dawnscanner 2.1.1 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (19) hide show
  1. checksums.yaml +4 -4
  2. data/Changelog.md +8 -1
  3. data/VERSION +1 -1
  4. data/checksum/dawnscanner-2.1.1.gem.sha1 +1 -0
  5. data/lib/dawn/kb/dependency_check.rb +4 -0
  6. data/lib/dawn/kb/unsafe_depedency_check.rb +16 -0
  7. data/lib/dawn/version.rb +4 -4
  8. data/spec/lib/kb/codesake_ruby_version_check_spec.rb +12 -13
  9. data/spec/lib/kb/codesake_unsafe_dependency_check_normal_spec.rb +39 -0
  10. data/spec/lib/kb/codesake_unsafe_dependency_check_version_end_excluding_spec.rb +43 -0
  11. data/spec/lib/kb/codesake_unsafe_dependency_check_version_end_including_spec.rb +44 -0
  12. data/spec/lib/kb/dependency_check_with_version_end_excluding.yml +23 -0
  13. data/spec/lib/kb/dependency_check_with_version_end_including.yml +23 -0
  14. metadata +13 -12
  15. data/spec/lib/dawn/codesake_knowledgebase_spec.rb +0 -1202
  16. data/spec/lib/kb/codesake_cve_2013_0175_spec.rb +0 -35
  17. data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +0 -41
  18. data/spec/lib/kb/codesake_dependency_version_check_spec.rb +0 -79
  19. data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +0 -29
data/spec/lib/kb/codesake_cve_2013_0175_spec.rb DELETED
@@ -1,35 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe "CVE-2013-0175 security check" do
4
- let (:check) {Dawn::Kb::CVE_2013_0175.new}
5
- it "knows its name" do
6
- expect(check.name).to eq("CVE-2013-0175")
7
- end
8
- it "has a 7.5 cvss score" do
9
- check.cvss_score == 7.5
10
- end
11
-
12
- it "fires when multi_xml vulnerable gem it has been found" do
13
- check.dependencies = [{:name=>"multi_xml", :version=>"0.5.2"}]
14
- expect(check.vuln?).to eq(true)
15
- end
16
- it "fires when Grape vulnerable gem it has been found" do
17
- check.dependencies = [{:name=>"grape", :version=>"0.2.5"}]
18
- expect(check.vuln?).to eq(true)
19
- end
20
- it "fires when multi_xml gem is not vulnerable but Grape is" do
21
- check.dependencies = [{:name=>"grape", :version=>"0.2.5"}, {:name=>"multi_xml", :version=>"0.5.3"}]
22
- expect(check.vuln?).to eq(true)
23
- end
24
- it "fires when multi_xml gem is vulnerable but Grape is not" do
25
- check.dependencies = [{:name=>"grape", :version=>"0.2.6"}, {:name=>"multi_xml", :version=>"0.5.2"}]
26
- expect(check.vuln?).to eq(true)
27
- end
28
-
29
- it "doesn't fire when no vulnerabilities were found" do
30
- check.dependencies = [{:name=>"grape", :version=>"0.2.6"}, {:name=>"multi_xml", :version=>"0.5.3"}]
31
- expect(check.vuln?).to eq(false)
32
- end
33
-
34
-
35
- end
data/spec/lib/kb/codesake_cve_2013_4457_spec.rb DELETED
@@ -1,41 +0,0 @@
1
- require 'spec_helper'
2
-
3
- describe "The CVE-2013-4457 vulnerability" do
4
- before(:all) do
5
- @check = Dawn::Kb::CVE_2013_4457.new
6
- # @check.debug = true
7
- end
8
- it "is detected if vulnerable version of cocaine rubygem is detected" do
9
- @check.dependencies=[{:name=>"cocaine", :version=>'0.4.0'}]
10
- expect(@check.vuln?).to eq(true)
11
- end
12
- it "is detected if vulnerable version of cocaine rubygem is detected" do
13
- @check.dependencies=[{:name=>"cocaine", :version=>'0.4.1'}]
14
- expect(@check.vuln?).to eq(true)
15
- end
16
- it "is detected if vulnerable version of cocaine rubygem is detected" do
17
- @check.dependencies=[{:name=>"cocaine", :version=>'0.4.2'}]
18
- expect(@check.vuln?).to eq(true)
19
- end
20
- it "is detected if vulnerable version of cocaine rubygem is detected" do
21
- @check.dependencies=[{:name=>"cocaine", :version=>'0.5.0'}]
22
- expect(@check.vuln?).to eq(true)
23
- end
24
- it "is detected if vulnerable version of cocaine rubygem is detected" do
25
- @check.dependencies=[{:name=>"cocaine", :version=>'0.5.1'}]
26
- expect(@check.vuln?).to eq(true)
27
- end
28
- it "is detected if vulnerable version of cocaine rubygem is detected" do
29
- @check.dependencies=[{:name=>"cocaine", :version=>'0.5.2'}]
30
- expect(@check.vuln?).to eq(true)
31
- end
32
-
33
- it "is skipped if non vulnerable version of cocaine rubygem is detected" do
