cms_scanner 0.0.16 → 0.0.17

Sign up to get free protection for your applications and to get access to all the features.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +1 -1
  3. data/app/finders/interesting_files.rb +9 -7
  4. data/app/finders/interesting_files/fantastico_fileslist.rb +1 -1
  5. data/app/finders/interesting_files/headers.rb +1 -1
  6. data/app/finders/interesting_files/robots_txt.rb +1 -1
  7. data/app/finders/interesting_files/search_replace_db_2.rb +1 -1
  8. data/app/finders/interesting_files/xml_rpc.rb +1 -1
  9. data/app/models/interesting_file.rb +4 -0
  10. data/lib/cms_scanner.rb +1 -0
  11. data/lib/cms_scanner/finders/finder.rb +9 -0
  12. data/lib/cms_scanner/finders/finder/enumerator.rb +1 -14
  13. data/lib/cms_scanner/finders/finding.rb +4 -0
  14. data/lib/cms_scanner/finders/same_type_finders.rb +6 -0
  15. data/lib/cms_scanner/finders/unique_finders.rb +5 -5
  16. data/lib/cms_scanner/target.rb +1 -3
  17. data/lib/cms_scanner/target/scope.rb +1 -1
  18. data/lib/cms_scanner/version.rb +1 -1
  19. data/lib/cms_scanner/web_site.rb +8 -1
  20. data/spec/app/finders/interesting_files/fantastico_fileslist_spec.rb +2 -2
  21. data/spec/app/finders/interesting_files/headers_spec.rb +2 -2
  22. data/spec/app/finders/interesting_files/robots_txt_spec.rb +2 -2
  23. data/spec/app/finders/interesting_files/search_replace_db_2_spec.rb +2 -2
  24. data/spec/app/finders/interesting_files/xml_rpc_spec.rb +2 -2
  25. data/spec/app/finders/interesting_files_spec.rb +1 -1
  26. data/spec/app/models/fantastico_fileslist_spec.rb +1 -1
  27. data/spec/app/models/headers_spec.rb +1 -1
  28. data/spec/app/models/interesting_file_spec.rb +21 -1
  29. data/spec/app/models/robots_txt_spec.rb +1 -1
  30. data/spec/dummy_finding.rb +4 -0
  31. data/spec/fixtures/{interesting_files → finders/interesting_files}/fantastico_fileslist/fantastico_fileslist.txt +0 -0
  32. data/spec/fixtures/{interesting_files → finders/interesting_files}/file.txt +0 -0
  33. data/spec/fixtures/{interesting_files → finders/interesting_files}/headers/interesting.txt +0 -0
  34. data/spec/fixtures/{interesting_files → finders/interesting_files}/headers/no_interesting.txt +0 -0
  35. data/spec/fixtures/{interesting_files → finders/interesting_files}/robots_txt/robots.txt +0 -0
  36. data/spec/fixtures/{interesting_files → finders/interesting_files}/search_replace_db_2/searchreplacedb2.php +0 -0
  37. data/spec/fixtures/{interesting_files → finders/interesting_files}/xml_rpc/homepage_in_scope_pingback.html +0 -0
  38. data/spec/fixtures/{interesting_files → finders/interesting_files}/xml_rpc/homepage_out_of_scope_pingback.html +0 -0
  39. data/spec/fixtures/{interesting_files → finders/interesting_files}/xml_rpc/xmlrpc.php +0 -0
  40. data/spec/lib/finders/finder/enumerator_spec.rb +3 -3
  41. data/spec/lib/finders/finder_spec.rb +11 -0
  42. data/spec/lib/finders/same_type_finders_spec.rb +28 -3
  43. data/spec/lib/finders/unique_finders_spec.rb +2 -2
  44. data/spec/lib/target_spec.rb +1 -1
  45. data/spec/lib/web_site_spec.rb +6 -0
  46. data/spec/shared_examples/finding.rb +4 -0
  47. data/spec/spec_helper.rb +6 -5
  48. metadata +22 -20
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3954c9c3eb90a7f8acded64914b7b0af297ffffa
4
- data.tar.gz: 4379facdd8238326dc6f770bd095db747986db95
3
+ metadata.gz: 91053b9464fd4d16411c4f52a959987ab4db4547
4
+ data.tar.gz: 6b28b180d3eb7383949e981fb5d0c7f609d55d53
5
5
  SHA512:
6
- metadata.gz: 8fdefebdce42065da6bdcb82b941facbdae7f2ac2d0fec363c6ff6e1043257546fe257c100509b1e7d7869ce56ce04b3e9ddb19d1b173e1ff58ccd15a8715f99
7
- data.tar.gz: a8056624c77515e42d8bcc30b022e5ae435c2bb149da9596ba2cb30a7d5171576c5b7f35e582392e8d147c180297f49dc17a6857243ffe1af444f06cb2311a3e
6
+ metadata.gz: 4f4bcb4032ea19eebb855078d12c988157145aa56c957bef7d4a3d6ce49b29274c6f647729592392ccfd3ee0935e1647bcd09683f286cffc0935b13a7025a864
7
+ data.tar.gz: 364c291673d0978de579b1201c2d9159e91b86bf9604bd3e5e5c20b0aa7bd2a72e68297a91c10275742b9479fc79907cf20c68a5b3165f12b5a45b9e8a1f667c
data/.rubocop.yml CHANGED
@@ -5,6 +5,6 @@ ClassVars:
5
5
  MethodLength:
6
6
  Max: 15
7
7
  Metrics/AbcSize:
8
- Max: 22
8
+ Max: 25
9
9
  Metrics/CyclomaticComplexity:
10
10
  Max: 10
@@ -6,14 +6,16 @@ require_relative 'interesting_files/xml_rpc'
6
6
 
