RubyGems - cms_scanner - Versions diffs - 0.0.18 → 0.0.19 - Mend

cms_scanner 0.0.18 → 0.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

checksums.yaml +4 -4
data/app/controllers/core.rb +4 -3
data/app/views/cli/core/finished.erb +1 -0
data/app/views/json/core/finished.erb +1 -0
data/cms_scanner.gemspec +13 -3
data/lib/cms_scanner.rb +14 -2
data/lib/cms_scanner/finders/finder.rb +16 -7
data/lib/cms_scanner/finders/finder/enumerator.rb +4 -28
data/lib/cms_scanner/finders/finder/fingerprinter.rb +60 -0
data/lib/cms_scanner/finders/finding.rb +1 -1
data/lib/cms_scanner/target/scope.rb +4 -1
data/lib/cms_scanner/target/server/generic.rb +1 -1
data/lib/cms_scanner/typhoeus/hydra.rb +10 -0
data/lib/cms_scanner/version.rb +1 -1
metadata +5 -203
data/.gitignore +0 -7
data/.rspec +0 -2
data/.rubocop.yml +0 -10
data/.travis.yml +0 -17
data/Gemfile +0 -6
data/Rakefile +0 -9
data/spec/app/controllers/core_spec.rb +0 -167
data/spec/app/controllers/interesting_files_spec.rb +0 -70
data/spec/app/finders/interesting_files/fantastico_fileslist_spec.rb +0 -66
data/spec/app/finders/interesting_files/headers_spec.rb +0 -36
data/spec/app/finders/interesting_files/robots_txt_spec.rb +0 -54
data/spec/app/finders/interesting_files/search_replace_db_2_spec.rb +0 -53
data/spec/app/finders/interesting_files/xml_rpc_spec.rb +0 -136
data/spec/app/finders/interesting_files_spec.rb +0 -12
data/spec/app/formatters/cli_no_colour_spec.rb +0 -14
data/spec/app/formatters/cli_spec.rb +0 -30
data/spec/app/formatters/json_spec.rb +0 -30
data/spec/app/models/fantastico_fileslist_spec.rb +0 -31
data/spec/app/models/headers_spec.rb +0 -51
data/spec/app/models/interesting_file_spec.rb +0 -69
data/spec/app/models/robots_txt_spec.rb +0 -27
data/spec/app/models/version_spec.rb +0 -51
data/spec/app/models/xml_rpc_spec.rb +0 -46
data/spec/app/views_spec.rb +0 -35
data/spec/cache/.gitignore +0 -4
data/spec/dummy_finding.rb +0 -25
data/spec/dummy_independent_finders.rb +0 -26
data/spec/dummy_unique_finders.rb +0 -33
data/spec/fixtures/finders/interesting_files/fantastico_fileslist/fantastico_fileslist.txt +0 -12
data/spec/fixtures/finders/interesting_files/file.txt +0 -4
data/spec/fixtures/finders/interesting_files/headers/interesting.txt +0 -16
data/spec/fixtures/finders/interesting_files/headers/no_interesting.txt +0 -12
data/spec/fixtures/finders/interesting_files/robots_txt/robots.txt +0 -10
data/spec/fixtures/finders/interesting_files/search_replace_db_2/searchreplacedb2.php +0 -188
data/spec/fixtures/finders/interesting_files/xml_rpc/homepage_in_scope_pingback.html +0 -7
data/spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html +0 -7
data/spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php +0 -1
data/spec/fixtures/output.txt +0 -0
data/spec/fixtures/target/comments.html +0 -29
data/spec/fixtures/target/platform/php/debug_log/debug.log +0 -2
data/spec/fixtures/target/platform/php/fpd/wp_rss_functions.php +0 -2
data/spec/fixtures/target/scope/index.html +0 -23
data/spec/fixtures/target/server/apache/directory_listing/2.2.16.html +0 -15
data/spec/fixtures/target/server/generic/server/apache/basic.txt +0 -5
data/spec/fixtures/target/server/generic/server/iis/basic.txt +0 -6
data/spec/fixtures/target/server/generic/server/not_detected.txt +0 -3
data/spec/fixtures/target/server/iis/directory_listing/no_parent.html +0 -3
data/spec/fixtures/target/server/iis/directory_listing/with_parent.html +0 -3
data/spec/fixtures/views/base/ctrl/local.erb +0 -1
data/spec/fixtures/views/base/ctrl/test.erb +0 -3
data/spec/fixtures/views/base/global.erb +0 -1
data/spec/fixtures/views/base/test.erb +0 -2
data/spec/fixtures/views/based_format/test.erb +0 -1
data/spec/fixtures/views/json/render_me.erb +0 -4
data/spec/lib/browser_spec.rb +0 -140
data/spec/lib/cache/file_store_spec.rb +0 -100
data/spec/lib/cache/typhoeus_spec.rb +0 -28
data/spec/lib/cms_scanner_spec.rb +0 -49
data/spec/lib/controller_spec.rb +0 -30
data/spec/lib/controllers_spec.rb +0 -48
data/spec/lib/finders/confidence_spec.rb +0 -39
data/spec/lib/finders/finder/enumerator_spec.rb +0 -89
data/spec/lib/finders/finder/smart_url_checker/findings_spec.rb +0 -39
data/spec/lib/finders/finder/smart_url_checker_spec.rb +0 -50
data/spec/lib/finders/finder_spec.rb +0 -11
data/spec/lib/finders/findings_spec.rb +0 -36
data/spec/lib/finders/independent_finders_spec.rb +0 -134
data/spec/lib/finders/same_type_finder_spec.rb +0 -24
data/spec/lib/finders/same_type_finders_spec.rb +0 -126
data/spec/lib/finders/unique_finder_spec.rb +0 -24
data/spec/lib/finders/unique_finders_spec.rb +0 -222
data/spec/lib/formatter_spec.rb +0 -145
data/spec/lib/public_suffix/domain_spec.rb +0 -49
data/spec/lib/sub_scanner_spec.rb +0 -45
data/spec/lib/target/hashes_spec.rb +0 -90
data/spec/lib/target/platforms_spec.rb +0 -13
data/spec/lib/target/scope_spec.rb +0 -103
data/spec/lib/target/servers_spec.rb +0 -13
data/spec/lib/target_spec.rb +0 -69
data/spec/lib/vulnerability/references_spec.rb +0 -75
data/spec/lib/vulnerability_spec.rb +0 -27
data/spec/lib/web_site_spec.rb +0 -121
data/spec/output/core/finished.cli_no_colour +0 -3
data/spec/output/core/finished.json +0 -5
data/spec/output/core/started.cli_no_colour +0 -3
data/spec/output/core/started.json +0 -5
data/spec/output/interesting_files/empty.cli_no_colour +0 -2
data/spec/output/interesting_files/empty.json +0 -5
data/spec/output/interesting_files/findings.cli_no_colour +0 -30
data/spec/output/interesting_files/findings.json +0 -75
data/spec/shared_examples.rb +0 -11
data/spec/shared_examples/browser_actions.rb +0 -30
data/spec/shared_examples/finding.rb +0 -54
data/spec/shared_examples/formatter_buffer.rb +0 -6
data/spec/shared_examples/formatter_class_methods.rb +0 -26
data/spec/shared_examples/independent_finder.rb +0 -31
data/spec/shared_examples/target/platform/php.rb +0 -56
data/spec/shared_examples/target/server/apache.rb +0 -32
data/spec/shared_examples/target/server/generic.rb +0 -33
data/spec/shared_examples/target/server/iis.rb +0 -37
data/spec/shared_examples/views/core.rb +0 -26
data/spec/shared_examples/views/interesting_files.rb +0 -36
data/spec/spec_helper.rb +0 -43

