site-inspector 3.1.1 → 3.2.0

data/spec/checks/site_inspector_endpoint_headers_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe SiteInspector::Endpoint::Headers do
@@ -5,7 +7,7 @@ describe SiteInspector::Endpoint::Headers do
     stub_request(:head, 'http://example.com/')
       .to_return(status: 200, headers: { foo: 'bar' })
     endpoint = SiteInspector::Endpoint.new('http://example.com')
-    SiteInspector::Endpoint::Headers.new(endpoint)
+    described_class.new(endpoint)
   end
 
   def stub_header(header, value)
@@ -13,7 +15,7 @@ describe SiteInspector::Endpoint::Headers do
   end
 
   it 'parses the headers' do
-    expect(subject.headers.count).to eql(1)
+    expect(subject.headers.count).to be(1)
     expect(subject.headers.keys).to include('foo')
   end
 
@@ -34,30 +36,30 @@ describe SiteInspector::Endpoint::Headers do
 
   it 'validates xss-protection' do
     stub_header 'x-xss-protection', 'foo'
-    expect(subject.xss_protection?).to eql(false)
+    expect(subject.xss_protection?).to be(false)
 
     stub_header 'x-xss-protection', '1; mode=block'
-    expect(subject.xss_protection?).to eql(true)
+    expect(subject.xss_protection?).to be(true)
   end
 
   it 'checks for clickjack proetection' do
-    expect(subject.click_jacking_protection?).to eql(false)
+    expect(subject.click_jacking_protection?).to be(false)
     stub_header 'x-frame-options', 'foo'
     expect(subject.click_jacking_protection).to eql('foo')
-    expect(subject.click_jacking_protection?).to eql(true)
+    expect(subject.click_jacking_protection?).to be(true)
   end
 
   it 'checks for CSP' do
-    expect(subject.content_security_policy?).to eql(false)
+    expect(subject.content_security_policy?).to be(false)
     stub_header 'content-security-policy', 'foo'
     expect(subject.content_security_policy).to eql('foo')
-    expect(subject.content_security_policy?).to eql(true)
+    expect(subject.content_security_policy?).to be(true)
   end
 
   it 'checks for strict-transport-security' do
-    expect(subject.strict_transport_security?).to eql(false)
+    expect(subject.strict_transport_security?).to be(false)
     stub_header 'strict-transport-security', 'foo'
     expect(subject.strict_transport_security).to eql('foo')
-    expect(subject.strict_transport_security?).to eql(true)
+    expect(subject.strict_transport_security?).to be(true)
   end
 end

data/spec/checks/site_inspector_endpoint_hsts_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe SiteInspector::Endpoint::Hsts do
@@ -6,7 +8,7 @@ describe SiteInspector::Endpoint::Hsts do
     stub_request(:head, 'http://example.com/')
       .to_return(status: 200, headers: headers)
     endpoint = SiteInspector::Endpoint.new('http://example.com')
-    SiteInspector::Endpoint::Hsts.new(endpoint)
+    described_class.new(endpoint)
   end
 
   def stub_header(value)
@@ -21,8 +23,8 @@ describe SiteInspector::Endpoint::Hsts do
     expect(subject.send(:header)).to eql('max-age=31536000; includeSubDomains;')
   end
 
-  it 'it parses the directives' do
-    expect(subject.send(:directives).count).to eql(2)
+  it 'parses the directives' do
+    expect(subject.send(:directives).count).to be(2)
     expect(subject.send(:directives).first).to eql('max-age=31536000')
     expect(subject.send(:directives).last).to eql('includeSubDomains')
   end
@@ -33,58 +35,58 @@ describe SiteInspector::Endpoint::Hsts do
   end
 
   it 'knows if the header is valid' do
-    expect(subject.valid?).to eql(true)
+    expect(subject.valid?).to be(true)
 
-    allow(subject).to receive(:pairs) { ['fo o' => 'bar'] }
-    expect(subject.valid?).to eql(false)
+    allow(subject).to receive(:pairs).and_return(['fo o' => 'bar'])
+    expect(subject.valid?).to be(false)
 
-    allow(subject).to receive(:pairs) { ["fo'o" => 'bar'] }
-    expect(subject.valid?).to eql(false)
+    allow(subject).to receive(:pairs).and_return(["fo'o" => 'bar'])
+    expect(subject.valid?).to be(false)
   end
 
   it 'knows the max age' do
-    expect(subject.max_age).to eql(31_536_000)
+    expect(subject.max_age).to be(31_536_000)
   end
 
   it 'knows if subdomains are included' do
-    expect(subject.include_subdomains?).to eql(true)
-    allow(subject).to receive(:pairs) { { foo: 'bar' } }
-    expect(subject.include_subdomains?).to eql(false)
+    expect(subject.include_subdomains?).to be(true)
+    allow(subject).to receive(:pairs).and_return(foo: 'bar')
+    expect(subject.include_subdomains?).to be(false)
   end
 
   it "knows if it's preloaded" do
-    expect(subject.preload?).to eql(false)
-    allow(subject).to receive(:pairs) { { preload: nil } }
-    expect(subject.preload?).to eql(true)
+    expect(subject.preload?).to be(false)
+    allow(subject).to receive(:pairs).and_return(preload: nil)
+    expect(subject.preload?).to be(true)
   end
 
   it "knows if it's enabled" do
-    expect(subject.enabled?).to eql(true)
+    expect(subject.enabled?).to be(true)
 
