wpscan 3.0.6 → 3.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/app/finders/plugin_version/readme.rb +1 -1
  3. data/app/finders/wp_version/homepage_stylesheet_numbers.rb +1 -1
  4. data/app/finders/wp_version/readme.rb +1 -1
  5. data/app/models/theme.rb +1 -1
  6. data/app/views/cli/core/banner.erb +2 -2
  7. data/app/views/json/core/banner.erb +1 -2
  8. data/lib/wpscan/db/dynamic_finders.rb +1 -1
  9. data/lib/wpscan/db/updater.rb +2 -1
  10. data/lib/wpscan/helper.rb +1 -2
  11. data/lib/wpscan/target.rb +1 -1
  12. data/lib/wpscan/version.rb +1 -1
  13. metadata +32 -32
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 798d7f0db156c00bfee19eb7f540ffd6a1884ef1
4
- data.tar.gz: 89eba229e55e42aa5629e76a8f6ca38e6e1a36a8
3
+ metadata.gz: ed3de498e51c238a7e24107458e1477fbffb1ef7
4
+ data.tar.gz: 1ef206317a8afedd6f3aa35450b23a79387665d2
5
5
  SHA512:
6
- metadata.gz: 8af7943d9c8ed54283853d0c9a89d397847d66262f53888c820f177cbc3d86642b6eba9131955cc3fe4406632a38c4fd61b765ac25cee578ae239a637f70a4ea
7
- data.tar.gz: 2d356dcfe246a074bc47fd24a4e8bb7b52e253d47a6a0c491b6ff7a6912d283fabb0db7a495c0a1ab03ca7011699c09031e4664b02e6a0811a50732f63b4702e
6
+ metadata.gz: ebb51a41461bcdb1fe4b923aa0fb03995e975dd0f0866fb06272a098c9c28506ef0a19f347972b49a184b6205ac84b5710850d9937981c3e1a92d54301c72402
7
+ data.tar.gz: 4fffa45ccaa80baa7f7b5019bc682ee73ffc05447287315ee6320dd1103871617c10d316845c3fd7b370a5888183ff29e497301d46ba5a67c3af5d51e4984b4d
data/app/finders/plugin_version/readme.rb CHANGED
@@ -66,7 +66,7 @@ module WPScan
66
66
  sorted = extracted_versions.sort do |x, y|
67
67
  begin
68
68
  Gem::Version.new(x) <=> Gem::Version.new(y)
69
- rescue
69
+ rescue StandardError
70
70
  0
71
71
  end
72
72
  end
data/app/finders/wp_version/homepage_stylesheet_numbers.rb CHANGED
@@ -43,7 +43,7 @@ module WPScan
43
43
 
44
44
  target.in_scope_urls(Browser.get(url), '//link|//script') do |stylesheet_url, _tag|
45
45
  uri = Addressable::URI.parse(stylesheet_url)
46
- next unless uri.query && uri.query.match(pattern)
46
+ next unless uri.query&.match(pattern)
47
47
 
48
48
  version = Regexp.last_match[1].to_s
49
49
 
data/app/finders/wp_version/readme.rb CHANGED
@@ -9,7 +9,7 @@ module WPScan
9
9
 
10
10
  node = Browser.get(readme_url).html.css('h1#logo').last
11
11
 
12
- return unless node && node.text.to_s.strip =~ /\AVersion (.*)\z/i
12
+ return unless node&.text.to_s.strip =~ /\AVersion (.*)\z/i
13
13
 
14
14
  number = Regexp.last_match(1)
15
15
 
data/app/models/theme.rb CHANGED
@@ -89,7 +89,7 @@ module WPScan
89
89
  def parse_style_tag(body, tag)
90
90
  value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
91
91
 
92
- value && !value.strip.empty? ? value.strip : nil
92
+ value && !value.strip.empty? ? value.strip : nil # rubocop:disable Style/SafeNavigation
93
93
  end
94
94
 
95
95
  def ==(other)
data/app/views/cli/core/banner.erb CHANGED
@@ -1,7 +1,7 @@
1
1
  _______________________________________________________________
2
2
  __ _______ _____
3
3
  \ \ / / __ \ / ____|
4
- \ \ /\ / /| |__) | (___ ___ __ _ _ __
4
+ \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
5
5
  \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
6
6
  \ /\ / | | ____) | (__| (_| | | | |
7
7
  \/ \/ |_| |_____/ \___|\__,_|_| |_|
@@ -9,6 +9,6 @@ _______________________________________________________________
9
9
  WordPress Security Scanner by the WPScan Team
10
10
  Version <%= WPScan::VERSION %>
11
11
  Sponsored by Sucuri - https://sucuri.net
12
- @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
12
+ @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
13
13
  _______________________________________________________________
14
14
 
data/app/views/json/core/banner.erb CHANGED
@@ -4,8 +4,7 @@
4
4
  "authors": [
5
5
  "@_WPScan_",
6
6
  "@ethicalhack3r",
7
- "@erwan_lr",
8
- "pvdl",
7
+ "@erwan_lr"
9
8
  "@_FireFart_"
10
9
  ],
11
10
  "sponsored_by": "Sucuri - https://sucuri.net"
data/lib/wpscan/db/dynamic_finders.rb CHANGED
@@ -9,7 +9,7 @@ module WPScan
9
9
 
