RubyGems - cms_scanner - Versions diffs - 0.0.18 → 0.0.19 - Mend

cms_scanner 0.0.18 → 0.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

checksums.yaml +4 -4
data/app/controllers/core.rb +4 -3
data/app/views/cli/core/finished.erb +1 -0
data/app/views/json/core/finished.erb +1 -0
data/cms_scanner.gemspec +13 -3
data/lib/cms_scanner.rb +14 -2
data/lib/cms_scanner/finders/finder.rb +16 -7
data/lib/cms_scanner/finders/finder/enumerator.rb +4 -28
data/lib/cms_scanner/finders/finder/fingerprinter.rb +60 -0
data/lib/cms_scanner/finders/finding.rb +1 -1
data/lib/cms_scanner/target/scope.rb +4 -1
data/lib/cms_scanner/target/server/generic.rb +1 -1
data/lib/cms_scanner/typhoeus/hydra.rb +10 -0
data/lib/cms_scanner/version.rb +1 -1
metadata +5 -203
data/.gitignore +0 -7
data/.rspec +0 -2
data/.rubocop.yml +0 -10
data/.travis.yml +0 -17
data/Gemfile +0 -6
data/Rakefile +0 -9
data/spec/app/controllers/core_spec.rb +0 -167
data/spec/app/controllers/interesting_files_spec.rb +0 -70
data/spec/app/finders/interesting_files/fantastico_fileslist_spec.rb +0 -66
data/spec/app/finders/interesting_files/headers_spec.rb +0 -36
data/spec/app/finders/interesting_files/robots_txt_spec.rb +0 -54
data/spec/app/finders/interesting_files/search_replace_db_2_spec.rb +0 -53
data/spec/app/finders/interesting_files/xml_rpc_spec.rb +0 -136
data/spec/app/finders/interesting_files_spec.rb +0 -12
data/spec/app/formatters/cli_no_colour_spec.rb +0 -14
data/spec/app/formatters/cli_spec.rb +0 -30
data/spec/app/formatters/json_spec.rb +0 -30
data/spec/app/models/fantastico_fileslist_spec.rb +0 -31
data/spec/app/models/headers_spec.rb +0 -51
data/spec/app/models/interesting_file_spec.rb +0 -69
data/spec/app/models/robots_txt_spec.rb +0 -27
data/spec/app/models/version_spec.rb +0 -51
data/spec/app/models/xml_rpc_spec.rb +0 -46
data/spec/app/views_spec.rb +0 -35
data/spec/cache/.gitignore +0 -4
data/spec/dummy_finding.rb +0 -25
data/spec/dummy_independent_finders.rb +0 -26
data/spec/dummy_unique_finders.rb +0 -33
data/spec/fixtures/finders/interesting_files/fantastico_fileslist/fantastico_fileslist.txt +0 -12
data/spec/fixtures/finders/interesting_files/file.txt +0 -4
data/spec/fixtures/finders/interesting_files/headers/interesting.txt +0 -16
data/spec/fixtures/finders/interesting_files/headers/no_interesting.txt +0 -12
data/spec/fixtures/finders/interesting_files/robots_txt/robots.txt +0 -10
data/spec/fixtures/finders/interesting_files/search_replace_db_2/searchreplacedb2.php +0 -188
data/spec/fixtures/finders/interesting_files/xml_rpc/homepage_in_scope_pingback.html +0 -7
data/spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html +0 -7
data/spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php +0 -1
data/spec/fixtures/output.txt +0 -0
data/spec/fixtures/target/comments.html +0 -29
data/spec/fixtures/target/platform/php/debug_log/debug.log +0 -2
data/spec/fixtures/target/platform/php/fpd/wp_rss_functions.php +0 -2
data/spec/fixtures/target/scope/index.html +0 -23
data/spec/fixtures/target/server/apache/directory_listing/2.2.16.html +0 -15
