RubyGems - cms_scanner - Versions diffs - 0.0.18 → 0.0.19 - Mend

cms_scanner 0.0.18 → 0.0.19

Files changed (118) hide show

checksums.yaml +4 -4
data/app/controllers/core.rb +4 -3
data/app/views/cli/core/finished.erb +1 -0
data/app/views/json/core/finished.erb +1 -0
data/cms_scanner.gemspec +13 -3
data/lib/cms_scanner.rb +14 -2
data/lib/cms_scanner/finders/finder.rb +16 -7
data/lib/cms_scanner/finders/finder/enumerator.rb +4 -28
data/lib/cms_scanner/finders/finder/fingerprinter.rb +60 -0
data/lib/cms_scanner/finders/finding.rb +1 -1
data/lib/cms_scanner/target/scope.rb +4 -1
data/lib/cms_scanner/target/server/generic.rb +1 -1
data/lib/cms_scanner/typhoeus/hydra.rb +10 -0
data/lib/cms_scanner/version.rb +1 -1
metadata +5 -203
data/.gitignore +0 -7
data/.rspec +0 -2
data/.rubocop.yml +0 -10
data/.travis.yml +0 -17
data/Gemfile +0 -6
data/Rakefile +0 -9
data/spec/app/controllers/core_spec.rb +0 -167
data/spec/app/controllers/interesting_files_spec.rb +0 -70
data/spec/app/finders/interesting_files/fantastico_fileslist_spec.rb +0 -66
data/spec/app/finders/interesting_files/headers_spec.rb +0 -36
data/spec/app/finders/interesting_files/robots_txt_spec.rb +0 -54
data/spec/app/finders/interesting_files/search_replace_db_2_spec.rb +0 -53
data/spec/app/finders/interesting_files/xml_rpc_spec.rb +0 -136
data/spec/app/finders/interesting_files_spec.rb +0 -12
data/spec/app/formatters/cli_no_colour_spec.rb +0 -14
data/spec/app/formatters/cli_spec.rb +0 -30
data/spec/app/formatters/json_spec.rb +0 -30
data/spec/app/models/fantastico_fileslist_spec.rb +0 -31
data/spec/app/models/headers_spec.rb +0 -51
data/spec/app/models/interesting_file_spec.rb +0 -69
data/spec/app/models/robots_txt_spec.rb +0 -27
data/spec/app/models/version_spec.rb +0 -51
data/spec/app/models/xml_rpc_spec.rb +0 -46
data/spec/app/views_spec.rb +0 -35
data/spec/cache/.gitignore +0 -4
data/spec/dummy_finding.rb +0 -25
data/spec/dummy_independent_finders.rb +0 -26
data/spec/dummy_unique_finders.rb +0 -33
data/spec/fixtures/finders/interesting_files/fantastico_fileslist/fantastico_fileslist.txt +0 -12
data/spec/fixtures/finders/interesting_files/file.txt +0 -4
data/spec/fixtures/finders/interesting_files/headers/interesting.txt +0 -16
data/spec/fixtures/finders/interesting_files/headers/no_interesting.txt +0 -12
data/spec/fixtures/finders/interesting_files/robots_txt/robots.txt +0 -10
data/spec/fixtures/finders/interesting_files/search_replace_db_2/searchreplacedb2.php +0 -188
data/spec/fixtures/finders/interesting_files/xml_rpc/homepage_in_scope_pingback.html +0 -7
data/spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html +0 -7
data/spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php +0 -1
data/spec/fixtures/output.txt +0 -0
data/spec/fixtures/target/comments.html +0 -29
data/spec/fixtures/target/platform/php/debug_log/debug.log +0 -2
data/spec/fixtures/target/platform/php/fpd/wp_rss_functions.php +0 -2
data/spec/fixtures/target/scope/index.html +0 -23
data/spec/fixtures/target/server/apache/directory_listing/2.2.16.html +0 -15
