RubyGems - wpscan - Versions diffs - 3.8.28 → 4.0.0 - Mend

wpscan 3.8.28 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

checksums.yaml +4 -4
data/README.md +104 -30
data/app/app.rb +26 -0
data/app/controllers/aliases.rb +2 -2
data/app/controllers/authenticated_inventory.rb +43 -0
data/app/controllers/core/cli_options.rb +151 -0
data/app/controllers/core.rb +200 -25
data/app/controllers/custom_directories.rb +1 -1
data/app/controllers/enumeration/cli_options.rb +21 -31
data/app/controllers/enumeration/enum_methods.rb +145 -38
data/app/controllers/enumeration.rb +26 -3
data/app/controllers/interesting_findings.rb +25 -0
data/app/controllers/main_theme.rb +1 -1
data/app/controllers/password_attack.rb +14 -6
data/app/controllers/vuln_api.rb +9 -3
data/app/controllers/wp_version.rb +1 -1
data/app/controllers.rb +1 -0
data/app/finders/backup_folders/known_locations.rb +66 -0
data/app/finders/backup_folders.rb +19 -0
data/app/finders/config_backups/known_filenames.rb +6 -4
data/app/finders/config_backups.rb +1 -1
data/app/finders/db_exports/known_locations.rb +16 -14
data/app/finders/db_exports.rb +1 -1
data/app/finders/interesting_findings/backup_db.rb +1 -1
data/app/finders/interesting_findings/debug_log.rb +1 -1
data/app/finders/interesting_findings/duplicator_installer_log.rb +1 -1
data/app/finders/interesting_findings/emergency_pwd_reset_script.rb +1 -1
data/app/finders/interesting_findings/fantastico_fileslist.rb +21 -0
data/app/finders/interesting_findings/full_path_disclosure.rb +1 -1
data/app/finders/interesting_findings/headers.rb +17 -0
data/app/finders/interesting_findings/mu_plugins.rb +1 -1
data/app/finders/interesting_findings/multisite.rb +1 -1
data/app/finders/interesting_findings/php_disabled.rb +2 -2
data/app/finders/interesting_findings/readme.rb +1 -1
data/app/finders/interesting_findings/registration.rb +1 -1
data/app/finders/interesting_findings/robots_txt.rb +20 -0
data/app/finders/interesting_findings/search_replace_db_2.rb +19 -0
data/app/finders/interesting_findings/tmm_db_migrate.rb +1 -1
data/app/finders/interesting_findings/upload_directory_listing.rb +1 -1
data/app/finders/interesting_findings/upload_sql_dump.rb +2 -2
data/app/finders/interesting_findings/wp_cron.rb +1 -1
data/app/finders/interesting_findings/xml_rpc.rb +61 -0
data/app/finders/interesting_findings.rb +13 -4
data/app/finders/main_theme/css_style_in_homepage.rb +1 -1
data/app/finders/main_theme/urls_in_homepage.rb +3 -7
data/app/finders/main_theme/woo_framework_meta_generator.rb +4 -4
data/app/finders/main_theme.rb +1 -1
data/app/finders/medias/attachment_brute_forcing.rb +2 -2
data/app/finders/medias.rb +1 -1
data/app/finders/passwords/wp_login.rb +2 -2
data/app/finders/passwords/xml_rpc.rb +2 -2
data/app/finders/passwords/xml_rpc_multicall.rb +1 -1
data/app/finders/plugin_version/readme.rb +1 -1
data/app/finders/plugin_version.rb +1 -1
data/app/finders/plugins/known_locations.rb +17 -7
data/app/finders/plugins/urls_in_homepage.rb +3 -7
data/app/finders/plugins/wp_json_api.rb +85 -0
data/app/finders/plugins.rb +2 -1
data/app/finders/theme_version/style.rb +1 -1
data/app/finders/theme_version/woo_framework_meta_generator.rb +1 -1
data/app/finders/theme_version.rb +1 -1
data/app/finders/themes/known_locations.rb +12 -6
data/app/finders/themes/urls_in_homepage.rb +3 -7
data/app/finders/themes/wp_json_api.rb +74 -0
data/app/finders/themes.rb +2 -1
data/app/finders/timthumb_version/bad_request.rb +1 -1
data/app/finders/timthumb_version.rb +1 -1
data/app/finders/timthumbs/known_locations.rb +6 -4
data/app/finders/timthumbs.rb +1 -1
data/app/finders/users/author_id_brute_forcing.rb +11 -7
data/app/finders/users/author_posts.rb +1 -1
data/app/finders/users/author_sitemap.rb +1 -1
data/app/finders/users/login_error_messages.rb +1 -1
data/app/finders/users/oembed_api.rb +3 -1
data/app/finders/users/wp_json_api.rb +11 -7
