RubyGems - cms_scanner - Versions diffs - 0.0.18 → 0.0.19 - Mend

cms_scanner 0.0.18 → 0.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

checksums.yaml +4 -4
data/app/controllers/core.rb +4 -3
data/app/views/cli/core/finished.erb +1 -0
data/app/views/json/core/finished.erb +1 -0
data/cms_scanner.gemspec +13 -3
data/lib/cms_scanner.rb +14 -2
data/lib/cms_scanner/finders/finder.rb +16 -7
data/lib/cms_scanner/finders/finder/enumerator.rb +4 -28
data/lib/cms_scanner/finders/finder/fingerprinter.rb +60 -0
data/lib/cms_scanner/finders/finding.rb +1 -1
data/lib/cms_scanner/target/scope.rb +4 -1
data/lib/cms_scanner/target/server/generic.rb +1 -1
data/lib/cms_scanner/typhoeus/hydra.rb +10 -0
data/lib/cms_scanner/version.rb +1 -1
metadata +5 -203
data/.gitignore +0 -7
data/.rspec +0 -2
data/.rubocop.yml +0 -10
data/.travis.yml +0 -17
data/Gemfile +0 -6
data/Rakefile +0 -9
data/spec/app/controllers/core_spec.rb +0 -167
data/spec/app/controllers/interesting_files_spec.rb +0 -70
data/spec/app/finders/interesting_files/fantastico_fileslist_spec.rb +0 -66
data/spec/app/finders/interesting_files/headers_spec.rb +0 -36
data/spec/app/finders/interesting_files/robots_txt_spec.rb +0 -54
data/spec/app/finders/interesting_files/search_replace_db_2_spec.rb +0 -53
data/spec/app/finders/interesting_files/xml_rpc_spec.rb +0 -136
data/spec/app/finders/interesting_files_spec.rb +0 -12
data/spec/app/formatters/cli_no_colour_spec.rb +0 -14
data/spec/app/formatters/cli_spec.rb +0 -30
data/spec/app/formatters/json_spec.rb +0 -30
data/spec/app/models/fantastico_fileslist_spec.rb +0 -31
data/spec/app/models/headers_spec.rb +0 -51
data/spec/app/models/interesting_file_spec.rb +0 -69
data/spec/app/models/robots_txt_spec.rb +0 -27
data/spec/app/models/version_spec.rb +0 -51
data/spec/app/models/xml_rpc_spec.rb +0 -46
data/spec/app/views_spec.rb +0 -35
data/spec/cache/.gitignore +0 -4
data/spec/dummy_finding.rb +0 -25
data/spec/dummy_independent_finders.rb +0 -26
data/spec/dummy_unique_finders.rb +0 -33
data/spec/fixtures/finders/interesting_files/fantastico_fileslist/fantastico_fileslist.txt +0 -12
data/spec/fixtures/finders/interesting_files/file.txt +0 -4
data/spec/fixtures/finders/interesting_files/headers/interesting.txt +0 -16
data/spec/fixtures/finders/interesting_files/headers/no_interesting.txt +0 -12
data/spec/fixtures/finders/interesting_files/robots_txt/robots.txt +0 -10
data/spec/fixtures/finders/interesting_files/search_replace_db_2/searchreplacedb2.php +0 -188
data/spec/fixtures/finders/interesting_files/xml_rpc/homepage_in_scope_pingback.html +0 -7
data/spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html +0 -7
data/spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php +0 -1
data/spec/fixtures/output.txt +0 -0
data/spec/fixtures/target/comments.html +0 -29
data/spec/fixtures/target/platform/php/debug_log/debug.log +0 -2
data/spec/fixtures/target/platform/php/fpd/wp_rss_functions.php +0 -2
data/spec/fixtures/target/scope/index.html +0 -23
data/spec/fixtures/target/server/apache/directory_listing/2.2.16.html +0 -15