10
10
  # @return [ Hash ]
11
11
  def self.db_data
12
- @db_data ||= YAML.load_file(db_file)
12
+ @db_data ||= YAML.safe_load(File.read(db_file), [Regexp])
13
13
  end
14
14
 
15
15
  # @return [ Hash ]
data/lib/wpscan/db/updater.rb CHANGED
@@ -139,8 +139,9 @@ module WPScan
139
139
  dl_checksum = download(filename)
140
140
 
141
141
  raise "#{filename}: checksums do not match" unless dl_checksum == db_checksum
142
+
142
143
  updated << filename
143
- rescue => e
144
+ rescue StandardError => e
144
145
  restore_backup(filename)
145
146
  raise e
146
147
  ensure
data/lib/wpscan/helper.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  def read_json_file(file)
2
- # p "Reading #{file}"
3
2
  JSON.parse(File.read(file))
4
- rescue => e
3
+ rescue StandardError => e
5
4
  raise "JSON parsing error in #{file} #{e}"
6
5
  end
data/lib/wpscan/target.rb CHANGED
@@ -8,7 +8,7 @@ module WPScan
8
8
  # @return [ Boolean ]
9
9
  def vulnerable?
10
10
  [@wp_version, @main_theme, @plugins, @themes, @timthumbs].each do |e|
11
- [*e].each { |ae| return true if ae && ae.vulnerable? }
11
+ [*e].each { |ae| return true if ae && ae.vulnerable? } # rubocop:disable Style/SafeNavigation
12
12
  end
13
13
 
14
14
  return true unless [*@config_backups].empty?
data/lib/wpscan/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module WPScan
3
- VERSION = '3.0.6'.freeze
3
+ VERSION = '3.0.7'.freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.6
4
+ version: 3.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-28 00:00:00.000000000 Z
11
+ date: 2017-11-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,126 +16,126 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.0.37.12
19
+ version: 0.0.38.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.0.37.12
26
+ version: 0.0.38.1
27
27
  - !ruby/object:Gem::Dependency
28
- name: yajl-ruby
28
+ name: activesupport
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '1.3'
33
+ version: '5.1'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '1.3'
40
+ version: '5.1'
41
41
  - !ruby/object:Gem::Dependency
42
- name: activesupport
42
+ name: yajl-ruby
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '5.1'
47
+ version: '1.3'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '5.1'
54
+ version: '1.3'
55
55
  - !ruby/object:Gem::Dependency
56
- name: rake
56
+ name: bundler
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '12.0'
61
+ version: '1.6'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '12.0'
68
+ version: '1.6'
69
69
  - !ruby/object:Gem::Dependency
70
- name: rspec
70
+ name: coveralls
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 3.7.0
75
+ version: 0.8.0
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 3.7.0
82
+ version: 0.8.0
83
83
  - !ruby/object:Gem::Dependency
84
- name: rspec-its
84
+ name: rake
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: 1.2.0
89
+ version: '12.0'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: 1.2.0
96
+ version: '12.0'
97
97
  - !ruby/object:Gem::Dependency
98
- name: bundler
98
+ name: rspec
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: '1.6'
103
+ version: 3.7.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: '1.6'
110
+ version: 3.7.0
111
111
  - !ruby/object:Gem::Dependency
112
- name: rubocop
112
+ name: rspec-its
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.50.0
117
+ version: 1.2.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.50.0
124
+ version: 1.2.0
125
125
  - !ruby/object:Gem::Dependency
126
- name: webmock
126
+ name: rubocop
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.22.0
131
+ version: 0.51.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.22.0
138
+ version: 0.51.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: simplecov
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -151,19 +151,19 @@ dependencies:
151
151
  - !ruby/object:Gem::Version
152
152
  version: 0.14.0
153
153
  - !ruby/object:Gem::Dependency
154
- name: coveralls
154
+ name: webmock
155
155
  requirement: !ruby/object:Gem::Requirement
156
156
  requirements:
157
157
  - - "~>"
158
158
  - !ruby/object:Gem::Version
159
- version: 0.8.0
159
+ version: 1.22.0
160
160
  type: :development
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - "~>"
165
165
  - !ruby/object:Gem::Version
166
- version: 0.8.0
166
+ version: 1.22.0
167
167
  description: WPScan is a black box WordPress vulnerability scanner.
168
168
  email:
169
169
  - team@wpscan.org
@@ -340,7 +340,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
340
340
  requirements:
341
341
  - - ">="
342
342
  - !ruby/object:Gem::Version
343
- version: 2.2.2
343
+ version: '2.3'
344
344
  required_rubygems_version: !ruby/object:Gem::Requirement
345
345
  requirements:
346
346
  - - ">="