34
- @check.dependencies=[{:name=>"cocaine", :version=>'0.3.2'}]
35
- # @check.debug = true
36
- expect(@check.vuln?).to eq(false)
37
- end
38
-
39
-
40
-
41
- end
data/spec/lib/kb/codesake_dependency_version_check_spec.rb DELETED
@@ -1,79 +0,0 @@
1
- require 'spec_helper'
2
-
3
- # class DependencyMockup
4
- # include Dawn::Kb::DependencyCheck
5
-
6
- # def initialize
7
- # message = "This is a mock"
8
- # super(
9
- # :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
10
- # :applies=>['sinatra', 'padrino', 'rails'],
11
- # :message=> message
12
- # )
13
- # # self.debug = true
14
-
15
- # self.safe_dependencies = [{:name=>'this_gem', :version=>['0.3.0', '1.3.3', '2.3.3', '2.4.2', '9.4.31.2']}]
16
- # self.save_major = true
17
- # end
18
- # end
19
-
20
-
21
- describe "The security check for gem dependency should" do
22
- before(:all) do
23
- @check = Dawn::Kb::DependencyCheck.new
24
- @check.kind=Dawn::KnowledgeBase::DEPENDENCY_CHECK
25
- @check.applies = ['sinatra', 'padrino', 'rails']
26
- @check.message = "This is a mock"
27
- end
28
- # let (:check) {Mockup.new}
29
-
30
- it "gives an unkown priority value" do
31
- expect(@check.priority).to eq("unknown")
32
- end
33
-
34
- it "gives the assigned priority value" do
35
- @check.priority = :critical
36
- expect(@check.priority).to eq("critical")
37
- end
38
- it "gives an unknown severity since no CVSS is provided and no severity is given" do
39
- expect(@check.severity).to eq("unknown")
40
- end
41
-
42
- it "gives the severity level provided. No CVSS is here" do
43
- @check.severity = :critical
44
- expect(@check.severity).to eq("critical")
45
- end
46
-
47
- it "fires if vulnerable 0.2.9 version is detected" do
48
- @check.dependencies = [{:name=>"this_gem", :version=>'0.2.9'}]
49
- expect(@check.vuln?).to eq(true)
50
- end
51
- it "doesn't fire if not vulnerable 0.4.0 version is found" do
52
- @check.dependencies = [{:name=>"this_gem", :version=>'0.4.0'}]
53
- expect(@check.vuln?).to eq(false)
54
- end
55
-
56
- it "fires if vulnerable 1.3.2 version is found" do
57
- @check.dependencies = [{:name=>"this_gem", :version=>'1.3.2'}]
58
- expect(@check.vuln?).to eq(true)
59
- end
60
-
61
- it "doesn't fire if not vulnerable 1.4.2 version is found" do
62
- @check.dependencies = [{:name=>"this_gem", :version=>'1.4.2'}]
63
- expect(@check.vuln?).to eq(false)
64
- end
65
-
66
- it "doesn't fires when a non vulnerable version is found and there is a fixed version with higher minor release but I asked to honor the minor version (useful with rails gem)" do
67
- @check.dependencies = [{:name=>"this_gem", :version=>'2.3.3'}]
68
- @check.save_minor = true
69
- expect(@check.vuln?).to eq(false)
70
- end
71
- it "fires when a vulnerable version (2.3.2) is found even if I asked to save minors..." do
72
- @check.dependencies = [{:name=>"this_gem", :version=>'2.3.2'}]
73
- @check.save_minor = true
74
- expect(@check.vuln?).to eq(true)
75
-
76
- end
77
-
78
-
79
- end
data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb DELETED
@@ -1,29 +0,0 @@
1
- require 'spec_helper'
2
-
3
-
4
- describe "The security check for gem unsafe dependency should" do
5
- before(:all) do
6
- @check = YAML.load_file("./spec/lib/kb/dependency_check.yml")
7
- @check.debug=true
8
- puts @check.vulnerable_version_array
9
- end
10
-
11
- it "fires if vulnerable 0.5.0 version is detected" do
12
- @check.dependencies = [{:name=>"acme-gem", :version=>'0.5.0'}]
13
- expect(@check.vuln?).to eq(true)
14
- end
15
- it "fires if vulnerable 1.3.2 version is found" do
16
- @check.dependencies = [{:name=>"acme-gem", :version=>'1.3.2'}]
17
- expect(@check.vuln?).to eq(true)
18
- end
19
-
20
- it "fires if vulnerable 3.4.0 version is found" do
21
- @check.dependencies = [{:name=>"acme-gem", :version=>'3.4.0'}]
22
- expect(@check.vuln?).to eq(true)
23
- end
24
-
25
- it "doesn't fire if not vulnerable 3.0.0 version is found" do
26
- @check.dependencies = [{:name=>"acme-gem", :version=>'3.0.0'}]
27
- expect(@check.vuln?).to eq(false)
28
- end
29
- end