data/spec/fixtures/target/server/generic/server/apache/basic.txt +0 -5
data/spec/fixtures/target/server/generic/server/iis/basic.txt +0 -6
data/spec/fixtures/target/server/generic/server/not_detected.txt +0 -3
data/spec/fixtures/target/server/iis/directory_listing/no_parent.html +0 -3
data/spec/fixtures/target/server/iis/directory_listing/with_parent.html +0 -3
data/spec/fixtures/views/base/ctrl/local.erb +0 -1
data/spec/fixtures/views/base/ctrl/test.erb +0 -3
data/spec/fixtures/views/base/global.erb +0 -1
data/spec/fixtures/views/base/test.erb +0 -2
data/spec/fixtures/views/based_format/test.erb +0 -1
data/spec/fixtures/views/json/render_me.erb +0 -4
data/spec/lib/browser_spec.rb +0 -140
data/spec/lib/cache/file_store_spec.rb +0 -100
data/spec/lib/cache/typhoeus_spec.rb +0 -28
data/spec/lib/cms_scanner_spec.rb +0 -49
data/spec/lib/controller_spec.rb +0 -30
data/spec/lib/controllers_spec.rb +0 -48
data/spec/lib/finders/confidence_spec.rb +0 -39
data/spec/lib/finders/finder/enumerator_spec.rb +0 -89
data/spec/lib/finders/finder/smart_url_checker/findings_spec.rb +0 -39
data/spec/lib/finders/finder/smart_url_checker_spec.rb +0 -50
data/spec/lib/finders/finder_spec.rb +0 -11
data/spec/lib/finders/findings_spec.rb +0 -36
data/spec/lib/finders/independent_finders_spec.rb +0 -134
data/spec/lib/finders/same_type_finder_spec.rb +0 -24
data/spec/lib/finders/same_type_finders_spec.rb +0 -126
data/spec/lib/finders/unique_finder_spec.rb +0 -24
data/spec/lib/finders/unique_finders_spec.rb +0 -222
data/spec/lib/formatter_spec.rb +0 -145
data/spec/lib/public_suffix/domain_spec.rb +0 -49
data/spec/lib/sub_scanner_spec.rb +0 -45
data/spec/lib/target/hashes_spec.rb +0 -90
data/spec/lib/target/platforms_spec.rb +0 -13
data/spec/lib/target/scope_spec.rb +0 -103
data/spec/lib/target/servers_spec.rb +0 -13
data/spec/lib/target_spec.rb +0 -69
data/spec/lib/vulnerability/references_spec.rb +0 -75
data/spec/lib/vulnerability_spec.rb +0 -27
data/spec/lib/web_site_spec.rb +0 -121
data/spec/output/core/finished.cli_no_colour +0 -3
data/spec/output/core/finished.json +0 -5
data/spec/output/core/started.cli_no_colour +0 -3
data/spec/output/core/started.json +0 -5
data/spec/output/interesting_files/empty.cli_no_colour +0 -2
data/spec/output/interesting_files/empty.json +0 -5
data/spec/output/interesting_files/findings.cli_no_colour +0 -30
data/spec/output/interesting_files/findings.json +0 -75
data/spec/shared_examples.rb +0 -11
data/spec/shared_examples/browser_actions.rb +0 -30
data/spec/shared_examples/finding.rb +0 -54
data/spec/shared_examples/formatter_buffer.rb +0 -6
data/spec/shared_examples/formatter_class_methods.rb +0 -26
data/spec/shared_examples/independent_finder.rb +0 -31
data/spec/shared_examples/target/platform/php.rb +0 -56
data/spec/shared_examples/target/server/apache.rb +0 -32
data/spec/shared_examples/target/server/generic.rb +0 -33
data/spec/shared_examples/target/server/iis.rb +0 -37
data/spec/shared_examples/views/core.rb +0 -26
data/spec/shared_examples/views/interesting_files.rb +0 -36
data/spec/spec_helper.rb +0 -43

