dawnscanner 1.6.9 → 2.0.0.rc1

data/spec/lib/kb/cve_2014_2322_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2014-2322 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2014_2322.new
-		# @check.debug = true
-	end
-  it "is reported when a vulnerable arabic prawn gem version is found (0.0.1)" do
-    @check.dependencies = [{:name=>"Arabic-Prawn", :version=>'0.0.1'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a sage vulnerable arabic prawn gem version is found (0.0.2)" do
-    @check.dependencies = [{:name=>"Arabic-Prawn", :version=>'0.0.2'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2014_2538_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2014-2538 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2014_2538.new
-		# @check.debug = true
-	end
-  it "is reported when rack-ssl vulnerable version it has been found (1.3.2)" do
-    @check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when rack-ssl not vulnerable version it has been found (1.3.4)" do
-    @check.dependencies = [{:name=>'rack-ssl', :version=>'1.3.4'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2014_3482_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2014-3482 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2014_3482.new
-		# @check.debug = true
-	end
-  it "is reported when a vulnerable version it has been found (3.2.18)" do
-    @check.dependencies = [{:name=>"rails", :version=>"3.2.18"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a safe version it has been found (3.2.19)" do
-    @check.dependencies = [{:name=>"rails", :version=>"3.2.19"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2014_3483_spec.rb

@@ -1,27 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2014-3483 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2014_3483.new
-		@check.debug = true
-	end
-  it "is reported when a rails gem version 4.0.6 is detected" do
-    @check.dependencies = [{:name=>"rails", :version=>"4.0.6"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when a rails gem version 4.1.2 is detected" do
-    @check.dependencies = [{:name=>"rails", :version=>"4.1.2"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a rails gem version 4.0.7 is detected" do
-    @check.dependencies = [{:name=>"rails", :version=>"4.0.7"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when a rails gem version 4.1.3 is detected" do
-    @check.dependencies = [{:name=>"rails", :version=>"4.1.3"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when a rails gem version 3.2.21 is detected" do
-    @check.dependencies = [{:name=>"rails", :version=>"3.2.21"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end

data/spec/lib/kb/cve_2014_7818_spec.rb

@@ -1,42 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2014-7818 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2014_7818.new
-		# @check.debug = true
-	end
-  it "is reported when vulnerable rails gem is used (3.2.18)" do
-    @check.dependencies = [{:name=>"rails", :version=>'3.2.18'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable rails gem is used (4.0.7)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.0.7'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable rails gem is used (4.1.6)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.1.6'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable rails gem is used (4.2.0.beta2)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-
-  # SAFE VERSIONS
-  it "is not reported when safe rails gem is used (3.2.20)" do
-    @check.dependencies = [{:name=>"rails", :version=>'3.2.20'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe rails gem is used (4.0.11)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.0.11'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe rails gem is used (4.1.7)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.1.7'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe rails gem is used (4.2.0.beta3)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta3'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-
-end

data/spec/lib/kb/cve_2014_7819_spec.rb

@@ -1,139 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2014-7819 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2014_7819.new
-		# @check.debug = true
-	end
-  # Vulnerable versions
-  it "is reported when vulnerable rails gem is used (4.1.7)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.1.7'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable rails gem is used (3.2.17)" do
-    @check.dependencies = [{:name=>"rails", :version=>'3.2.17'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.0.5)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.0.5'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.1.3)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.1.3'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.2.2)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.2.2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.3.2)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.3.2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.4.5)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.4.5'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.5.0)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.5.0'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.6.0)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.6.0'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.7.0)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.7.0'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.8.2)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.8.2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.9.3)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.9.3'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.10.1)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.10.1'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.11.2)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.11.2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (2.12.2)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.12.2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable sprockets gem is used (3.0.0.beta2)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'3.0.0.beta2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  # Safe versions
-  it "is not reported when safe rails gem is used (4.1.8)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.1.8'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe rails gem is used (3.2.18)" do
-    @check.dependencies = [{:name=>"rails", :version=>'3.2.18'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.0.6)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.0.6'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.1.4)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.1.4'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.2.3)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.2.3'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.3.3)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.3.3'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.4.6)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.4.6'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.5.6)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.5.6'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.6.6)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.6.6'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.7.6)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.7.6'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.8.6)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.8.6'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.9.6)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.9.6'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.10.6)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.10.6'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.11.6)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.11.6'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (2.12.6)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'2.12.6'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe sprockets gem is used (3.0.0.beta3)" do
-    @check.dependencies = [{:name=>"sprockets", :version=>'3.0.0.beta3'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-
-
-end