data/app/finders/users.rb +1 -1
data/app/finders/wp_version/atom_generator.rb +1 -1
data/app/finders/wp_version/rdf_generator.rb +1 -1
data/app/finders/wp_version/readme.rb +1 -1
data/app/finders/wp_version/rss_generator.rb +1 -1
data/app/finders/wp_version/unique_fingerprinting.rb +2 -2
data/app/finders/wp_version.rb +1 -1
data/app/finders.rb +1 -0
data/app/formatters/cli.rb +79 -0
data/app/formatters/cli_no_color.rb +9 -0
data/app/formatters/cli_no_colour.rb +17 -0
data/app/formatters/json.rb +14 -0
data/app/formatters/jsonl.rb +29 -0
data/app/formatters/sarif.rb +311 -0
data/app/models/backup_folder.rb +39 -0
data/app/models/fantastico_fileslist.rb +34 -0
data/app/models/headers.rb +44 -0
data/app/models/interesting_finding.rb +41 -2
data/app/models/plugin.rb +8 -2
data/app/models/robots_txt.rb +31 -0
data/app/models/search_replace_db_2.rb +17 -0
data/app/models/theme.rb +9 -2
data/app/models/timthumb.rb +2 -2
data/app/models/user.rb +35 -0
data/app/models/version.rb +49 -0
data/app/models/wp_item/wordpress_org_data.rb +55 -0
data/app/models/wp_item.rb +109 -9
data/app/models/wp_version.rb +2 -2
data/app/models/xml_rpc.rb +73 -3
data/app/models.rb +2 -1
data/app/user_agents.txt +46 -0
data/app/views/cli/core/banner.erb +3 -3
data/app/views/cli/core/finished.erb +15 -0
data/app/views/cli/core/help.erb +4 -0
data/app/views/cli/core/started.erb +11 -0
data/app/views/cli/enumeration/backup_folders.erb +11 -0
data/app/views/cli/enumeration/plugin.erb +13 -0
data/app/views/cli/enumeration/plugins.erb +1 -12
data/app/views/cli/enumeration/theme.erb +4 -0
data/app/views/cli/enumeration/themes.erb +1 -3
data/app/views/cli/enumeration/user.erb +4 -0
data/app/views/cli/enumeration/users.erb +1 -3
data/app/views/cli/finding.erb +1 -1
data/app/views/cli/interesting_findings/_array.erb +10 -0
data/app/views/cli/interesting_findings/findings.erb +23 -0
data/app/views/cli/scan_aborted.erb +5 -0
data/app/views/cli/update_aborted.erb +5 -0
data/app/views/cli/vuln_api/status.erb +2 -0
data/app/views/cli/vulnerability.erb +6 -0
data/app/views/cli/wp_item.erb +4 -1
data/app/views/json/core/banner.erb +2 -8
data/app/views/json/core/finished.erb +13 -0
data/app/views/json/core/help.erb +4 -0
data/app/views/json/core/started.erb +10 -0
data/app/views/json/enumeration/backup_folders.erb +11 -0
data/app/views/json/enumeration/plugin.erb +15 -0
data/app/views/json/enumeration/theme.erb +5 -0
data/app/views/json/enumeration/user.erb +6 -0
data/app/views/json/finding.erb +8 -2
data/app/views/json/interesting_findings/findings.erb +24 -0
data/app/views/json/notice.erb +1 -0
data/app/views/json/scan_aborted.erb +5 -0
data/app/views/json/update_aborted.erb +5 -0
data/app/views/json/vuln_api/status.erb +2 -0
data/app/views/json/wp_item.erb +4 -1
data/bin/wpscan +1 -0
data/lib/opt_parse_validator/config_files_loader_merger/base.rb +26 -0
data/lib/opt_parse_validator/config_files_loader_merger/json.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger/yml.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger.rb +62 -0
data/lib/opt_parse_validator/errors.rb +9 -0
data/lib/opt_parse_validator/hacks.rb +19 -0
data/lib/opt_parse_validator/opts/alias.rb +28 -0
data/lib/opt_parse_validator/opts/array.rb +34 -0
data/lib/opt_parse_validator/opts/base.rb +142 -0
data/lib/opt_parse_validator/opts/boolean.rb +19 -0
data/lib/opt_parse_validator/opts/choice.rb +43 -0
data/lib/opt_parse_validator/opts/credentials.rb +15 -0
data/lib/opt_parse_validator/opts/directory_path.rb +17 -0
data/lib/opt_parse_validator/opts/file_path.rb +34 -0
data/lib/opt_parse_validator/opts/headers.rb +33 -0
data/lib/opt_parse_validator/opts/integer.rb +15 -0
data/lib/opt_parse_validator/opts/integer_range.rb +37 -0
data/lib/opt_parse_validator/opts/multi_choices.rb +135 -0
data/lib/opt_parse_validator/opts/path.rb +78 -0
data/lib/opt_parse_validator/opts/positive_integer.rb +16 -0