data/spec/fixtures/target/server/generic/server/apache/basic.txt +0 -5
data/spec/fixtures/target/server/generic/server/iis/basic.txt +0 -6
data/spec/fixtures/target/server/generic/server/not_detected.txt +0 -3
data/spec/fixtures/target/server/iis/directory_listing/no_parent.html +0 -3
data/spec/fixtures/target/server/iis/directory_listing/with_parent.html +0 -3
data/spec/fixtures/views/base/ctrl/local.erb +0 -1
data/spec/fixtures/views/base/ctrl/test.erb +0 -3
data/spec/fixtures/views/base/global.erb +0 -1
data/spec/fixtures/views/base/test.erb +0 -2
data/spec/fixtures/views/based_format/test.erb +0 -1
data/spec/fixtures/views/json/render_me.erb +0 -4
data/spec/lib/browser_spec.rb +0 -140
data/spec/lib/cache/file_store_spec.rb +0 -100
data/spec/lib/cache/typhoeus_spec.rb +0 -28
data/spec/lib/cms_scanner_spec.rb +0 -49
data/spec/lib/controller_spec.rb +0 -30
data/spec/lib/controllers_spec.rb +0 -48
data/spec/lib/finders/confidence_spec.rb +0 -39
data/spec/lib/finders/finder/enumerator_spec.rb +0 -89
data/spec/lib/finders/finder/smart_url_checker/findings_spec.rb +0 -39
data/spec/lib/finders/finder/smart_url_checker_spec.rb +0 -50
data/spec/lib/finders/finder_spec.rb +0 -11
data/spec/lib/finders/findings_spec.rb +0 -36
data/spec/lib/finders/independent_finders_spec.rb +0 -134
data/spec/lib/finders/same_type_finder_spec.rb +0 -24
data/spec/lib/finders/same_type_finders_spec.rb +0 -126
data/spec/lib/finders/unique_finder_spec.rb +0 -24
data/spec/lib/finders/unique_finders_spec.rb +0 -222
data/spec/lib/formatter_spec.rb +0 -145
data/spec/lib/public_suffix/domain_spec.rb +0 -49
data/spec/lib/sub_scanner_spec.rb +0 -45
data/spec/lib/target/hashes_spec.rb +0 -90
data/spec/lib/target/platforms_spec.rb +0 -13
data/spec/lib/target/scope_spec.rb +0 -103
data/spec/lib/target/servers_spec.rb +0 -13
data/spec/lib/target_spec.rb +0 -69
data/spec/lib/vulnerability/references_spec.rb +0 -75
data/spec/lib/vulnerability_spec.rb +0 -27
data/spec/lib/web_site_spec.rb +0 -121
data/spec/output/core/finished.cli_no_colour +0 -3
data/spec/output/core/finished.json +0 -5
data/spec/output/core/started.cli_no_colour +0 -3
data/spec/output/core/started.json +0 -5
data/spec/output/interesting_files/empty.cli_no_colour +0 -2
data/spec/output/interesting_files/empty.json +0 -5
data/spec/output/interesting_files/findings.cli_no_colour +0 -30
data/spec/output/interesting_files/findings.json +0 -75
data/spec/shared_examples.rb +0 -11
data/spec/shared_examples/browser_actions.rb +0 -30
data/spec/shared_examples/finding.rb +0 -54
data/spec/shared_examples/formatter_buffer.rb +0 -6
data/spec/shared_examples/formatter_class_methods.rb +0 -26
data/spec/shared_examples/independent_finder.rb +0 -31
data/spec/shared_examples/target/platform/php.rb +0 -56
data/spec/shared_examples/target/server/apache.rb +0 -32
data/spec/shared_examples/target/server/generic.rb +0 -33
data/spec/shared_examples/target/server/iis.rb +0 -37
data/spec/shared_examples/views/core.rb +0 -26
data/spec/shared_examples/views/interesting_files.rb +0 -36
data/spec/spec_helper.rb +0 -43