7
7
  module CMSScanner
8
8
  module Finders
9
- # Interesting Files Finder
10
- class InterestingFiles
11
- include IndependentFinder
9
+ module InterestingFiles
10
+ # Interesting Files Finder
11
+ class Base
12
+ include IndependentFinder
12
13
 
13
- # @param [ CMSScanner::Target ] target
14
- def initialize(target)
15
- %w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC).each do |f|
16
- finders << NS.const_get("Finders::InterestingFile::#{f}").new(target)
14
+ # @param [ CMSScanner::Target ] target
15
+ def initialize(target)
16
+ %w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC).each do |f|
17
+ finders << NS.const_get("Finders::InterestingFiles::#{f}").new(target)
18
+ end
17
19
  end
18
20
  end
19
21
  end
@@ -1,6 +1,6 @@
1
1
  module CMSScanner
2
2
  module Finders
3
- module InterestingFile
3
+ module InterestingFiles
4
4
  # FantasticoFileslist finder
5
5
  class FantasticoFileslist < Finder
6
6
  # @return [ String ] The url of the fantastico_fileslist.txt file
@@ -1,6 +1,6 @@
1
1
  module CMSScanner
2
2
  module Finders
3
- module InterestingFile
3
+ module InterestingFiles
4
4
  # Interesting Headers finder
5
5
  class Headers < Finder
6
6
  # @return [ InterestingFile ]
@@ -1,6 +1,6 @@
1
1
  module CMSScanner
2
2
  module Finders
3
- module InterestingFile
3
+ module InterestingFiles
4
4
  # Robots.txt finder
5
5
  class RobotsTxt < Finder
6
6
  # @return [ String ] The url of the robots.txt file
@@ -1,6 +1,6 @@
1
1
  module CMSScanner
2
2
  module Finders
3
- module InterestingFile
3
+ module InterestingFiles
4
4
  # SearchReplaceDB2 finder
5
5
  class SearchReplaceDB2 < Finder
6
6
  # @return [ String ] The url to the searchreplacedb2 PHP file
@@ -1,6 +1,6 @@
1
1
  module CMSScanner
2
2
  module Finders
3
- module InterestingFile
3
+ module InterestingFiles
4
4
  # XML RPC finder
5
5
  class XMLRPC < Finder
6
6
  # @return [ Array<String> ] The potential urls to the XMl RPC file
@@ -19,6 +19,10 @@ module CMSScanner
19
19
  res.body.split("\n").reject { |s| s.strip.empty? }
20
20
  end
21
21
 
