ruby-zoom 4.3.1 → 4.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cd252380a5979c6eda76dc1607556ea9b804c71c
-  data.tar.gz: d2bec9859eab0677bb5ca165dba444ef1d609861
+  metadata.gz: 69f08853e0d57951199bd5457687518398ed65eb
+  data.tar.gz: 05bc33a3d915ee9a1d4bc819f0943c8de682febc
 SHA512:
-  metadata.gz: 5d6383393173db1b54f55c594184034fdef74826cd57eabd04857ca90be37bea62e582dc96fc098502c087cbccf42630e67b8bed9afe9fd329047fe5fdfc2203
-  data.tar.gz: '034815f2c6302adc1296000654d9d2846c83cb8f27f9a6575b4b99a5d55b05840c7afc603a4aa4d04d41e9f4b06ff858c2b62340fda7e1c647c84134fac2191c'
+  metadata.gz: 12dc726079299ef9971130305bfde110b7a96e4384f4718bcbb4a03a7f6bdafbcb13f5586197a77176e36d9778f5322b57f28ccde571f162df98756abfa288f9
+  data.tar.gz: 58515511ddba68d407730311e4330b500970fd3b47adcf0652cac6863db61f87a6a6d7e685a217cf91b147901c22bd59c397d99251e4ce93a4ee8ad387eba475

data/bin/z

@@ -112,6 +112,13 @@ def parse(args)
             options["action"] = "rc"
         end
 
+        opts.on(
+            "--secprofs",
+            "Create some security related profiles"
+        ) do
+            options["action"] = "secprofs"
+        end
+
         opts.on("", "MISC_OPTIONS")
 
         opts.on(
@@ -279,6 +286,8 @@ begin
     when "rc"
         zoom.config.default_config
         zoom.cache.clear
+    when "secprofs"
+        zoom.config.add_security_profiles
     when "version"
         __FILE__.match(/ruby-zoom-(\d+\.\d+\.\d+)/) do |m|
             puts m[1]

data/bin/zc

@@ -112,6 +112,13 @@ def parse(args)
             options["action"] = "rc"
         end
 
+        opts.on(
+            "--secprofs",
+            "Create some security related profiles"
+        ) do
+            options["action"] = "secprofs"
+        end
+
         opts.on("", "MISC_OPTIONS")
 
         opts.on(
@@ -279,6 +286,8 @@ begin
     when "rc"
         zoom.config.default_config
         zoom.cache.clear
+    when "secprofs"
+        zoom.config.add_security_profiles
     when "version"
         __FILE__.match(/ruby-zoom-(\d+\.\d+\.\d+)/) do |m|
             puts m[1]

data/bin/zf

@@ -112,6 +112,13 @@ def parse(args)
             options["action"] = "rc"
         end
 
+        opts.on(
+            "--secprofs",
+            "Create some security related profiles"
+        ) do
+            options["action"] = "secprofs"
+        end
+
         opts.on("", "MISC_OPTIONS")
 
         opts.on(
@@ -279,6 +286,8 @@ begin
     when "rc"
         zoom.config.default_config
         zoom.cache.clear
+    when "secprofs"
+        zoom.config.add_security_profiles
     when "version"
         __FILE__.match(/ruby-zoom-(\d+\.\d+\.\d+)/) do |m|
             puts m[1]

data/bin/zg

@@ -112,6 +112,13 @@ def parse(args)
             options["action"] = "rc"
         end
 
+        opts.on(
+            "--secprofs",
+            "Create some security related profiles"
+        ) do
+            options["action"] = "secprofs"
+        end
+
         opts.on("", "MISC_OPTIONS")
 
         opts.on(
@@ -279,6 +286,8 @@ begin
     when "rc"
         zoom.config.default_config
         zoom.cache.clear
+    when "secprofs"
+        zoom.config.add_security_profiles
     when "version"
         __FILE__.match(/ruby-zoom-(\d+\.\d+\.\d+)/) do |m|
             puts m[1]

data/bin/zl

@@ -112,6 +112,13 @@ def parse(args)
             options["action"] = "rc"
         end
 
