dawnscanner 1.6.9 → 2.0.0.rc1

data/spec/lib/kb/cve_2013_0184_spec.rb

@@ -1,115 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-0184 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_0184.new
-		# @check.debug = true
-	end
-
-  it "is reported when the vulnerable gem is detected - 1.1.0" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.1.0"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.1.3" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.1.3"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.1.2" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.1.2"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.1.4" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.1.4"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.2.0" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.2.0"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-
-  it "is reported when the vulnerable gem is detected - 1.2.1" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.2.1"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.2.2" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.2.2"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.2.3" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.2.3"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.2.4" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.2.4"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.2.5" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.2.5"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.2.6" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.2.6"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.3.0" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.3.0"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-
-  it "is reported when the vulnerable gem is detected - 1.3.1" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.3.1"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.3.2" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.3.2"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.3.3" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.3.3"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.3.4" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.3.4"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.3.5" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.3.5"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.3.6" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.3.6"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.3.7" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.3.7"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected - 1.3.8" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.3.8"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.4.2"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.4.3"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-
-  it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.4.5"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.5.2"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_0256_spec.rb

@@ -1,34 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-0256 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_0256.new
-		# @check.debug = true
-	end
-  it "fires when vulnerable ruby (1.9.3-p382) and rdoc version (2.3.0) has been found" do
-    @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"381"}, :dependencies=>[{:name=>"rdoc", :version=>'2.3.0'}, :root_dir=>"."]}
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "fires when vulnerable ruby (1.9.2-p342) and rdoc version (2.3.0) has been found" do
-    @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"342"}, :dependencies=>[{:name=>"rdoc", :version=>'2.3.0'}, :root_dir=>"."]}
-    expect(@check.vuln?).to   eq(true)
-  end
-
-  it "fires when vulnerable ruby (1.9.3-p382) and rdoc version (3.12) has been found" do
-    @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"381"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "fires when vulnerable ruby (1.9.2-p342) and rdoc version (3.12) has been found" do
-    @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.2", :patchlevel=>"342"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
-    expect(@check.vuln?).to   eq(true)
-  end
-
-  it "doesn't fire when not vulnerable ruby (1.9.3-p383) is found but vulnerable rdoc version (3.12) has been found" do
-    @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"383"}, :dependencies=>[{:name=>"rdoc", :version=>'3.12'}, :root_dir=>"."]}
-    expect(@check.vuln?).to   eq(false)
-  end
-
-  it "doesn't fire when vulnerable ruby (1.9.3-p382) is found but not vulnerable rdoc version (3.13) has been found" do
-    @check.options={:detected_ruby=>{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"322"}, :dependencies=>[{:name=>"rdoc", :version=>'3.13'}, :root_dir=>"."]}
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_0262_spec.rb

@@ -1,44 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-0262 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_0262.new
-		# @check.debug = true
-	end
-
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.5.0"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.5.1"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.4.0"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.4.1"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.4.2"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.4.3"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.4.4"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.4.5"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"rack", :version=>"1.5.2"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_0263_spec.rb

@@ -1,11 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-0263 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_0263.new
-		# @check.debug = true
-	end
-  it "is not reported when rack version 1.4.5 is used" do
-    @check.dependencies = [{:name=>"rack", :version=>'1.4.5'}]
-    expect(@check.vuln?).to eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_0334_spec.rb

@@ -1,35 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-0334 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_0334.new
-		# @check.debug = true
-	end
-  it "is not reported when bundler version 1.7.0 is used" do
-    @check.dependencies = [{:name=>"bundler", :version=>'1.7.0'}]
-    expect(@check.vuln?).to eq(false)
-  end
-  it "is not reported when bundler version 1.7.1 is used" do
-    @check.dependencies = [{:name=>"bundler", :version=>'1.7.1'}]
-    expect(@check.vuln?).to eq(false)
-  end
-  it "is not reported when bundler version 1.8.7 is used" do
-    @check.dependencies = [{:name=>"bundler", :version=>'1.8.7'}]
-    expect(@check.vuln?).to eq(false)
-  end
-  it "is not reported when bundler version 1.10.0.rc is used" do
-    @check.dependencies = [{:name=>"bundler", :version=>'1.10.0.rc'}]
-    expect(@check.vuln?).to eq(false)
-  end
-  it "is not reported when bundler version 1.12.5 is used" do
-    @check.dependencies = [{:name=>"bundler", :version=>'1.12.5'}]
-    expect(@check.vuln?).to eq(false)
-  end
-  it "fires when vulnerable bundler version it has been found (1.6.6)" do
-    @check.dependencies = [{:name=>"bundler", :version=>'1.6.6'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "fires when vulnerable bundler version it has been found (1.3.0)" do
-    @check.dependencies = [{:name=>"bundler", :version=>'1.3.0'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-end

