koji 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +53 -0
- data/.rspec +3 -0
- data/.travis.yml +9 -0
- data/Gemfile +4 -0
- data/LICENSE +21 -0
- data/README.md +89 -0
- data/Rakefile +8 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/exe/koji +8 -0
- data/koji.gemspec +39 -0
- data/lib/koji.rb +33 -0
- data/lib/koji/cli.rb +19 -0
- data/lib/koji/detector.rb +44 -0
- data/lib/koji/error.rb +5 -0
- data/lib/koji/plugins/base.rb +37 -0
- data/lib/koji/plugins/cakephp.rb +21 -0
- data/lib/koji/plugins/codeigniter.rb +21 -0
- data/lib/koji/plugins/django.rb +22 -0
- data/lib/koji/plugins/domain.rb +25 -0
- data/lib/koji/plugins/fuelphp.rb +21 -0
- data/lib/koji/plugins/php_debugbar.rb +25 -0
- data/lib/koji/plugins/phpinfo.rb +25 -0
- data/lib/koji/plugins/self_signed_cert.rb +22 -0
- data/lib/koji/plugins/symfony.rb +21 -0
- data/lib/koji/version.rb +5 -0
- data/lib/koji/website.rb +62 -0
- metadata +225 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 7ed9c045526b3979e2cc8bf687a2b0da1260fceb20590835d96020ccea6562e2
|
4
|
+
data.tar.gz: 3585dbcc2447d17def9701e47d8375d55fe511bdfbd6974dc3f344ccd4d94382
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 853ba4014783742581c4f478eb182a081eb03d772ca5b23f6000b4472dda6b9a904013df192df92d61a62c4b8ff5ff52024a9d680d9e152833aed6ef32c62526
|
7
|
+
data.tar.gz: a39ebd7af05576de2b7b969253fe4fcbd26030510d1059d2ca9b806edb09e69e41b7726988436241b2d24330346564942d5b810f9d19d844c7eb5bc92eb4d528
|
data/.gitignore
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
*.gem
|
2
|
+
*.rbc
|
3
|
+
/.config
|
4
|
+
/coverage/
|
5
|
+
/InstalledFiles
|
6
|
+
/pkg/
|
7
|
+
/spec/reports/
|
8
|
+
/spec/examples.txt
|
9
|
+
/test/tmp/
|
10
|
+
/test/version_tmp/
|
11
|
+
/tmp/
|
12
|
+
|
13
|
+
# Used by dotenv library to load environment variables.
|
14
|
+
.env
|
15
|
+
|
16
|
+
## Specific to RubyMotion:
|
17
|
+
.dat*
|
18
|
+
.repl_history
|
19
|
+
build/
|
20
|
+
*.bridgesupport
|
21
|
+
build-iPhoneOS/
|
22
|
+
build-iPhoneSimulator/
|
23
|
+
|
24
|
+
## Specific to RubyMotion (use of CocoaPods):
|
25
|
+
#
|
26
|
+
# We recommend against adding the Pods directory to your .gitignore. However
|
27
|
+
# you should judge for yourself, the pros and cons are mentioned at:
|
28
|
+
# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
|
29
|
+
#
|
30
|
+
# vendor/Pods/
|
31
|
+
|
32
|
+
## Documentation cache and generated files:
|
33
|
+
/.yardoc/
|
34
|
+
/_yardoc/
|
35
|
+
/doc/
|
36
|
+
/rdoc/
|
37
|
+
|
38
|
+
## Environment normalization:
|
39
|
+
/.bundle/
|
40
|
+
/vendor/bundle
|
41
|
+
/lib/bundler/man/
|
42
|
+
|
43
|
+
# for a library or gem, you might want to ignore these files since the code is
|
44
|
+
# intended to run in multiple environments; otherwise, check them in:
|
45
|
+
Gemfile.lock
|
46
|
+
.ruby-version
|
47
|
+
.ruby-gemset
|
48
|
+
|
49
|
+
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
50
|
+
.rvmrc
|
51
|
+
|
52
|
+
## RSpec
|
53
|
+
.rspec_status
|
data/.rspec
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2019 Manabu Niseki
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,89 @@
|
|
1
|
+
# koji
|
2
|
+
|
3
|
+
[![Build Status](https://travis-ci.org/ninoseki/koji.svg?branch=master)](https://travis-ci.org/ninoseki/koji)
|
4
|
+
[![Coverage Status](https://coveralls.io/repos/github/ninoseki/koji/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/koji?branch=master)
|
5
|
+
|
6
|
+
koji (`工事`) is a development/staging environment detector.
