cms_scanner 0.0.18 → 0.0.19

data/spec/fixtures/finders/interesting_files/xml_rpc/homepage_in_scope_pingback.html

@@ -1,7 +0,0 @@
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width">
-  <title>WordPress 4.0 | Just another WordPress site</title>
-  <link rel="profile" href="http://gmpg.org/xfn/11">
-  <link rel="pingback" href="http://e.org/wp/xmlrpc.php">
-</head>

data/spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html

@@ -1,7 +0,0 @@
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width">
-  <title>WordPress 4.0 | Just another WordPress site</title>
-  <link rel="profile" href="http://gmpg.org/xfn/11">
-  <link rel="pingback" href="http://wp.lab/wordpress-4.0/xmlrpc.php">
-</head>

data/spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php

@@ -1 +0,0 @@
-XML-RPC server accepts POST requests only.

data/spec/fixtures/target/comments.html

@@ -1,29 +0,0 @@
-<!DOCTYPE html>
-<html lang="en-US" class="no-js">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width">
-  <link rel="profile" href="http://gmpg.org/xfn/11">
-  <link rel="pingback" href="http://wp.lab/wordpress-4.1.1/xmlrpc.php">
-  <!--[if lt IE 9]>
-  <script src="http://wp.lab/wordpress-4.1.1/wp-content/themes/twentyfifteen/js/html5.js"></script>
-  <![endif]-->
-  <script>(function(){document.documentElement.className='js'})();</script>
-  <title>WP 4.1.1 | Just another WordPress site</title>
-<meta name='robots' content='noindex,follow' />
-
-<!-- All in One SEO Pack 2.2.5.1 by Michael Torbert of Semper Fi Web Design -->
-<link rel="canonical" href="http://wp.lab/wordpress-4.1.1/" />
-<!-- /all in one seo pack -->
-<!--[if lt IE 9]>
-<link rel='stylesheet' id='twentyfifteen-ie-css'  href='http://wp.lab/wordpress-4.1.1/wp-content/themes/twentyfifteen/css/ie.css?ver=20141010' type='text/css' media='all' />
-<![endif]-->
-<!--[if lt IE 8]>
-<link rel='stylesheet' id='twentyfifteen-ie7-css'  href='http://wp.lab/wordpress-4.1.1/wp-content/themes/twentyfifteen/css/ie7.css?ver=20141010' type='text/css' media='all' />
-<![endif]-->
-
-<!-- .site-branding -->
-<!-- .site-header -->
-
-</body>
-</html>

data/spec/fixtures/target/platform/php/debug_log/debug.log

@@ -1,2 +0,0 @@
-[11-Oct-2012 00:00:00] PHP Notice: Undefined index: ec_email in /var/www/wp/wp-content/plugins/easy-contact/econtact.php on line 33
-[11-Oct-2012 00:00:00] PHP Notice: Undefined index: ec_url in /var/www/wp/wp-content/plugins/easy-contact/econtact.php on line 34

data/spec/fixtures/target/platform/php/fpd/wp_rss_functions.php

@@ -1,2 +0,0 @@
-
-Fatal error: Call to undefined function _deprecated_file() in /short-path/rss-f.php on line 8

data/spec/fixtures/target/scope/index.html

@@ -1,23 +0,0 @@
-<a href="http://e.org/f.txt">Link</a>
-<a href="http://e.org/f.txt">Link</a> <!-- Duplicates should be ignored -->
-
-<a href="mailto:mail@g.com">eMail me!</a>
-<a href="jaVaScript:alert(2)">Click me Fool !</a>
-
-<script src=" https://cdn.e.org/f2.js  "></script> <!-- head & tail spaces should be removed -->
-
-<script src="/script/s.js"></script>
-
-<link rel="alternate" type="application/rss+xml" title="Spec" href="http://wp-lamp/robots.txt" />
-
-<link rel="canonical" href="https://duckduckgo.com/">
-
-<img src="http://out.of.scope.com/img.jpg" width="1000" height="288" alt="" />
-
-<a href="">Empty Link</a>
-
-<link rel="alternate" type="application/rss+xml" title="WordPress 4.1 &raquo; Feed" href="http://e.org/feed" />
-
-<img src="//img.jpg" width="" height="" alt="" /> <!-- currently this should not be detected -->
-
-<img src="//out.of.scope.com/img.jpg" width="" height="" alt="" />

data/spec/fixtures/target/server/apache/directory_listing/2.2.16.html

@@ -1,15 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
- <head>
-  <title>Index of /wordpress-4.0/wp-content/plugins/wp-dbmanager</title>
- </head>
- <body>
-<h1>Index of /wordpress-4.0/wp-content/plugins/wp-dbmanager</h1>
-<table><tr><th><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr><tr><th colspan="5"><hr></th></tr>
-<tr><td valign="top"><img src="/icons/back.gif" alt="[DIR]"></td><td><a href="/wordpress-4.0/wp-content/plugins/">Parent Directory</a></td><td>&nbsp;</td><td align="right">  - </td><td>&nbsp;</td></tr>
-<tr><td valign="top"><img src="/icons/unknown.gif" alt="[   ]"></td><td><a href="backup.php">backup.php</a></td><td align="right">07-Oct-2014 18:43  </td><td align="right"> 10K</td><td>&nbsp;</td></tr>
-<tr><td valign="top"><img src="/icons/unknown.gif" alt="[   ]"></td><td><a href="database-empty.php">database-empty.php</a></td><td align="right">07-Oct-2014 18:43  </td><td align="right">3.9K</td><td>&nbsp;</td></tr>
-<tr><th colspan="5"><hr></th></tr>
-</table>
-<address>Apache/2.2.16 (Debian) Server at wp.lab Port 80</address>
-</body></html>

data/spec/fixtures/target/server/generic/server/apache/basic.txt

@@ -1,5 +0,0 @@
-Date: Sun, 12 Oct 2014 19:44:42 GMT
-Server: Apache/2.2.16 (Debian)
-X-Powered-By: PHP/5.3.3-7+squeeze19
-Vary: Accept-Encoding
-Content-Type: text/html

data/spec/fixtures/target/server/generic/server/iis/basic.txt

@@ -1,6 +0,0 @@
-Content-Length: 1027
-Content-Type: text/html; charset=UTF-8
-Server: Microsoft-IIS/7.5
-X-Powered-By: ASP.NET
-X-UA-Compatible: IE=EmulateIE7
-Date: Sun, 12 Oct 2014 20:15:14 GMT

data/spec/fixtures/target/server/generic/server/not_detected.txt

@@ -1,3 +0,0 @@
-Date: Sun, 12 Oct 2014 19:44:42 GMT
-Vary: Accept-Encoding
-Content-Type: text/html

data/spec/fixtures/target/server/iis/directory_listing/no_parent.html

@@ -1,3 +0,0 @@
-<html><head><title>e.org - /dir/</title></head><body><H1>e.org - /dir/</H1><hr>
-
-<pre>10/8/2014 11:00 PM        &lt;dir&gt; <A HREF="/sub-dir/">sub-dir</A>10/10/2014 10:00 PM          168 <A HREF="/web.config">web.config</A><br></pre><hr></body></html>

data/spec/fixtures/target/server/iis/directory_listing/with_parent.html

@@ -1,3 +0,0 @@
-<html><head><title>e.org - /dir/</title></head><body><H1>e.org - /dir/</H1><hr>
-
-<pre><A HREF="/">[To Parent Directory]</A><br><br> 10/8/2014 11:00 PM        &lt;dir&gt; <A HREF="/sub-dir/">sub-dir</A>10/10/2014 10:00 PM          168 <A HREF="/web.config">web.config</A><br></pre><hr></body></html>

data/spec/fixtures/views/base/ctrl/local.erb

@@ -1 +0,0 @@
-Local View

data/spec/fixtures/views/base/ctrl/test.erb

@@ -1,3 +0,0 @@
-Test: <%= @var %>
-<%= render('local') %>
-<%= render('@global') %>

data/spec/fixtures/views/base/global.erb

@@ -1 +0,0 @@
-Global View

data/spec/fixtures/views/base/test.erb

@@ -1,2 +0,0 @@
-It <%= @test %>
-Views Dirs: <%= @views_directories %>

data/spec/fixtures/views/based_format/test.erb

@@ -1 +0,0 @@
-Override the base/test.erb

data/spec/fixtures/views/json/render_me.erb

@@ -1,4 +0,0 @@
-"test": <%= @test.to_json %>,
-<% if @var %>
-"var": <%= @var.to_json %>
-<% end %>

