Commit upstream/0.6.0 - ruby-cms-scanner

+3

-1

app/controllers/core/cli_options.rb less more

58	58	default: 60),
59	59	OptPositiveInteger.new(['--connect-timeout SECONDS', 'The connection timeout in seconds'],
60	60	default: 30),
61		OptBoolean.new(['--disable-tls-checks', 'Disables SSL/TLS certificate verification'])
	61	OptBoolean.new(['--disable-tls-checks',
	62	'Disables SSL/TLS certificate verification, and downgrade to TLS1.0+ ' \
	63	'(requires cURL 7.66 for the latter)'])
62	64	] + cli_browser_proxy_options + cli_browser_cookies_options + cli_browser_cache_options
63	65	end
64	66

+3

-3

cms_scanner.gemspec less more

18	18	s.test_files = []
19	19	s.require_paths = ['lib']
20	20
21		s.add_dependency 'nokogiri', '~> 1.10.0'
22		s.add_dependency 'opt_parse_validator', '~> 1.7.4'
	21	s.add_dependency 'nokogiri', '~> 1.10.4'
	22	s.add_dependency 'opt_parse_validator', '~> 1.8.0'
23	23	s.add_dependency 'public_suffix', '>= 3.0', '< 4.1'
24	24	s.add_dependency 'ruby-progressbar', '~> 1.10.0'
25	25	s.add_dependency 'typhoeus', '~> 1.3.0'

34	34	s.add_development_dependency 'rubocop', '~> 0.74.0'
35	35	s.add_development_dependency 'rubocop-performance', '~> 1.4.0'
36	36	s.add_development_dependency 'simplecov', '~> 0.16.1'
37		s.add_development_dependency 'webmock', '~> 3.6.0'
	37	s.add_development_dependency 'webmock', '~> 3.7.0'
38	38	end

+2

-0

lib/cms_scanner/browser.rb less more

56	56	# See http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
57	57	params[:ssl_verifypeer] = false
58	58	params[:ssl_verifyhost] = 0
	59	# TLSv1.0 and plus, allows to use a protocol potentially lower than the OS default
	60	params[:sslversion] = :tlsv1
59	61	end
60	62
61	63	typhoeus_to_browser_opts.each do \|typhoeus_opt, browser_opt\|

+6

-4

lib/cms_scanner/controllers.rb less more

8	8	def initialize(option_parser = OptParseValidator::OptParser.new(nil, 40))
9	9	@option_parser = option_parser
10	10
11		register_options_files
	11	register_config_files
	12
	13	option_parser.config_files.result_key = 'cli_options'
12	14	end
13	15
14	16	# Adds the potential option file paths to the option_parser
15		def register_options_files
	17	def register_config_files
16	18	[Dir.home, Dir.pwd].each do \|dir\|
17		option_parser.options_files.class.supported_extensions.each do \|ext\|
18		@option_parser.options_files << Pathname.new(dir).join(".#{NS.app_name}", "cli_options.#{ext}").to_s
	19	option_parser.config_files.class.supported_extensions.each do \|ext\|
	20	option_parser.config_files << Pathname.new(dir).join(".#{NS.app_name}", "scan.#{ext}").to_s
19	21	end
20	22	end
21	23	end

+4

-34

lib/cms_scanner/references.rb less more

8	8	module ClassMethods
9	9	# @return [ Array<Symbol> ]
10	10	def references_keys
11		@references_keys \|\|= %i[cve secunia osvdb exploitdb url metasploit packetstorm securityfocus]
	11	@references_keys \|\|= %i[cve exploitdb url metasploit packetstorm securityfocus]
12	12	end
13	13	end
14	14

28	28
29	29	# @return [ Array<String> ] All the references URLs
30	30	def references_urls
31		cve_urls + secunia_urls + osvdb_urls + exploitdb_urls + urls + msf_urls +
	31	cve_urls + exploitdb_urls + urls + msf_urls +
32	32	packetstorm_urls + securityfocus_urls
33	33	end
34	34

