Update upstream source from tag 'upstream/0.13.3'
Update to upstream version '0.13.3'
with Debian dir d7c5fd052a6eae2ce6f7a03f0d096075f2e65243
Sophie Brun
3 years ago
33 | 33 | Exclude: |
34 | 34 | - app/controllers/core/cli_options.rb |
35 | 35 | Metrics/ParameterLists: |
36 | Max: 6 | |
36 | 37 | MaxOptionalParameters: 4 |
37 | 38 | Metrics/PerceivedComplexity: |
38 | 39 | Max: 9 |
8 | 8 | s.platform = Gem::Platform::RUBY |
9 | 9 | s.required_ruby_version = '>= 2.5' |
10 | 10 | s.authors = ['WPScanTeam'] |
11 | s.email = ['[email protected]'] | |
11 | s.email = ['[email protected]'] | |
12 | 12 | s.summary = 'CMS Scanner Framework (experimental)' |
13 | 13 | s.description = 'Framework to provide an easy way to implement CMS Scanners' |
14 | 14 | s.homepage = 'https://github.com/wpscanteam/CMSScanner' |
20 | 20 | |
21 | 21 | s.add_dependency 'get_process_mem', '~> 0.2.5' |
22 | 22 | s.add_dependency 'nokogiri', '~> 1.11.0' |
23 | s.add_dependency 'opt_parse_validator', '~> 1.9.3' | |
23 | s.add_dependency 'opt_parse_validator', '~> 1.9.4' | |
24 | 24 | s.add_dependency 'public_suffix', '~> 4.0.3' |
25 | 25 | s.add_dependency 'ruby-progressbar', '>= 1.10', '< 1.12' |
26 | 26 | s.add_dependency 'typhoeus', '>= 1.3', '< 1.5' |
33 | 33 | s.add_development_dependency 'rake', '~> 13.0' |
34 | 34 | s.add_development_dependency 'rspec', '~> 3.10.0' |
35 | 35 | s.add_development_dependency 'rspec-its', '~> 1.3.0' |
36 | s.add_development_dependency 'rubocop', '~> 1.9.1' | |
37 | s.add_development_dependency 'rubocop-performance', '~> 1.9.0' | |
36 | s.add_development_dependency 'rubocop', '~> 1.11.0' | |
37 | s.add_development_dependency 'rubocop-performance', '~> 1.10.0' | |
38 | 38 | s.add_development_dependency 'simplecov', '~> 0.21.0' |
39 | 39 | s.add_development_dependency 'simplecov-lcov', '~> 0.8.0' |
40 | s.add_development_dependency 'webmock', '~> 3.11.0' | |
40 | s.add_development_dependency 'webmock', '~> 3.12.0' | |
41 | 41 | end |
58 | 58 | |
59 | 59 | full_res = NS::Browser.get(head_res.effective_url, full_request_params) |
60 | 60 | |
61 | return unless valid_response_codes.include?(full_res.code) | |
62 | ||
61 | 63 | return if target.homepage_or_404?(full_res) || |
62 | 64 | opts[:exclude_content] && full_res.body&.match(opts[:exclude_content]) |
63 | 65 |
85 | 85 | |
86 | 86 | # @return [ String ] The URL to the metasploit module page |
87 | 87 | def msf_url(mod) |
88 | "https://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}" | |
88 | "https://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}/" | |
89 | 89 | end |
90 | 90 | |
91 | 91 | # @return [ Array<String> ] The Packetstormsecurity IDs |
4 | 4 | class Vulnerability |
5 | 5 | include References |
6 | 6 | |
7 | attr_reader :title, :type, :fixed_in, :cvss | |
7 | attr_reader :title, :type, :fixed_in, :introduced_in, :cvss | |
8 | 8 | |
9 | 9 | # @param [ String ] title |
10 | 10 | # @param [ Hash ] references |
17 | 17 | # @option references [ Array<String> ] :youtube |
18 | 18 | # @param [ String ] type |
19 | 19 | # @param [ String ] fixed_in |
20 | # @param [ String ] introduced_in | |
20 | 21 | # @param [ HashSymbol ] cvss |
21 | 22 | # @option cvss [ String ] :score |
22 | 23 | # @option cvss [ String ] :vector |
23 | def initialize(title, references: {}, type: nil, fixed_in: nil, cvss: nil) | |
24 | @title = title | |
25 | @type = type | |
26 | @fixed_in = fixed_in | |
27 | @cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss | |
24 | def initialize(title, references: {}, type: nil, fixed_in: nil, introduced_in: nil, cvss: nil) | |
25 | @title = title | |
26 | @type = type | |
27 | @fixed_in = fixed_in | |
28 | @introduced_in = introduced_in | |
29 | @cvss = { score: cvss[:score], vector: cvss[:vector] } if cvss | |
