cms_scanner 0.0.12 → 0.0.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 79429533403d4c37ac3c20f553e3b78de200666f
-  data.tar.gz: a295401b0ecf50612bd9c9c23f626009c03a8b76
+  metadata.gz: 86ad29d942ae76af1543da17f8f8e9ffa73f0373
+  data.tar.gz: bebf3711223c587954b4b4c2f852af89afc1192e
 SHA512:
-  metadata.gz: 6fa364fe4c2c68a3ba41b833a0677f3e509b38000917ef782963d043051d5c90dc395028d284064a6be26ade3b309375cd4911edf80e0666d7f815ccf457038a
-  data.tar.gz: 9a01ac121b97750afaf2ff77e1e18ee588e037c5b4de279af36d3cd7c17bbb58ed1acc3d45d48b89b0910ff0cd7afaa831b0c36af7b3182160ace3aab486ca79
+  metadata.gz: a476cb2079b4633e3a672415952fb420cc55359a5cc4438bc7cd0e8dd4556d7a03ec4769c40a3a1f536ae7b2696e5213470c84136e78db249ae638b3e4a13bd2
+  data.tar.gz: db601c31e7d60b95f1b56b7b0a903ac83cef5966b81c4737e74f4d7e1019ad508245ccb82b11cbb4b9ab9bd662789002b3f4f26f2209d58f8145b8da0cd477eb

data/app/controllers/interesting_files.rb

@@ -2,8 +2,21 @@ module CMSScanner
   module Controller
     # InterestingFiles Controller
     class InterestingFiles < Base
+      def cli_options
+        [
+          OptChoice.new(
+            ['--interesting-files-detection MODE',
+             'Use the supplied mode for the interesting files detection. ' \
+             'Modes: mixed, passive, aggressive'
+            ],
+            choices: %w(mixed passive aggressive),
+            normalize: :to_sym)
+        ]
+      end
+
       def run
-        findings = target.interesting_files(mode: parsed_options[:detection_mode])
+        mode     = parsed_options[:interesting_files_detection] || parsed_options[:detection_mode]
+        findings = target.interesting_files(mode: mode)
 
         output('findings', findings: findings) unless findings.empty?
       end

data/app/formatters/cli.rb

@@ -2,6 +2,10 @@ module CMSScanner
   module Formatter
     # CLI Formatter
     class Cli < Base
+      def bold(text)
+        colorize(text, 1)
+      end
+
       def red(text)
         colorize(text, 31)
       end
@@ -10,6 +14,14 @@ module CMSScanner
         colorize(text, 32)
       end
 
+      def amber(text)
+        colorize(text, 33)
+      end
+
+      def blue(text)
+        colorize(text, 34)
+      end
+
       def colorize(text, color_code)
         "\e[#{color_code}m#{text}\e[0m"
       end

data/app/models/headers.rb

@@ -24,9 +24,10 @@ module CMSScanner
     def known_headers
       %w(
         age accept-ranges cache-control content-type content-length connection date etag expires
-        location last-modified link pragma set-cookie strict-transport-security transfer-encoding
-        vary x-cache x-content-security-policy x-content-type-options x-frame-options x-language
-        x-permitted-cross-domain-policies x-pingback x-varnish x-webkit-csp x-xss-protection
+        keep-alive location last-modified link pragma set-cookie strict-transport-security
+        transfer-encoding vary x-cache x-content-security-policy x-content-type-options
+        x-frame-options x-language x-permitted-cross-domain-policies x-pingback x-varnish
+        x-webkit-csp x-xss-protection
       )
     end
 

data/app/models/version.rb

@@ -6,7 +6,7 @@ module CMSScanner
     attr_reader :number
 
     def initialize(number, opts = {})
-      @number = number
+      @number = number.to_s
       parse_finding_options(opts)
     end
 

data/app/views/cli/core/banner.erb

@@ -0,0 +1 @@
+<% # Empty file, the banner should be implemented in each scanner %>

data/app/views/cli/core/started.erb

@@ -1,3 +1,4 @@
+<%= render('banner') -%>
 <%= green('[+]') %> URL: <%= @url %>
 <%= green('[+]') %> Started: <%= @start_time.asctime %>
 

data/app/views/cli/interesting_files/findings.erb

@@ -1,7 +1,7 @@
 Interesting Findings: <%= @findings.size %>
 <% @findings.each do |finding| -%>
 
-[+] <%= finding.url %>
+<%= green('[+]') %> <%= finding.url %>
 <% if finding.confidence > 0 -%>
  | Confidence: <%= finding.confidence %>%
 <% end -%>

data/cms_scanner.gemspec

@@ -32,7 +32,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rspec', '~> 3.2'
   s.add_development_dependency 'rspec-its', '~> 1.1'
   s.add_development_dependency 'bundler', '~> 1.6'
-  s.add_development_dependency 'rubocop', '~> 0.28'
+  s.add_development_dependency 'rubocop', '~> 0.29'
   s.add_development_dependency 'webmock', '~> 1.20'
   s.add_development_dependency 'simplecov', '~> 0.9'
 end

data/lib/cms_scanner.rb

@@ -9,12 +9,11 @@ require 'public_suffix'
 require 'erb'
 require 'fileutils'
 require 'pathname'
-# Helpers
-require 'helper'
 # Monkey Patches
 require 'cms_scanner/typhoeus/response'
 require 'cms_scanner/public_suffix/domain'
 # Custom Libs
+require 'cms_scanner/helper'
 require 'cms_scanner/errors/auth_errors'
 require 'cms_scanner/cache/typhoeus'
 require 'cms_scanner/target'
@@ -24,6 +23,7 @@ require 'cms_scanner/controller'
 require 'cms_scanner/controllers'
 require 'cms_scanner/formatter'
 require 'cms_scanner/finders'
+require 'cms_scanner/vulnerability'
 
 # Module
 module CMSScanner

data/lib/cms_scanner/controllers.rb

@@ -3,7 +3,7 @@ module CMSScanner
   class Controllers < Array
     attr_reader :option_parser
 
-    def initialize(option_parser = OptParseValidator::OptParser.new)
+    def initialize(option_parser = OptParseValidator::OptParser.new(nil, 40))
       @option_parser = option_parser
     end
 

data/lib/cms_scanner/finders/independent_finders.rb

@@ -17,7 +17,7 @@ module CMSScanner
       def run(opts = {})
         each do |finder|
           symbols_from_mode(opts[:mode]).each do |symbol|
-            [*finder.send(symbol, opts)].each do |found|
+            [*finder.send(symbol, opts)].compact.each do |found|
               findings << found
             end
           end

data/lib/cms_scanner/finders/unique_finders.rb

@@ -7,32 +7,40 @@ module CMSScanner
     # returned the best finding
     class UniqueFinders < IndependentFinders
       # @param [ Hash ] opts
-      # @option opts [ Symbol ] mode :mixed, :passive or :aggressive
+      # @option opts [ Symbol ] :mode :mixed, :passive or :aggressive
       # @option opts [ Int ] :confidence_threshold  If a finding's confidence reaches this value,
       #                                             it will be returned as the best finding.
       #                                             Default is 100.
       #                                             If <= 0, all finders will be ran.
       #
-      # @return [ Object ]
+      # @return [ Object ] The best finding
       def run(opts = {})
         opts[:confidence_threshold] ||= 100
 
         symbols_from_mode(opts[:mode]).each do |symbol|
           each do |finder|
-            [*finder.send(symbol, opts)].each do |found|
-              findings << found
-            end
+            [*finder.send(symbol, opts)].compact.each { |found| findings << found }
 
             next if opts[:confidence_threshold] <= 0
 
-            findings.each do |f|
-              return f if f.confidence >= opts[:confidence_threshold]
-            end
+            findings.each { |f| return f if f.confidence >= opts[:confidence_threshold] }
           end
         end
 
