dawnscanner 2.1.0 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Changelog.md +12 -1
- data/Rakefile +6 -6
- data/VERSION +1 -1
- data/checksum/dawnscanner-2.1.0.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.1.1.gem.sha1 +1 -0
- data/features/step_definition/dawn_steps.rb +4 -5
- data/lib/dawn/kb/dependency_check.rb +4 -0
- data/lib/dawn/kb/unsafe_depedency_check.rb +16 -0
- data/lib/dawn/knowledge_base.rb +4 -4
- data/lib/dawn/version.rb +4 -4
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +12 -13
- data/spec/lib/kb/codesake_unsafe_dependency_check_normal_spec.rb +39 -0
- data/spec/lib/kb/codesake_unsafe_dependency_check_version_end_excluding_spec.rb +43 -0
- data/spec/lib/kb/codesake_unsafe_dependency_check_version_end_including_spec.rb +44 -0
- data/spec/lib/kb/dependency_check_with_version_end_excluding.yml +23 -0
- data/spec/lib/kb/dependency_check_with_version_end_including.yml +23 -0
- metadata +14 -12
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +0 -1202
- data/spec/lib/kb/codesake_cve_2013_0175_spec.rb +0 -35
- data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +0 -41
- data/spec/lib/kb/codesake_dependency_version_check_spec.rb +0 -79
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +0 -29
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 94b039813bed12f92d3312623d3b2168c91a71689b285a49941285b8e3715221
|
|
4
|
+
data.tar.gz: 7170bc49eeb84ae09c71577b9a79b147dc4fb4e1ba820375f83095e889fa1dea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: db223e25eb6e0cb0330f4e31113858b8b584dc6ccc0bde728c7024e206c80fe811608a2dc256601f143b436941ff7bc4e0331f6901086eccb55aeaea0226e2ad
|
|
7
|
+
data.tar.gz: 77b67d5bcccb8b610ecc2b123fa707ea7e52d1509db89d05eb249956398b9cec12e7e75a65a4427bce06b5339b3fe53c09d75a9d277f20660990aeb704539ddb
|
data/Changelog.md
CHANGED
|
@@ -5,7 +5,18 @@ It supports [Sinatra](http://www.sinatrarb.com),
|
|
|
5
5
|
[Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
|
|
6
6
|
frameworks.
|
|
7
7
|
|
|
8
|
-
_latest update:
|
|
8
|
+
_latest update: Mon 17 Apr 2023, 18:07:04, CEST_
|
|
9
|
+
|
|
10
|
+
## Version 2.2.0 (2023-04-17)
|
|
11
|
+
|
|
12
|
+
* DepedencyCheck: marked as deprecated
|
|
13
|
+
* UnsafeDependencyCheck: added support for new kb keywords:
|
|
14
|
+
- versionEndIncluding
|
|
15
|
+
- versionEndExcluding
|
|
16
|
+
|
|
17
|
+
## Version 2.1.1 (2023-04-14)
|
|
18
|
+
|
|
19
|
+
* Issue #252 fix was uncomplete.
|
|
9
20
|
|
|
10
21
|
## Version 2.1.0 (2023-04-13)
|
|
11
22
|
|
data/Rakefile
CHANGED
|
@@ -160,35 +160,35 @@ namespace :rubysec do
|
|
|
160
160
|
end
|
|
161
161
|
|
|
162
162
|
def __kb_pack
|
|
163
|
-
if Dir.
|
|
163
|
+
if Dir.exist? "#{YAML_KB}/bulletin"
|
|
164
164
|
system "tar cfvz #{YAML_KB}/bulletin.tar.gz -C #{YAML_KB} bulletin"
|
|
165
165
|
system "rm -rf #{YAML_KB}/bulletin"
|
|
166
166
|
system "shasum -a 256 #{YAML_KB}/bulletin.tar.gz > #{YAML_KB}/bulletin.tar.gz.sig"
|
|
167
167
|
end
|
|
168
168
|
|
|
169
|
-
if Dir.
