RubyGems - recog - Versions diffs - 2.1.24 → 2.1.25 - Mend

recog 2.1.24 → 2.1.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/recog/fingerprint.rb +16 -14
data/lib/recog/version.rb +1 -1
data/spec/lib/fingerprint_self_test_spec.rb +8 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1311937d249f7d775e823684af469e6fdb63d219
-  data.tar.gz: a521aa3b679c5107feabd73b17db70ff22618c75
+  metadata.gz: dca9789b2018dcb894fa9e5dff3f664b5e75fc12
+  data.tar.gz: a599644447ce120f8ff22ef7994adf567469a009
 SHA512:
-  metadata.gz: d6fb453205539af744e318a6dd74dc42a9ff7730bbc0ee04b2d1ccae4e5c13f9b1c3935730a75e7d27ec726d6a7eb4e1e645668fc8e1e1c95f402e8184cf7635
-  data.tar.gz: 80bbb58d47f7758f9aaf80ed0191a9e100476fc036f586c1ab9cd5ed85e538d17458a73ef2cf4a4d07e3e3dca81d5df1dd831180da2e00d7dcd4b1500ffd26d4
+  metadata.gz: 8cfff6a20c9dff48aba6c66bcfce5f06e84b167ca18f5fcdd334201e3ae85513d1a47ba3d5029fa007ffece1e10f9cb8f0eaa1202812c05954edfc0539bd7f1c
+  data.tar.gz: 5d3509715e5929f2dbd3c7f5c3d172afcafa370f6f006744517053bc037bfc91624b2f10373f94a980a7ec8a872102583dad79eafa4d9fd90b11cf50372fbb36

data/lib/recog/fingerprint.rb CHANGED Viewed

@@ -3,6 +3,8 @@ module Recog
 # A fingerprint that can be {#match matched} against a particular kind of
 # fingerprintable data, e.g. an HTTP `Server` header
 class Fingerprint
+  require 'set'
   require 'recog/fingerprint/regexp_factory'
   require 'recog/fingerprint/test'
@@ -73,11 +75,17 @@ class Fingerprint
     return if match_data.nil?
     result = { 'matched' => @name }
+    replacements = {}
     @params.each_pair do |k,v|
       pos = v[0]
       if pos == 0
         # A match offset of 0 means this param has a hardcoded value
         result[k] = v[1]
+        # if this value uses interpolation, note it for handling later
+        v[1].scan(/\{([^\s{}]+)\}/).flatten.each do |replacement|
+          replacements[k] ||= Set[]
+          replacements[k] << replacement
+        end
       else
         # A match offset other than 0 means the value should come from
         # the corresponding match result index
@@ -95,17 +103,11 @@ class Fingerprint
     result['fingerprint_db'] = @match_key if @match_key
-    result.each_pair do |k,v|
-      # skip any nil result values, which is allowed but woud jam up the match below
-      next if v.nil?
-      # if this key's value uses interpolation of the form "foo{some.thing}",
-      # if some.thing was "bar" then this keys value would be set to "foobar".
-      if /\{(?<replace>[^\s{}]+)\}/ =~ v
-        if result[replace]
-          if /\{(?<bad_replace>[^\s{}]+)\}/ =~ result[replace]
-            raise "Invalid recursive use of #{bad_replace} in #{replace}"
-          end
-          result[k] = v.gsub(/\{#{replace}\}/, result[replace])
+    # for everything identified as using interpolation, do so
+    replacements.each_pair do |replacement_k, replacement_vs|
+      replacement_vs.each do |replacement|
+        if result[replacement]
+          result[replacement_k] = result[replacement_k].gsub(/\{#{replacement}\}/, result[replacement])
         else
           # if the value uses an interpolated value that does not exist, in general this could be
           # very bad, but over time we have allowed the use of regexes with
@@ -116,10 +118,10 @@ class Fingerprint
           # standard of '-' for the version, otherwise raise and exception as
           # this code currently does not handle interpolation of undefined
           # values in other cases.
-          if k =~ /\.cpe23$/ and replace =~ /\.version$/
-            result[k] = v.gsub(/\{#{replace}\}/, '-')
+          if replacement_k =~ /\.cpe23$/ and replacement =~ /\.version$/
+            result[replacement_k] = result[replacement_k].gsub(/\{#{replacement}\}/, '-')
           else
-            raise "Invalid use of nil interpolated value #{replace} in non-cpe23 fingerprint param #{k}"
+            raise "Invalid use of nil interpolated non-version value #{replacement} in non-cpe23 fingerprint param #{replacement_k}"
           end
         end
       end

data/lib/recog/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Recog
-  VERSION = '2.1.24'
+  VERSION = '2.1.25'
 end

data/spec/lib/fingerprint_self_test_spec.rb CHANGED Viewed

@@ -60,6 +60,14 @@ describe Recog::DB do
                 param_names << param_name
               end
             end
+            it "uses interpolation correctly" do
+              if pos == 0 && /\{(?<interpolated>[^\s{}]+)\}/ =~ value
+                unless fp.params.key?(interpolated)
+                  fail "'#{fp.name}' uses interpolated value '#{interpolated}' that does not exist"
+                end
+              end
+            end
           end
         end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recog
 version: !ruby/object:Gem::Version
-  version: 2.1.24
+  version: 2.1.25
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-10-01 00:00:00.000000000 Z
+date: 2018-10-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -244,7 +244,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.11
+rubygems_version: 2.5.2
 signing_key:
 specification_version: 4
 summary: Network service fingerprint database, classes, and utilities