Updated codesake-commons dependency in gemspec

Changed dawn name to Codesake::Dawn
Fixed some typos
Improved README

Changelog.md

@@ -1,6 +1,6 @@
 # Codesake Dawn - changelog
 
-Dawn is a static analysis security scanner for ruby written web applications.
+Codesake::Dawn is a static analysis security scanner for ruby written web applications.
 It supports [Sinatra](http://www.sinatrarb.com),
 [Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
 frameworks. 
@@ -21,11 +21,12 @@ _latest update: Fri Jan 10 08:53:06 CET 2014_
 * Added a rake task to better integrate codesake-dawn in a continous
   development workflow. Now when you install codesake-dawn you have a 'rake
   dawn' task executing the tool on the current directory.
-* In BasicCheck::is_vulnerable_version? Added support for the fourth version
+* In BasicCheck::is_vulnerable_version? added support for the fourth version
   number. We needed this to implement check for CVE-2013-7086
 * Fixing issue #20. is_vulnerable_version? has a problem when the patchlevel is
   the same but there are only three different version numbers (x.y.z format).
   The last change introduces this vuln. Thank you Florin for opening the issue.
+* Created a dedicated web site: [dawn.codesake.com](http://dawn.codesake.com)
 * Added a check for CVE-2004-0755
 * Added a check for CVE-2004-0983
 * Added a check for CVE-2005-1992

README.md

@@ -20,17 +20,29 @@ MVC (Model View Controller) frameworks, like:
 
 ---
 
-Codesake::Dawn version 1.0 has 131 security checks loaded in its knowledge
+Codesake::Dawn version 1.0 has 141 security checks loaded in its knowledge
 base. Most of them are CVE bulletins, that applies to gems, framework or the
 ruby interpreter itself.
 
-You candump all security checks in the knowledge base by using the -k
+You can dump all security checks in the knowledge base by using the -k
 flag:
 
 ```
 $ dawn -k|--list-knowledge-base 
 ```
 
+Useful in scripts, you can even supply a parameter to ```-k``` flag to check if
+a security control has been implemented or not.
+
+```
+$ dawn -k CVE-2013-6421
+07:59:30 [*] dawn v1.0.0.rc2 is starting up
+CVE-2013-6421 found in knowledgebase.
+
+$ dawn -k this_test_does_not_exist
+08:02:17 [*] dawn v1.0.0.rc2 is starting up
+this_test_does_not_exist not found in knowledgebase
+```
 
 When you run Codesake::Dawn on your code it parses your project Gemfile.lock
 looking for the gems used and it tries to detect the ruby interpreter version
@@ -52,10 +64,16 @@ application.
 
 ## Installation
 
-You can install dawn, directly using [Rubygems](https://rubygems.org) by typing:
+You can install latest Codesake::Dawn version, using [Rubygems](https://rubygems.org) by typing:
 
     gem install codesake-dawn
 
+In order to install a release candidate version, the gem install command line is the following:
+
+```
+$ gem install codesake-dawn --pre
+```
+
 If you want to add dawn to your project Gemfile, you must add the following:
 
     group :development do
@@ -79,10 +97,10 @@ that.
 
 ## Usage
 
-You can start your code review with dawn very easily. Simply tell the tool
+You can start your code review with Codesake::Dawn very easily. Simply tell the tool
 where the project root directory. 
 
-Underlying MVC framework is autodetected by dawn using target Gemfile.lock
+Underlying MVC framework is autodetected by Codesake::Dawn using target Gemfile.lock
 file. If autodetect fails for some reason, the tool will complain about it and
 you have to specify if it's a rails, sinatra or padrino web application by
 hand.
@@ -123,7 +141,7 @@ $ dawn -C --output json a_sinatra_webapp_directory
 
 ### Codesake::Dawn security scan in action
 
-As output, dawn will put all security checks that are failed during the scan.
+As output, Codesake::Dawn will put all security checks that are failed during the scan.
 
 This the result of Codedake::Dawn running against a 
 [Sinatra 1.4.2 web application](https://github.com/thesp0nge/railsberry2013) wrote for a talk I
@@ -221,8 +239,7 @@ Github repository:   [https://github.com/codesake/codesake\-dawn](https://github
 
 ## Supporters
 
-To me as project leader it's very important to have feedbacks. I really want to
-ear your voice. 
+To me as project leader it's very important to have feedbacks. 
 
 If you're a proud codesake-dawn user, if you find it useful, if you integrated
 it in your release process and if you want to openly support the project you
@@ -232,7 +249,11 @@ You can support the project by forking the repo, adding a success story, a
 statement saying how do you feel the tool or your company logo as well and then
 submitting a pull request.
 
-Thank you for your support.
+More easily you can drop an email to [me](mailto:thesp0nge@gmail.com) sending a
+statement about your success story and I'll put on the
+[website](http://dawn.codesake.com/success-stories).
+
+Thank you.
 
