# Codesake Dawn - roadmap

Dawn is a static analysis security scanner for ruby written web applications.
It supports [Sinatra](http://www.sinatrarb.com),
[Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org)
frameworks. 

This is an ongoing roadmap for the dawn source code review tool.

_latest update: Fri Jan 10 17:06:04 CET 2014_

## Version 1.0.0

* CVE-2013-2119
* CVE-2013-1756
* CVE-2013-0162
* CVE-2012-2671
* CVE-2012-2139
* CVE-2012-1098
* CVE-2007-6183

## Version 1.1.0

* CVE-2014-1234
* CVE-2014-1233
* CVE-2013-5671
* CVE-2013-4593
* CVE-2013-4489
* CVE-2013-4413
* CVE-2013-2516
* CVE-2013-2513
* CVE-2013-2512
* CVE-2013-1607
* move is\_vulnerable\_version? and is\_vulnerable\_patchlevel? to an adhoc class handling version comparison
* add @rubysec vulnerability database integration using rake
* create a task to check for new CVE in NVD website
* add a language check. It will handle a ruby script as input and a ruby\_parser line as unsafe pattern. It will compile the ruby and look for the unsafe pattern
* add a check against deprecated ruby / gems version. I will handle MVC gems right now.

## Version 1.2.0

* adding test for RoRCheatSheet\_2
* adding test for RoRCheatSheet\_3
* adding test for RoRCheatSheet\_5
* adding test for RoRCheatSheet\_6
* adding test for RoRCheatSheet\_9
* adding test for RoRCheatSheet\_10
* adding test for RoRCheatSheet\_11
* adding test for RoRCheatSheet\_12
* adding test for RoRCheatSheet\_13
* adding test for RoRCheatSheet\_14
* adding test for RoRCheatSheet\_15
* adding test for RoRCheatSheet\_16
* preliminary javascript support
* adding test for CVE-2011-4969  XSS in jquery < 1.6.2 
* detect stored XSS in Rails applications
* detect reflected XSS in Rails applications
* detect insecure direct object reference in Rails applications
* detect SQLi in Sinatra applications
* detect SQLi in Padrino applications
* detect sinks for XSS in Padrino applications
* detect reflected XSS in Padrino applications
* detect stored XSS in Sinatra applications
* detect stored XSS in Padrino applications
* detect insecure direct object reference in Sinatra applications
* detect insecure direct object reference in Padrino applications
* support ERB for in detect\_views (for both Sinatra and Padrino)
* integration with [codesake.com](http://codesake.com) with a public available
  APIs to be consumed by codesake beta users.
* dedicated web site under dawn.codesake.com
* detect SQLi in Rails applications
* integration with [codesake.com](http://codesake.com) with a public available
  APIs to be consumed by codesake users.
* automatic mitigation patch generation 

## Version 2.0.0
* Add a --github option to dawn to clone a remote repository, perform a bundle install and do a code review.
* node.js support