RubyGems - wmap - Versions diffs - 2.7.7 → 2.7.9 - Mend

wmap 2.7.7 → 2.7.9

Files changed (10) hide show

checksums.yaml +4 -4
data/dicts/tlds.txt +9 -30
data/lib/wmap/cidr_tracker.rb +3 -2
data/lib/wmap/utils/domain_root.rb +1 -1
data/lib/wmap/utils/utils.rb +10 -12
data/lib/wmap/utils/wp_detect.rb +5 -1
data/test/cidr_tracker_test.rb +36 -0
data/test/utils_test.rb +51 -46
data/version.txt +2 -2
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 559cac84dd38902d968cc9e7327e77115ae3f946020caa21b7743ceb5777a96f
-  data.tar.gz: a4dcc0eafc10d7497c47c1f9955774b880ae5cdafa5ed0c6904ef5362087bd98
+  metadata.gz: 723c7f71bbe80edf1e1c2ed5cad74fe045a8d3e6494b6394921cdd4546d562e7
+  data.tar.gz: 072757ff8e19fee784c3387e362ce9feef86bb7869998df86f8c55437dc9b199
 SHA512:
-  metadata.gz: 0b430ed1da47cefd8cb8a7bedddd75ed2e7b1dafbfe94cdb2185ad2eb7e26d69a1429e79a9ece6b3cc68d6d964161f092e1143a00c0c64e241e930304d9e5a65
-  data.tar.gz: fe4d50b292849e51c202f47083c0837228d11934eb0d71c5a6262da24467480ce26994f5db91bdae5cf3b52dc0e6ef4fef698396575e820779c7420c731d0d87
+  metadata.gz: f783d31ad51063734b4ba54cc683399196b838d482cff57d9a27643bcb81451653475953aa2ae4ece6e277ec3756e3a3db05e250c2a6be9595fd7df993088088
+  data.tar.gz: 6502c7c0f5b989440b0dd4f849a1665ddf37cb0cb2d90a673ae31e9928148a1bff164111f46696578b0833ef5ca97a376bfc46793d032bc4596986fd57c1c74b

