cms_scanner 0.0.9 → 0.0.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a28cd6b9f81a6ae0f5627f4bcf0fcf16ce537699
-  data.tar.gz: 7224d7f858361411d24e4843cc6b24fe59678d94
+  metadata.gz: c79b5986a23687749fae7044cd9c9828ef3b4b5b
+  data.tar.gz: d22b1bf2c92efadbfe3dd6d34ce75b16130a6864
 SHA512:
-  metadata.gz: b67163e8a50467815e068def06a621266c39e9b42c99e8622fed4ba45849c6bb42f452bce35d4a83d9744565df431e1230da6afddfe6a65e3552e490480844f1
-  data.tar.gz: 0a87c104f27cb7e035d8fce4bc670b2f3267106a3696a9cfb4b75580c146749d7ae368d60a8a9f56b5f21d4c3d5611428496b22cc803a2169fe6d9dfcfad485d
+  metadata.gz: 608ff3d5bcbfdca043e45756e30db9063469803b166aa1e4c8bda598c04217d732a500eeeec120dc32a4c743aa249e714c000fa13696bc523d3a4e800423d14e
+  data.tar.gz: f4a77d3590ff7025e3e8f352715db124421a4f06ef56e46d68a9e01a2557049754085dadf623a0ebe466ef068ec10e22bea68308f0a3b23b0481df4a46ea67b0

data/app/controllers/core.rb

@@ -18,6 +18,7 @@ module CMSScanner
 
         fail "The url supplied '#{target.url}' seems to be down" unless target.online?
 
+        fail AccessForbiddenError if target.access_forbidden?
         fail HTTPAuthRequiredError if target.http_auth?
         fail ProxyAuthRequiredError if target.proxy_auth?
 

data/lib/cms_scanner/errors/auth_errors.rb

@@ -12,4 +12,12 @@ module CMSScanner
       'Proxy authentication required (or was invalid), please provide it with --proxy-auth'
     end
   end
+
+  # Access Forbidden Error
+  class AccessForbiddenError < StandardError
+    def message
+      # TODO: add a --random-agent option
+      'The target is responding with a 403, this might be due to a WAF'
+    end
+  end
 end

data/lib/cms_scanner/target/platform.rb

@@ -1,2 +1 @@
 require 'cms_scanner/target/platform/php'
-require 'cms_scanner/target/platform/wordpress'

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.9'
+  VERSION = '0.0.10'
 end

data/lib/cms_scanner/web_site.rb

@@ -28,41 +28,46 @@ module CMSScanner
 
     # Checks if the remote website is up.
     #
+    # @param [ String ] path
+    #
     # @return [ Boolean ]
-    def online?
-      NS::Browser.get(url).code != 0
+    def online?(path = nil)
+      NS::Browser.get(url(path)).code != 0
     end
 
+    # @param [ String ] path
+    #
     # @return [ Boolean ]
-    def http_auth?
-      NS::Browser.get(url).code == 401
+    def http_auth?(path = nil)
+      NS::Browser.get(url(path)).code == 401
     end
 
+    # @param [ String ] path
+    #
     # @return [ Boolean ]
-    def proxy_auth?
-      NS::Browser.get(url).code == 407
+    def access_forbidden?(path = nil)
+      NS::Browser.get(url(path)).code == 403
     end
 
-    # See if the remote url returns 30x redirect
-    # This method is recursive
+    # @param [ String ] path
     #
+    # @return [ Boolean ]
+    def proxy_auth?(path = nil)
+      NS::Browser.get(url(path)).code == 407
+    end
+
     # @param [ String ] url
     #
     # @return [ String ] The redirection url or nil
+    #
+    # As webmock does not support redirects mocking, coverage is ignored
+    # :nocov:
     def redirection(url = nil)
-      url    ||= @uri.to_s
-      response = NS::Browser.get(url)
-
-      if response.code == 301 || response.code == 302
-        redirection = response.headers_hash['location']
-
-        # Let's check if there is a redirection in the redirection
-        if (other_redirection = redirection(redirection))
-          redirection = other_redirection
-        end
-      end
+      url ||= @uri.to_s
+      res   = NS::Browser.get(url, followlocation: true)
 
