Codebase list ruby-cms-scanner / 0534a62
New upstream version 0.13.8 Sophie Brun 2 years ago
10 changed file(s) with 78 addition(s) and 18 deletion(s). Raw diff Collapse all Expand all
+2
-2
.github/workflows/build.yml less more
88
99 strategy:
1010 matrix:
11 ruby: [2.5, 2.6, 2.7, 3.0]
11 ruby: [2.5, 2.6, 2.7, '3.0', 3.1]
1212
1313 steps:
1414 - name: Checkout code
1515 uses: actions/checkout@v1
1616
1717 - name: Set up Ruby ${{ matrix.ruby }}
18 uses: actions/setup-ruby@v1
18 uses: ruby/setup-ruby@v1
1919 with:
2020 ruby-version: ${{ matrix.ruby }}
2121
+17
-3
app/controllers/core.rb less more
4747 raise Error::ProxyAuthRequired
4848 end
4949
50 # Checks for redirects
51 # An out of scope redirect will raise an Error::HTTPRedirect
52 effective_url = target.homepage_res.effective_url
50 handle_redirection(res)
51 end
52
53 # Checks for redirects, an out of scope redirect will raise an Error::HTTPRedirect
54 #
55 # @param [ Typhoeus::Response ] res
56 def handle_redirection(res)
57 effective_url = target.homepage_res.effective_url # Basically get and follow location of target.url
58 effective_uri = Addressable::URI.parse(effective_url)
59
60 # Case of http://a.com => https://a.com (or the opposite)
61 if !NS::ParsedCli.ignore_main_redirect && target.uri.domain == effective_uri.domain &&
62 target.uri.path == effective_uri.path && target.uri.scheme != effective_uri.scheme
63
64 target.url = effective_url
65 end
5366
5467 return if target.in_scope?(effective_url)
5568
5669 raise Error::HTTPRedirect, effective_url unless NS::ParsedCli.ignore_main_redirect
5770
71 # Sets back homepage_res to unfollowed location in case of ignore_main_redirect used
5872 target.homepage_res = res
5973 end
6074
+6
-6
cms_scanner.gemspec less more
1818 s.test_files = []
1919 s.require_paths = ['lib']
2020
21 s.add_dependency 'ethon', '~> 0.14.0' # https://github.com/typhoeus/ethon/issues/185
21 s.add_dependency 'ethon', '>= 0.14', '< 0.16' # https://github.com/typhoeus/ethon/issues/185
2222 s.add_dependency 'get_process_mem', '~> 0.2.5'
23 s.add_dependency 'nokogiri', '>= 1.11.4', '< 1.13.0'
23 s.add_dependency 'nokogiri', '>= 1.11.4', '< 1.14.0'
2424 s.add_dependency 'opt_parse_validator', '~> 1.9.5'
2525 s.add_dependency 'public_suffix', '~> 4.0.3'
2626 s.add_dependency 'ruby-progressbar', '>= 1.10', '< 1.12'
3232
3333 s.add_development_dependency 'bundler', '>= 1.6'
3434 s.add_development_dependency 'rake', '~> 13.0'
35 s.add_development_dependency 'rspec', '~> 3.10.0'
35 s.add_development_dependency 'rspec', '~> 3.11.0'
3636 s.add_development_dependency 'rspec-its', '~> 1.3.0'
37 s.add_development_dependency 'rubocop', '~> 1.21.0'
38 s.add_development_dependency 'rubocop-performance', '~> 1.11.0'
37 s.add_development_dependency 'rubocop', '~> 1.26.0'
38 s.add_development_dependency 'rubocop-performance', '~> 1.13.0'
3939 s.add_development_dependency 'simplecov', '~> 0.21.0'
4040 s.add_development_dependency 'simplecov-lcov', '~> 0.8.0'
41 s.add_development_dependency 'webmock', '~> 3.13.0'
41 s.add_development_dependency 'webmock', '~> 3.14.0'
4242 end
+8
-1
lib/cms_scanner/formatter.rb less more
8383 puts render(tpl, vars, controller_name)
8484 end
8585
86 ERB_SUPPORTS_KVARGS = ::ERB.instance_method(:initialize).parameters.assoc(:key) # Ruby 2.6+
87
8688 # @param [ String ] tpl
8789 # @param [ Hash ] vars
8890 # @param [ String ] controller_name
9294
9395 # '-' is used to disable new lines when -%> is used
9496 # See http://www.ruby-doc.org/stdlib-2.1.1/libdoc/erb/rdoc/ERB.html
95 ERB.new(File.read(view_path(tpl)), nil, '-').result(binding)
97 # Since ruby 2.6, KVARGS are supported and passing argument is deprecated in ruby 3+
98 if ERB_SUPPORTS_KVARGS
99 ERB.new(File.read(view_path(tpl)), trim_mode: '-').result(binding)