data/spec/lib/browser_spec.rb

@@ -1,140 +0,0 @@
-require 'spec_helper'
-
-describe CMSScanner::Browser do
-  it_behaves_like described_class::Actions
-
-  subject(:browser) { described_class.instance(options) }
-  before            { described_class.reset }
-  let(:options)     { {} }
-  let(:default) do
-    {
-      ssl_verifypeer: false, ssl_verifyhost: 2,
-      headers: { 'User-Agent' => "CMSScanner v#{CMSScanner::VERSION}" }
-    }
-  end
-
-  describe '#forge_request' do
-    it 'returns a Typhoeus::Request' do
-      expect(browser.forge_request('http://example.com')).to be_a Typhoeus::Request
-    end
-  end
-
-  describe '#default_request_params' do
-    its(:default_request_params) { should eq default }
-
-    context 'when some attributes are set' do
-      let(:options)  do
-        {
-          cache_ttl: 200, connect_timeout: 10,
-          http_auth: { username: 'log', password: 'pwd' },
-          cookie_jar: '/tmp/cookie_jar.txt'
-        }
-      end
-
-      let(:expected) do
-        default.merge(
-          cache_ttl: 200, connecttimeout: 10, userpwd: 'log:pwd',
-          cookiejar: options[:cookie_jar], cookiefile: options[:cookie_jar]
-        )
-      end
-
-      its(:default_request_params) { should eq expected }
-    end
-  end
-
-  describe '#request_params' do
-    context 'when no param is given' do
-      its(:request_params) { should eq default }
-    end
-
-    context 'when params are supplied' do
-      let(:params) { { another_param: true, headers: { 'Accept' => 'None' } } }
-
-      it 'merges them (headers should be correctly merged)' do
-        expect(browser.request_params(params)).to eq default
-          .merge(params) { |key, oldval, newval| key == :headers ? oldval.merge(newval) : newval }
-      end
-
-      context 'when browser options' do
-        let(:options) { { proxy: 'http://127.0.0.1:8080' } }
-
-        it 'returns the correct hash' do
-          expect(browser.request_params(params)).to eq default
-            .merge(options)
-            .merge(params) { |key, oldval, newval| key == :headers ? oldval.merge(newval) : newval }
-        end
-      end
-    end
-  end
-
-  describe '#load_options' do
-    context 'when no options' do
-      it 'does not load anything' do
-        described_class::OPTIONS.each do |sym|
-          expected = sym == :user_agent ? "CMSScanner v#{CMSScanner::VERSION}" : nil
-
-          expect(browser.send(sym)).to eq expected
-        end
-      end
-    end
-
-    context 'when options are supplied' do
-      module CMSScanner
-        # Test accessor
-        class Browser
-          attr_accessor :test
-        end
-      end
-
-      let(:options) do
-        { cache_ttl: 200, max_threads: 10, test: 'should not be set',
-          user_agent: 'UA', proxy: false }
-      end
-
-      it 'merges the browser options only' do
-        described_class::OPTIONS.each do |sym|
-          expected = options.key?(sym) ? options[sym] : nil
-
-          expect(browser.send(sym)).to eq expected
-        end
-
-        expect(browser.test).to be nil
-      end
-    end
-  end
-
-  describe '#hydra' do
-    context 'when #max_threads is nil' do
-      its('hydra.max_concurrency') { should eq 1 }
-    end
-
-    context 'when #max_threads' do
-      let(:options) { { max_threads: 20 } }
-
-      its('hydra.max_concurrency') { should eq options[:max_threads] }
-    end
-  end
-
-  describe '#max_threads=' do
-    after do
-      browser.max_threads = @threads
-
-      expect(browser.max_threads).to eq @expected
-      expect(browser.hydra.max_concurrency).to eq @expected
-    end
-
-    context 'when <= 0' do
-      it 'sets the @threads to 1' do
-        @threads  = -2
-        @expected = 1
-      end
-    end
-
-    context 'when > 0' do
-      it 'sets the @threads' do
-        @threads  = 20
-        @expected = @threads
-      end
-    end
-  end
-end