data/dicts/tlds.txt CHANGED Viewed

@@ -1,5 +1,5 @@
 # http://data.iana.org/TLD/tlds-alpha-by-domain.txt
-# Version 2018110500, Last Updated Mon Nov  5 07:07:02 2018 UTC
+# Version 2020033000, Last Updated Mon Mar 30 07:07:01 2020 UTC
 AAA
 AARP
 ABARTH
@@ -16,7 +16,6 @@ ACCENTURE
 ACCOUNTANT
 ACCOUNTANTS
 ACO
-ACTIVE
 ACTOR
 AD
 ADAC
@@ -146,7 +145,6 @@ BIZ
 BJ
 BLACK
 BLACKFRIDAY
-BLANCO
 BLOCKBUSTER
 BLOG
 BLOOMBERG
@@ -155,7 +153,6 @@ BM
 BMS
 BMW
 BN
-BNL
 BNPPARIBAS
 BO
 BOATS
@@ -214,7 +211,6 @@ CARE
 CAREER
 CAREERS
 CARS
-CARTIER
 CASA
 CASE
 CASEIH
@@ -247,7 +243,6 @@ CHEAP
 CHINTAI
 CHRISTMAS
 CHROME
-CHRYSLER
 CHURCH
 CI
 CIPRIANI
@@ -299,6 +294,7 @@ COUNTRY
 COUPON
 COUPONS
 COURSES
+CPA
 CR
 CREDIT
 CREDITCARD
@@ -360,9 +356,7 @@ DNP
 DO
 DOCS
 DOCTOR
-DODGE
 DOG
-DOHA
 DOMAINS
 DOT
 DOWNLOAD
@@ -371,7 +365,6 @@ DTV
 DUBAI
 DUCK
 DUNLOP
-DUNS
 DUPONT
 DURBAN
 DVAG
@@ -392,7 +385,6 @@ ENERGY
 ENGINEER
 ENGINEERING
 ENTERPRISES
-EPOST
 EPSON
 EQUIPMENT
 ER
@@ -408,7 +400,6 @@ EU
 EUROVISION
 EUS
 EVENTS
-EVERBANK
 EXCHANGE
 EXPERT
 EXPOSED
@@ -488,6 +479,7 @@ GAME
 GAMES
 GAP
 GARDEN
+GAY
 GB
 GBIZ
 GD
@@ -580,7 +572,6 @@ HOMEGOODS
 HOMES
 HOMESENSE
 HONDA
-HONEYWELL
 HORSE
 HOSPITAL
 HOST
@@ -634,7 +625,6 @@ IQ
 IR
 IRISH
 IS
-ISELECT
 ISMAILI
 IST
 ISTANBUL
@@ -699,12 +689,10 @@ KYOTO
 KZ
 LA
 LACAIXA
-LADBROKES
 LAMBORGHINI
 LAMER
 LANCASTER
 LANCIA
-LANCOME
 LAND
 LANDROVER
 LANXESS
@@ -725,7 +713,6 @@ LEGO
 LEXUS
 LGBT
 LI
-LIAISON
 LIDL
 LIFE
 LIFEINSURANCE
@@ -744,6 +731,7 @@ LIVING
 LIXIL
 LK
 LLC
+LLP
 LOAN
 LOANS
 LOCKER
@@ -819,7 +807,6 @@ MN
 MO
 MOBI
 MOBILE
-MOBILY
 MODA
 MOE
 MOI
@@ -827,7 +814,6 @@ MOM
 MONASH
 MONEY
 MONSTER
-MOPAR
 MORMON
 MORTGAGE
 MOSCOW
@@ -835,7 +821,6 @@ MOTO
 MOTORCYCLES
 MOV
 MOVIE
-MOVISTAR
 MP
 MQ
 MR
@@ -854,7 +839,6 @@ MY
 MZ
 NA
 NAB
-NADEX
 NAGOYA
 NAME
 NATIONWIDE
@@ -955,7 +939,6 @@ PHOTO
 PHOTOGRAPHY
 PHOTOS
 PHYSIO
-PIAGET
 PICS
 PICTET
 PICTURES
@@ -1152,18 +1135,16 @@ SONG
 SONY
 SOY
 SPACE
-SPIEGEL
 SPORT
 SPOT
 SPREADBETTING
 SR
 SRL
-SRT
+SS
 ST
 STADA
 STAPLES
 STAR
-STARHUB
 STATEBANK
 STATEFARM
 STC
@@ -1211,7 +1192,6 @@ TEAM
 TECH
 TECHNOLOGY
 TEL
-TELEFONICA
 TEMASEK
 TENNIS
 TEVA
@@ -1271,7 +1251,6 @@ TZ
 UA
 UBANK
 UBS
-UCONNECT
 UG
 UK
 UNICOM
@@ -1305,7 +1284,6 @@ VIP
 VIRGIN
 VISA
 VISION
-VISTAPRINT
 VIVA
 VIVO
 VLAANDEREN
@@ -1324,7 +1302,6 @@ WALMART
 WALTER
 WANG
 WANGGOU
-WARMAN
 WATCH
 WATCHES
 WEATHER
@@ -1452,13 +1429,14 @@ XN--MGBA7C0BBN0A
 XN--MGBAAKC7DVF
 XN--MGBAAM7A8H
 XN--MGBAB2BD
+XN--MGBAH1A3HJKRD
 XN--MGBAI9AZGQP6J
 XN--MGBAYH7GPA
-XN--MGBB9FBPOB
 XN--MGBBH1A
 XN--MGBBH1A71E
 XN--MGBC0A9AZCG
 XN--MGBCA7DZDO
+XN--MGBCPQ6GPA1A
 XN--MGBERP4A5D4AR
 XN--MGBGU82A
 XN--MGBI4ECEXP
@@ -1484,8 +1462,10 @@ XN--P1AI
 XN--PBT977C
 XN--PGBS0DH
 XN--PSSY2U
+XN--Q7CE6A
 XN--Q9JYB4C
 XN--QCKA1PMC
+XN--QXA6A
 XN--QXAM
 XN--RHQV96G
 XN--ROVU88B
@@ -1530,7 +1510,6 @@ ZAPPOS
 ZARA
 ZERO
 ZIP
-ZIPPO
 ZM
 ZONE
 ZUERICH

