cms_scanner 0.0.23 → 0.0.24

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: bfb8f0f330cdaf4b47d1459029b4328c7c8a3474
-  data.tar.gz: c324f2c4c0aa51b6debcba249bedce15b944877a
+  metadata.gz: 6ba0eb7b854b3284b9c15c6ccba0e7435510c0e1
+  data.tar.gz: 61f20c09a8911a41aaf9140f4efb80d14ef527b3
 SHA512:
-  metadata.gz: 3702af56ecf6cb6313a2d1cfc92d3b45e93b7d4713ec66f69bda037e289a70b460836b67357b8e928d9594ade420d7860d3413bb8388b3322ea826ef75995a89
-  data.tar.gz: 82eccf4f3b8e461ed03a37b12f778b48d1022df5ae590783040335e9d66f673884f986eaf74734258a473a4e16e28b541cae325b532775ddd062d1c0bc9b2b1b
+  metadata.gz: 7e2c771210af4df78d1b3a99db98c7f05547d46d17816f64eac932918d7875199bc9ea395babf901636bda4ee610691d7888a12de6e34be931ddc5713a98316c
+  data.tar.gz: 2a06183adab57a03f14f699cf2b4d204d4c3fc123bdd509a34f56843edb7e5f8e8d835fcf67d4fdeec52eb36c4c708d9557db21aa01bc9c1ffb900b6c3b0c73c

data/app/controllers/core/cli_options.rb

@@ -32,9 +32,10 @@ module CMSScanner
           OptCredentials.new(['--http-auth login:password']),
           OptPositiveInteger.new(['--max-threads VALUE', '-t', 'The max threads to use'],
                                  default: 5),
-          OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds']),
-          OptPositiveInteger.new(['--connect-timeout SECONDS',
-                                  'The connection timeout in seconds'])
+          OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds'],
+                                 default: 60),
+          OptPositiveInteger.new(['--connect-timeout SECONDS', 'The connection timeout in seconds'],
+                                 default: 5)
         ] + cli_browser_proxy_options + cli_browser_cookies_options + cli_browser_cache_options
       end
 

data/app/finders/interesting_findings/fantastico_fileslist.rb

@@ -13,7 +13,7 @@ module CMSScanner
           res = NS::Browser.get(url)
 
           return unless res && res.code == 200 && res.body.length > 0
-          return unless res.headers && res.headers['Content-Type'] =~ /\Atext\/plain/
+          return unless res.headers && res.headers['Content-Type'] =~ %r{\Atext/plain}
 
           NS::FantasticoFileslist.new(url, confidence: 70, found_by: found_by)
         end

data/app/models/interesting_finding.rb

@@ -21,7 +21,7 @@ module CMSScanner
     def entries
       res = NS::Browser.get(url)
 
-      return [] unless res && res.headers['Content-Type'] =~ /\Atext\/plain;/i
+      return [] unless res && res.headers['Content-Type'] =~ %r{\Atext/plain;}i
 
       res.body.split("\n").reject { |s| s.strip.empty? }
     end

data/cms_scanner.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
   s.license               = 'MIT'
 
   s.files                 = `git ls-files -z`.split("\x0").reject do |file|
-    file =~ /^(?:
+    file =~ %r{^(?:
       spec\/.*
       |Gemfile
       |Rakefile
@@ -25,10 +25,10 @@ Gem::Specification.new do |s|
       |\.gitignore
       |\.rubocop.yml
       |\.travis.yml
-      )$/x
+      )$}x
   end
   s.test_files            = []
-  s.executables           = s.files.grep(/^bin\//) { |f| File.basename(f) }
+  s.executables           = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.require_path          = 'lib'
 
   s.add_dependency 'opt_parse_validator', '~> 0.0.9'
@@ -36,14 +36,14 @@ Gem::Specification.new do |s|
   s.add_dependency 'nokogiri', '~> 1.6'
   s.add_dependency 'addressable', '~> 2.3'
   s.add_dependency 'activesupport', '~> 4.2'
-  s.add_dependency 'public_suffix', '~> 1.4'
-  s.add_dependency 'ruby-progressbar', '~> 1.7.1'
+  s.add_dependency 'public_suffix', '~> 1.5'
+  s.add_dependency 'ruby-progressbar', '~> 1.7'
 