-    allow(subject).to receive(:pairs) { { "max-age": 0 } }
-    expect(subject.preload?).to eql(false)
+    allow(subject).to receive(:pairs).and_return("max-age": 0)
+    expect(subject.preload?).to be(false)
 
-    allow(subject).to receive(:pairs) { { foo: 'bar' } }
-    expect(subject.preload?).to eql(false)
+    allow(subject).to receive(:pairs).and_return(foo: 'bar')
+    expect(subject.preload?).to be(false)
   end
 
   it "knows if it's preload ready" do
-    expect(subject.preload_ready?).to eql(false)
+    expect(subject.preload_ready?).to be(false)
 
     pairs = { "max-age": 10_886_401, preload: nil, includesubdomains: nil }
     allow(subject).to receive(:pairs) { pairs }
-    expect(subject.preload_ready?).to eql(true)
+    expect(subject.preload_ready?).to be(true)
 
     pairs = { "max-age": 10_886_401, includesubdomains: nil }
     allow(subject).to receive(:pairs) { pairs }
-    expect(subject.preload_ready?).to eql(false)
+    expect(subject.preload_ready?).to be(false)
 
     pairs = { "max-age": 10_886_401, preload: nil, includesubdomains: nil }
     allow(subject).to receive(:pairs) { pairs }
-    expect(subject.preload_ready?).to eql(true)
+    expect(subject.preload_ready?).to be(true)
 
     pairs = { "max-age": 5, preload: nil, includesubdomains: nil }
     allow(subject).to receive(:pairs) { pairs }
-    expect(subject.preload_ready?).to eql(false)
+    expect(subject.preload_ready?).to be(false)
   end
 end

data/spec/checks/site_inspector_endpoint_https_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe SiteInspector::Endpoint::Https do
@@ -5,8 +7,8 @@ describe SiteInspector::Endpoint::Https do
     stub_request(:head, 'https://example.com/')
       .to_return(status: 200)
     endpoint = SiteInspector::Endpoint.new('https://example.com')
-    allow(endpoint.response).to receive(:return_code) { :ok }
-    SiteInspector::Endpoint::Https.new(endpoint)
+    allow(endpoint.response).to receive(:return_code).and_return(:ok)
+    described_class.new(endpoint)
   end
 
   it 'knows the scheme' do
@@ -14,34 +16,34 @@ describe SiteInspector::Endpoint::Https do
   end
 
   it 'knows if the scheme is https' do
-    expect(subject.scheme?).to eql(true)
-    allow(subject).to receive(:scheme) { 'http' }
-    expect(subject.scheme?).to eql(false)
+    expect(subject.scheme?).to be(true)
+    allow(subject).to receive(:scheme).and_return('http')
+    expect(subject.scheme?).to be(false)
   end
 
   it "knows if it's valid" do
-    expect(subject.valid?).to eql(true)
+    expect(subject.valid?).to be(true)
   end
 
   it "knows when there's a bad chain" do
-    expect(subject.bad_chain?).to eql(false)
+    expect(subject.bad_chain?).to be(false)
 
     url = Addressable::URI.parse('https://example.com')
     response = Typhoeus::Response.new(return_code: :ssl_cacert)
     response.request = Typhoeus::Request.new(url)
 
     allow(subject).to receive(:response) { response }
-    expect(subject.bad_chain?).to eql(true)
+    expect(subject.bad_chain?).to be(true)
   end
 
   it "knows when there's a bad name" do
-    expect(subject.bad_name?).to eql(false)
+    expect(subject.bad_name?).to be(false)
 
     url = Addressable::URI.parse('https://example.com')
     response = Typhoeus::Response.new(return_code: :peer_failed_verification)
     response.request = Typhoeus::Request.new(url)
 
     allow(subject).to receive(:response) { response }
-    expect(subject.bad_name?).to eql(true)
+    expect(subject.bad_name?).to be(true)
   end
 end

data/spec/checks/site_inspector_endpoint_sniffer_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe SiteInspector::Endpoint::Sniffer do
@@ -8,16 +10,16 @@ describe SiteInspector::Endpoint::Sniffer do
   def set_cookie(key, value)
     cookies = [
       CGI::Cookie.new(
-        'name'   => 'foo',
-        'value'  => 'bar',
+        'name' => 'foo',
+        'value' => 'bar',
         'domain' => 'example.com',
-        'path'   => '/'
+        'path' => '/'
       ),
       CGI::Cookie.new(
-        'name'   => key,
-        'value'  => value,
+        'name' => key,
+        'value' => value,
         'domain' => 'example.com',
-        'path'   => '/'
+        'path' => '/'
       )
     ].map(&:to_s)
 