+        opts.on(
+            "--secprofs",
+            "Create some security related profiles"
+        ) do
+            options["action"] = "secprofs"
+        end
+
         opts.on("", "MISC_OPTIONS")
 
         opts.on(
@@ -279,6 +286,8 @@ begin
     when "rc"
         zoom.config.default_config
         zoom.cache.clear
+    when "secprofs"
+        zoom.config.add_security_profiles
     when "version"
         __FILE__.match(/ruby-zoom-(\d+\.\d+\.\d+)/) do |m|
             puts m[1]

data/bin/zr

@@ -112,6 +112,13 @@ def parse(args)
             options["action"] = "rc"
         end
 
+        opts.on(
+            "--secprofs",
+            "Create some security related profiles"
+        ) do
+            options["action"] = "secprofs"
+        end
+
         opts.on("", "MISC_OPTIONS")
 
         opts.on(
@@ -279,6 +286,8 @@ begin
     when "rc"
         zoom.config.default_config
         zoom.cache.clear
+    when "secprofs"
+        zoom.config.add_security_profiles
     when "version"
         __FILE__.match(/ruby-zoom-(\d+\.\d+\.\d+)/) do |m|
             puts m[1]

data/lib/zoom/config.rb

@@ -3,6 +3,14 @@ require "json_config"
 require "scoobydoo"
 
 class Zoom::Config < JSONConfig
+    def add_security_profiles
+        profiles = get("profiles")
+        Zoom::ProfileManager::security_profiles.each do |profile|
+            profiles[profile.name] = profile
+        end
+        set("profiles", profiles)
+    end
+
     def color(key, value)
         if (value)
             validate_color(value)

data/lib/zoom/profile.rb

@@ -22,20 +22,16 @@ class Zoom::Profile < Hash
 
     def exe(args, pattern, paths)
         # Use hard-coded pattern if defined
-        if (@pattern && !@pattern.empty?)
+        if (@pattern && !@pattern.empty? && (pattern != @pattern))
             args += " #{pattern}"
             pattern = @pattern
         end
 
         # If not pattern and no after, then return nothing
         if (pattern.nil? || pattern.empty?)
-            return "" if (after.nil? || after.empty? || after == ".")
+            return "" if (after.nil? || after.empty?)
         end
 
-        # If paths are specified then remove "." for profiles like
-        # grep
-        after.gsub!(/^\.\s+/, "") if (!paths.empty?)
-
         # Emulate grep
         case operator.split("/")[-1]
         when "ack", "ack-grep"
@@ -61,7 +57,6 @@ class Zoom::Profile < Hash
                 after
             ].join(" ").strip
         when "find"
-            flags.gsub!(/^\.\s+/, "") if (!paths.empty?)
             cmd = [
                 before,
                 operator,
@@ -76,12 +71,12 @@ class Zoom::Profile < Hash
                 before,
                 operator,
                 "--color=never -EHInRs",
+                flags,
+                args,
                 "--exclude-dir=.bzr",
                 "--exclude-dir=.git",
                 "--exclude-dir=.git-crypt",
                 "--exclude-dir=.svn",
-                flags,
-                args,
                 pattern.shellescape,
                 paths,
                 after
@@ -249,3 +244,8 @@ require "zoom/profile/find"
 require "zoom/profile/grep"
 require "zoom/profile/passwords"
 require "zoom/profile/pt"
+require "zoom/profile/unsafe_c"
+require "zoom/profile/unsafe_java"
+require "zoom/profile/unsafe_js"
+require "zoom/profile/unsafe_php"
+require "zoom/profile/unsafe_python"

