dawnscanner 2.1.1 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Changelog.md +8 -1
- data/VERSION +1 -1
- data/checksum/dawnscanner-2.1.1.gem.sha1 +1 -0
- data/lib/dawn/kb/dependency_check.rb +4 -0
- data/lib/dawn/kb/unsafe_depedency_check.rb +16 -0
- data/lib/dawn/version.rb +4 -4
- data/spec/lib/kb/codesake_ruby_version_check_spec.rb +12 -13
- data/spec/lib/kb/codesake_unsafe_dependency_check_normal_spec.rb +39 -0
- data/spec/lib/kb/codesake_unsafe_dependency_check_version_end_excluding_spec.rb +43 -0
- data/spec/lib/kb/codesake_unsafe_dependency_check_version_end_including_spec.rb +44 -0
- data/spec/lib/kb/dependency_check_with_version_end_excluding.yml +23 -0
- data/spec/lib/kb/dependency_check_with_version_end_including.yml +23 -0
- metadata +13 -12
- data/spec/lib/dawn/codesake_knowledgebase_spec.rb +0 -1202
- data/spec/lib/kb/codesake_cve_2013_0175_spec.rb +0 -35
- data/spec/lib/kb/codesake_cve_2013_4457_spec.rb +0 -41
- data/spec/lib/kb/codesake_dependency_version_check_spec.rb +0 -79
- data/spec/lib/kb/codesake_unsafe_dependency_check_spec.rb +0 -29
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 94b039813bed12f92d3312623d3b2168c91a71689b285a49941285b8e3715221
|
4
|
+
data.tar.gz: 7170bc49eeb84ae09c71577b9a79b147dc4fb4e1ba820375f83095e889fa1dea
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: db223e25eb6e0cb0330f4e31113858b8b584dc6ccc0bde728c7024e206c80fe811608a2dc256601f143b436941ff7bc4e0331f6901086eccb55aeaea0226e2ad
|
7
|
+
data.tar.gz: 77b67d5bcccb8b610ecc2b123fa707ea7e52d1509db89d05eb249956398b9cec12e7e75a65a4427bce06b5339b3fe53c09d75a9d277f20660990aeb704539ddb
|
data/Changelog.md
CHANGED
@@ -5,7 +5,14 @@ It supports [Sinatra](http://www.sinatrarb.com),
|
|
5
5
|
[Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
|
6
6
|
frameworks.
|
7
7
|
|
8
|
-
_latest update:
|
8
|
+
_latest update: Mon 17 Apr 2023, 18:07:04, CEST_
|
9
|
+
|
10
|
+
## Version 2.2.0 (2023-04-17)
|
11
|
+
|
12
|
+
* DepedencyCheck: marked as deprecated
|
13
|
+
* UnsafeDependencyCheck: added support for new kb keywords:
|
14
|
+
- versionEndIncluding
|
15
|
+
- versionEndExcluding
|
9
16
|
|
10
17
|
## Version 2.1.1 (2023-04-14)
|
11
18
|
|
data/VERSION
CHANGED
@@ -0,0 +1 @@
|
|
1
|
+
140e3b04589881711a85100bc9b93959382f9b39
|
@@ -25,10 +25,14 @@ module Dawn
|
|
25
25
|
attr_accessor :save_minor
|
26
26
|
attr_accessor :save_major
|
27
27
|
|
28
|
+
# @deprecated Please use UnsafeDependencyCheck instead. This class is no
|
29
|
+
# longer supperted and it will be removed really soon.
|
28
30
|
def initialize(options)
|
29
31
|
super(options)
|
30
32
|
@save_minor ||= options[:save_minor]
|
31
33
|
@save_major ||= options[:save_major]
|
34
|
+
|
35
|
+
warn "This class is deprecated. Please use UnsafeDependencyCheck instead"
|
32
36
|
end
|
33
37
|
|
34
38
|
def vuln?
|
@@ -31,6 +31,22 @@ module Dawn
|
|
31
31
|
@dependencies.each do |dep|
|
32
32
|
unless @vulnerable_version_array.nil? or @vulnerable_version_array.empty?