@@ -30,7 +32,7 @@ describe SiteInspector::Endpoint::Sniffer do
 
   context 'stubbed body' do
     subject do
-      body = <<-eos
+      body = <<-BODY
         <html>
           <head>
             <link rel='stylesheet' href='/wp-content/themes/foo/style.css type='text/css' media='all' />
@@ -48,7 +50,7 @@ describe SiteInspector::Endpoint::Sniffer do
             </script>
           </body>
         </html>
-      eos
+      BODY
 
       stub_request(:get, 'http://example.com/')
         .to_return(status: 200, body: body)
@@ -56,56 +58,56 @@ describe SiteInspector::Endpoint::Sniffer do
       stub_request(:head, 'http://example.com/')
         .to_return(status: 200)
       endpoint = SiteInspector::Endpoint.new('http://example.com')
-      SiteInspector::Endpoint::Sniffer.new(endpoint)
+      described_class.new(endpoint)
     end
 
     it 'sniffs' do
       sniff = subject.send(:sniff, :cms)
-      expect(sniff).to eql(:wordpress)
+      expect(sniff).to be(:wordpress)
     end
 
     it 'detects the CMS' do
-      expect(subject.framework).to eql(:wordpress)
+      expect(subject.framework).to be(:wordpress)
     end
 
     it 'detects the analytics' do
-      expect(subject.analytics).to eql(:google_analytics)
+      expect(subject.analytics).to be(:google_analytics)
     end
 
     it 'detects javascript' do
-      expect(subject.javascript).to eql(:jquery)
+      expect(subject.javascript).to be(:jquery)
     end
 
     it 'detects advertising' do
-      expect(subject.advertising).to eql(:adsense)
+      expect(subject.advertising).to be(:adsense)
     end
 
     it 'knows wordpress is open source' do
-      expect(subject.open_source?).to eql(true)
+      expect(subject.open_source?).to be(true)
     end
   end
 
   context 'no body' do
     subject do
       endpoint = SiteInspector::Endpoint.new('http://example.com')
-      SiteInspector::Endpoint::Sniffer.new(endpoint)
+      described_class.new(endpoint)
     end
 
     it "knows when something isn't open source" do
       set_cookie('foo', 'bar')
-      expect(subject.open_source?).to eql(false)
+      expect(subject.open_source?).to be(false)
     end
 
     it 'detects PHP' do
       set_cookie('PHPSESSID', '1234')
-      expect(subject.framework).to eql(:php)
-      expect(subject.open_source?).to eql(true)
+      expect(subject.framework).to be(:php)
+      expect(subject.open_source?).to be(true)
     end
 
     it 'detects Expression Engine' do
       set_cookie('exp_csrf_token', '1234')
-      expect(subject.framework).to eql(:expression_engine)
-      expect(subject.open_source?).to eql(true)
+      expect(subject.framework).to be(:expression_engine)
+      expect(subject.open_source?).to be(true)
     end
 
     it 'detects cowboy' do
@@ -115,23 +117,23 @@ describe SiteInspector::Endpoint::Sniffer do
       stub_request(:head, 'http://example.com/')
         .to_return(status: 200, headers: { 'server' => 'Cowboy' })
 
-      expect(subject.framework).to eql(:cowboy)
-      expect(subject.open_source?).to eql(true)
+      expect(subject.framework).to be(:cowboy)
+      expect(subject.open_source?).to be(true)
     end
 
     it 'detects ColdFusion' do
       cookies = [
         CGI::Cookie.new(
-          'name'   => 'CFID',
-          'value'  => '1234',
+          'name' => 'CFID',
+          'value' => '1234',
           'domain' => 'example.com',
-          'path'   => '/'
+          'path' => '/'
         ),
         CGI::Cookie.new(
-          'name'   => 'CFTOKEN',
-          'value'  => '5678',
+          'name' => 'CFTOKEN',
+          'value' => '5678',
           'domain' => 'example.com',
-          'path'   => '/'
+          'path' => '/'
         )
       ].map(&:to_s)
 
@@ -141,8 +143,8 @@ describe SiteInspector::Endpoint::Sniffer do
       stub_request(:head, 'http://example.com/')
         .to_return(status: 200, headers: { 'set-cookie' => cookies })
 
-      expect(subject.framework).to eql(:coldfusion)
-      expect(subject.open_source?).to eql(false)
+      expect(subject.framework).to be(:coldfusion)
+      expect(subject.open_source?).to be(false)
     end
   end
 end

data/spec/checks/site_inspector_endpoint_wappalyzer_spec.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe SiteInspector::Endpoint::Wappalyzer do
+  subject { described_class.new(endpoint) }
+
+  let(:domain) { 'http://ben.balter.com.com' }
+  let(:endpoint) { SiteInspector::Endpoint.new(domain) }
+  let(:url) { "https://api.wappalyzer.com/lookup/v2/?urls=#{domain}/" }
+
+  before do
+    path = File.expand_path '../fixtures/wappalyzer.json', __dir__
+    body = File.read path
+    stub_request(:get, url).to_return(status: 200, body: body)
+  end
+
+  it 'returns the API response' do
+    expected = {
+      'Analytics' => ['Google Analytics'],
+      'CDN' => %w[Cloudflare Fastly],
+      'Caching' => ['Varnish'],
+      'Other' => %w[Disqus Jekyll],
+      'PaaS' => ['GitHub Pages'],
+      'Web frameworks' => ['Ruby on Rails']
+    }
+    expect(subject.to_h).to eql(expected)
+  end
+
+  it 'fails gracefully' do
+    stub_request(:get, url).to_return(status: 400, body: '')
+    expect(subject.to_h).to eql({})
+  end
+end

data/spec/checks/site_inspector_endpoint_whois_spec.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe SiteInspector::Endpoint::Whois do
+  subject do
+    stub_request(:head, site).to_return(status: 200)
+    endpoint = SiteInspector::Endpoint.new(site)
+    described_class.new(endpoint)
+  end
+
+  let(:site) { 'https://example.com' }
+
+  it 'returns the whois for the IP' do
+    expect(subject.ip).to match(/Derrick Sawyer/)
+  end
+
+  it 'returns the whois for the domain' do
+    expect(subject.domain).to match(/Domain Name: EXAMPLE\.COM/)
+  end
+
+  it 'returns the hash' do
+    expect(subject.to_h[:domain].keys.first).to eql('Domain Name')
+    expect(subject.to_h[:domain].values.first).to eql('EXAMPLE.COM')
+  end
+end

data/spec/fixtures/wappalyzer.json

@@ -0,0 +1,125 @@
+[
+   {
+      "url":"https://ben.balter.com",
+      "technologies":[
+         {
+            "slug":"cloudflare",
+            "name":"Cloudflare",
+            "versions":[
+               
+            ],
+            "trafficRank":11,
+            "categories":[
+               {
+                  "id":31,
+                  "slug":"cdn",
+                  "name":"CDN"
+               }
+            ]
+         },
+         {
+            "slug":"varnish",
+            "name":"Varnish",
+            "versions":[
+               
+            ],
+            "trafficRank":11,
+            "categories":[
+               {
+                  "id":23,
+                  "slug":"caching",
+                  "name":"Caching"
+               }
+            ]
+         },
+         {
+            "slug":"disqus",
+            "name":"Disqus",
+            "versions":[
+               
+            ],
+            "trafficRank":11,
+            "categories":[
+               
+            ]
+         },
+         {
+            "slug":"google-analytics",
+            "name":"Google Analytics",
+            "versions":[
+               
+            ],
+            "trafficRank":11,
+            "categories":[
+               {
+                  "id":10,
+                  "slug":"analytics",
+                  "name":"Analytics"
+               },
+               {
+                  "id":61,
+                  "slug":"saas",
+                  "name":"SaaS"
+               }
+            ]
+         },
+         {
+            "slug":"jekyll",
+            "name":"Jekyll",
+            "versions":[
+               "v3.9.0"
+            ],
+            "trafficRank":11,
+            "categories":[
+               
+            ]
+         },
+         {
+            "slug":"ruby-on-rails",
+            "name":"Ruby on Rails",
+            "versions":[
+               
+            ],
+            "trafficRank":11,
+            "categories":[
+               {
+                  "id":18,
+                  "slug":"web-frameworks",
+                  "name":"Web frameworks"
+               }
+            ]
+         },
+         {
+            "slug":"fastly",
+            "name":"Fastly",
+            "versions":[
+               
+            ],
+            "trafficRank":11,
+            "categories":[
+               {
+                  "id":31,
+                  "slug":"cdn",
+                  "name":"CDN"
+               }
+            ]
+         },
+         {
+            "slug":"github-pages",
+            "name":"GitHub Pages",
+            "versions":[
+               
+            ],
+            "trafficRank":11,
+            "categories":[
+               {
+                  "id":62,
+                  "slug":"paas",
+                  "name":"PaaS"
+               }
+            ]
+         }
+      ],
+      "crawl":true
+   }
+]