22
+ def to_s
23
+ url
24
+ end
25
+
22
26
  def ==(other)
23
27
  url == other.url
24
28
  end
data/lib/cms_scanner.rb CHANGED
@@ -8,6 +8,7 @@ require 'public_suffix'
8
8
  require 'ruby-progressbar'
9
9
  # Standard Libs
10
10
  require 'erb'
11
+ require 'uri'
11
12
  require 'fileutils'
12
13
  require 'pathname'
13
14
  # Monkey Patches
@@ -27,6 +27,15 @@ module CMSScanner
27
27
  def aggressive(_opts = {})
28
28
  end
29
29
 
30
+ # @param [ Integer ] total
31
+ # @param [ String ] title
32
+ # @param [ String ] format See https://github.com/jfelchner/ruby-progressbar/wiki/Formatting
33
+ #
34
+ # @return [ ProgressBar ]
35
+ def progress_bar(total, title = '', format = '%t %a <%B> (%c / %C) %P%% %e')
36
+ ProgressBar.create(total: total, title: title, format: format)
37
+ end
38
+
30
39
  def found_by
31
40
  caller_locations.each do |call|
32
41
  label = call.label
@@ -10,7 +10,7 @@ module CMSScanner
10
10
  # @yield [ Typhoeus::Response, String ]
11
11
  def enumerate(opts = {})
12
12
  targets = target_urls(opts)
13
- bar = progress_bar(targets.size) if opts[:show_progression]
13
+ bar = progress_bar(targets.size, progress_bar_title) if opts[:show_progression]
14
14
 
15
15
  targets.each do |url, id|
16
16
  request = browser.forge_request(url, request_params)
@@ -37,19 +37,6 @@ module CMSScanner
37
37
  fail NotImplementedError
38
38
  end
39
39
 
40
- # @param [ Integer ] total
41
- #
42
- # @return [ ProgressBar ]
43
- # :nocov:
44
- def progress_bar(total)
45
- ProgressBar.create(
46
- format: '%t %a <%B> (%c / %C) %P%% %e',
47
- title: progress_bar_title,
48
- total: total
49
- )
50
- end
51
- # :nocov:
52
-
53
40
  # Progress Bar title to use, allow instance using this module
54
41
  # to display a custom title if needed
55
42
  #
@@ -43,6 +43,10 @@ module CMSScanner
43
43
  def eql?(other)
44
44
  self == other && confidence == other.confidence && found_by == other.found_by
45
45
  end
46
+
47
+ def <=>(other)
48
+ to_s <=> other.to_s
49
+ end
46
50
  end
47
51
  end
48
52
  end
@@ -7,6 +7,9 @@ module CMSScanner
7
7
  class SameTypeFinders < IndependentFinders
8
8
  # @param [ Hash ] opts
9
9
  # @option opts [ Symbol ] :mode :mixed, :passive or :aggressive
10
+ # @option opts [ Boolean ] :vulnerable Only return vulnerable findings
11
+ # (which must respond to :vulnerable?)
12
+ # @option opts [ Boolean ] :sort Wether or not to sort the findings
10
13
  #
11
14
  # @return [ Findings ]
12
15
  def run(opts = {})
@@ -18,6 +21,9 @@ module CMSScanner
18
21
  end
19
22
  end
20
23
 
24
+ findings.select!(&:vulnerable?) if opts[:vulnerable]
25
+ findings.sort! if opts[:sort]
26
+
21
27
  findings
22
28
  end
23
29
  end
@@ -13,7 +13,7 @@ module CMSScanner
13
13
  # Default is 100.
14
14
  # If <= 0, all finders will be ran.
15
15
  #
16
- # @return [ Object ] The best finding
16
+ # @return [ Object, false ] The best finding or false if none
17
17
  def run(opts = {})
18
18
  opts[:confidence_threshold] ||= 100
19
19
 
@@ -34,15 +34,15 @@ module CMSScanner
34
34
 
35
35
  # @param [ Array<Object> ] findings
36
36
  #
37
- # @return [ Object ] The best finding
37
+ # @return [ Object, false ] The best finding or false if none
38
38
  def best_finding(findings)
39
39
  # results are sorted by confidence ASC
40
40
  findings.sort_by!(&:confidence)
41
41
 