|
|
169
|
+
if Dir.exist? "#{YAML_KB}/generic_check"
|
|
170
170
|
system "tar cfvz #{YAML_KB}/generic_check.tar.gz -C #{YAML_KB} generic_check"
|
|
171
171
|
system "rm -rf #{YAML_KB}/generic_check"
|
|
172
172
|
system "shasum -a 256 #{YAML_KB}/generic_check.tar.gz > #{YAML_KB}/generic_check.tar.gz.sig"
|
|
173
173
|
end
|
|
174
174
|
|
|
175
|
-
if Dir.
|
|
175
|
+
if Dir.exist? "#{YAML_KB}/owasp_ror_cheatsheet"
|
|
176
176
|
system "tar cfvz #{YAML_KB}/owasp_ror_cheatsheet.tar.gz -C #{YAML_KB} owasp_ror_cheatsheet"
|
|
177
177
|
system "rm -rf #{YAML_KB}/owasp_ror_cheatsheet"
|
|
178
178
|
system "shasum -a 256 #{YAML_KB}/owasp_ror_cheatsheet.tar.gz > #{YAML_KB}/owasp_ror_cheatsheet.tar.gz.sig"
|
|
179
179
|
end
|
|
180
180
|
|
|
181
|
-
if Dir.
|
|
181
|
+
if Dir.exist? "#{YAML_KB}/code_style"
|
|
182
182
|
system "tar cfvz #{YAML_KB}/code_style.tar.gz -C #{YAML_KB} code_style"
|
|
183
183
|
system "rm -rf #{YAML_KB}/code_style"
|
|
184
184
|
system "shasum -a 256 #{YAML_KB}/code_style.tar.gz > #{YAML_KB}/code_style.tar.gz.sig"
|
|
185
185
|
end
|
|
186
|
-
if Dir.
|
|
186
|
+
if Dir.exist? "#{YAML_KB}/code_quality"
|
|
187
187
|
system "tar cfvz #{YAML_KB}/code_quality.tar.gz -C #{YAML_KB} code_quality"
|
|
188
188
|
system "rm -rf #{YAML_KB}/code_quality"
|
|
189
189
|
system "shasum -a 256 #{YAML_KB}/code_quality.tar.gz > #{YAML_KB}/code_quality.tar.gz.sig"
|
|
190
190
|
end
|
|
191
|
-
if Dir.
|
|
191
|
+
if Dir.exist? "#{YAML_KB}/owasp_top_10"
|
|
192
192
|
system "tar cfvz #{YAML_KB}/owasp_top_10.tar.gz -C #{YAML_KB} owasp_top_10"
|
|
193
193
|
system "rm -rf #{YAML_KB}/owasp_top_10"
|
|
194
194
|
system "shasum -a 256 #{YAML_KB}/owasp_top_10.tar.gz > #{YAML_KB}/owasp_top_10.tar.gz.sig"
|
data/VERSION
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
e463c7c3f54c900752f3b9be47da3f311cddd941
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
140e3b04589881711a85100bc9b93959382f9b39
|
|
@@ -1,19 +1,18 @@
|
|
|
1
1
|
Given /^the generic project "(.*?)" doesn't exist$/ do |file|
|
|
2
|
-
FileUtils.rm(file) if File.
|
|
2
|
+
FileUtils.rm(file) if File.exist?(file)
|
|
3
3
|
end
|
|
4
4
|
|
|
5
5
|
Given /^the hello world rails project does exist$/ do
|
|
6
6
|
system("rm -rf /tmp/hello_world_3.2.13")
|
|
7
|
-
system("cp -a ./spec/support/hello_world_3.2.13 /tmp")
|
|
7
|
+
system("cp -a ./spec/support/hello_world_3.2.13 /tmp")
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
Given /^a safe sinatra application exists$/ do
|
|
11
11
|
system("rm -rf /tmp/sinatra-safe")
|
|
12
|
-
system("cp -a ./spec/support/sinatra-safe /tmp")
|
|
12
|
+
system("cp -a ./spec/support/sinatra-safe /tmp")
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
Given /^a vulnerable sinatra application exists$/ do
|
|
16
16
|
system("rm -rf /tmp/sinatra-vulnerable")
|
|
17
|
-
system("cp -a ./spec/support/sinatra-vulnerable /tmp")
|
|
17
|
+
system("cp -a ./spec/support/sinatra-vulnerable /tmp")
