dawnscanner 2.1.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Changelog.md +12 -1
- data/Rakefile +6 -6
- data/VERSION +1 -1
- data/checksum/dawnscanner-2.1.0.gem.sha1 +1 -0
- data/checksum/dawnscanner-2.1.1.gem.sha1 +1 -0
- data/features/step_definition/dawn_steps.rb +4 -5
- data/lib/dawn/kb/dependency_check.rb +4 -0
- data/lib/dawn/kb/unsafe_depedency_check.rb +16 -0
- data/lib/dawn/knowledge_base.rb +4 -4
- data/lib/dawn/version.rb +4 -4
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +12 -13
- data/spec/lib/kb/codesake_unsafe_dependency_check_normal_spec.rb +39 -0
- data/spec/lib/kb/codesake_unsafe_dependency_check_version_end_excluding_spec.rb +43 -0
- data/spec/lib/kb/codesake_unsafe_dependency_check_version_end_including_spec.rb +44 -0
- data/spec/lib/kb/dependency_check_with_version_end_excluding.yml +23 -0
- data/spec/lib/kb/dependency_check_with_version_end_including.yml +23 -0
- metadata +14 -12
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +0 -1202
- data/spec/lib/kb/codesake_cve_2013_0175_spec.rb +0 -35
- data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +0 -41
- data/spec/lib/kb/codesake_dependency_version_check_spec.rb +0 -79
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +0 -29
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe "CVE-2013-0175 security check" do
|
|
4
|
-
let (:check) {Dawn::Kb::CVE_2013_0175.new}
|
|
5
|
-
it "knows its name" do
|
|
6
|
-
expect(check.name).to eq("CVE-2013-0175")
|
|
7
|
-
end
|
|
8
|
-
it "has a 7.5 cvss score" do
|
|
9
|
-
check.cvss_score == 7.5
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
it "fires when multi_xml vulnerable gem it has been found" do
|
|
13
|
-
check.dependencies = [{:name=>"multi_xml", :version=>"0.5.2"}]
|
|
14
|
-
expect(check.vuln?).to eq(true)
|
|
15
|
-
end
|
|
16
|
-
it "fires when Grape vulnerable gem it has been found" do
|
|
17
|
-
check.dependencies = [{:name=>"grape", :version=>"0.2.5"}]
|
|
18
|
-
expect(check.vuln?).to eq(true)
|
|
19
|
-
end
|
|
20
|
-
it "fires when multi_xml gem is not vulnerable but Grape is" do
|
|
21
|
-
check.dependencies = [{:name=>"grape", :version=>"0.2.5"}, {:name=>"multi_xml", :version=>"0.5.3"}]
|
|
22
|
-
expect(check.vuln?).to eq(true)
|
|
23
|
-
end
|
|
24
|
-
it "fires when multi_xml gem is vulnerable but Grape is not" do
|
|
25
|
-
check.dependencies = [{:name=>"grape", :version=>"0.2.6"}, {:name=>"multi_xml", :version=>"0.5.2"}]
|
|
26
|
-
expect(check.vuln?).to eq(true)
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
it "doesn't fire when no vulnerabilities were found" do
|
|
30
|
-
check.dependencies = [{:name=>"grape", :version=>"0.2.6"}, {:name=>"multi_xml", :version=>"0.5.3"}]
|
|
31
|
-
expect(check.vuln?).to eq(false)
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
end
|
|
@@ -1,41 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
describe "The CVE-2013-4457 vulnerability" do
|
|
4
|
-
before(:all) do
|
|
5
|
-
@check = Dawn::Kb::CVE_2013_4457.new
|
|
6
|
-
# @check.debug = true
|
|
7
|
-
end
|
|
8
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
9
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.4.0'}]
|
|
10
|
-
expect(@check.vuln?).to eq(true)
|
|
11
|
-
end
|
|
12
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
13
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.4.1'}]
|
|
14
|
-
expect(@check.vuln?).to eq(true)
|
|
15
|
-
end
|
|
16
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
17
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.4.2'}]
|
|
18
|
-
expect(@check.vuln?).to eq(true)
|
|
19
|
-
end
|
|
20
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
21
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.5.0'}]
|
|
22
|
-
expect(@check.vuln?).to eq(true)
|
|
23
|
-
end
|
|
24
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
25
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.5.1'}]
|
|
26
|
-
expect(@check.vuln?).to eq(true)
|
|
27
|
-
end
|
|
28
|
-
it "is detected if vulnerable version of cocaine rubygem is detected" do
|
|
29
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.5.2'}]
|
|
30
|
-
expect(@check.vuln?).to eq(true)
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
it "is skipped if non vulnerable version of cocaine rubygem is detected" do
|
|
34
|
-
@check.dependencies=[{:name=>"cocaine", :version=>'0.3.2'}]
|
|
35
|
-
# @check.debug = true
|
|
36
|
-
expect(@check.vuln?).to eq(false)
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
end
|
|