42
- # If all findings have the same confidence, nil is returned
43
- return if findings.size > 1 && findings.first.confidence == findings.last.confidence
42
+ # If all findings have the same confidence, false is returned
43
+ return false if findings.size > 1 && findings.first.confidence == findings.last.confidence
44
44
 
45
- findings.last
45
+ findings.last || false
46
46
  end
47
47
  end
48
48
  end
@@ -19,13 +19,11 @@ module CMSScanner
19
19
  [*opts[:scope]].each { |s| scope << s }
20
20
  end
21
21
 
22
- # TODO: add a force option to re-call the #find rather than return the @interesting_files ?
23
- #
24
22
  # @param [ Hash ] opts
25
23
  #
26
24
  # @return [ Findings ]
27
25
  def interesting_files(opts = {})
28
- @interesting_files ||= NS::Finders::InterestingFiles.find(self, opts)
26
+ @interesting_files ||= NS::Finders::InterestingFiles::Base.find(self, opts)
29
27
  end
30
28
  end
31
29
  end
@@ -19,7 +19,7 @@ module CMSScanner
19
19
  # @param [ String ] xpath
20
20
  # @param [ Array<String> ] attributes
21
21
  #
22
- # @return [ Array<String> ] The in scope URLs detected in the response's body
22
+ # @return [ Array<String> ] The in scope absolute URLs detected in the response's body
23
23
  def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
24
24
  found = []
25
25
 
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module CMSScanner
3
- VERSION = '0.0.16'
3
+ VERSION = '0.0.17'
4
4
  end
@@ -22,11 +22,18 @@ module CMSScanner
22
22
 
23
23
  # Used for convenience
24
24
  #
25
+ # URI.encode is preferered over Addressable::URI.encode as it will encode
26
+ # leading # character:
27
+ # URI.encode('#t#') => %23t%23
28
+ # Addressable::URI.encode('#t#') => #t%23
29
+ #
25
30
  # @param [ String ] path Optional path to merge with the uri
26
31
  #
27
32
  # @return [ String ]
28
33
  def url(path = nil)
29
- @uri.join(path || '').to_s
34
+ return @uri.to_s unless path
35
+
36
+ @uri.join(URI.encode(path)).to_s
30
37
  end
31
38
 
32
39
  # Checks if the remote website is up.
@@ -1,11 +1,11 @@
1
1
  require 'spec_helper'
2
2
 
3
- describe CMSScanner::Finders::InterestingFile::FantasticoFileslist do
3
+ describe CMSScanner::Finders::InterestingFiles::FantasticoFileslist do
4
4
  subject(:finder) { described_class.new(target) }
5
5
  let(:target) { CMSScanner::Target.new(url) }
6
6
  let(:url) { 'http://example.com/' }
7
7
  let(:file) { url + 'fantastico_fileslist.txt' }
8
- let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'fantastico_fileslist') }
8
+ let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'fantastico_fileslist') }
9
9
 
10
10
  describe '#url' do
11
11
  its(:url) { should eq file }
@@ -1,10 +1,10 @@
1
1
  require 'spec_helper'
2
2
 
3
- describe CMSScanner::Finders::InterestingFile::Headers do
3
+ describe CMSScanner::Finders::InterestingFiles::Headers do
4
4
  subject(:finder) { described_class.new(target) }
5
5
  let(:target) { CMSScanner::Target.new(url) }
6
6
  let(:url) { 'http://example.com/' }
7
- let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'headers') }
7
+ let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'headers') }
8
8
  let(:fixture) { File.join(fixtures, 'interesting.txt') }
9
9
  let(:headers) { parse_headers_file(fixture) }
10
10
 
@@ -1,11 +1,11 @@
1
1
  require 'spec_helper'
2
2
 
3
- describe CMSScanner::Finders::InterestingFile::RobotsTxt do
3
+ describe CMSScanner::Finders::InterestingFiles::RobotsTxt do
4
4
  subject(:finder) { described_class.new(target) }
5
5
  let(:target) { CMSScanner::Target.new(url) }
6
6
  let(:url) { 'http://example.com/' }
7
7
  let(:robots_txt) { url + 'robots.txt' }
8
- let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'robots_txt') }
8
+ let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'robots_txt') }
9
9
 
