Permalink
Browse files

Disabled cucumber features

  • Loading branch information...
1 parent 05b90c3 commit f7288a01f50f223584a7c69d905eff7fb0fd9531 @thesp0nge committed Jan 9, 2014
@@ -0,0 +1,21 @@
+Feature: dawn complains on its command line when incomplete
+ When executed dawn needs a target to analyse
+
+ Scenario: dawn complains if you don't specify the target framework
+ When I run `bundle exec dawn`
+ Then the stderr should contain "missing target"
+
+ Scenario: dawn complains if you don't specify the target
+ When I run `bundle exec dawn -s`
+ Then the stderr should contain "missing target"
+
+ Scenario: dawn complains if the target doesn't exist
+ Given the generic project "/tmp/this_is_foo" doesn't exist
+ When I run `bundle exec dawn -s /tmp/this_is_foo`
+ Then the stderr should contain "invalid directory (/tmp/this_is_foo)"
+
+ Scenario: dawn complains if the target uses a different framework than the one specified
+ Given the hello world rails project does exist
+ When I run `bundle exec dawn -s /tmp/hello_world_3.2.13`
+ Then the stderr should contain "nothing to do on /tmp/hello_world_3.2.13"
+
@@ -0,0 +1,31 @@
+Feature: dawn reports no security issues
+ When it scans a sinatra application that it is updated and it has no XSS
+
+ Scenario: dawn detects the sinatra version
+ Given a safe sinatra application exists
+ When I run `bundle exec dawn /tmp/sinatra-safe`
+ Then the stdout should contain "1.4.2"
+
+ Scenario: dawn tells there are no vulnerabilities
+ Given a safe sinatra application exists
+ When I run `bundle exec dawn /tmp/sinatra-safe`
+ Then the stdout should contain "no vulnerabilities found"
+
+ # Test for --output json
+ Scenario: dawn can give a brief json output as well
+ Given a safe sinatra application exists
+ When I run `bundle exec dawn -s /tmp/sinatra-safe --output json`
+ Then the stdout should contain "{\"status\":"OK",\"target\":"/tmp/sinatra-safe",\"mvc\":"sinatra",\"mvc_version\":"1.4.2",\"vulnerabilities_count\":0,\"vulnerabilities\":[],\"mitigated_vuln_count\":0,\"mitigated_vuln\":[],\"reflected_xss\":[]}"
+
+
+ # Tests for --count-only option
+ Scenario: dawn can give just the number of issues found as output
+ Given a safe sinatra application exists
+ When I run `bundle exec dawn --count-only -s /tmp/sinatra-safe`
+ Then the stdout should contain "0"
+
+ Scenario: dawn can give just the number of issues found as output
+ Given a safe sinatra application exists
+ When I run `bundle exec dawn --count-only -s /tmp/sinatra-safe --output json`
+ Then the stdout should contain "{\"status\":"OK",\"vulnerabilities_count\":0}"
+
@@ -0,0 +1,36 @@
+Feature: dawn reports security issues
+ When it scans a sinatra application that it is not updated and it has XSS
+
+ Scenario: dawn detects the sinatra version
+ Given a vulnerable sinatra application exists
+ When I run `bundle exec dawn /tmp/sinatra-vulnerable`
+ Then the stdout should contain "1.2.6"
+
+ Scenario: dawn tells there are no vulnerabilities
+ Given a vulnerable sinatra application exists
+ When I run `bundle exec dawn /tmp/sinatra-vulnerable`
+ Then the stdout should contain "4 vulnerabilities found"
+ And the stdout should contain "Not revised code failed"
+ And the stdout should contain "CVE-2013-0269 failed"
+ And the stdout should contain "CVE-2013-1800 failed"
+ And the stdout should contain "1 reflected XSS found"
+ And the stdout should contain "request parameter \"name\""
+
+ # Test for --output json
+ Scenario: dawn can give a brief json output as well
+ Given a vulnerable sinatra application exists
+ When I run `bundle exec dawn -s /tmp/sinatra-vulnerable --output json`
+ Then the stdout should contain "{\"status\":"OK",\"target\":"/tmp/sinatra-vulnerable",\"mvc\":"sinatra",\"mvc_version\":"1.2.6",\"vulnerabilities_count\":4,\"vulnerabilities\":["Not revised code","CVE-2013-0269","CVE-2013-1800"],\"mitigated_vuln_count\":0,\"mitigated_vuln\":[],\"reflected_xss\":["request parameter \"name\""]}"
+
+
+ # Tests for --count-only option
+ Scenario: dawn can give just the number of issues found as output
+ Given a vulnerable sinatra application exists
+ When I run `bundle exec dawn --count-only -s /tmp/sinatra-vulnerable`
+ Then the stdout should contain "4"
+
+ Scenario: dawn can give just the number of issues found as output
+ Given a vulnerable sinatra application exists
+ When I run `bundle exec dawn --count-only -s /tmp/sinatra-vulnerable --output json`
+ Then the stdout should contain "{\"status\":"OK",\"vulnerabilities_count\":4}"
+

0 comments on commit f7288a0

Please sign in to comment.