data/lib/wmap/cidr_tracker.rb CHANGED Viewed

@@ -99,8 +99,8 @@ class Wmap::CidrTracker
 		#@known_cidr_blks_asce_index=NetAddr.sort(@known_cidr_blks.keys, :Desc=>false)
 		@known_cidr_blks_asce_index=@known_cidr_blks.keys.sort
 		@known_cidr_blks_desc_index=@known_cidr_blks_asce_index.reverse
-	#rescue => ee
-	#	puts "Exception on method #{__method__}: #{ee}" # if @verbose
+	rescue => ee
+		puts "Exception on method #{__method__}: #{ee}" # if @verbose
 	end
 	# 'setter' to remove an entry to CIDR store @known_cidr_blks
@@ -167,6 +167,7 @@ class Wmap::CidrTracker
 			known = cidr4.contains?(ip+'/32')
 			break if known
 		end
+		return known
 	rescue => ee
 		puts "Exception on method #{__method__}: #{ee}" if @verbose
 		return false

data/lib/wmap/utils/domain_root.rb CHANGED Viewed

@@ -192,7 +192,7 @@ module Wmap
 	# Function to print instance variable - General top level domain list
 	def print_gtld
 		puts @gtld
-    return @gtld
+    return @gtld
 	end
 	# Function to print instance variable - Country code top-level domain list

data/lib/wmap/utils/utils.rb CHANGED Viewed

@@ -159,20 +159,18 @@ module Wmap
 	# Simple test a host string format. Return true if it contains a valid internet domain sub-string. Note: Don't be confused with another method 'valid_dns_record?', which is a stricter and time-consuming test on the DNS server for a resolvable internet host.
 	def is_fqdn? (host)
 		puts "Validate the host-name format is valid: #{host}" if @verbose
-		begin
-			return false if is_ip?(host) or is_url?(host)
-			domain=get_domain_root(host)
-			if domain.nil?
-				return false
-			elsif is_domain_root?(domain)
-				return true
-			else
-				return false
-			end
-		rescue => ee
-			puts "Exception on method is_fqdn? for #{host}: #{ee}" if @verbose
+		return false if is_ip?(host) or is_url?(host)
+		domain=get_domain_root(host)
+		if domain.nil?
+			return false
+		elsif is_domain_root?(domain)
+			return true
+		else
 			return false
 		end
+#	rescue => ee
+#		puts "Exception on method is_fqdn? for #{host}: #{ee}" if @verbose
+#		return false
 	end
 	alias_method :is_host?, :is_fqdn?

data/lib/wmap/utils/wp_detect.rb CHANGED Viewed

@@ -239,7 +239,11 @@ module Wmap
   	      if tag.to_s.include?(pattern)
   					puts tag.to_s if @verbose
   					k=nil
-  	        return tag.to_s.scan(/[\d+\.]+\d+/).first
+            if tag.to_s.scan(/[\d+\.]+\d+/).first =~ /\d+\./
+  	           return tag.to_s.scan(/[\d+\.]+\d+/).first
+             else
+               return nil
+             end
   	      end
   			end
       end

