Import upstream version 0.12.1+git20201117.6d32a65
Kali Janitor
3 years ago
7 | 7 |
- 'example/**/*'
|
8 | 8 |
Layout/LineLength:
|
9 | 9 |
Max: 120
|
|
10 |
Lint/ConstantDefinitionInBlock:
|
|
11 |
Enabled: false
|
|
12 |
Lint/FloatComparison:
|
|
13 |
Exclude:
|
|
14 |
- spec/app/models/version_spec.rb
|
|
15 |
Lint/MissingSuper:
|
|
16 |
Enabled: false
|
10 | 17 |
Lint/UriEscapeUnescape:
|
11 | 18 |
Enabled: false
|
|
19 |
Lint/UselessMethodDefinition:
|
|
20 |
Exclude:
|
|
21 |
- spec/lib/finders/same_type_finder_spec.rb
|
|
22 |
- spec/lib/finders/unique_finder_spec.rb
|
12 | 23 |
Metrics/AbcSize:
|
13 | |
Max: 25
|
|
24 |
Max: 28
|
14 | 25 |
Metrics/BlockLength:
|
15 | 26 |
Exclude:
|
16 | 27 |
- 'spec/**/*'
|
|
24 | 35 |
Max: 9
|
25 | 36 |
Style/ClassVars:
|
26 | 37 |
Enabled: false
|
|
38 |
Style/CombinableLoops:
|
|
39 |
Exclude:
|
|
40 |
- spec/lib/controllers_spec.rb
|
27 | 41 |
Style/Documentation:
|
28 | 42 |
Enabled: false
|
29 | 43 |
Style/FormatStringToken:
|
31 | 31 |
|
32 | 32 |
s.add_development_dependency 'bundler', '>= 1.6'
|
33 | 33 |
s.add_development_dependency 'rake', '~> 13.0'
|
34 | |
s.add_development_dependency 'rspec', '~> 3.9.0'
|
|
34 |
s.add_development_dependency 'rspec', '~> 3.10.0'
|
35 | 35 |
s.add_development_dependency 'rspec-its', '~> 1.3.0'
|
36 | |
s.add_development_dependency 'rubocop', '~> 0.88.0'
|
37 | |
s.add_development_dependency 'rubocop-performance', '~> 1.7.0'
|
38 | |
s.add_development_dependency 'simplecov', '~> 0.18.2'
|
|
36 |
s.add_development_dependency 'rubocop', '~> 1.3.0'
|
|
37 |
s.add_development_dependency 'rubocop-performance', '~> 1.9.0'
|
|
38 |
s.add_development_dependency 'simplecov', '~> 0.19.0'
|
39 | 39 |
s.add_development_dependency 'simplecov-lcov', '~> 0.8.0'
|
40 | |
s.add_development_dependency 'webmock', '~> 3.8.0'
|
|
40 |
s.add_development_dependency 'webmock', '~> 3.10.0'
|
41 | 41 |
end
|
58 | 58 |
#
|
59 | 59 |
# @return [ String ] The expiration file path associated to the key
|
60 | 60 |
def entry_expiration_path(key)
|
61 | |
entry_path(key) + '.expiration'
|
|
61 |
"#{entry_path(key)}.expiration"
|
62 | 62 |
end
|
63 | 63 |
|
64 | 64 |
private
|
56 | 56 |
# @param [String, Class ] klass
|
57 | 57 |
# @return [ String ]
|
58 | 58 |
def found_by(klass = self.class)
|
|
59 |
labels = %w[aggressive passive]
|
|
60 |
|
59 | 61 |
caller_locations.each do |call|
|
60 | 62 |
label = call.label
|
61 | 63 |
|
62 | |
next unless %w[aggressive passive].include? label
|
|
64 |
next unless labels.include? label
|
63 | 65 |
|
64 | 66 |
title = klass.to_s.demodulize.gsub(/(\d+)[a-z]+/i, '_\0').titleize(keep_id_suffix: true)
|
65 | 67 |
|
7 | 7 |
e = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
|
8 | 8 |
s = format('%<s>.3f', s: (abs.to_f / 1024**e))
|
9 | 9 |
|
10 | |
s.sub(/\.?0*$/, ' ' + units[e])
|
|
10 |
s.sub(/\.?0*$/, " #{units[e]}")
|
11 | 11 |
end
|
12 | 12 |
end
|
59 | 59 |
|
60 | 60 |
domains.map! { |d| Regexp.escape(d.delete_suffix('/')).gsub('\*', '.*').gsub('/', '\\\\\?/') }
|
61 | 61 |
|
62 | |
domains[0].gsub!(Regexp.escape(uri.host), Regexp.escape(uri.host) + '(?::\\d+)?') if uri.port
|
|
62 |
domains[0].gsub!(Regexp.escape(uri.host), "#{Regexp.escape(uri.host)}(?::\\d+)?") if uri.port
|
63 | 63 |
|
64 | 64 |
@scope_url_pattern = %r{https?:\\?/\\?/(?:#{domains.join('|')})\\?/?}i
|
65 | 65 |
end
|
104 | 104 |
next unless attr_value && !attr_value.empty?