data/spec/lib/controller_spec.rb DELETED Viewed

@@ -1,30 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Controller do
-  subject(:controller) { described_class::Base.new }
-  context 'when parsed_options' do
-    before { described_class::Base.parsed_options = parsed_options }
-    let(:parsed_options) { { url: 'http://example.com/' } }
-    its(:parsed_options)        { should eq(parsed_options) }
-    its(:formatter)             { should be_a CMSScanner::Formatter::Cli }
-    its(:user_interaction?)     { should be true }
-    its(:target)                { should be_a CMSScanner::Target }
-    its('target.scope.domains') { should eq [PublicSuffix.parse('example.com')] }
-    context 'when output option' do
-      let(:parsed_options) { super().merge(output: '/tmp/spec.txt') }
-      its(:user_interaction?) { should be false }
-    end
-    describe '#render' do
-      it 'calls the formatter#render' do
-        expect(controller.formatter).to receive(:render).with('test', { verbose: nil }, 'base')
-        controller.render('test')
-      end
-    end
-  end
-end

data/spec/lib/controllers_spec.rb DELETED Viewed

@@ -1,48 +0,0 @@
-require 'spec_helper'
-module CMSScanner
-  module Controller
-    class Spec < Base
-    end
-  end
-end
-describe CMSScanner::Controllers do
-  subject(:controllers)  { described_class.new }
-  let(:controller_mod) { CMSScanner::Controller }
-  describe '#<<' do
-    its(:size) { should be 0 }
-    context 'when controllers are added' do
-      before { controllers << controller_mod::Spec.new << controller_mod::Base.new }
-      its(:size) { should be 2 }
-    end
-    context 'when a controller is added twice' do
-      before { 2.times { controllers << controller_mod::Spec.new } }
-      its(:size) { should be 1 }
-    end
-    it 'returns self' do
-      expect(controllers << controller_mod::Spec.new).to be_a described_class
-    end
-  end
-  describe '#run' do
-    it 'runs the before_scan, run and after_scan methods of each controller' do
-      spec = controller_mod::Spec.new
-      base = controller_mod::Base.new
-      controllers << base << spec
-      [base, spec].each { |c| expect(c).to receive(:before_scan).ordered }
-      [base, spec].each { |c| expect(c).to receive(:run).ordered }
-      [spec, base].each { |c| expect(c).to receive(:after_scan).ordered }
-      controllers.run
-    end
-  end
-end

data/spec/lib/finders/confidence_spec.rb DELETED Viewed

@@ -1,39 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Finders::Confidence do
-  subject(:confidence) { described_class.new(number) }
-  describe '#new' do
-    let(:number) { 10 }
-    its(:value) { should eq 10 }
-  end
-  describe '#+' do
-    context 'when the confidence is already at 100' do
-      let(:number) { 100 }
-      it 'returns 100' do
-        expect(confidence + 50).to eq 100
-      end
-    end
-    context 'when the confidence is below 100' do
-      context 'when it reaches 100' do
-        let(:number) { 90 }
-        it 'returns 100' do
-          expect(confidence + 50 + 80).to eq 100
-        end
-      end
-      context 'when it satys below 100' do
-        let(:number) { 50 }
-        it 'returns the new value' do
-          expect(confidence + 50).to eq 66
-        end
-      end
-    end
-  end
-end

data/spec/lib/finders/finder/enumerator_spec.rb DELETED Viewed

@@ -1,89 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Finders::Finder::Enumerator do
-  # Dummy class to test the module
-  class DummyFinder < CMSScanner::Finders::Finder
-    include CMSScanner::Finders::Finder::Enumerator
-  end
-  subject(:finder) { DummyFinder.new(target) }
-  let(:target)     { CMSScanner::Target.new('http://e.org') }
-  context 'when #target_urls not implemented' do
-    it 'raises errors' do
-      expect { finder.target_urls }.to raise_error NotImplementedError
-    end
-  end
-  describe '#progress_bar_title' do
-    it 'returns a space' do
-      expect(finder.progress_bar_title).to eql ' '
-    end
-  end
-  its(:browser) { should be_a CMSScanner::Browser }
-  its(:request_params) { should eql(cache_ttl: 0) }
-  its(:hydra) { should be_a Typhoeus::Hydra }
-  describe '#aggressive' do
-    before do
-      expect(finder).to receive(:target_urls).and_return(target_urls)
-      target_urls.each { |url, _| stub_request(:get, url).to_return(status: 200, body: 'rspec') }
-    end
-    let(:target_urls) do
-      {
-        target.url('1') => 1,
-        target.url('2') => 2
-      }
-    end
-    context 'when no opts' do
-      let(:opts) { {} }
-      context 'when response are the homepage or custom 404' do
-        before { expect(finder.target).to receive(:homepage_or_404?).twice.and_return(true) }
-        it 'does not yield anything' do
-          expect { |b| finder.enumerate(opts, &b) }.to_not yield_control
-        end
-      end
-      context 'when not the hompage or 404' do
-        before { expect(finder.target).to receive(:homepage_or_404?).twice }
-        it 'yield the expected items' do
-          expect { |b| finder.enumerate(opts, &b) }.to yield_successive_args(
-            [Typhoeus::Response, 1], [Typhoeus::Response, 2]
-          )
-        end
-      end
-    end
-    context 'when opts' do
-      context 'when :exclude_content' do
-        before { expect(finder.target).to receive(:homepage_or_404?).twice }
-        context 'when it matches' do
-          let(:opts) { { exclude_content: /spec/i } }
-          it 'does not yield anything' do
-            expect { |b| finder.enumerate(opts, &b) }.to_not yield_control
-          end
-        end
-        context 'when it does not match' do
-          let(:opts) { { exclude_content: /not/i } }
-          it 'yield the expected items' do
-            expect { |b| finder.enumerate(opts, &b) }.to yield_successive_args(
-              [Typhoeus::Response, 1], [Typhoeus::Response, 2]
-            )
-          end
-        end
-      end
-    end
-  end
-end

