Codebase list ruby-cms-scanner / cf9f424
New upstream version 0.0.40.3 Sophie Brun 5 years ago
24 changed file(s) with 177 addition(s) and 23 deletion(s). Raw diff Collapse all Expand all
+8
-5
app/controllers/core.rb less more
6464 end
6565
6666 def after_scan
67 @stop_time = Time.now
68 @elapsed = @stop_time - @start_time
69 @used_memory = memory_usage - @start_memory
70 @requests_done = CMSScanner.total_requests
67 @stop_time = Time.now
68 @elapsed = @stop_time - @start_time
69 @used_memory = memory_usage - @start_memory
7170
72 output('finished')
71 output('finished',
72 cached_requests: NS.cached_requests,
73 requests_done: NS.total_requests,
74 data_sent: NS.total_data_sent,
75 data_received: NS.total_data_received)
7376 end
7477 end
7578 end
+5
-0
app/models/interesting_finding.rb less more
3030 @to_s || url
3131 end
3232
33 # @return [ String ]
34 def type
35 @type ||= self.class.to_s.demodulize.underscore
36 end
37
3338 # @return [ Boolean ]
3439 def ==(other)
3540 self.class == other.class && to_s == other.to_s
+3
-0
app/views/cli/core/finished.erb less more
00 <%= info_icon %> Finished: <%= @stop_time.asctime %>
11 <%= info_icon %> Requests Done: <%= @requests_done %>
2 <%= info_icon %> Cached Requests: <%= @cached_requests %>
3 <%= info_icon %> Data Sent: <%= @data_sent.bytes_to_human %>
4 <%= info_icon %> Data Received: <%= @data_received.bytes_to_human %>
25 <%= info_icon %> Memory used: <%= @used_memory.bytes_to_human %>
36 <%= info_icon %> Elapsed time: <%= Time.at(@elapsed).utc.strftime('%H:%M:%S') %>
+7
-1
app/views/json/core/finished.erb less more
00 "stop_time": <%= @stop_time.to_i %>,
11 "elapsed": <%= @elapsed.to_i %>,
22 "requests_done": <%= @requests_done.to_i %>,
3 "used_memory": <%= @used_memory.to_i %>,
3 "cached_requests": <%= @cached_requests.to_i %>,
4 "data_sent": <%= @data_sent.to_i %>,
5 "data_sent_humanised": <%= @data_sent.bytes_to_human.to_json %>,
6 "data_received": <%= @data_received.to_i %>,
7 "data_received_humanised": <%= @data_received.bytes_to_human.to_json %>,
8 "used_memory": <%= @used_memory.to_i %>,
9 "used_memory_humanised": <%= @used_memory.bytes_to_human.to_json %>,
+1
-0
app/views/json/interesting_findings/findings.erb less more
44 {
55 "url": <%= finding.url.to_s.to_json %>,
66 "to_s": <%= finding.to_s.to_json %>,
7 "type": <%= finding.type.to_json %>,
78 "found_by": <%= finding.found_by.to_s.to_json %>,
89 "confidence": <%= finding.confidence.to_json %>,
910 "confirmed_by": {
+1
-1
cms_scanner.gemspec less more
3636 s.add_development_dependency 'rake', '~> 12.3'
3737 s.add_development_dependency 'rspec', '~> 3.8.0'
3838 s.add_development_dependency 'rspec-its', '~> 1.2.0'
39 s.add_development_dependency 'rubocop', '~> 0.59.2'
39 s.add_development_dependency 'rubocop', '~> 0.60.0'
4040 s.add_development_dependency 'simplecov', '~> 0.16.1'
4141 s.add_development_dependency 'webmock', '~> 3.4.2'
4242 end
+3
-3
lib/cms_scanner/target/platform/php.rb less more
22 module Platform
33 # Some PHP specific implementation
44 module PHP
5 DEBUG_LOG_PATTERN = /\[[^\]]+\] PHP (?:Warning|Error|Notice):/
6 FPD_PATTERN = /Fatal error:.+? in (.+?) on/
7 ERROR_LOG_PATTERN = /PHP Fatal error/i
5 DEBUG_LOG_PATTERN = /\[[^\]]+\] PHP (?:Warning|Error|Notice):/.freeze
6 FPD_PATTERN = /Fatal error:.+? in (.+?) on/.freeze
7 ERROR_LOG_PATTERN = /PHP Fatal error/i.freeze
88
99 # @param [ String ] path
1010 # @param [ Regexp ] pattern
+12
-1
lib/cms_scanner/typhoeus/response.rb less more
00 module Typhoeus
11 # Custom Response class
22 class Response
3 # @return [ Nokogiri::HTML ] The response's body parsed by Nokogiri::HTML
3 # @return [ Nokogiri::XML ] The response's body parsed by Nokogiri::HTML
44 def html
55 @html ||= Nokogiri::HTML(body.encode('UTF-8', invalid: :replace, undef: :replace))
66 end
99 def xml
1010 @xml ||= Nokogiri::XML(body.encode('UTF-8', invalid: :replace, undef: :replace))
1111 end
12
13 # Override of the original to ensure an integer is returned
14 # @return [ Integer ]
15 def request_size
16 super || 0
17 end
18
19 # @return [ Integer ]
20 def size
21 (body.nil? ? 0 : body.size) + (response_headers.nil? ? 0 : response_headers.size)
22 end
1223 end
1324 end
+1
-1
lib/cms_scanner/version.rb less more
00 # Version
11 module CMSScanner
2 VERSION = '0.0.40.2'.freeze
2 VERSION = '0.0.40.3'.freeze
33 end
+36
-2
lib/cms_scanner.rb less more
3939 APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
4040 NS = self
4141
42 # Number of requests performed to display at the end of the scan
42 # Number of requests performed and data sent/received to display at the end of the scan
4343 Typhoeus.on_complete do |response|
44 self.cached_requests += 1 if response.cached?
