dawnscanner 1.6.9 → 2.0.0.rc1

data/spec/lib/kb/cve_2015_3226_spec.rb

@@ -1,35 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-3226 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_3226.new
-		# @check.debug = true
-	end
-
-  it "is reported when vulnerable active_support gem is used (3.x.x)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'3.2.11'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable active_support gem is used (4.1.11)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable active_support gem is used (4.2.2)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when safe active_support gem is used (4.1.12)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe active_support gem is used (4.1.13)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe active_support gem is used (4.2.3)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-
-
-
-end

data/spec/lib/kb/cve_2015_3227_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-3227 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_3227.new
-	end
-  it "is reported when vulnerable active_support gem is used (4.1.11)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'4.1.11'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when vulnerable active_support gem is used (4.2.2)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'4.2.2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when safe active_support gem is used (4.1.12)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe active_support gem is used (4.1.13)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe active_support gem is used (4.2.3)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-  it "is not reported when safe active_support gem is used (3.2.22)" do
-    @check.dependencies = [{:name=>"activesupport", :version=>'3.2.22'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-
-end

data/spec/lib/kb/cve_2015_3448_spec.rb

@@ -1,16 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-3448 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_3448.new
-		# @check.debug = true
-	end
-  it "is reported when vulnerable rest-client gem is used (1.7.2)" do
-    @check.dependencies = [{:name=>"rest-client", :version=>'1.7.2'}]
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when safe rest-client gem is used (1.7.3)" do
-    @check.dependencies = [{:name=>"rest-client", :version=>'1.7.3'}]
-    expect(@check.vuln?).to   eq(false)
-  end
-
-end

data/spec/lib/kb/cve_2015_4020_spec.rb

@@ -1,24 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-4020 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_4020.new
-		# @check.debug = true
-	end
-  it "is reported when the vulnerable rubygem is detected" do
-    @check.my_gem_version="2.4.3"
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable rubygem is detected" do
-    @check.my_gem_version="2.2.4"
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is reported when the vulnerable rubygem is detected" do
-    @check.my_gem_version="2.0.16"
-    expect(@check.vuln?).to   eq(true)
-  end
-  it "is not reported when a fixed release is detected" do
-    @check.my_gem_version="2.4.9"
-    expect(@check.vuln?).to   eq(false)
-  end
-
-end

data/spec/lib/kb/cve_2015_5312_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-5312 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_5312.new
-		# @check.debug = true
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-end

data/spec/lib/kb/cve_2015_7497_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-7497 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_7497.new
-		# @check.debug = true
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-end

data/spec/lib/kb/cve_2015_7498_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-7498 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_7498.new
-		# @check.debug = true
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-end

data/spec/lib/kb/cve_2015_7499_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-7499 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_7499.new
-		# @check.debug = true
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-end

data/spec/lib/kb/cve_2015_7500_spec.rb

@@ -1,31 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-7500 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_7500.new
-		# @check.debug = true
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.5"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.0"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.6.7.1"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.5.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"nokogiri", :version=>"1.4.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-end

data/spec/lib/kb/cve_2015_7519_spec.rb

@@ -1,23 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-7519 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_7519.new
-		# @check.debug = true
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"passenger", :version=>"4.0.54"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"passenger", :version=>"5.0.12"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"passenger", :version=>"4.0.60"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"passenger", :version=>"5.0.22"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-end

data/spec/lib/kb/cve_2015_7541_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-7541 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_7541.new
-		# @check.debug = true
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"colorscore", :version=>"0.0.4"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"colorscore", :version=>"0.0.5"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-end

data/spec/lib/kb/cve_2015_7576_spec.rb

@@ -1,51 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-7576 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_7576.new
-		@check.debug = true
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0.beta.1"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"actionpack", :version=>"5.0.0"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"actionpack", :version=>"4.2.5.1"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"actionpack", :version=>"4.2.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"actionpack", :version=>"4.1.14.2"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"actionpack", :version=>"4.1.15"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"actionpack", :version=>"3.2.22.1"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"actionpack", :version=>"3.2.23"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-end

data/spec/lib/kb/cve_2015_7577_spec.rb

@@ -1,63 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-7577 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_7577.new
-		# @check.debug = true
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0.beta.1"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"4.2.5"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"4.1.14"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"3.1.2"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"3.2.22"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0.1"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"4.2.5.1"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"4.2.6"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"4.1.14.2"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"4.1.15"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"3.0.1"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"3.2.22.1"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"activerecord", :version=>"3.2.23"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-end

data/spec/lib/kb/cve_2015_7578_spec.rb

@@ -1,15 +0,0 @@
-require 'spec_helper'
-describe "The CVE-2015-7578 vulnerability" do
-	before(:all) do
-		@check = Dawn::Kb::CVE_2015_7578.new
-		# @check.debug = true
-	end
-	it "is reported when the vulnerable gem is detected" do
-    @check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.2"}]
-		expect(@check.vuln?).to   eq(true)
-	end
-	it "is not reported when a fixed release is detected" do
-    @check.dependencies = [{:name=>"rails-html-sanitizer", :version=>"1.0.3"}]
-		expect(@check.vuln?).to   eq(false)
-	end
-end