stable version is recommended.",
-            :aux_links=>["http://vapid.dhs.org/advisories/sounder-ruby-gem-cmd-inj.html"]
-          })
-          self.safe_dependencies = [{:name=>"sounder", :version=>['1.0.2']}]
-          self.save_major = true
-				end
-			end
-		end
-	end

data/lib/dawn/kb/cve_2013_5671.rb DELETED

@@ -1,26 +0,0 @@
-	module Dawn
-		module Kb
-			# Automatically created with rake on 2014-02-06
-			class CVE_2013_5671
-				include DependencyCheck
-				def initialize
-          message = "fog-dragonfly Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the imagemagickutils.rb script. This may allow a remote attacker to execute arbitrary commands."
-          super({
-            :name=>"CVE-2013-5671",
-            :cvss=>"",
-            :release_date => Date.new(2013, 9, 3),
-            :cwe=>"",
-            :owasp=>"A9",
-            :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-            :message=>message,
-            :mitigation=>"Please upgrade fog-dragonfly version up to version 0.8.2.",
-            :aux_links=>["http://seclists.org/fulldisclosure/2013/Sep/18"]
-          })
-          self.safe_dependencies = [{:name=>"fog-dragonfly", :version=>['0.8.3']}]
-				end
-			end
-		end
-	end