recog 0.02 → 1.0.0

data/spec/lib/recog/fingerprint_spec.rb

@@ -0,0 +1,5 @@
+require 'recog/fingerprint'
+
+describe Recog::Fingerprint do
+
+end

data/spec/lib/{formatter_spec.rb → recog/formatter_spec.rb}

@@ -1,4 +1,4 @@
-require_relative '../../lib/recog/formatter'
+require 'recog/formatter'
 
 describe Recog::Formatter do
   let(:output) { StringIO.new }

data/spec/lib/{match_reporter_spec.rb → recog/match_reporter_spec.rb}

@@ -1,11 +1,11 @@
-require_relative '../../lib/recog/match_reporter'
+require 'recog/match_reporter'
 
 describe Recog::MatchReporter do
   let(:options) { double(detail: false) }
   let(:formatter) { double('formatter').as_null_object }
   subject { Recog::MatchReporter.new(options, formatter) }
 
-  def run_report 
+  def run_report
     subject.report do
         subject.increment_line_count
         subject.match 'a match'
@@ -23,7 +23,7 @@ describe Recog::MatchReporter do
       expect(formatter).to receive(:failure_message).with('a failure')
       run_report
     end
-    
+
     context "with detail" do
       subject { Recog::MatchReporter.new(double(detail: true), formatter) }
 
@@ -35,7 +35,7 @@ describe Recog::MatchReporter do
       it "prints summary" do
         expect(formatter).to receive(:failure_message).with("SUMMARY: 1 matches and 1 failures")
         run_report
-      end  
+      end
     end
   end
 
@@ -63,27 +63,28 @@ describe Recog::MatchReporter do
 
   describe "#stop?" do
     context "with a failure limit" do
+
+      let(:options) { double(fail_fast: true, stop_after: 3, detail: false) }
       before do
-        options.stub(fail_fast: true, stop_after: 3) 
         subject.failure 'first'
         subject.failure 'second'
       end
 
       it "returns true when the limit is reached " do
         subject.failure 'third'
-        expect(subject.stop?).to be_true
+        expect(subject.stop?).to be true
       end
 
       it "returns false when under the limit" do
-        expect(subject.stop?).to be_false
+        expect(subject.stop?).to be false
       end
     end
 
     context "with no failure limit" do
-      before { options.stub(fail_fast: false) }
+      let(:options) { double(fail_fast: false, detail: false) }
 
       it "return false" do
-        expect(subject.stop?).to be_false
+        expect(subject.stop?).to be false
       end
     end
   end

data/spec/lib/{nizer_spec.rb → recog/nizer_spec.rb}

@@ -1,10 +1,10 @@
-require_relative '../../lib/recog'
+require 'recog'
 require 'yaml'
 
 describe Recog::Nizer do
-  subject { Recog::Nizer }
+  subject { described_class }
 
-  describe "#match" do
+  describe ".match" do
     File.readlines(File.expand_path(File.join('spec', 'data', 'smb_native_os.txt'))).each do |line|
       data = line.strip
       context "with smb_native_os:#{data}" do
@@ -32,7 +32,7 @@ describe Recog::Nizer do
     end
   end
 
-  describe "self.best_os_match" do
+  describe ".best_os_match" do
 
     # Demonstrates how this method picks up additional attributes from other members of the winning
     # os.product match group and applies them to the result.
@@ -90,7 +90,7 @@ describe Recog::Nizer do
 
   end
 
- describe "self.best_service_match" do
+ describe ".best_service_match" do
 
     # Demonstrates how this method picks up additional attributes from other members of the winning
     # service.product match group and applies them to the result.

data/spec/lib/{verify_reporter_spec.rb → recog/verify_reporter_spec.rb}

@@ -1,15 +1,16 @@
-require_relative '../../lib/recog/verify_reporter'
+require 'recog/verify_reporter'
 
 describe Recog::VerifyReporter do
   let(:formatter) { double('formatter').as_null_object }
-  let(:fingerprint) { double(name: 'a name', tests: [double, double, double]) }
+  let(:fingerprint) { double(name: 'a name', tests: tests) }
+  let(:tests) { [double, double, double] }
   let(:summary_line) do
     "SUMMARY: Test completed with 1 successful, 1 warnings, and 1 failures"
   end
 
   subject { Recog::VerifyReporter.new(double(detail: false), formatter) }
 
-  def run_report 
+  def run_report
     subject.report(1) do
         subject.print_name fingerprint
         subject.success 'passed'
@@ -32,8 +33,8 @@ describe Recog::VerifyReporter do
     it "prints summary" do
       expect(formatter).to receive(:failure_message).with(summary_line)
       run_report
-    end  
-    
+    end
+
     context "with detail" do
       subject { Recog::VerifyReporter.new(double(detail: true), formatter) }
 