@@ -1,79 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
# class DependencyMockup
|
|
4
|
-
# include Dawn::Kb::DependencyCheck
|
|
5
|
-
|
|
6
|
-
# def initialize
|
|
7
|
-
# message = "This is a mock"
|
|
8
|
-
# super(
|
|
9
|
-
# :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
|
10
|
-
# :applies=>['sinatra', 'padrino', 'rails'],
|
|
11
|
-
# :message=> message
|
|
12
|
-
# )
|
|
13
|
-
# # self.debug = true
|
|
14
|
-
|
|
15
|
-
# self.safe_dependencies = [{:name=>'this_gem', :version=>['0.3.0', '1.3.3', '2.3.3', '2.4.2', '9.4.31.2']}]
|
|
16
|
-
# self.save_major = true
|
|
17
|
-
# end
|
|
18
|
-
# end
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
describe "The security check for gem dependency should" do
|
|
22
|
-
before(:all) do
|
|
23
|
-
@check = Dawn::Kb::DependencyCheck.new
|
|
24
|
-
@check.kind=Dawn::KnowledgeBase::DEPENDENCY_CHECK
|
|
25
|
-
@check.applies = ['sinatra', 'padrino', 'rails']
|
|
26
|
-
@check.message = "This is a mock"
|
|
27
|
-
end
|
|
28
|
-
# let (:check) {Mockup.new}
|
|
29
|
-
|
|
30
|
-
it "gives an unkown priority value" do
|
|
31
|
-
expect(@check.priority).to eq("unknown")
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
it "gives the assigned priority value" do
|
|
35
|
-
@check.priority = :critical
|
|
36
|
-
expect(@check.priority).to eq("critical")
|
|
37
|
-
end
|
|
38
|
-
it "gives an unknown severity since no CVSS is provided and no severity is given" do
|
|
39
|
-
expect(@check.severity).to eq("unknown")
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
it "gives the severity level provided. No CVSS is here" do
|
|
43
|
-
@check.severity = :critical
|
|
44
|
-
expect(@check.severity).to eq("critical")
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
it "fires if vulnerable 0.2.9 version is detected" do
|
|
48
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'0.2.9'}]
|
|
49
|
-
expect(@check.vuln?).to eq(true)
|
|
50
|
-
end
|
|
51
|
-
it "doesn't fire if not vulnerable 0.4.0 version is found" do
|
|
52
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'0.4.0'}]
|
|
53
|
-
expect(@check.vuln?).to eq(false)
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
it "fires if vulnerable 1.3.2 version is found" do
|
|
57
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'1.3.2'}]
|
|
58
|
-
expect(@check.vuln?).to eq(true)
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
it "doesn't fire if not vulnerable 1.4.2 version is found" do
|
|
62
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'1.4.2'}]
|
|
63
|
-
expect(@check.vuln?).to eq(false)
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
it "doesn't fires when a non vulnerable version is found and there is a fixed version with higher minor release but I asked to honor the minor version (useful with rails gem)" do
|
|
67
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'2.3.3'}]
|
|
68
|
-
@check.save_minor = true
|
|
69
|
-
expect(@check.vuln?).to eq(false)
|
|
70
|
-
end
|
|
71
|
-
it "fires when a vulnerable version (2.3.2) is found even if I asked to save minors..." do
|
|
72
|
-
@check.dependencies = [{:name=>"this_gem", :version=>'2.3.2'}]
|
|
73
|
-
@check.save_minor = true
|
|
74
|
-
expect(@check.vuln?).to eq(true)
|
|
75
|
-
|
|
76
|
-
end
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
end
|
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
describe "The security check for gem unsafe dependency should" do
|
|
5
|
-
before(:all) do
|
|
6
|
-
@check = YAML.load_file("./spec/lib/kb/dependency_check.yml")
|
|
7
|
-
@check.debug=true
|
|
8
|
-
puts @check.vulnerable_version_array
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
it "fires if vulnerable 0.5.0 version is detected" do
|
|
12
|
-
@check.dependencies = [{:name=>"acme-gem", :version=>'0.5.0'}]
|
|
13
|
-
expect(@check.vuln?).to eq(true)
|
|
14
|
-
end
|
|
15
|
-
it "fires if vulnerable 1.3.2 version is found" do
|
|
16
|
-
@check.dependencies = [{:name=>"acme-gem", :version=>'1.3.2'}]
|
|
17
|
-
expect(@check.vuln?).to eq(true)
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
it "fires if vulnerable 3.4.0 version is found" do
|
|
21
|
-
@check.dependencies = [{:name=>"acme-gem", :version=>'3.4.0'}]
|
|
22
|
-
expect(@check.vuln?).to eq(true)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
it "doesn't fire if not vulnerable 3.0.0 version is found" do
|
|
26
|
-
@check.dependencies = [{:name=>"acme-gem", :version=>'3.0.0'}]
|
|
27
|
-
expect(@check.vuln?).to eq(false)
|
|
28
|
-
end
|
|
29
|
-
end
|