   s.add_development_dependency 'rake', '~> 10.4'
   s.add_development_dependency 'rspec', '~> 3.2'
   s.add_development_dependency 'rspec-its', '~> 1.2'
   s.add_development_dependency 'bundler', '~> 1.6'
-  s.add_development_dependency 'rubocop', '~> 0.29'
-  s.add_development_dependency 'webmock', '~> 1.20'
+  s.add_development_dependency 'rubocop', '~> 0.30'
+  s.add_development_dependency 'webmock', '~> 1.21'
   s.add_development_dependency 'simplecov', '~> 0.9'
 end

data/lib/cms_scanner/controllers.rb

@@ -28,7 +28,7 @@ module CMSScanner
 
       each(&:before_scan)
       each(&:run)
-      reverse.each(&:after_scan)
+      reverse_each(&:after_scan)
     end
   end
 end

data/lib/cms_scanner/finders/same_type_finders.rb

@@ -7,8 +7,6 @@ module CMSScanner
     class SameTypeFinders < IndependentFinders
       # @param [ Hash ] opts
       # @option opts [ Symbol ] :mode :mixed, :passive or :aggressive
-      # @option opts [ Boolean ] :vulnerable Only return vulnerable findings
-      #                                     (which must respond to :vulnerable?)
       # @option opts [ Boolean ] :sort Wether or not to sort the findings
       #
       # @return [ Findings ]
@@ -21,8 +19,7 @@ module CMSScanner
           end
         end
 
-        findings.select!(&:vulnerable?) if opts[:vulnerable]
-        findings.sort!                  if opts[:sort]
+        findings.sort! if opts[:sort]
 
         findings
       end

data/lib/cms_scanner/formatter.rb

@@ -11,7 +11,7 @@ module CMSScanner
       #
       # @return [ Formatter::Base ]
       def load(format = nil, custom_views = nil)
-        format       ||= 'cli'
+        format ||= 'cli'
         custom_views ||= []
 
         f = const_get(format.gsub(/-/, '_').camelize).new
@@ -113,9 +113,9 @@ module CMSScanner
           tpl = "#{controller_name}/#{tpl}"
         end
 
-        fail "Wrong tpl format: '#{tpl}'" unless tpl =~ /\A[\w\/_]+\z/
+        fail "Wrong tpl format: '#{tpl}'" unless tpl =~ %r{\A[\w/_]+\z}
 
-        views_directories.reverse.each do |dir|
+        views_directories.reverse_each do |dir|
           formats.each do |format|
             potential_file = File.join(dir, format, "#{tpl}.erb")
 

data/lib/cms_scanner/target.rb

@@ -36,7 +36,7 @@ module CMSScanner
       matches = []
 
       page.html.xpath('//comment()').each do |node|
-        next unless node.text.to_s.strip =~ pattern
+        next unless node.text.strip =~ pattern
 
         yield Regexp.last_match, node if block_given?
 

data/lib/cms_scanner/target/server/iis.rb

@@ -19,7 +19,7 @@ module CMSScanner
         def directory_listing?(path = nil, params = {})
           res = NS::Browser.get(url(path), params)
 
-          res.code == 200 && res.body =~ /<H1>#{uri.host} - \// ? true : false
+          res.code == 200 && res.body =~ %r{<H1>#{uri.host} - /} ? true : false
         end
       end
     end

data/lib/cms_scanner/typhoeus/response.rb

@@ -3,7 +3,7 @@ module Typhoeus
   class Response
     # @return [ Nokogiri::HTML ] The response's body parsed by Nokogiri
     def html
-      Nokogiri::HTML(body)
+      @html ||= Nokogiri::HTML(body.encode('UTF-8', invalid: :replace, undef: :replace))
     end
   end
 end

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.23'
+  VERSION = '0.0.24'
 end

data/lib/cms_scanner/vulnerability/references.rb

@@ -83,7 +83,7 @@ module CMSScanner
 
     # @return [ String ] The URL to the metasploit module page
     def msf_url(mod)
-      "http://www.rapid7.com/db/modules/#{mod.sub(/^\//, '')}"
+      "http://www.rapid7.com/db/modules/#{mod.sub(%r{^/}, '')}"
     end
 
     # @return [ Array<String> ] The Packetstormsecurity ID

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.23
+  version: 0.0.24
 platform: ruby
 authors:
 - WPScanTeam - Erwan Le Rousseau
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-27 00:00:00.000000000 Z
+date: 2015-04-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: opt_parse_validator
@@ -86,28 +86,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: ruby-progressbar
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.1
+        version: '1.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.1
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -170,28 +170,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.29'
+        version: '0.30'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.29'
+        version: '0.30'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.20'
+        version: '1.21'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.20'
+        version: '1.21'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement