cms_scanner 0.0.2

data/spec/app/models/xml_rpc_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+
+describe CMSScanner::XMLRPC do
+
+  subject(:xml_rpc) { described_class.new(url) }
+  let(:url)      { 'http://example.com/xmlrpc' }
+
+  describe '#request_body' do
+    after { expect(xml_rpc.request_body(method, params)).to eq @expected }
+
+    let(:method) { 'rpc-test' }
+    let(:params) { [] }
+
+    context 'when no params' do
+      it 'returns the body w/o the params elements' do
+        @expected = '<?xml version="1.0"?><methodCall>'
+        @expected << "<methodName>#{method}</methodName>"
+        @expected << '</methodCall>'
+      end
+    end
+
+    context 'when params' do
+      let(:params) { %w(p1 p2) }
+
+      it 'returns the correct body' do
+        @expected = '<?xml version="1.0"?><methodCall>'
+        @expected << "<methodName>#{method}</methodName><params>"
+        @expected << '<param><value><string>p1</string></value></param>'
+        @expected << '<param><value><string>p2</string></value></param>'
+        @expected << '</params></methodCall>'
+      end
+    end
+  end
+
+  describe '#call' do
+    let(:method) { 'rpc-test' }
+
+    it 'returns a Typhoeus::Response' do
+      stub_request(:post, url).with(body: xml_rpc.request_body(method)).to_return(body: 'OK')
+
+      response = xml_rpc.call(method)
+
+      expect(response).to be_a Typhoeus::Response
+      expect(response.body).to eq 'OK'
+    end
+  end
+end

data/spec/cache/.gitignore

@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore

data/spec/dummy_finders.rb

@@ -0,0 +1,41 @@
+module CMSScanner
+  # Dummy Finding
+  class DummyFinding
+    include Finders::Finding
+
+    attr_reader :r
+
+    def initialize(r, opts = {})
+      @r = r
+      parse_finding_options(opts)
+    end
+
+    def ==(other)
+      r == other.r
+    end
+
+    def eql?(other)
+      r == other.r && confidence == other.confidence && found_by == other.found_by
+    end
+  end
+
+  module Finders
+    # Dummy Test Finder
+    class DummyFinder < Finder
+      def passive(_opts = {})
+        DummyFinding.new('test', found_by: found_by)
+      end
+
+      def aggressive(_opts = {})
+        DummyFinding.new('test', confidence: 100, found_by: 'override')
+      end
+    end
+
+    # No aggressive result finder
+    class NoAggressiveResult < Finder
+      def passive(_opts = {})
+        DummyFinding.new('spotted', confidence: 10, found_by: found_by)
+      end
+    end
+  end
+end

data/spec/fixtures/interesting_files/fantastico_fileslist/fantastico_fileslist.txt

@@ -0,0 +1,12 @@
+includes
+misc
+modules
+.htaccess
+CHANGELOG.txt
+cron.php
+data.sql
+admin.txt
+robots.txt
+update.php
+UPGRADE.txt
+xmlrpc.php

data/spec/fixtures/interesting_files/file.txt

@@ -0,0 +1,4 @@
+This is
+a test file
+
+with some content

data/spec/fixtures/interesting_files/headers/interesting.txt

@@ -0,0 +1,14 @@
+HTTP/1.1 200 OK
+Server: nginx/1.1.19
+Date: Thu
+Content-Type: text/plain; charset=utf-8
+Connection: keep-alive
+X-Content-Type-Options: nosniff
+Cache-Control: s-maxage=3600, must-revalidate, max-age=0
+X-Article-Id: 12
+X-Language: en
+Last-Modified: Tue, 26 Nov 2013 17:39:43 GMT
+Vary: X-Subdomain,X-Use-HHVM
+X-Varnish: 11545
+Age: 206
+Set-Cookie: GeoIP=; Path=/; Domain=.test.lo

data/spec/fixtures/interesting_files/headers/no_interesting.txt

@@ -0,0 +1,12 @@
+HTTP/1.1 200 OK
+Date: Thu
+Content-Type: text/plain; charset=utf-8
+Connection: keep-alive
+X-Content-Type-Options: nosniff
+Cache-Control: s-maxage=3600, must-revalidate, max-age=0
+X-Language: en
+Last-Modified: Tue, 26 Nov 2013 17:39:43 GMT
+Vary: X-Subdomain,X-Use-HHVM
+X-Varnish: 15154
+Age: 206
+Set-Cookie: GeoIP=; Path=/; Domain=.test.lo

data/spec/fixtures/interesting_files/robots_txt/robots.txt

@@ -0,0 +1,10 @@
+# advertising-related bots:
+User-agent: Mediapartners-Google*
+Disallow: /
+
+# Wikipedia work bots:
+User-agent: IsraBot
+Disallow:
+
+Disallow: /admin
+Allow: /public/home

data/spec/fixtures/interesting_files/search_replace_db_2/searchreplacedb2.php

@@ -0,0 +1,188 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:dc="http://purl.org/dc/terms/" dir="ltr" lang="en-US">
+<head profile="http://gmpg.org/xfn/11">
+  <title>Search and replace DB.</title>
+  <style type="text/css">
+  body {
+    background-color: #E5E5E5;
+    color: #353231;
+          font: 14px/18px "Gill Sans MT","Gill Sans",Calibri,sans-serif;
+  }
+
+  p {
+      line-height: 18px;
+      margin: 18px 0;
+      max-width: 520px;
+  }
+
+  p.byline {
+      margin: 0 0 18px 0;
+      padding-bottom: 9px;
+            border-bottom: 1px dashed #999999;
+      max-width: 100%;
+  }
+
+  h1,h2,h3 {
+      font-weight: normal;
+      line-height: 36px;
+      font-size: 24px;
+      margin: 9px 0;
+      text-shadow: 1px 1px 0 rgba(255, 255, 255, 0.8);
+  }
+
+  h2 {
+      font-weight: normal;
+      line-height: 24px;
+      font-size: 21px;
+      margin: 9px 0;
+      text-shadow: 1px 1px 0 rgba(255, 255, 255, 0.8);
+  }
+
+  h3 {
+      font-weight: normal;
+      line-height: 18px;
+      margin: 9px 0;
+      text-shadow: 1px 1px 0 rgba(255, 255, 255, 0.8);
+  }
+
+  a {
+      -moz-transition: color 0.2s linear 0s;
+      color: #DE1301;
+      text-decoration: none;
+      font-weight: normal;
+  }
+
+  a:visited {
+     -moz-transition: color 0.2s linear 0s;
+      color: #AE1301;
+  }
+
+  a:hover, a:visited:hover {
+      -moz-transition: color 0.2s linear 0s;
+      color: #FE1301;
+      text-decoration: underline;
+}
+
+  #container {
+    display:block;
+    width: 768px;
+    padding: 10px;
+    margin: 0px auto;
+    border:solid 10px 0px 0px 0px #ccc;
+    border-top: 18px solid #DE1301;
+    background-color: #F5F5F5;
+  }
+
+  fieldset {
+    border: 0 none;
+  }
+
+  .error {
+    border: solid 1px #c00;
+    padding: 5px;
+    background-color: #FFEBE8;
+    text-align: center;
+    margin-bottom: 10px;
+  }
+
+  label {
+    display:block;
+    line-height: 18px;
+    cursor: pointer;
+  }
+
+  select.multi,
+  input.text {
+    margin-bottom: 1em;
+    display:block;
+    width: 90%;
+  }
+
+  select.multi {
+    height: 144px;
+  }
+
+
+  input.button {
+  }
+
+  div.help {
+    border-top: 1px dashed #999999;
+    margin-top: 9px;
+  }
+
+  </style>
+</head>
+<body>
+  <div id="container">
+
+  <h1>Safe Search Replace</h1>
+  <p class="byline">by interconnect/<strong>it</strong></p>
+      <h2>Database details</h2>
+    <form action="searchreplacedb2.php?step=3" method="post">
+      <fieldset>
+        <p>
+          <label for="host">Server Name:</label>
+          <input class="text" type="text" name="host" id="host" value="localhost" />
+        </p>
+
+        <p>
+          <label for="data">Database Name:</label>
+          <input class="text" type="text" name="data" id="data" value="" />
+        </p>
+
+        <p>
+          <label for="user">Username:</label>
+          <input class="text" type="text" name="user" id="user" value="" />
+        </p>
+
+        <p>
+          <label for="pass">Password:</label>
+          <input class="text" type="password" name="pass" id="pass" value="" />
+        </p>
+
+        <p>
+          <label for="pass">Charset:</label>
+          <input class="text" type="text" name="char" id="char" value="" />
+        </p>
+          <input type="submit" class="button" value="Submit DB details" />      </fieldset>
+    </form>     <div class="help">
+      <h4><a href="http://interconnectit.com/">interconnect/it</a> <a href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/">Safe Search and Replace on Database with Serialized Data v2.0.0</a></h4>
+      <p>This developer/sysadmin tool helps solve the problem of doing a search and replace on a
+      WordPress site when doing a migration to a domain name with a different length.</p>
+
+      <p><style="color:red">WARNING!</strong> Take a backup first, and carefully test the results of this code.
+      If you don't, and you vape your data then you only have yourself to blame.
+      Seriously.  And if you're English is bad and you don't fully understand the
+      instructions then STOP.  Right there.  Yes.  Before you do any damage.
+
+      <h2>Don't Forget to Remove Me!</h3>
+
+      <p style="color:red">Delete this utility from your
+      server after use.  It represents a major security threat to your database if
+      maliciously used.</p>
+
+      <h2>Use Of This Script Is Entirely At Your Own Risk</h2>
+
+      <p> We accept no liability from the use of this tool.</p>
+
+      <p>If you're not comfortable with this kind of stuff, get an expert, like us, to do
+      this work for you.  You do this ENTIRELY AT YOUR OWN RISK!  We accept no responsibility
+      if you mess up your data.  There is NO UNDO here!</p>
+
+      <p>The easiest way to use it is to copy your site's files and DB to the new location.
+      You then, if required, fix up your .htaccess and wp-config.php appropriately.  Once
+      done, run this script, select your tables (in most cases all of them) and then
+      enter the search replace strings.  You can press back in your browser to do
+      this several times, as may be required in some cases.</p>
+
+      <p>Of course, you can use the script in many other ways - for example, finding
+      all references to a company name and changing it when a rebrand comes along.  Or
+      perhaps you changed your name.  Whatever you want to search and replace the code will help.</p>
+
+      <p><a href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/">Got feedback on this script? Come tell us!</a>
+
+    </div>
+  </div>
+</body>
+</html>