|
7
|
+
|
8
|
+
## Features
|
9
|
+
|
10
|
+
- Web app debug feature detection (CodeIgniter, Django, FuelPHP and etc.)
|
11
|
+
- Suspicious domain detection (e.g. `dev.*.com`, `stg.*.com`)
|
12
|
+
- Self-signed certificate detection
|
13
|
+
|
14
|
+
## Installation
|
15
|
+
|
16
|
+
```bash
|
17
|
+
gem install koji
|
18
|
+
```
|
19
|
+
|
20
|
+
## Usage
|
21
|
+
|
22
|
+
### As a CLI
|
23
|
+
|
24
|
+
```bash
|
25
|
+
$ koji help
|
26
|
+
Commands:
|
27
|
+
koji check URL # check a given URL
|
28
|
+
koji help [COMMAND] # Describe available commands or one specific command
|
29
|
+
|
30
|
+
$ koji check https://github.com/ninoseki/koji
|
31
|
+
{
|
32
|
+
"verdict": "Not underconstruction",
|
33
|
+
"score": 0
|
34
|
+
}
|
35
|
+
|
36
|
+
$ koji check https://dev.example.com
|
37
|
+
{
|
38
|
+
"verdict": "Possibly underconstruction",
|
39
|
+
"score": 50
|
40
|
+
}
|
41
|
+
|
42
|
+
$ koji check http://phpdebugbar.com/
|
43
|
+
{
|
44
|
+
"verdict": "Underconstruction",
|
45
|
+
"score": 100
|
46
|
+
}
|
47
|
+
|
48
|
+
$ koji check http://phpdebugbar.com/ --verbose
|
49
|
+
{
|
50
|
+
"verdict": "Underconstruction",
|
51
|
+
"score": 100,
|
52
|
+
"plugin_reports": [
|
53
|
+
{
|
54
|
+
"name": "PHPDebugBar",
|
55
|
+
"evidence_list": [
|
56
|
+
"The website contains PHP DebugBar"
|
57
|
+
],
|
58
|
+
"score": 100
|
59
|
+
}
|
60
|
+
]
|
61
|
+
}
|
62
|
+
|
63
|
+
$ koji check https://self-signed.badssl.com/ --verbose
|
64
|
+
{
|
65
|
+
"verdict": "Underconstruction",
|
66
|
+
"score": 100,
|
67
|
+
"plugin_reports": [
|
68
|
+
{
|
69
|
+
"name": "SelfSignedCertificate",
|
70
|
+
"evidence_list": [
|
71
|
+
"The website has a self-signed certificate"
|
72
|
+
],
|
73
|
+
"score": 100
|
74
|
+
}
|
75
|
+
]
|
76
|
+
}
|
77
|
+
```
|
78
|
+
|
79
|
+
### As a library
|
80
|
+
|
81
|
+
```ruby
|
82
|
+
require "koji"
|
83
|
+
|
84
|
+
website = Koji::Website.new("http://example.com")
|
85
|
+
detector = Koji::Detector.new(website)
|
86
|
+
|
87
|
+
puts detector.report
|
88
|
+
puts detector.detailed_report
|
89
|
+
```
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "koji"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
data/exe/koji
ADDED
data/koji.gemspec
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
lib = File.expand_path('lib', __dir__)
|
4
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
5
|
+
require "koji/version"
|
6
|
+
|
7
|
+
Gem::Specification.new do |spec|
|
8
|
+
spec.name = "koji"
|
9
|
+
spec.version = Koji::VERSION
|
10
|
+
spec.authors = ["Manabu Niseki"]
|
11
|
+
spec.email = ["manabu.niseki@gmail.com"]
|
12
|
+
|
13
|
+
spec.summary = 'A development/staging environment detector.'
|
14
|
+
spec.description = 'A development/staging environment detector.'
