Commit 60cb01d3fc1cbed50d95859ca36e60624259135f - ruby-cms-scanner

+15

-1

.rubocop.yml less more

7	7	- 'example/*/'
8	8	Layout/LineLength:
9	9	Max: 120
	10	Lint/ConstantDefinitionInBlock:
	11	Enabled: false
	12	Lint/FloatComparison:
	13	Exclude:
	14	- spec/app/models/version_spec.rb
	15	Lint/MissingSuper:
	16	Enabled: false
10	17	Lint/UriEscapeUnescape:
11	18	Enabled: false
	19	Lint/UselessMethodDefinition:
	20	Exclude:
	21	- spec/lib/finders/same_type_finder_spec.rb
	22	- spec/lib/finders/unique_finder_spec.rb
12	23	Metrics/AbcSize:
13		Max: 25
	24	Max: 28
14	25	Metrics/BlockLength:
15	26	Exclude:
16	27	- 'spec/*/'

24	35	Max: 9
25	36	Style/ClassVars:
26	37	Enabled: false
	38	Style/CombinableLoops:
	39	Exclude:
	40	- spec/lib/controllers_spec.rb
27	41	Style/Documentation:
28	42	Enabled: false
29	43	Style/FormatStringToken:

+5

-5

cms_scanner.gemspec less more

31	31
32	32	s.add_development_dependency 'bundler', '>= 1.6'
33	33	s.add_development_dependency 'rake', '~> 13.0'
34		s.add_development_dependency 'rspec', '~> 3.9.0'
	34	s.add_development_dependency 'rspec', '~> 3.10.0'
35	35	s.add_development_dependency 'rspec-its', '~> 1.3.0'
36		s.add_development_dependency 'rubocop', '~> 0.88.0'
37		s.add_development_dependency 'rubocop-performance', '~> 1.7.0'
38		s.add_development_dependency 'simplecov', '~> 0.18.2'
	36	s.add_development_dependency 'rubocop', '~> 1.3.0'
	37	s.add_development_dependency 'rubocop-performance', '~> 1.9.0'
	38	s.add_development_dependency 'simplecov', '~> 0.19.0'
39	39	s.add_development_dependency 'simplecov-lcov', '~> 0.8.0'
40		s.add_development_dependency 'webmock', '~> 3.8.0'
	40	s.add_development_dependency 'webmock', '~> 3.10.0'
41	41	end

+1

-1

lib/cms_scanner/cache/file_store.rb less more

58	58	#
59	59	# @return [ String ] The expiration file path associated to the key
60	60	def entry_expiration_path(key)
61		entry_path(key) + '.expiration'
	61	"#{entry_path(key)}.expiration"
62	62	end
63	63
64	64	private

+3

-1

lib/cms_scanner/finders/finder.rb less more

56	56	# @param [String, Class ] klass
57	57	# @return [ String ]
58	58	def found_by(klass = self.class)
	59	labels = %w[aggressive passive]
	60
59	61	caller_locations.each do \|call\|
60	62	label = call.label
61	63
62		next unless %w[aggressive passive].include? label
	64	next unless labels.include? label
63	65
64	66	title = klass.to_s.demodulize.gsub(/(\d+)[a-z]+/i, '_\0').titleize(keep_id_suffix: true)
65	67

+1

-1

lib/cms_scanner/numeric.rb less more

7	7	e = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
8	8	s = format('%<s>.3f', s: (abs.to_f / 1024**e))
9	9
10		s.sub(/\.?0*$/, ' ' + units[e])
	10	s.sub(/\.?0*$/, " #{units[e]}")
11	11	end
12	12	end

+1

-1

lib/cms_scanner/target/scope.rb less more

59	59
60	60	domains.map! { \|d\| Regexp.escape(d.delete_suffix('/')).gsub('\', '.').gsub('/', '\\\\\?/') }
61	61
62		domains[0].gsub!(Regexp.escape(uri.host), Regexp.escape(uri.host) + '(?::\\d+)?') if uri.port
	62	domains[0].gsub!(Regexp.escape(uri.host), "#{Regexp.escape(uri.host)}(?::\\d+)?") if uri.port
63	63
64	64	@scope_url_pattern = %r{https?:\\?/\\?/(?:#{domains.join('\|')})\\?/?}i
65	65	end

