cms_scanner 0.0.18 → 0.0.19

data/.gitignore

@@ -1,7 +0,0 @@
-*.gem
-*.rbc
-.bundle
-.config
-coverage
-pkg
-Gemfile.lock

data/.rspec

@@ -1,2 +0,0 @@
---color
---fail-fast

data/.rubocop.yml

@@ -1,10 +0,0 @@
-LineLength:
-  Max: 100
-ClassVars:
-  Enabled: false
-MethodLength:
-  Max: 15
-Metrics/AbcSize:
-  Max: 25
-Metrics/CyclomaticComplexity:
-  Max: 10

data/.travis.yml

@@ -1,17 +0,0 @@
-language: ruby
-rvm:
-  - 2.0.0
-  - 2.1.0
-  - 2.1.1
-  - 2.1.2
-  - 2.1.3
-  - 2.1.4
-  - 2.1.5
-  - 2.2.0
-  - ruby-head
-matrix:
-  allow_failures:
-    - rvm: ruby-head
-script:
-  - bundle exec rspec
-  - bundle exec rubocop

data/Gemfile

@@ -1,6 +0,0 @@
-source 'https://rubygems.org'
-gemspec
-
-group :test do
-  gem 'coveralls', '~> 0.7', require: false
-end

data/Rakefile

@@ -1,9 +0,0 @@
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
-require 'rubocop/rake_task'
-
-RuboCop::RakeTask.new
-RSpec::Core::RakeTask.new(:spec)
-
-# Run rubocop & rspec before the build
-task build: [:rubocop, :spec]

data/spec/app/controllers/core_spec.rb

@@ -1,167 +0,0 @@
-require 'spec_helper'
-
-describe CMSScanner::Controller::Core do
-  subject(:core)       { described_class.new }
-  let(:target_url)     { 'http://example.com/' }
-  let(:parsed_options) { { url: target_url } }
-
-  before do
-    CMSScanner::Browser.reset
-    described_class.parsed_options = parsed_options
-  end
-
-  its(:cli_options) { should_not be_empty }
-  its(:cli_options) { should be_a Array }
-
-  describe '#setup_cache' do
-    context 'when no cache_dir supplied (or default)' do
-      it 'returns nil' do
-        expect(core.setup_cache).to eq nil
-      end
-    end
-
-    context 'when cache_dir' do
-      let(:parsed_options) { super().merge(cache_dir: CACHE) }
-      let(:cache)          { Typhoeus::Config.cache }
-      let(:storage) { File.join(parsed_options[:cache_dir], Digest::MD5.hexdigest(target_url)) }
-
-      before { core.setup_cache }
-      after  { Typhoeus::Config.cache = nil }
-
-      it 'sets up the cache' do
-        expect(cache).to be_a CMSScanner::Cache::Typhoeus
-        expect(cache.storage_path).to eq storage
-      end
-    end
-  end
-
-  describe '#before_scan' do
-    before { expect(core.formatter).to receive(:output) }
-
-    it 'does not raise an error when everything is fine' do
-      stub_request(:get, target_url).to_return(status: 200)
-
-      expect { core.before_scan }.to_not raise_error
-    end
-
-    it 'raise an error when the site is down' do
-      stub_request(:get, target_url).to_return(status: 0)
-
-      expect { core.before_scan }
-        .to raise_error("The url supplied '#{target_url}' seems to be down")
-    end
-
-    it 'raises an error when the site redirects' do
-      redirection = 'http://somewhere.com'
-
-      expect(core.target).to receive(:redirection).and_return(redirection)
-
-      stub_request(:get, target_url).to_return(status: 301, headers: { location: redirection })
-
-      expect { core.before_scan }
-        .to raise_error("The url supplied redirects to #{redirection}")
-    end
-
-    context 'when access is forbidden' do
-      before { stub_request(:get, target_url).to_return(status: 403) }
-
-      it 'raises an error' do
-        expect { core.before_scan }.to raise_error(CMSScanner::AccessForbiddenError)
-      end
-    end
-
-    # This is quite a mess (as Webmock doesn't issue itself another 401
-    # when credential are incorrect :/)
-    context 'when http authentication' do
-      context 'when no credentials' do
-        before { stub_request(:get, target_url).to_return(status: 401) }
-
-        it 'raises an error' do
-          expect { core.before_scan }.to raise_error(CMSScanner::HTTPAuthRequiredError)
-        end
-      end
-
-      context 'when credentials' do
-        context 'when valid' do
-          before { stub_request(:get, 'http://user:pass@example.com') }
-
-          let(:parsed_options) { super().merge(http_auth: { username: 'user', password: 'pass' }) }
-
-          it 'does not raise any error' do
-            expect { core.before_scan }.to_not raise_error
-          end
-        end
-
-        context 'when invalid' do
-          before { stub_request(:get, 'http://user:p@ss@example.com').to_return(status: 401) }
-
-          let(:parsed_options) { super().merge(http_auth: { username: 'user', password: 'p@ss' }) }
-
-          it 'raises an error' do
-            expect { core.before_scan }.to raise_error(CMSScanner::HTTPAuthRequiredError)
-          end
-        end
-      end
-    end
-
-    context 'when proxy authentication' do
-      before { stub_request(:get, target_url).to_return(status: 407) }
-
-      context 'when no credentials' do
-        it 'raises an error' do
-          expect { core.before_scan }.to raise_error(CMSScanner::ProxyAuthRequiredError)
-        end
-      end
-
-      context 'when invalid credentials' do
-        let(:parsed_options) { super().merge(proxy_auth: { username: 'user', password: 'p@ss' }) }
-
-        it 'raises an error' do
-          expect(CMSScanner::Browser.instance.proxy_auth).to eq(parsed_options[:proxy_auth])
-
-          expect { core.before_scan }.to raise_error(CMSScanner::ProxyAuthRequiredError)
-        end
-      end
-
-      context 'when valid credentials' do
-        before { stub_request(:get, target_url) }
-
-        let(:parsed_options) { super().merge(proxy_auth: { username: 'user', password: 'pass' }) }
-
-        it 'raises an error' do
-          expect(CMSScanner::Browser.instance.proxy_auth).to eq(parsed_options[:proxy_auth])
-
-          expect { core.before_scan }.to_not raise_error
-        end
-      end
-    end
-  end
-
-  describe '#run' do
-    it 'calls the formatter with the correct parameters' do
-      expect(core.formatter).to receive(:output)
-        .with('started',
-              hash_including(:start_memory, :start_time, :verbose, url: target_url),
-              'core')
-
-      core.run
-    end
-  end
-
-  describe '#after_scan' do
-    let(:keys) { [:verbose, :start_time, :stop_time, :start_memory, :elapsed, :used_memory] }
-
-    it 'calls the formatter with the correct parameters' do
-      # Call the #run once to ensure that @start_time & @start_memory are set
-      expect(core).to receive(:output).with('started', url: target_url)
-      core.run
-
-      RSpec::Mocks.space.proxy_for(core).reset # Must reset due to the above statements
-
-      expect(core.formatter).to receive(:output)
-        .with('finished', hash_including(*keys), 'core')
-
-      core.after_scan
-    end
-  end
-end