data/lib/zoom/profile/find.rb

@@ -1,5 +1,5 @@
 class Zoom::Profile::Find < Zoom::Profile
-    def initialize(n, o = "find", f = ". -name", b = "", a = "")
+    def initialize(n, o = "find", f = "-name", b = "", a = "")
         super(n, o, f, b, a)
         @taggable = true
     end

data/lib/zoom/profile/grep.rb

@@ -1,5 +1,5 @@
 class Zoom::Profile::Grep < Zoom::Profile
-    def initialize(n, o = "grep", f = "-i", b = "", a = ".")
+    def initialize(n, o = "grep", f = "-i", b = "", a = "")
         super(n, o, f, b, a)
         @taggable = true
     end

data/lib/zoom/profile/passwords.rb

@@ -1,36 +1,26 @@
 require "zoom/profile_manager"
 
-case Zoom::ProfileManager.default_profile
-when /^ack(-grep)?$/
-    class Zoom::Profile::Passwords < Zoom::Profile::Ack; end
-when "ag"
-    class Zoom::Profile::Passwords < Zoom::Profile::Ag; end
-when "pt"
-    class Zoom::Profile::Passwords < Zoom::Profile::Pt; end
-when "grep"
-    class Zoom::Profile::Passwords < Zoom::Profile::Grep; end
-else
-    # Shouldn't happen
-end
-
-class Zoom::Profile::Passwords
+clas = Zoom::ProfileManager.default_profile.capitalize
+superclass = Zoom::Profile.profile_by_name("Zoom::Profile::#{clas}")
+class Zoom::Profile::Passwords < superclass
     def initialize(n, o = nil, f = "", b = "", a = "")
-        op = Zoom::ProfileManager.default_profile
+        # I don't care about test code
         after = "| \\grep -v \"^[^:]*test[^:]*:[0-9]+:\""
+        flags = ""
 
+        op = Zoom::ProfileManager.default_profile
         case op
         when /^ack(-grep)?$/
-            super(n, op, "--smart-case", "", after)
+            flags = "--smart-case"
         when "ag"
-            super(n, op, "-Su", "", after)
+            flags = "-Su"
         when "pt"
-            super(n, op, "-SU --hidden", "", after)
+            flags = "-SU --hidden"
         when "grep"
-            super(n, op, "-ai", "", after)
-        else
-            # Shouldn't happen
+            flags = "-ai"
         end
 
+        super(n, op, flags, "", after)
         @pattern = "(key|pass(word|wd)?)[^:=,>]? *[:=,>]"
         @taggable = true
     end

data/lib/zoom/profile/unsafe_c.rb

@@ -0,0 +1,40 @@
+require "zoom/profile_manager"
+
+clas = Zoom::ProfileManager.default_profile.capitalize
+superclass = Zoom::Profile.profile_by_name("Zoom::Profile::#{clas}")
+class Zoom::Profile::UnsafeC < superclass
+    def initialize(n, o = nil, f = "", b = "", a = "")
+        # I don't care about test code
+        after = "| \\grep -v \"^[^:]*test[^:]*:[0-9]+:\""
+        flags = ""
+
+        op = Zoom::ProfileManager.default_profile
+        case op
+        when /^ack(-grep)?$/
+            flags = "--smart-case --cc --cpp"
+        when "ag"
+            flags = "-S -G \"\\.(c|h)(pp)?$\""
+        when "pt"
+            flags = "-S -G \"\\.(c|h)(pp)?$\""
+        when "grep"
+            flags = "-i --include=\"*.[ch]\" --include=\"*.[ch]pp\""
+        end
+
+        super(n, op, flags, "", after)
+        @pattern = [
+            "(",
+            [
+                "_splitpath",
+                "ato[fil]",
+                "gets",
+                "makepath",
+                "(sn?)?scanf",
+                "str(cat|cpy|len)",
+                "v?sprintf"
+            ].join("|"),
+            ")",
+            "\\("
+        ].join
+        @taggable = true
+    end
+end