data/spec/app/finders/interesting_files/search_replace_db_2_spec.rb DELETED Viewed

@@ -1,53 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Finders::InterestingFiles::SearchReplaceDB2 do
-  subject(:finder) { described_class.new(target) }
-  let(:target)     { CMSScanner::Target.new(url) }
-  let(:url)        { 'http://example.com/' }
-  let(:file)       { url + 'searchreplacedb2.php' }
-  let(:fixtures)   { File.join(FIXTURES_FINDERS, 'interesting_files', 'search_replace_db_2') }
-  describe '#url' do
-    its(:url) { should eq file }
-  end
-  describe '#aggressive' do
-    after do
-      stub_request(:get, file).to_return(status: status, body: body)
-      expect(finder.aggressive).to eql @expected
-    end
-    let(:body) { '' }
-    context 'when 404' do
-      let(:status) { 404 }
-      it 'returns nil' do
-        @expected = nil
-      end
-    end
-    context 'when 200' do
-      let(:status) { 200 }
-      context 'when the body is empty' do
-        it 'returns nil' do
-          @expected = nil
-        end
-      end
-      context 'when the body matches' do
-        let(:body) { File.new(File.join(fixtures, 'searchreplacedb2.php')).read }
-        it 'returns the InterestingFile result' do
-          @expected = CMSScanner::InterestingFile.new(
-            file,
-            confidence: 100,
-            found_by: 'Search Replace Db2 (Aggressive Detection)'
-          )
-        end
-      end
-    end
-  end
-end

data/spec/app/finders/interesting_files/xml_rpc_spec.rb DELETED Viewed

@@ -1,136 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Finders::InterestingFiles::XMLRPC do
-  subject(:finder)  { described_class.new(target) }
-  let(:target)      { CMSScanner::Target.new(url) }
-  let(:url)         { 'http://e.org/' }
-  let(:xml_rpc_url) { url + 'xmlrpc.php' }
-  let(:fixtures)    { File.join(FIXTURES_FINDERS, 'interesting_files', 'xml_rpc') }
-  describe '#potential_urls' do
-    its(:potential_urls) { should be_empty }
-  end
-  describe '#passive' do
-    before do
-      expect(finder).to receive(:passive_headers).and_return(headers_stub)
-      expect(finder).to receive(:passive_body).and_return(body_stub)
-    end
-    context 'when both passives return nil' do
-      let(:headers_stub) { nil }
-      let(:body_stub)    { nil }
-      its(:passive) { should be_empty }
-    end
-    context 'when one passive is not nil' do
-      let(:headers_stub) { nil }
-      let(:body_stub)    { 'test' }
-      its(:passive) { should eq %w(test) }
-    end
-  end
-  describe '#passive_headers' do
-    before { stub_request(:get, url).to_return(headers: headers) }
-    let(:headers) { {} }
-    context 'when no headers' do
-      its(:passive_headers) { should be_nil }
-    end
-    context 'when headers' do
-      context 'when URL is out of scope' do
-        let(:headers) { { 'X-Pingback' => 'http://ex.org/yolo' } }
-        its(:passive_headers) { should be_nil }
-      end
-      context 'when URL is in scope' do
-        let(:headers) { { 'X-Pingback' => xml_rpc_url } }
-        it 'adds the url to #potential_urls and returns the XMLRPC' do
-          result = finder.passive_headers
-          expect(finder.potential_urls).to eq [xml_rpc_url]
-          expect(result).to be_a CMSScanner::XMLRPC
-          expect(result).to eql CMSScanner::XMLRPC.new(
-            xml_rpc_url,
-            confidence: 30,
-            found_by: 'Headers (passive detection)'
-          )
-        end
-      end
-    end
-  end
-  describe '#passive_body' do
-    before { stub_request(:get, url).to_return(body: body) }
-    context 'when no link rel="pingback" tag' do
-      let(:body) { '' }
-      its(:passive_body) { should be_nil }
-    end
-    context 'when the tag is present' do
-      context 'when the URL is out of scope' do
-        let(:body) { File.new(File.join(fixtures, 'homepage_out_of_scope_pingback.html')).read }
-        its(:passive_body) { should be_nil }
-      end
-      context 'when URL is in scope' do
-        let(:body)         { File.new(File.join(fixtures, 'homepage_in_scope_pingback.html')).read }
-        let(:expected_url) { 'http://e.org/wp/xmlrpc.php' }
-        it 'adds the URL to the #potential_urls and returns the XMLRPC' do
-          result = finder.passive_body
-          expect(finder.potential_urls).to eq [expected_url]
-          expect(result).to be_a CMSScanner::XMLRPC
-          expect(result).to eql CMSScanner::XMLRPC.new(
-            expected_url,
-            confidence: 30,
-            found_by: 'Link Tag (passive detection)'
-          )
-        end
-      end
-    end
-  end
-  describe '#aggressive' do
-    # Adds an out of scope URL which should be ignored
-    before { finder.potential_urls << 'htpp://ex.org' }
-    after do
-      stub_request(:get, xml_rpc_url).to_return(body: body)
-      expect(finder.aggressive).to eql @expected
-    end
-    context 'when the body does not match' do
-      let(:body) { '' }
-      it 'returns nil' do
-        @expected = nil
-      end
-    end
-    context 'when the body matches' do
-      let(:body) { File.new(File.join(fixtures, 'xmlrpc.php')).read }
-      it 'returns the InterestingFile result' do
-        @expected = CMSScanner::XMLRPC.new(
-          xml_rpc_url,
-          confidence: 100,
-          found_by: described_class::DIRECT_ACCESS
-        )
-      end
-    end
-  end
-end

