cms_scanner 0.0.4 → 0.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9ef4664292e2b76b62b68005c011ad2556c481f3
-  data.tar.gz: 837736b39f70241e9a2958974f7184d6b4db13ae
+  metadata.gz: a4df8e5a102999fc7c177b6b99e3b2c31b6753a4
+  data.tar.gz: 5558b190e7bf8f1b1ea5d13354fdb4ebab2c4b2b
 SHA512:
-  metadata.gz: 3c976a3bca14ea5099c5fa8c6260e7b07ae63e792e39896e7a99bb291ef8751a56c08e01e5fed589a85423bf146d25daf8dfd7aa498a0de835adecbf9e3b7741
-  data.tar.gz: 6a83afe4347b104509ffcd8732494f8f0ef2fe54f114b462df8ab74f2565032e9a2083384ba16d162e249c6b138c8a1fbf6f6b0073b1a910a25eb6b48bd88c0d
+  metadata.gz: 4e28abacf6e31208804bbdc0e1f61368bcb598d3460f49940476bc8f878b7f9f9d0f2c9e579551ac15abcac69e49cf14e79848e0fe6256aa6c5f6acc91aef11b
+  data.tar.gz: 49c1f25826da617ab18d36241c63cc2b012faef1a9391fa70297ed309c46a4064f5e6deb11bddf91ff7655f885cfa99852f3e88343eaa2872f2bd13275271643

data/app/models/headers.rb

@@ -15,7 +15,7 @@ module CMSScanner
       entries.each do |header, value|
         next if known_headers.include?(header.downcase)
 
-        results << "#{header}: #{value}"
+        results << "#{header}: #{[*value].join(', ')}"
       end
       results
     end

data/app/views/cli/interesting_files/_array.erb

@@ -0,0 +1,10 @@
+<% unless @a.empty? -%>
+<% if @a.size == 1 -%>
+ | <%= @s %>: <%= @a.first %>
+<% else -%>
+ | <%= @p %>:
+<% @a.each do |line| -%>
+ |  - <%= line %>
+<% end -%>
+<% end -%>
+<% end -%>

data/app/views/cli/interesting_files/findings.erb

@@ -1,19 +1,19 @@
 Interesting Findings: <%= @findings.size %>
-
 <% @findings.each do |finding| -%>
+
 [+] <%= finding.url %>
  | Confidence: <%= finding.confidence %>%
  | Found By: <%= finding.found_by %>
 <% unless (confirmed = finding.confirmed_by).empty? -%>
+<% if confirmed.size == 1 -%>
+ | Confirmed By: <%= confirmed.first.found_by %>, <%= confirmed.first.confidence %>% confidence
+<% else -%>
  | Confirmed By:
 <% confirmed.each do |c| -%>
  |  - <%= c.found_by %>, <%= c.confidence %>% confidence
 <% end -%>
 <% end -%>
-<% unless (entries = finding.interesting_entries).empty? -%>
- | Interesting Entries:
-<% entries.each do |entry| -%>
- |  - <%= entry %>
 <% end -%>
-<% end %>
-<% end %>
+<%= render('_array', a: finding.references, s: 'Reference', p: 'References') -%>
+<%= render('_array', a: finding.interesting_entries, s: 'Interesting Entry', p: 'Interesting Entries') -%>
+<% end -%>

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.4'
+  VERSION = '0.0.5'
 end

data/spec/app/controllers/core_spec.rb

@@ -135,7 +135,7 @@ describe CMSScanner::Controller::Core do
   describe '#after_scan' do
     let(:keys) { [:verbose, :start_time, :stop_time, :start_memory, :elapsed, :used_memory] }
 
-    it 'calles the formatter with the correct parameters' do
+    it 'calls the formatter with the correct parameters' do
       # Call the #run once to ensure that @start_time & @start_memory are set
       expect(core).to receive(:output).with('started', url: target_url)
       core.run

data/spec/app/models/headers_spec.rb

@@ -39,7 +39,7 @@ describe CMSScanner::Headers do
       let(:headers) { parse_headers_file(fixture) }
 
       it 'returns an array with the headers' do
-        @expected = ['Server: nginx/1.1.19', 'X-Article-Id: 12']
+        @expected = ['Server: nginx/1.1.19', 'X-Powered-By: ASP.NET, PHP', 'X-Article-Id: 12']
       end
     end
 

