dawnscanner 1.4.0 → 1.4.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f003db35fdc15bed8267a03e98b8486332a8c5bc
4
- data.tar.gz: 136a1d5c19c13401f309bb967a6847b2c4c3e00a
3
+ metadata.gz: 21beffc2d50962f7a17135b47974c233a785b7a9
4
+ data.tar.gz: a8f73f32dd52afdf4454335109948ca242c3ad25
5
5
  SHA512:
6
- metadata.gz: b07ea6ad252a9b8bc81b13fcf3a6cef8621894d1621681d1b2898c746639327e2b96a197690562e9d0837e8d87360509645578f5ff3333052b6ef0b4dfb4b50d
7
- data.tar.gz: 88129983599961a585d141c1387772acdec4b18a1525763d6ad1371a14fad4e6ae7c22befe0c2412d961738ca812fb522198a965a88d213e9497a5397303cecf
6
+ metadata.gz: 0b97eeebb92fd48fd5b1ad0fcb8b940d24a51d257d323e5f42eeba993c6a18f51c35670b56b99ffb8f5c450df8cb49170503393012270f32e7118991b57996d8
7
+ data.tar.gz: e9da9bf28bb243d2ba912698e552040ee7222ea4a87c70f6b5d01b0deb6d6b67a6774e296339c097960b87de686ec7c8b8a699cf0aefecaf3d68108b5ccbe40a
Binary file
data.tar.gz.sig CHANGED
Binary file
@@ -1,5 +1,6 @@
1
1
  language: ruby
2
2
  rvm:
3
+ - 2.2.3
3
4
  - 2.1.0
4
5
  - 2.0.0
5
6
  - 1.9.3
@@ -5,7 +5,11 @@ It supports [Sinatra](http://www.sinatrarb.com),
5
5
  [Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
6
6
  frameworks.
7
7
 
8
- _latest update: Wed Sep 16 18:20:21 CEST 2015_
8
+ _latest update: Tue Oct 13 09:53:14 CEST 2015_
9
+
10
+ * Applying pull request #145. Thanks to @wmotti, a typo in CVE-2015-1840 has
11
+ been fixed and the following false positives have been fixed as well:
12
+ jquery-rails 3.1.4, rack 1.5.5, activesupport 4.1.13
9
13
 
10
14
  ## Version 1.4.0 - codename: Tow Mater (2015-09-16)
11
15
 
data/VERSION CHANGED
@@ -13,4 +13,4 @@
13
13
  # | "Guido" | 1.12.0 |
14
14
  # | "Luigi" | 1.14.0 |
15
15
  # | "Doc Hudson" | 1.16.0 |
16
- 1.4.0 - Tow Mater
16
+ 1.4.1 - Tow Mater
@@ -0,0 +1 @@
1
+ fd3c72200a04ff958edb032f66cffebfdda86e01
@@ -8,7 +8,7 @@ module Dawn
8
8
  message = "jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value."
9
9
 
10
10
  super({
11
- :name=>"CVE-2015-1849",
11
+ :name=>"CVE-2015-1840",
12
12
  :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N",
13
13
  :release_date => Date.new(2015, 7, 26),
14
14
  :cwe=>"200",
@@ -19,7 +19,7 @@ module Dawn
19
19
  :mitigation=>"Please upgrade jquery-ujs and jquery-rails gems to latest version.",
20
20
  :aux_links=>["https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md", "https://github.com/rails/jquery-ujs/blob/master/CHANGELOG.md"]
21
21
  })
22
-
22
+ self.save_major = true
23
23
  self.safe_dependencies = [{:name=>"jquery-rails", :version=>['4.0.2', '3.1.3']}]
24
24
 
25
25
  end
@@ -8,7 +8,7 @@ module Dawn
8
8
  message = "jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value."
9
9
 
10
10
  super({
11
- :name=>"CVE-2015-1849",
11
+ :name=>"CVE-2015-1840",
12
12
  :cvss=>"AV:N/AC:L/Au:N/C:P/I:N/A:N",
13
13
  :release_date => Date.new(2015, 7, 26),
14
14
  :cwe=>"200",
@@ -19,7 +19,7 @@ module Dawn
19
19
  :mitigation=>"Please upgrade rack gem to latest version or at least 1.5.4 or 1.6.2.",
20
20
  :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ"]
21
21
  })
22
-
22
+ self.save_minor = true
23
23
  self.safe_dependencies = [{:name=>"rack", :version=>['1.5.4', '1.6.2']}]
24
24
 
25
25
  end
@@ -18,7 +18,7 @@ module Dawn
18
18
  :mitigation=>"Please upgrade activesupport gem to latest version or at least 4.1.12 or 4.2.3. This is automatically done by upgrading your Rails environment if you are using it.",
19
19
  :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ"]
20
20
  })
21
-
21
+ self.save_minor = true
22
22
  self.safe_dependencies = [{:name=>"activesupport", :version=>['4.1.12', '4.2.3', '3.99.99']}]
23
23
 