data/spec/app/finders/interesting_files_spec.rb DELETED Viewed

@@ -1,12 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Finders::InterestingFiles::Base do
-  it_behaves_like CMSScanner::Finders::IndependentFinder do
-    let(:expected_finders) { %w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC) }
-    let(:expected_finders_class) { CMSScanner::Finders::IndependentFinders }
-  end
-  subject(:files) { described_class.new(target) }
-  let(:target)    { CMSScanner::Target.new(url) }
-  let(:url)       { 'http://example.com/' }
-end

data/spec/app/formatters/cli_no_colour_spec.rb DELETED Viewed

@@ -1,14 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Formatter::CliNoColour do
-  subject(:formatter) { described_class.new }
-  its(:format)            { should eq 'cli' }
-  its(:user_interaction?) { should be true }
-  describe '#colorize' do
-    it 'returns the text w/o any colour' do
-      expect(formatter.red('Text')).to eq 'Text'
-    end
-  end
-end

data/spec/app/formatters/cli_spec.rb DELETED Viewed

@@ -1,30 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Formatter::Cli do
-  subject(:formatter) { described_class.new }
-  its(:format)            { should eq 'cli' }
-  its(:user_interaction?) { should be true }
-  describe '#bold, #red, #green, #amber, #blue, #colorize' do
-    it 'returns the correct bold string' do
-      expect(formatter.bold('Text')).to eq "\e[1mText\e[0m"
-    end
-    it 'returns the correct red string' do
-      expect(formatter.red('Text')).to eq "\e[31mText\e[0m"
-    end
-    it 'returns the correct green string' do
-      expect(formatter.green('Another Text')).to eq "\e[32mAnother Text\e[0m"
-    end
-    it 'returns the correct amber string' do
-      expect(formatter.amber('Text')).to eq "\e[33mText\e[0m"
-    end
-    it 'returns the correct blue string' do
-      expect(formatter.blue('Text')).to eq "\e[34mText\e[0m"
-    end
-  end
-end

data/spec/app/formatters/json_spec.rb DELETED Viewed

@@ -1,30 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Formatter::Json do
-  it_behaves_like CMSScanner::Formatter::Buffer
-  subject(:formatter) { described_class.new }
-  let(:output_file)   { File.join(FIXTURES, 'output.txt') }
-  before { formatter.views_directories << FIXTURES_VIEWS }
-  its(:format)            { should eq 'json' }
-  its(:user_interaction?) { should be false }
-  describe '#output' do
-    it 'puts the rendered text in the buffer' do
-      2.times { formatter.output('@render_me', test: 'Working') }
-      expect(formatter.buffer).to eq "\"test\": \"Working\",\n" * 2
-    end
-  end
-  describe '#beautify' do
-    it 'writes the buffer in the file' do
-      2.times { formatter.output('@render_me', test: 'yolo') }
-      expect($stdout).to receive(:puts).with(JSON.pretty_generate(JSON.parse('{"test": "yolo"}')))
-      formatter.beautify
-    end
-  end
-end

data/spec/app/models/fantastico_fileslist_spec.rb DELETED Viewed

@@ -1,31 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::FantasticoFileslist do
-  subject(:file) { described_class.new(url) }
-  let(:url)      { 'http://example.com/robots.txt' }
-  let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'fantastico_fileslist') }
-  describe '#interesting_entries' do
-    let(:headers) { { 'Content-Type' => 'text/plain; charset=utf-8' } }
-    after do
-      body = File.new(File.join(fixtures, fixture)).read
-      stub_request(:get, file.url).to_return(headers: headers, body: body)
-      expect(file.interesting_entries).to eq @expected
-    end
-    context 'when empty or / entries' do
-      let(:fixture) { 'fantastico_fileslist.txt' }
-      it 'ignores them and only returns the others' do
-        @expected = %w(data.sql admin.txt)
-      end
-    end
-  end
-  describe '#references' do
-    its(:references) { should_not be_nil }
-  end
-end

