dawnscanner 1.6.0 → 1.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/Changelog.md +6 -1
- data/README.md +1 -1
- data/VERSION +1 -1
- data/certs/paolo_at_dawnscanner_dot_org.pem +7 -7
- data/checksum/dawnscanner-1.6.0.gem.sha1 +1 -0
- data/lib/dawn/kb/osvdb_119878.rb +4 -4
- data/lib/dawn/version.rb +4 -4
- data/spec/lib/kb/osvdb_119878_spec.rb +78 -2
- metadata +10 -9
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5740023a35a5d8e109e8b6dd5b973f2e82e7285d
|
|
4
|
+
data.tar.gz: 2cebe55d93ff7dd1b41590dd45edbbe8567e8cc6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cae38046b407a09d88603392b4a20119a5313bfa4ea39c1891db46a3d80ee78e083fb46092118372596d49761df7d16d6d520dbae13cba9a5a77da3cc08e1765
|
|
7
|
+
data.tar.gz: 3acfb88214793e28aac716694c783e42fb8f2c0b385d2e69041ccd13bc1c70244450bc3dfeabaffe833373de6d755c7b3db9144e0a3cc9b87b8fb10915260282
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
data/Changelog.md
CHANGED
|
@@ -5,7 +5,12 @@ It supports [Sinatra](http://www.sinatrarb.com),
|
|
|
5
5
|
[Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
|
|
6
6
|
frameworks.
|
|
7
7
|
|
|
8
|
-
_latest update: Wed Feb
|
|
8
|
+
_latest update: Wed Feb 24 10:15:17 CET 2016_
|
|
9
|
+
|
|
10
|
+
## Version 1.6.1 - codename: Tow Mater (2016-02-24)
|
|
11
|
+
|
|
12
|
+
* Issue #191 - Fixing an issue, applying a pull request by @fronzeSolid, about
|
|
13
|
+
CVE-2015-1820 false positive in check description.
|
|
9
14
|
|
|
10
15
|
## Version 1.6.0 - codename: Tow Mater (2016-02-03)
|
|
11
16
|
|
data/README.md
CHANGED
|
@@ -24,7 +24,7 @@ box:
|
|
|
24
24
|
|
|
25
25
|
---
|
|
26
26
|
|
|
27
|
-
dawnscanner version 1.6.
|
|
27
|
+
dawnscanner version 1.6.1 has 227 security checks loaded in its knowledge
|
|
28
28
|
base. Most of them are CVE bulletins applying to gems or the ruby interpreter
|
|
29
29
|
itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.
|
|
30
30
|
|
data/VERSION
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
|
2
2
|
MIIDfDCCAmSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQ4wDAYDVQQDDAVwYW9s
|
|
3
3
|
bzEbMBkGCgmSJomT8ixkARkWC2Rhd25zY2FubmVyMRMwEQYKCZImiZPyLGQBGRYD
|
|
4
|
-
|
|
4
|
+
b3JnMB4XDTE2MDIyNDA5MjAzMloXDTE3MDIyMzA5MjAzMlowQjEOMAwGA1UEAwwF
|
|
5
5
|
cGFvbG8xGzAZBgoJkiaJk/IsZAEZFgtkYXduc2Nhbm5lcjETMBEGCgmSJomT8ixk
|
|
6
6
|
ARkWA29yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKY7klJMYUud
|
|
7
7
|
10+6gsb1R7Vvnn96BpVc6sPXxInmQeoaQCZ4lT04ARfya7M6E5NHQDjCtSxv2Nib
|
|
@@ -12,10 +12,10 @@ a3yXoWmTlnnxAlJUqSGn83n7r1roHasdT7KzhPmAQ42qh6FrjbkQl/jdJA2fl3I3
|
|
|
12
12
|
F0+emUMo9J8CAwEAAaN9MHswCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
|
