Skip to content

Commit

Permalink
Added CVE-2013-4457
Browse files Browse the repository at this point in the history
  • Loading branch information
@thesp0nge
thesp0nge committed Nov 26, 2013
1 parent d7441b1 commit 9f58ab0
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 0 deletions.
1 change: 1 addition & 0 deletions Roadmap.md
View file
Expand Up @@ -100,6 +100,7 @@ able to scan something. It deserves a special release.
## Version 0.80

* adding test for CVE-2013-4164
* adding test for CVE-2013-4457
* adding test for CVE-2013-4562

* detect sinks for XSS in Padrino applications
Expand Down
30 changes: 30 additions & 0 deletions lib/codesake/dawn/kb/cve_2013_4457.rb
View file
@@ -0,0 +1,30 @@
module Codesake
module Dawn
module Kb
# Automatically created with rake on 2013-11-26
class CVE_2013_4457
include DependencyCheck

def initialize
message="The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation."
super({
:name=>"CVE-2013-4457",
:cvss=>"not assigned",
:release_date => Date.new(2013, 10, 22),
:cwe=>"",
:owasp=>"A9",
:applies=>["rails", "sinatra", "padrino"],
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
:message=>message,
:mitigation=>"You must upgrade to cocain gem version 0.5.3 or later",
:aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/3XTGFbAJoTg"]
})

self.safe_dependencies = [{:name=>"cocaine", :version=>['0.5.3', '0.4.9999']}]


end
end
end
end
end
3 changes: 3 additions & 0 deletions lib/codesake/dawn/knowledge_base.rb
View file
Expand Up @@ -81,6 +81,7 @@
require "codesake/dawn/kb/cve_2013_3221"
require "codesake/dawn/kb/cve_2013_4164"
require "codesake/dawn/kb/cve_2013_4389"
require "codesake/dawn/kb/cve_2013_4457"
require "codesake/dawn/kb/cve_2013_4562"


Expand Down Expand Up @@ -211,7 +212,9 @@ def self.load_security_checks
Codesake::Dawn::Kb::CVE_2013_3221.new,
Codesake::Dawn::Kb::CVE_2013_4164.new,
Codesake::Dawn::Kb::CVE_2013_4389.new,
Codesake::Dawn::Kb::CVE_2013_4457.new,
Codesake::Dawn::Kb::CVE_2013_4562.new,

]
end
end
Expand Down
5 changes: 5 additions & 0 deletions spec/lib/dawn/codesake_knowledgebase_spec.rb
View file
Expand Up @@ -382,4 +382,9 @@
sc.should_not be_nil
sc.class.should == Codesake::Dawn::Kb::CVE_2013_4562
end
it "must have test for CVE-2013-4457" do
sc = kb.find("CVE-2013-4457")
sc.should_not be_nil
sc.class.should == Codesake::Dawn::Kb::CVE_2013_4457
end
end

0 comments on commit 9f58ab0

Please sign in to comment.