New upstream version 0.13.8
Sophie Brun
2 years ago
8 | 8 | |
9 | 9 | strategy: |
10 | 10 | matrix: |
11 | ruby: [2.5, 2.6, 2.7, 3.0] | |
11 | ruby: [2.5, 2.6, 2.7, '3.0', 3.1] | |
12 | 12 | |
13 | 13 | steps: |
14 | 14 | - name: Checkout code |
15 | 15 | uses: actions/checkout@v1 |
16 | 16 | |
17 | 17 | - name: Set up Ruby ${{ matrix.ruby }} |
18 | uses: actions/setup-ruby@v1 | |
18 | uses: ruby/setup-ruby@v1 | |
19 | 19 | with: |
20 | 20 | ruby-version: ${{ matrix.ruby }} |
21 | 21 |
47 | 47 | raise Error::ProxyAuthRequired |
48 | 48 | end |
49 | 49 | |
50 | # Checks for redirects | |
51 | # An out of scope redirect will raise an Error::HTTPRedirect | |
52 | effective_url = target.homepage_res.effective_url | |
50 | handle_redirection(res) | |
51 | end | |
52 | ||
53 | # Checks for redirects, an out of scope redirect will raise an Error::HTTPRedirect | |
54 | # | |
55 | # @param [ Typhoeus::Response ] res | |
56 | def handle_redirection(res) | |
57 | effective_url = target.homepage_res.effective_url # Basically get and follow location of target.url | |
58 | effective_uri = Addressable::URI.parse(effective_url) | |
59 | ||
60 | # Case of http://a.com => https://a.com (or the opposite) | |
61 | if !NS::ParsedCli.ignore_main_redirect && target.uri.domain == effective_uri.domain && | |
62 | target.uri.path == effective_uri.path && target.uri.scheme != effective_uri.scheme | |
63 | ||
64 | target.url = effective_url | |
65 | end | |
53 | 66 | |
54 | 67 | return if target.in_scope?(effective_url) |
55 | 68 | |
56 | 69 | raise Error::HTTPRedirect, effective_url unless NS::ParsedCli.ignore_main_redirect |
57 | 70 | |
71 | # Sets back homepage_res to unfollowed location in case of ignore_main_redirect used | |
58 | 72 | target.homepage_res = res |
59 | 73 | end |
60 | 74 |
18 | 18 | s.test_files = [] |
19 | 19 | s.require_paths = ['lib'] |
20 | 20 | |
21 | s.add_dependency 'ethon', '~> 0.14.0' # https://github.com/typhoeus/ethon/issues/185 | |
21 | s.add_dependency 'ethon', '>= 0.14', '< 0.16' # https://github.com/typhoeus/ethon/issues/185 | |
22 | 22 | s.add_dependency 'get_process_mem', '~> 0.2.5' |
23 | s.add_dependency 'nokogiri', '>= 1.11.4', '< 1.13.0' | |
23 | s.add_dependency 'nokogiri', '>= 1.11.4', '< 1.14.0' | |
24 | 24 | s.add_dependency 'opt_parse_validator', '~> 1.9.5' |
25 | 25 | s.add_dependency 'public_suffix', '~> 4.0.3' |
26 | 26 | s.add_dependency 'ruby-progressbar', '>= 1.10', '< 1.12' |
32 | 32 | |
33 | 33 | s.add_development_dependency 'bundler', '>= 1.6' |
34 | 34 | s.add_development_dependency 'rake', '~> 13.0' |
35 | s.add_development_dependency 'rspec', '~> 3.10.0' | |
35 | s.add_development_dependency 'rspec', '~> 3.11.0' | |
36 | 36 | s.add_development_dependency 'rspec-its', '~> 1.3.0' |
37 | s.add_development_dependency 'rubocop', '~> 1.21.0' | |
38 | s.add_development_dependency 'rubocop-performance', '~> 1.11.0' | |
37 | s.add_development_dependency 'rubocop', '~> 1.26.0' | |
38 | s.add_development_dependency 'rubocop-performance', '~> 1.13.0' | |
39 | 39 | s.add_development_dependency 'simplecov', '~> 0.21.0' |
40 | 40 | s.add_development_dependency 'simplecov-lcov', '~> 0.8.0' |
41 | s.add_development_dependency 'webmock', '~> 3.13.0' | |
41 | s.add_development_dependency 'webmock', '~> 3.14.0' | |
42 | 42 | end |
83 | 83 | puts render(tpl, vars, controller_name) |
84 | 84 | end |
85 | 85 | |
86 | ERB_SUPPORTS_KVARGS = ::ERB.instance_method(:initialize).parameters.assoc(:key) # Ruby 2.6+ | |
87 | ||
86 | 88 | # @param [ String ] tpl |
87 | 89 | # @param [ Hash ] vars |
88 | 90 | # @param [ String ] controller_name |
92 | 94 | |
93 | 95 | # '-' is used to disable new lines when -%> is used |
94 | 96 | # See http://www.ruby-doc.org/stdlib-2.1.1/libdoc/erb/rdoc/ERB.html |
95 | ERB.new(File.read(view_path(tpl)), nil, '-').result(binding) | |
97 | # Since ruby 2.6, KVARGS are supported and passing argument is deprecated in ruby 3+ | |
98 | if ERB_SUPPORTS_KVARGS | |