|
13
13
|
BBYEFGrgDWYLVLOvh1i9ValuYILfIy7rMCAGA1UdEQQZMBeBFXBhb2xvQGRhd25z
|
|
14
14
|
Y2FubmVyLm9yZzAgBgNVHRIEGTAXgRVwYW9sb0BkYXduc2Nhbm5lci5vcmcwDQYJ
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
15
|
+
KoZIhvcNAQEFBQADggEBACGgU0g0JdsxMCAVu485qXfNYSgCHzJ3R+wMThHg/kn9
|
|
16
|
+
+eJLlpFtdM4WsYuFDa+kyk8Gzbb9yWo327SqA+KMzrOr9y5Xyn0UARnNzZ4/N258
|
|
17
|
+
+8Dj2CGATlFzPjREEihAW3CcuoLhojhDOVA4tpmrcxX9ynV7Jm2m8lGvcic6VfVg
|
|
18
|
+
yV368nbU6S1n4Tz7I5TAdEsI8+Zk6VLVuPRbgY+W8iePoBSxrI+CdA4+iB12O+yM
|
|
19
|
+
jm6Bw8fGx65GCWIdgMhH/P0icixcnyrnotnnOrEcmPudIlgEN9qaUYcguOfFBhTH
|
|
20
|
+
1sGpM7KzrYHU8qJJPrdaX0ezIDL4cN/kA/DxYTfUiMw=
|
|
21
21
|
-----END CERTIFICATE-----
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
0dac5523c5b788786b877f3e2f7d66358a3bf726
|
data/lib/dawn/kb/osvdb_119878.rb
CHANGED
|
@@ -8,7 +8,7 @@ module Dawn
|
|
|
8
8
|
# include RubyVersionCheck
|
|
9
9
|
|
|
10
10
|
def initialize
|
|
11
|
-
message="
|
|
11
|
+
message="rest-client Gem for Ruby contains a flaw in abstract_response.rb related to the handling of set-cookie headers in redirection responses that allows a remote, user-assisted attacker to conduct a session fixation attack. This flaw exists because the application, when establishing a new session, does not invalidate an existing session identifier and assign a new one. With a specially crafted request fixating the session identifier, a context-dependent attacker can ensure a user authenticates with the known session identifier, allowing the session to be subsequently hijacked."
|
|
12
12
|
|
|
13
13
|
super({
|
|
14
14
|
:name=> "OSVDB_119878",
|
|
@@ -21,10 +21,10 @@ module Dawn
|
|
|
21
21
|
:applies=>["rails", "sinatra", "padrino"],
|
|
22
22
|
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
|
|
23
23
|
:message=>message,
|
|
24
|
-
:mitigation=>"Please upgrade rest-client gem version to
|
|
25
|
-
:aux_links=>[""]
|
|
24
|
+
:mitigation=>"Please upgrade rest-client gem version to 1.8.0 or later.",
|
|
25
|
+
:aux_links=>["https://github.com/rest-client/rest-client/issues/369"]
|
|
26
26
|
})
|
|
27
|
-
self.safe_dependencies = [{:name=>"rest-client", :version=>['2.0.0.rc1']}]
|
|
27
|
+
self.safe_dependencies = [{:name=>"rest-client", :version=>['1.8.0', '2.0.0.rc1', '2.0.0.rc2']}]
|
|
28
28
|
|
|
29
29
|
end
|
|
30
30
|
end
|
data/lib/dawn/version.rb
CHANGED
|
@@ -4,13 +4,89 @@ describe "The OSVDB_119878 vulnerability" do
|
|
|
4
4
|
@check = Dawn::Kb::OSVDB_119878.new
|
|
5
5
|
# @check.debug = true
|
|
6
6
|
end
|
|
7
|
-
it "is reported when a vulnerable version it has been found (1.
|
|
8
|
-
@check.dependencies = [{:name=>"rest-client", :version=>"1.