data/lib/opt_parse_validator/opts/proxy.rb +7 -0
data/lib/opt_parse_validator/opts/regexp.rb +14 -0
data/lib/opt_parse_validator/opts/smart_list.rb +30 -0
data/lib/opt_parse_validator/opts/string.rb +8 -0
data/lib/opt_parse_validator/opts/uri.rb +41 -0
data/lib/opt_parse_validator/opts/url.rb +11 -0
data/lib/opt_parse_validator/opts.rb +9 -0
data/lib/opt_parse_validator/version.rb +6 -0
data/lib/opt_parse_validator.rb +161 -0
data/lib/wpscan/browser/actions.rb +48 -0
data/lib/wpscan/browser/options.rb +92 -0
data/lib/wpscan/browser.rb +87 -2
data/lib/wpscan/browser_authenticator.rb +64 -0
data/lib/wpscan/cache/file_store.rb +77 -0
data/lib/wpscan/cache/typhoeus.rb +25 -0
data/lib/wpscan/controller.rb +100 -4
data/lib/wpscan/controllers.rb +78 -3
data/lib/wpscan/db/dynamic_finders/base.rb +3 -7
data/lib/wpscan/db/dynamic_finders/plugin.rb +2 -2
data/lib/wpscan/db/dynamic_finders/wordpress.rb +1 -1
data/lib/wpscan/db/fingerprints.rb +2 -2
data/lib/wpscan/db/updater.rb +23 -13
data/lib/wpscan/db/vuln_api.rb +19 -7
data/lib/wpscan/db/wp_item.rb +2 -2
data/lib/wpscan/errors/enumeration.rb +4 -4
data/lib/wpscan/errors/http.rb +82 -3
data/lib/wpscan/errors/saml.rb +28 -0
data/lib/wpscan/errors/scan.rb +14 -0
data/lib/wpscan/errors/update.rb +11 -3
data/lib/wpscan/errors/vuln_api.rb +24 -0
data/lib/wpscan/errors/wordpress.rb +2 -2
data/lib/wpscan/errors/wp_auth.rb +37 -0
data/lib/wpscan/errors.rb +4 -3
data/lib/wpscan/exit_code.rb +25 -0
data/lib/wpscan/finders/base_finders.rb +45 -0
data/lib/wpscan/finders/dynamic_finder/finder.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/comment.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +3 -5
data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +3 -3
data/lib/wpscan/finders/dynamic_finder/wp_version.rb +1 -1
data/lib/wpscan/finders/finder/breadth_first_dictionary_attack.rb +257 -0
data/lib/wpscan/finders/finder/enumerator.rb +77 -0
data/lib/wpscan/finders/finder/fingerprinter.rb +48 -0
data/lib/wpscan/finders/finder/smart_url_checker/findings.rb +33 -0
data/lib/wpscan/finders/finder/smart_url_checker.rb +60 -0
data/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb +1 -1
data/lib/wpscan/finders/finder.rb +78 -0
data/lib/wpscan/finders/finding.rb +54 -0
data/lib/wpscan/finders/findings.rb +33 -0
data/lib/wpscan/finders/independent_finder.rb +33 -0
data/lib/wpscan/finders/independent_finders.rb +26 -0
data/lib/wpscan/finders/same_type_finder.rb +19 -0
data/lib/wpscan/finders/same_type_finders.rb +28 -0
data/lib/wpscan/finders/unique_finder.rb +19 -0
data/lib/wpscan/finders/unique_finders.rb +47 -0
data/lib/wpscan/finders.rb +11 -12
data/lib/wpscan/formatter/buffer.rb +17 -0
data/lib/wpscan/formatter.rb +152 -0
data/lib/wpscan/helper.rb +7 -1
data/lib/wpscan/http_status_tracking.rb +128 -0
data/lib/wpscan/numeric.rb +13 -0
data/lib/wpscan/parsed_cli.rb +31 -2
data/lib/wpscan/progressbar_null_output.rb +23 -0
data/lib/wpscan/public_suffix/domain.rb +44 -0
data/lib/wpscan/references.rb +118 -4
data/lib/wpscan/scan.rb +127 -0
data/lib/wpscan/target/hashes.rb +45 -0
data/lib/wpscan/target/platform/php.rb +124 -0
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +3 -3
data/lib/wpscan/target/platform/wordpress.rb +7 -8
data/lib/wpscan/target/platform.rb +3 -0
data/lib/wpscan/target/scope.rb +103 -0
data/lib/wpscan/target/server/apache.rb +27 -0
data/lib/wpscan/target/server/generic.rb +72 -0
data/lib/wpscan/target/server/iis.rb +29 -0
data/lib/wpscan/target/server/nginx.rb +27 -0
data/lib/wpscan/target/server.rb +6 -0
data/lib/wpscan/target.rb +129 -9
data/lib/wpscan/typhoeus/hydra.rb +12 -0
data/lib/wpscan/typhoeus/response.rb +24 -1
data/lib/wpscan/version.rb +1 -1
data/lib/wpscan/vulnerability.rb +49 -3
data/lib/wpscan/vulnerability_filter.rb +68 -0
data/lib/wpscan/vulnerable.rb +13 -1
data/lib/wpscan/web_site.rb +152 -0
data/lib/wpscan.rb +126 -29
metadata +362 -20