data/spec/lib/kb/cve_2014_7829_spec.rb

@@ -1,50 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2014-7829 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2014_7829.new
-		@check.debug = true
-	end
-  it "is reported when vulnerable rails gem is used (3.2.20)" do
-    @check.dependencies = [{:name=>"rails", :version=>'3.2.20'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable rails gem is used (3.1.20)" do
-    @check.dependencies = [{:name=>"rails", :version=>'3.1.20'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable rails gem is used (3.0.20)" do
-    @check.dependencies = [{:name=>"rails", :version=>'3.0.20'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable rails gem is used (4.0.11)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.0.11'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable rails gem is used (4.1.7)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.1.7'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable rails gem is used (4.2.0.beta3)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta3'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-
-  it "is not reported when safe rails gem is used (3.2.21)" do
-    @check.dependencies = [{:name=>"rails", :version=>'3.2.21'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe rails gem is used (4.0.12)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.0.12'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe rails gem is used (4.1.8)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.1.8'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe rails gem is used (4.2.0.beta4)" do
-    @check.dependencies = [{:name=>"rails", :version=>'4.2.0.beta4'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-
-	it "is reported when..."
-end

data/spec/lib/kb/cve_2014_9490_spec.rb

@@ -1,17 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2014-9490 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2014_9490.new
-		# @check.debug = true
-	end
-
-  it "is reported when vulnerable raven-ruby gem is used (0.12.1)" do
-    @check.dependencies = [{:name=>"raven-ruby", :version=>'0.12.1'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when safe raven-ruby gem is used (0.12.2)" do
-    @check.dependencies = [{:name=>"raven-ruby", :version=>'0.12.2'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-
-end

data/spec/lib/kb/cve_2015_1819_spec.rb

@@ -1,16 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-1819 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_1819.new
-		# @check.debug = true
-	end
-  it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.6.3"}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.6.4"}]
-    expect(@check.vuln?).to   eq(false)
-  end
-
-end

data/spec/lib/kb/cve_2015_1840_spec.rb

@@ -1,39 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-1840 vulnerability" do
-	before(:all) do
-		@check_a = Dawn::Kb::CVE_2015_1840_a.new
-		@check_b = Dawn::Kb::CVE_2015_1840_b.new
-	end
-  it "is reported when vulnerable jquery-rails gem is used (3.1.2)" do
-    @check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.2'}]
-    expect(@check_a.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable jquery-rails gem is used 4.0.1)" do
-    @check_a.dependencies = [{:name=>"jquery-rails", :version=>'4.0.1'}]
-    expect(@check_a.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable jquery-ujs gem is used 1.0.3)" do
-    @check_b.dependencies = [{:name=>"jquery-ujs", :version=>'1.0.3'}]
-    expect(@check_b.vuln?).to   eq(true)
-  end
-
-  it "is reported when vulnerable jquery-rails gem is used (3.1.3)" do
-    @check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.3'}]
-    expect(@check_a.vuln?).to   eq(false)
-  end
-  it "is reported when vulnerable jquery-rails gem is used (3.1.4)" do
-    @check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.4'}]
-    expect(@check_a.vuln?).to   eq(false)
-  end
-  it "is reported when vulnerable jquery-rails gem is used 4.0.2)" do
-    @check_a.dependencies = [{:name=>"jquery-rails", :version=>'4.0.2'}]
-    expect(@check_a.vuln?).to   eq(false)
-  end
-  it "is reported when vulnerable jquery-ujs gem is used 1.0.4)" do
-    @check_b.dependencies = [{:name=>"jquery-ujs", :version=>'1.0.4'}]
-    expect(@check_b.vuln?).to   eq(false)
-  end
-
-
-
-end

data/spec/lib/kb/cve_2015_2963_spec.rb

@@ -1,17 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-2963 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_2963.new
-		# @check.debug = true
-	end
-  it "is reported when vulnerable paperclip gem is used 4.2.1)" do
-    @check.dependencies = [{:name=>"paperclip", :version=>'4.2.1'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-
-  it "is reported when not vulnerable paperclip gem is used (4.2.2)" do
-    @check.dependencies = [{:name=>"paperclip", :version=>'4.2.2'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-
-end

data/spec/lib/kb/cve_2015_3224_spec.rb

@@ -1,16 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-3224 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_3224.new
-		# @check.debug = true
-	end
-  it "is reported when vulnerable web-console gem is used (2.1.2)" do
-    @check.dependencies = [{:name=>"web-console", :version=>'2.1.2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when safe rack gem is used (2.1.3)" do
-    @check.dependencies = [{:name=>"web-console", :version=>'2.1.3'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-
-end

data/spec/lib/kb/cve_2015_3225_spec.rb

@@ -1,27 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-3225 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_3225.new
-		# @check.debug = true
-	end
-  it "is reported when vulnerable rack gem is used (1.5.3)" do
-    @check.dependencies = [{:name=>"rack", :version=>'1.5.3'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable rack gem is used (1.6.1)" do
-    @check.dependencies = [{:name=>"rack", :version=>'1.6.1'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when safe rack gem is used (1.5.4)" do
-    @check.dependencies = [{:name=>"rack", :version=>'1.5.4'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe rack gem is used (1.5.5)" do
-    @check.dependencies = [{:name=>"rack", :version=>'1.5.5'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe rack gem is used (1.6.3)" do
-    @check.dependencies = [{:name=>"rack", :version=>'1.6.3'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-end