45	45	# @return [ String ] The URL to the CVE
46	46	def cve_url(cve)
47	47	"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-#{cve}"
48		end
49
50		# @return [ Array<String> ] The Secunia IDs
51		def secunia_ids
52		references[:secunia] \|\| []
53		end
54
55		# @return [ Array<String> ]
56		def secunia_urls
57		secunia_ids.reduce([]) { \|acc, elem\| acc << secunia_url(elem) }
58		end
59
60		# @return [ String ] The URL to the Secunia advisory
61		def secunia_url(id)
62		"https://secuniaresearch.flexerasoftware.com/advisories/#{id}/"
63		end
64
65		# @return [ Array<String> ] The OSVDB IDs
66		def osvdb_ids
67		references[:osvdb] \|\| []
68		end
69
70		# @return [ Array<String> ]
71		def osvdb_urls
72		osvdb_ids.reduce([]) { \|acc, elem\| acc << osvdb_url(elem) }
73		end
74
75		# @return [ String ] The URL to the ExploitDB advisory
76		def osvdb_url(id)
77		"http://osvdb.org/show/osvdb/#{id}"
78	48	end
79	49
80	50	# @return [ Array<String> ] The ExploitDB ID

124	94
125	95	# @return [ String ]
126	96	def packetstorm_url(id)
127		"http://packetstormsecurity.com/files/#{id}/"
	97	"https://packetstormsecurity.com/files/#{id}/"
128	98	end
129	99
130	100	# @return [ Array<String> ] The Security Focus IDs

139	109
140	110	# @return [ String ]
141	111	def securityfocus_url(id)
142		"http://www.securityfocus.com/bid/#{id}/"
	112	"https://www.securityfocus.com/bid/#{id}/"
143	113	end
144	114	end
145	115	end

+1

-1

lib/cms_scanner/version.rb less more

1	1
2	2	# Version
3	3	module CMSScanner
4		VERSION = '0.5.7'
	4	VERSION = '0.6.0'
5	5	end

+1

-1

spec/lib/browser_spec.rb less more

41	41	cache_ttl: 200, connecttimeout: 10,
42	42	userpwd: 'log:pwd', proxyuserpwd: 'u:pwd',
43	43	cookiejar: options[:cookie_jar], cookiefile: options[:cookie_jar],
44		ssl_verifypeer: false, ssl_verifyhost: 0
	44	ssl_verifypeer: false, ssl_verifyhost: 0, sslversion: :tlsv1
45	45	).merge(headers: default[:headers].merge('Host' => 'testing', 'Test' => 'aa', 'Referer' => 'http://wp.lo/'))
46	46	end
47	47

+6

-4

spec/lib/controllers_spec.rb less more

20	20	describe CMSScanner::Controllers do
21	21	subject(:controllers) { described_class.new }
22	22	let(:controller_mod) { CMSScanner::Controller }
	23
	24	its(:'option_parser.config_files.result_key') { should eql 'cli_options' }
23	25
24	26	describe '#<<' do
25	27	its(:size) { should be 0 }

137	139	end
138	140	end
139	141
140		describe '#register_options_files' do
	142	describe '#register_config_files' do
141	143	it 'register the correct files' do
142	144	expect(File).to receive(:exist?).exactly(4).times.and_return(true)
143	145

145	147	option_parser = controllers.option_parser
146	148
147	149	[Dir.home, Dir.pwd].each do \|dir\|
148		option_parser.options_files.class.supported_extensions.each do \|ext\|
149		expected << File.join(dir, '.cms_scanner', "cli_options.#{ext}")
	150	option_parser.config_files.class.supported_extensions.each do \|ext\|
	151	expected << File.join(dir, '.cms_scanner', "scan.#{ext}")
150	152	end
151	153	end
152	154
153		expect(option_parser.options_files.map(&:path)).to eql expected
	155	expect(option_parser.config_files.map(&:path)).to eql expected
154	156	end
155	157	end
156	158	end