45
4446 next if response.cached?
4547
4648 self.total_requests += 1
49 self.total_data_sent += response.request_size
50 self.total_data_received += response.size
4751
4852 NS::Browser.instance.trottle!
4953 end
5256 # is included in another module
5357 module ClassMethods
5458 # @return [ Integer ]
59 def cached_requests
60 @@cached_requests ||= 0
61 end
62
63 # @param [ Integer ] value
64 def cached_requests=(value)
65 @@cached_requests = value
66 end
67
68 # @return [ Integer ]
5569 def total_requests
5670 @@total_requests ||= 0
5771 end
5872
59 # @param [ Integer ]
73 # @param [ Integer ] value
6074 def total_requests=(value)
6175 @@total_requests = value
76 end
77
78 # @return [ Integer ]
79 def total_data_sent
80 @@total_data_sent ||= 0
81 end
82
83 # @param [ Integer ] value
84 def total_data_sent=(value)
85 @@total_data_sent = value
86 end
87
88 # @return [ Integer ]
89 def total_data_received
90 @@total_data_received ||= 0
91 end
92
93 # @param [ Integer ] value
94 def total_data_received=(value)
95 @@total_data_received = value
6296 end
6397
6498 # The lowercase name of the scanner
+3
-1
spec/app/controllers/core_spec.rb less more
276276 end
277277
278278 describe '#after_scan' do
279 let(:keys) { %i[verbose start_time stop_time start_memory elapsed used_memory] }
279 let(:keys) do
280 %i[verbose start_time stop_time start_memory elapsed used_memory requests_done data_sent data_received]
281 end
280282
281283 it 'calls the formatter with the correct parameters' do
282284 # Call the #run once to ensure that @start_time & @start_memory are set
+4
-0
spec/app/models/fantastico_fileslist_spec.rb less more
2727 describe '#references' do
2828 its(:references) { should_not be_nil }
2929 end
30
31 describe '#type' do
32 its(:type) { should eql 'fantastico_fileslist' }
33 end
3034 end
+4
-0
spec/app/models/headers_spec.rb less more
4747 its(:interesting_entries) { should eq [] }
4848 end
4949 end
50
51 describe '#type' do
52 its(:type) { should eql 'headers' }
53 end
5054 end
+4
-0
spec/app/models/interesting_finding_spec.rb less more
3333 end
3434 end
3535 end
36 end
37
38 describe '#type' do
39 its(:type) { should eql 'interesting_finding' }
3640 end
3741
3842 describe '#entries' do
+4
-0
spec/app/models/robots_txt_spec.rb less more
2323 end
2424 end
2525 end
26
27 describe '#type' do
28 its(:type) { should eql 'robots_txt' }
29 end
2630 end
+4
-0
spec/app/models/xml_rpc_spec.rb less more
33 subject(:xml_rpc) { described_class.new(url) }
44 let(:url) { 'http://example.com/xmlrpc' }
55 let(:fixtures) { FIXTURES_MODELS.join('xml_rpc') }
6
7 describe '#type' do
8 its(:type) { should eql 'xmlrpc' }
9 end
610
711 describe '#method_call' do
812 after do
+26
-3
spec/lib/cms_scanner_spec.rb less more
88 end
99
1010 describe 'typhoeus_on_complete' do
11 before { CMSScanner.total_requests = 0 }
11 before do
12 CMSScanner.cached_requests = 0
13 CMSScanner.total_requests = 0
14 CMSScanner.total_data_sent = 0
15 CMSScanner.total_data_received = 0
16 end
1217
13 # TODO: find a way to test the cached requests which should not be counted
1418 it 'returns the expected number of requests' do
15 stub_request(:get, /.*/)
19 stub_request(:get, /.*/).and_return(body: 'aa', headers: { 'key' => 'field' })
1620
1721 CMSScanner::Browser.get(target_url)
1822
23 expect(CMSScanner.cached_requests).to eql 0
1924 expect(CMSScanner.total_requests).to eql 1
25 expect(CMSScanner.total_data_sent).to eql 0 # can't really test this one it seems
26 expect(CMSScanner.total_data_received).to eql 29