data/test/cidr_tracker_test.rb ADDED Viewed

@@ -0,0 +1,36 @@
+#--
+# Wmap
+#
+# A pure Ruby library for the Internet web application discovery and tracking.
+#
+# Copyright (c) 2012-2015 Yang Li <yang.li@owasp.org>
+#++
+# Unit Test File for Wmap::DomainTracker.instance class
+require "minitest/autorun"
+require "Wmap"
+class CidrTrackerTest < MiniTest::Unit::TestCase
+	include Wmap::Utils
+	def test_cidr_add
+		w = Wmap::CidrTracker.new
+		w.add("192.168.1.0/24")
+		assert_equal true, w.known_cidr_blks.key?("192.168.1.0/24")
+	end
+	def test_cidr_delete
+		w = Wmap::CidrTracker.new
+		w.add("10.0.0.0/8")
+		w.delete("10.0.0.0/8")
+		assert_equal false, w.known_cidr_blks.key?("10.0.0.0/8")
+	end
+	def test_ip_trusted?
+		w = Wmap::CidrTracker.new
+		w.add("192.168.1.0/24")
+		assert_equal true, w.ip_trusted?("192.168.1.1")
+		assert_equal true, w.ip_trusted?("192.168.1.255")
+	end
+end

data/test/utils_test.rb CHANGED Viewed

@@ -12,7 +12,7 @@ require "Wmap"
 class UtilsTest < MiniTest::Unit::TestCase
 	include Wmap::Utils
 	def test_sld_domain_conversion
 		assert_equal "yahoo.com", get_domain_root("yahoo.com")
 	end
@@ -28,75 +28,75 @@ class UtilsTest < MiniTest::Unit::TestCase
 	def test_is_domain_root_case_1?
 		assert_equal false, is_domain_root?("www.yahoo.co.uk")
 	end
 	def test_is_domain_root_case_2?
 		assert_equal true, is_domain_root?("yahoo.co.uk")
 	end
 	def test_get_sub_domain
 		assert_equal "mail.yahoo.co.uk", get_sub_domain("www.mail.yahoo.co.uk")
 	end
 	def test_is_url_case_1?
 		assert_equal true, is_url?("http://www.mail.yahoo.co.uk/")
-	end
+	end
 	def test_is_url_case_2?
 		assert_equal true, is_url?("https://www.mail.yahoo.co.uk/")
-	end
+	end
 	def test_is_url_case_3?
 		assert_equal false, is_url?("http://www.mail.yahoo.uii/")
-	end
+	end
 	def test_is_url_case_4?
 		assert_equal false, is_url?("http:\\www.mail.yahoo.co.uk")
-	end
+	end
 	def test_is_ssl?
 		assert_equal false, is_ssl?("http://www.mail.yahoo.co.uk/")
-	end
+	end
 	def test_is_site?
 		assert_equal false, is_site?("https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com")
-	end
+	end
 	def test_url_2_host
 		assert_equal "login.yahoo.com", url_2_host("https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com")
-	end
+	end
 	def test_url_2_site_case_1
 		assert_equal "https://login.yahoo.com/", url_2_site("https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com")
-	end
+	end
 	def test_url_2_site_case_2
 		assert_equal "https://login.yahoo.com/", url_2_site("https://login.yahoo.com?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com")
-	end
+	end
 	def test_url_2_site_case_3
 		assert_equal "https://login.yahoo.com/", url_2_site("https://login.yahoo.com#.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com")
-	end
+	end
 	def test_url_2_path
 		assert_equal "/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com", url_2_path("https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com")
-	end
+	end
 	def test_urls_on_same_domain?
 		assert_equal true, urls_on_same_domain?("https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.com", "https://us-mg4.mail.yahoo.com/neo/launch?.rand=8hjd08hc6t1lq")
-	end
+	end
 	def test_host_2_url_case_1
 		assert_equal "https://mail.yahoo.com/", host_2_url("mail.yahoo.com",443)
-	end
+	end
 	def test_host_2_url_case_2
 		assert_equal "http://mail.yahoo.com/", host_2_url("mail.yahoo.com")