data/spec/fixtures/interesting_files/xml_rpc/homepage_in_scope_pingback.html

@@ -0,0 +1,7 @@
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width">
+  <title>WordPress 4.0 | Just another WordPress site</title>
+  <link rel="profile" href="http://gmpg.org/xfn/11">
+  <link rel="pingback" href="http://ex.lo/wp/xmlrpc.php">
+</head>

data/spec/fixtures/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html

@@ -0,0 +1,7 @@
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width">
+  <title>WordPress 4.0 | Just another WordPress site</title>
+  <link rel="profile" href="http://gmpg.org/xfn/11">
+  <link rel="pingback" href="http://wp.lab/wordpress-4.0/xmlrpc.php">
+</head>

data/spec/fixtures/interesting_files/xml_rpc/xmlrpc.php

@@ -0,0 +1 @@
+XML-RPC server accepts POST requests only.

data/spec/fixtures/target/platform/php/debug_log/debug.log

@@ -0,0 +1,2 @@
+[11-Oct-2012 00:00:00] PHP Notice: Undefined index: ec_email in /var/www/wp/wp-content/plugins/easy-contact/econtact.php on line 33
+[11-Oct-2012 00:00:00] PHP Notice: Undefined index: ec_url in /var/www/wp/wp-content/plugins/easy-contact/econtact.php on line 34

data/spec/fixtures/target/platform/php/fpd/wp_rss_functions.php

@@ -0,0 +1,2 @@
+
+Fatal error: Call to undefined function _deprecated_file() in /short-path/rss-f.php on line 8

data/spec/fixtures/target/platform/wordpress/custom_directories/custom_w_spaces.html

@@ -0,0 +1,10 @@
+<html dir="ltr" lang="en-US">
+<head>
+<meta charset="UTF-8" />
+<meta name="viewport" content="width=device-width" />
+<title>Wordpress 3.4.1 Custom | Just another WordPress site</title>
+<link rel="profile" href="http://gmpg.org/xfn/11" />
+<!-- This should not be detected as from another domain -->
+<script src="http://another-domain/custom content spaces/themes/twentyeleven/js.js" />
+
+<img src="http://ex.lo/custom content spaces/themes/twentyeleven/images/headers/pine-cone.jpg" width="1000" height="288" alt="" />

data/spec/fixtures/target/platform/wordpress/custom_directories/default.html

@@ -0,0 +1,14 @@
+<html lang="en-US">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width">
+  <title>WordPress 4.0 | Just another WordPress site</title>
+  <link rel="profile" href="http://gmpg.org/xfn/11">
+  <link rel="pingback" href="http://ex.lo/xmlrpc.php">
+  <meta name='robots' content='noindex,follow' />
+<link rel="alternate" type="application/rss+xml" title="Wordpress 4.0 &raquo; Feed" href="http://ex.lo/feed/" />
+<link rel="alternate" type="application/rss+xml" title="Wordpress 4.0 &raquo; Comments Feed" href="http://ex.lo/comments/feed/" />
+<link rel='stylesheet' id='twentyfourteen-lato-css'  href='//fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic' type='text/css' media='all' />
+<link rel='stylesheet' id='flexSlider_stylesheet-css'  href='http://ex.lo/wp-content/plugins/reflex-gallery/scripts/flexslider/flexslider.css?ver=4.0' type='text/css' media='all' />
+<link rel='stylesheet' id='prettyPhoto_stylesheet-css'  href='http://ex.lo/wp-content/plugins/reflex-gallery/scripts/prettyPhoto/prettyPhoto.css?ver=4.0' type='text/css' media='all' />
+<link rel='stylesheet' id='genericons-css'  href='http://ex.lo/wp-content/themes/twentyfourteen/genericons/genericons.css?ver=3.0.3' type='text/css'