27 end
28
29 context 'when cached request' do
30 it 'returns the expected values' do
31 allow_any_instance_of(Typhoeus::Response).to receive(:cached?).and_return(true)
32
33 stub_request(:get, target_url)
34
35 CMSScanner::Browser.get(target_url)
36 CMSScanner::Browser.get(target_url)
37
38 expect(CMSScanner.cached_requests).to eql 2
39 expect(CMSScanner.total_requests).to eql 0
40 expect(CMSScanner.total_data_sent).to eql 0
41 expect(CMSScanner.total_data_received).to eql 0
42 end
2043 end
2144 end
2245
+30
-0
spec/lib/typhoeus/response_spec.rb less more
0 require 'spec_helper'
1
2 describe Typhoeus::Response do
3 subject(:response) { Typhoeus::Response.new(opts) }
4 let(:opts) { { body: 'hello world' } }
5
6 describe 'html' do
7 its(:xml) { should be_a Nokogiri::XML::Document }
8 end
9
10 describe 'xml' do
11 its(:xml) { should be_a Nokogiri::XML::Document }
12 end
13
14 describe 'request_size' do
15 its(:request_size) { should eql 0 }
16 end
17
18 describe 'size' do
19 context 'when no headers' do
20 its(:size) { should eql 11 }
21 end
22
23 context 'when headers' do
24 let(:opts) { super().merge(response_headers: "key: value\r\n") }
25
26 its(:size) { should eql 23 }
27 end
28 end
29 end
+3
-0
spec/output/core/finished.cli_no_colour less more
00 [+] Finished: Thu Oct 30 12:02:03 2014
11 [+] Requests Done: 10
2 [+] Cached Requests: 1
3 [+] Data Sent: 1000 B
4 [+] Data Received: 1.953 KB
25 [+] Memory used: 100 B
36 [+] Elapsed time: 00:00:02
+7
-1
spec/output/core/finished.json less more
11 "stop_time": 1414670523,
22 "elapsed": 2,
33 "requests_done": 10,
4 "used_memory": 100
4 "cached_requests": 1,
5 "data_sent": 1000,
6 "data_sent_humanised": "1000 B",
7 "data_received": 2000,
8 "data_received_humanised": "1.953 KB",
9 "used_memory": 100,
10 "used_memory_humanised": "100 B"
511 }
+1
-1
spec/output/interesting_findings/findings.cli_no_colour less more
00 Interesting Finding(s):
11
22 [+] F1_to_s
3 | Found By: Spec
3 | Found By: Test (Passive)
44 | Confidence: 10%
55
66 [+] F2
+5
-1
spec/output/interesting_findings/findings.json less more
22 {
33 "url": "F1",
44 "to_s": "F1_to_s",
5 "found_by": "Spec",
5 "type": "interesting_finding",
6 "found_by": "Test (Passive)",
67 "confidence": 10,
78 "confirmed_by": {
89
1718 {
1819 "url": "F2",
1920 "to_s": "F2",
21 "type": "interesting_finding",
2022 "found_by": "Spec",
2123 "confidence": 20,
2224 "confirmed_by": {
3638 {
3739 "url": "F3",
3840 "to_s": "F3",
41 "type": "interesting_finding",
3942 "found_by": "Spec",
4043 "confidence": 100,
4144 "confirmed_by": {
6063 {
6164 "url": "F4",
6265 "to_s": "F4",
66 "type": "interesting_finding",
6367 "found_by": "Spec",
6468 "confidence": 0,
6569 "confirmed_by": {
+4
-1
spec/shared_examples/views/core.rb less more
5050 stop_time: Time.at(1_414_670_523).in_time_zone('Europe/London'),
5151 used_memory: 100,
5252 elapsed: 2,
53 requests_done: 10
53 requests_done: 10,
54 cached_requests: 1,
55 data_sent: 1000,
56 data_received: 2000
5457 )
5558 end
5659 end
+1
-1
spec/shared_examples/views/interesting_findings.rb less more
1818 findings = CMSScanner::Finders::Findings.new
1919
2020 findings <<
21 interesting_file.new('F1', opts.merge(to_s: 'F1_to_s')) <<
21 interesting_file.new('F1', opts.merge(to_s: 'F1_to_s', found_by: 'Test (Passive)')) <<
2222 interesting_file.new('F2', opts.merge(references: { url: 'R1' }, interesting_entries: %w[IE1])) <<
2323 interesting_file.new('F2', opts.merge(found_by: 'Spec2')) <<
2424 interesting_file.new('F3',