-	end
+	end
 	def test_make_absolute
 		assert_equal "http://games.yahoo.com/game/the-magic-snowman-flash.html", make_absolute("http://games.yahoo.com/","game/the-magic-snowman-flash.html")
 	end
 	def test_create_absolute_url_from_base
 		assert_equal "http://images.search.yahoo.com/search/images?p=raiders", create_absolute_url_from_base("http://images.search.yahoo.com/images","/search/images?p=raiders")
 	end
@@ -108,7 +108,7 @@ class UtilsTest < MiniTest::Unit::TestCase
 	def test_normalize_url_case_1
 		assert_equal "http://images.search.yahoo.com/images/search/images?p=raiders", normalize_url("http://images.search.yahoo.com/./images/search/images?p=raiders")
 	end
 	def test_normalize_url_case_2
 		assert_equal "http://images.search.yahoo.com/images/search/images?p=raiders", normalize_url("http://images.search.yahoo.com/../images/../search/images?p=raiders")
 	end
@@ -116,53 +116,58 @@ class UtilsTest < MiniTest::Unit::TestCase
 	def test_normalize_url_case_3
 		assert_equal "http://images.search.yahoo.com/images/search/images?p=raiders", normalize_url("http://images.search.yahoo.com./../images/../search/images?p=raiders")
 	end
 	def test_is_ip_case_1?
 		assert_equal false, is_ip?("256.2.3.1")
-	end
+	end
 	def test_is_ip_case_2?
 		assert_equal false, is_ip?("25.2.3.1.22")
-	end
+	end
 	def test_is_ip_case_3?
 		assert_equal true, is_ip?("196.168.230.1")
-	end
+	end
 	def test_is_fqdn_case_1?
 		assert_equal true, is_fqdn?("images.search.yahoo.com")
-	end
+	end
 	def test_is_fqdn_case_2?
 		assert_equal true, is_fqdn?("yahoo.com")
-	end
+	end
 	def test_is_fqdn_case_3?
-		assert_equal false, is_fqdn?("images.search.yahoo")
-	end
+		# according to latest tlds list - http://data.iana.org/TLD/tlds-alpha-by-domain.txt
+		assert_equal true, is_fqdn?("images.search.yahoo")
+	end
 	def test_is_fqdn_case_4?
 		assert_equal false, is_fqdn?("images")
-	end
+	end
+	def test_is_fqdn_case_5?
+		assert_equal false, is_fqdn?("images.search.gargle")
+	end
 	def test_is_cidr_case_1?
 		assert_equal false, is_cidr?("196.168.230.1")
-	end
+	end
 	def test_is_cidr_case_2?
 		assert_equal false, is_cidr?("196.168.2.257/12")
-	end
+	end
 	def test_is_cidr_case_3?
 		assert_equal true, is_cidr?("196.168.2.25/12")
-	end
+	end
 	def test_cidr_2_ips
 		assert_equal ["192.168.1.1"], cidr_2_ips("192.168.1.1/32")
-	end
+	end
 	def test_sort_ips
 		assert_equal ["192.168.1.1", "192.168.1.2", "192.168.2.1"], sort_ips(["192.168.1.2", "192.168.2.1","192.168.1.1"])
-	end
+	end
 end

data/version.txt CHANGED Viewed

@@ -3,8 +3,8 @@
 ###############################################################################
 package = wmap
 # wmap version 2.0 == web_discovery version 1.5.3
-version = 2.7.7
-date = 2020-03-24
+version = 2.7.9
+date = 2020-03-30
 author = Sam (Yang) Li
 email = yang.li@owasp.org

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wmap
 version: !ruby/object:Gem::Version
-  version: 2.7.7
+  version: 2.7.9
 platform: ruby
 authors:
 - Sam (Yang) Li
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-24 00:00:00.000000000 Z
+date: 2020-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dnsruby
@@ -309,6 +309,7 @@ files:
 - settings/google_keywords.txt
 - settings/google_locator.txt
 - settings/tag_signatures
+- test/cidr_tracker_test.rb
 - test/domain_tracker_test.rb
 - test/utils_test.rb
 - version.txt