dawnscanner 2.1.0 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Changelog.md +12 -1
- data/Rakefile +6 -6
- data/VERSION +1 -1
- data/checksum/dawnscanner-2.1.0.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.1.1.gem.sha1 +1 -0
- data/features/step_definition/dawn_steps.rb +4 -5
- data/lib/dawn/kb/dependency_check.rb +4 -0
- data/lib/dawn/kb/unsafe_depedency_check.rb +16 -0
- data/lib/dawn/knowledge_base.rb +4 -4
- data/lib/dawn/version.rb +4 -4
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +12 -13
- data/spec/lib/kb/codesake_unsafe_dependency_check_normal_spec.rb +39 -0
- data/spec/lib/kb/codesake_unsafe_dependency_check_version_end_excluding_spec.rb +43 -0
- data/spec/lib/kb/codesake_unsafe_dependency_check_version_end_including_spec.rb +44 -0
- data/spec/lib/kb/dependency_check_with_version_end_excluding.yml +23 -0
- data/spec/lib/kb/dependency_check_with_version_end_including.yml +23 -0
- metadata +14 -12
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +0 -1202
- data/spec/lib/kb/codesake_cve_2013_0175_spec.rb +0 -35
- data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +0 -41
- data/spec/lib/kb/codesake_dependency_version_check_spec.rb +0 -79
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +0 -29
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe "CVE-2013-0175 security check" do
|
|
4
|
-
let (:check) {Dawn::Kb::CVE_2013_0175.new}
|
|
5
|
-
it "knows its name" do
|
|
6
|
-
expect(check.name).to eq("CVE-2013-0175")
|
|
7
|
-
end
|
|
8
|
-
it "has a 7.5 cvss score" do
|
|
9
|
-
check.cvss_score == 7.5
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
it "fires when multi_xml vulnerable gem it has been found" do
|
|
13
|
-
check.dependencies = [{:name=>"multi_xml", :version=>"0.5.2"}]
|
|
14
|
-
expect(check.vuln?).to eq(true)
|
|
15
|
-
end
|
|
16
|
-
it "fires when Grape vulnerable gem it has been found" do
|
|
17
|
-
check.dependencies = [{:name=>"grape", :version=>"0.2.5"}]
|
|
18
|
-
expect(check.vuln?).to eq(true)
|
|
19
|
-
end
|
|
20
|
-
it "fires when multi_xml gem is not vulnerable but Grape is" do
|
|
21
|
-
check.dependencies = [{:name=>"grape", :version=>"0.2.5"}, {:name=>"multi_xml", :version=>"0.5.3"}]
|
|
22
|
-
expect(check.vuln?).to eq(true)
|
|
23
|
-
end
|
|
24
|
-
it "fires when multi_xml gem is vulnerable but Grape is not" do
|
|
25
|
-
check.dependencies = [{:name=>"grape", :version=>"0.2.6"}, {:name=>"multi_xml", :version=>"0.5.2"}]
|
|
26
|
-
expect(check.vuln?).to eq(true)
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
it "doesn't fire when no vulnerabilities were found" do
|
|
30
|
-
check.dependencies = [{:name=>"grape", :version=>"0.2.6"}, {:name=>"multi_xml", :version=>"0.5.3"}]
|
|
31
|
-
expect(check.vuln?).to eq(false)
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
end
|
|
@@ -1,41 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe "The CVE-2013-4457 vulnerability" do
|
|
4
|
-
before(:all) do
|
|
5
|
-
@check = Dawn::Kb::CVE_2013_4457.new
|
|
6
|
-
# @check.debug = true
|
|
7
|
-
end
|
|
8
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
9
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.4.0'}]
|
|
10
|
-
expect(@check.vuln?).to eq(true)
|
|
11
|
-
end
|
|
12
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
13
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.4.1'}]
|
|
14
|
-
expect(@check.vuln?).to eq(true)
|
|
15
|
-
end
|
|
16
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
17
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.4.2'}]
|
|
18
|
-
expect(@check.vuln?).to eq(true)
|
|
19
|
-
end
|
|
20
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
21
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.5.0'}]
|
|
22
|
-
expect(@check.vuln?).to eq(true)
|
|
23
|
-
end
|
|
24
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
25
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.5.1'}]
|
|
26
|
-
expect(@check.vuln?).to eq(true)
|
|
27
|
-
end
|
|
28
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
29
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.5.2'}]
|
|
30
|
-
expect(@check.vuln?).to eq(true)
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
it "is skipped if non vulnerable version of cocaine rubygem is detected" do
|
|
34
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.3.2'}]
|
|
35
|
-
# @check.debug = true
|
|
36
|
-
expect(@check.vuln?).to eq(false)
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
end
