dawnscanner 1.6.5 → 1.6.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0ce6cb500c1349a538cfc5f24e7f890d53e36acf
-  data.tar.gz: 2ac0fc78293cfdf85aaa143d72c9204148c6313f
+  metadata.gz: 9554074ea8ea6a732a5c4e82027be718bf0b71a5
+  data.tar.gz: 161fa46fbf73e6c269ab097f1ef57cb60642c958
 SHA512:
-  metadata.gz: f754ff1ee23e8d46b97af3d2141f3d024efe4f5aa0a1ff3ddc03be6bb9b0d42265ee3b475700c02246211e3bb71951b78b1f623fab85d517b1da1affbea2addf
-  data.tar.gz: 7fa6f07e3845f660ba07b525f036f2e9bc8081f534e43e3a07c375c2c86fb04424394d7f72453a65a24c40af33bcd3fb98eb4cca147a4f51ed434d899936ae5a
+  metadata.gz: 2152cb6e7ab3427d8b7da640a2241d9ae59df6dada0b6d84869c23f100281c780273f71a92e48c40f51c26bc080b065a00d94e93f089448a7a717432a3ee7801
+  data.tar.gz: c0a5e4b389247fd2e64ade0f448dc15f9473c79e2a07a8bbb419554b21aa3109dd3799450194a4a61fb104ea5571c8fc24e997b310744c21454bc7bab38fc74a

data/.gitignore

@@ -18,3 +18,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+db/*

data/.ruby-version

@@ -1 +1 @@
-2.3.0
+2.3.1

data/Changelog.md

@@ -5,7 +5,21 @@ It supports [Sinatra](http://www.sinatrarb.com),
 [Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
 frameworks.
 
-_latest update: Tue Sep 27 23:32:32 CEST 2016_
+_latest update: Tue Nov  1 18:59:51 CET 2016_
+
+## Version 1.6.6 - codename: Tow Mater (2016-11-01)
+
+* Changed config filename to dawnscanner.yml
+* Adding a check for CVE-2016-5697: XML signature wrapping attack in ruby-saml
+* Adding a check for CVE-2016-6316: Possible XSS Vulnerability in Action View
+* Adding a check for CVE-2016-6317: Unsafe Query Generation Risk in Active
+  Record
+* Adding a check for CVE-2016-6582: Doorkeeper gem does not revoke tokens &
+  uses wrong auth/auth method
+* Issue #172 - Adding a check for OSVDB-132234: rack-attack Gem for Ruby
+  missing normalization before request path processing. Please note that OSVDB
+  it has been shutted down, however I was not able to find a CVE entry for
+  this.
 
 ## Version 1.6.5 - codename: Tow Mater (2016-09-30)
 

data/KnowledgeBase.md

@@ -1,6 +1,6 @@
 # Dawnscanner Knowledge base
 
-The knowledge base library for dawnscanner version 1.6.3 contains 230 security checks.
+The knowledge base library for dawnscanner version 1.6.6 contains 235 security checks.
 ---
 * Simple Form XSS - 20131129: There is a XSS vulnerability on Simple Form's label, hint and error options. When Simple Form creates a label, hint or error message it marks the text as being HTML safe, even though it may contain HTML tags. In applications where the text of these helpers can be provided by the users, malicious values can be provided and Simple Form will mark it as safe.
 * [CVE-2004-0755](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0755): The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
@@ -421,6 +421,28 @@ XML documents with carefully crafted entity expansion strings which can cause th
 controller or a view may be vulnerable to a code injection.
 * CVE-2016-2098: There is a possible remote code execution vulnerability in Action Pack. Applications that pass unverified user input to the render method in a
 controller or a view may be vulnerable to a code injection.
+* [CVE-2016-5697](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697): ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements (but past the scheme validator process since 1 of the element was inside the encrypted assertion).
+* CVE-2016-5697: ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements (but past the scheme validator process since 1 of the element was inside the encrypted assertion).
+* [CVE-2016-6316](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316): Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to an XSS attack.
+* CVE-2016-6316: Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to an XSS attack.
+* [CVE-2016-6317](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317): Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with “IS NULL” or empty where clauses. This issue does not let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn’t expect it.
+* CVE-2016-6317: Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with “IS NULL” or empty where clauses. This issue does not let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn’t expect it.
+* [CVE-2016-6582](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6582): Doorkeeper failed to implement OAuth 2.0 Token Revocation (RFC 7009) in the following ways:
+
+Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked
+Requests were not properly authenticating the client credentials but were, instead, looking at the access token in a second location
+Because of 2, the requests were also not authorizing confidential clients’ ability to revoke a given token. It should only revoke tokens that belong to it.
+The security implication is: OAuth 2.0 clients who "log out" a user expect to have the corresponding access & refresh tokens revoked, preventing an attacker who may have already hijacked the session from continuing to impersonate the victim. Because of the bug described above, this is not the case. As far as OWASP is concerned, this counts as broken authentication design.
+
+MITRE has assigned CVE-2016-6582 due to the security issues raised. An attacker, thanks to 1, can replay a hijacked session after a victim logs out/revokes their token. Additionally, thanks to 2 & 3, an attacker via a compromised confidential client could "grief" other clients by revoking their tokens (albeit this is an exceptionally narrow attack with little value).
+* CVE-2016-6582: Doorkeeper failed to implement OAuth 2.0 Token Revocation (RFC 7009) in the following ways:
+
+Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked
+Requests were not properly authenticating the client credentials but were, instead, looking at the access token in a second location
+Because of 2, the requests were also not authorizing confidential clients’ ability to revoke a given token. It should only revoke tokens that belong to it.
+The security implication is: OAuth 2.0 clients who "log out" a user expect to have the corresponding access & refresh tokens revoked, preventing an attacker who may have already hijacked the session from continuing to impersonate the victim. Because of the bug described above, this is not the case. As far as OWASP is concerned, this counts as broken authentication design.
+
+MITRE has assigned CVE-2016-6582 due to the security issues raised. An attacker, thanks to 1, can replay a hijacked session after a victim logs out/revokes their token. Additionally, thanks to 2 & 3, an attacker via a compromised confidential client could "grief" other clients by revoking their tokens (albeit this is an exceptionally narrow attack with little value).
 * [OSVDB-105971](http://osvdb.org/show/osvdb/105971): sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.
 * OSVDB-105971: sfpagent Gem for Ruby contains a flaw that is triggered as JSON[body] input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands.
 * [OSVDB-108569](http://osvdb.org/show/osvdb/108569): backup_checksum Gem for Ruby contains a flaw in /lib/backup/cli/utility.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information.
@@ -453,6 +475,8 @@ controller or a view may be vulnerable to a code injection.
 * OSVDB_120857: refile Gem for Ruby contains a flaw that is triggered when input is not sanitized when handling the 'remote_image_url' field in a form, where 'image' is the name of the attachment. This may allow a remote attacker to execute arbitrary shell commands.
 * [OSVDB_121701](http://osvdb.org/show/osvdb/121701): open-uri-cached Gem for Ruby contains a flaw that is due to the program creating temporary files in a predictable, unsafe manner when using YAML. This may allow a local attacker to gain elevated privileges.
 * OSVDB_121701: open-uri-cached Gem for Ruby contains a flaw that is due to the program creating temporary files in a predictable, unsafe manner when using YAML. This may allow a local attacker to gain elevated privileges.
+* [OSVDB_132234](http://osvdb.org/show/osvdb/132234): When using rack-attack with a rails app, developers expect the request path to be normalized. In particular, trailing slashes are stripped so a request path "/login/" becomes "/login" by the time you're in ActionController. Since Rack::Attack runs before ActionDispatch, the request path is not yet normalized. This can cause throttles and blacklists to not work as expected. E.g., a throttle: throttle('logins', ...) {|req| req.path == "/login" } would not match a request to '/login/', though Rails would route '/login/' to the same '/login' action.
+* OSVDB_132234: When using rack-attack with a rails app, developers expect the request path to be normalized. In particular, trailing slashes are stripped so a request path "/login/" becomes "/login" by the time you're in ActionController. Since Rack::Attack runs before ActionDispatch, the request path is not yet normalized. This can cause throttles and blacklists to not work as expected. E.g., a throttle: throttle('logins', ...) {|req| req.path == "/login" } would not match a request to '/login/', though Rails would route '/login/' to the same '/login' action.
 * Owasp Ror CheatSheet: Command Injection: Ruby offers a function called "eval" which will dynamically build new Ruby code based on Strings. It also has a number of ways to call system commands. While the power of these commands is quite useful, extreme care should be taken when using them in a Rails based application. Usually, its just a bad idea. If need be, a whitelist of possible values should be used and any input should be validated as thoroughly as possible. The Ruby Security Reviewer's Guide has a section on injection and there are a number of OWASP references for it, starting at the top: Command Injection.
 * Owasp Ror CheatSheet: Cross Site Request Forgery: Ruby on Rails has specific, built in support for CSRF tokens. To enable it, or ensure that it is enabled, find the base ApplicationController and look for the protect_from_forgery directive. Note that by default Rails does not provide CSRF protection for any HTTP GET request.
 * Owasp Ror CheatSheet: Session management: By default, Ruby on Rails uses a Cookie based session store. What that means is that unless you change something, the session will not expire on the server. That means that some default applications may be vulnerable to replay attacks. It also means that sensitive information should never be put in the session.
@@ -481,4 +505,4 @@ Setting this to true will essentially strip out any host information.
 This check will analyze the source code looking for the following patterns: XXX, TO_CHECK, CHECKME, CHECK and FIXME
 