data/spec/app/views_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+
+describe 'App::Views' do
+
+  let(:target_url) { 'http://ex.lo/' }
+  let(:fixtures)   { File.join(SPECS, 'output') }
+
+  # CliNoColour is used to test the CLI output to avoid the painful colours
+  # in the expected output.
+  [:JSON, :CliNoColour].each do |formatter|
+    context "when #{formatter}" do
+
+      it_behaves_like 'App::Views::Core'
+      it_behaves_like 'App::Views::InterestingFiles'
+
+      let(:parsed_options) { { url: target_url, format: formatter.to_s.underscore.dasherize } }
+
+      before do
+        controller.class.parsed_options = parsed_options
+        # Resets the formatter to ensure the correct one is loaded
+        controller.class.class_variable_set(:@@formatter, nil)
+      end
+
+      after do
+        view_filename  = "#{view}.#{formatter.to_s.underscore.downcase}"
+        controller_dir = controller.class.to_s.demodulize.underscore.downcase
+        output         = File.read(File.join(fixtures, controller_dir, view_filename))
+
+        expect($stdout).to receive(:puts).with(output)
+
+        controller.output(view, @tpl_vars)
+        controller.formatter.beautify # Mandatory to be able to test formatter such as JSON
+      end
+    end
+  end
+end

data/spec/fixtures/interesting_files/headers/interesting.txt

@@ -1,5 +1,7 @@
 HTTP/1.1 200 OK
 Server: nginx/1.1.19
+X-Powered-By: ASP.NET
+X-Powered-By: PHP
 Date: Thu
 Content-Type: text/plain; charset=utf-8
 Connection: keep-alive

data/spec/lib/controller_spec.rb

@@ -5,7 +5,8 @@ describe CMSScanner::Controller do
   subject(:controller) { described_class::Base.new }
 
   context 'when parsed_options' do
-    before               { described_class::Base.parsed_options = parsed_options }
+    before { described_class::Base.parsed_options = parsed_options }
+
     let(:parsed_options) { { url: 'http://example.com/' } }
 
     its(:parsed_options) { should eq(parsed_options) }

data/spec/output/core/finished.cli_no_colour

@@ -0,0 +1,4 @@
+
+[+] Finished: Thu Oct 30 13:02:03 2014
+[+] Memory used: 100 B
+[+] Elapsed time: 00:00:03

data/spec/output/core/finished.json

@@ -0,0 +1,5 @@
+{
+  "stop_time": 1414670523,
+  "elapsed": 3,
+  "used_memory": 100
+}

data/spec/output/core/started.cli_no_colour

@@ -0,0 +1,3 @@
+[+] URL: http://ex.lo/
+[+] Started: Thu Oct 30 13:02:01 2014
+

data/spec/output/core/started.json

@@ -0,0 +1,5 @@
+{
+  "start_time": 1414670521,
+  "start_memory": 10,
+  "target_url": "http://ex.lo/"
+}

data/spec/output/interesting_files/findings.cli_no_colour

@@ -0,0 +1,25 @@
+Interesting Findings: 3
+
+[+] F1
+ | Confidence: 10%
+ | Found By: Spec
+
+[+] F2
+ | Confidence: 10%
+ | Found By: Spec
+ | Confirmed By: Spec2, 10% confidence
+ | Reference: R1
+ | Interesting Entry: IE1
+
+[+] F3
+ | Confidence: 10%
+ | Found By: Spec
+ | Confirmed By:
+ |  - Spec2, 10% confidence
+ |  - Spec3, 10% confidence
+ | References:
+ |  - R1
+ |  - R2
+ | Interesting Entries:
+ |  - IE1
+ |  - IE2

data/spec/output/interesting_files/findings.json

@@ -0,0 +1,3 @@
+{
+  "todo": "Not yet done"
+}

data/spec/shared_examples.rb

@@ -1,4 +1,3 @@
-
 require 'shared_examples/browser_actions'
 require 'shared_examples/formatter_buffer'
 require 'shared_examples/formatter_class_methods'
@@ -9,3 +8,5 @@ require 'shared_examples/target/platform/php'
 require 'shared_examples/target/server/generic'
 require 'shared_examples/target/server/apache'
 require 'shared_examples/target/server/iis'
+require 'shared_examples/views/core'
+require 'shared_examples/views/interesting_files'

data/spec/shared_examples/views/core.rb

@@ -0,0 +1,26 @@
+
+shared_examples 'App::Views::Core' do
+
+  let(:controller) { CMSScanner::Controller::Core.new }
+  let(:tpl_vars)   { { url: target_url, start_time: Time.parse('2014-10-30 13:02:01 +0100') } }
+
+  describe 'started' do
+    let(:view) { 'started' }
+
+    it 'outputs the expected string' do
+      @tpl_vars = tpl_vars.merge(start_memory: 10)
+    end
+  end
+
+  describe 'finished' do
+    let(:view) { 'finished' }
+
+    it 'outputs the expected string' do
+      @tpl_vars = tpl_vars.merge(
+        stop_time: Time.parse('2014-10-30 13:02:03 +0100'),
+        used_memory: 100,
+        elapsed: 3
+      )
+    end
+  end
+end