|
|
7
|
+
it "is reported when a vulnerable version it has been found (1.6.1.a)" do
|
|
8
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.1.a"}]
|
|
9
|
+
@check.vuln?.should == true
|
|
10
|
+
end
|
|
11
|
+
it "is reported when a vulnerable version it has been found (1.6.1)" do
|
|
12
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.1"}]
|
|
13
|
+
@check.vuln?.should == true
|
|
14
|
+
end
|
|
15
|
+
it "is reported when a vulnerable version it has been found (1.6.2" do
|
|
16
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.2"}]
|
|
17
|
+
@check.vuln?.should == true
|
|
18
|
+
end
|
|
19
|
+
it "is reported when a vulnerable version it has been found (1.6.2.a" do
|
|
20
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.2.a"}]
|
|
21
|
+
@check.vuln?.should == true
|
|
22
|
+
end
|
|
23
|
+
it "is reported when a vulnerable version it has been found (1.6.3)" do
|
|
24
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.3"}]
|
|
25
|
+
@check.vuln?.should == true
|
|
26
|
+
end
|
|
27
|
+
it "is reported when a vulnerable version it has been found (1.6.4)" do
|
|
28
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.4"}]
|
|
29
|
+
@check.vuln?.should == true
|
|
30
|
+
end
|
|
31
|
+
it "is reported when a vulnerable version it has been found (1.6.5)" do
|
|
32
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.5"}]
|
|
33
|
+
@check.vuln?.should == true
|
|
34
|
+
end
|
|
35
|
+
it "is reported when a vulnerable version it has been found (1.6.6)" do
|
|
36
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.6"}]
|
|
37
|
+
@check.vuln?.should == true
|
|
38
|
+
end
|
|
39
|
+
it "is reported when a vulnerable version it has been found (1.6.7)" do
|
|
40
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.7"}]
|
|
41
|
+
@check.vuln?.should == true
|
|
42
|
+
end
|
|
43
|
+
it "is reported when a vulnerable version it has been found (1.6.8)" do
|
|
44
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.8"}]
|
|
45
|
+
@check.vuln?.should == true
|
|
46
|
+
end
|
|
47
|
+
it "is reported when a vulnerable version it has been found (1.6.8.rc1)" do
|
|
48
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.8.rc1"}]
|
|
49
|
+
@check.vuln?.should == true
|
|
50
|
+
end
|
|
51
|
+
it "is reported when a vulnerable version it has been found (1.6.9)" do
|
|
52
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.6.9"}]
|
|
53
|
+
@check.vuln?.should == true
|
|
54
|
+
end
|
|
55
|
+
it "is reported when a vulnerable version it has been found (1.7.0.rc1)" do
|
|
56
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.7.0.rc1"}]
|
|
57
|
+
@check.vuln?.should == true
|
|
58
|
+
end
|
|
59
|
+
it "is reported when a vulnerable version it has been found (1.7.0)" do
|
|
60
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.7.0"}]
|
|
61
|
+
@check.vuln?.should == true
|
|
62
|
+
end
|
|
63
|
+
it "is reported when a vulnerable version it has been found (1.7.1)" do
|
|
64
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.7.1"}]
|
|
65
|
+
@check.vuln?.should == true
|
|
66
|
+
end
|
|
67
|
+
it "is reported when a vulnerable version it has been found (1.7.2)" do
|
|
68
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.7.2"}]
|
|
69
|
+
@check.vuln?.should == true
|
|
70
|
+
end
|
|
71
|
+
it "is reported when a vulnerable version it has been found (1.7.2.rc1)" do
|
|
72
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.7.2.rc1"}]
|
|
73
|
+
@check.vuln?.should == true
|
|
74
|
+
end
|
|
75
|
+
it "is reported when a vulnerable version it has been found (1.7.3)" do
|
|
76
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.7.3"}]
|
|
9
77
|
@check.vuln?.should == true
|
|
10
78
|
end
|
|
79
|
+
it "is not reported when a safe version it has been found (1.8.0)" do
|
|
80
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"1.8.0"}]
|
|
81
|
+
@check.vuln?.should == false
|
|
82
|
+
end
|
|
11
83
|
it "is not reported when a safe version it has been found (2.0.0.rc1)" do
|
|
12
84
|
@check.dependencies = [{:name=>"rest-client", :version=>"2.0.0.rc1"}]
|
|
13
85
|
@check.vuln?.should == false
|
|
14
86
|
end
|
|
87
|
+
it "is not reported when a safe version it has been found (2.0.0.rc2)" do
|
|
88
|
+
@check.dependencies = [{:name=>"rest-client", :version=>"2.0.0.rc2"}]
|
|
89
|
+
@check.vuln?.should == false
|
|
90
|
+
end
|
|
15
91
|
|
|
16
92
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dawnscanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.6.