data/spec/app/models/headers_spec.rb DELETED Viewed

@@ -1,51 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Headers do
-  subject(:file) { described_class.new(url) }
-  let(:url)      { 'http://example.com/' }
-  let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'headers') }
-  let(:fixture)  { File.join(fixtures, 'interesting.txt') }
-  let(:headers)  { {} }
-  before { stub_request(:get, file.url).to_return(headers: headers) }
-  describe '#known_headers' do
-    it 'does not contains dupliactes' do
-      expect(file.known_headers).to eql file.known_headers.uniq
-    end
-  end
-  describe '#entries' do
-    after { expect(file.entries).to eq @expected if @expected }
-    context 'when no headers' do
-      its(:entries) { should eq({}) }
-    end
-    context 'when headers' do
-      let(:headers) { parse_headers_file(fixture) }
-      it 'returns the headers' do
-        @expected = headers
-      end
-    end
-  end
-  describe '#interesting_entries' do
-    after { expect(file.interesting_entries).to eq @expected if @expected }
-    context 'when interesting headers' do
-      let(:headers) { parse_headers_file(fixture) }
-      it 'returns an array with the headers' do
-        @expected = ['Server: nginx/1.1.19', 'X-Powered-By: ASP.NET, PHP', 'X-Article-Id: 12']
-      end
-    end
-    context 'when no interesting headers' do
-      let(:headers) { parse_headers_file(File.join(fixtures, 'no_interesting.txt')) }
-      its(:interesting_entries) { should eq [] }
-    end
-  end
-end

data/spec/app/models/interesting_file_spec.rb DELETED Viewed

@@ -1,69 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::InterestingFile do
-  it_behaves_like CMSScanner::Finders::Finding
-  subject(:file) { described_class.new(url, opts) }
-  let(:opts)     { {} }
-  let(:url)      { 'http://example.com/' }
-  let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files') }
-  describe '#entries' do
-    after do
-      stub_request(:get, file.url).to_return(headers: headers, body: @body)
-      expect(file.entries).to eq @expected
-    end
-    context 'when content-type matches text/plain' do
-      let(:headers) { { 'Content-Type' => 'text/plain; charset=utf-8' } }
-      it 'returns the file content as an array w/o empty strings' do
-        @body     = File.new(File.join(fixtures, 'file.txt')).read
-        @expected = ['This is', 'a test file', 'with some content']
-      end
-    end
-    context 'when other content-type' do
-      let(:headers) { { 'Content-Type' => 'text.html; charset=utf-8' } }
-      it 'returns an empty array' do
-        @expected = []
-      end
-    end
-  end
-  describe '#==' do
-    context 'when same URL' do
-      it 'returns true' do
-        expect(file == described_class.new(url)).to be true
-      end
-    end
-    context 'when not the same URL' do
-      it 'returns false' do
-        expect(file == described_class.new('http://e.org')).to be false
-      end
-    end
-  end
-  describe '#<=>' do
-    context 'when same URL' do
-      it 'returns 0' do
-        expect(file <=> described_class.new(url)).to eql 0
-      end
-    end
-    context 'when the other URL <= current one' do
-      it 'returns 1' do
-        expect(file <=> described_class.new('http://e.org')).to eql 1
-      end
-    end
-    context 'when the other URL >= current one' do
-      it 'returns -1' do
-        expect(file <=> described_class.new('http://exi.org/')).to eql(-1)
-      end
-    end
-  end
-end

data/spec/app/models/robots_txt_spec.rb DELETED Viewed

@@ -1,27 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::RobotsTxt do
-  subject(:file) { described_class.new(url) }
-  let(:url)      { 'http://example.com/robots.txt' }
-  let(:fixtures) { File.join(FIXTURES_FINDERS, 'interesting_files', 'robots_txt') }
-  describe '#interesting_entries' do
-    let(:headers) { { 'Content-Type' => 'text/plain; charset=utf-8' } }
-    after do
-      body = File.new(File.join(fixtures, fixture)).read
-      stub_request(:get, file.url).to_return(headers: headers, body: body)
-      expect(file.interesting_entries).to eq @expected
-    end
-    context 'when empty or / entries' do
-      let(:fixture) { 'robots.txt' }
-      it 'ignores them and only returns the others' do
-        @expected = %w(/admin /public/home)
-      end
-    end
-  end
-end