+        best_finding(findings)
+      end
+
+      # @param [ Array<Object> ] findings
+      #
+      # @return [ Object ] The best finding
+      def best_finding(findings)
         # results are sorted by confidence ASC
-        findings.sort_by(&:confidence).last
+        findings.sort_by!(&:confidence)
+
+        # If all findings have the same confidence, nil is returned
+        return if findings.size > 1 && findings.first.confidence == findings.last.confidence
+
+        findings.last
       end
     end
   end

data/lib/cms_scanner/target/scope.rb

@@ -6,21 +6,11 @@ module CMSScanner
       @scope ||= Scope.new
     end
 
-    # // are handled by Addressable::URI, but worngly :/
-    # e.g: Addressable::URI.parse('//file').host => file
-    #
-    # Idea: parse the // with PublicSuffix to see if a valid
-    #       domain is used
-    #
-    # @param [ String ] url
+    # @param [ String ] url An absolute URL
     #
     # @return [ Boolean ] true if the url given is in scope
     def in_scope?(url)
-      url.strip!
-
-      return true if url[0, 1] == '/' && url[1, 1] != '/'
-
-      scope.include?(Addressable::URI.parse(url).host)
+      scope.include?(Addressable::URI.parse(url.strip).host)
     rescue
       false
     end
@@ -35,15 +25,16 @@ module CMSScanner
 
       res.html.xpath(xpath).each do |tag|
         attributes.each do |attribute|
-          next unless in_scope?(tag[attribute])
+          attr_value = tag[attribute]
+
+          next unless attr_value && !attr_value.empty?
 
-          attr_value = tag[attribute].strip
+          url = uri.join(attr_value.strip).to_s
 
-          # Relative URL case (The // case is currently ignored by in_scope?)
-          attr_value = uri.join(attr_value).to_s unless attr_value =~ /\Ahttps?/i
+          next unless in_scope?(url)
 
-          yield attr_value if block_given? && !found.include?(attr_value)
-          found << attr_value
+          yield url if block_given? && !found.include?(url)
+          found << url
         end
       end
 

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.12'
+  VERSION = '0.0.13'
 end

data/lib/cms_scanner/vulnerability.rb

@@ -0,0 +1,35 @@
+require 'cms_scanner/vulnerability/references'
+
+module CMSScanner
+  # Generic Vulnerability
+  class Vulnerability
+    attr_reader :title, :references, :type, :fixed_in
+
+    # @param [ String ] title
+    # @param [ Hash ] references
+    # @option references [ Array<String>, String ] cve
+    # @option references [ Array<String>, String ] secunia
+    # @option references [ Array<String>, String ] osvdb
+    # @option references [ Array<String>, String ] exploitdb
+    # @option references [ Array<String> ] url URL(s) to related advisories etc
+    # @option references [ Array<String>, String ] metasploit The related metasploit module(s)
+    # @param [ String ] type
+    # @param [ String ] fixed_in
+    def initialize(title, references = {}, type = nil, fixed_in = nil)
+      @title      = title
+      @references = references
+      @type       = type
+      @fixed_in   = fixed_in
+    end
+
+    # param [ Vulnerability ] other
+    #
+    # @return [ Boolean ]
+    def ==(other)
+      title == other.title &&
+        type == other.type &&
+        references == other.references &&
+        fixed_in == other.fixed_in
+    end
+  end
+end