-      redirection
+      res.effective_url == url ? nil : res.effective_url
     end
+    # :nocov:
   end
 end

data/spec/app/controllers/core_spec.rb

@@ -36,6 +36,12 @@ describe CMSScanner::Controller::Core do
   end
 
   describe '#before_scan' do
+    it 'does not raise an error when everything is fine' do
+      stub_request(:get, target_url).to_return(status: 200)
+
+      expect { core.before_scan }.to_not raise_error
+    end
+
     it 'raise an error when the site is down' do
       stub_request(:get, target_url).to_return(status: 0)
 
@@ -46,13 +52,22 @@ describe CMSScanner::Controller::Core do
     it 'raises an error when the site redirects' do
       redirection = 'http://somewhere.com'
 
+      expect(core.target).to receive(:redirection).and_return(redirection)
+
       stub_request(:get, target_url).to_return(status: 301, headers: { location: redirection })
-      stub_request(:get, redirection).to_return(status: 200)
 
       expect { core.before_scan }
         .to raise_error("The url supplied redirects to #{redirection}")
     end
 
+    context 'when access is forbidden' do
+      before { stub_request(:get, target_url).to_return(status: 403) }
+
+      it 'raises an error' do
+        expect { core.before_scan }.to raise_error(CMSScanner::AccessForbiddenError)
+      end
+    end
+
     # This is quite a mess (as Webmock doesn't issue itself another 401
     # when credential are incorrect :/)
     context 'when http authentication' do

data/spec/lib/target/platforms_spec.rb

@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-[:WordPress, :PHP].each do |platform|
+[:PHP].each do |platform|
   describe CMSScanner::Target do
     subject(:target) do
       described_class.new(url).extend(described_class::Platform.const_get(platform))

data/spec/lib/web_site_spec.rb

@@ -49,72 +49,55 @@ describe CMSScanner::WebSite do
     end
   end
 
-  describe '#online?' do
-    context 'when online' do
-      before { stub_request(:get, url).to_return(status: 200) }
-
-      it { should be_online }
-    end
-
-    context 'when offline' do
-      before { stub_request(:get, url).to_return(status: 0) }
-
-      it { should_not be_online }
-    end
-  end
-
-  describe '#http_auth?' do
-    context 'when http auth' do
-      before { stub_request(:get, url).to_return(status: 401) }
-
-      it { should be_http_auth }
-    end
-
-    context 'when no http auth' do
-      before { stub_request(:get, url).to_return(status: 200) }
-
-      it { should_not be_http_auth }
-    end
-  end
-
-  describe '#proxy_auth?' do
-    # Handled in app/controllers/core_spec
-  end
-
-  describe '#redirection' do
-    it 'returns nil if no redirection detected' do
-      stub_request(:get, web_site.url).to_return(status: 200, body: '')
-
-      expect(web_site.redirection).to be_nil
-    end
-
-    [301, 302].each do |status_code|
-      it "returns http://new-location.com if the status code is #{status_code}" do
-        new_location = 'http://new-location.com'
+  describe '#online?, #http_auth?, #access_forbidden?, #proxy_auth?' do
+    before { stub_request(:get, web_site.url(path)).to_return(status: status) }
+
+    [nil, 'file-path.txt'].each do |p|
+      context "when path = #{p}" do
+        let(:path) { p }
+
+        context 'when response status is a 200' do
+          let(:status) { 200 }
+
+          it 'is considered fine' do
+            expect(web_site.online?(path)).to be true
+            expect(web_site.http_auth?(path)).to be false
+            expect(web_site.access_forbidden?(path)).to be false
+            expect(web_site.proxy_auth?(path)).to be false
+          end
+        end
 
-        stub_request(:get, web_site.url)
-          .to_return(status: status_code, headers: { location: new_location })
+        context 'when offline' do
+          let(:status) { 0 }
 
-        stub_request(:get, new_location).to_return(status: 200)
+          it 'returns false' do
+            expect(web_site.online?(path)).to be false
+          end
+        end
 
-        expect(web_site.redirection).to eq new_location
-      end
-    end
+        context 'when http auth required' do
+          let(:status) { 401 }
 
-    context 'when multiple redirections' do
-      it 'returns the last redirection' do
-        first_redirection = 'www.redirection.com'
-        last_redirection  = 'redirection.com'
+          it 'returns true' do
+            expect(web_site.http_auth?(path)).to be true
+          end
+        end
 
-        stub_request(:get, web_site.url)
-          .to_return(status: 301, headers: { location: first_redirection })
+        context 'when access is forbidden' do
+          let(:status) { 403 }
 
-        stub_request(:get, first_redirection)
-          .to_return(status: 302, headers: { location: last_redirection })
+          it 'return true' do
+            expect(web_site.access_forbidden?(path)).to be true
+          end
+        end
 
-        stub_request(:get, last_redirection).to_return(status: 200)
+        context 'when proxy auth required' do
+          let(:status) { 407 }
 
-        expect(web_site.redirection).to eq last_redirection
+          it 'returns true' do
+            expect(web_site.proxy_auth?(path)).to be true
+          end
+        end
       end
     end
   end

data/spec/shared_examples.rb

@@ -3,7 +3,6 @@ require 'shared_examples/formatter_buffer'
 require 'shared_examples/formatter_class_methods'
 require 'shared_examples/finding'
 require 'shared_examples/independent_finder'
-require 'shared_examples/target/platform/wordpress'
 require 'shared_examples/target/platform/php'
 require 'shared_examples/target/server/generic'
 require 'shared_examples/target/server/apache'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 0.0.10
 platform: ruby
 authors:
 - WPScanTeam - Erwan Le Rousseau
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-27 00:00:00.000000000 Z
+date: 2015-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: opt_parse_validator
@@ -254,8 +254,6 @@ files:
 - lib/cms_scanner/target.rb
 - lib/cms_scanner/target/platform.rb
 - lib/cms_scanner/target/platform/php.rb
-- lib/cms_scanner/target/platform/wordpress.rb
-- lib/cms_scanner/target/platform/wordpress/custom_directories.rb
 - lib/cms_scanner/target/server.rb
 - lib/cms_scanner/target/server/apache.rb
 - lib/cms_scanner/target/server/generic.rb
@@ -298,12 +296,6 @@ files:
 - spec/fixtures/output.txt
 - spec/fixtures/target/platform/php/debug_log/debug.log
 - spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
-- spec/fixtures/target/platform/wordpress/custom_directories/custom_w_spaces.html
-- spec/fixtures/target/platform/wordpress/custom_directories/default.html
-- spec/fixtures/target/platform/wordpress/custom_directories/https.html
-- spec/fixtures/target/platform/wordpress/detection/default.html
-- spec/fixtures/target/platform/wordpress/detection/not_wp.html
-- spec/fixtures/target/platform/wordpress/detection/wp_includes.html
 - spec/fixtures/target/server/apache/directory_listing/2.2.16.html
 - spec/fixtures/target/server/generic/server/apache/basic.txt
 - spec/fixtures/target/server/generic/server/iis/basic.txt
@@ -349,8 +341,6 @@ files:
 - spec/shared_examples/formatter_class_methods.rb
 - spec/shared_examples/independent_finder.rb
 - spec/shared_examples/target/platform/php.rb
-- spec/shared_examples/target/platform/wordpress.rb
-- spec/shared_examples/target/platform/wordpress/custom_directories.rb
 - spec/shared_examples/target/server/apache.rb
 - spec/shared_examples/target/server/generic.rb
 - spec/shared_examples/target/server/iis.rb
@@ -416,12 +406,6 @@ test_files:
 - spec/fixtures/output.txt
 - spec/fixtures/target/platform/php/debug_log/debug.log
 - spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
-- spec/fixtures/target/platform/wordpress/custom_directories/custom_w_spaces.html
-- spec/fixtures/target/platform/wordpress/custom_directories/default.html
-- spec/fixtures/target/platform/wordpress/custom_directories/https.html
-- spec/fixtures/target/platform/wordpress/detection/default.html
-- spec/fixtures/target/platform/wordpress/detection/not_wp.html
-- spec/fixtures/target/platform/wordpress/detection/wp_includes.html
 - spec/fixtures/target/server/apache/directory_listing/2.2.16.html
 - spec/fixtures/target/server/generic/server/apache/basic.txt
 - spec/fixtures/target/server/generic/server/iis/basic.txt
@@ -467,8 +451,6 @@ test_files:
 - spec/shared_examples/formatter_class_methods.rb
 - spec/shared_examples/independent_finder.rb
 - spec/shared_examples/target/platform/php.rb
-- spec/shared_examples/target/platform/wordpress.rb
-- spec/shared_examples/target/platform/wordpress/custom_directories.rb
 - spec/shared_examples/target/server/apache.rb
 - spec/shared_examples/target/server/generic.rb
 - spec/shared_examples/target/server/iis.rb