24
24
  end
@@ -19,7 +19,7 @@ module Dawn
19
19
  :mitigation=>"Please upgrade activesupport gem to latest version or at least 4.1.12 or 4.2.3. This is automatically done by upgrading your Rails environment if you are using it.",
20
20
  :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J"]
21
21
  })
22
-
22
+ self.save_minor = true
23
23
  self.safe_dependencies = [{:name=>"activesupport", :version=>['4.1.12', '4.2.3']}]
24
24
  end
25
25
  end
@@ -1,7 +1,7 @@
1
1
  module Dawn
2
- VERSION = "1.4.0"
2
+ VERSION = "1.4.1"
3
3
  CODENAME = "Tow Mater"
4
- RELEASE = "20150916"
5
- BUILD = "21"
6
- COMMIT = "gb184185"
4
+ RELEASE = "20151013"
5
+ BUILD = "9"
6
+ COMMIT = "gc7e4aa2"
7
7
  end
@@ -21,6 +21,10 @@ describe "The CVE-2015-1840 vulnerability" do
21
21
  @check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.3'}]
22
22
  @check_a.vuln?.should == false
23
23
  end
24
+ it "is reported when vulnerable jquery-rails gem is used (3.1.4)" do
25
+ @check_a.dependencies = [{:name=>"jquery-rails", :version=>'3.1.4'}]
26
+ @check_a.vuln?.should == false
27
+ end
24
28
  it "is reported when vulnerable jquery-rails gem is used 4.0.2)" do
25
29
  @check_a.dependencies = [{:name=>"jquery-rails", :version=>'4.0.2'}]
26
30
  @check_a.vuln?.should == false
@@ -16,6 +16,10 @@ describe "The CVE-2015-3225 vulnerability" do
16
16
  @check.dependencies = [{:name=>"rack", :version=>'1.5.4'}]
17
17
  @check.vuln?.should == false
18
18
  end
19
+ it "is not reported when safe rack gem is used (1.5.5)" do
20
+ @check.dependencies = [{:name=>"rack", :version=>'1.5.5'}]
21
+ @check.vuln?.should == false
22
+ end
19
23
  it "is not reported when safe rack gem is used (1.6.3)" do
20
24
  @check.dependencies = [{:name=>"rack", :version=>'1.6.3'}]
21
25
  @check.vuln?.should == false
@@ -21,6 +21,10 @@ describe "The CVE-2015-3226 vulnerability" do
21
21
  @check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
22
22
  @check.vuln?.should == false
23
23
  end
24
+ it "is not reported when safe active_support gem is used (4.1.13)" do
25
+ @check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
26
+ @check.vuln?.should == false
27
+ end
24
28
  it "is not reported when safe active_support gem is used (4.2.3)" do
25
29
  @check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
26
30
  @check.vuln?.should == false
@@ -16,6 +16,10 @@ describe "The CVE-2015-3227 vulnerability" do
16
16
  @check.dependencies = [{:name=>"activesupport", :version=>'4.1.12'}]
17
17
  @check.vuln?.should == false
18
18
  end
19
+ it "is not reported when safe active_support gem is used (4.1.13)" do
20
+ @check.dependencies = [{:name=>"activesupport", :version=>'4.1.13'}]
21
+ @check.vuln?.should == false
22
+ end
19
23
  it "is not reported when safe active_support gem is used (4.2.3)" do
20
24
  @check.dependencies = [{:name=>"activesupport", :version=>'4.2.3'}]
21
25
  @check.vuln?.should == false
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dawnscanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.0
4
+ version: 1.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paolo Perego
@@ -30,7 +30,7 @@ cert_chain:
30
30
  1zH2rpK27DW5pOeHUEJn31+gGd111ogP5tYruPV7Qgfy2jUrUPmP67v7nRNlgd84
31
31
  Z5mHj9jGk4wgMQy2pk4GDwsXiirZfI0z2WZfySqEldE=
32
32
  -----END CERTIFICATE-----
33
- date: 2015-09-16 00:00:00.000000000 Z
33
+ date: 2015-10-13 00:00:00.000000000 Z
34
34
  dependencies:
35
35
  - !ruby/object:Gem::Dependency
36
36
  name: cvss
@@ -295,6 +295,7 @@ files:
295
295
  - checksum/dawnscanner-1.3.0.gem.sha1
296
296
  - checksum/dawnscanner-1.3.1.gem.sha1
297
297
  - checksum/dawnscanner-1.3.5.gem.sha1
298
+ - checksum/dawnscanner-1.4.0.gem.sha1
298
299
  - dawnscanner.gemspec
299
300
  - doc/codesake-dawn.yaml.sample
300
301
  - doc/dawn_1_0_announcement.md
metadata.gz.sig CHANGED
Binary file