data/lib/cms_scanner/vulnerability/references.rb

@@ -0,0 +1,104 @@
+module CMSScanner
+  # References related to the vulnerability
+  class Vulnerability
+    # @return [ Array<String> ] All the references URLs
+    def references_urls
+      cve_urls + secunia_urls + osvdb_urls + exploitdb_urls + msf_urls + packetstorm_urls
+    end
+
+    # @return [ Array<String> ] The CVEs
+    def cves
+      @cve ||= [*references[:cve]].map(&:to_s)
+    end
+
+    # @return [ Array<String> ]
+    def cve_urls
+      cves.reduce([]) { |a, e| a << cve_url(e) }
+    end
+
+    # @return [ String ] The URL to the CVE
+    def cve_url(cve)
+      "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-#{cve}"
+    end
+
+    # @return [ Array<String> ] The Secunia IDs
+    def secunia_ids
+      @secunia_ids ||= [*references[:secunia]].map(&:to_s)
+    end
+
+    # @return [ Array<String> ]
+    def secunia_urls
+      secunia_ids.reduce([]) { |a, e| a << secunia_url(e) }
+    end
+
+    # @return [ String ] The URL to the Secunia advisory
+    def secunia_url(id)
+      "https://secunia.com/advisories/#{id}"
+    end
+
+    # @return [ Array<String> ] The OSVDB IDs
+    def osvdb_ids
+      @osvdb_ids ||= [*references[:osvdb]].map(&:to_s)
+    end
+
+    # @return [ Array<String> ]
+    def osvdb_urls
+      osvdb_ids.reduce([]) { |a, e| a << osvdb_url(e) }
+    end
+
+    # @return [ String ] The URL to the ExploitDB advisory
+    def osvdb_url(id)
+      "http://osvdb.org/#{id}"
+    end
+
+    # @return [ Array<String> ] The ExploitDB ID
+    def exploitdb_ids
+      @exploitdb_ids ||= [*references[:exploitdb]].map(&:to_s)
+    end
+
+    # @return [ Array<String> ]
+    def exploitdb_urls
+      exploitdb_ids.reduce([]) { |a, e| a << exploitdb_url(e) }
+    end
+
+    # @return [ String ]
+    def exploitdb_url(id)
+      "http://www.exploit-db.com/exploits/#{id}/"
+    end
+
+    # @return [ String<Array> ]
+    def urls
+      @urls ||= [*references[:url]].map(&:to_s)
+    end
+
+    # @return [ Array<String> ] The metasploit modules
+    def msf_modules
+      @msf_modules ||= [*references[:metasploit]].map(&:to_s)
+    end
+
+    # @return [ Array<String> ]
+    def msf_urls
+      msf_modules.reduce([]) { |a, e| a << msf_url(e) }
+    end
+
+    # @return [ String ] The URL to the metasploit module page
+    def msf_url(mod)
+      "http://www.rapid7.com/db/modules/#{mod.sub(/^\//, '')}"
+    end
+
+    # @return [ Array<String> ] The Packetstormsecurity ID
+    def packetstorm_ids
+      @packetstorm_ids ||= [*references[:packetstorm]].map(&:to_s)
+    end
+
+    # @return [ Array<String> ]
+    def packetstorm_urls
+      packetstorm_ids.reduce([]) { |a, e| a << packetstorm_url(e) }
+    end
+
+    # @return [ String ]
+    def packetstorm_url(id)
+      "http://packetstormsecurity.com/files/#{id}/"
+    end
+  end
+end

data/spec/app/controllers/interesting_files_spec.rb

@@ -10,30 +10,52 @@ describe CMSScanner::Controller::InterestingFiles do
     described_class.parsed_options = parsed_options
   end
 
-  its(:cli_options) { should be_nil }
   its(:before_scan) { should be_nil }
   its(:after_scan)  { should be_nil }
 
+  describe '#cli_options' do
+    its(:cli_options) { should_not be_empty }
+    its(:cli_options) { should be_a Array }
+
+    it 'contains to correct options' do
+      expect(controller.cli_options.map(&:to_sym)).to eq [:interesting_files_detection]
+    end
+  end
+
   describe '#run' do
     before do
       expect(controller.target).to receive(:interesting_files)
-        .with(mode: parsed_options[:detection_mode]).and_return(stubbed)
+        .with(
+          mode: parsed_options[:interesting_files_detection] || parsed_options[:detection_mode]
+        ).and_return(stubbed)
     end
+
     after { controller.run }
 
     [:mixed, :passive, :aggressive].each do |mode|
-      context "when #{mode} mode" do
+      context "when --detection-mode #{mode}" do
         let(:parsed_options) { super().merge(detection_mode: mode) }
 
         context 'when no findings' do
           let(:stubbed) { [] }
 
+          before { expect(controller.formatter).to_not receive(:output) }
+
           it 'does not call the formatter' do
-            expect(controller.formatter).to_not receive(:output)
+            # Handled by the before statements above
+          end
+
+          context 'when --interesting-files-detection mode supplied' do
+            let(:parsed_options) do
+              super().merge(interesting_files_detection: :passive)
+            end
+
+            it 'gives the correct detection paramter' do
+              # Handled by before/after statements
+            end
           end
         end
 