|
15
|
+
spec.homepage = "https://github.com/ninoseki/koji"
|
16
|
+
spec.license = "MIT"
|
17
|
+
|
18
|
+
# Specify which files should be added to the gem when it is released.
|
19
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
20
|
+
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
21
|
+
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
22
|
+
end
|
23
|
+
spec.bindir = "exe"
|
24
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
25
|
+
spec.require_paths = ["lib"]
|
26
|
+
|
27
|
+
spec.add_development_dependency "bundler", "~> 2.0"
|
28
|
+
spec.add_development_dependency "coveralls", "~> 0.8"
|
29
|
+
spec.add_development_dependency "rake", "~> 12.3"
|
30
|
+
spec.add_development_dependency "rspec", "~> 3.8"
|
31
|
+
spec.add_development_dependency "webmock", "~> 3.5"
|
32
|
+
|
33
|
+
spec.add_dependency "http", "~> 4.1"
|
34
|
+
spec.add_dependency "mem", "~> 0.1"
|
35
|
+
spec.add_dependency "oga", "~> 2.15"
|
36
|
+
spec.add_dependency "public_suffix", "~> 3.0"
|
37
|
+
spec.add_dependency "require_all", "~> 2.0"
|
38
|
+
spec.add_dependency "thor", "~> 0.19"
|
39
|
+
end
|
data/lib/koji.rb
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "mem"
|
4
|
+
|
5
|
+
module Koji
|
6
|
+
class << self
|
7
|
+
include Mem
|
8
|
+
|
9
|
+
def plugins
|
10
|
+
[]
|
11
|
+
end
|
12
|
+
memoize :plugins
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
require "koji/version"
|
17
|
+
require "koji/error"
|
18
|
+
|
19
|
+
require "koji/website"
|
20
|
+
|
21
|
+
require "koji/plugins/base"
|
22
|
+
require "koji/plugins/cakephp"
|
23
|
+
require "koji/plugins/codeigniter"
|
24
|
+
require "koji/plugins/django"
|
25
|
+
require "koji/plugins/domain"
|
26
|
+
require "koji/plugins/fuelphp"
|
27
|
+
require "koji/plugins/php_debugbar"
|
28
|
+
require "koji/plugins/phpinfo"
|
29
|
+
require "koji/plugins/self_signed_cert"
|
30
|
+
require "koji/plugins/symfony"
|
31
|
+
|
32
|
+
require "koji/detector"
|
33
|
+
require "koji/cli"
|
data/lib/koji/cli.rb
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "thor"
|
4
|
+
require "json"
|
5
|
+
|
6
|
+
module Koji
|
7
|
+
class CLI < Thor
|
8
|
+
desc "check URL", "check a given URL"
|
9
|
+
option :verbose, type: :boolean, default: false
|
10
|
+
def check(url)
|
11
|
+
website = Website.new(url)
|
12
|
+
detector = Detector.new(website)
|
13
|
+
verbose = options.dig("verbose") || false
|
14
|
+
report = verbose ? detector.detailed_report : detector.report
|
15
|
+
|
16
|
+
puts JSON.pretty_generate(report)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Koji
|
4
|
+
class Detector
|
5
|
+
attr_reader :website
|
6
|
+
|
7
|
+
def initialize(website)
|
8
|
+
@website = website
|
9
|
+
end
|
10
|
+
|
11
|
+
def score
|
12
|
+
plugins.map(&:score).sum
|
13
|
+
end
|
14
|
+
|
15
|
+
def verdict
|
16
|
+
case score.to_i
|
17
|
+
when -Float::INFINITY..49
|
18
|
+
"Not underconstruction"
|
19
|
+
when 50..99
|
20
|
+
"Possibly underconstruction"
|
21
|
+
when 100..Float::INFINITY
|
22
|
+
"Underconstruction"
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def report
|
27
|
+
{
|
28
|
+
verdict: verdict,
|
29
|
+
score: score
|
30
|
+
}
|
31
|
+
end
|
32
|
+
|
33
|
+
