dawnscanner
dawnscanner copied to clipboard
thesp0nge
Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
The official parser will be: https://github.com/whitequark/parser We must drop other parsers gem
adding test for CVE-2011-4969 XSS in jquery < 1.6.2
If a Sinatra app doesn't have a `views/` folder, the method `detect_views()` returns `nil` instead of an empty array, unlike the other `detect_*()` methods in sinatra.rb. https://github.com/codesake/codesake-dawn/blob/master/lib/codesake/dawn/sinatra.rb#L119 This causes a...
In the KB revamp, a task to automate security issues search either in CVE archive than OSVDB or Ruby related mailing lists, it must be created.
Add automatic mitigation patch generation for Ruby
Add a '--ab-decision' flag. Can be a good idea to make dawnscanner able just to say a quick "go/no go" for a release with a small json output like {decision:"GO",...
Separate dependencies check from model, view and controller analysis.