|
|
18
18
|
end
|
|
19
|
-
|
|
@@ -25,10 +25,14 @@ module Dawn
|
|
|
25
25
|
attr_accessor :save_minor
|
|
26
26
|
attr_accessor :save_major
|
|
27
27
|
|
|
28
|
+
# @deprecated Please use UnsafeDependencyCheck instead. This class is no
|
|
29
|
+
# longer supperted and it will be removed really soon.
|
|
28
30
|
def initialize(options)
|
|
29
31
|
super(options)
|
|
30
32
|
@save_minor ||= options[:save_minor]
|
|
31
33
|
@save_major ||= options[:save_major]
|
|
34
|
+
|
|
35
|
+
warn "This class is deprecated. Please use UnsafeDependencyCheck instead"
|
|
32
36
|
end
|
|
33
37
|
|
|
34
38
|
def vuln?
|
|
@@ -31,6 +31,22 @@ module Dawn
|
|
|
31
31
|
@dependencies.each do |dep|
|
|
32
32
|
unless @vulnerable_version_array.nil? or @vulnerable_version_array.empty?
|
|
33
33
|
if dep[:name] == @vulnerable_version_array[0][:name]
|
|
34
|
+
|
|
35
|
+
unless @vulnerable_version_array[0][:versionEndIncluding].nil?
|
|
36
|
+
if (Gem::Version.new(dep[:version]) > Gem::Version.new(@vulnerable_version_array[0][:versionEndIncluding]))
|
|
37
|
+
return false
|
|
38
|
+
else
|
|
39
|
+
return true
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
unless @vulnerable_version_array[0][:versionEndExcluding].nil?
|
|
44
|
+
if (Gem::Version.new(dep[:version]) >= Gem::Version.new(@vulnerable_version_array[0][:versionEndExcluding]))
|
|
45
|
+
return false
|
|
46
|
+
else
|
|
47
|
+
return true
|
|
48
|
+
end
|
|
49
|
+
end
|
|
34
50
|
return true if @please_ignore_dep_version
|
|
35
51
|
return false if @vulnerable_version_array[0][:version].nil? or @vulnerable_version_array[0][:version].empty?
|
|
36
52
|
return true if @vulnerable_version_array[0][:version].include? dep[:version]
|
data/lib/dawn/knowledge_base.rb
CHANGED
|
@@ -244,7 +244,7 @@ module Dawn
|
|
|
244
244
|
# Please note that if we enter in this branch, it means someone
|
|
245
245
|
# tampered the KB between the previous __valid? check and this point.
|
|
246
246
|
# Of course this is a very rare situation, but we must handle it.
|
|
247
|
-
unless Dir.
|
|
247
|
+
unless Dir.exist?(dir)
|
|
248
248
|
$logger.warn "Missing check directory #{dir}"
|
|
249
249
|
else
|
|
250
250
|
Dir.glob(dir+"/**/*.yml").each do |f|
|
|
@@ -311,12 +311,12 @@ module Dawn
|
|
|
311
311
|
|
|
312
312
|
lines = ""
|
|
313
313
|
|
|
314
|
-
unless File.
|
|
314
|
+
unless File.exist?(File.join(@path, "kb.yaml"))
|
|
315
315
|
$logger.error "Missing kb.yaml in #{path}. Giving up"
|
|
316
316
|
return false
|
|
317
317
|
end
|
|
318
318
|
|
|
319
|
-
unless File.
|
|
319
|
+
unless File.exist?(File.join(@path, "kb.yaml.sig"))
|
|
320
320
|
$logger.error "Missing kb.yaml signature in #{path}. Giving up"
|
|
321
321
|
return false
|
|
322
322
|
end
|
|
@@ -343,7 +343,7 @@ module Dawn
|
|
|
343
343
|
# local DB path
|
|
344
344
|
def __packed?