10
10
  describe '#url' do
11
11
  its(:url) { should eq robots_txt }
@@ -1,11 +1,11 @@
1
1
  require 'spec_helper'
2
2
 
3
- describe CMSScanner::Finders::InterestingFile::SearchReplaceDB2 do
3
+ describe CMSScanner::Finders::InterestingFiles::SearchReplaceDB2 do
4
4
  subject(:finder) { described_class.new(target) }
5
5
  let(:target) { CMSScanner::Target.new(url) }
6
6
  let(:url) { 'http://example.com/' }
7
7
  let(:file) { url + 'searchreplacedb2.php' }
8
- let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'search_replace_db_2') }
8
+ let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'search_replace_db_2') }
9
9
 
10
10
  describe '#url' do
11
11
  its(:url) { should eq file }
@@ -1,11 +1,11 @@
1
1
  require 'spec_helper'
2
2
 
3
- describe CMSScanner::Finders::InterestingFile::XMLRPC do
3
+ describe CMSScanner::Finders::InterestingFiles::XMLRPC do
4
4
  subject(:finder) { described_class.new(target) }
5
5
  let(:target) { CMSScanner::Target.new(url) }
6
6
  let(:url) { 'http://e.org/' }
7
7
  let(:xml_rpc_url) { url + 'xmlrpc.php' }
8
- let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'xml_rpc') }
8
+ let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'xml_rpc') }
9
9
 
10
10
  describe '#potential_urls' do
11
11
  its(:potential_urls) { should be_empty }
@@ -1,6 +1,6 @@
1
1
  require 'spec_helper'
2
2
 
3
- describe CMSScanner::Finders::InterestingFiles do
3
+ describe CMSScanner::Finders::InterestingFiles::Base do
4
4
  it_behaves_like CMSScanner::Finders::IndependentFinder do
5
5
  let(:expected_finders) { %w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC) }
6
6
  let(:expected_finders_class) { CMSScanner::Finders::IndependentFinders }
@@ -3,7 +3,7 @@ require 'spec_helper'
3
3
  describe CMSScanner::FantasticoFileslist do
4
4
  subject(:file) { described_class.new(url) }
5
5
  let(:url) { 'http://example.com/robots.txt' }
6
- let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'fantastico_fileslist') }
6
+ let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'fantastico_fileslist') }
7
7
 
8
8
  describe '#interesting_entries' do
9
9
  let(:headers) { { 'Content-Type' => 'text/plain; charset=utf-8' } }
@@ -3,7 +3,7 @@ require 'spec_helper'
3
3
  describe CMSScanner::Headers do
4
4
  subject(:file) { described_class.new(url) }
5
5
  let(:url) { 'http://example.com/' }
6
- let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'headers') }
6
+ let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'headers') }
7
7
  let(:fixture) { File.join(fixtures, 'interesting.txt') }
8
8
  let(:headers) { {} }
9
9
 
@@ -6,7 +6,7 @@ describe CMSScanner::InterestingFile do
6
6
  subject(:file) { described_class.new(url, opts) }
7
7
  let(:opts) { {} }
8
8
  let(:url) { 'http://example.com/' }
9
- let(:fixtures) { File.join(FIXTURES, 'interesting_files') }
9
+ let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files') }
10
10
 
11
11
  describe '#entries' do
12
12
  after do
@@ -46,4 +46,24 @@ describe CMSScanner::InterestingFile do
46
46
  end
47
47
  end
48
48
  end
49
+
50
+ describe '#<=>' do
51
+ context 'when same URL' do
52
+ it 'returns 0' do
53
+ expect(file <=> described_class.new(url)).to eql 0
54
+ end
55
+ end
56
+
57
+ context 'when the other URL <= current one' do
58
+ it 'returns 1' do
59
+ expect(file <=> described_class.new('http://e.org')).to eql 1
60
+ end
61
+ end
62
+
63
+ context 'when the other URL >= current one' do
64
+ it 'returns -1' do
65
+ expect(file <=> described_class.new('http://exi.org/')).to eql(-1)
66
+ end
67
+ end
68
+ end
49
69
  end
@@ -3,7 +3,7 @@ require 'spec_helper'
3
3
  describe CMSScanner::RobotsTxt do
4
4
  subject(:file) { described_class.new(url) }
5
5
  let(:url) { 'http://example.com/robots.txt' }
6
- let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'robots_txt') }
6
+ let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'robots_txt') }
7
7
 