|
33
33
|
if dep[:name] == @vulnerable_version_array[0][:name]
|
34
|
+
|
35
|
+
unless @vulnerable_version_array[0][:versionEndIncluding].nil?
|
36
|
+
if (Gem::Version.new(dep[:version]) > Gem::Version.new(@vulnerable_version_array[0][:versionEndIncluding]))
|
37
|
+
return false
|
38
|
+
else
|
39
|
+
return true
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
unless @vulnerable_version_array[0][:versionEndExcluding].nil?
|
44
|
+
if (Gem::Version.new(dep[:version]) >= Gem::Version.new(@vulnerable_version_array[0][:versionEndExcluding]))
|
45
|
+
return false
|
46
|
+
else
|
47
|
+
return true
|
48
|
+
end
|
49
|
+
end
|
34
50
|
return true if @please_ignore_dep_version
|
35
51
|
return false if @vulnerable_version_array[0][:version].nil? or @vulnerable_version_array[0][:version].empty?
|
36
52
|
return true if @vulnerable_version_array[0][:version].include? dep[:version]
|
data/lib/dawn/version.rb
CHANGED
@@ -2,29 +2,28 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe "The security check for Ruby interpreter version" do
|
4
4
|
before(:all) do
|
5
|
-
@check = Dawn::Kb::RubyVersionCheck.new
|
6
|
-
|
7
|
-
|
8
|
-
@check.
|
9
|
-
@check.safe_rubies = [{:version=>"1.9.3", :patchlevel=>"p392"}, {:version=>"2.0.0", :patchlevel=>"p0"}]
|
5
|
+
@check = Dawn::Kb::RubyVersionCheck.new(:name=>"Mocked",
|
6
|
+
:kind=>Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
|
7
|
+
:applies=>['sinatra', 'padrino', 'rails'])
|
8
|
+
@check.safe_rubies=[{:version=>"1.9.3", :patchlevel=>"p392"}, {:version=>"2.0.0", :patchlevel=>"p0"}]
|
10
9
|
end
|
11
10
|
|
12
11
|
it "fires if ruby version is vulnerable" do
|
13
|
-
check.detected_ruby = {:version=>"1.9.2", :patchlevel=>"p10000"}
|
14
|
-
expect(check.vuln?).to eq(true)
|
12
|
+
@check.detected_ruby = {:version=>"1.9.2", :patchlevel=>"p10000"}
|
13
|
+
expect(@check.vuln?).to eq(true)
|
15
14
|
end
|
16
15
|
it "doesn't fire if ruby version is not vulnerable and patchlevel is not vulnerable" do
|
17
|
-
check.detected_ruby = {:version=>"1.9.4", :patchlevel=>"p10000"}
|
18
|
-
expect(check.vuln?).to eq(false)
|
16
|
+
@check.detected_ruby = {:version=>"1.9.4", :patchlevel=>"p10000"}
|
17
|
+
expect(@check.vuln?).to eq(false)
|
19
18
|
end
|
20
19
|
|
21
20
|
it "doesn't fire if ruby version is vulnerable and patchlevel is not vulnerable" do
|
22
|
-
check.detected_ruby = {:version=>"1.9.3", :patchlevel=>"p10000"}
|
23
|
-
expect(check.vuln?).to eq(false)
|
21
|
+
@check.detected_ruby = {:version=>"1.9.3", :patchlevel=>"p10000"}
|
22
|
+
expect(@check.vuln?).to eq(false)
|
24
23
|
end
|
25
24
|
|
26
25
|
it "fires if ruby version is vulnerable and patchlevel is vulnerable" do
|
27
|
-
check.detected_ruby = {:version=>"1.9.3", :patchlevel=>"p391"}
|
28
|
-
expect(check.vuln?).to eq(true)
|
26
|
+
@check.detected_ruby = {:version=>"1.9.3", :patchlevel=>"p391"}
|
27
|
+
expect(@check.vuln?).to eq(true)
|
29
28
|
end
|
30
29
|
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
|
4
|
+