data/lib/cms_scanner/target/platform/wordpress.rb

@@ -1,33 +0,0 @@
-%w(custom_directories).each do |required|
-  require "cms_scanner/target/platform/wordpress/#{required}"
-end
-
-module CMSScanner
-  class Target < WebSite
-    module Platform
-      # Some WordPress specific implementation
-      module WordPress
-        include PHP
-
-        WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|plugins|uploads))|wp-includes)/}i
-
-        def wordpress?
-          NS::Browser.get(url).html.css('script, link').each do |tag|
-            tag_url = tag.attribute('href').to_s
-
-            next unless in_scope?(tag_url)
-
-            tag_uri = Addressable::URI.parse(tag_url)
-
-            return true if tag_uri.path =~ WORDPRESS_PATTERN
-          end
-          false
-        end
-
-        def wordpress_hosted?
-          uri.host =~ /wordpress.com$/i ? true : false
-        end
-      end
-    end
-  end
-end

data/lib/cms_scanner/target/platform/wordpress/custom_directories.rb

@@ -1,61 +0,0 @@
-module CMSScanner
-  class Target < WebSite
-    module Platform
-      # wp-content & plugins directory implementation
-      module WordPress
-        def content_dir=(dir)
-          @content_dir = dir.chomp('/')
-        end
-
-        def plugins_dir=(dir)
-          @plugins_dir = dir.chomp('/')
-        end
-
-        # @return [ String ] The wp-content directory
-        def content_dir
-          unless @content_dir
-            escaped_url = Regexp.escape(url).gsub(/https?/i, 'https?')
-            pattern     = %r{#{escaped_url}(.+?)\/(?:themes|plugins|uploads)\/}i
-
-            NS::Browser.get(url).html.css('link,script,style,img').each do |tag|
-              %w(href src).each do |attribute|
-                attr_value = tag.attribute(attribute).to_s
-
-                next if attr_value.nil? || attr_value.empty?
-                next unless in_scope?(attr_value) && attr_value.match(pattern)
-
-                return @content_dir = Regexp.last_match[1]
-              end
-            end
-          end
-          @content_dir
-        end
-
-        # @return [ Addressable::URI ]
-        def content_uri
-          uri.join("#{content_dir}/")
-        end
-
-        # @return [ String ]
-        def content_url
-          content_uri.to_s
-        end
-
-        # @return [ String ]
-        def plugins_dir
-          @plugins_dir ||= "#{content_dir}/plugins"
-        end
-
-        # @return [ Addressable::URI ]
-        def plugins_uri
-          uri.join("#{plugins_dir}/")
-        end
-
-        # @return [ String ]
-        def plugins_url
-          plugins_uri.to_s
-        end
-      end
-    end
-  end
-end

data/spec/fixtures/target/platform/wordpress/custom_directories/custom_w_spaces.html