|
105 | 105 |
|
106 | 106 |
node_uri = begin
|
107 | |
uri.join(attr_value.strip)
|
108 | |
rescue StandardError
|
109 | |
# Skip potential malformed URLs etc.
|
110 | |
next
|
111 | |
end
|
|
107 |
uri.join(attr_value.strip)
|
|
108 |
rescue StandardError
|
|
109 |
# Skip potential malformed URLs etc.
|
|
110 |
next
|
|
111 |
end
|
112 | 112 |
|
113 | 113 |
next unless node_uri.host
|
114 | 114 |
|
61 | 61 |
|
62 | 62 |
# @return [ String ] The URL of an unlikely existant page
|
63 | 63 |
def error_404_url
|
64 | |
@error_404_url ||= uri.join(Digest::MD5.hexdigest(rand(999_999).to_s)[0..6] + '.html').to_s
|
|
64 |
@error_404_url ||= uri.join("#{Digest::MD5.hexdigest(rand(999_999).to_s)[0..6]}.html").to_s
|
65 | 65 |
end
|
66 | 66 |
|
67 | 67 |
# Checks if the remote website is up.
|
3 | 3 |
subject(:finder) { described_class.new(target) }
|
4 | 4 |
let(:target) { CMSScanner::Target.new(url) }
|
5 | 5 |
let(:url) { 'http://example.com/' }
|
6 | |
let(:file_url) { url + 'fantastico_fileslist.txt' }
|
|
6 |
let(:file_url) { "#{url}fantastico_fileslist.txt" }
|
7 | 7 |
let(:fixtures) { FIXTURES_FINDERS.join('interesting_findings', 'fantastico_fileslist') }
|
8 | 8 |
|
9 | 9 |
before { expect(finder.target).to receive(:head_or_get_params).and_return(method: :head) }
|
3 | 3 |
subject(:finder) { described_class.new(target) }
|
4 | 4 |
let(:target) { CMSScanner::Target.new(url) }
|
5 | 5 |
let(:url) { 'http://example.com/' }
|
6 | |
let(:robots_url) { url + 'robots.txt' }
|
|
6 |
let(:robots_url) { "#{url}robots.txt" }
|
7 | 7 |
let(:fixtures) { FIXTURES_FINDERS.join('interesting_findings', 'robots_txt') }
|
8 | 8 |
|
9 | 9 |
before { expect(finder.target).to receive(:head_or_get_params).and_return(method: :head) }
|
3 | 3 |
subject(:finder) { described_class.new(target) }
|
4 | 4 |
let(:target) { CMSScanner::Target.new(url) }
|
5 | 5 |
let(:url) { 'http://example.com/' }
|
6 | |
let(:file_url) { url + 'searchreplacedb2.php' }
|
|
6 |
let(:file_url) { "#{url}searchreplacedb2.php" }
|
7 | 7 |
let(:fixtures) { FIXTURES_FINDERS.join('interesting_findings', 'search_replace_db_2') }
|
8 | 8 |
|
9 | 9 |
before { expect(finder.target).to receive(:head_or_get_params).and_return(method: :head) }
|
3 | 3 |
subject(:finder) { described_class.new(target) }
|
4 | 4 |
let(:target) { CMSScanner::Target.new(url) }
|
5 | 5 |
let(:url) { 'http://e.org/' }
|
6 | |
let(:xml_rpc_url) { url + 'xmlrpc.php' }
|
|
6 |
let(:xml_rpc_url) { "#{url}xmlrpc.php" }
|
7 | 7 |
let(:fixtures) { FIXTURES_FINDERS.join('interesting_findings', 'xml_rpc') }
|
8 | 8 |
|
9 | 9 |
describe '#potential_urls' do
|
39 | 39 |
|
40 | 40 |
context 'when :mixed mode' do
|
41 | 41 |
let(:mode) { :mixed }
|
|
42 |
let(:modes) { %i[passive aggressive] }
|
42 | 43 |
|
43 | 44 |
it 'calls :passive then :aggressive on each finder' do
|
44 | 45 |
finders.each do |finder|
|
45 | |
%i[passive aggressive].each do |method|
|
|
46 |
modes.each do |method|
|
46 | 47 |
expect(finder).to receive(method).with(hash_including(found: [])).ordered
|
47 | 48 |
end
|
48 | 49 |
end
|