describe "The security check for gem unsafe dependency should" do
|
5
|
+
before(:all) do
|
6
|
+
f = "./spec/lib/kb/dependency_check.yml"
|
7
|
+
@check = YAML.load_file(f, permitted_classes: [Dawn::Kb::UnsafeDependencyCheck,
|
8
|
+
Dawn::Kb::BasicCheck,
|
9
|
+
Dawn::Kb::ComboCheck,
|
10
|
+
Dawn::Kb::DependencyCheck,
|
11
|
+
Dawn::Kb::DeprecationCheck,
|
12
|
+
Dawn::Kb::OperatingSystemCheck,
|
13
|
+
Dawn::Kb::PatternMatchCheck,
|
14
|
+
Dawn::Kb::RubygemCheck,
|
15
|
+
Dawn::Kb::RubyVersionCheck,
|
16
|
+
Dawn::Kb::VersionCheck,
|
17
|
+
Date,
|
18
|
+
Symbol])
|
19
|
+
end
|
20
|
+
|
21
|
+
it "fires if vulnerable 0.5.0 version is detected" do
|
22
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'0.5.0'}]
|
23
|
+
expect(@check.vuln?).to eq(true)
|
24
|
+
end
|
25
|
+
it "fires if vulnerable 1.3.2 version is found" do
|
26
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'1.3.2'}]
|
27
|
+
expect(@check.vuln?).to eq(true)
|
28
|
+
end
|
29
|
+
|
30
|
+
it "fires if vulnerable 3.4.0 version is found" do
|
31
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'3.4.0'}]
|
32
|
+
expect(@check.vuln?).to eq(true)
|
33
|
+
end
|
34
|
+
|
35
|
+
it "doesn't fire if not vulnerable 3.0.0 version is found" do
|
36
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'3.0.0'}]
|
37
|
+
expect(@check.vuln?).to eq(false)
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
|
4
|
+
describe "The security check for gem unsafe dependency, when versionEndExcluding is set, should" do
|
5
|
+
before(:all) do
|
6
|
+
f = "./spec/lib/kb/dependency_check_with_version_end_excluding.yml"
|
7
|
+
@check = YAML.load_file(f, permitted_classes: [Dawn::Kb::UnsafeDependencyCheck,
|
8
|
+
Dawn::Kb::BasicCheck,
|
9
|
+
Dawn::Kb::ComboCheck,
|
10
|
+
Dawn::Kb::DependencyCheck,
|
11
|
+
Dawn::Kb::DeprecationCheck,
|
12
|
+
Dawn::Kb::OperatingSystemCheck,
|
13
|
+
Dawn::Kb::PatternMatchCheck,
|
14
|
+
Dawn::Kb::RubygemCheck,
|
15
|
+
Dawn::Kb::RubyVersionCheck,
|
16
|
+
Dawn::Kb::VersionCheck,
|
17
|
+
Date,
|
18
|
+
Symbol])
|
19
|
+
end
|
20
|
+
|
21
|
+
it "fires if vulnerable 0.5.0 version is detected" do
|
22
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'0.5.0'}]
|
23
|
+
expect(@check.vuln?).to eq(true)
|
24
|
+
end
|
25
|
+
it "fires if vulnerable 1.3.2 version is found" do
|
26
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'1.3.2'}]
|
27
|
+
expect(@check.vuln?).to eq(true)
|
28
|
+
end
|
29
|
+
|
30
|
+
it "fires if vulnerable 2.7.2.1 version is found" do
|
31
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'2.7.2.1'}]
|
32
|
+
expect(@check.vuln?).to eq(true)
|
33
|
+
end
|
34
|
+
it "fires if vulnerable 2.7.2.2 version is found" do
|
35
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'2.7.2.2'}]
|
36
|
+
expect(@check.vuln?).to eq(false)
|
37
|
+
end
|
38
|
+
|
39
|
+
it "doesn't fire if not vulnerable 3.0 version is found" do
|
40
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'3.0'}]
|
41
|
+
expect(@check.vuln?).to eq(false)
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
|
4
|
+
describe "The security check for gem unsafe dependency, when versionEndIncluding is set, should" do
|
5
|
+
before(:all) do
|
6
|
+
f = "./spec/lib/kb/dependency_check_with_version_end_including.yml"
|
7
|
+
@check = YAML.load_file(f, permitted_classes: [Dawn::Kb::UnsafeDependencyCheck,
|
8
|
+
Dawn::Kb::BasicCheck,
|
9
|
+
Dawn::Kb::ComboCheck,
|
10
|
+
Dawn::Kb::DependencyCheck,
|
11
|
+
Dawn::Kb::DeprecationCheck,
|
12
|
+
Dawn::Kb::OperatingSystemCheck,
|
13
|
+
Dawn::Kb::PatternMatchCheck,
|
14
|
+
Dawn::Kb::RubygemCheck,
|
15
|
+
Dawn::Kb::RubyVersionCheck,
|
16
|
+
Dawn::Kb::VersionCheck,
|
17
|
+
Date,
|
18
|
+
Symbol])
|
19
|
+
@check.debug=true
|
20
|
+
end
|
21
|
+
|
22
|
+
it "fires if vulnerable 0.5.0 version is detected" do
|
23
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'0.5.0'}]
|
24
|
+
expect(@check.vuln?).to eq(true)
|
25
|
+
end
|
26
|
+
it "fires if vulnerable 1.3.2 version is found" do
|
27
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'1.3.2'}]
|
28
|
+
expect(@check.vuln?).to eq(true)
|
29
|
+
end
|
30
|
+
|
31
|
+
it "fires if vulnerable 2.7.2.1 version is found" do
|
32
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'2.7.2.1'}]
|
33
|
+
expect(@check.vuln?).to eq(true)
|
34
|
+
end
|
35
|
+
it "fires if vulnerable 2.7.2.2 version is found" do
|
36
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'2.7.2.2'}]
|
37
|
+
expect(@check.vuln?).to eq(true)
|
38
|
+
end
|
39
|
+
|
40
|
+
it "doesn't fire if not vulnerable 3.0 version is found" do
|
41
|
+
@check.dependencies = [{:name=>"acme-gem", :version=>'3.0'}]
|
42
|
+
expect(@check.vuln?).to eq(false)
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
--- !ruby/object:Dawn::Kb::UnsafeDependencyCheck
|
2
|
+
applies:
|
3
|
+
- rails
|
4
|
+
- sinatra
|
5
|
+
- padrino
|
6
|
+
title: A test here
|
7
|
+
cvss: '(AV:L/AC:L/Au:S/C:N/I:C/A:C)'
|
8
|
+
cve: 'CVE-2023-99999'
|
9
|
+
owasp: A9
|
10
|
+
release_date: '25/03/2023'
|
11
|
+
kind: :unsafe_dependency_check
|
12
|
+
message: |-
|
13
|
+
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur nisi turpis, tincidunt rhoncus leo sed, euismod sollicitudin nisl. In a arcu accumsan, fermentum quam vel, auctor risus. Nulla non sollicitudin libero. Cras hendrerit consectetur pulvinar. Vivamus ligula quam, vulputate eget justo in, varius rhoncus lorem. Nulla vel volutpat enim. Nulla hendrerit posuere tempor. Nulla in metus eget lacus tempor sollicitudin sed et dolor. Ut interdum volutpat felis, ac bibendum mauris volutpat ut. Etiam posuere justo ex, nec faucibus orci suscipit sit amet. Vivamus rutrum massa fermentum mi pellentesque vehicula. Nullam elementum urna mauris, nec cursus risus convallis vel. Nulla consectetur enim ut magna rutrum, et mollis ante auctor. Etiam accumsan in lacus et ultricies. Morbi ullamcorper velit a ipsum egestas, quis laoreet lectus placerat. Maecenas nunc augue, pulvinar non ligula ac, maximus venenatis mi.