@@ -1,10 +0,0 @@
-<html dir="ltr" lang="en-US">
-<head>
-<meta charset="UTF-8" />
-<meta name="viewport" content="width=device-width" />
-<title>Wordpress 3.4.1 Custom | Just another WordPress site</title>
-<link rel="profile" href="http://gmpg.org/xfn/11" />
-<!-- This should not be detected as from another domain -->
-<script src="http://another-domain/custom content spaces/themes/twentyeleven/js.js" />
-
-<img src="http://ex.lo/custom content spaces/themes/twentyeleven/images/headers/pine-cone.jpg" width="1000" height="288" alt="" />

data/spec/fixtures/target/platform/wordpress/custom_directories/default.html

@@ -1,14 +0,0 @@
-<html lang="en-US">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width">
-  <title>WordPress 4.0 | Just another WordPress site</title>
-  <link rel="profile" href="http://gmpg.org/xfn/11">
-  <link rel="pingback" href="http://ex.lo/xmlrpc.php">
-  <meta name='robots' content='noindex,follow' />
-<link rel="alternate" type="application/rss+xml" title="Wordpress 4.0 &raquo; Feed" href="http://ex.lo/feed/" />
-<link rel="alternate" type="application/rss+xml" title="Wordpress 4.0 &raquo; Comments Feed" href="http://ex.lo/comments/feed/" />
-<link rel='stylesheet' id='twentyfourteen-lato-css'  href='//fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic' type='text/css' media='all' />
-<link rel='stylesheet' id='flexSlider_stylesheet-css'  href='http://ex.lo/wp-content/plugins/reflex-gallery/scripts/flexslider/flexslider.css?ver=4.0' type='text/css' media='all' />
-<link rel='stylesheet' id='prettyPhoto_stylesheet-css'  href='http://ex.lo/wp-content/plugins/reflex-gallery/scripts/prettyPhoto/prettyPhoto.css?ver=4.0' type='text/css' media='all' />
-<link rel='stylesheet' id='genericons-css'  href='http://ex.lo/wp-content/themes/twentyfourteen/genericons/genericons.css?ver=3.0.3' type='text/css'

data/spec/fixtures/target/platform/wordpress/custom_directories/https.html

@@ -1,12 +0,0 @@
-<html lang="en-US">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width">
-  <title>WordPress 4.0 | Just another WordPress site</title>
-  <link rel="profile" href="http://gmpg.org/xfn/11">
-  <link rel="pingback" href="http://ex.lo/xmlrpc.php">
-  <meta name='robots' content='noindex,follow' />
-<link rel="alternate" type="application/rss+xml" title="Wordpress 4.0 &raquo; Feed" href="http://ex.lo/feed/" />
-<link rel="alternate" type="application/rss+xml" title="Wordpress 4.0 &raquo; Comments Feed" href="http://ex.lo/comments/feed/" />
-<link rel='stylesheet' id='twentyfourteen-lato-css'  href='//fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic' type='text/css' media='all' />
-<link rel='stylesheet' id='flexSlider_stylesheet-css'  href='https://ex.lo/wp-content/plugins/reflex-gallery/scripts/flexslider/flexslider.css?ver=4.0' type='text/css' media='all' />

data/spec/fixtures/target/platform/wordpress/detection/default.html

@@ -1,4 +0,0 @@
-<meta name='robots' content='noindex,follow' />
-<link rel='stylesheet' id='twentyfourteen-lato-css'  href='//fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic' type='text/css' media='all' />
-<link rel='stylesheet' id='genericons-css'  href='http://ex.lo/wordpress-4.0/wp-content/themes/twentyfourteen/genericons/genericons.css?ver=3.0.3' type='text/css' media='all' />
-<link rel='stylesheet' id='twentyfourteen-style-css'  href='http://ex.lo/wordpress-4.0/wp-content/themes/twentyfourteen/style.css?ver=4.0' type='text/css' media='all' />