-        # TODO: Test the output with a dummy finding ?
         context 'when findings' do
           let(:stubbed) { ['yolo'] }
 

data/spec/app/formatters/cli_spec.rb

@@ -7,7 +7,11 @@ describe CMSScanner::Formatter::Cli do
     its(:format) { should eq 'cli' }
   end
 
-  describe '#green, #red, #colorize' do
+  describe '#bold, #red, #green, #amber, #blue, #colorize' do
+    it 'returns the correct bold string' do
+      expect(formatter.bold('Text')).to eq "\e[1mText\e[0m"
+    end
+
     it 'returns the correct red string' do
       expect(formatter.red('Text')).to eq "\e[31mText\e[0m"
     end
@@ -15,5 +19,13 @@ describe CMSScanner::Formatter::Cli do
     it 'returns the correct green string' do
       expect(formatter.green('Another Text')).to eq "\e[32mAnother Text\e[0m"
     end
+
+    it 'returns the correct amber string' do
+      expect(formatter.amber('Text')).to eq "\e[33mText\e[0m"
+    end
+
+    it 'returns the correct blue string' do
+      expect(formatter.blue('Text')).to eq "\e[34mText\e[0m"
+    end
   end
 end

data/spec/app/models/version_spec.rb

@@ -7,6 +7,16 @@ describe CMSScanner::Version do
   let(:opts)        { {} }
   let(:number)      { '1.0' }
 
+  describe '#number' do
+    its(:number) { should eql '1.0' }
+
+    context 'when float number supplied' do
+      let(:number) { 2.0 }
+
+      its(:number) { should eq '2.0' }
+    end
+  end
+
   describe '#==' do
     context 'when same @number' do
       it 'returns true' do

data/spec/dummy_independent_finders.rb

@@ -6,7 +6,8 @@ module CMSScanner
       # Dummy Test Finder
       class DummyFinder < Finder
         def passive(_opts = {})
-          DummyFinding.new('test', found_by: found_by)
+          # the nil is there to ensure such value is ignored
+          [DummyFinding.new('test', found_by: found_by), nil]
         end
 
         def aggressive(_opts = {})

data/spec/dummy_unique_finders.rb

@@ -6,7 +6,8 @@ module CMSScanner
       # Dummy Test Finder
       class Dummy < Finder
         def passive(_opts = {})
-          DummyFinding.new('v1', found_by: found_by)
+          # the nil is there to ensure such value is ignored
+          [DummyFinding.new('v1', found_by: found_by), nil]
         end
 
         def aggressive(_opts = {})

data/spec/fixtures/target/scope/index.html

@@ -1,6 +1,9 @@
 <a href="http://e.org/f.txt">Link</a>
 <a href="http://e.org/f.txt">Link</a> <!-- Duplicates should be ignored -->
 
+<a href="mailto:mail@g.com">eMail me!</a>
+<a href="jaVaScript:alert(2)">Click me Fool !</a>
+
 <script src=" https://cdn.e.org/f2.js  "></script> <!-- head & tail spaces should be removed -->
 
 <script src="/script/s.js"></script>

data/spec/lib/finders/unique_finders_spec.rb

@@ -2,13 +2,57 @@ require 'spec_helper'
 require 'dummy_unique_finders'
 