|
|
345
345
|
FILES.each do |fn|
|
|
346
|
-
return true if fn.end_with? 'tar.gz' and File.
|
|
346
|
+
return true if fn.end_with? 'tar.gz' and File.exist?(File.join(@path, fn))
|
|
347
347
|
end
|
|
348
348
|
return false
|
|
349
349
|
end
|
data/lib/dawn/version.rb
CHANGED
|
@@ -2,29 +2,28 @@ require 'spec_helper'
|
|
|
2
2
|
|
|
3
3
|
describe "The security check for Ruby interpreter version" do
|
|
4
4
|
before(:all) do
|
|
5
|
-
@check = Dawn::Kb::RubyVersionCheck.new
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
@check.
|
|
9
|
-
@check.safe_rubies = [{:version=>"1.9.3", :patchlevel=>"p392"}, {:version=>"2.0.0", :patchlevel=>"p0"}]
|
|
5
|
+
@check = Dawn::Kb::RubyVersionCheck.new(:name=>"Mocked",
|
|
6
|
+
:kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
|
|
7
|
+
:applies=>['sinatra', 'padrino', 'rails'])
|
|
8
|
+
@check.safe_rubies=[{:version=>"1.9.3", :patchlevel=>"p392"}, {:version=>"2.0.0", :patchlevel=>"p0"}]
|
|
10
9
|
end
|
|
11
10
|
|
|
12
11
|
it "fires if ruby version is vulnerable" do
|
|
13
|
-
check.detected_ruby = {:version=>"1.9.2", :patchlevel=>"p10000"}
|
|
14
|
-
expect(check.vuln?).to eq(true)
|
|
12
|
+
@check.detected_ruby = {:version=>"1.9.2", :patchlevel=>"p10000"}
|
|
13
|
+
expect(@check.vuln?).to eq(true)
|
|
15
14
|
end
|
|
16
15
|
it "doesn't fire if ruby version is not vulnerable and patchlevel is not vulnerable" do
|
|
17
|
-
check.detected_ruby = {:version=>"1.9.4", :patchlevel=>"p10000"}
|
|
18
|
-
expect(check.vuln?).to eq(false)
|
|
16
|
+
@check.detected_ruby = {:version=>"1.9.4", :patchlevel=>"p10000"}
|
|
17
|
+
expect(@check.vuln?).to eq(false)
|
|
19
18
|
end
|
|
20
19
|
|
|
21
20
|
it "doesn't fire if ruby version is vulnerable and patchlevel is not vulnerable" do
|
|
22
|
-
check.detected_ruby = {:version=>"1.9.3", :patchlevel=>"p10000"}
|
|
23
|
-
expect(check.vuln?).to eq(false)
|
|
21
|
+
@check.detected_ruby = {:version=>"1.9.3", :patchlevel=>"p10000"}
|
|
22
|
+
expect(@check.vuln?).to eq(false)
|
|
24
23
|
end
|
|
25
24
|
|
|
26
25
|
it "fires if ruby version is vulnerable and patchlevel is vulnerable" do
|
|
27
|
-
check.detected_ruby = {:version=>"1.9.3", :patchlevel=>"p391"}
|
|
28
|
-
expect(check.vuln?).to eq(true)
|
|
26
|
+
@check.detected_ruby = {:version=>"1.9.3", :patchlevel=>"p391"}
|
|
27
|
+
expect(@check.vuln?).to eq(true)
|
|
29
28
|
end
|
|
30
29
|
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
describe "The security check for gem unsafe dependency should" do
|
|
5
|
+
before(:all) do
|
|
6
|
+
f = "./spec/lib/kb/dependency_check.yml"
|
|
7
|
+
@check = YAML.load_file(f, permitted_classes: [Dawn::Kb::UnsafeDependencyCheck,
|
|
8
|
+
Dawn::Kb::BasicCheck,
|
|
9
|
+
Dawn::Kb::ComboCheck,
|
|
10
|
+
Dawn::Kb::DependencyCheck,
|
|
11
|
+
Dawn::Kb::DeprecationCheck,
|
|
12
|
+
Dawn::Kb::OperatingSystemCheck,
|
|
13
|
+
Dawn::Kb::PatternMatchCheck,
|
|
14
|
+
Dawn::Kb::RubygemCheck,
|
|
15
|
+
Dawn::Kb::RubyVersionCheck,
|
|
16
|
+
Dawn::Kb::VersionCheck,
|
|
17
|
+
Date,
|
|
18
|
+
Symbol])
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
it "fires if vulnerable 0.5.0 version is detected" do
|
|
22
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'0.5.0'}]
|
|
23