def detailed_report
|
34
|
+
plugin_reports = plugins.map(&:report).select { |report| report.dig(:score).to_i.positive? }
|
35
|
+
report.merge(plugin_reports: plugin_reports)
|
36
|
+
end
|
37
|
+
|
38
|
+
private
|
39
|
+
|
40
|
+
def plugins
|
41
|
+
@plugins ||= Koji.plugins.map { |klass| klass.new website }
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
data/lib/koji/error.rb
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Koji
|
4
|
+
module Plugins
|
5
|
+
class Base
|
6
|
+
def self.inherited(child)
|
7
|
+
Koji.plugins << child
|
8
|
+
end
|
9
|
+
|
10
|
+
attr_reader :website
|
11
|
+
|
12
|
+
def initialize(website)
|
13
|
+
@website = website
|
14
|
+
end
|
15
|
+
|
16
|
+
def evidence_list
|
17
|
+
raise NotImplementedError, "You must implement #{self.class}##{__method__}"
|
18
|
+
end
|
19
|
+
|
20
|
+
def score
|
21
|
+
raise NotImplementedError, "You must implement #{self.class}##{__method__}"
|
22
|
+
end
|
23
|
+
|
24
|
+
def name
|
25
|
+
self.class.to_s.split("::").last
|
26
|
+
end
|
27
|
+
|
28
|
+
def report
|
29
|
+
{
|
30
|
+
name: name,
|
31
|
+
evidence_list: evidence_list,
|
32
|
+
score: score
|
33
|
+
}
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Koji
|
4
|
+
module Plugins
|
5
|
+
class CakePHP < Base
|
6
|
+
def debug_toolbar
|
7
|
+
website.body&.to_s&.include?("js_debug_toolbar.js") && website.body&.to_s&.include?("debug_toolbar.css")
|
8
|
+
end
|
9
|
+
|
10
|
+
def evidence_list
|
11
|
+
@evidence_list ||= [].tap do |out|
|
12
|
+
out << "The website contains CakePHP's debug toolbar" if debug_toolbar
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def score
|
17
|
+
evidence_list.empty? ? 0 : 100
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Koji
|
4
|
+
module Plugins
|
5
|
+
class CodeIgniter < Base
|
6
|
+
def profiler
|
7
|
+
website.doc&.at_css("#codeigniter_profiler")
|
8
|
+
end
|
9
|
+
|
10
|
+
def evidence_list
|
11
|
+
@evidence_list ||= [].tap do |out|
|
12
|
+
out << "The website contains CodeIgniter's Profiler" if profiler
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def score
|
17
|
+
evidence_list.empty? ? 0 : 100
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Koji
|
4
|
+
module Plugins
|
5
|
+
class Django < Base
|
6
|
+
def debug_toolbar
|
7
|
+
# ref. https://github.com/jazzband/django-debug-toolbar
|
8
|
+
website.doc&.at_css("#djDebug")
|
9
|
+
end
|
10
|
+
|
11
|
+
def evidence_list
|
12
|
+
@evidence_list ||= [].tap do |out|
|
13
|
+
out << "The website contains Django Debug Toolbar" if debug_toolbar
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
def score
|
18
|
+
evidence_list.empty? ? 0 : 100
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "public_suffix"
|
4
|
+
|
5
|
+
module Koji
|
6
|
+
module Plugins
|
7
|
+
class Domain < Base
|
8
|
+
SUSPICIOUS_WORDS = %w(dev development stg staging test testing).freeze
|
9
|
+
|
10
|
+
def domain
|
11
|
+
@domain ||= PublicSuffix.parse(website.url.hostname)
|
12
|
+
end
|
13
|
+
|
14
|
+
def evidence_list
|
15
|
+
@evidence_list ||= domain.trd.to_s.split(".").map do |part|
|
16
|
+
"#{domain} contains a suspicious keyword: #{part}." if SUSPICIOUS_WORDS.include?(part)
|
17
|
+
end.compact
|
18
|
+