data/spec/fixtures/target/server/generic/server/apache/basic.txt +0 -5
data/spec/fixtures/target/server/generic/server/iis/basic.txt +0 -6
data/spec/fixtures/target/server/generic/server/not_detected.txt +0 -3
data/spec/fixtures/target/server/iis/directory_listing/no_parent.html +0 -3
data/spec/fixtures/target/server/iis/directory_listing/with_parent.html +0 -3
data/spec/fixtures/views/base/ctrl/local.erb +0 -1
data/spec/fixtures/views/base/ctrl/test.erb +0 -3
data/spec/fixtures/views/base/global.erb +0 -1
data/spec/fixtures/views/base/test.erb +0 -2
data/spec/fixtures/views/based_format/test.erb +0 -1
data/spec/fixtures/views/json/render_me.erb +0 -4
data/spec/lib/browser_spec.rb +0 -140
data/spec/lib/cache/file_store_spec.rb +0 -100
data/spec/lib/cache/typhoeus_spec.rb +0 -28
data/spec/lib/cms_scanner_spec.rb +0 -49
data/spec/lib/controller_spec.rb +0 -30
data/spec/lib/controllers_spec.rb +0 -48
data/spec/lib/finders/confidence_spec.rb +0 -39
data/spec/lib/finders/finder/enumerator_spec.rb +0 -89
data/spec/lib/finders/finder/smart_url_checker/findings_spec.rb +0 -39
data/spec/lib/finders/finder/smart_url_checker_spec.rb +0 -50
data/spec/lib/finders/finder_spec.rb +0 -11
data/spec/lib/finders/findings_spec.rb +0 -36
data/spec/lib/finders/independent_finders_spec.rb +0 -134
data/spec/lib/finders/same_type_finder_spec.rb +0 -24
data/spec/lib/finders/same_type_finders_spec.rb +0 -126
data/spec/lib/finders/unique_finder_spec.rb +0 -24
data/spec/lib/finders/unique_finders_spec.rb +0 -222
data/spec/lib/formatter_spec.rb +0 -145
data/spec/lib/public_suffix/domain_spec.rb +0 -49
data/spec/lib/sub_scanner_spec.rb +0 -45
data/spec/lib/target/hashes_spec.rb +0 -90
data/spec/lib/target/platforms_spec.rb +0 -13
data/spec/lib/target/scope_spec.rb +0 -103
data/spec/lib/target/servers_spec.rb +0 -13
data/spec/lib/target_spec.rb +0 -69
data/spec/lib/vulnerability/references_spec.rb +0 -75
data/spec/lib/vulnerability_spec.rb +0 -27
data/spec/lib/web_site_spec.rb +0 -121
data/spec/output/core/finished.cli_no_colour +0 -3
data/spec/output/core/finished.json +0 -5
data/spec/output/core/started.cli_no_colour +0 -3
data/spec/output/core/started.json +0 -5
data/spec/output/interesting_files/empty.cli_no_colour +0 -2
data/spec/output/interesting_files/empty.json +0 -5
data/spec/output/interesting_files/findings.cli_no_colour +0 -30
data/spec/output/interesting_files/findings.json +0 -75
data/spec/shared_examples.rb +0 -11
data/spec/shared_examples/browser_actions.rb +0 -30
data/spec/shared_examples/finding.rb +0 -54
data/spec/shared_examples/formatter_buffer.rb +0 -6
data/spec/shared_examples/formatter_class_methods.rb +0 -26
data/spec/shared_examples/independent_finder.rb +0 -31
data/spec/shared_examples/target/platform/php.rb +0 -56
data/spec/shared_examples/target/server/apache.rb +0 -32
data/spec/shared_examples/target/server/generic.rb +0 -33
data/spec/shared_examples/target/server/iis.rb +0 -37
data/spec/shared_examples/views/core.rb +0 -26
data/spec/shared_examples/views/interesting_files.rb +0 -36
data/spec/spec_helper.rb +0 -43