 ## Thanks to
 

Roadmap.md

@@ -1,20 +1,19 @@
 # Codesake Dawn - roadmap
 
-Dawn is a static analysis security scanner for ruby written web applications.
+Codesake::Dawn is a static analysis security scanner for ruby written web applications.
 It supports [Sinatra](http://www.sinatrarb.com),
 [Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
 frameworks. 
 
-This is an ongoing roadmap for the dawn source code review tool.
+This is an ongoing roadmap for the Codesake::Dawn source code review tool.
 
-_latest update: Fri Jan 10 17:06:04 CET 2014_
+_latest update: Wed Jan 15 07:55:47 CET 2014_
 
 ## Version 1.0.0
 
 * CVE-2013-2119
 * CVE-2013-1756
 * CVE-2012-2139
-* CVE-2007-6183
 
 ## Version 1.1.0
 
@@ -28,11 +27,16 @@ _latest update: Fri Jan 10 17:06:04 CET 2014_
 * CVE-2013-2513
 * CVE-2013-2512
 * CVE-2013-1607
-* move is\_vulnerable\_version? and is\_vulnerable\_patchlevel? to an adhoc class handling version comparison
+* CVE-2007-6183
+* move is\_vulnerable\_version? and is\_vulnerable\_patchlevel? to an adhoc
+  class handling version comparison
 * add @rubysec vulnerability database integration using rake
 * create a task to check for new CVE in NVD website
-* add a language check. It will handle a ruby script as input and a ruby\_parser line as unsafe pattern. It will compile the ruby and look for the unsafe pattern
-* add a check against deprecated ruby / gems version. I will handle MVC gems right now.
+* add a language check. It will handle a ruby script as input and a
+  ruby\_parser line as unsafe pattern. It will compile the ruby and look for
+  the unsafe pattern
+* add a check against deprecated ruby / gems version. I will handle MVC gems
+  right now.
 
 ## Version 1.2.0
 
@@ -50,6 +54,9 @@ _latest update: Fri Jan 10 17:06:04 CET 2014_
 * adding test for RoRCheatSheet\_16
 * preliminary javascript support
 * adding test for CVE-2011-4969  XSS in jquery < 1.6.2 
+
+## Version 1.5.0
+
 * detect stored XSS in Rails applications
 * detect reflected XSS in Rails applications
 * detect insecure direct object reference in Rails applications
@@ -64,12 +71,13 @@ _latest update: Fri Jan 10 17:06:04 CET 2014_
 * support ERB for in detect\_views (for both Sinatra and Padrino)
 * integration with [codesake.com](http://codesake.com) with a public available
   APIs to be consumed by codesake beta users.
-* dedicated web site under dawn.codesake.com
 * detect SQLi in Rails applications
-* integration with [codesake.com](http://codesake.com) with a public available
-  APIs to be consumed by codesake users.
 * automatic mitigation patch generation 
 
+
 ## Version 2.0.0
-* Add a --github option to dawn to clone a remote repository, perform a bundle install and do a code review.
+* Add a --github option to Codesake::Dawn to clone a remote repository, perform a bundle install and do a code review.
 * node.js support
+* SQLite3 integration for saving data. Each project will have its own SQLite
+  database containing reviews, findings and all. A table with Codesake::Dawn version it
+  created the database will be inserted as well

codesake-dawn.gemspec

@@ -8,16 +8,16 @@ Gem::Specification.new do |gem|
   gem.version       = Codesake::Dawn::VERSION
   gem.authors       = ["Paolo Perego"]
   gem.email         = ["thesp0nge@gmail.com"]
-  gem.description   = %q{dawn is a security static source code analyzer for web applications written in ruby. It supports major MVC frameworks like sinatra, padrino and ruby on rails. dawn output is a list of security vulnerabilities affecting your code with a suggestion on how to mitigate all of them.}
-  gem.summary       = %q{dawn is a security static source code analyzer for sinatra, padrino and ruby on rails web applicartions.}
+  gem.description   = %q{dawn is a security static source code analyzer for web applications written in ruby. It supports major MVC frameworks like sinatra, padrino and ruby on rails. dawn output is a list of security vulnerabilities affecting your code. It provides more than 140 security checks with their own mitigation suggestion.}
+  gem.summary       = %q{dawn is a security static source code analyzer for sinatra, padrino and ruby on rails web applications.}
   gem.homepage      = "http://dawn.codesake.com"
 
   gem.files         = `git ls-files`.split($/)
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
 
-  gem.add_dependency "codesake-commons", "~> 0.89.0"
+  gem.add_dependency "codesake-commons", "~> 0.90.0"
   gem.add_dependency 'cvss'
   gem.add_dependency 'haml'
   gem.add_dependency 'parser'