|
+
expect(@check.vuln?).to eq(true)
|
|
24
|
+
end
|
|
25
|
+
it "fires if vulnerable 1.3.2 version is found" do
|
|
26
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'1.3.2'}]
|
|
27
|
+
expect(@check.vuln?).to eq(true)
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
it "fires if vulnerable 3.4.0 version is found" do
|
|
31
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'3.4.0'}]
|
|
32
|
+
expect(@check.vuln?).to eq(true)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
it "doesn't fire if not vulnerable 3.0.0 version is found" do
|
|
36
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'3.0.0'}]
|
|
37
|
+
expect(@check.vuln?).to eq(false)
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
describe "The security check for gem unsafe dependency, when versionEndExcluding is set, should" do
|
|
5
|
+
before(:all) do
|
|
6
|
+
f = "./spec/lib/kb/dependency_check_with_version_end_excluding.yml"
|
|
7
|
+
@check = YAML.load_file(f, permitted_classes: [Dawn::Kb::UnsafeDependencyCheck,
|
|
8
|
+
Dawn::Kb::BasicCheck,
|
|
9
|
+
Dawn::Kb::ComboCheck,
|
|
10
|
+
Dawn::Kb::DependencyCheck,
|
|
11
|
+
Dawn::Kb::DeprecationCheck,
|
|
12
|
+
Dawn::Kb::OperatingSystemCheck,
|
|
13
|
+
Dawn::Kb::PatternMatchCheck,
|
|
14
|
+
Dawn::Kb::RubygemCheck,
|
|
15
|
+
Dawn::Kb::RubyVersionCheck,
|
|
16
|
+
Dawn::Kb::VersionCheck,
|
|
17
|
+
Date,
|
|
18
|
+
Symbol])
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
it "fires if vulnerable 0.5.0 version is detected" do
|
|
22
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'0.5.0'}]
|
|
23
|
+
expect(@check.vuln?).to eq(true)
|
|
24
|
+
end
|
|
25
|
+
it "fires if vulnerable 1.3.2 version is found" do
|
|
26
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'1.3.2'}]
|
|
27
|
+
expect(@check.vuln?).to eq(true)
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
it "fires if vulnerable 2.7.2.1 version is found" do
|
|
31
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'2.7.2.1'}]
|
|
32
|
+
expect(@check.vuln?).to eq(true)
|
|
33
|
+
end
|
|
34
|
+
it "fires if vulnerable 2.7.2.2 version is found" do
|
|
35
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'2.7.2.2'}]
|
|
36
|
+
expect(@check.vuln?).to eq(false)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
it "doesn't fire if not vulnerable 3.0 version is found" do
|
|
40
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'3.0'}]
|
|
41
|
+
expect(@check.vuln?).to eq(false)
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
describe "The security check for gem unsafe dependency, when versionEndIncluding is set, should" do
|
|
5
|
+
before(:all) do
|
|
6
|
+
f = "./spec/lib/kb/dependency_check_with_version_end_including.yml"
|
|
7
|
+
@check = YAML.load_file(f, permitted_classes: [Dawn::Kb::UnsafeDependencyCheck,
|
|
8
|
+
Dawn::Kb::BasicCheck,
|
|
9
|
+
Dawn::Kb::ComboCheck,
|
|
10
|
+
Dawn::Kb::DependencyCheck,
|
|
11
|
+
Dawn::Kb::DeprecationCheck,
|
|
12
|
+
Dawn::Kb::OperatingSystemCheck,
|
|
13
|
+
Dawn::Kb::PatternMatchCheck,
|
|
14
|
+
Dawn::Kb::RubygemCheck,
|
|
15
|
+
Dawn::Kb::RubyVersionCheck,
|
|
16
|
+
Dawn::Kb::VersionCheck,
|
|
17
|
+
Date,
|
|
18
|
+
Symbol])
|
|
19
|
+
@check.debug=true