data/spec/lib/vulnerability_spec.rb DELETED Viewed

@@ -1,27 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::Vulnerability do
-  subject(:vuln)   { described_class.new(title) }
-  let(:title)      { 'Test Vuln' }
-  describe '#new' do
-    its(:title)      { should eql title }
-    its(:references) { should eql({}) }
-    its(:type)       { should eql nil }
-    its(:fixed_in)   { should eql nil }
-  end
-  describe '#==' do
-    context 'when te same vuln' do
-      it 'returns true' do
-        expect(vuln).to eq vuln.dup
-      end
-    end
-    context 'when not equal' do
-      it 'returns false' do
-        expect(vuln).to_not eq described_class.new('not eq')
-      end
-    end
-  end
-end

data/spec/lib/web_site_spec.rb DELETED Viewed

@@ -1,121 +0,0 @@
-require 'spec_helper'
-describe CMSScanner::WebSite do
-  subject(:web_site) { described_class.new(url, opts) }
-  let(:url)          { 'http://e.org' }
-  let(:opts)         { {} }
-  describe '#url=' do
-    context 'when the url is incorrect' do
-      after do
-        expect { web_site.url = @url }.to raise_error Addressable::URI::InvalidURIError
-      end
-      it 'raises an error if empty' do
-        @url = ''
-      end
-      it 'raises an error if wrong format' do
-        @url = 'jj'
-      end
-    end
-    context 'when valid' do
-      it 'creates an Addressable object and adds a traling slash' do
-        web_site.url = 'http://site.com'
-        expect(web_site.url).to eq('http://site.com/')
-        expect(web_site.uri).to be_a Addressable::URI
-      end
-    end
-  end
-  describe '#url' do
-    context 'when no path argument' do
-      its(:url) { should eql 'http://e.org/' }
-    end
-    context 'when a path argument' do
-      it 'appends the path' do
-        expect(web_site.url('file.txt')).to eql "#{url}/file.txt"
-      end
-      it 'encodes the path' do
-        expect(web_site.url('f ile.txt')).to eql "#{url}/f%20ile.txt"
-        expect(web_site.url('s/a%.txt')).to eql "#{url}/s/a%25.txt"
-        expect(web_site.url('#file.txt#')).to eql "#{url}/%23file.txt%23"
-      end
-      context 'when relative path' do
-        let(:url) { 'http://e.org/dir/' }
-        it 'appends it from the host/domain' do
-          expect(web_site.url('/sub/file.txt')).to eql 'http://e.org/sub/file.txt'
-        end
-      end
-    end
-  end
-  describe '#opts' do
-    its(:opts) { should eql({}) }
-    context 'when opts' do
-      let(:opts) { { test: 'mm' } }
-      its(:opts) { should eql opts }
-    end
-  end
-  describe '#online?, #http_auth?, #access_forbidden?, #proxy_auth?' do
-    before { stub_request(:get, web_site.url(path)).to_return(status: status) }
-    [nil, 'file-path.txt'].each do |p|
-      context "when path = #{p}" do
-        let(:path) { p }
-        context 'when response status is a 200' do
-          let(:status) { 200 }
-          it 'is considered fine' do
-            expect(web_site.online?(path)).to be true
-            expect(web_site.http_auth?(path)).to be false
-            expect(web_site.access_forbidden?(path)).to be false
-            expect(web_site.proxy_auth?(path)).to be false
-          end
-        end
-        context 'when offline' do
-          let(:status) { 0 }
-          it 'returns false' do
-            expect(web_site.online?(path)).to be false
-          end
-        end
-        context 'when http auth required' do
-          let(:status) { 401 }
-          it 'returns true' do
-            expect(web_site.http_auth?(path)).to be true
-          end
-        end
-        context 'when access is forbidden' do
-          let(:status) { 403 }
-          it 'return true' do
-            expect(web_site.access_forbidden?(path)).to be true
-          end
-        end
-        context 'when proxy auth required' do
-          let(:status) { 407 }
-          it 'returns true' do
-            expect(web_site.proxy_auth?(path)).to be true
-          end
-        end
-      end
-    end
-  end
-end

data/spec/output/core/finished.cli_no_colour DELETED Viewed

@@ -1,3 +0,0 @@
-[+] Finished: Thu Oct 30 12:02:03 2014
-[+] Memory used: 100 B
-[+] Elapsed time: 00:00:02