 
-_Last updated: Tue 06 Sep 22:42:45 CEST 2016_
+_Last updated: Tue 01 Nov 18:59:32 CET 2016_

data/README.md

@@ -18,13 +18,13 @@ box:
 [![Build Status](https://travis-ci.org/thesp0nge/dawnscanner.png?branch=master)](https://travis-ci.org/thesp0nge/dawnscanner)
 [![Dependency Status](https://gemnasium.com/thesp0nge/dawnscanner.png)](https://gemnasium.com/thesp0nge/dawnscanner)
 [![Coverage Status](https://coveralls.io/repos/thesp0nge/dawnscanner/badge.png)](https://coveralls.io/r/thesp0nge/dawnscanner)
-[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/thesp0nge/dawnscanner/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
+[![Code Triagers Badge](https://www.codetriage.com/thesp0nge/dawnscanner/badges/users.svg)](https://www.codetriage.com/thesp0nge/dawnscanner)
 [![Inline docs](http://inch-ci.org/github/thesp0nge/dawnscanner.png?branch=master)](http://inch-ci.org/github/thesp0nge/dawnscanner)
 [![Gitter](https://badges.gitter.im/thesp0nge/dawnscanner.svg)](https://gitter.im/thesp0nge/dawnscanner?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
 ---
 
-dawnscanner version 1.6.4 has 229 security checks loaded in its knowledge
+dawnscanner version 1.6.6 has 235 security checks loaded in its knowledge
 base. Most of them are CVE bulletins applying to gems or the ruby interpreter
 itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.
 

data/Rakefile

@@ -8,6 +8,7 @@ require 'cucumber/rake/task'
 require 'fileutils'
 require "dawn/utils"
 require "dawn/knowledge_base"
+require "dawn/knowledge_base_experimental"
 
 Cucumber::Rake::Task.new(:features) do |t|
   t.cucumber_opts = "features --format pretty -x"
@@ -279,6 +280,32 @@ namespace :kb do
     end
 
   end
+  desc 'Pack the library for shipping'
+
+  task :pack do
+    YAML_KB = File.join(Dir.pwd, 'db')
+    __kb_pack
+  end
+
+  desc 'Transform all checks to YAML file and pack the library for shipping'
+  task :to_yaml do
+    YAML_KB = File.join(Dir.pwd, 'db')
+    FileUtils.rm_rf YAML_KB
+    FileUtils.mkdir_p YAML_KB
+
+    Dawn::KnowledgeBase.new.all.each do |check|
+      out_dir = File.join(YAML_KB, check.check_family.to_s)
+      FileUtils.mkdir_p(out_dir) unless Dir.exists? out_dir
+
+      filename = File.join(out_dir, check.name.gsub(" ", "_").gsub("-", "_") + '.yml')
+      open(filename, 'w') do |f|
+        f.puts(check.to_yaml)
+      end
+      puts "#{filename} created"
+    end
+
+    __kb_pack
+  end
 