data/spec/lib/finders/finder/smart_url_checker/findings_spec.rb DELETED Viewed

@@ -1,39 +0,0 @@
-require 'spec_helper'
-require 'dummy_finding'
-describe CMSScanner::Finders::Finder::SmartURLChecker::Findings do
-  subject(:findings) { described_class.new }
-  let(:finding)      { CMSScanner::DummyFinding }
-  describe '#<<' do
-    after { expect(findings).to eq @expected }
-    context 'when no findings already in' do
-      it 'adds it' do
-        findings << finding.new('empty-test')
-        @expected = [finding.new('empty-test')]
-      end
-    end
-    context 'when findings already in' do
-      let(:confirmed) { finding.new('confirmed', interesting_entries: entries) }
-      let(:entries)   { %w(e1 e2) }
-      before { findings << finding.new('test') << confirmed }
-      it 'adds a confirmed result correctly' do
-        confirmed_dup = confirmed.dup
-        confirmed_dup.confidence = 100
-        confirmed_dup.interesting_entries = %w(e2 e3)
-        findings << confirmed_dup
-        confirmed.confirmed_by = confirmed_dup
-        @expected = [] << finding.new('test') << confirmed
-        expect(findings[1].interesting_entries).to eql(%w(e1 e2 e3))
-      end
-    end
-  end
-end

data/spec/lib/finders/finder/smart_url_checker_spec.rb DELETED Viewed

@@ -1,50 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Finders::Finder::SmartURLChecker do
-  # Dummy class to test the module
-  class DummyFinder < CMSScanner::Finders::Finder
-    include CMSScanner::Finders::Finder::SmartURLChecker
-  end
-  subject(:finder) { DummyFinder.new(target) }
-  let(:target)     { CMSScanner::Target.new('http://e.org') }
-  before { stub_request(:get, target.url) }
-  context 'when methods are not implemented' do
-    it 'raises errors' do
-      expect { finder.process_urls([]) }.to raise_error NotImplementedError
-      expect { finder.passive }.to raise_error NotImplementedError
-      expect { finder.aggressive_urls }.to raise_error NotImplementedError
-    end
-  end
-  describe '#aggressive' do
-    before { expect(finder).to receive(:aggressive_urls).and_return(%w(u1 u2 u3)) }
-    after do
-      expect(finder).to receive(:process_urls).with(@expected_urls, mode: mode)
-      finder.aggressive(mode: mode)
-    end
-    context 'when :mode = :mixed' do
-      before { expect(finder).to receive(:passive_urls).and_return(%w(u2)) }
-      let(:mode) { :mixed }
-      it 'calls #process_urls with the correct argument' do
-        @expected_urls = %w(u1 u3)
-      end
-    end
-    [:passive, :aggressive].each do |m|
-      context "when :mode = #{m}" do
-        let(:mode) { m }
-        it 'calls #process_urls with the correct argument' do
-          @expected_urls = %w(u1 u2 u3)
-        end
-      end
-    end
-  end
-end

data/spec/lib/finders/finder_spec.rb DELETED Viewed

@@ -1,11 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Finders::Finder do
-  subject(:finder) { described_class.new('target') }
-  describe '#progress_bar' do
-    it 'returns a ProgressBar::Base' do
-      expect(finder.progress_bar(12)).to be_a ProgressBar::Base
-    end
-  end
-end

data/spec/lib/finders/findings_spec.rb DELETED Viewed

@@ -1,36 +0,0 @@
-require 'spec_helper'
-require 'dummy_finding'
-describe CMSScanner::Finders::Findings do
-  subject(:findings) { described_class.new }
-  let(:finding)      { CMSScanner::DummyFinding }
-  describe '#<<' do
-    after { expect(findings).to eq @expected }
-    context 'when no findings already in' do
-      it 'adds it' do
-        findings << finding.new('empty-test')
-        @expected = [finding.new('empty-test')]
-      end
-    end
-    context 'when findings already in' do
-      let(:confirmed) { finding.new('confirmed') }
-      before { findings << finding.new('test') << confirmed }
-      it 'adds a confirmed result correctly' do
-        confirmed_dup = confirmed.dup
-        confirmed_dup.confidence = 100
-        findings << finding.new('test2')
-        findings << confirmed_dup
-        confirmed.confirmed_by = confirmed_dup
-        @expected = [] << finding.new('test') << confirmed << finding.new('test2')
-      end
-    end
-  end
-end

