RubyGems - dawnscanner - Versions diffs - 2.0.0.rc4 → 2.0.0.rc5 - Mend

dawnscanner 2.0.0.rc4 → 2.0.0.rc5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/Changelog.md +6 -2
data/Rakefile +0 -4
data/VERSION +3 -15
data/dawnscanner.gemspec +3 -4
data/lib/dawn/engine.rb +1 -0
data/lib/dawn/kb/pattern_match_check.rb +1 -1
data/lib/dawn/knowledge_base.rb +14 -1
data/lib/dawn/reporter.rb +2 -0
data/lib/dawn/version.rb +4 -5
data/spec/lib/kb/codesake_dependency_version_check_spec.rb +18 -15
data/spec/lib/kb/codesake_ruby_version_check_spec.rb +7 -17
metadata +3 -17

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b9ae4a53a59b132a6ce6c85407f0d4fddd88eda75958474a1aee0ce2369b4cf4
-  data.tar.gz: '01479eaa5129162d83ddcce897f74f250b5fe4b0cbe5e7c5e3bb2444b9cffce8'
+  metadata.gz: 72a87bbf8ef2496a0afd46d528d72e054f5dae05ebd931c7def8f99be76961da
+  data.tar.gz: 67625dd36903d067ecf28c8581b130d1b2c612a3b26ded963e2868bb95efb853
 SHA512:
-  metadata.gz: b2ddc397e425922f848612c1244b8e0ace964a766673b9a6f70317e441c00dd35c2687de1040fcfa0ef5203c5f7304d274e4a9091637670a8b5c3ccefec33804
-  data.tar.gz: '0345397057005fcd021910298c1befb282eddfcad7e13f876e5d36a8715579d71990dd18bcb9cd3ca3f8387fe99e962ad8e97224d5060dad1f711f49a82e62d2'
+  metadata.gz: e6621edd0430c27a88d8813e5ca57475466ff8ea6d262cc7f324890d521a10d1f24f055004fdfa4ccb36e9131d1ea6f6d8957e17d26a54846194706279e617a2
+  data.tar.gz: ec14c1e7804f38e5bcb6f87ea7d05afedc83206db846eaec197d4e5be5b48f9ee1059fb87d21ddbab52e023fb2f0a7cc74bc90517be9e62a0e81d9810b93137e

data/Changelog.md CHANGED Viewed

@@ -5,9 +5,9 @@ It supports [Sinatra](http://www.sinatrarb.com),
 [Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
 frameworks.
-_latest update: mer 28 nov 2018, 11.03.53, CET_
+_latest update: mer 29 mar 2023, 18:32:56, CEST_
-## Version 2.0.0 - codename: Finn McMissile (2019-xx-xx)
+## Version 2.0.0
 * New knowledge base, YAML based and distributed separately from the ruby gem.
 * New CLI based on Thor library. Please read README.md file to know how to
@@ -22,6 +22,10 @@ _latest update: mer 28 nov 2018, 11.03.53, CET_
 * Fix issue #244. Now the KB path is no more hardcoded but it is relative to
   $HOME and 'dawnscanner' folder where results are stored.
 * Fix issue #245. Pattern matching check is skipped on empty files.
+* Fix issue #250. Require missing fileutils, thanks to @lukaszsliwa
+* Fix issue #252. File.exists was removed in newer interpreter versions
+* Dropping codenames
+* Class names must be declared before loading YAML files
 ## Version 1.6.9 - codename: Tow Mater (2018-11-28)

data/Rakefile CHANGED Viewed

@@ -37,7 +37,6 @@ namespace :version do
       a = f.readlines
     end
     version = a[a.length - 1].split('-')[0]# .chomp
-    codename = a[a.length - 1].split('-')[1]
     File.open("./lib/dawn/version.rb", "w") do |f|
@@ -47,12 +46,9 @@ namespace :version do
       if branch_name != "main"
         av = version.split('.')
         f.puts "    VERSION = \"#{av[0]}.#{av[1]}.#{commit_hash.chop}\""
-        f.puts "    CODENAME = \"#{codename.lstrip!.chop}\""
         f.puts "    RELEASE = \"(development)\""
       else
-        puts "here"
         f.puts "    VERSION = \"#{version.rstrip!}\""
-        f.puts "    CODENAME = \"#{codename.lstrip!.chop}\""
         f.puts "    RELEASE = \"#{release}\""
       end
       f.puts "    BUILD = \"#{build_number.chop}\""