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
it "fires if vulnerable 0.5.0 version is detected" do
|
|
23
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'0.5.0'}]
|
|
24
|
+
expect(@check.vuln?).to eq(true)
|
|
25
|
+
end
|
|
26
|
+
it "fires if vulnerable 1.3.2 version is found" do
|
|
27
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'1.3.2'}]
|
|
28
|
+
expect(@check.vuln?).to eq(true)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
it "fires if vulnerable 2.7.2.1 version is found" do
|
|
32
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'2.7.2.1'}]
|
|
33
|
+
expect(@check.vuln?).to eq(true)
|
|
34
|
+
end
|
|
35
|
+
it "fires if vulnerable 2.7.2.2 version is found" do
|
|
36
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'2.7.2.2'}]
|
|
37
|
+
expect(@check.vuln?).to eq(true)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
it "doesn't fire if not vulnerable 3.0 version is found" do
|
|
41
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'3.0'}]
|
|
42
|
+
expect(@check.vuln?).to eq(false)
|
|
43
|
+
end
|
|
44
|
+
end
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
--- !ruby/object:Dawn::Kb::UnsafeDependencyCheck
|
|
2
|
+
applies:
|
|
3
|
+
- rails
|
|
4
|
+
- sinatra
|
|
5
|
+
- padrino
|
|
6
|
+
title: A test here
|
|
7
|
+
cvss: '(AV:L/AC:L/Au:S/C:N/I:C/A:C)'
|
|
8
|
+
cve: 'CVE-2023-99999'
|
|
9
|
+
owasp: A9
|
|
10
|
+
release_date: '25/03/2023'
|
|
11
|
+
kind: :unsafe_dependency_check
|
|
12
|
+
message: |-
|
|
13
|
+
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur nisi turpis, tincidunt rhoncus leo sed, euismod sollicitudin nisl. In a arcu accumsan, fermentum quam vel, auctor risus. Nulla non sollicitudin libero. Cras hendrerit consectetur pulvinar. Vivamus ligula quam, vulputate eget justo in, varius rhoncus lorem. Nulla vel volutpat enim. Nulla hendrerit posuere tempor. Nulla in metus eget lacus tempor sollicitudin sed et dolor. Ut interdum volutpat felis, ac bibendum mauris volutpat ut. Etiam posuere justo ex, nec faucibus orci suscipit sit amet. Vivamus rutrum massa fermentum mi pellentesque vehicula. Nullam elementum urna mauris, nec cursus risus convallis vel. Nulla consectetur enim ut magna rutrum, et mollis ante auctor. Etiam accumsan in lacus et ultricies. Morbi ullamcorper velit a ipsum egestas, quis laoreet lectus placerat. Maecenas nunc augue, pulvinar non ligula ac, maximus venenatis mi.
|
|
14
|
+
|
|
15
|
+
remediation: |-
|
|
16
|
+
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse et metus blandit, viverra ante a, auctor urna. Integer eget est ac nisl bibendum pharetra. Vivamus rhoncus neque vitae felis congue luctus. Praesent vitae lobortis mi. Nulla malesuada elit dictum tincidunt volutpat. Quisque tincidunt lorem nec eros ullamcorper lobortis. Nunc in felis sit amet purus sollicitudin tincidunt. Sed semper sapien nisi, non rutrum orci ultricies eget. Integer neque mauris, gravida ac varius nec, tincidunt consequat turpis. Fusce nisi metus, iaculis a eros eget, interdum sodales lectus. Pellentesque purus nisi, venenatis ut quam vitae, lacinia tristique turpis. Morbi sed maximus odio, et interdum risus. Duis nec congue lacus. Nunc sed elit a leo fermentum feugiat a aliquam arcu.