8
8
  describe '#interesting_entries' do
9
9
  let(:headers) { { 'Content-Type' => 'text/plain; charset=utf-8' } }
@@ -17,5 +17,9 @@ module CMSScanner
17
17
  def eql?(other)
18
18
  r == other.r && confidence == other.confidence && found_by == other.found_by
19
19
  end
20
+
21
+ def to_s
22
+ r
23
+ end
20
24
  end
21
25
  end
@@ -15,9 +15,9 @@ describe CMSScanner::Finders::Finder::Enumerator do
15
15
  end
16
16
  end
17
17
 
18
- describe '#progress_bar' do
19
- it 'returns a ProgressBar' do
20
- expect(finder.progress_bar(2)).to be_a ProgressBar::Base
18
+ describe '#progress_bar_title' do
19
+ it 'returns a space' do
20
+ expect(finder.progress_bar_title).to eql ' '
21
21
  end
22
22
  end
23
23
 
@@ -0,0 +1,11 @@
1
+ require 'spec_helper'
2
+
3
+ describe CMSScanner::Finders::Finder do
4
+ subject(:finder) { described_class.new('target') }
5
+
6
+ describe '#progress_bar' do
7
+ it 'returns a ProgressBar::Base' do
8
+ expect(finder.progress_bar(12)).to be_a ProgressBar::Base
9
+ end
10
+ end
11
+ end
@@ -31,7 +31,7 @@ describe CMSScanner::Finders::SameTypeFinders do
31
31
  context 'when :mixed mode' do
32
32
  let(:opts) { super().merge(mode: :mixed) }
33
33
 
34
- it 'calls all #passive then #aggressive on finders and returns the best result' do
34
+ it 'calls all #passive then #aggressive on finders and returns the results' do
35
35
  expect(finders[0]).to receive(:passive)
36
36
  .with(hash_including(found: [])).ordered
37
37
  .and_return(dummy_passive)
@@ -63,7 +63,7 @@ describe CMSScanner::Finders::SameTypeFinders do
63
63
  context 'when :passive mode' do
64
64
  let(:opts) { super().merge(mode: :passive) }
65
65
 
66
- it 'calls #passive on all finders and returns the best result' do
66
+ before do
67
67
  expect(finders[0]).to receive(:passive)
68
68
  .with(hash_including(found: [])).ordered
69
69
  .and_return(dummy_passive)
@@ -73,18 +73,43 @@ describe CMSScanner::Finders::SameTypeFinders do
73
73
  .and_return(noaggressive)
74
74
 
75
75
  finders.each { |f| expect(f).to_not receive(:aggressive) }
76
+ end
76
77
 
78
+ it 'calls #passive on all finders and returns the results' do
77
79
  @expected = []
78
80
  @expected << finding.new('test', found_by: 'Dummy Finder (Passive Detection)')
79
81
  @expected << finding.new('spotted', confidence: 10,
80
82
  found_by: 'No Aggressive Result (Passive Detection)')
81
83
  end
84
+
85
+ context 'when :sort used' do
86
+ let(:opts) { super().merge(sort: true) }
87
+
88
+ it 'returns the sorted results' do
89
+ @expected = []
90
+ @expected << finding.new('spotted', confidence: 10,
91
+ found_by: 'No Aggressive Result (Passive Detection)')
92
+ @expected << finding.new('test', found_by: 'Dummy Finder (Passive Detection)')
93
+ end
94
+ end
95
+
96
+ # TODO: make this work
97
+ # context 'when :vulnerable used' do
98
+ # let(:opts) { super().merge(vulnerable: true) }
99
+
100
+ # it 'returns the vulnerable results' do
101
+ # expect(dummy_passive).to receive(:vulnerable?).and_return(true)
102
+ # expect(noaggressive).to receive(:vulnerable?)
103
+
104
+ # @expected = [finding.new('test', found_by: 'Dummy Finder (Passive Detection)')]
105
+ # end
106
+ # end
82
107
  end
83
108
 