|
|
4
|
+
version: 1.6.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Paolo Perego
|
|
@@ -12,7 +12,7 @@ cert_chain:
|
|
|
12
12
|
-----BEGIN CERTIFICATE-----
|
|
13
13
|
MIIDfDCCAmSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQ4wDAYDVQQDDAVwYW9s
|
|
14
14
|
bzEbMBkGCgmSJomT8ixkARkWC2Rhd25zY2FubmVyMRMwEQYKCZImiZPyLGQBGRYD
|
|
15
|
-
|
|
15
|
+
b3JnMB4XDTE2MDIyNDA5MjAzMloXDTE3MDIyMzA5MjAzMlowQjEOMAwGA1UEAwwF
|
|
16
16
|
cGFvbG8xGzAZBgoJkiaJk/IsZAEZFgtkYXduc2Nhbm5lcjETMBEGCgmSJomT8ixk
|
|
17
17
|
ARkWA29yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKY7klJMYUud
|
|
18
18
|
10+6gsb1R7Vvnn96BpVc6sPXxInmQeoaQCZ4lT04ARfya7M6E5NHQDjCtSxv2Nib
|
|
@@ -23,14 +23,14 @@ cert_chain:
|
|
|
23
23
|
F0+emUMo9J8CAwEAAaN9MHswCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
|
|
24
24
|
BBYEFGrgDWYLVLOvh1i9ValuYILfIy7rMCAGA1UdEQQZMBeBFXBhb2xvQGRhd25z
|
|
25
25
|
Y2FubmVyLm9yZzAgBgNVHRIEGTAXgRVwYW9sb0BkYXduc2Nhbm5lci5vcmcwDQYJ
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
26
|
+
KoZIhvcNAQEFBQADggEBACGgU0g0JdsxMCAVu485qXfNYSgCHzJ3R+wMThHg/kn9
|
|
27
|
+
+eJLlpFtdM4WsYuFDa+kyk8Gzbb9yWo327SqA+KMzrOr9y5Xyn0UARnNzZ4/N258
|
|
28
|
+
+8Dj2CGATlFzPjREEihAW3CcuoLhojhDOVA4tpmrcxX9ynV7Jm2m8lGvcic6VfVg
|
|
29
|
+
yV368nbU6S1n4Tz7I5TAdEsI8+Zk6VLVuPRbgY+W8iePoBSxrI+CdA4+iB12O+yM
|
|
30
|
+
jm6Bw8fGx65GCWIdgMhH/P0icixcnyrnotnnOrEcmPudIlgEN9qaUYcguOfFBhTH
|
|
31
|
+
1sGpM7KzrYHU8qJJPrdaX0ezIDL4cN/kA/DxYTfUiMw=
|
|
32
32
|
-----END CERTIFICATE-----
|
|
33
|
-
date: 2016-02-
|
|
33
|
+
date: 2016-02-24 00:00:00.000000000 Z
|
|
34
34
|
dependencies:
|
|
35
35
|
- !ruby/object:Gem::Dependency
|
|
36
36
|
name: cvss
|
|
@@ -314,6 +314,7 @@ files:
|
|
|
314
314
|
- checksum/dawnscanner-1.5.0.gem.sha1
|
|
315
315
|
- checksum/dawnscanner-1.5.1.gem.sha1
|
|
316
316
|
- checksum/dawnscanner-1.5.2.gem.sha1
|
|
317
|
+
- checksum/dawnscanner-1.6.0.gem.sha1
|
|
317
318
|
- dawnscanner.gemspec
|
|
318
319
|
- doc/dawn_1_0_announcement.md
|
|
319
320
|
- doc/dawn_1_1_announcement.md
|
metadata.gz.sig
CHANGED
|
Binary file
|