 describe CMSScanner::Finders::UniqueFinders do
-  subject(:finders) { described_class.new }
+  subject(:finders)    { described_class.new }
+  let(:unique_finders) { CMSScanner::Finders::Unique }
+
+  describe '#best_finding' do
+    let(:findings) { [] }
+
+    after { expect(finders.best_finding(findings)).to eql @expected }
+
+    context 'when no findings' do
+      it 'returns nil' do
+        @expected = nil
+      end
+    end
+
+    context 'when one finding' do
+      let(:findings) { [CMSScanner::DummyFinding.new('one', confidence: 40)] }
+
+      it 'returns it' do
+        @expected = findings[0]
+      end
+    end
+
+    context 'when multiple findings' do
+      let(:findings) do
+        (1..5).reduce([]) { |a, e| a << CMSScanner::DummyFinding.new(e, confidence: 20) }
+      end
+
+      context 'when they have the same confidence' do
+        it 'returns nil' do
+          @expected = nil
+        end
+      end
+
+      context 'when there is a best confidence' do
+        (0..4).each do |position|
+          context "when at [#{position}]" do
+            it 'returns it' do
+              findings[position].confidence = 100
+
+              @expected = findings[position]
+            end
+          end
+        end
+      end
+    end
+  end
 
   describe '#run' do
-    let(:target)         { 'target' }
-    let(:finding)        { CMSScanner::DummyFinding }
-    let(:unique_finders) { CMSScanner::Finders::Unique }
-    let(:opts)           { {} }
+    let(:target)  { 'target' }
+    let(:finding) { CMSScanner::DummyFinding }
+    let(:opts)    { {} }
 
     before do
       finders <<
@@ -20,7 +64,7 @@ describe CMSScanner::Finders::UniqueFinders do
     after do
       result = finders.run(opts)
 
-      expect(result).to be_a finding
+      expect(result).to be_a finding if @expected
       expect(result).to eql @expected
     end
 

data/spec/lib/target/scope_spec.rb

@@ -31,13 +31,15 @@ describe CMSScanner::Target do
 
   describe '#in_scope?' do
     context 'when default scope (target domain)' do
-      [nil, '', 'http://out-of-scope.com', '//jquery.com/j.js'].each do |url|
+      [nil, '', 'http://out-of-scope.com', '//jquery.com/j.js',
+       'javascript:alert(3)', 'mailto:p@g.com'
+      ].each do |url|
         it "returns false for #{url}" do
           expect(target.in_scope?(url)).to eql false
         end
       end
 
-      %w(https://e.org/file.txt http://e.org/ /relative).each do |url|
+      %w(https://e.org/file.txt http://e.org/ //e.org).each do |url|
         it "returns true for #{url}" do
           expect(target.in_scope?(url)).to eql true
         end
@@ -53,7 +55,7 @@ describe CMSScanner::Target do
         end
       end
 
-      %w(https://cdn.e.org/file.txt http://www.e.org/ https://192.168.1.12/home).each do |url|
+      %w(http://e.org //cdn.e.org/f.txt http://s.e.org/ https://192.168.1.12/h).each do |url|
         it "returns true for #{url}" do
           expect(target.in_scope?(url)).to eql true
         end

data/spec/lib/vulnerability/references_spec.rb

@@ -0,0 +1,63 @@
+require 'spec_helper'
+
+describe CMSScanner::Vulnerability do
+  subject(:vuln)   { described_class.new(title, references) }
+  let(:title)      { 'Test Vuln' }
+  let(:references) { {} }
+
+  describe '#new' do
+    context 'when no references' do
+      [:cves, :secunia_ids, :osvdb_ids, :exploitdb_ids, :urls,
+       :msf_modules, :packetstorm_ids
+      ].each do |attribute|
+        its(attribute) { should eql([]) }
+      end
+
+      [:cve_urls, :secunia_urls, :osvdb_urls, :exploitdb_urls, :msf_urls,
+       :packetstorm_urls
+      ].each do |attribute|
+        its(attribute) { should eql([]) }
+      end
+
+      its(:references_urls) { should eql([]) }
+    end
+
+    context 'when references provided as string' do
+      let(:references) do
+        {
+          cve: 11,
+          secunia: 12,
+          osvdb: 13,
+          exploitdb: 14,
+          url: 'single-url',
+          metasploit: '/exploit/yolo',
+          packetstorm: 15
+        }
+      end
+
+      its(:cves)     { should eql %w(11) }
+      its(:cve_urls) { should eql %w(http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-11) }
+
+      its(:secunia_ids)  { should eql %w(12) }
+      its(:secunia_urls) { should eql %w(https://secunia.com/advisories/12) }
+
+      its(:osvdb_ids)  { should eql %w(13) }
+      its(:osvdb_urls) { should eql %w(http://osvdb.org/13) }
+
+      its(:exploitdb_ids)  { should eql %w(14) }
+      its(:exploitdb_urls) { should eql %w(http://www.exploit-db.com/exploits/14/) }
+
+      its(:urls) { should eql %w(single-url) }
+
+      its(:msf_modules) { should eql %w(/exploit/yolo) }
+      its(:msf_urls) { should eql %w(http://www.rapid7.com/db/modules/exploit/yolo) }
+
+      its(:packetstorm_ids)  { should eq %w(15) }
+      its(:packetstorm_urls) { should eql %w(http://packetstormsecurity.com/files/15/) }
+    end
+
+    context 'when references provided as array' do
+      xit
+    end
+  end
+end