data/lib/zoom/profile/unsafe_java.rb

@@ -0,0 +1,31 @@
+require "zoom/profile_manager"
+
+clas = Zoom::ProfileManager.default_profile.capitalize
+superclass = Zoom::Profile.profile_by_name("Zoom::Profile::#{clas}")
+class Zoom::Profile::UnsafeJava < superclass
+    def initialize(n, o = nil, f = "", b = "", a = "")
+        # I don't care about test code
+        after = "| \\grep -v \"^[^:]*test[^:]*:[0-9]+:\""
+        flags = ""
+
+        op = Zoom::ProfileManager.default_profile
+        case op
+        when /^ack(-grep)?$/
+            flags = "--smart-case --java"
+        when "ag"
+            flags = "-S -G \"\\.(java|properties)$\""
+        when "pt"
+            flags = "-S -G \"\\.(java|properties)$\""
+        when "grep"
+            flags = [
+                "-i",
+                "--include=\"*.java\"",
+                "--include=\"*.properties\""
+            ].join(" ")
+        end
+
+        super(n, op, flags, "", after)
+        @pattern = "(sun\\.misc\\.)?Unsafe|readObject\\(\\)"
+        @taggable = true
+    end
+end

data/lib/zoom/profile/unsafe_js.rb

@@ -0,0 +1,27 @@
+require "zoom/profile_manager"
+
+clas = Zoom::ProfileManager.default_profile.capitalize
+superclass = Zoom::Profile.profile_by_name("Zoom::Profile::#{clas}")
+class Zoom::Profile::UnsafeJs < superclass
+    def initialize(n, o = nil, f = "", b = "", a = "")
+        # I don't care about test code
+        after = "| \\grep -v \"^[^:]*test[^:]*:[0-9]+:\""
+        flags = ""
+
+        op = Zoom::ProfileManager.default_profile
+        case op
+        when /^ack(-grep)?$/
+            flags = "--smart-case --js"
+        when "ag"
+            flags = "-S -G \"\\.js$\""
+        when "pt"
+            flags = "-S -G \"\\.js$\""
+        when "grep"
+            flags = "-i --include=\"*.js\""
+        end
+
+        super(n, op, flags, "", after)
+        @pattern = "\\.((eval|html)\\(|innerHTML)"
+        @taggable = true
+    end
+end

data/lib/zoom/profile/unsafe_php.rb

@@ -0,0 +1,67 @@
+require "zoom/profile_manager"
+
+clas = Zoom::ProfileManager.default_profile.capitalize
+superclass = Zoom::Profile.profile_by_name("Zoom::Profile::#{clas}")
+class Zoom::Profile::UnsafePhp < superclass
+    def initialize(n, o = nil, f = "", b = "", a = "")
+        # I don't care about test code
+        after = "| \\grep -v \"^[^:]*test[^:]*:[0-9]+:\""
+        flags = ""
+
+        op = Zoom::ProfileManager.default_profile
+        case op
+        when /^ack(-grep)?$/
+            flags = "--smart-case --php"
+        when "ag"
+            flags = "-S -G \"\\.ph(p[345t]?|tml)$\""
+        when "pt"
+            flags = "-S -G \"\\.ph(p[345t]?|tml)$\""
+        when "grep"
+            flags = [
+                "-i",
+                "--include=\"*.php\"",
+                "--include=\"*.php[345t]\"",
+                "--include=\"*.phtml\""
+            ].join(" ")
+        end
+
+        super(n, op, flags, "", after)
+        # From here: https://www.eukhost.com/blog/webhosting/dangerous-php-functions-must-be-disabled/
+        # OMG is anything safe?!
+        @pattern = [
+            "\\`|",
+            "\\$_GET\\[|",
+            "(",
+            [
+                "apache_(child_terminate|setenv)",
+                "assert",
+                "create_function",
+                "define_syslog_variables",
+                "escapeshell(arg|cmd)",
+                "eval",
+                "fp(ut)?",
+                "ftp_(connect|exec|get|login|(nb_f)?put|raw(list)?)",
+                "highlight_file",
+                "include(_once)?",
+                "ini_(alter|get_all|restore)",
+                "inject_code",
+                "mysql_pconnect",
+                "openlog",
+                "passthru",
+                "pcntl_exec",
+                "php_uname",
+                "phpAds_(remoteInfo|XmlRpc|xmlrpc(De|En)code)",
+                "popen",
+                "posix_(getpwuid|kill|mkfifo|set(pg|s|u)id|_uname)",
+                "preg_replace",
+                "proc_(close|get_status|nice|open|terminate)",
+                "require(_once)?",
+                "(shell_)?exec",
+                "sys(log|tem)",
+                "xmlrpc_entity_decode"
+            ].join("|"),
+            ")\\("
+        ].join
+        @taggable = true
+    end
+end