100 else
101 ERB.new(File.read(view_path(tpl)), nil, '-').result(binding)
102 end
96103 end
97104
98105 # @param [ Hash ] vars
+1
-1
lib/cms_scanner/version.rb less more
11
22 # Version
33 module CMSScanner
4 VERSION = '0.13.6'
4 VERSION = '0.13.8'
55 end
+1
-1
lib/cms_scanner/web_site.rb less more
114114
115115 # @return [ Hash ] The Typhoeus params to use to perform head requests
116116 def head_or_get_params
117 @head_or_get_params ||= if NS::Browser.head(homepage_url).code == 405
117 @head_or_get_params ||= if [0, 405, 501].include?(NS::Browser.head(homepage_url).code)
118118 { method: :get, maxfilesize: 1 }
119119 else
120120 { method: :head }
+27
-0
spec/app/controllers/core_spec.rb less more
181181 # expect(core.target).to receive(:homepage_res).and_call_original
182182 # expect(core.target.homepage_url).to eql redirection # Doesn't work, no idea why :x
183183 end
184
185 context 'when http to https' do
186 let(:redirection) { target_url.gsub(/^http/, 'https') }
187
188 it 'sets the target url to the redirection' do
189 expect { core.before_scan }.to_not raise_error
190 expect(core.target.url).to eql redirection
191
192 # Needs that as the Target.url is set to the redirection
193 # otherwise the next spec which will run have the target url of redirection rather than target_url
194 CMSScanner::Controller::Base.reset
195 end
196
197 context 'when --ignore-main-redirect' do
198 let(:cli_args) { "#{super()} --ignore-main-redirect" }
199
200 it 'does not set the target url to the redirection' do
201 stub_request(:get, redirection).to_return(status: 200) # because reason
202
203 expect { core.before_scan }.to_not raise_error
204 expect(core.target.url).to eql target_url
205
206 expect(core.target).to receive(:homepage_res).and_call_original
207 expect(core.target.homepage_url).to eql target_url
208 end
209 end
210 end
184211 end
185212 end
186213
+1
-1
spec/lib/finders/finder/smart_url_checker_spec.rb less more
2222 before { expect(finder).to receive(:aggressive_urls).and_return(%w[u1 u2 u3]) }
2323
2424 after do
25 expect(finder).to receive(:process_urls).with(@expected_urls, mode: mode)
25 expect(finder).to receive(:process_urls).with(@expected_urls, { mode: mode })
2626 finder.aggressive(mode: mode)
2727 end
2828
+3
-3
spec/lib/scan_spec.rb less more
5151
5252 expect(scanner.formatter).to receive(:output).with(
5353 '@scan_aborted',
54 reason: 'cli option', trace: anything, verbose: false
54 { reason: 'cli option', trace: anything, verbose: false }
5555 )
5656 end
5757 end
6464
6565 expect(scanner.formatter).to receive(:output).with(
6666 '@scan_aborted',
67 reason: 'Canceled by User', trace: anything, verbose: false, url: target_url
67 { reason: 'Canceled by User', trace: anything, verbose: false, url: target_url }
6868 )
6969 end
7070 end
9292
9393 expect(scanner.formatter).to receive(:output).with(
9494 '@scan_aborted',
95 reason: run_error.message, trace: anything, verbose: expected_verbose, url: target_url
95 { reason: run_error.message, trace: anything, verbose: expected_verbose, url: target_url }
9696 )
9797 end
9898 end
+12
-0
spec/lib/web_site_spec.rb less more
187187 stub_request(:head, web_site.homepage_url).to_return(status: status)
188188 end
189189
190 context 'when HEAD dropped/timeout' do
191 let(:status) { 0 }
192
193 its(:head_or_get_params) { should eql(method: :get, maxfilesize: 1) }
194 end
195
190196 context 'when HEAD not supported' do
191197 let(:status) { 405 }
198
199 its(:head_or_get_params) { should eql(method: :get, maxfilesize: 1) }
200 end
201
202 context 'when HEAD not implemented' do
203 let(:status) { 501 }
192204
193205 its(:head_or_get_params) { should eql(method: :get, maxfilesize: 1) }
194206 end