data/app/views/json/enumeration/backup_folders.erb ADDED Viewed

@@ -0,0 +1,11 @@
+"backup_folders": {
+<% unless @backup_folders.empty? -%>
+<% last_index = @backup_folders.size - 1 -%>
+<% @backup_folders.each_with_index do |backup_folder, index| -%>
+  <%= backup_folder.url.to_json %>: {
+    "severity": <%= backup_folder.severity.to_json %>,
+    <%= render('@finding', item: backup_folder) -%>
+  }<% unless index == last_index -%>,<% end -%>
+<% end -%>
+<% end -%>
+},

data/app/views/json/enumeration/plugin.erb ADDED Viewed

@@ -0,0 +1,15 @@
+"plugin": {
+  <%= @plugin.slug.to_json %>: {
+    <%= render('@wp_item', wp_item: @plugin) %>,
+    <%= render('@finding', item: @plugin) -%>,
+    <% if @plugin.version -%>
+    "version": {
+      "number": <%= @plugin.version.number.to_json %>,
+      "confidence": <%= @plugin.version.confidence.to_json %>,
+      <%= render('@finding', item: @plugin.version) -%>
+    }
+    <% else -%>
+    "version": null
+    <% end -%>
+  }
+}

data/app/views/json/enumeration/theme.erb ADDED Viewed

@@ -0,0 +1,5 @@
+"theme": {
+  <%= @theme.slug.to_json %>: {
+    <%= render('@theme', theme: @theme) -%>
+  }
+}

data/app/views/json/enumeration/user.erb ADDED Viewed

@@ -0,0 +1,6 @@
+"user": {
+  <%= @user.username.to_json %>: {
+    "id": <%= @user.id.to_json %>,
+    <%= render('@finding', item: @user) -%>
+  }
+}

data/app/views/json/finding.erb CHANGED Viewed

@@ -12,17 +12,23 @@
 <% end -%>
 <% end -%>
 }
-<% if @item.respond_to?(:vulnerabilities) -%>
+<% if @item.respond_to?(:filtered_vulnerabilities) -%>
 ,"vulnerabilities": [
-<% unless (vulns = @item.vulnerabilities).empty? -%>
+<% unless (vulns = @item.filtered_vulnerabilities).empty? -%>
   <% last_index = vulns.size - 1 -%>
   <% vulns.each_with_index do |v, index| -%>
   {
     "title": <%= v.title.to_json %>,
+    <% if v.uuid -%>
+    "uuid": <%= v.uuid.to_json %>,
+    <% end -%>
     <% if v.cvss -%>
     "cvss": <%= v.cvss.to_json %>,
     <% end -%>
     "fixed_in": <%= v.fixed_in.to_json %>,
+    <% if v.poc -%>
+    "poc": <%= v.poc.to_json %>,
+    <% end -%>
     "references": <%= v.references.to_json %>
   }<% unless index == last_index -%>,<% end -%>
   <% end -%>