   desc 'Creates a KnowledgeBase.md file'
   task :create do
@@ -363,3 +390,53 @@ namespace :rubysec do
 
   end
 end
+
+def __kb_pack
+  if Dir.exists? "#{YAML_KB}/bulletin"
+    system "tar cfvz #{YAML_KB}/bulletin.tar.gz #{YAML_KB}/bulletin"
+    system "rm -rf #{YAML_KB}/bulletin"
+    system "shasum -a 256 #{YAML_KB}/bulletin.tar.gz > #{YAML_KB}/bulletin.tar.gz.sig"
+  end
+
+  if Dir.exists? "#{YAML_KB}/generic_check"
+    system "tar cfvz #{YAML_KB}/generic_check.tar.gz #{YAML_KB}/generic_check"
+    system "rm -rf #{YAML_KB}/generic_check"
+    system "shasum -a 256 #{YAML_KB}/generic_check.tar.gz > #{YAML_KB}/generic_check.tar.gz.sig"
+  end
+
+  if Dir.exists? "#{YAML_KB}/owasp_ror_cheatsheet"
+    system "tar cfvz #{YAML_KB}/owasp_ror_cheatsheet.tar.gz #{YAML_KB}/owasp_ror_cheatsheet"
+    system "rm -rf #{YAML_KB}/owasp_ror_cheatsheet"
+    system "shasum -a 256 #{YAML_KB}/owasp_ror_cheatsheet.tar.gz > #{YAML_KB}/owasp_ror_cheatsheet.tar.gz.sig"
+  end
+
+  if Dir.exists? "#{YAML_KB}/code_style"
+    system "tar cfvz #{YAML_KB}/code_style.tar.gz #{YAML_KB}/code_style"
+    system "rm -rf #{YAML_KB}/code_style"
+    system "shasum -a 256 #{YAML_KB}/code_style.tar.gz > #{YAML_KB}/code_style.tar.gz.sig"
+  end
+  if Dir.exists? "#{YAML_KB}/code_quality"
+    system "tar cfvz #{YAML_KB}/code_quality.tar.gz #{YAML_KB}/code_quality"
+    system "rm -rf #{YAML_KB}/code_quality"
+    system "shasum -a 256 #{YAML_KB}/code_quality.tar.gz > #{YAML_KB}/code_quality.tar.gz.sig"
+  end
+  if Dir.exists? "#{YAML_KB}/owasp_top_10"
+    system "tar cfvz #{YAML_KB}/owasp_top_10.tar.gz #{YAML_KB}/owasp_top_10"
+    system "rm -rf #{YAML_KB}/owasp_top_10"
+    system "shasum -a 256 #{YAML_KB}/owasp_top_10.tar.gz > #{YAML_KB}/owasp_top_10.tar.gz.sig"
+  end
+
+
+  open(File.join(YAML_KB, "kb.yaml"), 'w') do |f|
+    f.puts(Dawn::KnowledgeBaseExperimental.kb_descriptor)
+  end
+  puts "kb.yaml created"
+  system "shasum -a 256 #{YAML_KB}/kb.yaml > #{YAML_KB}/kb.yaml.sig"
+
+  system "tar cfvz #{YAML_KB}/signatures.tar.gz #{YAML_KB}/*.tar.gz.sig"
+  system "rm -rf #{YAML_KB}/*.tar.gz.sig "
+  puts "#{YAML_KB}/signatures.tar.gz created"
+
+  puts "Library ready to be shipped"
+
+end

data/VERSION

@@ -12,4 +12,4 @@
 # |   "Guido"       |  x.x.0  |
 # |   "Luigi"       |  x.x.0  |
 # | "Doc Hudson"    |  x.x.0  |
-1.6.5 - Tow Mater
+1.6.6 - Tow Mater

data/checksum/dawnscanner-1.6.5.gem.sha1

@@ -0,0 +1 @@
+90a9f067e183bc8cc2dc5be00c158dad2b81b09d

data/doc/{dawnscanner.yaml.sample → dawnscanner.yml.sample}

@@ -1,5 +1,6 @@
 ---
 config:
+  :kb: yaml
   :verbose: false
   :output: console
   :mvc: ''
@@ -11,16 +12,7 @@ config:
   :enabled_checks:
   - :generic_check
   - :code_quality
-  - :cve_bulletin
+  - :bulletin
   - :code_style
   - :owasp_ror_cheatsheet
-  - :owasp_top_10_1
-  - :owasp_top_10_2
-  - :owasp_top_10_3
-  - :owasp_top_10_4
-  - :owasp_top_10_5
-  - :owasp_top_10_6
-  - :owasp_top_10_7
-  - :owasp_top_10_8
-  - :owasp_top_10_9
-  - :owasp_top_10_10
+  - :owasp_top_10

data/lib/dawn/core.rb

@@ -105,7 +105,7 @@ module Dawn
     end
 
     def self.find_conf(create_if_none = false)
-      conf_name  = 'dawnscanner.yaml'
+      conf_name  = 'dawnscanner.yml'
       path_order = [
         './',
         '~/',

data/lib/dawn/kb/basic_check.rb

@@ -54,7 +54,7 @@ module Dawn
       #   + owasp_ror_cheatsheet
       #   + owasp_top_10_n (where n is a number between 1 and 10)
       attr_accessor :check_family
-      ALLOWED_FAMILIES = [:generic_check, :code_quality, :cve_bulletin, :code_style, :owasp_ror_cheatsheet, :owasp_top_10_1, :owasp_top_10_2, :owasp_top_10_3, :owasp_top_10_4, :owasp_top_10_5, :owasp_top_10_6, :owasp_top_10_7, :owasp_top_10_8, :owasp_top_10_9, :owasp_top_10_10]
+      ALLOWED_FAMILIES = [:generic_check, :code_quality, :bulletin, :code_style, :owasp_ror_cheatsheet, :owasp_top_10]
 