|
|
@@ -1,79 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
# class DependencyMockup
|
|
4
|
-
# include Dawn::Kb::DependencyCheck
|
|
5
|
-
|
|
6
|
-
# def initialize
|
|
7
|
-
# message = "This is a mock"
|
|
8
|
-
# super(
|
|
9
|
-
# :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
|
10
|
-
# :applies=>['sinatra', 'padrino', 'rails'],
|
|
11
|
-
# :message=> message
|
|
12
|
-
# )
|
|
13
|
-
# # self.debug = true
|
|
14
|
-
|
|
15
|
-
# self.safe_dependencies = [{:name=>'this_gem', :version=>['0.3.0', '1.3.3', '2.3.3', '2.4.2', '9.4.31.2']}]
|
|
16
|
-
# self.save_major = true
|
|
17
|
-
# end
|
|
18
|
-
# end
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
describe "The security check for gem dependency should" do
|
|
22
|
-
before(:all) do
|
|
23
|
-
@check = Dawn::Kb::DependencyCheck.new
|
|
24
|
-
@check.kind=Dawn::KnowledgeBase::DEPENDENCY_CHECK
|
|
25
|
-
@check.applies = ['sinatra', 'padrino', 'rails']
|
|
26
|
-
@check.message = "This is a mock"
|
|
27
|
-
end
|
|
28
|
-
# let (:check) {Mockup.new}
|
|
29
|
-
|
|
30
|
-
it "gives an unkown priority value" do
|
|
31
|
-
expect(@check.priority).to eq("unknown")
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
it "gives the assigned priority value" do
|
|
35
|
-
@check.priority = :critical
|
|
36
|
-
expect(@check.priority).to eq("critical")
|
|
37
|
-
end
|
|
38
|
-
it "gives an unknown severity since no CVSS is provided and no severity is given" do
|
|
39
|
-
expect(@check.severity).to eq("unknown")
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
it "gives the severity level provided. No CVSS is here" do
|
|
43
|
-
@check.severity = :critical
|
|
44
|
-
expect(@check.severity).to eq("critical")
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
it "fires if vulnerable 0.2.9 version is detected" do
|
|
48
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'0.2.9'}]
|
|
49
|
-
expect(@check.vuln?).to eq(true)
|
|
50
|
-
end
|
|
51
|
-
it "doesn't fire if not vulnerable 0.4.0 version is found" do
|
|
52
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'0.4.0'}]
|
|
53
|
-
expect(@check.vuln?).to eq(false)
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
it "fires if vulnerable 1.3.2 version is found" do
|
|
57
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'1.3.2'}]
|
|
58
|
-
expect(@check.vuln?).to eq(true)
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
it "doesn't fire if not vulnerable 1.4.2 version is found" do
|
|
62
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'1.4.2'}]
|
|
63
|
-
expect(@check.vuln?).to eq(false)
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
it "doesn't fires when a non vulnerable version is found and there is a fixed version with higher minor release but I asked to honor the minor version (useful with rails gem)" do
|
|
67
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'2.3.3'}]
|
|
68
|
-
@check.save_minor = true
|
|
69
|
-
expect(@check.vuln?).to eq(false)
|
|
70
|
-
end
|
|
71
|
-
it "fires when a vulnerable version (2.3.2) is found even if I asked to save minors..." do
|
|
72
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'2.3.2'}]
|
|
73
|
-
@check.save_minor = true
|
|
74
|
-
expect(@check.vuln?).to eq(true)
|
|
75
|
-
|
|
76
|
-
end
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
end
|
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
describe "The security check for gem unsafe dependency should" do
|
|
5
|
-
before(:all) do
|
|
6
|
-
@check = YAML.load_file("./spec/lib/kb/dependency_check.yml")
|
|
7
|
-
@check.debug=true
|
|
8
|
-
puts @check.vulnerable_version_array
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
it "fires if vulnerable 0.5.0 version is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"acme-gem", :version=>'0.5.0'}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "fires if vulnerable 1.3.2 version is found" do
|
|
16
|
-
@check.dependencies = [{:name=>"acme-gem", :version=>'1.3.2'}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
it "fires if vulnerable 3.4.0 version is found" do
|
|
21
|
-
@check.dependencies = [{:name=>"acme-gem", :version=>'3.4.0'}]
|
|
22
|
-
expect(@check.vuln?).to eq(true)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
it "doesn't fire if not vulnerable 3.0.0 version is found" do
|
|
26
|
-
@check.dependencies = [{:name=>"acme-gem", :version=>'3.0.0'}]
|
|
27
|
-
expect(@check.vuln?).to eq(false)
|
|
28
|
-
end
|
|
29
|
-
end
|