cms_scanner 0.0.44.1 → 0.0.44.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cms_scanner/target.rb +5 -0
- data/lib/cms_scanner/target/scope.rb +18 -5
- data/lib/cms_scanner/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '09dd0821b75168298578cb5c85a22365f04cf20e6e1ebd5b8d8596c1a254d030'
|
4
|
+
data.tar.gz: fad0cc718b8357a3fdb36a554a988ad785953dcc31928695e0f79fc4ced98280
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 562b4365b26263a79bb4efeeabf29ad5d43354909409260727bfe72e04c43193fd3bd96615cc2b46ac0b35f0c692711c40dd31762e1d714b1aa775baeb090c44
|
7
|
+
data.tar.gz: 37f9846fb92cfe73ee786d3a8d93a535a67d38008632b5b0c994499719d92a8161a118ac3c5a7b610968f6a444e5b6db017e20b1719f31f08c0adf6a9a5a6a44
|
data/lib/cms_scanner/target.rb
CHANGED
@@ -37,6 +37,11 @@ module CMSScanner
|
|
37
37
|
raise NotImplementedError
|
38
38
|
end
|
39
39
|
|
40
|
+
# @return [ Regexp ]
|
41
|
+
def url_pattern
|
42
|
+
@url_pattern ||= Regexp.new(Regexp.escape(url).gsub(/https?/i, 'https?'), Regexp::IGNORECASE)
|
43
|
+
end
|
44
|
+
|
40
45
|
# @param [ String ] xpath
|
41
46
|
# @param [ Regexp ] pattern
|
42
47
|
# @param [ Typhoeus::Response, String ] page
|
@@ -37,9 +37,22 @@ module CMSScanner
|
|
37
37
|
found
|
38
38
|
end
|
39
39
|
|
40
|
+
# Similar to Target#url_pattern but considering the in scope domains as well
|
41
|
+
#
|
42
|
+
# @return [ Regexp ]
|
43
|
+
def scope_url_pattern
|
44
|
+
return @scope_url_pattern if @scope_url_pattern
|
45
|
+
|
46
|
+
domains = [uri.host + uri.path] + scope.domains[1..-1]&.map(&:to_s) + scope.invalid_domains
|
47
|
+
|
48
|
+
domains.map! { |d| Regexp.escape(d.gsub(%r{/$}, '')).sub('\*', '.*') }
|
49
|
+
|
50
|
+
@scope_url_pattern = %r{https?://(?:#{domains.join('|')})/?}i
|
51
|
+
end
|
52
|
+
|
40
53
|
# Scope Implementation
|
41
54
|
class Scope
|
42
|
-
# @return [ Array<PublicSuffix::Domain ] The valid domains in scope
|
55
|
+
# @return [ Array<PublicSuffix::Domain> ] The valid domains in scope
|
43
56
|
def domains
|
44
57
|
@domains ||= []
|
45
58
|
end
|
@@ -50,8 +63,8 @@ module CMSScanner
|
|
50
63
|
end
|
51
64
|
|
52
65
|
def <<(element)
|
53
|
-
if PublicSuffix.valid?(element)
|
54
|
-
domains << PublicSuffix.parse(element)
|
66
|
+
if PublicSuffix.valid?(element, ignore_private: true)
|
67
|
+
domains << PublicSuffix.parse(element, ignore_private: true)
|
55
68
|
else
|
56
69
|
invalid_domains << element
|
57
70
|
end
|
@@ -59,8 +72,8 @@ module CMSScanner
|
|
59
72
|
|
60
73
|
# @return [ Boolean ] Wether or not the host is in the scope
|
61
74
|
def include?(host)
|
62
|
-
if PublicSuffix.valid?(host)
|
63
|
-
domain = PublicSuffix.parse(host)
|
75
|
+
if PublicSuffix.valid?(host, ignore_private: true)
|
76
|
+
domain = PublicSuffix.parse(host, ignore_private: true)
|
64
77
|
|
65
78
|
domains.each { |d| return true if domain.match(d) }
|
66
79
|
else
|
data/lib/cms_scanner/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cms_scanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.44.
|
4
|
+
version: 0.0.44.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-04-
|
11
|
+
date: 2019-04-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nokogiri
|
@@ -170,14 +170,14 @@ dependencies:
|
|
170
170
|
requirements:
|
171
171
|
- - "~>"
|
172
172
|
- !ruby/object:Gem::Version
|
173
|
-
version: 1.
|
173
|
+
version: 1.3.0
|
174
174
|
type: :development
|
175
175
|
prerelease: false
|
176
176
|
version_requirements: !ruby/object:Gem::Requirement
|
177
177
|
requirements:
|
178
178
|
- - "~>"
|
179
179
|
- !ruby/object:Gem::Version
|
180
|
-
version: 1.
|
180
|
+
version: 1.3.0
|
181
181
|
- !ruby/object:Gem::Dependency
|
182
182
|
name: rubocop
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|