cms_scanner 0.0.13 → 0.0.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 86ad29d942ae76af1543da17f8f8e9ffa73f0373
-  data.tar.gz: bebf3711223c587954b4b4c2f852af89afc1192e
+  metadata.gz: b776de3125da0037eef520d8cf0f69caa17a9f22
+  data.tar.gz: 1f328394f7c5395b8b3191ee37e98627f0b90d0c
 SHA512:
-  metadata.gz: a476cb2079b4633e3a672415952fb420cc55359a5cc4438bc7cd0e8dd4556d7a03ec4769c40a3a1f536ae7b2696e5213470c84136e78db249ae638b3e4a13bd2
-  data.tar.gz: db601c31e7d60b95f1b56b7b0a903ac83cef5966b81c4737e74f4d7e1019ad508245ccb82b11cbb4b9ab9bd662789002b3f4f26f2209d58f8145b8da0cd477eb
+  metadata.gz: f1b3aa71d953d878b8bbebdf70372ecaf7eb89352638008748d7b5cad16f4378c9ee26534042bf2c1ed32268c5f4b4e4a95ed1b88eab0186dfd0ef2bc4133d7b
+  data.tar.gz: 1cfa9bb846e83bdf8702295f62049c175d850a9e19eae1bdc73d8a882690b298ab127056866355792f37126bd0a4257756128c5e4878d46835096f77913dcc19

data/app/controllers/core/cli_options.rb

@@ -26,7 +26,8 @@ module CMSScanner
         [
           OptString.new(['--user-agent VALUE', '--ua']),
           OptCredentials.new(['--http-auth login:password']),
-          OptPositiveInteger.new(['--max-threads VALUE', '-t', 'The max threads to use']),
+          OptPositiveInteger.new(['--max-threads VALUE', '-t', 'The max threads to use'],
+                                 default: 5),
           OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds']),
           OptPositiveInteger.new(['--connect-timeout SECONDS',
                                   'The connection timeout in seconds'])

data/app/models/version.rb

@@ -7,11 +7,37 @@ module CMSScanner
 
     def initialize(number, opts = {})
       @number = number.to_s
+      @number = "0#{number}" if @number[0, 1] == '.'
+
       parse_finding_options(opts)
     end
 
+    # @param [ Version, String ] other
     def ==(other)
-      number == other.number
+      (self <=> other) == 0
+    end
+
+    # @param [ Version, String ] other
+    def <(other)
+      (self <=> other) == -1
+    end
+
+    # @param [ Version, String ] other
+    def >(other)
+      (self <=> other) == 1
+    end
+
+    # @param [ Version, String ] other
+    def <=>(other)
+      other = self.class.new(other) unless other.is_a?(self.class) # handle potential '.1' version
+
+      Gem::Version.new(number) <=> Gem::Version.new(other.number)
+    rescue
+      false
+    end
+
+    def to_s
+      number
     end
   end
 end

data/cms_scanner.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   s.test_files            = s.files.grep(/^(test|spec|features)\//)
   s.require_path         = 'lib'
 
-  s.add_dependency 'opt_parse_validator', '~> 0.0.6'
+  s.add_dependency 'opt_parse_validator', '~> 0.0.8'
   s.add_dependency 'typhoeus', '~> 0.7'
   s.add_dependency 'nokogiri', '~> 1.6'
   s.add_dependency 'addressable', '~> 2.3'

data/lib/cms_scanner/browser/options.rb

@@ -1,12 +1,3 @@
-module Typhoeus
-  # Hack to have a setter for the :max_concurrency
-  # Which will be officially added in the next version
-  # See: https://github.com/typhoeus/typhoeus/issues/366
-  class Hydra
-    attr_accessor :max_concurrency
-  end
-end
-
 module CMSScanner
   # Options available in the Browser
   class Browser

data/lib/cms_scanner/finders.rb

@@ -5,3 +5,5 @@ require 'cms_scanner/finders/independent_finders'
 require 'cms_scanner/finders/independent_finder'
 require 'cms_scanner/finders/unique_finders'
 require 'cms_scanner/finders/unique_finder'
+require 'cms_scanner/finders/same_type_finders'
+require 'cms_scanner/finders/same_type_finder'

data/lib/cms_scanner/finders/same_type_finder.rb

@@ -0,0 +1,17 @@
+module CMSScanner
+  module Finders
+    # Same Type Finder
+    module SameTypeFinder
+      def self.included(klass)
+        klass.class_eval do
+          include IndependentFinder
+
+          # @return [ Array ]
+          def finders
+            @finders ||= NS::Finders::SameTypeFinders.new
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cms_scanner/finders/same_type_finders.rb

