Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
88 additions
and
0 deletions.
There are no files selected for viewing
21 changes: 21 additions & 0 deletions
21
features/dawn_complains_about_an_incorrect_command_line.feature.disabled
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,21 @@ | |||
| Feature: dawn complains on its command line when incomplete | |||
| When executed dawn needs a target to analyse | |||
|
|
|||
| Scenario: dawn complains if you don't specify the target framework | |||
| When I run `bundle exec dawn` | |||
| Then the stderr should contain "missing target" | |||
|
|
|||
| Scenario: dawn complains if you don't specify the target | |||
| When I run `bundle exec dawn -s` | |||
| Then the stderr should contain "missing target" | |||
|
|
|||
| Scenario: dawn complains if the target doesn't exist | |||
| Given the generic project "/tmp/this_is_foo" doesn't exist | |||
| When I run `bundle exec dawn -s /tmp/this_is_foo` | |||
| Then the stderr should contain "invalid directory (/tmp/this_is_foo)" | |||
|
|
|||
| Scenario: dawn complains if the target uses a different framework than the one specified | |||
| Given the hello world rails project does exist | |||
| When I run `bundle exec dawn -s /tmp/hello_world_3.2.13` | |||
| Then the stderr should contain "nothing to do on /tmp/hello_world_3.2.13" | |||
|
|
|||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,31 @@ | |||
| Feature: dawn reports no security issues | |||
| When it scans a sinatra application that it is updated and it has no XSS | |||
|
|
|||
| Scenario: dawn detects the sinatra version | |||
| Given a safe sinatra application exists | |||
| When I run `bundle exec dawn /tmp/sinatra-safe` | |||
| Then the stdout should contain "1.4.2" | |||
|
|
|||
| Scenario: dawn tells there are no vulnerabilities | |||
| Given a safe sinatra application exists | |||
| When I run `bundle exec dawn /tmp/sinatra-safe` | |||
| Then the stdout should contain "no vulnerabilities found" | |||
|
|
|||
| # Test for --output json | |||
| Scenario: dawn can give a brief json output as well | |||
| Given a safe sinatra application exists | |||
| When I run `bundle exec dawn -s /tmp/sinatra-safe --output json` | |||
| Then the stdout should contain "{\"status\":"OK",\"target\":"/tmp/sinatra-safe",\"mvc\":"sinatra",\"mvc_version\":"1.4.2",\"vulnerabilities_count\":0,\"vulnerabilities\":[],\"mitigated_vuln_count\":0,\"mitigated_vuln\":[],\"reflected_xss\":[]}" | |||
|
|
|||
|
|
|||
| # Tests for --count-only option | |||
| Scenario: dawn can give just the number of issues found as output | |||
| Given a safe sinatra application exists | |||
| When I run `bundle exec dawn --count-only -s /tmp/sinatra-safe` | |||
| Then the stdout should contain "0" | |||
|
|
|||
| Scenario: dawn can give just the number of issues found as output | |||
| Given a safe sinatra application exists | |||
| When I run `bundle exec dawn --count-only -s /tmp/sinatra-safe --output json` | |||
| Then the stdout should contain "{\"status\":"OK",\"vulnerabilities_count\":0}" | |||
|
|
|||
36 changes: 36 additions & 0 deletions
36
features/dawn_scan_a_vulnerable_sinatra_app.feature.disabled
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,36 @@ | |||
| Feature: dawn reports security issues | |||
| When it scans a sinatra application that it is not updated and it has XSS | |||
|
|
|||
| Scenario: dawn detects the sinatra version | |||
| Given a vulnerable sinatra application exists | |||
| When I run `bundle exec dawn /tmp/sinatra-vulnerable` | |||
| Then the stdout should contain "1.2.6" | |||
|
|
|||
| Scenario: dawn tells there are no vulnerabilities | |||
| Given a vulnerable sinatra application exists | |||
| When I run `bundle exec dawn /tmp/sinatra-vulnerable` | |||
| Then the stdout should contain "4 vulnerabilities found" | |||
| And the stdout should contain "Not revised code failed" | |||
| And the stdout should contain "CVE-2013-0269 failed" | |||
| And the stdout should contain "CVE-2013-1800 failed" | |||
| And the stdout should contain "1 reflected XSS found" | |||
| And the stdout should contain "request parameter \"name\"" | |||
|
|
|||
| # Test for --output json | |||
| Scenario: dawn can give a brief json output as well | |||
| Given a vulnerable sinatra application exists | |||
| When I run `bundle exec dawn -s /tmp/sinatra-vulnerable --output json` | |||
| Then the stdout should contain "{\"status\":"OK",\"target\":"/tmp/sinatra-vulnerable",\"mvc\":"sinatra",\"mvc_version\":"1.2.6",\"vulnerabilities_count\":4,\"vulnerabilities\":["Not revised code","CVE-2013-0269","CVE-2013-1800"],\"mitigated_vuln_count\":0,\"mitigated_vuln\":[],\"reflected_xss\":["request parameter \"name\""]}" | |||
|
|
|||
|
|
|||
| # Tests for --count-only option | |||
| Scenario: dawn can give just the number of issues found as output | |||
| Given a vulnerable sinatra application exists | |||
| When I run `bundle exec dawn --count-only -s /tmp/sinatra-vulnerable` | |||
| Then the stdout should contain "4" | |||
|
|
|||
| Scenario: dawn can give just the number of issues found as output | |||
| Given a vulnerable sinatra application exists | |||
| When I run `bundle exec dawn --count-only -s /tmp/sinatra-vulnerable --output json` | |||
| Then the stdout should contain "{\"status\":"OK",\"vulnerabilities_count\":4}" | |||
|
|
|||