99 | ERB.new(File.read(view_path(tpl)), trim_mode: '-').result(binding) | |
100 | else | |
101 | ERB.new(File.read(view_path(tpl)), nil, '-').result(binding) | |
102 | end | |
96 | 103 | end |
97 | 104 | |
98 | 105 | # @param [ Hash ] vars |
114 | 114 | |
115 | 115 | # @return [ Hash ] The Typhoeus params to use to perform head requests |
116 | 116 | def head_or_get_params |
117 | @head_or_get_params ||= if NS::Browser.head(homepage_url).code == 405 | |
117 | @head_or_get_params ||= if [0, 405, 501].include?(NS::Browser.head(homepage_url).code) | |
118 | 118 | { method: :get, maxfilesize: 1 } |
119 | 119 | else |
120 | 120 | { method: :head } |
181 | 181 | # expect(core.target).to receive(:homepage_res).and_call_original |
182 | 182 | # expect(core.target.homepage_url).to eql redirection # Doesn't work, no idea why :x |
183 | 183 | end |
184 | ||
185 | context 'when http to https' do | |
186 | let(:redirection) { target_url.gsub(/^http/, 'https') } | |
187 | ||
188 | it 'sets the target url to the redirection' do | |
189 | expect { core.before_scan }.to_not raise_error | |
190 | expect(core.target.url).to eql redirection | |
191 | ||
192 | # Needs that as the Target.url is set to the redirection | |
193 | # otherwise the next spec which will run have the target url of redirection rather than target_url | |
194 | CMSScanner::Controller::Base.reset | |
195 | end | |
196 | ||
197 | context 'when --ignore-main-redirect' do | |
198 | let(:cli_args) { "#{super()} --ignore-main-redirect" } | |
199 | ||
200 | it 'does not set the target url to the redirection' do | |
201 | stub_request(:get, redirection).to_return(status: 200) # because reason | |
202 | ||
203 | expect { core.before_scan }.to_not raise_error | |
204 | expect(core.target.url).to eql target_url | |
205 | ||
206 | expect(core.target).to receive(:homepage_res).and_call_original | |
207 | expect(core.target.homepage_url).to eql target_url | |
208 | end | |
209 | end | |
210 | end | |
184 | 211 | end |
185 | 212 | end |
186 | 213 |
22 | 22 | before { expect(finder).to receive(:aggressive_urls).and_return(%w[u1 u2 u3]) } |
23 | 23 | |
24 | 24 | after do |
25 | expect(finder).to receive(:process_urls).with(@expected_urls, mode: mode) | |
25 | expect(finder).to receive(:process_urls).with(@expected_urls, { mode: mode }) | |
26 | 26 | finder.aggressive(mode: mode) |
27 | 27 | end |
28 | 28 |
51 | 51 | |
52 | 52 | expect(scanner.formatter).to receive(:output).with( |
53 | 53 | '@scan_aborted', |
54 | reason: 'cli option', trace: anything, verbose: false | |
54 | { reason: 'cli option', trace: anything, verbose: false } | |
55 | 55 | ) |
56 | 56 | end |
57 | 57 | end |
64 | 64 | |
65 | 65 | expect(scanner.formatter).to receive(:output).with( |
66 | 66 | '@scan_aborted', |
67 | reason: 'Canceled by User', trace: anything, verbose: false, url: target_url | |
67 | { reason: 'Canceled by User', trace: anything, verbose: false, url: target_url } | |
68 | 68 | ) |
69 | 69 | end |
70 | 70 | end |
92 | 92 | |
93 | 93 | expect(scanner.formatter).to receive(:output).with( |
94 | 94 | '@scan_aborted', |
95 | reason: run_error.message, trace: anything, verbose: expected_verbose, url: target_url | |
95 | { reason: run_error.message, trace: anything, verbose: expected_verbose, url: target_url } | |
96 | 96 | ) |
97 | 97 | end |
98 | 98 | end |
187 | 187 | stub_request(:head, web_site.homepage_url).to_return(status: status) |
188 | 188 | end |
189 | 189 | |
190 | context 'when HEAD dropped/timeout' do | |
191 | let(:status) { 0 } | |
192 | ||
193 | its(:head_or_get_params) { should eql(method: :get, maxfilesize: 1) } | |
194 | end | |
195 | ||
190 | 196 | context 'when HEAD not supported' do |
191 | 197 | let(:status) { 405 } |
198 | ||
199 | its(:head_or_get_params) { should eql(method: :get, maxfilesize: 1) } | |
200 | end | |
201 | ||
202 | context 'when HEAD not implemented' do | |
203 | let(:status) { 501 } | |
192 | 204 | |
193 | 205 | its(:head_or_get_params) { should eql(method: :get, maxfilesize: 1) } |
194 | 206 | end |