data/app/views/json/interesting_findings/findings.erb ADDED Viewed

@@ -0,0 +1,24 @@
+"interesting_findings": [
+<% unless @findings.empty? -%>
+  <% last_index = @findings.size - 1 %>
+  <% @findings.each.with_index do |finding, index| -%>
+    {
+      "url": <%= finding.url.to_s.to_json %>,
+      "to_s": <%= finding.to_s.to_json %>,
+      "type": <%= finding.type.to_json %>,
+      "found_by": <%= finding.found_by.to_s.to_json %>,
+      "confidence": <%= finding.confidence.to_json %>,
+      "confirmed_by": {
+      <% unless (confirmed = finding.confirmed_by).empty? -%>
+      <% c_last_index = confirmed.size - 1 %>
+        <% confirmed.each.with_index do |c, i| -%>
+          <%= c.found_by.to_s.to_json %>: { "confidence": <%= c.confidence.to_json %> }<% unless i == c_last_index %>,<% end %>
+        <% end -%>
+      <% end -%>
+      },
+      "references": <%= finding.references.to_json %>,
+      "interesting_entries": <%= finding.interesting_entries.to_json %>
+    }<% unless index == last_index %>,<% end %>
+  <% end -%>
+<% end -%>
+],

data/app/views/json/notice.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ "notice": <%= @msg.to_json %>,

data/app/views/json/scan_aborted.erb ADDED Viewed

@@ -0,0 +1,5 @@
+"scan_aborted": <%= @reason.to_json %>,
+"target_url": <%= @url.to_json %>,
+<% if @verbose -%>
+"trace": <%= @trace.to_json %>,
+<% end %>

data/app/views/json/update_aborted.erb ADDED Viewed

@@ -0,0 +1,5 @@
+"update_aborted": <%= @reason.to_json %>,
+"target_url": <%= @url.to_json %>,
+<% if @verbose -%>
+"trace": <%= @trace.to_json %>,
+<% end %>

data/app/views/json/vuln_api/status.erb CHANGED Viewed

@@ -2,6 +2,8 @@
 <% unless @status.empty? -%>
 <% if @status['http_error'] -%>
 "http_error": <%= @status['http_error'].to_s.to_json %>
+<% elsif @status['parse_error'] -%>
+"parse_error": "WPScan DB API returned an invalid response. Please check your network/proxy configuration or try again later."
 <% else -%>
 "plan": <%= @status['plan'].to_json %>,
 "requests_done_during_scan": <%= @api_requests.to_json %>,

data/app/views/json/wp_item.erb CHANGED Viewed

@@ -1,7 +1,10 @@
 "slug": <%= @wp_item.slug.to_json %>,
 "location": <%= @wp_item.url.to_json %>,
 "latest_version": <%= @wp_item.latest_version ? @wp_item.latest_version.number.to_json : nil.to_json %>,
-"last_updated": <%= @wp_item.last_updated.to_json %>,
+"last_updated": <%= @wp_item.last_updated_iso.to_json %>,
+"last_updated_relative": <%= @wp_item.last_updated_relative.to_json %>,
+"last_updated_source": <%= @wp_item.last_updated_source.to_json %>,
+"active_installs": <%= @wp_item.active_installs.to_json %>,
 "outdated": <%= @wp_item.outdated?.to_json %>,
 "readme_url": <%= @wp_item.readme_url.to_json %>,
 "directory_listing": <%= @wp_item.directory_listing?.to_json %>,

data/bin/wpscan CHANGED Viewed

@@ -9,6 +9,7 @@ WPScan::Scan.new do |s|
     WPScan::Controller::CustomDirectories.new <<
     WPScan::Controller::InterestingFindings.new <<
     WPScan::Controller::WpVersion.new <<
+    WPScan::Controller::AuthenticatedInventory.new <<
     WPScan::Controller::MainTheme.new <<
     WPScan::Controller::Enumeration.new <<
     WPScan::Controller::PasswordAttack.new <<

data/lib/opt_parse_validator/config_files_loader_merger/base.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+module OptParseValidator
+  class ConfigFilesLoaderMerger < Array
+    module ConfigFile
+      # Base class, #parse should be implemented in child classes
+      class Base
+        attr_reader :path
+        # @param [ String ] path The file path of the option file
+        def initialize(path)
+          @path = path
+        end
+        # @return [ Hash ] a { 'key' => value } hash
+        def parse
+          raise NotImplementedError
+        end
+        def ==(other)
+          path == other.path
+        end
+      end
+    end
+  end
+end

data/lib/opt_parse_validator/config_files_loader_merger/json.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+require 'json'
+module OptParseValidator
+  class ConfigFilesLoaderMerger < Array
+    module ConfigFile
+      # Json Implementation
+      class JSON < Base
+        # @return [ Hash ] a { 'key' => value } hash
+        def parse
+          ::JSON.parse(File.read(path))
+        end
+      end
+    end
+  end
+end

data/lib/opt_parse_validator/config_files_loader_merger/yml.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+require 'yaml'
+module OptParseValidator
+  class ConfigFilesLoaderMerger < Array
+    module ConfigFile
+      # Yaml Implementation
+      class YML < Base
+        # @return [ Hash ] a { 'key' => value } hash
+        def parse
+          yaml_safe_load(path)
+        end
+      end
+    end
+  end
+end

data/lib/opt_parse_validator/config_files_loader_merger.rb ADDED Viewed

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+require_relative 'config_files_loader_merger/base'
+require_relative 'config_files_loader_merger/json'
+require_relative 'config_files_loader_merger/yml'
+# :nocov:
+# @param [ String ] path The path of the file to load
+def yaml_safe_load(path)
+  if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1') # Ruby 2.6
+    YAML.safe_load_file(path, permitted_classes: [Regexp]) || {}
+  else
+    YAML.safe_load_file(path, [Regexp]) || {}
+  end
+end
+# :nocov:
+module OptParseValidator
+  # Options Files container
+  class ConfigFilesLoaderMerger < Array
+    # @return [ Array<String> ] The downcased supported extensions list
+    def self.supported_extensions
+      extensions = ConfigFile.constants.select do |const|
+        name = ConfigFile.const_get(const)
+        name.is_a?(Class) && name != ConfigFile::Base
+      end
+      extensions.map { |sym| sym.to_s.downcase }
+    end
+    attr_accessor :result_key
+    # @param [ String ] file_path
+    #
+    # @return [ Self ]
+    def <<(file_path)
+      return self unless File.exist?(file_path)
+      ext = File.extname(file_path).delete('.')
+      unless self.class.supported_extensions.include?(ext)
+        raise Error,
+              "The option file's extension '#{ext}' is not supported"
+      end
+      super(ConfigFile.const_get(ext.upcase).new(file_path))
+    end
+    # @params [ Hash ] opts
+    #
+    # @return [ Hash ]
+    def parse
+      result = {}
+      each { |config_file| result.deep_merge!(config_file.parse) }
+      result = result[result_key] || {} if result_key
+      result.deep_symbolize_keys
+    end
+  end
+end

data/lib/opt_parse_validator/errors.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+module OptParseValidator
+  class Error < RuntimeError
+  end
+  class NoRequiredOption < Error
+  end
+end

data/lib/opt_parse_validator/hacks.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+class OptionParser
+  # Hack to suppress the completion (except for the -h/--help) which was leading to
+  # unwanted behaviours
+  # See https://github.com/wpscanteam/CMSScanner/issues/2
+  module Completion
+    class << self
+      alias original_candidate candidate
+      # rubocop:disable Style/OptionalBooleanParameter
+      def candidate(key, icase = false, pat = nil, &)
+        # Maybe also do this for -v/--version ?
+        key == 'h' ? original_candidate('help', icase, pat, &) : []
+      end
+      # rubocop:enable Style/OptionalBooleanParameter
+    end
+  end
+end

data/lib/opt_parse_validator/opts/alias.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Alias Option
+  class OptAlias < OptBase
+    def initialize(option, attrs = {})
+      raise Error, 'The :alias_for attribute is required' unless attrs.key?(:alias_for)
+      super
+    end
+    def append_help_messages
+      super
+      option << "Alias for #{alias_for}"
+    end
+    # @return [ String ]
+    def alias_for
+      @alias_for ||= attrs[:alias_for]
+    end
+    # @return [ Boolean ]
+    def alias?
+      true
+    end
+  end
+end