data/spec/app/controllers/interesting_files_spec.rb

@@ -1,70 +0,0 @@
-require 'spec_helper'
-
-describe CMSScanner::Controller::InterestingFiles do
-  subject(:controller) { described_class.new }
-  let(:target_url)     { 'http://example.com/' }
-  let(:parsed_options) { { url: target_url } }
-
-  before do
-    CMSScanner::Browser.reset
-    described_class.parsed_options = parsed_options
-  end
-
-  its(:before_scan) { should be_nil }
-  its(:after_scan)  { should be_nil }
-
-  describe '#cli_options' do
-    its(:cli_options) { should_not be_empty }
-    its(:cli_options) { should be_a Array }
-
-    it 'contains to correct options' do
-      expect(controller.cli_options.map(&:to_sym)).to eq [:interesting_files_detection]
-    end
-  end
-
-  describe '#run' do
-    before do
-      expect(controller.target).to receive(:interesting_files)
-        .with(
-          mode: parsed_options[:interesting_files_detection] || parsed_options[:detection_mode]
-        ).and_return(stubbed)
-    end
-
-    after { controller.run }
-
-    [:mixed, :passive, :aggressive].each do |mode|
-      context "when --detection-mode #{mode}" do
-        let(:parsed_options) { super().merge(detection_mode: mode) }
-
-        context 'when no findings' do
-          let(:stubbed) { [] }
-
-          before { expect(controller.formatter).to_not receive(:output) }
-
-          it 'does not call the formatter' do
-            # Handled by the before statements above
-          end
-
-          context 'when --interesting-files-detection mode supplied' do
-            let(:parsed_options) do
-              super().merge(interesting_files_detection: :passive)
-            end
-
-            it 'gives the correct detection paramter' do
-              # Handled by before/after statements
-            end
-          end
-        end
-
-        context 'when findings' do
-          let(:stubbed) { ['yolo'] }
-
-          it 'calls the formatter with the correct parameter' do
-            expect(controller.formatter).to receive(:output)
-              .with('findings', hash_including(findings: stubbed), 'interesting_files')
-          end
-        end
-      end
-    end
-  end
-end