+6

-6

spec/lib/sub_scanner_spec.rb less more

26	26
27	27	# Testing the override of the register_options_files
28	28	class Controllers < CMSScanner::Controllers
29		def register_options_files
30		option_parser.options_files << File.join(".#{SubScanner.app_name}", 'rspec.yml')
	29	def register_config_files
	30	option_parser.config_files << File.join(".#{SubScanner.app_name}", 'rspec.yml')
31	31	end
32	32	end
33	33

101	101	end
102	102	end
103	103
104		describe '#register_options_files' do
105		let(:options_file_path) { '.subscanner/rspec.yml' }
	104	describe '#register_config_files' do
	105	let(:config_file_path) { '.subscanner/rspec.yml' }
106	106
107	107	it 'register the correct file' do
108	108	allow(File).to receive(:exist?).and_call_original
109		allow(File).to receive(:exist?).with(options_file_path).and_return(true)
	109	allow(File).to receive(:exist?).with(config_file_path).and_return(true)
110	110
111	111	option_parser = SubScanner::Scan.new.controllers.option_parser
112	112
113		expect(option_parser.options_files.map(&:path)).to eql [options_file_path]
	113	expect(option_parser.config_files.map(&:path)).to eql [config_file_path]
114	114	end
115	115	end
116	116	end

+21

-47

spec/shared_examples/references.rb less more

3	3	describe '#references_keys' do
4	4	it 'returns the expected array of symbols' do
5	5	expect(subject.class.references_keys)
6		.to eql %i[cve secunia osvdb exploitdb url metasploit packetstorm securityfocus]
	6	.to eql %i[cve exploitdb url metasploit packetstorm securityfocus]
7	7	end
8	8	end
9	9
10	10	describe 'references' do
11	11	context 'when no references' do
12		%i[cves secunia_ids osvdb_ids exploitdb_ids urls
13		msf_modules packetstorm_ids securityfocus_ids].each do \|attribute\|
	12	%i[cves exploitdb_ids urls msf_modules packetstorm_ids securityfocus_ids].each do \|attribute\|
14	13	its(attribute) { should eql([]) }
15	14	end
16	15
17		%i[cve_urls secunia_urls osvdb_urls exploitdb_urls msf_urls
18		packetstorm_urls secunia_urls].each do \|attribute\|
	16	%i[cve_urls exploitdb_urls msf_urls packetstorm_urls securityfocus_urls].each do \|attribute\|
19	17	its(attribute) { should eql([]) }
20	18	end
21	19

28	26	its(:references) { should eql(cve: %w[1]) }
29	27	end
30	28
31		context 'when references provided as string' do
	29	context 'when references provided as string/integer' do
32	30	let(:references) do
33	31	{
34		cve: 11,
35		secunia: 12,
36		osvdb: 13,
37		exploitdb: 14,
	32	cve: '11',
	33	secunia: '12', # Secunia and OSVDB have been left here to make sure they don't raise errors
	34	osvdb: '13',
	35	exploitdb: '14',
38	36	url: 'single-url',
39	37	metasploit: '/exploit/yolo',
40	38	packetstorm: 15,

45	43	its(:cves) { should eql %w[11] }
46	44	its(:cve_urls) { should eql %w[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-11] }
47	45
48		its(:secunia_ids) { should eql %w[12] }
49		its(:secunia_urls) { should eql %w[https://secuniaresearch.flexerasoftware.com/advisories/12/] }
50
51		its(:osvdb_ids) { should eql %w[13] }
52		its(:osvdb_urls) { should eql %w[http://osvdb.org/show/osvdb/13] }
53
54	46	its(:exploitdb_ids) { should eql %w[14] }
55	47	its(:exploitdb_urls) { should eql %w[https://www.exploit-db.com/exploits/14/] }
56	48