data/lib/zoom/profile/unsafe_python.rb

@@ -0,0 +1,38 @@
+require "zoom/profile_manager"
+
+clas = Zoom::ProfileManager.default_profile.capitalize
+superclass = Zoom::Profile.profile_by_name("Zoom::Profile::#{clas}")
+class Zoom::Profile::UnsafePython < superclass
+    def initialize(n, o = nil, f = "", b = "", a = "")
+        # I don't care about test code
+        after = "| \\grep -v \"^[^:]*test[^:]*:[0-9]+:\""
+        flags = ""
+
+        op = Zoom::ProfileManager.default_profile
+        case op
+        when /^ack(-grep)?$/
+            flags = "--smart-case --python"
+        when "ag"
+            flags = "-S -G \"\\.py$\""
+        when "pt"
+            flags = "-S -G \"\\.py$\""
+        when "grep"
+            flags = "-i --include=\"*.py\""
+        end
+
+        super(n, op, flags, "", after)
+        @pattern = [
+            "(",
+            [
+                "c?[Pp]ickle\\.loads?",
+                "eval",
+                "exec",
+                "os\\.(popen|system)",
+                "subprocess\\.call",
+                "yaml\\.load"
+            ].join("|"),
+            ")\\("
+        ].join
+        @taggable = true
+    end
+end

data/lib/zoom/profile_manager.rb

@@ -40,10 +40,17 @@ class Zoom::ProfileManager
             end
         end
 
-        profiles["passwords"] = Zoom::Profile::Passwords.new(
-            "passwords"
-        )
-
         return profiles
     end
+
+    def self.security_profiles
+        return [
+            Zoom::Profile::Passwords.new("passwords"),
+            Zoom::Profile::UnsafeC.new("unsafe_c"),
+            Zoom::Profile::UnsafeJava.new("unsafe_java"),
+            Zoom::Profile::UnsafeJs.new("unsafe_js"),
+            Zoom::Profile::UnsafePhp.new("unsafe_php"),
+            Zoom::Profile::UnsafePython.new("unsafe_python")
+        ]
+    end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-zoom
 version: !ruby/object:Gem::Version
-  version: 4.3.1
+  version: 4.3.2
 platform: ruby
 authors:
 - Miles Whittaker
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-27 00:00:00.000000000 Z
+date: 2016-10-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -174,6 +174,11 @@ files:
 - lib/zoom/profile/grep.rb
 - lib/zoom/profile/passwords.rb
 - lib/zoom/profile/pt.rb
+- lib/zoom/profile/unsafe_c.rb
+- lib/zoom/profile/unsafe_java.rb
+- lib/zoom/profile/unsafe_js.rb
+- lib/zoom/profile/unsafe_php.rb
+- lib/zoom/profile/unsafe_python.rb
 - lib/zoom/profile_manager.rb
 - lib/zoom/wish/add_wish.rb
 - lib/zoom/wish/color_wish.rb