data/spec/fixtures/target/platform/wordpress/custom_directories/https.html

@@ -0,0 +1,12 @@
+<html lang="en-US">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width">
+  <title>WordPress 4.0 | Just another WordPress site</title>
+  <link rel="profile" href="http://gmpg.org/xfn/11">
+  <link rel="pingback" href="http://ex.lo/xmlrpc.php">
+  <meta name='robots' content='noindex,follow' />
+<link rel="alternate" type="application/rss+xml" title="Wordpress 4.0 &raquo; Feed" href="http://ex.lo/feed/" />
+<link rel="alternate" type="application/rss+xml" title="Wordpress 4.0 &raquo; Comments Feed" href="http://ex.lo/comments/feed/" />
+<link rel='stylesheet' id='twentyfourteen-lato-css'  href='//fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic' type='text/css' media='all' />
+<link rel='stylesheet' id='flexSlider_stylesheet-css'  href='https://ex.lo/wp-content/plugins/reflex-gallery/scripts/flexslider/flexslider.css?ver=4.0' type='text/css' media='all' />

data/spec/fixtures/target/platform/wordpress/detection/default.html

@@ -0,0 +1,4 @@
+<meta name='robots' content='noindex,follow' />
+<link rel='stylesheet' id='twentyfourteen-lato-css'  href='//fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic' type='text/css' media='all' />
+<link rel='stylesheet' id='genericons-css'  href='http://ex.lo/wordpress-4.0/wp-content/themes/twentyfourteen/genericons/genericons.css?ver=3.0.3' type='text/css' media='all' />
+<link rel='stylesheet' id='twentyfourteen-style-css'  href='http://ex.lo/wordpress-4.0/wp-content/themes/twentyfourteen/style.css?ver=4.0' type='text/css' media='all' />

data/spec/fixtures/target/platform/wordpress/detection/not_wp.html

@@ -0,0 +1,8 @@
+<head>
+    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
+<meta http-equiv="content-type" content="text/html; charset=UTF-8;charset=utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=1" />
+<meta name="HandheldFriendly" content="true"/>
+
+<link rel="canonical" href="https://duckduckgo.com/">
+

data/spec/fixtures/target/platform/wordpress/detection/wp_includes.html

@@ -0,0 +1,3 @@
+<script type='text/javascript' src='http://ex.lo/wordpress-4.0/wp-includes/js/jquery/jquery.js?ver=1.11.1'></script>
+<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://ex.lo/wordpress-4.0/xmlrpc.php?rsd" />
+<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://ex.lo/wordpress-4.0/wp-includes/wlwmanifest.xml" />

data/spec/fixtures/target/server/apache/directory_listing/2.2.16.html

@@ -0,0 +1,15 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+ <head>
+  <title>Index of /wordpress-4.0/wp-content/plugins/wp-dbmanager</title>
+ </head>
+ <body>
+<h1>Index of /wordpress-4.0/wp-content/plugins/wp-dbmanager</h1>
+<table><tr><th><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr><tr><th colspan="5"><hr></th></tr>
+<tr><td valign="top"><img src="/icons/back.gif" alt="[DIR]"></td><td><a href="/wordpress-4.0/wp-content/plugins/">Parent Directory</a></td><td>&nbsp;</td><td align="right">  - </td><td>&nbsp;</td></tr>
+<tr><td valign="top"><img src="/icons/unknown.gif" alt="[   ]"></td><td><a href="backup.php">backup.php</a></td><td align="right">07-Oct-2014 18:43  </td><td align="right"> 10K</td><td>&nbsp;</td></tr>
+<tr><td valign="top"><img src="/icons/unknown.gif" alt="[   ]"></td><td><a href="database-empty.php">database-empty.php</a></td><td align="right">07-Oct-2014 18:43  </td><td align="right">3.9K</td><td>&nbsp;</td></tr>
+<tr><th colspan="5"><hr></th></tr>
+</table>
+<address>Apache/2.2.16 (Debian) Server at wp.lab Port 80</address>
+</body></html>