60	52	its(:msf_urls) { should eql %w[https://www.rapid7.com/db/modules/exploit/yolo] }
61	53
62	54	its(:packetstorm_ids) { should eq %w[15] }
63		its(:packetstorm_urls) { should eql %w[http://packetstormsecurity.com/files/15/] }
	55	its(:packetstorm_urls) { should eql %w[https://packetstormsecurity.com/files/15/] }
64	56
65	57	its(:securityfocus_ids) { should eq %w[16] }
66		its(:securityfocus_urls) { should eql %w[http://www.securityfocus.com/bid/16/] }
	58	its(:securityfocus_urls) { should eql %w[https://www.securityfocus.com/bid/16/] }
67	59
68	60	its(:references_urls) do
69	61	should eql [
70	62	'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-11',
71		'https://secuniaresearch.flexerasoftware.com/advisories/12/',
72		'http://osvdb.org/show/osvdb/13',
73	63	'https://www.exploit-db.com/exploits/14/',
74	64	'single-url',
75	65	'https://www.rapid7.com/db/modules/exploit/yolo',
76		'http://packetstormsecurity.com/files/15/',
77		'http://www.securityfocus.com/bid/16/'
	66	'https://packetstormsecurity.com/files/15/',
	67	'https://www.securityfocus.com/bid/16/'
78	68	]
79	69	end
80	70	end

83	73	let(:references) do
84	74	{
85	75	cve: [10, 11],
86		secunia: [20, 21],
	76	secunia: [20, 21], # Secunia and OSVDB have been left here to make sure they don't raise errors
87	77	osvdb: [30, 31],
88	78	exploitdb: [40, 41],
89	79	url: %w[single-url another-url],

97	87	its(:cve_urls) do
98	88	should eql %w[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-10
99	89	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-11]
100		end
101
102		its(:secunia_ids) { should eql %w[20 21] }
103		its(:secunia_urls) do
104		should eql %w[https://secuniaresearch.flexerasoftware.com/advisories/20/
105		https://secuniaresearch.flexerasoftware.com/advisories/21/]
106		end
107
108		its(:osvdb_ids) { should eql %w[30 31] }
109		its(:osvdb_urls) do
110		should eql %w[http://osvdb.org/show/osvdb/30
111		http://osvdb.org/show/osvdb/31]
112	90	end
113	91
114	92	its(:exploitdb_ids) { should eql %w[40 41] }

127	105
128	106	its(:packetstorm_ids) { should eq %w[50 51] }
129	107	its(:packetstorm_urls) do
130		should eql %w[http://packetstormsecurity.com/files/50/
131		http://packetstormsecurity.com/files/51/]
	108	should eql %w[https://packetstormsecurity.com/files/50/
	109	https://packetstormsecurity.com/files/51/]
132	110	end
133	111
134	112	its(:securityfocus_ids) { should eq %w[60 61] }
135	113	its(:securityfocus_urls) do
136		should eql %w[http://www.securityfocus.com/bid/60/
137		http://www.securityfocus.com/bid/61/]
	114	should eql %w[https://www.securityfocus.com/bid/60/
	115	https://www.securityfocus.com/bid/61/]
138	116	end
139	117
140	118	its(:references_urls) do
141	119	should eql [
142	120	'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-10',
143	121	'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-11',
144		'https://secuniaresearch.flexerasoftware.com/advisories/20/',
145		'https://secuniaresearch.flexerasoftware.com/advisories/21/',
146		'http://osvdb.org/show/osvdb/30',
147		'http://osvdb.org/show/osvdb/31',
148	122	'https://www.exploit-db.com/exploits/40/',
149	123	'https://www.exploit-db.com/exploits/41/',
150	124	'single-url',
151	125	'another-url',
152	126	'https://www.rapid7.com/db/modules/exploit/yolo',
153	127	'https://www.rapid7.com/db/modules/exploit/aa',
154		'http://packetstormsecurity.com/files/50/',
155		'http://packetstormsecurity.com/files/51/',
156		'http://www.securityfocus.com/bid/60/',
157		'http://www.securityfocus.com/bid/61/'
	128	'https://packetstormsecurity.com/files/50/',
	129	'https://packetstormsecurity.com/files/51/',
	130	'https://www.securityfocus.com/bid/60/',
	131	'https://www.securityfocus.com/bid/61/'
158	132	]
159	133	end
160	134	end