28 | 30 | |
29 | 31 | self.references = references |
30 | 32 | end |
27 | 27 | end |
28 | 28 | |
29 | 29 | context 'when check_full_response is true' do |
30 | let(:opts) { super().merge(check_full_response: true) } | |
31 | let(:body) { '' } | |
32 | ||
33 | before { stub_request(:get, effective_url).to_return(body: body) } | |
30 | let(:opts) { super().merge(check_full_response: true) } | |
31 | let(:body) { '' } | |
32 | let(:status) { 200 } | |
33 | ||
34 | before { stub_request(:get, effective_url).to_return(body: body, status: status) } | |
34 | 35 | |
35 | 36 | context 'when the body matches the 404 homepage' do |
36 | 37 | it 'returns nil' do |
37 | 38 | expect(target).to receive(:homepage_or_404?).and_return(true) |
39 | ||
40 | expect(finder.maybe_get_full_response(head_res, opts)).to eql nil | |
41 | end | |
42 | end | |
43 | ||
44 | context 'when the status is not valid' do | |
45 | let(:status) { 404 } | |
46 | ||
47 | it 'returns nil' do | |
48 | allow(target).to receive(:homepage_or_404?).and_return(false) | |
38 | 49 | |
39 | 50 | expect(finder.maybe_get_full_response(head_res, opts)).to eql nil |
40 | 51 | end |
8 | 8 | it_behaves_like CMSScanner::References |
9 | 9 | |
10 | 10 | describe '#new' do |
11 | its(:title) { should eql title } | |
12 | its(:references) { should eql({}) } | |
13 | its(:type) { should eql nil } | |
14 | its(:fixed_in) { should eql nil } | |
15 | its(:cvss) { should eql nil } | |
11 | its(:title) { should eql title } | |
12 | its(:references) { should eql({}) } | |
13 | its(:type) { should eql nil } | |
14 | its(:fixed_in) { should eql nil } | |
15 | its(:introduced_in) { should eql nil } | |
16 | its(:cvss) { should eql nil } | |
16 | 17 | |
17 | 18 | context 'when CVSS' do |
18 | 19 | let(:cvss) { { score: '5.4', vector: 'spec', y: 'key should not be added' } } |
50 | 50 | its(:urls) { should eql %w[single-url] } |
51 | 51 | |
52 | 52 | its(:msf_modules) { should eql %w[/exploit/yolo] } |
53 | its(:msf_urls) { should eql %w[https://www.rapid7.com/db/modules/exploit/yolo] } | |
53 | its(:msf_urls) { should eql %w[https://www.rapid7.com/db/modules/exploit/yolo/] } | |
54 | 54 | |
55 | 55 | its(:packetstorm_ids) { should eq %w[15] } |
56 | 56 | its(:packetstorm_urls) { should eql %w[https://packetstormsecurity.com/files/15/] } |
65 | 65 | 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-11', |
66 | 66 | 'https://www.exploit-db.com/exploits/14/', |
67 | 67 | 'single-url', |
68 | 'https://www.rapid7.com/db/modules/exploit/yolo', | |
68 | 'https://www.rapid7.com/db/modules/exploit/yolo/', | |
69 | 69 | 'https://packetstormsecurity.com/files/15/', |
70 | 70 | 'https://www.securityfocus.com/bid/16/', |
71 | 71 | 'https://www.youtube.com/watch?v=xAAAA' |
104 | 104 | |
105 | 105 | its(:msf_modules) { should eql %w[/exploit/yolo exploit/aa] } |
106 | 106 | its(:msf_urls) do |
107 | should eql %w[https://www.rapid7.com/db/modules/exploit/yolo | |
108 | https://www.rapid7.com/db/modules/exploit/aa] | |
107 | should eql %w[https://www.rapid7.com/db/modules/exploit/yolo/ | |
108 | https://www.rapid7.com/db/modules/exploit/aa/] | |
109 | 109 | end |
110 | 110 | |
111 | 111 | its(:packetstorm_ids) { should eq %w[50 51] } |
130 | 130 | 'https://www.exploit-db.com/exploits/41/', |
131 | 131 | 'single-url', |
132 | 132 | 'another-url', |
133 | 'https://www.rapid7.com/db/modules/exploit/yolo', | |
134 | 'https://www.rapid7.com/db/modules/exploit/aa', | |
133 | 'https://www.rapid7.com/db/modules/exploit/yolo/', | |
134 | 'https://www.rapid7.com/db/modules/exploit/aa/', | |
135 | 135 | 'https://packetstormsecurity.com/files/50/', |
136 | 136 | 'https://packetstormsecurity.com/files/51/', |
137 | 137 | 'https://www.securityfocus.com/bid/60/', |