data/lib/opt_parse_validator/opts/array.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Array Option
+  class OptArray < OptBase
+    # @return [ Void ]
+    def append_help_messages
+      option << "Separator to use between the values: '#{separator}'"
+      super
+    end
+    # @param [ String ] value
+    #
+    # @return [ Array ]
+    def validate(value)
+      super.split(separator)
+    end
+    # @return [ String ] The separator used to split the string into an array
+    def separator
+      attrs[:separator] || ','
+    end
+    # See OptBase#normalize
+    # @param [ Array ] values
+    def normalize(values)
+      values.each_with_index do |value, index|
+        values[index] = super(value)
+      end
+      values
+    end
+  end
+end

data/lib/opt_parse_validator/opts/base.rb ADDED Viewed

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Base Option
+  # This Option should not be called, children should be used.
+  class OptBase
+    attr_writer :required
+    attr_reader :option, :attrs
+    # @param [ Array ] option See OptionParser#on
+    # @param [ Hash ] attrs
+    # @option attrs  [ Boolean ] :required
+    # @options attrs [ Array<Symbol>, Symbol ] :required_unless
+    # @option attrs  [ Mixed ] :default The default value to use if the option is not supplied
+    # @option attrs  [ Mixed ] :value_if_empty The value to use if no argument has been supplied
+    # @option attrs  [ Array<Symbol> ] :normalize See #normalize
+    #
+    # @note The :default and :normalize 'logics' are done in OptParseValidator::OptParser#add_option
+    def initialize(option, attrs = {})
+      @option = option
+      @attrs  = attrs
+      # TODO: incompatible attributes, ie required and require_unless at the same time
+      append_help_messages
+    end
+    # @return [ Void ]
+    def append_help_messages
+      option << "Default: #{help_message_for_default}" if default
+      option << "Value if no argument supplied: #{value_if_empty}" if value_if_empty
+      option << 'This option is mandatory' if required?
+      return if required_unless.empty?
+      option << "This option is mandatory unless #{required_unless.join(' or ')} is/are supplied"
+    end
+    def help_message_for_default
+      default.to_s
+    end
+    # @return [ Boolean ]
+    def required?
+      @required ||= attrs[:required]
+    end
+    def required_unless
+      @required_unless ||= Array(attrs[:required_unless])
+    end
+    # @return [ Mixed ]
+    def default
+      attrs[:default]
+    end
+    # @return [ Array<Mixed> ]
+    def choices
+      attrs[:choices]
+    end
+    # @return [ Mixed ]
+    def value_if_empty
+      attrs[:value_if_empty]
+    end
+    # @return [ Boolean ]
+    def alias?
+      false
+    end
+    # @return [ Boolean ]
+    def advanced?
+      attrs[:advanced] ? true : false
+    end
+    # @param [ String ] value
+    def validate(value)
+      if value.nil? || value.to_s.empty?
+        raise Error, 'Empty option value supplied' if value_if_empty.nil?
+        return value_if_empty
+      end
+      value
+    end
+    # Apply each methods from attrs[:normalize] to the value if possible
+    # User input should not be used in this attrs[:normalize]
+    #
+    # e.g: normalize: :to_sym will return the symbol of the value
+    #      normalize: [:to_sym, :upcase] Will return the upercased symbol
+    #
+    # @param [ Mixed ] value
+    #
+    # @return [ Mixed ]
+    def normalize(value)
+      Array(attrs[:normalize]).each do |method|
+        next unless method.is_a?(Symbol)
+        value = value.send(method) if value.respond_to?(method)
+      end
+      value
+    end
+    # @return [ Symbol ]
+    def to_sym
+      unless @symbol
+        long_option = to_long
+        raise Error, "Could not find option symbol for #{option}" unless long_option
+        @symbol = long_option.delete_prefix('--').tr('-', '_').to_sym
+      end
+      @symbol
+    end
+    # @return [ String ] The raw long option (e.g: --proxy)
+    def to_long
+      option.each do |option_attr|
+        if option_attr.start_with?('--')
+          return option_attr.gsub(/ .*$/, '')
+                            .gsub(/\[[^\]]+\]/, '')
+        end
+      end
+      nil
+    end
+    # @return [ String ]
+    def to_s
+      to_sym.to_s
+    end
+    # @return [ Array<String> ]
+    def help_messages
+      first_message_index = option.index { |e| e[0] != '-' }
+      return [] unless first_message_index
+      option[first_message_index..]
+    end
+  end
+end