data/VERSION CHANGED Viewed

@@ -1,15 +1,3 @@
-# Each dawnscanner major release will have a Disney Pixar Cars / Cars2
-# character as codename. My son Daniele loves those films and since I love
-# him too, this is a kinda sort of tribute of my son's passion.
-#
-# Future releases
-#
-# | Character       | Release |
-# |-----------------|---------|
-# | "Finn McMissile"|  2.0.0  |
-# |  "Fillmore"     |  x.x.0  |
-# |"Holly Shiftwell"|  x.x.0  |
-# |   "Guido"       |  x.x.0  |
-# |   "Luigi"       |  x.x.0  |
-# | "Doc Hudson"    |  x.x.0  |
-2.0.0.rc4 - Finn McMissile
+# I removed codenames :-)
+# Code review is fun
+2.0.0.rc5

data/dawnscanner.gemspec CHANGED Viewed

@@ -52,10 +52,9 @@ Gem::Specification.new do |gem|
   # Marked to be unused right now
   # gem.add_dependency 'parser'
-  gem.add_development_dependency ('coveralls')
-  gem.add_development_dependency 'rake'
-  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency('coveralls')
+  gem.add_development_dependency('rake')
+  gem.add_development_dependency('rspec')
   gem.add_development_dependency('tomdoc')
   gem.add_development_dependency('aruba')
-  gem.add_development_dependency('simplecov')
 end

data/lib/dawn/engine.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 require 'net/http'
 require 'json'
 require 'socket'
+require 'fileutils'
 # Statistics stuff
 # require 'code_metrics/statistics'

data/lib/dawn/kb/pattern_match_check.rb CHANGED Viewed

@@ -62,7 +62,7 @@ module Dawn
           matches = []
           raise ArgumentError.new("skipping empty file") if File.zero?(filename)
           begin
-            matches = run(load_file(filename)) if File.exists?(filename) && File.file?(filename) && ! File.binary?(filename) && ! must_exclude?(filename)
+            matches = run(load_file(filename)) if File.exist?(filename) && File.file?(filename) && ! File.binary?(filename) && ! must_exclude?(filename)
             found = ! matches.empty?
           rescue ArgumentError => e
             puts "Skipping pattern match check for #{filename}: #{e.message}"

data/lib/dawn/knowledge_base.rb CHANGED Viewed

@@ -11,6 +11,8 @@ require 'digest'
 require 'date'
+require 'fileutils'
 # Core KB
 require "dawn/kb/basic_check"
 require "dawn/kb/pattern_match_check"
@@ -210,7 +212,18 @@ module Dawn
         else
           Dir.glob(dir+"/**/*.yml").each do |f|
             begin
-              data = YAML.load_file(f)
+              data = YAML.load_file(f, permitted_classes: [Dawn::Kb::UnsafeDependencyCheck,
+                                                           Dawn::Kb::BasicCheck,
+                                                           Dawn::Kb::ComboCheck,
+                                                           Dawn::Kb::DependencyCheck,
+                                                           Dawn::Kb::DeprecationCheck,
+                                                           Dawn::Kb::OperatingSystemCheck,
+                                                           Dawn::Kb::PatternMatchCheck,
+                                                           Dawn::Kb::RubygemCheck,
+                                                           Dawn::Kb::RubyVersionCheck,
+                                                           Dawn::Kb::VersionCheck,
+                                                           Date,
+                                                           Symbol])
               @security_checks << data
               good+=1
               $logger.info("#{File.basename(f)} loaded") if lint