end
|
19
|
+
|
20
|
+
def score
|
21
|
+
evidence_list.empty? ? 0 : 50
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Koji
|
4
|
+
module Plugins
|
5
|
+
class FuelPHP < Base
|
6
|
+
def profiler
|
7
|
+
website.doc&.at_css("#openProfiler > a")
|
8
|
+
end
|
9
|
+
|
10
|
+
def evidence_list
|
11
|
+
@evidence_list ||= [].tap do |out|
|
12
|
+
out << "The website contains FuelPHP's Profiler" if profiler
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def score
|
17
|
+
evidence_list.empty? ? 0 : 100
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Koji
|
4
|
+
module Plugins
|
5
|
+
class PHPDebugBar < Base
|
6
|
+
def js_debug_bar
|
7
|
+
website.body&.to_s&.include? "var phpdebugbar = new PhpDebugBar.DebugBar()"
|
8
|
+
end
|
9
|
+
|
10
|
+
def debug_bar
|
11
|
+
website.body&.to_s&.include?("debugbar/debugbar.js") && website.body&.to_s&.include?("debugbar/debugbar.css")
|
12
|
+
end
|
13
|
+
|
14
|
+
def evidence_list
|
15
|
+
@evidence_list ||= [].tap do |out|
|
16
|
+
out << "The website contains PHP DebugBar" if debug_bar || js_debug_bar
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def score
|
21
|
+
evidence_list.empty? ? 0 : 100
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Koji
|
4
|
+
module Plugins
|
5
|
+
class PHPinfo < Base
|
6
|
+
def title
|
7
|
+
website.doc&.at_css("title")&.text == "phpinfo()"
|
8
|
+
end
|
9
|
+
|
10
|
+
def logo
|
11
|
+
website.doc&.at_css('img[alt="PHP Logo"]')
|
12
|
+
end
|
13
|
+
|
14
|
+
def evidence_list
|
15
|
+
@evidence_list ||= [].tap do |out|
|
16
|
+
out << "The website contains phpinfo" if title || logo
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def score
|
21
|
+
evidence_list.empty? ? 0 : 100
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Koji
|
4
|
+
module Plugins
|
5
|
+
class SelfSignedCertificate < Base
|
6
|
+
def self_signed?
|
7
|
+
website.body
|
8
|
+
website.exception.is_a?(OpenSSL::SSL::SSLError) && website.exception.to_s.include?("self signed certificate")
|
9
|
+
end
|
10
|
+
|
11
|
+
def evidence_list
|
12
|
+
@evidence_list ||= [].tap do |out|
|
13
|
+
out << "The website has a self-signed certificate" if self_signed?
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
def score
|
18
|
+
evidence_list.empty? ? 0 : 100
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Koji
|
4
|
+
module Plugins
|
5
|
+
class Symfony < Base
|
6
|
+
def profiler
|
7
|
+
website.doc&.at_css(".sf-toolbar")
|
8
|
+
end
|
9
|
+
|
10
|
+
def evidence_list
|
11
|
+
@evidence_list ||= [].tap do |out|
|
12
|
+
out << "The website contains Symfony's Profiler" if profiler
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def score
|
17
|
+
evidence_list.empty? ? 0 : 100
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
data/lib/koji/version.rb
ADDED
data/lib/koji/website.rb
ADDED
@@ -0,0 +1,62 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "digest/sha2"
|
4
|
+
require "http"
|
5
|
+
require "oga"
|
6
|
+
require "uri"
|
7
|
+
|
8
|
+
module Koji
|
9
|
+
class Website
|
10
|
+
attr_reader :url
|
11
|
+
|
12
|
+
def initialize(url)
|
13
|
+
@url = URI(url)
|
14
|
+
rescue URI::Error => _e
|
15
|
+
raise ArgumentError, "#{uri} is not a valid URL."