data/lib/opt_parse_validator/opts/boolean.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Boolean Option
+  class OptBoolean < OptBase
+    TRUE_PATTERN  = /\A(true|t|yes|y|1)\z/i
+    FALSE_PATTERN = /\A(false|f|no|n|0)\z/i
+    # @return [ Boolean ]
+    def validate(value)
+      value = value.to_s
+      return true if value.match(TRUE_PATTERN)
+      return false if value.match(FALSE_PATTERN)
+      raise Error, 'Invalid boolean value, expected true|t|yes|y|1|false|f|no|n|0'
+    end
+  end
+end

data/lib/opt_parse_validator/opts/choice.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Choice Option
+  class OptChoice < OptBase
+    # @param [ Array ] option See OptBase#new
+    # @param [ Hash ] attrs
+    #   :choices [ Array ] The available choices (mandatory)
+    #   :case_sensitive [ Boolean ] Default: false
+    def initialize(option, attrs = {})
+      raise Error, 'The :choices attribute is mandatory' unless attrs.key?(:choices)
+      raise Error, 'The :choices attribute must be an array' unless attrs[:choices].is_a?(Array)
+      super
+    end
+    # @return [ Void ]
+    def append_help_messages
+      super
+      option << "Available choices: #{choices.join(', ')}"
+    end
+    # @return [ String ]
+    # If :case_sensitive if false (or nil), the downcased value of the choice
+    # will be returned
+    def validate(value)
+      value = +value.to_s
+      unless attrs[:case_sensitive]
+        value.downcase!
+        choices.map!(&:downcase)
+      end
+      unless choices.include?(value)
+        raise Error, "'#{value}' is not a valid choice, expected one " \
+                     "of the followings: #{choices.join(',')}"
+      end
+      value
+    end
+  end
+end

data/lib/opt_parse_validator/opts/credentials.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Credentials Option
+  class OptCredentials < OptBase
+    # @return [ Hash ] A hash containing the :username and :password
+    def validate(value)
+      raise Error, 'Incorrect credentials format, username:password expected' unless value.index(':')
+      creds = value.split(':', 2)
+      { username: creds[0], password: creds[1] }
+    end
+  end
+end

data/lib/opt_parse_validator/opts/directory_path.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implemetantion of the DirectoryPath Option
+  class OptDirectoryPath < OptPath
+    def initialize(option, attrs = {})
+      super
+      @attrs.merge!(directory: true)
+    end
+    # @param [ Pathname ] path
+    def check_create(path)
+      FileUtils.mkdir_p(path.to_s)
+    end
+  end
+end

data/lib/opt_parse_validator/opts/file_path.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the FilePath Option
+  class OptFilePath < OptPath
+    # @param [ Array ] option See OptBase#new
+    # @param [ Hash ] attrs See OptPath#new
+    # :extensions [ Array | String ] The allowed extension(s)
+    def initialize(option, attrs = {})
+      super
+      @attrs.merge!(file: true)
+    end
+    # @param [ Pathname ] path
+    def check_create(path)
+      return if File.exist?(path.to_s)
+      FileUtils.mkdir_p(path.parent.to_s)
+      FileUtils.touch(path.to_s)
+    end
+    def allowed_attrs
+      # :extensions is put at the first place
+      [:extensions] + super
+    end
+    def check_extensions(path)
+      return if Array(attrs[:extensions]).include?(path.extname.delete('.'))
+      raise Error, "The extension of '#{path}' is not allowed"
+    end
+  end
+end

data/lib/opt_parse_validator/opts/headers.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Headers Option
+  class OptHeaders < OptBase
+    # @return [ Void ]
+    def append_help_messages
+      super
+      option << "Separator to use between the headers: '; '"
+      option << "Examples: 'X-Forwarded-For: 127.0.0.1', 'X-Forwarded-For: 127.0.0.1; Another: aaa'"
+    end
+    # @param [ String ] value
+    #
+    # @return [ Hash ] The parsed headers in a hash, with { 'key' => 'value' } format
+    def validate(value)
+      values = super.chomp(';').split('; ')
+      headers = {}
+      values.each do |header|
+        raise Error, "Malformed header: '#{header}'" unless header.index(':')
+        val = header.split(':', 2)
+        headers[val[0].strip] = val[1].strip
+      end
+      headers
+    end
+  end
+end