data/spec/app/finders/interesting_files/fantastico_fileslist_spec.rb

@@ -1,66 +0,0 @@
-require 'spec_helper'
-
-describe CMSScanner::Finders::InterestingFiles::FantasticoFileslist do
-  subject(:finder) { described_class.new(target) }
-  let(:target)     { CMSScanner::Target.new(url) }
-  let(:url)        { 'http://example.com/' }
-  let(:file)       { url + 'fantastico_fileslist.txt' }
-  let(:fixtures)   { File.join(FIXTURES_FINDERS, 'interesting_files', 'fantastico_fileslist') }
-
-  describe '#url' do
-    its(:url) { should eq file }
-  end
-
-  describe '#aggressive' do
-    after do
-      stub_request(:get, file).to_return(status: status, body: body, headers: headers)
-
-      result = finder.aggressive
-
-      expect(result).to be_a CMSScanner::FantasticoFileslist if @expected
-      expect(result).to eql @expected
-    end
-
-    let(:body)    { '' }
-    let(:headers) { { 'Content-Type' => 'text/html ' } }
-
-    context 'when 404' do
-      let(:status) { 404 }
-
-      it 'returns nil' do
-        @expected = nil
-      end
-    end
-
-    context 'when 200' do
-      let(:status) { 200 }
-
-      context 'when the body is empty' do
-        it 'returns nil' do
-          @expected = nil
-        end
-      end
-
-      context 'when not a text/plain Content-Type' do
-        let(:body) { 'not an empty body' }
-
-        it 'returns nil' do
-          @expected = nil
-        end
-      end
-
-      context 'when the body matches and Content-Type = text/plain' do
-        let(:body)    { File.new(File.join(fixtures, 'fantastico_fileslist.txt')).read }
-        let(:headers) { { 'Content-Type' => 'text/plain' } }
-
-        it 'returns the InterestingFile result' do
-          @expected = CMSScanner::FantasticoFileslist.new(
-            file,
-            confidence: 100,
-            found_by: 'Fantastico Fileslist (Aggressive Detection)'
-          )
-        end
-      end
-    end
-  end
-end

data/spec/app/finders/interesting_files/headers_spec.rb

@@ -1,36 +0,0 @@
-require 'spec_helper'
-
-describe CMSScanner::Finders::InterestingFiles::Headers do
-  subject(:finder) { described_class.new(target) }
-  let(:target)     { CMSScanner::Target.new(url) }
-  let(:url)        { 'http://example.com/' }
-  let(:fixtures)   { File.join(FIXTURES_FINDERS, 'interesting_files', 'headers') }
-  let(:fixture)    { File.join(fixtures, 'interesting.txt') }
-  let(:headers)    { parse_headers_file(fixture) }
-
-  describe '#passive' do
-    before { stub_request(:get, url).to_return(headers: headers) }
-
-    after do
-      if @expected
-        result = finder.passive
-
-        expect(result).to be_a CMSScanner::Headers
-        expect(result).to eql @expected
-      end
-    end
-
-    context 'when no headers' do
-      let(:headers) { {} }
-
-      its(:passive) { should be nil }
-    end
-
-    context 'when headers' do
-      it 'returns the result' do
-        opts      = { confidence: 100, found_by: 'Headers (Passive Detection)' }
-        @expected = CMSScanner::Headers.new(url, opts)
-      end
-    end
-  end
-end

data/spec/app/finders/interesting_files/robots_txt_spec.rb

@@ -1,54 +0,0 @@
-require 'spec_helper'
-
-describe CMSScanner::Finders::InterestingFiles::RobotsTxt do
-  subject(:finder) { described_class.new(target) }
-  let(:target)     { CMSScanner::Target.new(url) }
-  let(:url)        { 'http://example.com/' }
-  let(:robots_txt) { url + 'robots.txt' }
-  let(:fixtures)   { File.join(FIXTURES_FINDERS, 'interesting_files', 'robots_txt') }
-
-  describe '#url' do
-    its(:url) { should eq robots_txt }
-  end
-
-  describe '#aggressive' do
-    after do
-      stub_request(:get, robots_txt).to_return(status: status, body: body)
-
-      result = finder.aggressive
-
-      expect(result).to be_a CMSScanner::RobotsTxt if @expected
-      expect(finder.aggressive).to eql @expected
-    end
-
-    let(:body) { '' }
-
-    context 'when 404' do
-      let(:status) { 404 }
-
-      it 'returns nil' do
-        @expected = nil
-      end
-    end
-
-    context 'when 200' do
-      let(:status) { 200 }
-
-      context 'when the body is empty' do
-        it 'returns nil' do
-          @expected = nil
-        end
-      end
-
-      context 'when the body matches a robots.txt' do
-        let(:body) { File.new(File.join(fixtures, 'robots.txt')).read }
-
-        it 'returns the InterestingFile result' do
-          @expected = CMSScanner::RobotsTxt.new(robots_txt,
-                                                confidence: 100,
-                                                found_by: 'Robots Txt (Aggressive Detection)')
-        end
-      end
-    end
-  end
-end