data/spec/lib/kb/cve_2013_1607_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-1607 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_1607.new
-		# @check.debug = true
-	end
-  it "is reported when a pdfkit gem version 0.5.2 is detected" do
-    @check.dependencies = [{:name=>"pdfkit", :version=>"0.5.2"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a pdfkit gem version 0.5.3 is detected" do
-    @check.dependencies = [{:name=>"pdfkit", :version=>"0.5.3"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_1655_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper'
-
-describe "The CVE-2013-1655 vulnerability" do
-  before(:all) do 
-    @check = Dawn::Kb::CVE_2013_1655.new
-    # @check.debug = true
-  end
-  it "is detected if vulnerable version of puppet rubygem is detect when running on ruby 1.9.3 and 2.0.0" do
-    @check.options[:dependencies]=[{:name=>"puppet", :version=>'2.7.20'}]
-    @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p342"}
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is ignored if only vulnerable version of puppet rubygem has been found" do 
-    @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p358"}
-    expect(@check.vuln?).to   eq(false)
-  end
-
-  it "is ignored if only the vulnerable ruby interpreter version has been found" do
-    @check.options[:dependencies]=[{:name=>"puppet", :version=>'8.7.21'}]
-    @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p342"}
-    # @check.dump_status
-    expect(@check.vuln?).to   eq(false)
-  end
-
-  it "is ignored if none of the prerequisites have been met" do
-    @check.options[:dependencies]=[{:name=>"puppet", :version=>'8.7.21'}]
-    @check.options[:detected_ruby] = {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p342"}
-    # @check.dump_status
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_1756_spec.rb

@@ -1,23 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-1756 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_1756.new
-		# @check.debug = true
-	end
-  it "is reported when dragonfly version 0.9.12 is used" do
-    @check.dependencies = [{:name=>"dragonfly", :version=>'0.9.12'}]
-    expect(@check.vuln?).to eq(true)
-  end
-  it "is reported when dragonfly version 0.8.12 is used" do
-    @check.dependencies = [{:name=>"dragonfly", :version=>'0.8.12'}]
-    expect(@check.vuln?).to eq(true)
-  end
-  it "is reported when dragonfly version 0.7.12 is used" do
-    @check.dependencies = [{:name=>"dragonfly", :version=>'0.7.12'}]
-    expect(@check.vuln?).to eq(true)
-  end
-  it "is not reported when dragonfly version 0.9.13 is used" do
-    @check.dependencies = [{:name=>"dragonfly", :version=>'0.9.13'}]
-    expect(@check.vuln?).to eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_2090_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-2090 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_2090.new
-		# @check.debug = true
-	end
-  it "fires when vulnerable cremefraiche version is used" do
-    @check.dependencies = [{:name=>"cremefraiche", :version=>'0.6.1'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "doesn't fire when not vulnerable cremefraiche version is used" do
-    @check.dependencies = [{:name=>"cremefraiche", :version=>'0.6.2'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_2105_spec.rb

@@ -1,11 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-2105 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_2105.new
-		# @check.debug = true
-	end
-  it "is reported when show_in_browser vulnerable version is reported (0.0.3)" do
-    @check.dependencies = [{:name=>'show_in_browser', :version=>'0.0.3'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-end

data/spec/lib/kb/cve_2013_2119_spec.rb

@@ -1,27 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-2119 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_2119.new
-		# @check.debug = true
-	end
-  it "fires when vulnerable passenger version is used" do
-    @check.dependencies = [{:name=>"passenger", :version=>"4.0.4"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "fires when vulnerable passenger version is used" do
-    @check.dependencies = [{:name=>"passenger", :version=>"4.0.0"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "fires when vulnerable passenger version is used" do
-    @check.dependencies = [{:name=>"passenger", :version=>"3.0.20"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "doesn't fire when not vulnerable passenger version is used" do
-    @check.dependencies = [{:name=>"passenger", :version=>"4.0.5"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "doesn't fire when not vulnerable passenger version is used" do
-    @check.dependencies = [{:name=>"passenger", :version=>"3.0.21"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_2512_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-2512 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_2512.new
-		# @check.debug = true
-	end
-  it "is reported when a ftpd gem version 0.2.1 is detected" do
-    @check.dependencies = [{:name=>"ftpd", :version=>"0.2.1"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a ftpd gem version 0.2.2 is detected" do
-    @check.dependencies = [{:name=>"ftpd", :version=>"0.2.2"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_2513_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-2513 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_2513.new
-		# @check.debug = true
-	end
-  it "is reported when a flash_tool gem version 0.6.0 is detected" do
-    @check.dependencies = [{:name=>"flash_tool", :version=>"0.6.0"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a flash_tool gem version 0.6.1 is detected" do
-    @check.dependencies = [{:name=>"flash_tool", :version=>"0.6.1"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_2516_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-2516 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_2516.new
-		# @check.debug = true
-	end
-  it "is reported when a fileutils gem version 0.7 is detected" do
-    @check.dependencies = [{:name=>"fileutils", :version=>"0.7"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a fileutils gem version 0.8 is detected" do
-    @check.dependencies = [{:name=>"fileutils", :version=>"0.8"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_4203_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-4203 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_4203.new
-		# @check.debug = true
-	end
-  it "is reported when a vulnerable rgpg version is detected (0.2.2)" do
-    @check.dependencies = [{:name=>"rgpg", :version=>"0.2.2"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a safe rgpg version is detected (0.2.3)" do
-    @check.dependencies = [{:name=>"rgpg", :version=>"0.2.3"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2013_4413_spec.rb

@@ -1,16 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2013-4413 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2013_4413.new
-		# @check.debug = true
-	end
-
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"wicked", :version=>"1.0.0"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"wicked", :version=>"1.0.1"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end