@@ -65,10 +66,10 @@ describe Recog::VerifyReporter do
       it "prints summary" do
         expect(formatter).to receive(:failure_message).with(summary_line)
         run_report
-      end  
+      end
 
       context "with no fingerprint tests" do
-        before { fingerprint.stub(tests: []) }
+        let(:tests) { [] }
 
         it "does not print the name" do
           expect(formatter).not_to receive(:status_message).with("\na name")

data/spec/spec_helper.rb

@@ -0,0 +1,82 @@
+require 'simplecov'
+SimpleCov.start
+
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause this
+# file to always be loaded, without a need to explicitly require it in any files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, make a
+# separate helper file that requires this one and then use it only in the specs
+# that actually need it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+
+# The settings below are suggested to provide a good initial experience
+# with RSpec, but feel free to customize to your heart's content.
+=begin
+  # These two settings work together to allow you to limit a spec run
+  # to individual examples or groups you care about by tagging them with
+  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
+  # get run.
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # Enable only the newer, non-monkey-patching expect syntax.
+    # For more details, see:
+    #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
+    expectations.syntax = :expect
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Enable only the newer, non-monkey-patching expect syntax.
+    # For more details, see:
+    #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+    mocks.syntax = :expect
+
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended.
+    mocks.verify_partial_doubles = true
+  end
+=end
+end

data/xml/apache_os.xml

@@ -1,7 +1,8 @@
 <?xml version="1.0"?>
 <!--
-When an HTTP server is fingerprinted as Apache, a second analysis pass can be done
-on the server headers to extract OS information.
+When an HTTP server is fingerprinted as Apache, a 2nd analysis pass is done
+on the server headers HTTPProtocolHelper.SERVER_HEADERS: they are matched
+against the following patterns to extract OS information.
 -->
 
 <fingerprints matches="apache_os">
@@ -110,6 +111,51 @@ on the server headers to extract OS information.
       <param pos="0" name="os.product" value="Cobalt RaQ"/>
    </fingerprint>
 
+   <fingerprint pattern="^Apache\/2\.2\.11.*\(Fedora\).*">
+      <description>Red Hat Fedora 11</description>
+      <param pos="0" name="os.vendor" value="Red Hat"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Fedora Core Linux"/>
+      <param pos="0" name="os.version" value="11"/>
+   </fingerprint>
+
+   <fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\).*">
+      <description>Red Hat Fedora 13</description>
+      <param pos="0" name="os.vendor" value="Red Hat"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Fedora Core Linux"/>
+      <param pos="0" name="os.version" value="13"/>
+   </fingerprint>
+
+   <fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\).*">
+      <description>Red Hat Fedora 14</description>
+      <param pos="0" name="os.vendor" value="Red Hat"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Fedora Core Linux"/>
+      <param pos="0" name="os.version" value="14"/>
+   </fingerprint>
+
+   <fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\).*">
+      <description>Red Hat Fedora 17</description>
+      <param pos="0" name="os.vendor" value="Red Hat"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Fedora Core Linux"/>
+      <param pos="0" name="os.version" value="17"/>
+   </fingerprint>
+
+   <fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\).*">
+      <description>Red Hat Fedora 18</description>
+      <param pos="0" name="os.vendor" value="Red Hat"/>
+      <param pos="0" name="os.device" value="General"/>
+      <param pos="0" name="os.family" value="Linux"/>
+      <param pos="0" name="os.product" value="Fedora Core Linux"/>
+      <param pos="0" name="os.version" value="18"/>
+   </fingerprint>
+
    <fingerprint pattern=".*\(Fedora\).*">
       <description>Red Hat Fedora</description>
       <param pos="0" name="os.vendor" value="Red Hat"/>