|
16
|
+
end
|
17
|
+
|
18
|
+
def response
|
19
|
+
@response ||= get
|
20
|
+
end
|
21
|
+
|
22
|
+
def body
|
23
|
+
@body ||= response ? response&.body&.to_s : nil
|
24
|
+
end
|
25
|
+
|
26
|
+
def sha256
|
27
|
+
@sha256 ||= body ? Digest::SHA256.hexdigest(body.to_s) : nil
|
28
|
+
end
|
29
|
+
|
30
|
+
def doc
|
31
|
+
@doc ||= body ? parse_html(body.to_s) : nil
|
32
|
+
end
|
33
|
+
|
34
|
+
def exception
|
35
|
+
@exception || nil
|
36
|
+
end
|
37
|
+
|
38
|
+
private
|
39
|
+
|
40
|
+
def http
|
41
|
+
if proxy = ENV["HTTPS_PROXY"] || ENV["https_proxy"] || ENV["HTTP_PROXY"] || ENV["http_proxy"]
|
42
|
+
uri = URI(proxy)
|
43
|
+
HTTP.via(uri.hostname, uri.port)
|
44
|
+
else
|
45
|
+
HTTP
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def get
|
50
|
+
http.get(url)
|
51
|
+
rescue OpenSSL::SSL::SSLError, HTTP::Error, Addressable::URI::InvalidURIError => e
|
52
|
+
@exception = e
|
53
|
+
nil
|
54
|
+
end
|
55
|
+
|
56
|
+
def parse_html(html)
|
57
|
+
Oga.parse_html(html)
|
58
|
+
rescue ArgumentError, Encoding::CompatibilityError, LL::ParserError => _e
|
59
|
+
nil
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
metadata
ADDED
@@ -0,0 +1,225 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: koji
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Manabu Niseki
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-07-25 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '2.0'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '2.0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: coveralls
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0.8'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0.8'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '12.3'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '12.3'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '3.8'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '3.8'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: webmock
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '3.5'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '3.5'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: http
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '4.1'
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '4.1'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: mem
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0.1'
|
104
|
+
type: :runtime
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0.1'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: oga
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '2.15'
|
118
|
+
type: :runtime
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '2.15'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: public_suffix
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '3.0'
|
132
|
+
type: :runtime
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '3.0'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: require_all
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '2.0'
|
146
|
+
type: :runtime
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '2.0'
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: thor
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - "~>"
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: '0.19'
|
160
|
+
type: :runtime
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - "~>"
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: '0.19'
|
167
|
+
description: A development/staging environment detector.
|
168
|
+
email:
|
169
|
+
- manabu.niseki@gmail.com
|
170
|
+
executables:
|
171
|
+
- koji
|
172
|
+
extensions: []
|
173
|
+
extra_rdoc_files: []
|
174
|
+
files:
|
175
|
+
- ".gitignore"
|
176
|
+
- ".rspec"
|
177
|
+
- ".travis.yml"
|
178
|
+
- Gemfile
|
179
|
+
- LICENSE
|
180
|
+
- README.md
|
181
|
+
- Rakefile
|
182
|
+
- bin/console
|
183
|
+
- bin/setup
|
184
|
+
- exe/koji
|
185
|
+
- koji.gemspec
|
186
|
+
- lib/koji.rb
|
187
|
+
- lib/koji/cli.rb
|
188
|
+
- lib/koji/detector.rb
|
189
|
+
- lib/koji/error.rb
|
190
|
+
- lib/koji/plugins/base.rb
|
191
|
+
- lib/koji/plugins/cakephp.rb
|
192
|
+
- lib/koji/plugins/codeigniter.rb
|
193
|
+
- lib/koji/plugins/django.rb
|
194
|
+
- lib/koji/plugins/domain.rb
|
195
|
+
- lib/koji/plugins/fuelphp.rb
|
196
|
+
- lib/koji/plugins/php_debugbar.rb
|
197
|
+
- lib/koji/plugins/phpinfo.rb
|
198
|
+
- lib/koji/plugins/self_signed_cert.rb
|
199
|
+
- lib/koji/plugins/symfony.rb
|
200
|
+
- lib/koji/version.rb
|
201
|
+
- lib/koji/website.rb
|
202
|
+
homepage: https://github.com/ninoseki/koji
|
203
|
+
licenses:
|
204
|
+
- MIT
|
205
|
+
metadata: {}
|
206
|
+
post_install_message:
|
207
|
+
rdoc_options: []
|
208
|
+
require_paths:
|
209
|
+
- lib
|
210
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
211
|
+
requirements:
|
212
|
+
- - ">="
|
213
|
+
- !ruby/object:Gem::Version
|
214
|
+
version: '0'
|
215
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
216
|
+
requirements:
|
217
|
+
- - ">="
|
218
|
+
- !ruby/object:Gem::Version
|
219
|
+
version: '0'
|
220
|
+
requirements: []
|
221
|
+
rubygems_version: 3.0.2
|
222
|
+
signing_key:
|
223
|
+
specification_version: 4
|
224
|
+
summary: A development/staging environment detector.
|
225
|
+
test_files: []
|