cms_scanner 0.0.44.1 → 0.0.44.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 694aee9839bf9def0fb11faf2821c96267215275e6b25e35704aaeb348742465
-  data.tar.gz: 2602463d8655bcbd0a9ea112e9b1d972791049c26bf814a73f8ac7b254de88ee
+  metadata.gz: '09dd0821b75168298578cb5c85a22365f04cf20e6e1ebd5b8d8596c1a254d030'
+  data.tar.gz: fad0cc718b8357a3fdb36a554a988ad785953dcc31928695e0f79fc4ced98280
 SHA512:
-  metadata.gz: 71692d53eece2893f4a5de11e9671d410cbda4cb321ce9eacbf02e6a47096ab56d43f0cfec4525dd501222612b2102eceb5d1fc0b1800c547faeb0a2436ca59f
-  data.tar.gz: 11f1d927526accb4ab93f85297906744e74168576553a3b28eb3862d5d779ccac9d566aed1149255164a18139550f19f8bd88c9b2b93d70e808a1fdac8f1f0cc
+  metadata.gz: 562b4365b26263a79bb4efeeabf29ad5d43354909409260727bfe72e04c43193fd3bd96615cc2b46ac0b35f0c692711c40dd31762e1d714b1aa775baeb090c44
+  data.tar.gz: 37f9846fb92cfe73ee786d3a8d93a535a67d38008632b5b0c994499719d92a8161a118ac3c5a7b610968f6a444e5b6db017e20b1719f31f08c0adf6a9a5a6a44

data/lib/cms_scanner/target.rb

@@ -37,6 +37,11 @@ module CMSScanner
       raise NotImplementedError
     end
 
+    # @return [ Regexp ]
+    def url_pattern
+      @url_pattern ||= Regexp.new(Regexp.escape(url).gsub(/https?/i, 'https?'), Regexp::IGNORECASE)
+    end
+
     # @param [ String ] xpath
     # @param [ Regexp ] pattern
     # @param [ Typhoeus::Response, String ] page

data/lib/cms_scanner/target/scope.rb

@@ -37,9 +37,22 @@ module CMSScanner
       found
     end
 
+    # Similar to Target#url_pattern but considering the in scope domains as well
+    #
+    # @return [ Regexp ]
+    def scope_url_pattern
+      return @scope_url_pattern if @scope_url_pattern
+
+      domains = [uri.host + uri.path] + scope.domains[1..-1]&.map(&:to_s) + scope.invalid_domains
+
+      domains.map! { |d| Regexp.escape(d.gsub(%r{/$}, '')).sub('\*', '.*') }
+
+      @scope_url_pattern = %r{https?://(?:#{domains.join('|')})/?}i
+    end
+
     # Scope Implementation
     class Scope
-      # @return [ Array<PublicSuffix::Domain ] The valid domains in scope
+      # @return [ Array<PublicSuffix::Domain> ] The valid domains in scope
       def domains
         @domains ||= []
       end
@@ -50,8 +63,8 @@ module CMSScanner
       end
 
       def <<(element)
-        if PublicSuffix.valid?(element)
-          domains << PublicSuffix.parse(element)
+        if PublicSuffix.valid?(element, ignore_private: true)
+          domains << PublicSuffix.parse(element, ignore_private: true)
         else
           invalid_domains << element
         end
@@ -59,8 +72,8 @@ module CMSScanner
 
       # @return [ Boolean ] Wether or not the host is in the scope
       def include?(host)
-        if PublicSuffix.valid?(host)
-          domain = PublicSuffix.parse(host)
+        if PublicSuffix.valid?(host, ignore_private: true)
+          domain = PublicSuffix.parse(host, ignore_private: true)
 
           domains.each { |d| return true if domain.match(d) }
         else

data/lib/cms_scanner/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module CMSScanner
-  VERSION = '0.0.44.1'
+  VERSION = '0.0.44.2'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.44.1
+  version: 0.0.44.2
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-04-08 00:00:00.000000000 Z
+date: 2019-04-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -170,14 +170,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 1.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement