cms_scanner 0.0.41.9 → 0.0.41.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/app/views/cli/scan_aborted.erb +1 -0
  3. data/lib/cms_scanner.rb +6 -1
  4. data/lib/cms_scanner/browser/options.rb +3 -3
  5. data/lib/cms_scanner/typhoeus/hydra.rb +10 -0
  6. data/lib/cms_scanner/version.rb +1 -1
  7. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2f8a08db554fc79d30135e3250569454f9b4d07b2899a436ae8065a5e9dc029d
4
- data.tar.gz: 45a05783fdac31c93a69a988e26759f6854a9d0b58c6c0a77d23ccbee3d6902d
3
+ metadata.gz: 7e47006d4ef6041b74990ece7fb987edbe92e4ac12640d12b601cb917fd07384
4
+ data.tar.gz: 5c36f333c1a404df5e7a373be1d06dd874d662515ac33171babab21a497161b0
5
5
  SHA512:
6
- metadata.gz: '08d4b7c12c8bec00e255f83a8049cdc4ace640d6bd6c15b86d7bf2a372efe417719a0f717de1d40c06a02008b440066bb4dabfd3ff2189ce4c1bded5a8551d1a'
7
- data.tar.gz: 16a1e0fec3dcff040189de7dbb33e50710fa4cb762da49debaadfd626bb743579bd18c41561b108a166a583ff270b391e988d60a2e6b3df304765d2ccb9adaa5
6
+ metadata.gz: a9ec0fc35cc97167ff34deccd9f2ecdb20d7be1499ce9e77ec56f2b1f05568a82c5870036cdb54d9faf5a6a1639242f9be27449a927c7b60c605bbcd1c9374c3
7
+ data.tar.gz: 61bf5514e607909b1fe92a7afe114f813e2f7ff08cdbf89ba64d27881eb997e6f790fa80fa0050dea4df6aa6f698ae292561bb8b8136c2bbf2e219053f9bae7c
data/app/views/cli/scan_aborted.erb CHANGED
@@ -1,3 +1,4 @@
1
+
1
2
  Scan Aborted: <%= @reason %>
2
3
  <% if @verbose -%>
3
4
  Trace: <%= @trace.join("\n") %>
data/lib/cms_scanner.rb CHANGED
@@ -17,6 +17,7 @@ require 'timeout'
17
17
  require 'xmlrpc/client'
18
18
  # Monkey Patches
19
19
  require 'cms_scanner/typhoeus/response' # Adds a Response#html using Nokogiri to parse the body
20
+ require 'cms_scanner/typhoeus/hydra' # https://github.com/typhoeus/typhoeus/issues/439
20
21
  require 'cms_scanner/public_suffix/domain' # Adds a Domain#match method and logic, used in scope stuff
21
22
  require 'cms_scanner/numeric' # Adds a Numeric#bytes_to_human
22
23
  # Custom Libs
@@ -41,6 +42,10 @@ module CMSScanner
41
42
  APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
42
43
  NS = self
43
44
 
45
+ # Avoid memory leak when using Hydra, see https://github.com/typhoeus/typhoeus/issues/562
46
+ # Requests are still cached via the provided Cache system
47
+ Typhoeus::Config.memoize = false
48
+
44
49
  # Number of requests performed and data sent/received to display at the end of the scan
45
50
  Typhoeus.on_complete do |response|
46
51
  self.cached_requests += 1 if response.cached?
@@ -149,7 +154,7 @@ module CMSScanner
149
154
  verbose: controllers.first.parsed_options[:verbose] ||
150
155
  run_error_exit_code == NS::ExitCode::EXCEPTION)
151
156
  ensure
152
- # Browser.instance.hydra.abort
157
+ Browser.instance.hydra.abort
153
158
 
154
159
  formatter.beautify
155
160
  end
data/lib/cms_scanner/browser/options.rb CHANGED
@@ -29,7 +29,7 @@ module CMSScanner
29
29
 
30
30
  # @return [ Typhoeus::Hydra ]
31
31
  def hydra
32
- Typhoeus::Hydra.new(max_concurrency: max_threads || 1)
32
+ @hydra ||= Typhoeus::Hydra.new(max_concurrency: max_threads || 1)
33
33
  end
34
34
 
35
35
  # @param [ Hash ] options
@@ -39,14 +39,14 @@ module CMSScanner
39
39
  end
40
40
  end
41
41
 
42
- # Set the threads attribute
42
+ # Set the threads attribute and update hydra accordinly
43
43
  # If the throttle attribute is > 0, max_threads will be forced to 1
44
44
  #
45
45
  # @param [ Integer ] number
46
46
  def max_threads=(number)
47
47
  @max_threads = number.to_i.positive? && throttle.zero? ? number.to_i : 1
48
48
 
49
- # hydra.max_concurrency = @max_threads
49
+ hydra.max_concurrency = @max_threads
50
50
  end
51
51
 
52
52
  # @return [ String ] The user agent
data/lib/cms_scanner/typhoeus/hydra.rb ADDED
@@ -0,0 +1,10 @@
1
+ module Typhoeus
2
+ # Ensure a clean abort of hydra
3
+ # See https://github.com/typhoeus/typhoeus/issues/439
4
+ class Hydra
5
+ def abort
6
+ super
7
+ run
8
+ end
9
+ end
10
+ end
data/lib/cms_scanner/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module CMSScanner
3
- VERSION = '0.0.41.9'.freeze
3
+ VERSION = '0.0.41.10'.freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cms_scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.41.9
4
+ version: 0.0.41.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-18 00:00:00.000000000 Z
11
+ date: 2019-03-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -184,14 +184,14 @@ dependencies:
184
184
  requirements:
185
185
  - - "~>"
186
186
  - !ruby/object:Gem::Version
187
- version: 0.65.0
187
+ version: 0.66.0
188
188
  type: :development
189
189
  prerelease: false
190
190
  version_requirements: !ruby/object:Gem::Requirement
191
191
  requirements:
192
192
  - - "~>"
193
193
  - !ruby/object:Gem::Version
194
- version: 0.65.0
194
+ version: 0.66.0
195
195
  - !ruby/object:Gem::Dependency
196
196
  name: simplecov
197
197
  requirement: !ruby/object:Gem::Requirement
@@ -315,6 +315,7 @@ files:
315
315
  - lib/cms_scanner/target/server/generic.rb
316
316
  - lib/cms_scanner/target/server/iis.rb
317
317
  - lib/cms_scanner/target/server/nginx.rb
318
+ - lib/cms_scanner/typhoeus/hydra.rb
318
319
  - lib/cms_scanner/typhoeus/response.rb
319
320
  - lib/cms_scanner/version.rb
320
321
  - lib/cms_scanner/vulnerability.rb