data/spec/shared_examples/views/interesting_files.rb

@@ -0,0 +1,25 @@
+
+shared_examples 'App::Views::InterestingFiles' do
+
+  let(:controller)       { CMSScanner::Controller::InterestingFiles.new }
+  let(:tpl_vars)         { { url: target_url } }
+  let(:interesting_file) { CMSScanner::InterestingFile }
+
+  describe 'findings' do
+    let(:view) { 'findings' }
+    let(:opts) { { confidence: 10, found_by: 'Spec' } }
+
+    it 'outputs the expected string' do
+      findings = CMSScanner::Finders::Findings.new <<
+        interesting_file.new('F1', opts) <<
+        interesting_file.new('F2', opts.merge(references: %w(R1), interesting_entries: %w(IE1))) <<
+        interesting_file.new('F2', opts.merge(found_by: 'Spec2')) <<
+        interesting_file.new('F3',
+                             opts.merge(references: %w(R1 R2), interesting_entries: %w(IE1 IE2))) <<
+        interesting_file.new('F3', opts.merge(found_by: 'Spec2')) <<
+        interesting_file.new('F3', opts.merge(found_by: 'Spec3'))
+
+      @tpl_vars = tpl_vars.merge(findings: findings)
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - WPScanTeam - Erwan le Rousseau
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-21 00:00:00.000000000 Z
+date: 2014-10-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: opt_parse_validator
@@ -217,6 +217,7 @@ files:
 - app/models/xml_rpc.rb
 - app/views/cli/core/finished.erb
 - app/views/cli/core/started.erb
+- app/views/cli/interesting_files/_array.erb
 - app/views/cli/interesting_files/findings.erb
 - app/views/cli/scan_aborted.erb
 - app/views/json/core/finished.erb
@@ -272,6 +273,7 @@ files:
 - spec/app/models/interesting_file_spec.rb
 - spec/app/models/robots_txt_spec.rb
 - spec/app/models/xml_rpc_spec.rb
+- spec/app/views_spec.rb
 - spec/cache/.gitignore
 - spec/dummy_finders.rb
 - spec/fixtures/interesting_files/fantastico_fileslist/fantastico_fileslist.txt
@@ -318,6 +320,12 @@ files:
 - spec/lib/target/servers_spec.rb
 - spec/lib/target_spec.rb
 - spec/lib/web_site_spec.rb
+- spec/output/core/finished.cli_no_colour
+- spec/output/core/finished.json
+- spec/output/core/started.cli_no_colour
+- spec/output/core/started.json
+- spec/output/interesting_files/findings.cli_no_colour
+- spec/output/interesting_files/findings.json
 - spec/shared_examples.rb
 - spec/shared_examples/browser_actions.rb
 - spec/shared_examples/finding.rb
@@ -330,6 +338,8 @@ files:
 - spec/shared_examples/target/server/apache.rb
 - spec/shared_examples/target/server/generic.rb
 - spec/shared_examples/target/server/iis.rb
+- spec/shared_examples/views/core.rb
+- spec/shared_examples/views/interesting_files.rb
 - spec/spec_helper.rb
 homepage: https://github.com/wpscanteam/CMSScanner
 licenses:
@@ -372,6 +382,7 @@ test_files:
 - spec/app/models/interesting_file_spec.rb
 - spec/app/models/robots_txt_spec.rb
 - spec/app/models/xml_rpc_spec.rb
+- spec/app/views_spec.rb
 - spec/cache/.gitignore
 - spec/dummy_finders.rb
 - spec/fixtures/interesting_files/fantastico_fileslist/fantastico_fileslist.txt
@@ -418,6 +429,12 @@ test_files:
 - spec/lib/target/servers_spec.rb
 - spec/lib/target_spec.rb
 - spec/lib/web_site_spec.rb
+- spec/output/core/finished.cli_no_colour
+- spec/output/core/finished.json
+- spec/output/core/started.cli_no_colour
+- spec/output/core/started.json
+- spec/output/interesting_files/findings.cli_no_colour
+- spec/output/interesting_files/findings.json
 - spec/shared_examples.rb
 - spec/shared_examples/browser_actions.rb
 - spec/shared_examples/finding.rb
@@ -430,4 +447,6 @@ test_files:
 - spec/shared_examples/target/server/apache.rb
 - spec/shared_examples/target/server/generic.rb
 - spec/shared_examples/target/server/iis.rb
+- spec/shared_examples/views/core.rb
+- spec/shared_examples/views/interesting_files.rb
 - spec/spec_helper.rb