data/spec/lib/finders/independent_finders_spec.rb DELETED Viewed

@@ -1,134 +0,0 @@
-require 'spec_helper'
-require 'dummy_independent_finders'
-describe CMSScanner::Finders::IndependentFinders do
-  subject(:finders) { described_class.new }
-  describe '#run' do
-    let(:target)              { 'target' }
-    let(:finding)             { CMSScanner::DummyFinding }
-    let(:expected_aggressive) { finding.new('test', found_by: 'override', confidence: 100) }
-    let(:expected_passive) do
-      [
-        finding.new('test', found_by: 'Dummy Finder (Passive Detection)'),
-        finding.new('spotted', found_by: 'No Aggressive Result (Passive Detection)', confidence: 10)
-      ]
-    end
-    before do
-      finders <<
-        CMSScanner::Finders::Independent::DummyFinder.new(target) <<
-        CMSScanner::Finders::Independent::NoAggressiveResult.new(target)
-    end
-    describe 'method calls order' do
-      after { finders.run(mode: mode) }
-      [:passive, :aggressive].each do |current_mode|
-        context "when #{current_mode} mode" do
-          let(:mode) { current_mode }
-          it "calls the #{current_mode} method on each finder" do
-            finders.each do |f|
-              expect(f).to receive(current_mode).with(hash_including(found: [])).ordered
-            end
-          end
-        end
-      end
-      context 'when :mixed mode' do
-        let(:mode) { :mixed }
-        it 'calls :passive then :aggressive on each finder' do
-          finders.each do |finder|
-            [:passive, :aggressive].each do |method|
-              expect(finder).to receive(method).with(hash_including(found: [])).ordered
-            end
-          end
-        end
-      end
-    end
-    describe 'returned results' do
-      before do
-        @found = finders.run(mode: mode)
-        expect(@found).to be_a(CMSScanner::Finders::Findings)
-        @found.each { |f| expect(f).to be_a finding }
-      end
-      context 'when :passive mode' do
-        let(:mode) { :passive }
-        it 'returns 2 results' do
-          expect(@found.size).to eq 2
-          expect(@found.first).to eql expected_passive.first
-          expect(@found.last).to eql expected_passive.last
-        end
-      end
-      context 'when :aggressive mode' do
-        let(:mode) { :aggressive }
-        it 'returns 1 result' do
-          expect(@found.size).to eq 1
-          expect(@found.first).to eql expected_aggressive
-        end
-      end
-      context 'when :mixed mode' do
-        let(:mode) { :mixed }
-        it 'returns 2 results' do
-          # As the first passive is confirmed by the expected_aggressive, the confidence
-          # increases and should be 100% due to the expected_aggressive.confidence
-          first_passive = expected_passive.first.dup
-          first_passive.confidence = 100
-          expect(@found.size).to eq 2
-          expect(@found.first).to eql first_passive
-          expect(@found.first.confirmed_by).to eql [expected_aggressive]
-          expect(@found.last).to eql expected_passive.last
-        end
-      end
-      context 'when multiple results returned' do
-        xit
-      end
-    end
-  end
-  describe '#symbols_from_mode' do
-    after { expect(finders.symbols_from_mode(@mode)).to eq @expected }
-    context 'when :mixed' do
-      it 'returns [:passive, :aggressive]' do
-        @mode     = :mixed
-        @expected = [:passive, :aggressive]
-      end
-    end
-    context 'when :passive or :aggresssive' do
-      [:passive, :aggressive].each do |symbol|
-        it 'returns it in an array' do
-          @mode     = symbol
-          @expected = [*symbol]
-        end
-      end
-    end
-    context 'otherwise' do
-      it 'returns []' do
-        @mode     = :unallowed
-        @expected = []
-      end
-    end
-  end
-  describe '#findings' do
-    it 'returns a Findings object' do
-      expect(finders.findings).to be_a CMSScanner::Finders::Findings
-    end
-  end
-end