@@ -0,0 +1,25 @@
+module CMSScanner
+  module Finders
+    # Same Type Finders container
+    #
+    # This class is designed to handle same type results, such as enumeration of plugins,
+    # themes etc.
+    class SameTypeFinders < IndependentFinders
+      # @param [ Hash ] opts
+      # @option opts [ Symbol ] :mode :mixed, :passive or :aggressive
+      #
+      # @return [ Findings ]
+      def run(opts = {})
+        symbols_from_mode(opts[:mode]).each do |symbol|
+          each do |finder|
+            [*finder.send(symbol, opts)].compact.each do |found|
+              findings << found
+            end
+          end
+        end
+
+        findings
+      end
+    end
+  end
+end

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.13'
+  VERSION = '0.0.14'
 end

data/lib/cms_scanner/vulnerability/references.rb

@@ -3,7 +3,7 @@ module CMSScanner
   class Vulnerability
     # @return [ Array<String> ] All the references URLs
     def references_urls
-      cve_urls + secunia_urls + osvdb_urls + exploitdb_urls + msf_urls + packetstorm_urls
+      cve_urls + secunia_urls + osvdb_urls + exploitdb_urls + urls + msf_urls + packetstorm_urls
     end
 
     # @return [ Array<String> ] The CVEs

data/spec/app/models/version_spec.rb

@@ -7,27 +7,45 @@ describe CMSScanner::Version do
   let(:opts)        { {} }
   let(:number)      { '1.0' }
 
+  its(:to_s)        { should eql '1.0' }
+
   describe '#number' do
     its(:number) { should eql '1.0' }
 
     context 'when float number supplied' do
       let(:number) { 2.0 }
 
-      its(:number) { should eq '2.0' }
+      its(:number) { should eql '2.0' }
+      its(:to_s)   { should eql '2.0' }
+    end
+
+    context 'when starting with a dot' do
+      let(:number) { '.2' }
+
+      its(:number) { should eql '0.2' }
     end
   end
 
-  describe '#==' do
-    context 'when same @number' do
-      it 'returns true' do
-        expect(version == described_class.new(number)).to be true
-      end
+  describe '#<=>, #==, #>, #<' do
+    it 'returns true' do
+      expect(version == '1.0').to be true
+      expect(version == 1.0).to be true
+      expect(version == described_class.new('1.0')).to be true
+      expect(version > '0.9').to be true
+      expect(version < '2').to be true
+
+      expect(described_class.new('0.1') == '.1').to be true
+      expect(described_class.new('.1') == '0.1').to be true
     end
 
-    context 'when not the same @number' do
-      it 'returns false' do
-        expect(version == described_class.new('3.0')).to be false
-      end
+    it 'returns false' do
+      expect(version == '2.0').to be false
+      expect(version == described_class.new('2')).to be false
+      expect(version > '2.0').to be false
+      expect(version < '1.0').to be false
+
+      expect(version < 'gg').to be false
+      expect(version == '').to be false
     end
   end
 end

data/spec/lib/finders/same_type_finder_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+module CMSScanner
+  module Finders
+    # Dummy Class to test the module
+    class PluginsFinderSpec
+      include SameTypeFinder
+
+      def initialize(_target)
+      end
+    end
+  end
+end
+
+describe CMSScanner::Finders::PluginsFinderSpec do
+  it_behaves_like CMSScanner::Finders::IndependentFinder do
+    let(:expected_finders) { [] }
+    let(:expected_finders_class) { CMSScanner::Finders::SameTypeFinders }
+  end
+
+  subject(:plugins) { described_class.new(target) }
+  let(:target)      { CMSScanner::Target.new(url) }
+  let(:url)         { 'http://example.com/' }
+end

data/spec/lib/finders/same_type_finders_spec.rb

@@ -0,0 +1,81 @@
+require 'spec_helper'
+require 'dummy_independent_finders' # will use those for convenience
+
+describe CMSScanner::Finders::SameTypeFinders do
+  subject(:finders) { described_class.new }
+  let(:independent_finders) { CMSScanner::Finders::Independent }
+
+  describe '#run' do
+    let(:target)  { 'target' }
+    let(:finding) { CMSScanner::DummyFinding }
+    let(:opts)    { {} }
+
+    before do
+      finders <<
+        independent_finders::DummyFinder.new(target) <<
+        independent_finders::NoAggressiveResult.new(target)
+    end
+
+    after do
+      result = finders.run(opts)
+
+      expect(result).to be_a CMSScanner::Finders::Findings
+      expect(result).to eql @expected
+    end
+
+    # Used to be able to test the calls order and returned result at the same time
+    let(:dummy_passive)     { independent_finders::DummyFinder.new(target).passive(opts) }
+    let(:dummy_aggresssive) { independent_finders::DummyFinder.new(target).aggressive(opts) }
+    let(:noaggressive)      { independent_finders::NoAggressiveResult.new(target).passive(opts) }
+
+    context 'when :mixed mode' do
+      let(:opts) { super().merge(mode: :mixed) }
+
+      it 'calls all #passive then #aggressive on finders and returns the best result' do
+        expect(finders[0]).to receive(:passive).ordered.and_return(dummy_passive)
+        expect(finders[1]).to receive(:passive).ordered.and_return(noaggressive)
+        expect(finders[0]).to receive(:aggressive).ordered.and_return(dummy_aggresssive)
+        expect(finders[1]).to receive(:aggressive).ordered
+
+        @expected = []
+
+        @expected << finding.new('test', confidence: 100,
+                                         found_by: 'Dummy Finder (Passive Detection)')
+
+        @expected.first.confirmed_by << finding.new('test', confidence: 100, found_by: 'override')
+
+        @expected << finding.new('spotted', confidence: 10,
+                                            found_by: 'No Aggressive Result (Passive Detection)')
+      end
+    end
+
+    context 'when :passive mode' do
+      let(:opts) { super().merge(mode: :passive) }
+
+      it 'calls #passive on all finders and returns the best result' do
+        expect(finders[0]).to receive(:passive).ordered.and_return(dummy_passive)
+        expect(finders[1]).to receive(:passive).ordered.and_return(noaggressive)
+
+        finders.each { |f| expect(f).to_not receive(:aggressive) }
+
+        @expected = []
+        @expected << finding.new('test', found_by: 'Dummy Finder (Passive Detection)')
+        @expected << finding.new('spotted', confidence: 10,
+                                            found_by: 'No Aggressive Result (Passive Detection)')
+      end
+    end
+
+    context 'when :aggressive mode' do
+      let(:opts) { super().merge(mode: :aggressive) }
+
+      it 'calls #aggressive on all finders and returns the best result' do
+        finders.each { |f| expect(f).to_not receive(:passive) }
+
+        expect(finders[0]).to receive(:aggressive).ordered.and_return(dummy_aggresssive)
+        expect(finders[1]).to receive(:aggressive).ordered
+
+        @expected = [finding.new('test', confidence: 100, found_by: 'override')]
+      end
+    end
+  end
+end

data/spec/lib/vulnerability/references_spec.rb

@@ -54,6 +54,18 @@ describe CMSScanner::Vulnerability do
 
       its(:packetstorm_ids)  { should eq %w(15) }
       its(:packetstorm_urls) { should eql %w(http://packetstormsecurity.com/files/15/) }
+
+      its(:references_urls) do
+        should eql [
+          'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-11',
+          'https://secunia.com/advisories/12',
+          'http://osvdb.org/13',
+          'http://www.exploit-db.com/exploits/14/',
+          'single-url',
+          'http://www.rapid7.com/db/modules/exploit/yolo',
+          'http://packetstormsecurity.com/files/15/'
+        ]
+      end
     end
 
     context 'when references provided as array' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.13
+  version: 0.0.14
 platform: ruby
 authors:
 - WPScanTeam - Erwan Le Rousseau
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-13 00:00:00.000000000 Z
+date: 2015-02-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: opt_parse_validator
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.6
+        version: 0.0.8
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.6
+        version: 0.0.8
 - !ruby/object:Gem::Dependency
   name: typhoeus
   requirement: !ruby/object:Gem::Requirement
@@ -259,6 +259,8 @@ files:
 - lib/cms_scanner/finders/findings.rb
 - lib/cms_scanner/finders/independent_finder.rb
 - lib/cms_scanner/finders/independent_finders.rb
+- lib/cms_scanner/finders/same_type_finder.rb
+- lib/cms_scanner/finders/same_type_finders.rb
 - lib/cms_scanner/finders/unique_finder.rb
 - lib/cms_scanner/finders/unique_finders.rb
 - lib/cms_scanner/formatter.rb
@@ -337,6 +339,8 @@ files:
 - spec/lib/finders/finder/smart_url_checker_spec.rb
 - spec/lib/finders/findings_spec.rb
 - spec/lib/finders/independent_finders_spec.rb
+- spec/lib/finders/same_type_finder_spec.rb
+- spec/lib/finders/same_type_finders_spec.rb
 - spec/lib/finders/unique_finder_spec.rb
 - spec/lib/finders/unique_finders_spec.rb
 - spec/lib/formatter_spec.rb
@@ -454,6 +458,8 @@ test_files:
 - spec/lib/finders/finder/smart_url_checker_spec.rb
 - spec/lib/finders/findings_spec.rb
 - spec/lib/finders/independent_finders_spec.rb
+- spec/lib/finders/same_type_finder_spec.rb
+- spec/lib/finders/same_type_finders_spec.rb
 - spec/lib/finders/unique_finder_spec.rb
 - spec/lib/finders/unique_finders_spec.rb
 - spec/lib/formatter_spec.rb