       # This is the check severity level. It tells how dangerous is the
       # vulnerability for you application.
@@ -120,7 +120,7 @@ module Dawn
         #
         # I don't want to manually fix 150+ ruby files to add something I can
         # deal here
-        @check_family = :cve if !options[:name].nil? && options[:name].start_with?('CVE-')
+        @check_family = :bulletin if !options[:name].nil? && (options[:name].start_with?('CVE-') || options[:name].start_with?('OSVDB'))
 
         if $logger.nil?
           # This is the old codesake-commons logging.
@@ -155,11 +155,11 @@ module Dawn
       end
 
       def family
-        return "CVE bulletin"                   if @check_family == :cve
+        return "CVE or OSVDB bulletin"          if @check_family == :bulletin
         return "Ruby coding style"              if @check_family == :code_style
         return "Ruby code quality check"        if @check_family == :code_quality
         return "Owasp Ruby on Rails cheatsheet" if @check_family == :owasp_ror_cheatsheet
-        return "Owasp Top 10"                   if @check_family.to_s.start_with?('owasp_top_10')
+        return "Owasp Top 10"                   if @check_family.== :owasp_top_10
         return "Unknown"
       end
 

data/lib/dawn/kb/cve_2011_4319.rb

@@ -22,6 +22,7 @@
 
           self.safe_dependencies = [{:name=>"rails", :version=>['2.3.13', '3.0.11', '3.1.2']}]
           self.save_major = true
+          self.save_minor = true
 
 				end
 			end

data/lib/dawn/kb/cve_2014_7829.rb

@@ -22,6 +22,7 @@ module Dawn
 
           self.safe_dependencies = [{:name=>"rails", :version=>['3.2.21', '4.0.12', '4.1.8', '4.2.0.beta4']}]
           self.save_major = true
+          self.save_minor = false
 
 				end
 			end

data/lib/dawn/kb/cve_2016_5697.rb

@@ -0,0 +1,30 @@
+module Dawn
+  module Kb
+    # Automatically created with rake on 2016-10-02
+    class CVE_2016_5697
+      include DependencyCheck
+
+      def initialize
+        title   = "XML signature wrapping attack"
+        message = "ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements (but past the scheme validator process since 1 of the element was inside the encrypted assertion)."
+        super({
+          :title=>title,
+          :name=> "CVE-2016-5697",
+          :cve=>"2016-5697",
+          :osvdb=>"",
+          :cvss=>"",
+          :release_date => Date.new(2016, 6, 24),
+          :cwe=>"",
+          :owasp=>"A9",
+          :applies=>["rails", "sinatra", "padrino"],
+          :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+          :message=>message,
+          :mitigation=>"Please upgrade ruby-saml gem to version 1.3.0 which implements 3 extra validations to mitigate this kind of attack.",
+          :aux_links=>['https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995']
+        })
+        self.safe_dependencies = [{:name=>"ruby-saml", :version=>['1.3.0']}]
+
+      end
+    end
+  end
+end

data/lib/dawn/kb/cve_2016_6316.rb

@@ -0,0 +1,33 @@
+module Dawn
+  module Kb
+    # Automatically created with rake on 2016-10-02
+    class CVE_2016_6316
+      include DependencyCheck
+
+      def initialize
+        title   = "Possible XSS Vulnerability in Action View"
+        message = "Text declared as \"HTML safe\" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to an XSS attack."
+        super({
+          :title=>title,
+          :name=> "CVE-2016-6316",
+          :cve=>"2016-6316",
+          :osvdb=>"",
+          :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
+          :release_date => Date.new(2016, 8, 11),
+          :cwe=>"",
+          :owasp=>"A9",
+          :applies=>["rails", "sinatra", "padrino"],
+          :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+          :message=>message,
+          :mitigation=>"Please upgrade actionview gem to version 3.2.22.3, 4.2.7.1, 5.0.0.1 or install latest version.",
+          :aux_links=>['https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk']
+        })
+        self.safe_dependencies = [{:name=>"actionview", :version=>['3.2.22.3', '4.2.7.1', '5.0.0.1']}]
+        self.not_affected = {:name=>"actionview", :version=>['1.x.x', '2.x.x']}
+
+        self.save_minor=true
+        self.save_major=true
+      end
+    end
+  end
+end

data/lib/dawn/kb/cve_2016_6317.rb

@@ -0,0 +1,32 @@
+module Dawn
+  module Kb
+    # Automatically created with rake on 2016-10-02
+    class CVE_2016_6317
+      include DependencyCheck
+
+      def initialize
+        title   = "Unsafe Query Generation Risk in Active Record"
+        message = "Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with “IS NULL” or empty where clauses. This issue does not let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn’t expect it."
+
+        super({
+          :title=>title,
+          :name=> "CVE-2016-6317",
+          :cve=>"2016-6317",
+          :osvdb=>"",
+          :cvss=>"AV:N/AC:L/Au:N/C:N/I:P/A:N",
+          :release_date => Date.new(2016, 8, 11),
+          :cwe=>"",
+          :owasp=>"A9",
+          :applies=>["rails", "sinatra", "padrino"],
+          :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+          :message=>message,
+          :mitigation=>"Please upgrade activerecord gem to version 4.2.7.1. Please note that versions 5.0.0 or later are not affected.",
+          :aux_links=>['https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s']
+        })
+        self.safe_dependencies = [{:name=>"activerecord", :version=>['4.2.7.1']}]
+        self.not_affected = {:name=>"activerecord", :version=>['1.x.x', '2.x.x', '3.x.x', '4.0.x', '4.1.x', '5.0.x']}
+
+      end
+    end
+  end
+end