data/lib/dawn/reporter.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require 'fileutils'
 module Dawn
   class Reporter

data/lib/dawn/version.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 module Dawn
-    VERSION = "2.0.0.rc4"
-    CODENAME = "Finn McMissile"
-    RELEASE = "20210406"
-    BUILD = "26"
-    COMMIT = "g9f7c8c3"
+    VERSION = "2.0.0.rc5"
+    RELEASE = "20230329"
+    BUILD = "9"
+    COMMIT = "gb57cda0"
 end

data/spec/lib/kb/codesake_dependency_version_check_spec.rb CHANGED Viewed

@@ -1,26 +1,29 @@
 require 'spec_helper'
-class DependencyMockup
-  include Dawn::Kb::DependencyCheck
+# class DependencyMockup
+#   include Dawn::Kb::DependencyCheck
-  def initialize
-    message = "This is a mock"
-    super(
-      :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
-      :applies=>['sinatra', 'padrino', 'rails'],
-      :message=> message
-    )
-    # self.debug = true
+#   def initialize
+#     message = "This is a mock"
+#     super(
+#       :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+#       :applies=>['sinatra', 'padrino', 'rails'],
+#       :message=> message
+#     )
+#     # self.debug = true
-    self.safe_dependencies = [{:name=>'this_gem', :version=>['0.3.0', '1.3.3', '2.3.3', '2.4.2', '9.4.31.2']}]
-    self.save_major = true
-  end
-end
+#     self.safe_dependencies = [{:name=>'this_gem', :version=>['0.3.0', '1.3.3', '2.3.3', '2.4.2', '9.4.31.2']}]
+#     self.save_major = true
+#   end
+# end
 describe "The security check for gem dependency should" do
   before(:all) do
-    @check = DependencyMockup.new
+    @check = Dawn::Kb::DependencyCheck.new
+    @check.kind=Dawn::KnowledgeBase::DEPENDENCY_CHECK
+    @check.applies = ['sinatra', 'padrino', 'rails']
+    @check.message = "This is a mock"
   end
   # let (:check) {Mockup.new}

data/spec/lib/kb/codesake_ruby_version_check_spec.rb CHANGED Viewed

@@ -1,23 +1,13 @@
 require 'spec_helper'
-class Mockup
-  include Dawn::Kb::RubyVersionCheck
-  def initialize
-    message = "This is a mock"
-    super(
-      :kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
-      :applies=>['sinatra', 'padrino', 'rails'],
-      :message=> message
-    )
-    # self.debug = true
-    self.safe_rubies = [{:version=>"1.9.3", :patchlevel=>"p392"}, {:version=>"2.0.0", :patchlevel=>"p0"}]
-  end
-end
 describe "The security check for Ruby interpreter version" do
-  let (:check) {Mockup.new}
+  before(:all) do
+    @check = Dawn::Kb::RubyVersionCheck.new
+    @check.message = "This is a mock"
+    @check.kind=Dawn::KnowledgeBase::RUBY_VERSION_CHECK
+    @check.applies=['sinatra', 'padrino', 'rails']
+    @check.safe_rubies = [{:version=>"1.9.3", :patchlevel=>"p392"}, {:version=>"2.0.0", :patchlevel=>"p0"}]
+  end
   it "fires if ruby version is vulnerable" do
     check.detected_ruby = {:version=>"1.9.2", :patchlevel=>"p10000"}

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dawnscanner
 version: !ruby/object:Gem::Version
-  version: 2.0.0.rc4
+  version: 2.0.0.rc5
 platform: ruby
 authors:
 - Paolo Perego
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-04-06 00:00:00.000000000 Z
+date: 2023-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cvss
@@ -220,20 +220,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: Dawnscanner is a security source code scanner for ruby powered code.
   It is especially designed for web applications, but it works also with general purpose
   ruby scripts. Dawn supports all major MVC frameworks like ruby on rails, padrino
@@ -374,7 +360,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
 summary: Dawnscanner is a security source code scanner for ruby powered code. It is