84
109
  context 'when :aggressive mode' do
85
110
  let(:opts) { super().merge(mode: :aggressive) }
86
111
 
87
- it 'calls #aggressive on all finders and returns the best result' do
112
+ it 'calls #aggressive on all finders and returns the results' do
88
113
  finders.each { |f| expect(f).to_not receive(:passive) }
89
114
 
90
115
  expect(finders[0]).to receive(:aggressive)
@@ -12,7 +12,7 @@ describe CMSScanner::Finders::UniqueFinders do
12
12
 
13
13
  context 'when no findings' do
14
14
  it 'returns nil' do
15
- @expected = nil
15
+ @expected = false
16
16
  end
17
17
  end
18
18
 
@@ -31,7 +31,7 @@ describe CMSScanner::Finders::UniqueFinders do
31
31
 
32
32
  context 'when they have the same confidence' do
33
33
  it 'returns nil' do
34
- @expected = nil
34
+ @expected = false
35
35
  end
36
36
  end
37
37
 
@@ -6,7 +6,7 @@ describe CMSScanner::Target do
6
6
 
7
7
  describe '#interesting_files' do
8
8
  before do
9
- expect(CMSScanner::Finders::InterestingFiles).to receive(:find).and_return(stubbed)
9
+ expect(CMSScanner::Finders::InterestingFiles::Base).to receive(:find).and_return(stubbed)
10
10
  end
11
11
 
12
12
  context 'when no findings' do
@@ -40,6 +40,12 @@ describe CMSScanner::WebSite do
40
40
  expect(web_site.url('file.txt')).to eql "#{url}/file.txt"
41
41
  end
42
42
 
43
+ it 'encodes the path' do
44
+ expect(web_site.url('f ile.txt')).to eql "#{url}/f%20ile.txt"
45
+ expect(web_site.url('s/a%.txt')).to eql "#{url}/s/a%25.txt"
46
+ expect(web_site.url('#file.txt#')).to eql "#{url}/%23file.txt%23"
47
+ end
48
+
43
49
  context 'when relative path' do
44
50
  let(:url) { 'http://e.org/dir/' }
45
51
 
@@ -47,4 +47,8 @@ shared_examples CMSScanner::Finders::Finding do
47
47
  end
48
48
  end
49
49
  end
50
+
51
+ describe '#<=>' do
52
+ # Handled in spc/app/models/interesting_files_spec
53
+ end
50
54
  end
data/spec/spec_helper.rb CHANGED
@@ -35,8 +35,9 @@ end
35
35
  require 'cms_scanner'
36
36
  require 'shared_examples'
37
37
 