|
|
17
|
+
|
|
18
|
+
severity: :critical
|
|
19
|
+
priority: :high
|
|
20
|
+
check_family: :bulletin
|
|
21
|
+
vulnerable_version_array:
|
|
22
|
+
- :name: 'acme-gem'
|
|
23
|
+
:versionEndExcluding: '2.7.2.2'
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
--- !ruby/object:Dawn::Kb::UnsafeDependencyCheck
|
|
2
|
+
applies:
|
|
3
|
+
- rails
|
|
4
|
+
- sinatra
|
|
5
|
+
- padrino
|
|
6
|
+
title: A test here
|
|
7
|
+
cvss: '(AV:L/AC:L/Au:S/C:N/I:C/A:C)'
|
|
8
|
+
cve: 'CVE-2023-99999'
|
|
9
|
+
owasp: A9
|
|
10
|
+
release_date: '25/03/2023'
|
|
11
|
+
kind: :unsafe_dependency_check
|
|
12
|
+
message: |-
|
|
13
|
+
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur nisi turpis, tincidunt rhoncus leo sed, euismod sollicitudin nisl. In a arcu accumsan, fermentum quam vel, auctor risus. Nulla non sollicitudin libero. Cras hendrerit consectetur pulvinar. Vivamus ligula quam, vulputate eget justo in, varius rhoncus lorem. Nulla vel volutpat enim. Nulla hendrerit posuere tempor. Nulla in metus eget lacus tempor sollicitudin sed et dolor. Ut interdum volutpat felis, ac bibendum mauris volutpat ut. Etiam posuere justo ex, nec faucibus orci suscipit sit amet. Vivamus rutrum massa fermentum mi pellentesque vehicula. Nullam elementum urna mauris, nec cursus risus convallis vel. Nulla consectetur enim ut magna rutrum, et mollis ante auctor. Etiam accumsan in lacus et ultricies. Morbi ullamcorper velit a ipsum egestas, quis laoreet lectus placerat. Maecenas nunc augue, pulvinar non ligula ac, maximus venenatis mi.
|
|
14
|
+
|
|
15
|
+
remediation: |-
|
|
16
|
+
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse et metus blandit, viverra ante a, auctor urna. Integer eget est ac nisl bibendum pharetra. Vivamus rhoncus neque vitae felis congue luctus. Praesent vitae lobortis mi. Nulla malesuada elit dictum tincidunt volutpat. Quisque tincidunt lorem nec eros ullamcorper lobortis. Nunc in felis sit amet purus sollicitudin tincidunt. Sed semper sapien nisi, non rutrum orci ultricies eget. Integer neque mauris, gravida ac varius nec, tincidunt consequat turpis. Fusce nisi metus, iaculis a eros eget, interdum sodales lectus. Pellentesque purus nisi, venenatis ut quam vitae, lacinia tristique turpis. Morbi sed maximus odio, et interdum risus. Duis nec congue lacus. Nunc sed elit a leo fermentum feugiat a aliquam arcu.