data/spec/lib/vulnerability_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+describe CMSScanner::Vulnerability do
+  subject(:vuln)   { described_class.new(title) }
+  let(:title)      { 'Test Vuln' }
+
+  describe '#new' do
+    its(:title)      { should eql title }
+    its(:references) { should eql({}) }
+    its(:type)       { should eql nil }
+    its(:fixed_in)   { should eql nil }
+  end
+
+  describe '#==' do
+    context 'when te same vuln' do
+      it 'returns true' do
+        expect(vuln).to eq vuln.dup
+      end
+    end
+
+    context 'when not equal' do
+      it 'returns false' do
+        expect(vuln).to_not eq described_class.new('not eq')
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.12
+  version: 0.0.13
 platform: ruby
 authors:
 - WPScanTeam - Erwan Le Rousseau
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-06 00:00:00.000000000 Z
+date: 2015-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: opt_parse_validator
@@ -156,14 +156,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.28'
+        version: '0.29'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.28'
+        version: '0.29'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -230,6 +230,7 @@ files:
 - app/models/robots_txt.rb
 - app/models/version.rb
 - app/models/xml_rpc.rb
+- app/views/cli/core/banner.erb
 - app/views/cli/core/finished.erb
 - app/views/cli/core/started.erb
 - app/views/cli/interesting_files/_array.erb
@@ -262,6 +263,7 @@ files:
 - lib/cms_scanner/finders/unique_finders.rb
 - lib/cms_scanner/formatter.rb
 - lib/cms_scanner/formatter/buffer.rb
+- lib/cms_scanner/helper.rb
 - lib/cms_scanner/public_suffix/domain.rb
 - lib/cms_scanner/target.rb
 - lib/cms_scanner/target/hashes.rb
@@ -274,8 +276,9 @@ files:
 - lib/cms_scanner/target/server/iis.rb
 - lib/cms_scanner/typhoeus/response.rb
 - lib/cms_scanner/version.rb
+- lib/cms_scanner/vulnerability.rb
+- lib/cms_scanner/vulnerability/references.rb
 - lib/cms_scanner/web_site.rb
-- lib/helper.rb
 - spec/app/controllers/core_spec.rb
 - spec/app/controllers/interesting_files_spec.rb
 - spec/app/finders/interesting_files/fantastico_fileslist_spec.rb
@@ -344,6 +347,8 @@ files:
 - spec/lib/target/scope_spec.rb
 - spec/lib/target/servers_spec.rb
 - spec/lib/target_spec.rb
+- spec/lib/vulnerability/references_spec.rb
+- spec/lib/vulnerability_spec.rb
 - spec/lib/web_site_spec.rb
 - spec/output/core/finished.cli_no_colour
 - spec/output/core/finished.json
@@ -459,6 +464,8 @@ test_files:
 - spec/lib/target/scope_spec.rb
 - spec/lib/target/servers_spec.rb
 - spec/lib/target_spec.rb
+- spec/lib/vulnerability/references_spec.rb
+- spec/lib/vulnerability_spec.rb
 - spec/lib/web_site_spec.rb
 - spec/output/core/finished.cli_no_colour
 - spec/output/core/finished.json