+5

-5

lib/cms_scanner/target.rb less more

104	104	next unless attr_value && !attr_value.empty?
105	105
106	106	node_uri = begin
107		uri.join(attr_value.strip)
108		rescue StandardError
109		# Skip potential malformed URLs etc.
110		next
111		end
	107	uri.join(attr_value.strip)
	108	rescue StandardError
	109	# Skip potential malformed URLs etc.
	110	next
	111	end
112	112
113	113	next unless node_uri.host
114	114

+1

-1

lib/cms_scanner/web_site.rb less more

61	61
62	62	# @return [ String ] The URL of an unlikely existant page
63	63	def error_404_url
64		@error_404_url \|\|= uri.join(Digest::MD5.hexdigest(rand(999_999).to_s)[0..6] + '.html').to_s
	64	@error_404_url \|\|= uri.join("#{Digest::MD5.hexdigest(rand(999_999).to_s)[0..6]}.html").to_s
65	65	end
66	66
67	67	# Checks if the remote website is up.

+1

-1

spec/app/finders/interesting_findings/fantastico_fileslist_spec.rb less more

3	3	subject(:finder) { described_class.new(target) }
4	4	let(:target) { CMSScanner::Target.new(url) }
5	5	let(:url) { 'http://example.com/' }
6		let(:file_url) { url + 'fantastico_fileslist.txt' }
	6	let(:file_url) { "#{url}fantastico_fileslist.txt" }
7	7	let(:fixtures) { FIXTURES_FINDERS.join('interesting_findings', 'fantastico_fileslist') }
8	8
9	9	before { expect(finder.target).to receive(:head_or_get_params).and_return(method: :head) }

+1

-1

spec/app/finders/interesting_findings/robots_txt_spec.rb less more

3	3	subject(:finder) { described_class.new(target) }
4	4	let(:target) { CMSScanner::Target.new(url) }
5	5	let(:url) { 'http://example.com/' }
6		let(:robots_url) { url + 'robots.txt' }
	6	let(:robots_url) { "#{url}robots.txt" }
7	7	let(:fixtures) { FIXTURES_FINDERS.join('interesting_findings', 'robots_txt') }
8	8
9	9	before { expect(finder.target).to receive(:head_or_get_params).and_return(method: :head) }

+1

-1

spec/app/finders/interesting_findings/search_replace_db_2_spec.rb less more

3	3	subject(:finder) { described_class.new(target) }
4	4	let(:target) { CMSScanner::Target.new(url) }
5	5	let(:url) { 'http://example.com/' }
6		let(:file_url) { url + 'searchreplacedb2.php' }
	6	let(:file_url) { "#{url}searchreplacedb2.php" }
7	7	let(:fixtures) { FIXTURES_FINDERS.join('interesting_findings', 'search_replace_db_2') }
8	8
9	9	before { expect(finder.target).to receive(:head_or_get_params).and_return(method: :head) }

+1

-1

spec/app/finders/interesting_findings/xml_rpc_spec.rb less more

3	3	subject(:finder) { described_class.new(target) }
4	4	let(:target) { CMSScanner::Target.new(url) }
5	5	let(:url) { 'http://e.org/' }
6		let(:xml_rpc_url) { url + 'xmlrpc.php' }
	6	let(:xml_rpc_url) { "#{url}xmlrpc.php" }
7	7	let(:fixtures) { FIXTURES_FINDERS.join('interesting_findings', 'xml_rpc') }
8	8
9	9	describe '#potential_urls' do

+2

-1

spec/lib/finders/independent_finders_spec.rb less more

39	39
40	40	context 'when :mixed mode' do
41	41	let(:mode) { :mixed }
	42	let(:modes) { %i[passive aggressive] }
42	43
43	44	it 'calls :passive then :aggressive on each finder' do
44	45	finders.each do \|finder\|
45		%i[passive aggressive].each do \|method\|
	46	modes.each do \|method\|
46	47	expect(finder).to receive(method).with(hash_including(found: [])).ordered
47	48	end
48	49	end