38
- SPECS = Pathname.new(__FILE__).dirname.to_s
39
- CACHE = File.join(SPECS, 'cache')
40
- FIXTURES = File.join(SPECS, 'fixtures')
41
- FIXTURES_VIEWS = File.join(FIXTURES, 'views')
42
- APP_VIEWS = File.join(CMSScanner::APP_DIR, 'views')
38
+ SPECS = Pathname.new(__FILE__).dirname.to_s
39
+ CACHE = File.join(SPECS, 'cache')
40
+ FIXTURES = File.join(SPECS, 'fixtures')
41
+ FIXTURES_VIEWS = File.join(FIXTURES, 'views')
42
+ FIXTURES_FINDERS = File.join(FIXTURES, 'finders')
43
+ APP_VIEWS = File.join(CMSScanner::APP_DIR, 'views')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cms_scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.16
4
+ version: 0.0.17
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam - Erwan Le Rousseau
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-02-23 00:00:00.000000000 Z
11
+ date: 2015-02-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: opt_parse_validator
@@ -318,15 +318,15 @@ files:
318
318
  - spec/dummy_finding.rb
319
319
  - spec/dummy_independent_finders.rb
320
320
  - spec/dummy_unique_finders.rb
321
- - spec/fixtures/interesting_files/fantastico_fileslist/fantastico_fileslist.txt
322
- - spec/fixtures/interesting_files/file.txt
323
- - spec/fixtures/interesting_files/headers/interesting.txt
324
- - spec/fixtures/interesting_files/headers/no_interesting.txt
325
- - spec/fixtures/interesting_files/robots_txt/robots.txt
326
- - spec/fixtures/interesting_files/search_replace_db_2/searchreplacedb2.php
327
- - spec/fixtures/interesting_files/xml_rpc/homepage_in_scope_pingback.html
328
- - spec/fixtures/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
329
- - spec/fixtures/interesting_files/xml_rpc/xmlrpc.php
321
+ - spec/fixtures/finders/interesting_files/fantastico_fileslist/fantastico_fileslist.txt
322
+ - spec/fixtures/finders/interesting_files/file.txt
323
+ - spec/fixtures/finders/interesting_files/headers/interesting.txt
324
+ - spec/fixtures/finders/interesting_files/headers/no_interesting.txt
325
+ - spec/fixtures/finders/interesting_files/robots_txt/robots.txt
326
+ - spec/fixtures/finders/interesting_files/search_replace_db_2/searchreplacedb2.php
327
+ - spec/fixtures/finders/interesting_files/xml_rpc/homepage_in_scope_pingback.html
328
+ - spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
329
+ - spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php
330
330
  - spec/fixtures/output.txt
331
331
  - spec/fixtures/target/platform/php/debug_log/debug.log
332
332
  - spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
@@ -353,6 +353,7 @@ files:
353
353
  - spec/lib/finders/finder/enumerator_spec.rb
354
354
  - spec/lib/finders/finder/smart_url_checker/findings_spec.rb
355
355
  - spec/lib/finders/finder/smart_url_checker_spec.rb
356
+ - spec/lib/finders/finder_spec.rb
356
357
  - spec/lib/finders/findings_spec.rb
357
358
  - spec/lib/finders/independent_finders_spec.rb
358
359
  - spec/lib/finders/same_type_finder_spec.rb
@@ -438,15 +439,15 @@ test_files:
438
439
  - spec/dummy_finding.rb
439
440
  - spec/dummy_independent_finders.rb
440
441
  - spec/dummy_unique_finders.rb
441
- - spec/fixtures/interesting_files/fantastico_fileslist/fantastico_fileslist.txt
442
- - spec/fixtures/interesting_files/file.txt
443
- - spec/fixtures/interesting_files/headers/interesting.txt
444
- - spec/fixtures/interesting_files/headers/no_interesting.txt
445
- - spec/fixtures/interesting_files/robots_txt/robots.txt
446
- - spec/fixtures/interesting_files/search_replace_db_2/searchreplacedb2.php
447
- - spec/fixtures/interesting_files/xml_rpc/homepage_in_scope_pingback.html
448
- - spec/fixtures/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
449
- - spec/fixtures/interesting_files/xml_rpc/xmlrpc.php
442
+ - spec/fixtures/finders/interesting_files/fantastico_fileslist/fantastico_fileslist.txt
443
+ - spec/fixtures/finders/interesting_files/file.txt
444
+ - spec/fixtures/finders/interesting_files/headers/interesting.txt
445
+ - spec/fixtures/finders/interesting_files/headers/no_interesting.txt
446
+ - spec/fixtures/finders/interesting_files/robots_txt/robots.txt
447
+ - spec/fixtures/finders/interesting_files/search_replace_db_2/searchreplacedb2.php
448
+ - spec/fixtures/finders/interesting_files/xml_rpc/homepage_in_scope_pingback.html
449
+ - spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
450
+ - spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php
450
451
  - spec/fixtures/output.txt
451
452
  - spec/fixtures/target/platform/php/debug_log/debug.log
452
453
  - spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
@@ -473,6 +474,7 @@ test_files:
473
474
  - spec/lib/finders/finder/enumerator_spec.rb
474
475
  - spec/lib/finders/finder/smart_url_checker/findings_spec.rb
475
476
  - spec/lib/finders/finder/smart_url_checker_spec.rb
477
+ - spec/lib/finders/finder_spec.rb
476
478
  - spec/lib/finders/findings_spec.rb
477
479
  - spec/lib/finders/independent_finders_spec.rb
478
480
  - spec/lib/finders/same_type_finder_spec.rb