data/xml/http_servers.xml

@@ -1588,6 +1588,15 @@
       <param pos="0" name="os.device" value="General"/>
       <param pos="0" name="os.family" value="Windows"/>
       <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
+    </fingerprint>
+
+   <fingerprint pattern="^Microsoft-IIS/([\d\.]+)$">
+      <example>Microsoft-IIS/9.0</example>
+      <description>Microsoft IIS new, unknown version</description>
+      <param pos="0" name="service.vendor" value="Microsoft"/>
+      <param pos="0" name="service.product" value="IIS"/>
+      <param pos="0" name="service.family" value="IIS"/>
+      <param pos="1" name="service.version"/>
    </fingerprint>
 
    <fingerprint pattern="^Microsoft-IIS$">
@@ -1868,6 +1877,7 @@
    </fingerprint>
 
    <fingerprint pattern = "^com.hp.openview.Coda (\d\.\d.\d)$">
+      <description>HP Openview Coda</description>
       <example>com.hp.openview.Coda 0.0.1</example>
       <param pos="0" name="service.vendor" value="HP"/>
       <param pos="0" name="service.family" value="OpenView"/>
@@ -1876,6 +1886,7 @@
    </fingerprint>
 
    <fingerprint pattern = "^com.hp.openview.bbc.LLBServer (\d\.\d.\d\.\d)$">
+      <description>HP Openview LLBServer</description>
       <example>com.hp.openview.bbc.LLBServer 2.6.8.1</example>
       <param pos="0" name="service.vendor" value="HP"/>
       <param pos="0" name="service.family" value="OpenView"/>
@@ -2183,6 +2194,23 @@
       <param pos="0" name="service.family" value="Integrated Lights Out Manager"/>
       <param pos="0" name="hw.vendor" value="Sun"/>
       <param pos="0" name="hw.family" value="Sun Fire"/>
+    </fingerprint>
+
+    <fingerprint pattern="^HP-iLO-Server/(?:[\S]+)">
+      <example>HP-iLO-Server/1.30</example>
+      <description>
+        HP Integrated Lights Out Manager (iLO).  The version in the Server
+        header is the firmware version and is not currently used.  Furthermore,
+        this header value only seems to be present in iLO 4
+      </description>
+      <param pos="0" name="service.vendor" value="HP"/>
+      <param pos="0" name="service.product" value="iLO"/>
+      <param pos="0" name="service.family" value="iLO"/>
+      <param pos="0" name="hw.vendor" value="HP"/>
+      <param pos="0" name="os.vendor" value="HP"/>
+      <param pos="0" name="os.product" value="iLO"/>
+      <param pos="0" name="os.family" value="iLO"/>
+      <param pos="0" name="os.device" value="Lights Out Management"/>
    </fingerprint>
 
    <!--
@@ -2192,6 +2220,7 @@
      -->
 
    <fingerprint pattern="^Jetty/(\d+\.[\d.]+)(?: \((.*)\))?$">
+      <description>Jetty</description>
       <example>Jetty/4.0.1 (SunOS 5.8 sparc)</example>
       <example>Jetty/4.2.23 (SunOS/5.9 sparc java/1.4.2_04)</example>
       <example>Jetty/5.1.10 (Linux/2.6.12 i386 java/1.5.0_05)</example>
@@ -2203,8 +2232,9 @@
       <param pos="2" name="jetty.info"/>
    </fingerprint>
 
-   <!-- Catch-all for Jetty verstions using the Jetty/version format. -->
+   <!-- Catch-all for Jetty versions using the Jetty/version format. -->
    <fingerprint pattern="^Jetty/(\S+) \(.*$">
+      <description>Jetty</description>
       <example>Jetty/4.2.x (VxWorks/WIND version 2.9 ppc java/1.1-rr-std-b12)</example>
       <param pos="0" name="service.vendor" value="Mort Bay"/>
       <param pos="0" name="service.product" value="Jetty"/>
@@ -2269,6 +2299,7 @@
       <example>nginx/0.8.53</example>
       <param pos="0" name="service.product" value="nginx"/>
       <param pos="0" name="service.family" value="nginx"/>
+      <param pos="0" name="service.vendor" value="nginx"/>
       <param pos="1" name="service.version"/>
     </fingerprint>
 