data/spec/fixtures/target/platform/wordpress/detection/not_wp.html

@@ -1,8 +0,0 @@
-<head>
-    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
-<meta http-equiv="content-type" content="text/html; charset=UTF-8;charset=utf-8">
-<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=1" />
-<meta name="HandheldFriendly" content="true"/>
-
-<link rel="canonical" href="https://duckduckgo.com/">
-

data/spec/fixtures/target/platform/wordpress/detection/wp_includes.html

@@ -1,3 +0,0 @@
-<script type='text/javascript' src='http://ex.lo/wordpress-4.0/wp-includes/js/jquery/jquery.js?ver=1.11.1'></script>
-<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://ex.lo/wordpress-4.0/xmlrpc.php?rsd" />
-<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://ex.lo/wordpress-4.0/wp-includes/wlwmanifest.xml" />

data/spec/shared_examples/target/platform/wordpress.rb

@@ -1,39 +0,0 @@
-require_relative 'wordpress/custom_directories'
-
-shared_examples CMSScanner::Target::Platform::WordPress do
-  it_behaves_like 'WordPress::CustomDirectories'
-
-  describe '#wordpress?' do
-    let(:fixtures) { File.join(super(), 'detection') }
-
-    before do
-      stub_request(:get, target.url).to_return(body: File.read(File.join(fixtures, "#{body}.html")))
-    end
-
-    %w(default wp_includes).each do |file|
-      context "when a wordpress page (#{file}.html)" do
-        let(:body) { file }
-
-        its(:wordpress?) { should be true }
-      end
-    end
-
-    %w(not_wp).each do |file|
-      context "when not a wordpress page (#{file}.html)" do
-        let(:body) { file }
-
-        its(:wordpress?) { should be false }
-      end
-    end
-  end
-
-  describe '#wordpress_hosted?' do
-    its(:wordpress_hosted?) { should be false }
-
-    context 'when the target host matches' do
-      let(:url) { 'http://ex.wordpress.com' }
-
-      its(:wordpress_hosted?) { should be true }
-    end
-  end
-end

data/spec/shared_examples/target/platform/wordpress/custom_directories.rb

@@ -1,49 +0,0 @@
-
-shared_examples 'WordPress::CustomDirectories' do
-  let(:fixtures) { File.join(super(), 'custom_directories') }
-
-  describe '#content_dir' do
-    {
-      default: 'wp-content', https: 'wp-content', custom_w_spaces: 'custom content spaces'
-    }.each do |file, expected|
-      it "returns #{expected} for #{file}.html" do
-        fixture = File.join(fixtures, "#{file}.html")
-
-        stub_request(:get, target.url).to_return(body: File.read(fixture))
-
-        expect(target.content_dir).to eql expected
-      end
-    end
-  end
-
-  describe '#content_dir=, #plugins_dir=' do
-    ['wp-content' 'wp-custom'].each do |dir|
-      context "when content_dir = #{dir} and no plugins_dir" do
-        before { target.content_dir = dir }
-
-        its(:content_dir) { should eq dir.chomp('/') }
-        its(:plugins_dir) { should eq dir.chomp('/') + '/plugins' }
-      end
-
-      context "when content_dir = #{dir} and plugins_dir = #{dir}" do
-        before do
-          target.content_dir = dir
-          target.plugins_dir = dir
-        end
-
-        its(:content_dir) { should eq dir.chomp('/') }
-        its(:plugins_dir) { should eq dir.chomp('/') }
-      end
-    end
-  end
-
-  describe '#content_uri, #content_url, #plugins_uri, #plugins_url' do
-    before { target.content_dir = 'wp-content' }
-
-    its(:content_uri) { should eq Addressable::URI.parse("#{url}/wp-content/") }
-    its(:content_url) { should eq "#{url}/wp-content/" }
-
-    its(:plugins_uri) { should eq Addressable::URI.parse("#{url}/wp-content/plugins/") }
-    its(:plugins_url) { should eq "#{url}/wp-content/plugins/" }
-  end
-end