data/spec/lib/controller_spec.rb DELETED Viewed

@@ -1,30 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Controller do
-  subject(:controller) { described_class::Base.new }
-  context 'when parsed_options' do
-    before { described_class::Base.parsed_options = parsed_options }
-    let(:parsed_options) { { url: 'http://example.com/' } }
-    its(:parsed_options)        { should eq(parsed_options) }
-    its(:formatter)             { should be_a CMSScanner::Formatter::Cli }
-    its(:user_interaction?)     { should be true }
-    its(:target)                { should be_a CMSScanner::Target }
-    its('target.scope.domains') { should eq [PublicSuffix.parse('example.com')] }
-    context 'when output option' do
-      let(:parsed_options) { super().merge(output: '/tmp/spec.txt') }
-      its(:user_interaction?) { should be false }
-    end
-    describe '#render' do
-      it 'calls the formatter#render' do
-        expect(controller.formatter).to receive(:render).with('test', { verbose: nil }, 'base')
-        controller.render('test')
-      end
-    end
-  end
-end

data/spec/lib/controllers_spec.rb DELETED Viewed

@@ -1,48 +0,0 @@
-require 'spec_helper'
-module CMSScanner
-  module Controller
-    class Spec < Base
-    end
-  end
-end
-describe CMSScanner::Controllers do
-  subject(:controllers)  { described_class.new }
-  let(:controller_mod) { CMSScanner::Controller }
-  describe '#<<' do
-    its(:size) { should be 0 }
-    context 'when controllers are added' do
-      before { controllers << controller_mod::Spec.new << controller_mod::Base.new }
-      its(:size) { should be 2 }
-    end
-    context 'when a controller is added twice' do
-      before { 2.times { controllers << controller_mod::Spec.new } }
-      its(:size) { should be 1 }
-    end
-    it 'returns self' do
-      expect(controllers << controller_mod::Spec.new).to be_a described_class
-    end
-  end
-  describe '#run' do
-    it 'runs the before_scan, run and after_scan methods of each controller' do
-      spec = controller_mod::Spec.new
-      base = controller_mod::Base.new
-      controllers << base << spec
-      [base, spec].each { |c| expect(c).to receive(:before_scan).ordered }
-      [base, spec].each { |c| expect(c).to receive(:run).ordered }
-      [spec, base].each { |c| expect(c).to receive(:after_scan).ordered }
-      controllers.run
-    end
-  end
-end

data/spec/lib/finders/confidence_spec.rb DELETED Viewed

@@ -1,39 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Finders::Confidence do
-  subject(:confidence) { described_class.new(number) }
-  describe '#new' do
-    let(:number) { 10 }
-    its(:value) { should eq 10 }
-  end
-  describe '#+' do
-    context 'when the confidence is already at 100' do
-      let(:number) { 100 }
-      it 'returns 100' do
-        expect(confidence + 50).to eq 100
-      end
-    end
-    context 'when the confidence is below 100' do
-      context 'when it reaches 100' do
-        let(:number) { 90 }
-        it 'returns 100' do
-          expect(confidence + 50 + 80).to eq 100
-        end
-      end
-      context 'when it satys below 100' do
-        let(:number) { 50 }
-        it 'returns the new value' do
-          expect(confidence + 50).to eq 66
-        end
-      end
-    end
-  end
-end

data/spec/lib/finders/finder/enumerator_spec.rb DELETED Viewed

@@ -1,89 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Finders::Finder::Enumerator do
-  # Dummy class to test the module
-  class DummyFinder < CMSScanner::Finders::Finder
-    include CMSScanner::Finders::Finder::Enumerator
-  end
-  subject(:finder) { DummyFinder.new(target) }
-  let(:target)     { CMSScanner::Target.new('http://e.org') }
-  context 'when #target_urls not implemented' do
-    it 'raises errors' do
-      expect { finder.target_urls }.to raise_error NotImplementedError
-    end
-  end
-  describe '#progress_bar_title' do
-    it 'returns a space' do
-      expect(finder.progress_bar_title).to eql ' '
-    end
-  end
-  its(:browser) { should be_a CMSScanner::Browser }
-  its(:request_params) { should eql(cache_ttl: 0) }
-  its(:hydra) { should be_a Typhoeus::Hydra }
-  describe '#aggressive' do
-    before do
-      expect(finder).to receive(:target_urls).and_return(target_urls)
-      target_urls.each { |url, _| stub_request(:get, url).to_return(status: 200, body: 'rspec') }
-    end
-    let(:target_urls) do
-      {
-        target.url('1') => 1,
-        target.url('2') => 2
-      }
-    end
-    context 'when no opts' do
-      let(:opts) { {} }
-      context 'when response are the homepage or custom 404' do
-        before { expect(finder.target).to receive(:homepage_or_404?).twice.and_return(true) }
-        it 'does not yield anything' do
-          expect { |b| finder.enumerate(opts, &b) }.to_not yield_control
-        end
-      end
-      context 'when not the hompage or 404' do
-        before { expect(finder.target).to receive(:homepage_or_404?).twice }
-        it 'yield the expected items' do
-          expect { |b| finder.enumerate(opts, &b) }.to yield_successive_args(
-            [Typhoeus::Response, 1], [Typhoeus::Response, 2]
-          )
-        end
-      end
-    end
-    context 'when opts' do
-      context 'when :exclude_content' do
-        before { expect(finder.target).to receive(:homepage_or_404?).twice }
-        context 'when it matches' do
-          let(:opts) { { exclude_content: /spec/i } }
-          it 'does not yield anything' do
-            expect { |b| finder.enumerate(opts, &b) }.to_not yield_control
-          end
-        end
-        context 'when it does not match' do
-          let(:opts) { { exclude_content: /not/i } }
-          it 'yield the expected items' do
-            expect { |b| finder.enumerate(opts, &b) }.to yield_successive_args(
-              [Typhoeus::Response, 1], [Typhoeus::Response, 2]
-            )
-          end
-        end
-      end
-    end
-  end
-end

data/spec/lib/finders/finder/smart_url_checker/findings_spec.rb DELETED Viewed

@@ -1,39 +0,0 @@
-require 'spec_helper'
-require 'dummy_finding'
-describe CMSScanner::Finders::Finder::SmartURLChecker::Findings do
-  subject(:findings) { described_class.new }
-  let(:finding)      { CMSScanner::DummyFinding }
-  describe '#<<' do
-    after { expect(findings).to eq @expected }
-    context 'when no findings already in' do
-      it 'adds it' do
-        findings << finding.new('empty-test')
-        @expected = [finding.new('empty-test')]
-      end
-    end
-    context 'when findings already in' do
-      let(:confirmed) { finding.new('confirmed', interesting_entries: entries) }
-      let(:entries)   { %w(e1 e2) }
-      before { findings << finding.new('test') << confirmed }
-      it 'adds a confirmed result correctly' do
-        confirmed_dup = confirmed.dup
-        confirmed_dup.confidence = 100
-        confirmed_dup.interesting_entries = %w(e2 e3)
-        findings << confirmed_dup
-        confirmed.confirmed_by = confirmed_dup
-        @expected = [] << finding.new('test') << confirmed
-        expect(findings[1].interesting_entries).to eql(%w(e1 e2 e3))
-      end
-    end
-  end
-end

data/spec/lib/finders/finder/smart_url_checker_spec.rb DELETED Viewed

@@ -1,50 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Finders::Finder::SmartURLChecker do
-  # Dummy class to test the module
-  class DummyFinder < CMSScanner::Finders::Finder
-    include CMSScanner::Finders::Finder::SmartURLChecker
-  end
-  subject(:finder) { DummyFinder.new(target) }
-  let(:target)     { CMSScanner::Target.new('http://e.org') }
-  before { stub_request(:get, target.url) }
-  context 'when methods are not implemented' do
-    it 'raises errors' do
-      expect { finder.process_urls([]) }.to raise_error NotImplementedError
-      expect { finder.passive }.to raise_error NotImplementedError
-      expect { finder.aggressive_urls }.to raise_error NotImplementedError
-    end
-  end
-  describe '#aggressive' do
-    before { expect(finder).to receive(:aggressive_urls).and_return(%w(u1 u2 u3)) }
-    after do
-      expect(finder).to receive(:process_urls).with(@expected_urls, mode: mode)
-      finder.aggressive(mode: mode)
-    end
-    context 'when :mode = :mixed' do
-      before { expect(finder).to receive(:passive_urls).and_return(%w(u2)) }
-      let(:mode) { :mixed }
-      it 'calls #process_urls with the correct argument' do
-        @expected_urls = %w(u1 u3)
-      end
-    end
-    [:passive, :aggressive].each do |m|
-      context "when :mode = #{m}" do
-        let(:mode) { m }
-        it 'calls #process_urls with the correct argument' do
-          @expected_urls = %w(u1 u2 u3)
-        end
-      end
-    end
-  end
-end

data/spec/lib/finders/finder_spec.rb DELETED Viewed

@@ -1,11 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Finders::Finder do
-  subject(:finder) { described_class.new('target') }
-  describe '#progress_bar' do
-    it 'returns a ProgressBar::Base' do
-      expect(finder.progress_bar(12)).to be_a ProgressBar::Base
-    end
-  end
-end

data/spec/lib/finders/findings_spec.rb DELETED Viewed

@@ -1,36 +0,0 @@
-require 'spec_helper'
-require 'dummy_finding'
-describe CMSScanner::Finders::Findings do
-  subject(:findings) { described_class.new }
-  let(:finding)      { CMSScanner::DummyFinding }
-  describe '#<<' do
-    after { expect(findings).to eq @expected }
-    context 'when no findings already in' do
-      it 'adds it' do
-        findings << finding.new('empty-test')
-        @expected = [finding.new('empty-test')]
-      end
-    end
-    context 'when findings already in' do
-      let(:confirmed) { finding.new('confirmed') }
-      before { findings << finding.new('test') << confirmed }
-      it 'adds a confirmed result correctly' do
-        confirmed_dup = confirmed.dup
-        confirmed_dup.confidence = 100
-        findings << finding.new('test2')
-        findings << confirmed_dup
-        confirmed.confirmed_by = confirmed_dup
-        @expected = [] << finding.new('test') << confirmed << finding.new('test2')
-      end
-    end
-  end
-end

data/spec/lib/finders/independent_finders_spec.rb DELETED Viewed

@@ -1,134 +0,0 @@
-require 'spec_helper'
-require 'dummy_independent_finders'
-describe CMSScanner::Finders::IndependentFinders do
-  subject(:finders) { described_class.new }
-  describe '#run' do
-    let(:target)              { 'target' }
-    let(:finding)             { CMSScanner::DummyFinding }
-    let(:expected_aggressive) { finding.new('test', found_by: 'override', confidence: 100) }
-    let(:expected_passive) do
-      [
-        finding.new('test', found_by: 'Dummy Finder (Passive Detection)'),
-        finding.new('spotted', found_by: 'No Aggressive Result (Passive Detection)', confidence: 10)
-      ]
-    end
-    before do
-      finders <<
-        CMSScanner::Finders::Independent::DummyFinder.new(target) <<
-        CMSScanner::Finders::Independent::NoAggressiveResult.new(target)
-    end
-    describe 'method calls order' do
-      after { finders.run(mode: mode) }
-      [:passive, :aggressive].each do |current_mode|
-        context "when #{current_mode} mode" do
-          let(:mode) { current_mode }
-          it "calls the #{current_mode} method on each finder" do
-            finders.each do |f|
-              expect(f).to receive(current_mode).with(hash_including(found: [])).ordered
-            end
-          end
-        end
-      end
-      context 'when :mixed mode' do
-        let(:mode) { :mixed }
-        it 'calls :passive then :aggressive on each finder' do
-          finders.each do |finder|
-            [:passive, :aggressive].each do |method|
-              expect(finder).to receive(method).with(hash_including(found: [])).ordered
-            end
-          end
-        end
-      end
-    end
-    describe 'returned results' do
-      before do
-        @found = finders.run(mode: mode)
-        expect(@found).to be_a(CMSScanner::Finders::Findings)
-        @found.each { |f| expect(f).to be_a finding }
-      end
-      context 'when :passive mode' do
-        let(:mode) { :passive }
-        it 'returns 2 results' do
-          expect(@found.size).to eq 2
-          expect(@found.first).to eql expected_passive.first
-          expect(@found.last).to eql expected_passive.last
-        end
-      end
-      context 'when :aggressive mode' do
-        let(:mode) { :aggressive }
-        it 'returns 1 result' do
-          expect(@found.size).to eq 1
-          expect(@found.first).to eql expected_aggressive
-        end
-      end
-      context 'when :mixed mode' do
-        let(:mode) { :mixed }
-        it 'returns 2 results' do
-          # As the first passive is confirmed by the expected_aggressive, the confidence
-          # increases and should be 100% due to the expected_aggressive.confidence
-          first_passive = expected_passive.first.dup
-          first_passive.confidence = 100
-          expect(@found.size).to eq 2
-          expect(@found.first).to eql first_passive
-          expect(@found.first.confirmed_by).to eql [expected_aggressive]
-          expect(@found.last).to eql expected_passive.last
-        end
-      end
-      context 'when multiple results returned' do
-        xit
-      end
-    end
-  end
-  describe '#symbols_from_mode' do
-    after { expect(finders.symbols_from_mode(@mode)).to eq @expected }
-    context 'when :mixed' do
-      it 'returns [:passive, :aggressive]' do
-        @mode     = :mixed
-        @expected = [:passive, :aggressive]
-      end
-    end
-    context 'when :passive or :aggresssive' do
-      [:passive, :aggressive].each do |symbol|
-        it 'returns it in an array' do
-          @mode     = symbol
-          @expected = [*symbol]
-        end
-      end
-    end
-    context 'otherwise' do
-      it 'returns []' do
-        @mode     = :unallowed
-        @expected = []
-      end
-    end
-  end
-  describe '#findings' do
-    it 'returns a Findings object' do
-      expect(finders.findings).to be_a CMSScanner::Finders::Findings
-    end
-  end
-end