|
14
|
+
|
15
|
+
remediation: |-
|
16
|
+
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse et metus blandit, viverra ante a, auctor urna. Integer eget est ac nisl bibendum pharetra. Vivamus rhoncus neque vitae felis congue luctus. Praesent vitae lobortis mi. Nulla malesuada elit dictum tincidunt volutpat. Quisque tincidunt lorem nec eros ullamcorper lobortis. Nunc in felis sit amet purus sollicitudin tincidunt. Sed semper sapien nisi, non rutrum orci ultricies eget. Integer neque mauris, gravida ac varius nec, tincidunt consequat turpis. Fusce nisi metus, iaculis a eros eget, interdum sodales lectus. Pellentesque purus nisi, venenatis ut quam vitae, lacinia tristique turpis. Morbi sed maximus odio, et interdum risus. Duis nec congue lacus. Nunc sed elit a leo fermentum feugiat a aliquam arcu.
|
17
|
+
|
18
|
+
severity: :critical
|
19
|
+
priority: :high
|
20
|
+
check_family: :bulletin
|
21
|
+
vulnerable_version_array:
|
22
|
+
- :name: 'acme-gem'
|
23
|
+
:versionEndExcluding: '2.7.2.2'
|
@@ -0,0 +1,23 @@
|
|
1
|
+
--- !ruby/object:Dawn::Kb::UnsafeDependencyCheck
|
2
|
+
applies:
|
3
|
+
- rails
|
4
|
+
- sinatra
|
5
|
+
- padrino
|
6
|
+
title: A test here
|
7
|
+
cvss: '(AV:L/AC:L/Au:S/C:N/I:C/A:C)'
|
8
|
+
cve: 'CVE-2023-99999'
|
9
|
+
owasp: A9
|
10
|
+
release_date: '25/03/2023'
|
11
|
+
kind: :unsafe_dependency_check
|
12
|
+
message: |-
|
13
|
+
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur nisi turpis, tincidunt rhoncus leo sed, euismod sollicitudin nisl. In a arcu accumsan, fermentum quam vel, auctor risus. Nulla non sollicitudin libero. Cras hendrerit consectetur pulvinar. Vivamus ligula quam, vulputate eget justo in, varius rhoncus lorem. Nulla vel volutpat enim. Nulla hendrerit posuere tempor. Nulla in metus eget lacus tempor sollicitudin sed et dolor. Ut interdum volutpat felis, ac bibendum mauris volutpat ut. Etiam posuere justo ex, nec faucibus orci suscipit sit amet. Vivamus rutrum massa fermentum mi pellentesque vehicula. Nullam elementum urna mauris, nec cursus risus convallis vel. Nulla consectetur enim ut magna rutrum, et mollis ante auctor. Etiam accumsan in lacus et ultricies. Morbi ullamcorper velit a ipsum egestas, quis laoreet lectus placerat. Maecenas nunc augue, pulvinar non ligula ac, maximus venenatis mi.
|
14
|
+
|
15
|
+
remediation: |-
|
16
|
+
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse et metus blandit, viverra ante a, auctor urna. Integer eget est ac nisl bibendum pharetra. Vivamus rhoncus neque vitae felis congue luctus. Praesent vitae lobortis mi. Nulla malesuada elit dictum tincidunt volutpat. Quisque tincidunt lorem nec eros ullamcorper lobortis. Nunc in felis sit amet purus sollicitudin tincidunt. Sed semper sapien nisi, non rutrum orci ultricies eget. Integer neque mauris, gravida ac varius nec, tincidunt consequat turpis. Fusce nisi metus, iaculis a eros eget, interdum sodales lectus. Pellentesque purus nisi, venenatis ut quam vitae, lacinia tristique turpis. Morbi sed maximus odio, et interdum risus. Duis nec congue lacus. Nunc sed elit a leo fermentum feugiat a aliquam arcu.
