RubyGems - cms_scanner - Versions diffs - 0.0.37.2 → 0.0.37.3 - Mend

cms_scanner 0.0.37.2 → 0.0.37.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/app/controllers/core.rb +10 -3
data/app/finders/interesting_findings/headers.rb +1 -1
data/app/finders/interesting_findings/xml_rpc.rb +2 -2
data/app/views/cli/core/started.erb +3 -0
data/app/views/json/core/started.erb +2 -1
data/cms_scanner.gemspec +1 -1
data/lib/cms_scanner/finders/finder.rb +8 -4
data/lib/cms_scanner/finders/finder/enumerator.rb +2 -2
data/lib/cms_scanner/finders/finder/fingerprinter.rb +2 -2
data/lib/cms_scanner/finders/finder/smart_url_checker.rb +1 -1
data/lib/cms_scanner/mocked_progress_bar.rb +38 -0
data/lib/cms_scanner/version.rb +1 -1
data/lib/cms_scanner/web_site.rb +16 -0
metadata +5 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9c91f0a93071bda6ebe8fb050b712acabf9940cd
-  data.tar.gz: 9a1e129b685442a8369a095bcd60af4551dd23aa
+  metadata.gz: 611e0d1894e5db176095c3b09feefa68077b2260
+  data.tar.gz: 8428392f787410217a9d421bcdc02ecc6abcdb36
 SHA512:
-  metadata.gz: 751dbcbfd6f266d6858dd1884f2251c6f56cedf60c935e0d6465a34025e65dbcca67b089747ebd17db11ca087327bb05bc85397876d0695dc9fa7683d6eb6823
-  data.tar.gz: bea0bd67b730e5d5a650d976fffa65c00e5aaeaaca3c7e5be0b445555c13a855624c86ce55fb97a4beb45bd4d5c464d7415b82394e8f5aa7d8f0447f9a3d0746
+  metadata.gz: 9c908a4747c6b4c3f2c388d091b151de36db62f0267504a22d2c2826d34e7364e5f90f835d214c4e22b8d9170662a93aa5dfba0c7a55bb0919c4069b570cb588
+  data.tar.gz: d45977ecf51a409ce89ad85ff1305539bf44f4e4a2a4296566850d39016c5de4338769dae986a35e9b2ebe85c228d71007fe150cba88ad6bf8fb56a04dbce082

data/app/controllers/core.rb CHANGED Viewed

@@ -38,15 +38,22 @@ module CMSScanner
           fail ProxyAuthRequiredError
         end
-        redirection = target.redirection
-        fail HTTPRedirectError, redirection if redirection && !parsed_options[:ignore_main_redirect]
+        # Checks for redirects
+        # An out of scope redirect will raise an HTTPRedirectError
+        effective_url = target.homepage_res.effective_url
+        return if target.in_scope?(effective_url)
+        fail HTTPRedirectError, effective_url unless parsed_options[:ignore_main_redirect]
+        target.homepage_res = res
       end
       def run
         @start_time   = Time.now
         @start_memory = memory_usage
-        output('started', url: target.url)
+        output('started', url: target.url, effective_url: target.homepage_url)
       end
       def after_scan

data/app/finders/interesting_findings/headers.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module CMSScanner
       class Headers < Finder
         # @return [ InterestingFinding ]
         def passive(_opts = {})
-          r = NS::Headers.new(target.url, confidence: 100, found_by: found_by)
+          r = NS::Headers.new(target.homepage_url, confidence: 100, found_by: found_by)
           r.interesting_entries.empty? ? nil : r
         end

data/app/finders/interesting_findings/xml_rpc.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module CMSScanner
         # @return [ XMLRPC ]
         def passive_headers(_opts = {})
-          url = NS::Browser.get(target.url).headers['X-Pingback']
+          url = target.homepage_res.headers['X-Pingback']
           return unless target.in_scope?(url)
           potential_urls << url
@@ -25,7 +25,7 @@ module CMSScanner
         # @return [ XMLRPC ]
         def passive_body(_opts = {})
-          NS::Browser.get(target.url).html.css('link[rel="pingback"]').each do |tag|
+          target.homepage_res.html.css('link[rel="pingback"]').each do |tag|
             url = tag.attribute('href').to_s
             next unless target.in_scope?(url)

data/app/views/cli/core/started.erb CHANGED Viewed

@@ -1,3 +1,6 @@
 <%= info_icon %> URL: <%= @url %>
+<% if @url != @effective_url -%>
+<%= info_icon %> Effective URL: <%= @effective_url %>
+<% end -%>
 <%= info_icon %> Started: <%= @start_time.asctime %>

data/app/views/json/core/started.erb CHANGED Viewed

@@ -1,3 +1,4 @@
 "start_time": <%= @start_time.to_i %>,
 "start_memory": <%= @start_memory.to_i %>,
-"target_url": <%= @url.to_s.to_json %>,
+"target_url": <%= @url.to_s.to_json %>,
+"effective_url": <%= @effective_url.to_s.to_json %>,

data/cms_scanner.gemspec CHANGED Viewed

@@ -34,7 +34,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'typhoeus', '~> 0.8.0'
   s.add_dependency 'nokogiri', '~> 1.6.7.0'
   s.add_dependency 'yajl-ruby', '~> 1.2.1' # Better JSON parser regarding memory usage
-  s.add_dependency 'addressable', '~> 2.3.8'
+  s.add_dependency 'addressable', '~> 2.4.0'
   s.add_dependency 'activesupport', '~> 4.2.0'
   s.add_dependency 'public_suffix', '~> 1.5.0'
   s.add_dependency 'ruby-progressbar', '~> 1.7.5'

