Now the issue #19 is really fixed.

#19

lib/codesake/dawn/kb/basic_check.rb

@@ -112,12 +112,26 @@ def is_vulnerable_version?(target = nil, fixes = nil)
           ret = false
 
           target_v_array = target.split(".").map! { |n| n.to_i }
+          debug_me("TARGET_V_ARRAY = #{target_v_array}")
           fixes.each do |fv|
             fixes_v_array = fv.split(".").map! { |n| n.to_i }
+            debug_me("FIXES_V_ARRAY = #{fixes_v_array}")
+            debug_me("SAME_MAJOR? #{target_v_array[0] == fixes_v_array[0]}")
+            debug_me("VULN_MINOR? #{target_v_array[1] < fixes_v_array[1]}")
+
+            debug_me("VULN_PATCH? #{target_v_array[2] < fixes_v_array[2]}")
+
+
             if target_v_array[0] == fixes_v_array[0]
               ret = true if target_v_array[1] < fixes_v_array[1] # same major but previous minor
-              ret = true if target_v_array[1] == fixes_v_array[1] and target_v_array[2] < fixes_v_array[2] 
+              if target_v_array[1] == fixes_v_array[1] 
+                debug_me("SAME_MINOR? #{target_v_array[1] == fixes_v_array[1]}")
+                ret = true if target_v_array[2] < fixes_v_array[2] 
+                ret = false if target_v_array[2] >= fixes_v_array[2] 
+
+              end
             end
+            debug_me("RET IS #{ret}")
           end
 
           ret

lib/codesake/dawn/kb/cve_2013_4457.rb

@@ -20,7 +20,7 @@ def initialize
             :aux_links=>["https://groups.google.com/forum/#!topic/ruby-security-ann/3XTGFbAJoTg"]
           })
 
-          self.safe_dependencies = [{:name=>"cocaine", :version=>['0.5.3', '0.4.9999', '0.3.0']}]
+          self.safe_dependencies = [{:name=>"cocaine", :version=>['0.5.3', '0.4.3', '0.3.0']}]
 
 
 				end

lib/codesake/dawn/kb/dependency_check.rb

@@ -27,12 +27,12 @@ def vuln?
 
             @safe_dependencies.each do |safe_dep|
               if @ruby_vulnerable_versions.empty?
-                if dep[:name] == safe_dep[:name] and is_vulnerable_version?(dep[:version], safe_dep[:version]) 
+                if dep[:name] == safe_dep[:name] && is_vulnerable_version?(dep[:version], safe_dep[:version]) 
                   ret = true
                   message = "Vulnerable #{dep[:name]} gem version found: #{dep[:version]}"
                 end
               else
-                if dep[:name] == safe_dep[:name] and is_vulnerable_version?(dep[:version], safe_dep[:version]) and is_ruby_vulnerable_version?
+                if dep[:name] == safe_dep[:name] && is_vulnerable_version?(dep[:version], safe_dep[:version]) && is_ruby_vulnerable_version?
                   ret = true
                   message = "Vulnerable #{dep[:name]} gem version found: #{dep[:version]}"
                 end

spec/lib/kb/codesake_cve_2013_4457.rb → spec/lib/kb/codesake_cve_2013_4457_spec.rb

@@ -6,33 +6,33 @@
     # @check.debug = true
   end
   it "is detected if vulnerable version of cocaine rubygem is detected" do
-    @check.options[:dependencies]=[{:name=>"cocaine", :version=>'0.4.0'}]
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.4.0'}]
     @check.vuln?.should   be_true
   end
   it "is detected if vulnerable version of cocaine rubygem is detected" do
-    @check.options[:dependencies]=[{:name=>"cocaine", :version=>'0.4.1'}]
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.4.1'}]
     @check.vuln?.should   be_true
   end
   it "is detected if vulnerable version of cocaine rubygem is detected" do
-    @check.options[:dependencies]=[{:name=>"cocaine", :version=>'0.4.2'}]
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.4.2'}]
     @check.vuln?.should   be_true
   end
   it "is detected if vulnerable version of cocaine rubygem is detected" do
-    @check.options[:dependencies]=[{:name=>"cocaine", :version=>'0.5.0'}]
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.5.0'}]
     @check.vuln?.should   be_true
   end
   it "is detected if vulnerable version of cocaine rubygem is detected" do
-    @check.options[:dependencies]=[{:name=>"cocaine", :version=>'0.5.1'}]
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.5.1'}]
     @check.vuln?.should   be_true
   end
   it "is detected if vulnerable version of cocaine rubygem is detected" do
-    @check.options[:dependencies]=[{:name=>"cocaine", :version=>'0.5.2'}]
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.5.2'}]
     @check.vuln?.should   be_true
   end
 
   it "is skipped if non vulnerable version of cocaine rubygem is detected" do
-    @check.options[:dependencies]=[{:name=>"cocaine", :version=>'0.3.2'}]
-    @check.vuln?.should   be_true
+    @check.dependencies=[{:name=>"cocaine", :version=>'0.3.2'}]
+    @check.vuln?.should   be_false
   end
 
 

spec/lib/kb/codesake_cve_2013_6416.rb → spec/lib/kb/codesake_cve_2013_6416_spec.rb

@@ -6,24 +6,24 @@
     # @check.debug = true
   end
   it "is detected if vulnerable version of rails rubygem is detected" do
-    @check.options[:dependencies]=[{:name=>"rails", :version=>'4.0.1'}]
+    @check.dependencies=[{:name=>"rails", :version=>'4.0.1'}]
     @check.vuln?.should   be_true
   end
   it "is ignored if rails version is 3.2.x" do 
-    @check.options[:dependencies]=[{:name=>"rails", :version=>'3.2.16'}]
+    @check.dependencies=[{:name=>"rails", :version=>'3.2.16'}]
     @check.vuln?.should   be_false
   end
 
   it "is ignored if rails version is 3.1.x" do 
-    @check.options[:dependencies]=[{:name=>"rails", :version=>'3.1.16'}]
+    @check.dependencies=[{:name=>"rails", :version=>'3.1.16'}]
     @check.vuln?.should   be_false
   end
   it "is ignored if rails version is 3.0.x" do 
-    @check.options[:dependencies]=[{:name=>"rails", :version=>'3.0.16'}]
+    @check.dependencies=[{:name=>"rails", :version=>'3.0.16'}]
     @check.vuln?.should   be_false
   end
   it "is ignored if rails version is 2.3.x" do 
-    @check.options[:dependencies]=[{:name=>"rails", :version=>'2.3.16'}]
+    @check.dependencies=[{:name=>"rails", :version=>'2.3.16'}]
     @check.vuln?.should   be_false
   end