|
17
|
+
|
18
|
+
severity: :critical
|
19
|
+
priority: :high
|
20
|
+
check_family: :bulletin
|
21
|
+
vulnerable_version_array:
|
22
|
+
- :name: 'acme-gem'
|
23
|
+
:versionEndIncluding: '2.7.2.2'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dawnscanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Paolo Perego
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-04-
|
11
|
+
date: 2023-04-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: cvss
|
@@ -278,6 +278,7 @@ files:
|
|
278
278
|
- checksum/dawnscanner-2.0.0.rc3.gem.sha1
|
279
279
|
- checksum/dawnscanner-2.0.0.rc5.gem.sha1
|
280
280
|
- checksum/dawnscanner-2.1.0.gem.sha1
|
281
|
+
- checksum/dawnscanner-2.1.1.gem.sha1
|
281
282
|
- code_of_conduct.md
|
282
283
|
- dawnscanner.gemspec
|
283
284
|
- doc/change.sh
|
@@ -325,18 +326,18 @@ files:
|
|
325
326
|
- lib/dawnscanner.rb
|
326
327
|
- lib/tasks/dawn_tasks.rake
|
327
328
|
- spec/lib/dawn/codesake_core_spec.rb
|
328
|
-
- spec/lib/dawn/codesake_knowledgebase_spec.rb
|
329
329
|
- spec/lib/dawn/codesake_padrino_engine_disabled.rb
|
330
330
|
- spec/lib/dawn/codesake_rails_engine_disabled.rb
|
331
331
|
- spec/lib/dawn/codesake_sinatra_engine_disabled.rb
|
332
|
-
- spec/lib/kb/codesake_cve_2013_0175_spec.rb
|
333
|
-
- spec/lib/kb/codesake_cve_2013_4457_spec.rb
|
334
|
-
- spec/lib/kb/codesake_dependency_version_check_spec.rb
|
335
332
|
- spec/lib/kb/codesake_deprecation_check_spec.rb
|
336
333
|
- spec/lib/kb/codesake_ruby_version_check_spec.rb
|
337
|
-
- spec/lib/kb/
|
334
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_normal_spec.rb
|
335
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_version_end_excluding_spec.rb
|
336
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_version_end_including_spec.rb
|
338
337
|
- spec/lib/kb/codesake_version_check_spec.rb
|
339
338
|
- spec/lib/kb/dependency_check.yml
|
339
|
+
- spec/lib/kb/dependency_check_with_version_end_excluding.yml
|
340
|
+
- spec/lib/kb/dependency_check_with_version_end_including.yml
|
340
341
|
- spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
|
341
342
|
- spec/lib/kb/yamilize_kb_spec.rb
|
342
343
|
- spec/spec_helper.rb
|
@@ -374,18 +375,18 @@ test_files:
|
|
374
375
|
- features/step_definition/dawn_steps.rb
|
375
376
|
- features/support/env.rb
|
376
377
|
- spec/lib/dawn/codesake_core_spec.rb
|
377
|
-
- spec/lib/dawn/codesake_knowledgebase_spec.rb
|
378
378
|
- spec/lib/dawn/codesake_padrino_engine_disabled.rb
|
379
379
|
- spec/lib/dawn/codesake_rails_engine_disabled.rb
|
380
380
|
- spec/lib/dawn/codesake_sinatra_engine_disabled.rb
|
381
|
-
- spec/lib/kb/codesake_cve_2013_0175_spec.rb
|
382
|
-
- spec/lib/kb/codesake_cve_2013_4457_spec.rb
|
383
|
-
- spec/lib/kb/codesake_dependency_version_check_spec.rb
|
384
381
|
- spec/lib/kb/codesake_deprecation_check_spec.rb
|
385
382
|
- spec/lib/kb/codesake_ruby_version_check_spec.rb
|
386
|
-
- spec/lib/kb/
|
383
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_normal_spec.rb
|
384
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_version_end_excluding_spec.rb
|
385
|
+
- spec/lib/kb/codesake_unsafe_dependency_check_version_end_including_spec.rb
|
387
386
|
- spec/lib/kb/codesake_version_check_spec.rb
|
388
387
|
- spec/lib/kb/dependency_check.yml
|
388
|
+
- spec/lib/kb/dependency_check_with_version_end_excluding.yml
|
389
|
+
- spec/lib/kb/dependency_check_with_version_end_including.yml
|
389
390
|
- spec/lib/kb/owasp_ror_cheatsheet_disabled.rb
|
390
391
|
- spec/lib/kb/yamilize_kb_spec.rb
|
391
392
|
- spec/spec_helper.rb
|