cve_2014_0082 is now green again

thesp0nge · Mar 11, 2014 · e388754 · e388754
1 parent 3b965b9
commit e388754
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 1 deletion.
diff --git a/lib/codesake/dawn/kb/version_check.rb b/lib/codesake/dawn/kb/version_check.rb
@@ -251,6 +251,7 @@ def is_vulnerable_version?(safe_version, detected_version)
           return debug_me_and_return_false("#{detected_version} has a major version vulnerable but honoring save_major_fix") if major && @save_major_fix
           return debug_me_and_return_false("#{detected_version} has a minor version vulnerable but honoring save_minor_fix") if minor && @save_minor_fix
           return true if major && minor
+          return true if major && !@save_major_fix
           return true if !major && minor && @save_major_fix
           return is_vulnerable_patch?(safe_version_array, detected_version_array) if is_same_major?(safe_version_array, detected_version_array) && is_same_minor?(safe_version_array, detected_version_array)
           return true if is_same_major?(safe_version_array, detected_version_array) && minor

diff --git a/spec/lib/kb/cve_2014_0082_spec.rb b/spec/lib/kb/cve_2014_0082_spec.rb
@@ -17,7 +17,6 @@
     rand_min = SecureRandom.random_number(9999)
     rand_patch = SecureRandom.random_number(9999)
     version = "2.#{rand_min}.#{rand_patch}"
-
     @check.dependencies = [{:name=>"rails", :version=>version}]
     @check.vuln?.should be_true
   end