data/spec/output/core/finished.json DELETED Viewed

@@ -1,5 +0,0 @@
-{
-  "stop_time": 1414670523,
-  "elapsed": 2,
-  "used_memory": 100
-}

data/spec/output/core/started.cli_no_colour DELETED Viewed

@@ -1,3 +0,0 @@
-[+] URL: http://e.org/
-[+] Started: Thu Oct 30 12:02:01 2014

data/spec/output/core/started.json DELETED Viewed

@@ -1,5 +0,0 @@
-{
-  "start_time": 1414670521,
-  "start_memory": 10,
-  "target_url": "http://e.org/"
-}

data/spec/output/interesting_files/empty.cli_no_colour DELETED Viewed

	@@ -1,2 +0,0 @@
1	- Interesting Findings: 0
2	-

data/spec/output/interesting_files/empty.json DELETED Viewed

@@ -1,5 +0,0 @@
-{
-  "interesting_files": [
-  ]
-}

data/spec/output/interesting_files/findings.cli_no_colour DELETED Viewed

@@ -1,30 +0,0 @@
-Interesting Findings: 4
-[+] F1
- | Confidence: 10%
- | Found By: Spec
-[+] F2
- | Confidence: 13%
- | Found By: Spec
- | Confirmed By: Spec2, 10% confidence
- | Reference: R1
- | Interesting Entry: IE1
-[+] F3
- | Confidence: 100%
- | Found By: Spec
- | Confirmed By:
- |  - Spec2, 100% confidence
- |  - Spec3, 10% confidence
- | References:
- |  - R1
- |  - R2
- | Interesting Entries:
- |  - IE1
- |  - IE2
-[+] F4
- | Found By: Spec
- | Confirmed By: Spec2

data/spec/output/interesting_files/findings.json DELETED Viewed

@@ -1,75 +0,0 @@
-{
-  "interesting_files": [
-    {
-      "F1": {
-        "found_by": "Spec",
-        "confidence": 10,
-        "confirmed_by": [
-        ],
-        "references": [
-        ],
-        "interesting_entries": [
-        ]
-      },
-      "F2": {
-        "found_by": "Spec",
-        "confidence": 13,
-        "confirmed_by": [
-          {
-            "Spec2": {
-              "confidence": 10
-            }
-          }
-        ],
-        "references": [
-          "R1"
-        ],
-        "interesting_entries": [
-          "IE1"
-        ]
-      },
-      "F3": {
-        "found_by": "Spec",
-        "confidence": 100,
-        "confirmed_by": [
-          {
-            "Spec2": {
-              "confidence": 100
-            },
-            "Spec3": {
-              "confidence": 10
-            }
-          }
-        ],
-        "references": [
-          "R1",
-          "R2"
-        ],
-        "interesting_entries": [
-          "IE1",
-          "IE2"
-        ]
-      },
-      "F4": {
-        "found_by": "Spec",
-        "confidence": 0,
-        "confirmed_by": [
-          {
-            "Spec2": {
-              "confidence": 0
-            }
-          }
-        ],
-        "references": [
-        ],
-        "interesting_entries": [
-        ]
-      }
-    }
-  ]
-}

data/spec/shared_examples.rb DELETED Viewed

@@ -1,11 +0,0 @@
-require 'shared_examples/browser_actions'
-require 'shared_examples/formatter_buffer'
-require 'shared_examples/formatter_class_methods'
-require 'shared_examples/finding'
-require 'shared_examples/independent_finder'
-require 'shared_examples/target/platform/php'
-require 'shared_examples/target/server/generic'
-require 'shared_examples/target/server/apache'
-require 'shared_examples/target/server/iis'
-require 'shared_examples/views/core'
-require 'shared_examples/views/interesting_files'