data/lib/cms_scanner/finders/finder.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+require 'cms_scanner/mocked_progress_bar'
 require 'cms_scanner/finders/finder/smart_url_checker'
 require 'cms_scanner/finders/finder/enumerator'
 require 'cms_scanner/finders/finder/fingerprinter'
@@ -9,7 +10,7 @@ module CMSScanner
       # Constants for common found_by
       DIRECT_ACCESS = 'Direct Access (Aggressive Detection)'
-      attr_accessor :target
+      attr_accessor :target, :progress_bar
       def initialize(target)
         @target = target
@@ -29,10 +30,13 @@ module CMSScanner
       end
       # @param [ Hash ] opts See https://github.com/jfelchner/ruby-progressbar/wiki/Options
+      # @option opts [ Boolean ] :show_progression
       #
-      # @return [ ProgressBar::Base ]
-      def progress_bar(opts = {})
-        ProgressBar.create({ format: '%t %a <%B> (%c / %C) %P%% %e' }.merge(opts))
+      # @return [ ProgressBar::Base, CMSScanner::MockedProgressBar ]
+      def create_progress_bar(opts = {})
+        klass = opts[:show_progression] ? ProgressBar : MockedProgressBar
+        @progress_bar = klass.create({ format: '%t %a <%B> (%c / %C) %P%% %e' }.merge(opts))
       end
       # @return [ Browser ]

data/lib/cms_scanner/finders/finder/enumerator.rb CHANGED Viewed

@@ -10,13 +10,13 @@ module CMSScanner
         #
         # @yield [ Typhoeus::Response, String ]
         def enumerate(target_urls, opts = {})
-          bar = progress_bar(total: target_urls.size) if opts[:show_progression]
+          create_progress_bar(opts.merge(total: target_urls.size)) # if opts[:show_progression]
           target_urls.each do |url, id|
             request = browser.forge_request(url, request_params)
             request.on_complete do |res|
-              bar.progress += 1 if opts[:show_progression]
+              progress_bar.increment
               next if target.homepage_or_404?(res)
               next if opts[:exclude_content] && res.body.match(opts[:exclude_content])

data/lib/cms_scanner/finders/finder/fingerprinter.rb CHANGED Viewed

@@ -23,14 +23,14 @@ module CMSScanner
         # @yield [ Mixed, String, String ] version/s, url, hash The version associated to the
         #                                                       fingerprint of the url
         def fingerprint(fingerprints, opts = {})
-          bar = progress_bar(total: fingerprints.size) if opts[:show_progression]
+          create_progress_bar(opts.merge(total: fingerprints.size)) # if opts[:show_progression]
           fingerprints.each do |path, f|
             url     = target.url(path.dup)
             request = browser.forge_request(url, request_params)
             request.on_complete do |res|
-              bar.progress += 1 if opts[:show_progression]
+              progress_bar.increment
               md5sum = hexdigest(res.body)

data/lib/cms_scanner/finders/finder/smart_url_checker.rb CHANGED Viewed

@@ -24,7 +24,7 @@ module CMSScanner
         #
         # @return [ Array<String> ]
         def passive_urls(_opts = {})
-          target.in_scope_urls(NS::Browser.get(target.url), passive_urls_xpath)
+          target.in_scope_urls(target.homepage_res, passive_urls_xpath)
         end
         # @return [ String ]

data/lib/cms_scanner/mocked_progress_bar.rb ADDED Viewed

@@ -0,0 +1,38 @@
+module CMSScanner
+  # ProgressBar to be used in formatter w/o user_interaction such as
+  # JSON etc, to still be able to have a log of messages to output.
+  # The object must implement the methods in ruby-progressbar
+  # and used in CMSScanner, See https://github.com/jfelchner/ruby-progressbar
+  class MockedProgressBar
+    attr_reader :increment, :finish
+    def self.create(opts = {})
+      new(opts)
+    end
+    def initialize(_opts = {})
+    end
+    # @return [ Integer ]
+    def total
+      0
+    end
+    def total=(_total)
+    end
+    # @return [ Array<String> ]
+    def logs
+      @logs ||= []
+    end
+    # @param [ String, nil ] message
+    #
+    # @return [ Mixed ]
+    def log(message = nil)
+      return logs unless message
+      logs << message
+    end
+  end
+end

data/lib/cms_scanner/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.37.2'
+  VERSION = '0.0.37.3'
 end

data/lib/cms_scanner/web_site.rb CHANGED Viewed

@@ -36,6 +36,22 @@ module CMSScanner
       @uri.join(URI.encode(path)).to_s
     end
+    attr_writer :homepage_res
+    # @return [ Typhoeus::Response ]
+    #
+    # As webmock does not support redirects mocking, coverage is ignored
+    # :nocov:
+    def homepage_res
+      @homepage_res ||= NS::Browser.get_and_follow_location(url)
+    end
+    # :nocov:
+    # @return [ String ]
+    def homepage_url
+      @homepage_url ||= homepage_res.effective_url
+    end
     # Checks if the remote website is up.
     #
     # @param [ String ] path

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.37.2
+  version: 0.0.37.3
 platform: ruby
 authors:
 - WPScanTeam
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-12-04 00:00:00.000000000 Z
+date: 2015-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: typhoeus
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.3.8
+        version: 2.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.3.8
+        version: 2.4.0
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -294,6 +294,7 @@ files:
 - lib/cms_scanner/formatter.rb
 - lib/cms_scanner/formatter/buffer.rb
 - lib/cms_scanner/helper.rb
+- lib/cms_scanner/mocked_progress_bar.rb
 - lib/cms_scanner/numeric.rb
 - lib/cms_scanner/public_suffix/domain.rb
 - lib/cms_scanner/references.rb