@@ -2277,6 +2308,7 @@
       <example>nginx</example>
       <param pos="0" name="service.product" value="nginx"/>
       <param pos="0" name="service.family" value="nginx"/>
+      <param pos="0" name="service.vendor" value="nginx"/>
    </fingerprint>
 
    <fingerprint pattern="^Lotus(?:-Domino)?(?:/|/0|/Release)?$">
@@ -3231,7 +3263,7 @@
       <param pos="0" name="service.product" value="Cross Web Server"/>
       <param pos="0" name="os.vendor" value="HiSilicon"/>
       <param pos="0" name="os.device" value="DVR"/>
-   </fingerprint> 
+   </fingerprint>
 
    <!-- Hikvision is OEMd by a number of DVR manufacturers -->
     <fingerprint pattern="^(Hikvision|DVRDVS)-Webs$">
@@ -3242,7 +3274,7 @@
       <param pos="0" name="service.product" value="Hikvision Web Server"/>
       <param pos="0" name="os.vendor" value="Hikvision"/>
       <param pos="0" name="os.device" value="DVR"/>
-   </fingerprint> 
+   </fingerprint>
 
     <fingerprint pattern="^NET-DK[/ ](\d+\.\d+)$">
       <description>Web server found on ARRIS cable modems</description>
@@ -3252,7 +3284,7 @@
       <param pos="0" name="service.product" value="Net-DK Web Server"/>
       <param pos="0" name="os.vendor" value="ARRIS"/>
       <param pos="0" name="os.device" value="Cable Modem"/>
-   </fingerprint> 
+   </fingerprint>
 
 
    <!-- junit says,
@@ -3286,7 +3318,7 @@
       <param pos="0" name="service.vendor" value="Akamai"/>
       <param pos="0" name="service.product" value="GHost"/>
       <param pos="0" name="os.vendor" value="Akamai"/>
-      <param pos="0" name="os.device" value="Web proxy"/>      
+      <param pos="0" name="os.device" value="Web proxy"/>
    </fingerprint>
 
    <fingerprint pattern="^gws$">
@@ -3294,7 +3326,7 @@
       <description>Google Web Services</description>
       <param pos="0" name="service.vendor" value="Google"/>
       <param pos="0" name="service.product" value="Google Web Services"/>
-      <param pos="0" name="service.family" value="Google Web Server"/>    
+      <param pos="0" name="service.family" value="Google Web Server"/>
    </fingerprint>
 
    <fingerprint pattern="^GFE/((?:\d+\.)+\d+)$">

data/xml/ntp_banners.xml

@@ -198,8 +198,8 @@ NTP "banners", taken from a readvar response
       processor="i386", system="JUNOS9.3R4.4", leap=11, stratum=16,
     </example>
     <param pos="0" name="os.vendor" value="Juniper"/>
-    <param pos="0" name="os.family" value="JUNOS"/>
-    <param pos="0" name="os.product" value="JUNOS"/>
+    <param pos="0" name="os.family" value="Junos"/>
+    <param pos="0" name="os.product" value="Junos OS"/>
     <param pos="0" name="service.family" value="NTP"/>
     <param pos="0" name="service.product" value="NTP"/>
     <param pos="1" name="service.version"/>
@@ -352,13 +352,14 @@ NTP "banners", taken from a readvar response
     <param pos="0" name="os.family" value="HP-UX"/>
     <param pos="0" name="os.product" value="HP-UX"/>
   </fingerprint>
-  <fingerprint pattern="system=&quot;UNIX&quot;" flags="REG_ICASE" certainty="0.5">
+  <fingerprint pattern="system=&quot;UNIX&quot;" flags="REG_ICASE">
     <description>Generic UNIX</description>
     <example>
       version="4", processor="unknown", system="UNIX", leap=0, stratum=2,
     </example>
     <param pos="0" name="os.family" value="UNIX"/>
     <param pos="0" name="os.product" value="UNIX"/>
+    <param pos="0" name="os.certainty" value="0.5"/>
   </fingerprint>
   <fingerprint pattern="system=&quot;VxWorks&quot;" flags="REG_ICASE">
     <description>Generic VxWorks</description>