data/lib/dawn/kb/cve_2016_6582.rb

@@ -0,0 +1,43 @@
+module Dawn
+  module Kb
+    # Automatically created with rake on 2016-10-02
+    class CVE_2016_6582
+      # Include the testing skeleton for this CVE
+      # include PatternMatchCheck
+      include DependencyCheck
+      # include RubyVersionCheck
+
+      def initialize
+        title   = "Doorkeeper gem does not revoke tokens & uses wrong auth/auth method"
+        message = "Doorkeeper failed to implement OAuth 2.0 Token Revocation (RFC 7009) in the following ways:
+
+Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked
+Requests were not properly authenticating the client credentials but were, instead, looking at the access token in a second location
+Because of 2, the requests were also not authorizing confidential clients’ ability to revoke a given token. It should only revoke tokens that belong to it.
+The security implication is: OAuth 2.0 clients who \"log out\" a user expect to have the corresponding access & refresh tokens revoked, preventing an attacker who may have already hijacked the session from continuing to impersonate the victim. Because of the bug described above, this is not the case. As far as OWASP is concerned, this counts as broken authentication design.
+
+MITRE has assigned CVE-2016-6582 due to the security issues raised. An attacker, thanks to 1, can replay a hijacked session after a victim logs out/revokes their token. Additionally, thanks to 2 & 3, an attacker via a compromised confidential client could \"grief\" other clients by revoking their tokens (albeit this is an exceptionally narrow attack with little value)."
+
+
+        super({
+          :title=>title,
+          :name=> "CVE-2016-6582",
+          :cve=>"",
+          :osvdb=>"",
+          :cvss=>"",
+          :release_date => Date.new(2016, 8, 18),
+          :cwe=>"",
+          :owasp=>"A9",
+          :applies=>["rails", "sinatra", "padrino"],
+          :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+          :message=>message,
+          :mitigation=>"Please upgrade doorkeeper gem to version 4.2.0 or later.",
+          :aux_links=>['http://www.openwall.com/lists/oss-security/2016/08/19/2']
+        })
+        self.safe_dependencies = [{:name=>"doorkeeper", :version=>['4.2.0']}]
+
+
+      end
+    end
+  end
+end

data/lib/dawn/kb/dependency_check.rb

@@ -42,10 +42,6 @@ module Dawn
           @mitigated = true if dep[:name] == @aux_mitigation_gem[:name] unless @aux_mitigation_gem.nil?
 
           @safe_dependencies.each do |safe_dep|
-            if safe_dep[:name] == "rails"
-              debug_me "Forcing save_minor flag for rails gem dependency check"
-              self.save_minor = true
-            end
 
             if dep[:name] == safe_dep[:name]
               v = Dawn::Kb::VersionCheck.new(

data/lib/dawn/kb/osvdb_132234.rb

@@ -0,0 +1,34 @@
+module Dawn
+		module Kb
+			# Automatically created with rake on 2016-10-02
+			class OSVDB_132234
+				# Include the testing skeleton for this Security Check
+				# include PatternMatchCheck
+				include DependencyCheck
+				# include RubyVersionCheck
+
+				def initialize
+					title   = "rack-attack Gem for Ruby missing normalization before request path processing"
+					message = "When using rack-attack with a rails app, developers expect the request path to be normalized. In particular, trailing slashes are stripped so a request path \"/login/\" becomes \"/login\" by the time you're in ActionController. Since Rack::Attack runs before ActionDispatch, the request path is not yet normalized. This can cause throttles and blacklists to not work as expected. E.g., a throttle: throttle('logins', ...) {|req| req.path == \"/login\" } would not match a request to '/login/', though Rails would route '/login/' to the same '/login' action."
+
+          super({
+            :title=>title,
+            :name=> "OSVDB_132234",
+            :cve=>"",
+            :osvdb=>"132234",
+            :cvss=>"",
+            :release_date => Date.new(2015, 12, 15),
+            :cwe=>"",
+            :owasp=>"A9",
+            :applies=>["rails"],
+            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade rack-attack gem to version 4.3.1 or later.",
+            :aux_links=>['https://github.com/kickstarter/rack-attack/releases/tag/v4.3.1']
+           })
+          self.safe_dependencies = [{:name=>"rack-attack", :version=>['4.3.1']}]
+
+				end
+			end
+		end
+end

data/lib/dawn/kb/version_check.rb

@@ -364,7 +364,7 @@ module Dawn
         # we have a non vulnerable major, but the minor is and there is an higher version in array
         # eg. we detected v1.3.2, safe version is 1.3.3 and there is also a safe 2.x.x
         return debug_me_and_return_false("#{detected_version} has a major version vulnerable but honoring save_major_fix") if major && @save_major_fix
-        return debug_me_and_return_false("#{detected_version} has a minor version vulnerable but honoring save_minor_fix") if minor && @save_minor_fix
+        return debug_me_and_return_false("#{detected_version} has a minor version vulnerable but honoring save_minor_fix") if minor and @save_minor_fix
         return true if major && minor
         return true if ! major && minor && patch && ! @save_major_fix && ! @save_minor_fix
         return true if major && !@save_major_fix

data/lib/dawn/knowledge_base.rb

@@ -267,6 +267,10 @@ require "dawn/kb/cve_2016_0752"
 require "dawn/kb/cve_2016_0753"
 require "dawn/kb/cve_2016_2097"
 require "dawn/kb/cve_2016_2098"
+require "dawn/kb/cve_2016_5697"
+require "dawn/kb/cve_2016_6316"
+require "dawn/kb/cve_2016_6317"
+require "dawn/kb/cve_2016_6582"
 
 # OSVDB
 
@@ -286,6 +290,7 @@ require "dawn/kb/osvdb_119927"
 require "dawn/kb/osvdb_120415"
 require "dawn/kb/osvdb_120857"
 require "dawn/kb/osvdb_121701"
+require "dawn/kb/osvdb_132234"
 
 
 
@@ -569,6 +574,10 @@ module Dawn
           Dawn::Kb::CVE_2016_0753.new,
           Dawn::Kb::CVE_2016_2097.new,
           Dawn::Kb::CVE_2016_2098.new,
+          Dawn::Kb::CVE_2016_5697.new,
+          Dawn::Kb::CVE_2016_6316.new,
+          Dawn::Kb::CVE_2016_6317.new,
+          Dawn::Kb::CVE_2016_6582.new,
 
 
           # OSVDB Checks are still here since are all about dependencies
@@ -588,6 +597,7 @@ module Dawn
           Dawn::Kb::OSVDB_120415.new,
           Dawn::Kb::OSVDB_120857.new,
           Dawn::Kb::OSVDB_121701.new,
+          Dawn::Kb::OSVDB_132234.new,
       ]
         # END @cve_security_checks array
         # START @owasp_ror_cheatsheet_checks array
@@ -611,7 +621,7 @@ module Dawn
 
           ret = []
           ret += @aux_checks
-          ret += @cve_security_checks         if @enabled_checks.include?(:cve_bulletin)
+          ret += @cve_security_checks         if @enabled_checks.include?(:bulletin)
           ret += @owasp_ror_cheatsheet_checks if @enabled_checks.include?(:owasp_ror_cheatsheet)
           ret += @code_quality_checks         if @enabled_checks.include?(:code_quality)
 

