cms_scanner 0.0.17 → 0.0.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/models/interesting_file.rb +1 -0
- data/app/models/robots_txt.rb +1 -1
- data/lib/cms_scanner/target.rb +20 -0
- data/lib/cms_scanner/version.rb +1 -1
- data/spec/fixtures/target/comments.html +29 -0
- data/spec/lib/target_spec.rb +39 -0
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4967adc46d0b17b3762f4aa25608fbd5fa7372f4
|
|
4
|
+
data.tar.gz: d8b5abec16cff468b52d2596c8544b279dbfc347
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a807670ea5bdf871cd0f70779f939ddfb8c1dbd83262447e1427369109db103cc38192bbf6f95531264081e003200cf29be0c3af0849544b0d943824d6a0c734
|
|
7
|
+
data.tar.gz: d9c5c442e85d106dc960eee3db9a5277e2078816fd2dd331e73ac6206ffdcf08d6945ef071cdbf035d278ef6bf361ae11b22842be6190404f57e0b87d59025db
|
data/app/models/robots_txt.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
module CMSScanner
|
|
2
2
|
# Robots.txt
|
|
3
3
|
class RobotsTxt < InterestingFile
|
|
4
|
-
# @todo Better detection, currently
|
|
4
|
+
# @todo Better detection, currently everything not empty or / is returned
|
|
5
5
|
#
|
|
6
6
|
# @return [ Array<String> ] The interesting Allow/Disallow rules detected
|
|
7
7
|
def interesting_entries
|
data/lib/cms_scanner/target.rb
CHANGED
|
@@ -25,5 +25,25 @@ module CMSScanner
|
|
|
25
25
|
def interesting_files(opts = {})
|
|
26
26
|
@interesting_files ||= NS::Finders::InterestingFiles::Base.find(self, opts)
|
|
27
27
|
end
|
|
28
|
+
|
|
29
|
+
# @param [ Regexp ] pattern
|
|
30
|
+
# @param [ Typhoeus::Response, String ] page
|
|
31
|
+
#
|
|
32
|
+
# @return [ Array<Array<MatchData, Nokogiri::XML::Comment>> ]
|
|
33
|
+
# @yield [ MatchData, Nokogiri::XML::Comment ]
|
|
34
|
+
def comments_from_page(pattern, page = nil)
|
|
35
|
+
page = NS::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response)
|
|
36
|
+
matches = []
|
|
37
|
+
|
|
38
|
+
page.html.xpath('//comment()').each do |node|
|
|
39
|
+
next unless node.text.to_s.strip =~ pattern
|
|
40
|
+
|
|
41
|
+
yield Regexp.last_match, node if block_given?
|
|
42
|
+
|
|
43
|
+
matches << [Regexp.last_match, node]
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
matches
|
|
47
|
+
end
|
|
28
48
|
end
|
|
29
49
|
end
|
data/lib/cms_scanner/version.rb
CHANGED
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html lang="en-US" class="no-js">
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="UTF-8">
|
|
5
|
+
<meta name="viewport" content="width=device-width">
|
|
6
|
+
<link rel="profile" href="http://gmpg.org/xfn/11">
|
|
7
|
+
<link rel="pingback" href="http://wp.lab/wordpress-4.1.1/xmlrpc.php">
|
|
8
|
+
<!--[if lt IE 9]>
|
|
9
|
+
<script src="http://wp.lab/wordpress-4.1.1/wp-content/themes/twentyfifteen/js/html5.js"></script>
|
|
10
|
+
<![endif]-->
|
|
11
|
+
<script>(function(){document.documentElement.className='js'})();</script>
|
|
12
|
+
<title>WP 4.1.1 | Just another WordPress site</title>
|
|
13
|
+
<meta name='robots' content='noindex,follow' />
|
|
14
|
+
|
|
15
|
+
<!-- All in One SEO Pack 2.2.5.1 by Michael Torbert of Semper Fi Web Design -->
|
|
16
|
+
<link rel="canonical" href="http://wp.lab/wordpress-4.1.1/" />
|
|
17
|
+
<!-- /all in one seo pack -->
|
|
18
|
+
<!--[if lt IE 9]>
|
|
19
|
+
<link rel='stylesheet' id='twentyfifteen-ie-css' href='http://wp.lab/wordpress-4.1.1/wp-content/themes/twentyfifteen/css/ie.css?ver=20141010' type='text/css' media='all' />
|
|
20
|
+
<![endif]-->
|
|
21
|
+
<!--[if lt IE 8]>
|
|
22
|
+
<link rel='stylesheet' id='twentyfifteen-ie7-css' href='http://wp.lab/wordpress-4.1.1/wp-content/themes/twentyfifteen/css/ie7.css?ver=20141010' type='text/css' media='all' />
|
|
23
|
+
<![endif]-->
|
|
24
|
+
|
|
25
|
+
<!-- .site-branding -->
|
|
26
|
+
<!-- .site-header -->
|
|
27
|
+
|
|
28
|
+
</body>
|
|
29
|
+
</html>
|
data/spec/lib/target_spec.rb
CHANGED
|
@@ -27,4 +27,43 @@ describe CMSScanner::Target do
|
|
|
27
27
|
end
|
|
28
28
|
end
|
|
29
29
|
end
|
|
30
|
+
|
|
31
|
+
describe '#comments_from_page' do
|
|
32
|
+
let(:fixture) { File.join(FIXTURES, 'target', 'comments.html') }
|
|
33
|
+
let(:page) { Typhoeus::Response.new(body: File.read(fixture)) }
|
|
34
|
+
|
|
35
|
+
context 'when the pattern does not match anything' do
|
|
36
|
+
it 'returns an empty array' do
|
|
37
|
+
expect(target.comments_from_page(/none/, page)).to eql([])
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
context 'when the pattern matches' do
|
|
42
|
+
let(:pattern) { /all in one seo pack/i }
|
|
43
|
+
let(:s1) { 'All in One SEO Pack 2.2.5.1 by Michael Torbert of Semper Fi Web Design' }
|
|
44
|
+
let(:s2) { '/all in one seo pack' }
|
|
45
|
+
|
|
46
|
+
context 'when no block given' do
|
|
47
|
+
it 'returns the expected matches' do
|
|
48
|
+
results = target.comments_from_page(pattern, page)
|
|
49
|
+
|
|
50
|
+
[s1, s2].each_with_index do |s, i|
|
|
51
|
+
expect(results[i].first).to eql s.match(pattern)
|
|
52
|
+
expect(results[i].last.to_s).to eql "<!-- #{s} -->"
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# The below doesn't work, dunno why
|
|
58
|
+
context 'when block given' do
|
|
59
|
+
it 'yield the MatchData' do
|
|
60
|
+
expect { |b| target.comments_from_page(pattern, page, &b) }
|
|
61
|
+
.to yield_successive_args(
|
|
62
|
+
[MatchData, Nokogiri::XML::Comment],
|
|
63
|
+
[MatchData, Nokogiri::XML::Comment]
|
|
64
|
+
)
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
end
|
|
30
69
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.18
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam - Erwan Le Rousseau
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-02-
|
|
11
|
+
date: 2015-02-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: opt_parse_validator
|
|
@@ -328,6 +328,7 @@ files:
|
|
|
328
328
|
- spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
|
|
329
329
|
- spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php
|
|
330
330
|
- spec/fixtures/output.txt
|
|
331
|
+
- spec/fixtures/target/comments.html
|
|
331
332
|
- spec/fixtures/target/platform/php/debug_log/debug.log
|
|
332
333
|
- spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
|
|
333
334
|
- spec/fixtures/target/scope/index.html
|
|
@@ -449,6 +450,7 @@ test_files:
|
|
|
449
450
|
- spec/fixtures/finders/interesting_files/xml_rpc/homepage_out_of_scope_pingback.html
|
|
450
451
|
- spec/fixtures/finders/interesting_files/xml_rpc/xmlrpc.php
|
|
451
452
|
- spec/fixtures/output.txt
|
|
453
|
+
- spec/fixtures/target/comments.html
|
|
452
454
|
- spec/fixtures/target/platform/php/debug_log/debug.log
|
|
453
455
|
- spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
|
|
454
456
|
- spec/fixtures/target/scope/index.html
|