data/spec/shared_examples/browser_actions.rb DELETED Viewed

@@ -1,30 +0,0 @@
-shared_examples CMSScanner::Browser::Actions do
-  let(:url)     { 'http://example.com/file.txt' }
-  let(:browser) { CMSScanner::Browser }
-  describe '#get, #post, #head' do
-    [:get, :post, :head].each do |method|
-      it 'calls the method and returns a Typhoeus::Response' do
-        stub_request(method, url)
-        expect(browser.send(method, url)).to be_a Typhoeus::Response
-      end
-    end
-  end
-  describe '#get_and_follow_location' do
-    let(:redirection) { 'http://redirect.me' }
-    it 'follows the location' do
-      stub_request(:get, url).to_return(status: 301, headers: { location: redirection })
-      stub_request(:get, redirection).to_return(status: 200, body: 'Got me')
-      response = browser.get_and_follow_location(url)
-      expect(response).to be_a Typhoeus::Response
-      # Line below is not working due to an issue in Typhoeus/Webmock
-      # See https://github.com/typhoeus/typhoeus/issues/279
-      # expect(response.body).to eq 'Got me'
-    end
-  end
-end

data/spec/shared_examples/finding.rb DELETED Viewed

@@ -1,54 +0,0 @@
-shared_examples CMSScanner::Finders::Finding do
-  [:references, :confirmed_by, :interesting_entries].each do |opt|
-    describe "##{opt}" do
-      its(opt) { should eq [] }
-      context 'when supplied in the #new' do
-        let(:opts) { { opt => 'test' } }
-        its(opt) { should eq 'test' }
-      end
-    end
-  end
-  describe '#confidence, #confidence=' do
-    its(:confidence) { should eql 0 }
-    context 'when already set' do
-      before { subject.confidence = 10 }
-      its(:confidence) { should eql 10 }
-    end
-  end
-  describe '#parse_finding_options' do
-    xit
-  end
-  describe '#eql?' do
-    before do
-      subject.confidence = 10
-      subject.found_by = 'test'
-    end
-    context 'when eql' do
-      it 'returns true' do
-        expect(subject).to eql subject
-      end
-    end
-    context 'when not eql' do
-      it 'returns false' do
-        other = subject.dup
-        other.confidence = 20
-        expect(subject).to_not eql other
-      end
-    end
-  end
-  describe '#<=>' do
-    # Handled in spc/app/models/interesting_files_spec
-  end
-end

data/spec/shared_examples/formatter_buffer.rb DELETED Viewed

@@ -1,6 +0,0 @@
-shared_examples CMSScanner::Formatter::Buffer do
-  describe '#buffer' do
-    its(:buffer) { should be_empty }
-  end
-end

data/spec/shared_examples/formatter_class_methods.rb DELETED Viewed

@@ -1,26 +0,0 @@
-shared_examples CMSScanner::Formatter::ClassMethods do
-  describe '#load' do
-    context 'w/o parameter' do
-      it 'loads the default formatter' do
-        expect(subject.load).to be_a subject::Cli
-      end
-    end
-    it 'loads the correct formatter' do
-      expect(subject.load('cli_no_colour')).to be_a subject::CliNoColour
-    end
-    it 'adds the custom_views' do
-      formatter = subject.load(nil, %w(/path/views1 /path2/views))
-      expect(formatter.views_directories).to include('/path/views1', '/path2/views')
-    end
-  end
-  describe '#availables' do
-    it 'returns the right list' do
-      expect(subject.availables).to match_array(%w(json cli-no-colour cli))
-    end
-  end
-end

data/spec/shared_examples/independent_finder.rb DELETED Viewed

@@ -1,31 +0,0 @@
-shared_examples CMSScanner::Finders::IndependentFinder do
-  describe '::find' do
-    it 'creates a new object and call finders#find' do
-      created = described_class.new(target)
-      expect(described_class).to receive(:new).and_return(created)
-      expect(created).to receive(:find)
-      described_class.find(target)
-    end
-  end
-  describe '#find' do
-    it 'calls finders#run' do
-      expect(subject.finders).to receive(:run).with({})
-      subject.find
-    end
-  end
-  describe '#finders' do
-    its(:finders) { should be_a expected_finders_class }
-    it 'returns the correct finders' do
-      finders = subject.finders
-      expect(finders.size).to eq expected_finders.size
-      expect(finders.map { |f| f.class.to_s.demodulize }).to eq expected_finders
-    end
-  end
-end