|
|
17
|
+
|
|
18
|
+
severity: :critical
|
|
19
|
+
priority: :high
|
|
20
|
+
check_family: :bulletin
|
|
21
|
+
vulnerable_version_array:
|
|
22
|
+
- :name: 'acme-gem'
|
|
23
|
+
:versionEndIncluding: '2.7.2.2'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dawnscanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Paolo Perego
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-04-
|
|
11
|
+
date: 2023-04-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cvss
|
|
@@ -277,6 +277,8 @@ files:
|
|
|
277
277
|
- checksum/dawnscanner-2.0.0.rc2.gem.sha1
|
|
278
278
|
- checksum/dawnscanner-2.0.0.rc3.gem.sha1
|
|
279
279
|
- checksum/dawnscanner-2.0.0.rc5.gem.sha1
|
|
280
|
+
- checksum/dawnscanner-2.1.0.gem.sha1
|
|
281
|
+
- checksum/dawnscanner-2.1.1.gem.sha1
|
|
280
282
|
- code_of_conduct.md
|
|
281
283
|
- dawnscanner.gemspec
|
|
282
284
|
- doc/change.sh
|
|
@@ -324,18 +326,18 @@ files:
|
|
|
324
326
|
- lib/dawnscanner.rb
|
|
325
327
|
- lib/tasks/dawn_tasks.rake
|
|
326
328
|
- spec/lib/dawn/codesake_core_spec.rb
|
|
327
|
-
- spec/lib/dawn/codesake_knowledgebase_spec.rb
|
|
328
329
|
- spec/lib/dawn/codesake_padrino_engine_disabled.rb
|
|
329
330
|
- spec/lib/dawn/codesake_rails_engine_disabled.rb
|
|
330
331
|
- spec/lib/dawn/codesake_sinatra_engine_disabled.rb
|
|
331
|
-
- spec/lib/kb/codesake_cve_2013_0175_spec.rb
|
|
332
|
-
- spec/lib/kb/codesake_cve_2013_4457_spec.rb
|
|
333
|
-
- spec/lib/kb/codesake_dependency_version_check_spec.rb
|
|
334
332
|
- spec/lib/kb/codesake_deprecation_check_spec.rb
|
|
335
333
|
- spec/lib/kb/codesake_ruby_version_check_spec.rb
|
|
336
|
-
- spec/lib/kb/
|
|
334
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_normal_spec.rb
|
|
335
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_version_end_excluding_spec.rb
|
|
336
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_version_end_including_spec.rb
|
|
337
337
|
- spec/lib/kb/codesake_version_check_spec.rb
|
|
338
338
|
- spec/lib/kb/dependency_check.yml
|
|
339
|
+
- spec/lib/kb/dependency_check_with_version_end_excluding.yml
|
|
340
|
+
- spec/lib/kb/dependency_check_with_version_end_including.yml
|
|
339
341
|
- spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
|
|
340
342
|
- spec/lib/kb/yamilize_kb_spec.rb
|
|
341
343
|
- spec/spec_helper.rb
|
|
@@ -373,18 +375,18 @@ test_files:
|
|
|
373
375
|
- features/step_definition/dawn_steps.rb
|
|
374
376
|
- features/support/env.rb
|
|
375
377
|
- spec/lib/dawn/codesake_core_spec.rb
|
|
376
|
-
- spec/lib/dawn/codesake_knowledgebase_spec.rb
|
|
377
378
|
- spec/lib/dawn/codesake_padrino_engine_disabled.rb
|
|
378
379
|
- spec/lib/dawn/codesake_rails_engine_disabled.rb
|
|
379
380
|
- spec/lib/dawn/codesake_sinatra_engine_disabled.rb
|
|
380
|
-
- spec/lib/kb/codesake_cve_2013_0175_spec.rb
|
|
381
|
-
- spec/lib/kb/codesake_cve_2013_4457_spec.rb
|
|
382
|
-
- spec/lib/kb/codesake_dependency_version_check_spec.rb
|
|
383
381
|
- spec/lib/kb/codesake_deprecation_check_spec.rb
|
|
384
382
|
- spec/lib/kb/codesake_ruby_version_check_spec.rb
|
|
385
|
-
- spec/lib/kb/
|
|
383
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_normal_spec.rb
|
|
384
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_version_end_excluding_spec.rb
|
|
385
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_version_end_including_spec.rb
|
|
386
386
|
- spec/lib/kb/codesake_version_check_spec.rb
|
|
387
387
|
- spec/lib/kb/dependency_check.yml
|
|
388
|
+
- spec/lib/kb/dependency_check_with_version_end_excluding.yml
|
|
389
|
+
- spec/lib/kb/dependency_check_with_version_end_including.yml
|
|
388
390
|
- spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
|
|
389
391
|
- spec/lib/kb/yamilize_kb_spec.rb
|
|
390
392
|
- spec/spec_helper.rb
|