cms_scanner 0.0.37.2 → 0.0.37.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9c91f0a93071bda6ebe8fb050b712acabf9940cd
-  data.tar.gz: 9a1e129b685442a8369a095bcd60af4551dd23aa
+  metadata.gz: 611e0d1894e5db176095c3b09feefa68077b2260
+  data.tar.gz: 8428392f787410217a9d421bcdc02ecc6abcdb36
 SHA512:
-  metadata.gz: 751dbcbfd6f266d6858dd1884f2251c6f56cedf60c935e0d6465a34025e65dbcca67b089747ebd17db11ca087327bb05bc85397876d0695dc9fa7683d6eb6823
-  data.tar.gz: bea0bd67b730e5d5a650d976fffa65c00e5aaeaaca3c7e5be0b445555c13a855624c86ce55fb97a4beb45bd4d5c464d7415b82394e8f5aa7d8f0447f9a3d0746
+  metadata.gz: 9c908a4747c6b4c3f2c388d091b151de36db62f0267504a22d2c2826d34e7364e5f90f835d214c4e22b8d9170662a93aa5dfba0c7a55bb0919c4069b570cb588
+  data.tar.gz: d45977ecf51a409ce89ad85ff1305539bf44f4e4a2a4296566850d39016c5de4338769dae986a35e9b2ebe85c228d71007fe150cba88ad6bf8fb56a04dbce082

data/app/controllers/core.rb

@@ -38,15 +38,22 @@ module CMSScanner
           fail ProxyAuthRequiredError
         end
 
-        redirection = target.redirection
-        fail HTTPRedirectError, redirection if redirection && !parsed_options[:ignore_main_redirect]
+        # Checks for redirects
+        # An out of scope redirect will raise an HTTPRedirectError
+        effective_url = target.homepage_res.effective_url
+
+        return if target.in_scope?(effective_url)
+
+        fail HTTPRedirectError, effective_url unless parsed_options[:ignore_main_redirect]
+
+        target.homepage_res = res
       end
 
       def run
         @start_time   = Time.now
         @start_memory = memory_usage
 
-        output('started', url: target.url)
+        output('started', url: target.url, effective_url: target.homepage_url)
       end
 
       def after_scan

data/app/finders/interesting_findings/headers.rb

@@ -5,7 +5,7 @@ module CMSScanner
       class Headers < Finder
         # @return [ InterestingFinding ]
         def passive(_opts = {})
-          r = NS::Headers.new(target.url, confidence: 100, found_by: found_by)
+          r = NS::Headers.new(target.homepage_url, confidence: 100, found_by: found_by)
 
           r.interesting_entries.empty? ? nil : r
         end

data/app/finders/interesting_findings/xml_rpc.rb

@@ -15,7 +15,7 @@ module CMSScanner
 
         # @return [ XMLRPC ]
         def passive_headers(_opts = {})
-          url = NS::Browser.get(target.url).headers['X-Pingback']
+          url = target.homepage_res.headers['X-Pingback']
 
           return unless target.in_scope?(url)
           potential_urls << url
@@ -25,7 +25,7 @@ module CMSScanner
 
         # @return [ XMLRPC ]
         def passive_body(_opts = {})
-          NS::Browser.get(target.url).html.css('link[rel="pingback"]').each do |tag|
+          target.homepage_res.html.css('link[rel="pingback"]').each do |tag|
             url = tag.attribute('href').to_s
 
             next unless target.in_scope?(url)

data/app/views/cli/core/started.erb

@@ -1,3 +1,6 @@
 <%= info_icon %> URL: <%= @url %>
+<% if @url != @effective_url -%>
+<%= info_icon %> Effective URL: <%= @effective_url %>
+<% end -%>
 <%= info_icon %> Started: <%= @start_time.asctime %>
 

data/app/views/json/core/started.erb

@@ -1,3 +1,4 @@
 "start_time": <%= @start_time.to_i %>,
 "start_memory": <%= @start_memory.to_i %>,
-"target_url": <%= @url.to_s.to_json %>,
+"target_url": <%= @url.to_s.to_json %>,
+"effective_url": <%= @effective_url.to_s.to_json %>,

data/cms_scanner.gemspec

@@ -34,7 +34,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'typhoeus', '~> 0.8.0'
   s.add_dependency 'nokogiri', '~> 1.6.7.0'
   s.add_dependency 'yajl-ruby', '~> 1.2.1' # Better JSON parser regarding memory usage
-  s.add_dependency 'addressable', '~> 2.3.8'
+  s.add_dependency 'addressable', '~> 2.4.0'
   s.add_dependency 'activesupport', '~> 4.2.0'
   s.add_dependency 'public_suffix', '~> 1.5.0'
   s.add_dependency 'ruby-progressbar', '~> 1.7.5'

data/lib/cms_scanner/finders/finder.rb

@@ -1,3 +1,4 @@
+require 'cms_scanner/mocked_progress_bar'
 require 'cms_scanner/finders/finder/smart_url_checker'
 require 'cms_scanner/finders/finder/enumerator'
 require 'cms_scanner/finders/finder/fingerprinter'
@@ -9,7 +10,7 @@ module CMSScanner
       # Constants for common found_by
       DIRECT_ACCESS = 'Direct Access (Aggressive Detection)'
 