data/lib/dawn/knowledge_base_experimental.rb

@@ -0,0 +1,245 @@
+require 'singleton'
+
+# For HTTPS communication to check for KB updates and to fetch them
+require 'net/http'
+require 'uri'
+
+require 'yaml'
+require 'digest'
+
+module Dawn
+  # This is the YAML powered experimental knowledge base
+  #
+  # When the old KB format, using Ruby classes will be marked as deprecated,
+  # than this one will be the official.
+  #
+  # Dawnscanner KB will be a bunch of YAML file, stored in a hierachy of
+  # directories resembling security checks family. A digital signature will be
+  # also available to prevent KB tampering.
+  #
+  # This class will be accountable for:
+  #   + check for KB upgrade
+  #   + fetching the KB file from the Internet
+  #   + verifying the database signature
+  #   + reading YAML file, creating the security check array
+  #
+  # Another big change will be the MVC passed as constructor parameter, so only
+  # the checks regarding the particular app, will be loaded in the security
+  # check array. This should speed up BasicCheck internal routines.
+  #
+  # Class usage will be very simple. After getting the singleton instance, you
+  # will load the KB content. The load method will be also responsible about
+  # all relevant checks.
+  #
+  # Example
+  #
+  # require "dawn/knowledge_base_experimental"
+  #
+  # ...
+  #
+  # d = Dawn::KnowledgeBaseExperimental.instance
+  # d.update if d.update?
+  # d.load
+  #
+  # Last update: Fri Oct  7 08:03:43 CEST 2016
+  class KnowledgeBaseExperimental
+    include Dawn::Utils
+    include Singleton
+
+    GEM_CHECK           = :rubygem_check
+    DEPENDENCY_CHECK    = :dependency_check
+    PATTERN_MATCH_CHECK = :pattern_match_check
+    RUBY_VERSION_CHECK  = :ruby_version_check
+    OS_CHECK            = :os_check
+    COMBO_CHECK         = :combo_check
+    CUSTOM_CHECK        = :custom_check
+
+    REMOTE_KB_URL_PREFIX  = "https://dawnscanner.org/data/"
+    FILES = %w(kb.yaml bulletin.tar.gz generic_check.tar.gz owasp_ror_cheatsheet.tar.gz code_style.tar.gz code_quality.tar.gz owasp_top_10.tar.gz signatures.tar.gz)
+
+
+    attr_reader :security_checks
+    attr_reader :descriptor
+    attr_reader :path
+
+    def initialize(options={})
+      if $logger.nil?
+        require 'dawn/logger'
+        $logger = Logger.new(STDOUT)
+        $logger.helo "knowledge-base-experimental", Dawn::VERSION
+      end
+    end
+
+
+
+    def find(name)
+    end
+
+    def self.kb_descriptor
+      {:kb=>{:version=>"0.0.1", :revision=>Time.now.strftime("%Y%m%d"), :api=>Dawn::VERSION}}.to_yaml
+    end
+
+    def update?
+      FileUtils.mkdir_p("tmp")
+      begin
+        response = Net::HTTP.get URI(REMOTE_KB_URL_PREFIX + "kb.yaml")
+        open("tmp/kb.yaml", "w") do |f|
+          f.puts(response)
+        end
+        response = Net::HTTP.get URI(REMOTE_KB_URL_PREFIX + "kb.yaml.sig")
+        open("tmp/kb.yaml.sig", "w") do |f|
+          f.puts(response)
+        end
+      rescue Exception => e
+        $logger.error e.to_s
+        return false
+      end
+
+      # Verify kb.yaml signature
+
+      YAML.load(response)
+    end
+
+    def all
+      @security_checks
+    end
+
+    # Load security checks from db/ folder.
+    #
+    # options - The list of the options to be passed to KB. It can contain:
+    #   + enabled_checks: an array of security checks that must be enabled
+    #      [:generic_check, :code_quality, :bulletin, :code_style, :owasp_ror_cheatsheet, :owasp_top_10]
+    #   + mvc: the mvc name for the target application, in order for the KB to
+    #          deselect all security checks that don't fit the code to be
+    #          reviewed.
+    #   + path: the path for the KB root folder. Please note that #{Dir.pwd}/db
+    #           is the default location.
+    #
+    # Returns an array of security checks, matching the mvc to be reviewed and
+    # the enabled check list or an empty array if an error occured.
+    def load(options={})
+      @security_checks = []
+      $path = File.join(Dir.pwd, "db")
+
+      enabled_checks  = options[:enabled_checks]  unless options[:enabled_checks].nil?
+      mvc             = options[:mvc]             unless options[:mvc].nil?
+      $path           = options[:path]            unless options[:path].nil?
+
+      unless __valid?
+        $logger.error "An invalid library it has been found. Please use --recovery flag to force fresh install from dawnscanner.org"
+        return []
+      end
+
+      unless __load?
+        $logger.error "The library must be consumed with dawnscanner up to v#{$descriptor["kb"]["api"]}. You are using dawnscanner v#{Dawn::VERSION}"
+        return []
+      end
+
+      # TODO: untar and unzip from here (look for it in Google)
+      if __packed?
+        $logger.info "a packed knowledge base it has been found. Unpacking it"
+        __unpack
+      end
+
+      enabled_checks.each do |d|
+
+        dir = File.join($path, d)
+
+        # Please note that if we enter in this branch, it means someone
+        # tampered the KB between the previous __valid? check and this point.
+        # Of course this is a very rare situation, but we must handle it.
+        unless Dir.exists?(dir)
+          $logger.critical "Missing check directory #{dir}"
+          $logger.error "An invalid library it has been found. Please use --recovery flag to force fresh install from dawnscanner.org"
+          return []
+        end
+
+        # Enumerate all YAML file in the give dir
+
+      end
+
+    end
+
+    def dump(verbose=false)
+      puts "Security checks currently supported:"
+      i=0
+      KnowledgeBaseExperimental.instance.all.each do |check|
+        i+=1
+        if verbose
+          puts "Name: #{check.name}\tCVSS: #{check.cvss_score}\tReleased: #{check.release_date}"
+          puts "Description\n#{check.message}"
+          puts "Remediation\n#{check.remediation}\n\n"
+        else
+          puts "#{check.name}"
+        end
+      end
+      puts "-----\nTotal: #{i}"
+
+    end
+
+    private
+
+    def __verify_hash(original, computed)
+      t=original.split(' ')
+      return false if t.length != 2
+      return (t[0] == computed)
+    end
+
+    def __valid?
+
+      lines = ""
+
+      unless File.exists?(File.join($path, "kb.yaml"))
+        $logger.error  "Missing kb.yaml in #{path}. Giving up"
+        return false
+      end
+
+      unless File.exists?(File.join($path, "kb.yaml.sig"))
+        $logger.error  "Missing kb.yaml signature in #{path}. Giving up"
+        return false
+      end
+
+      lines = File.read(File.join($path, "kb.yaml"))
+      hash_file = Digest::SHA256.hexdigest lines
+      hash_orig = File.read(File.join($path, "kb.yaml.sig"))
+
+      v = __verify_hash(hash_orig, hash_file)
+      if v
+        $logger.info("good kb.yaml file found. Reading knowledge base descriptor")
+        @descriptor = YAML.load(lines)
+      else
+        $logger.error("kb.yaml signature mismatch. Found #{hash_file} while expecting #{hash_orig}. Giving up")
+        return false
+      end
+
+      return true
+    end
+
+    # Check if the local KB is packet or not.
+    #
+    # Returns true if at least one KB tarball file it has been found in the
+    # local DB path
+    def __packed?
+      FILES.each do |fn|
+        return true if fn.end_with? 'tar.gz' and File.exists?(File.join($path, fn))
+      end
+      return false
+    end
+
+    def __unpack
+
+    end
+
+    def __load?
+      api = $descriptor["kb"]["api"]
+      v = Dawn::VERSION
+      require "dawn/kb/version_check"
+
+      vc = VersionCheck.new
+      return true if vc.is_higher?(api, v) # => true if v > api
+      return false
+    end
+
+
+  end
+end