data/spec/lib/cache/file_store_spec.rb

@@ -1,100 +0,0 @@
-require 'spec_helper'
-
-describe CMSScanner::Cache::FileStore do
-  let(:cache_dir) { File.join(CACHE, 'cache_file_store') }
-  subject(:cache) { described_class.new(cache_dir) }
-
-  before { FileUtils.rm_r(cache_dir, secure: true) if Dir.exist?(cache_dir) }
-  after  { cache.clean }
-
-  describe '#new, #storage_path, #serializer' do
-    its(:serializer)   { should be Marshal }
-    its(:storage_path) { should eq cache_dir }
-  end
-
-  describe '#clean' do
-    it 'removes all files from the cache dir' do
-      # let's create some files into the directory first
-      (0..5).each do |i|
-        File.new(File.join(cache.storage_path, "file_#{i}.txt"), File::CREAT)
-      end
-
-      expect(count_files_in_dir(cache.storage_path, 'file_*.txt')).to eq 6
-      cache.clean
-      expect(count_files_in_dir(cache.storage_path)).to eq 0
-    end
-  end
-
-  describe '#read_entry?' do
-    let(:key) { 'key1' }
-
-    after do
-      File.write(cache.entry_expiration_path(key), @expiration) if @expiration
-
-      expect(cache.read_entry(key)).to eq @expected
-    end
-
-    context 'when the entry does not exists' do
-      it 'returns nil' do
-        @expected = nil
-      end
-    end
-
-    context 'when the file is empty (marshal data too short error)' do
-      it 'returns nil' do
-        File.new(cache.entry_path(key), File::CREAT)
-
-        @expiration = Time.now.to_i + 200
-        @expected   = nil
-      end
-    end
-
-    context 'when the entry has expired' do
-      it 'returns nil' do
-        @expiration = Time.now.to_i - 200
-        @expected   = nil
-      end
-    end
-
-    context 'when the entry has not expired' do
-      it 'returns the entry' do
-        File.write(cache.entry_path(key), cache.serializer.dump('testing data'))
-
-        @expiration = Time.now.to_i + 600
-        @expected   = 'testing data'
-      end
-    end
-  end
-
-  describe '#write_entry' do
-    after do
-      cache.write_entry(@key, @data, @ttl)
-      expect(cache.read_entry(@key)).to eq @expected
-    end
-
-    it 'should get the correct entry (string)' do
-      @ttl      = 10
-      @key      = 'some_key'
-      @data     = 'Hello World !'
-      @expected = @data
-    end
-
-    context 'when cache_ttl <= 0' do
-      it 'does not write the entry' do
-        @ttl      = 0
-        @key      = 'another_key'
-        @data     = 'Another Hello World !'
-        @expected = nil
-      end
-    end
-
-    context 'when cache_ttl is nil' do
-      it 'does not write the entry' do
-        @ttl      = nil
-        @key      = 'test'
-        @data     = 'test'
-        @expected = nil
-      end
-    end
-  end
-end

data/spec/lib/cache/typhoeus_spec.rb

@@ -1,28 +0,0 @@
-require 'spec_helper'
-
-describe CMSScanner::Cache::Typhoeus do
-  subject(:cache) { described_class.new(cache_dir) }
-
-  let(:cache_dir) { File.join(CACHE, 'typhoeus_cache') }
-  let(:url)       { 'http://example.com' }
-  let(:request)   { Typhoeus::Request.new(url, cache_ttl: 20) }
-  let(:key)       { request.hash.to_s }
-
-  describe '#get' do
-    it 'calls #read_entry' do
-      expect(cache).to receive(:read_entry).with(key)
-
-      cache.get(request)
-    end
-  end
-
-  describe '#set' do
-    let(:response) { Typhoeus::Response.new }
-
-    it 'calls #write_entry' do
-      expect(cache).to receive(:write_entry).with(key, response, request.cache_ttl)
-
-      cache.set(request, response)
-    end
-  end
-end

data/spec/lib/cms_scanner_spec.rb

@@ -1,49 +0,0 @@
-require 'spec_helper'
-
-module CMSScanner
-  module Controller
-    # Failure class for testing
-    class SpecFailure < Base
-      def before_scan
-        fail 'error spotted'
-      end
-    end
-  end
-end
-
-describe CMSScanner::Scan do
-  subject(:scanner) { described_class.new }
-  let(:controller)  { CMSScanner::Controller }
-
-  describe '#new, #controllers' do
-    its(:controllers) { should eq([controller::Core.new]) }
-  end
-
-  describe '#run' do
-    it 'runs the controlllers and calls the formatter#beautify' do
-      hydra = CMSScanner::Browser.instance.hydra
-
-      expect(scanner.controllers).to receive(:run).ordered
-      expect(hydra).to receive(:abort).ordered
-      expect(hydra).to receive(:run).ordered
-      expect(scanner.formatter).to receive(:beautify).ordered
-
-      scanner.run
-    end
-
-    context 'when an error is raised during the #run' do
-      it 'aborts the scan with the associated output' do
-        scanner.controllers[0] = controller::SpecFailure.new
-
-        expect(scanner.formatter).to receive(:output)
-          .with('@scan_aborted', hash_including(:reason, :trace, :verbose))
-
-        scanner.run
-      end
-    end
-  end
-
-  describe '#datastore' do
-    its(:datastore) { should eq({}) }
-  end
-end