-      attr_accessor :target
+      attr_accessor :target, :progress_bar
 
       def initialize(target)
         @target = target
@@ -29,10 +30,13 @@ module CMSScanner
       end
 
       # @param [ Hash ] opts See https://github.com/jfelchner/ruby-progressbar/wiki/Options
+      # @option opts [ Boolean ] :show_progression
       #
-      # @return [ ProgressBar::Base ]
-      def progress_bar(opts = {})
-        ProgressBar.create({ format: '%t %a <%B> (%c / %C) %P%% %e' }.merge(opts))
+      # @return [ ProgressBar::Base, CMSScanner::MockedProgressBar ]
+      def create_progress_bar(opts = {})
+        klass = opts[:show_progression] ? ProgressBar : MockedProgressBar
+
+        @progress_bar = klass.create({ format: '%t %a <%B> (%c / %C) %P%% %e' }.merge(opts))
       end
 
       # @return [ Browser ]

data/lib/cms_scanner/finders/finder/enumerator.rb

@@ -10,13 +10,13 @@ module CMSScanner
         #
         # @yield [ Typhoeus::Response, String ]
         def enumerate(target_urls, opts = {})
-          bar = progress_bar(total: target_urls.size) if opts[:show_progression]
+          create_progress_bar(opts.merge(total: target_urls.size)) # if opts[:show_progression]
 
           target_urls.each do |url, id|
             request = browser.forge_request(url, request_params)
 
             request.on_complete do |res|
-              bar.progress += 1 if opts[:show_progression]
+              progress_bar.increment
 
               next if target.homepage_or_404?(res)
               next if opts[:exclude_content] && res.body.match(opts[:exclude_content])

data/lib/cms_scanner/finders/finder/fingerprinter.rb

@@ -23,14 +23,14 @@ module CMSScanner
         # @yield [ Mixed, String, String ] version/s, url, hash The version associated to the
         #                                                       fingerprint of the url
         def fingerprint(fingerprints, opts = {})
-          bar = progress_bar(total: fingerprints.size) if opts[:show_progression]
+          create_progress_bar(opts.merge(total: fingerprints.size)) # if opts[:show_progression]
 
           fingerprints.each do |path, f|
             url     = target.url(path.dup)
             request = browser.forge_request(url, request_params)
 
             request.on_complete do |res|
-              bar.progress += 1 if opts[:show_progression]
+              progress_bar.increment
 
               md5sum = hexdigest(res.body)
 

data/lib/cms_scanner/finders/finder/smart_url_checker.rb

@@ -24,7 +24,7 @@ module CMSScanner
         #
         # @return [ Array<String> ]
         def passive_urls(_opts = {})
-          target.in_scope_urls(NS::Browser.get(target.url), passive_urls_xpath)
+          target.in_scope_urls(target.homepage_res, passive_urls_xpath)
         end
 
         # @return [ String ]

data/lib/cms_scanner/mocked_progress_bar.rb

@@ -0,0 +1,38 @@
+module CMSScanner
+  # ProgressBar to be used in formatter w/o user_interaction such as
+  # JSON etc, to still be able to have a log of messages to output.
+  # The object must implement the methods in ruby-progressbar
+  # and used in CMSScanner, See https://github.com/jfelchner/ruby-progressbar
+  class MockedProgressBar
+    attr_reader :increment, :finish
+
+    def self.create(opts = {})
+      new(opts)
+    end
+
+    def initialize(_opts = {})
+    end
+
+    # @return [ Integer ]
+    def total
+      0
+    end
+
+    def total=(_total)
+    end
+
+    # @return [ Array<String> ]
+    def logs
+      @logs ||= []
+    end
+
+    # @param [ String, nil ] message
+    #
+    # @return [ Mixed ]
+    def log(message = nil)
+      return logs unless message
+
+      logs << message
+    end
+  end
+end

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.37.2'
+  VERSION = '0.0.37.3'
 end

data/lib/cms_scanner/web_site.rb

@@ -36,6 +36,22 @@ module CMSScanner
       @uri.join(URI.encode(path)).to_s
     end
 
+    attr_writer :homepage_res
+
+    # @return [ Typhoeus::Response ]
+    #
+    # As webmock does not support redirects mocking, coverage is ignored
+    # :nocov:
+    def homepage_res
+      @homepage_res ||= NS::Browser.get_and_follow_location(url)
+    end
+    # :nocov:
+
+    # @return [ String ]
+    def homepage_url
+      @homepage_url ||= homepage_res.effective_url
+    end
+
     # Checks if the remote website is up.
     #
     # @param [ String ] path

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.37.2
+  version: 0.0.37.3
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-04 00:00:00.000000000 Z
+date: 2015-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: typhoeus
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.3.8
+        version: 2.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.3.8
+        version: 2.4.0
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -294,6 +294,7 @@ files:
 - lib/cms_scanner/formatter.rb
 - lib/cms_scanner/formatter/buffer.rb
 - lib/cms_scanner/helper.rb
+- lib/cms_scanner/mocked_progress_bar.rb
 - lib/cms_scanner/numeric.rb
 - lib/cms_scanner/public_suffix/domain.rb
 - lib/cms_scanner/references.rb