data/lib/dawn/version.rb

@@ -1,7 +1,7 @@
 module Dawn
-    VERSION = "1.6.5"
+    VERSION = "1.6.6"
     CODENAME = "Tow Mater"
-    RELEASE = "20160930"
-    BUILD = "5"
-    COMMIT = "g0d1f45a"
+    RELEASE = "20161101"
+    BUILD = "17"
+    COMMIT = "g9edee27"
 end

data/spec/lib/dawn/codesake_knowledgebase_spec.rb

@@ -1179,4 +1179,24 @@ it "must have test for CVE-2016-2097" do
   expect(sc).not_to   be_nil
   expect(sc.class).to eq(Dawn::Kb::CVE_2016_2097)
 end
+it "must have test for OSVDB_132234" do
+  sc = kb.find("OSVDB_132234")
+  expect(sc).not_to   be_nil
+  expect(sc.class).to eq(Dawn::Kb::OSVDB_132234)
+end
+it "must have test for CVE-2016-6317" do
+  sc = kb.find("CVE-2016-6317")
+  expect(sc).not_to   be_nil
+  expect(sc.class).to eq(Dawn::Kb::CVE_2016_6317)
+end
+it "must have test for CVE-2016-6316" do
+  sc = kb.find("CVE-2016-6316")
+  expect(sc).not_to   be_nil
+  expect(sc.class).to eq(Dawn::Kb::CVE_2016_6316)
+end
+it "must have test for CVE-2016-5697" do
+  sc = kb.find("CVE-2016-5697")
+  expect(sc).not_to   be_nil
+  expect(sc.class).to eq(Dawn::Kb::CVE_2016_5697)
+end
 end

data/spec/lib/kb/cve_2014_7829_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 describe "The CVE-2014-7829 vulnerability" do
 	before(:all) do
 		@check = Dawn::Kb::CVE_2014_7829.new
-		# @check.debug = true
+		@check.debug = true
 	end
   it "is reported when vulnerable rails gem is used (3.2.20)" do
     @check.dependencies = [{:name=>"rails", :version=>'3.2.20'}]

data/spec/lib/kb/cve_2016_5697_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The CVE-2016-5697 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2016_5697.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"ruby-saml", :version=>"1.2.9"}]
+		expect(@check.vuln?).to   eq(true)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"ruby-saml", :version=>"1.3.0"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+end

data/spec/lib/kb/cve_2016_6316_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper'
+describe "The CVE-2016-6316 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2016_6316.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"3.2.22.2"}]
+		expect(@check.vuln?).to   eq(true)
+	end
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"5.0.0.0"}]
+    expect(@check.vuln?).to   eq(true)
+  end
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"4.2.6"}]
+    expect(@check.vuln?).to   eq(true)
+  end
+
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"3.0.0"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"2.2.0"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"1.2.0"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"3.2.22.3"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"4.2.7.1"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"actionview", :version=>"5.0.0.1"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+end

data/spec/lib/kb/cve_2016_6317_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+describe "The CVE-2016-6317 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::CVE_2016_6317.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"4.2.7.0"}]
+		expect(@check.vuln?).to   eq(true)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"4.2.7.1"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"4.1.0"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"3.1.0"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"2.1.0"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"1.1.0"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"activerecord", :version=>"5.0.0"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+end

data/spec/lib/kb/cve_2016_6582_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+describe "The CVE-2016-6582 vulnerability" do
+  before(:all) do
+    @check = Dawn::Kb::CVE_2016_6582.new
+    # @check.debug = true
+  end
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"doorkeeper", :version=>"1.2.0"}]
+    expect(@check.vuln?).to   eq(true)
+  end
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"doorkeeper", :version=>"2.5.0"}]
+    expect(@check.vuln?).to   eq(true)
+  end
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"doorkeeper", :version=>"3.9.0"}]
+    expect(@check.vuln?).to   eq(true)
+  end
+
+  it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"doorkeeper", :version=>"4.1.0"}]
+    expect(@check.vuln?).to   eq(true)
+  end
+
+  it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"doorkeeper", :version=>"4.2.0"}]
+    expect(@check.vuln?).to   eq(false)
+  end
+end

data/spec/lib/kb/osvdb_132234_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+describe "The OSVDB_132234 vulnerability" do
+	before(:all) do
+		@check = Dawn::Kb::OSVDB_132234.new
+		# @check.debug = true
+	end
+	it "is reported when the vulnerable gem is detected" do
+    @check.dependencies = [{:name=>"rack-attack", :version=>"4.3.0"}]
+		expect(@check.vuln?).to   eq(true)
+	end
+	it "is not reported when a fixed release is detected" do
+    @check.dependencies = [{:name=>"rack-attack", :version=>"4.3.1"}]
+		expect(@check.vuln?).to   eq(false)
+	end
+end

data/spec/lib/kb/yamilize_kb_spec.rb

@@ -0,0 +1,12 @@
+require 'spec_helper'
+describe "The Knowledge base must be converted to YAML" do
+  before(:all) do
+    @dep_check      = Dawn::Kb::CVE_2013_2513.new
+    @combo_check    = Dawn::Kb::CVE_2008_4310.new
+    @ruby_ver_check = Dawn::Kb::CVE_2004_0755.new
+    @os_check       = Dawn::Kb::CVE_2008_4310.new
+    @gem_check      = Dawn::Kb::CVE_2015_4020.new
+    @pattern_check  = Dawn::Kb::NotRevisedCode.new
+    # @check.debug = true
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dawnscanner
 version: !ruby/object:Gem::Version
-  version: 1.6.5
+  version: 1.6.6
 platform: ruby
 authors:
 - Paolo Perego
@@ -30,7 +30,7 @@ cert_chain:
   jm6Bw8fGx65GCWIdgMhH/P0icixcnyrnotnnOrEcmPudIlgEN9qaUYcguOfFBhTH
   1sGpM7KzrYHU8qJJPrdaX0ezIDL4cN/kA/DxYTfUiMw=
   -----END CERTIFICATE-----
-date: 2016-09-30 00:00:00.000000000 Z
+date: 2016-11-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cvss
@@ -320,13 +320,14 @@ files:
 - checksum/dawnscanner-1.6.2.gem.sha1
 - checksum/dawnscanner-1.6.3.gem.sha1
 - checksum/dawnscanner-1.6.4.gem.sha1
+- checksum/dawnscanner-1.6.5.gem.sha1
 - code_of_conduct.md
 - dawnscanner.gemspec
 - doc/dawn_1_0_announcement.md
 - doc/dawn_1_1_announcement.md
 - doc/dawn_1_2_announcement.md
 - doc/dawn_1_5_announcement.md
-- doc/dawnscanner.yaml.sample
+- doc/dawnscanner.yml.sample
 - doc/new_knowledge_base_v1.0.md
 - features/dawn_complains_about_an_incorrect_command_line.feature.disabled
 - features/dawn_scan_a_secure_sinatra_app.feature.disabled
@@ -543,6 +544,10 @@ files:
 - lib/dawn/kb/cve_2016_0753.rb
 - lib/dawn/kb/cve_2016_2097.rb
 - lib/dawn/kb/cve_2016_2098.rb
+- lib/dawn/kb/cve_2016_5697.rb
+- lib/dawn/kb/cve_2016_6316.rb
+- lib/dawn/kb/cve_2016_6317.rb
+- lib/dawn/kb/cve_2016_6582.rb
 - lib/dawn/kb/dependency_check.rb
 - lib/dawn/kb/deprecation_check.rb
 - lib/dawn/kb/gem_check.rb
@@ -564,6 +569,7 @@ files:
 - lib/dawn/kb/osvdb_120415.rb
 - lib/dawn/kb/osvdb_120857.rb
 - lib/dawn/kb/osvdb_121701.rb
+- lib/dawn/kb/osvdb_132234.rb
 - lib/dawn/kb/owasp_ror_cheatsheet.rb
 - lib/dawn/kb/owasp_ror_cheatsheet/check_for_backup_files.rb
 - lib/dawn/kb/owasp_ror_cheatsheet/check_for_safe_redirect_and_forward.rb
@@ -578,6 +584,7 @@ files:
 - lib/dawn/kb/simpleform_xss_20131129.rb
 - lib/dawn/kb/version_check.rb
 - lib/dawn/knowledge_base.rb
+- lib/dawn/knowledge_base_experimental.rb
 - lib/dawn/logger.rb
 - lib/dawn/padrino.rb
 - lib/dawn/rails.rb
@@ -683,6 +690,10 @@ files:
 - spec/lib/kb/cve_2016_0753_spec.rb
 - spec/lib/kb/cve_2016_2097_spec.rb
 - spec/lib/kb/cve_2016_2098_spec.rb
+- spec/lib/kb/cve_2016_5697_spec.rb
+- spec/lib/kb/cve_2016_6316_spec.rb
+- spec/lib/kb/cve_2016_6317_spec.rb
+- spec/lib/kb/cve_2016_6582_spec.rb
 - spec/lib/kb/osvdb_105971_spec.rb
 - spec/lib/kb/osvdb_108530_spec.rb
 - spec/lib/kb/osvdb_108563_spec.rb
@@ -699,7 +710,9 @@ files:
 - spec/lib/kb/osvdb_120415_spec.rb
 - spec/lib/kb/osvdb_120857_spec.rb
 - spec/lib/kb/osvdb_121701_spec.rb
+- spec/lib/kb/osvdb_132234_spec.rb
 - spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
+- spec/lib/kb/yamilize_kb_spec.rb
 - spec/spec_helper.rb
 - support/bootstrap.js
 - support/bootstrap.min.css
@@ -829,6 +842,10 @@ test_files:
 - spec/lib/kb/cve_2016_0753_spec.rb
 - spec/lib/kb/cve_2016_2097_spec.rb
 - spec/lib/kb/cve_2016_2098_spec.rb
+- spec/lib/kb/cve_2016_5697_spec.rb
+- spec/lib/kb/cve_2016_6316_spec.rb
+- spec/lib/kb/cve_2016_6317_spec.rb
+- spec/lib/kb/cve_2016_6582_spec.rb
 - spec/lib/kb/osvdb_105971_spec.rb
 - spec/lib/kb/osvdb_108530_spec.rb
 - spec/lib/kb/osvdb_108563_spec.rb
@@ -845,5 +862,7 @@ test_files:
 - spec/lib/kb/osvdb_120415_spec.rb
 - spec/lib/kb/osvdb_120857_spec.rb
 - spec/lib/kb/osvdb_121701_spec.rb
+- spec/lib/kb/osvdb_132234_spec.rb
 - spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
+- spec/lib/kb/yamilize_kb_spec.rb
 - spec/spec_helper.rb