wpscan 3.0.6 → 3.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/app/finders/plugin_version/readme.rb +1 -1
  3. data/app/finders/wp_version/homepage_stylesheet_numbers.rb +1 -1
  4. data/app/finders/wp_version/readme.rb +1 -1
  5. data/app/models/theme.rb +1 -1
  6. data/app/views/cli/core/banner.erb +2 -2
  7. data/app/views/json/core/banner.erb +1 -2
  8. data/lib/wpscan/db/dynamic_finders.rb +1 -1
  9. data/lib/wpscan/db/updater.rb +2 -1
  10. data/lib/wpscan/helper.rb +1 -2
  11. data/lib/wpscan/target.rb +1 -1
  12. data/lib/wpscan/version.rb +1 -1
  13. metadata +32 -32
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 798d7f0db156c00bfee19eb7f540ffd6a1884ef1
4
- data.tar.gz: 89eba229e55e42aa5629e76a8f6ca38e6e1a36a8
3
+ metadata.gz: ed3de498e51c238a7e24107458e1477fbffb1ef7
4
+ data.tar.gz: 1ef206317a8afedd6f3aa35450b23a79387665d2
5
5
  SHA512:
6
- metadata.gz: 8af7943d9c8ed54283853d0c9a89d397847d66262f53888c820f177cbc3d86642b6eba9131955cc3fe4406632a38c4fd61b765ac25cee578ae239a637f70a4ea
7
- data.tar.gz: 2d356dcfe246a074bc47fd24a4e8bb7b52e253d47a6a0c491b6ff7a6912d283fabb0db7a495c0a1ab03ca7011699c09031e4664b02e6a0811a50732f63b4702e
6
+ metadata.gz: ebb51a41461bcdb1fe4b923aa0fb03995e975dd0f0866fb06272a098c9c28506ef0a19f347972b49a184b6205ac84b5710850d9937981c3e1a92d54301c72402
7
+ data.tar.gz: 4fffa45ccaa80baa7f7b5019bc682ee73ffc05447287315ee6320dd1103871617c10d316845c3fd7b370a5888183ff29e497301d46ba5a67c3af5d51e4984b4d
data/app/finders/plugin_version/readme.rb CHANGED
@@ -66,7 +66,7 @@ module WPScan
66
66
  sorted = extracted_versions.sort do |x, y|
67
67
  begin
68
68
  Gem::Version.new(x) <=> Gem::Version.new(y)
69
- rescue
69
+ rescue StandardError
70
70
  0
71
71
  end
72
72
  end
data/app/finders/wp_version/homepage_stylesheet_numbers.rb CHANGED
@@ -43,7 +43,7 @@ module WPScan
43
43
 
44
44
  target.in_scope_urls(Browser.get(url), '//link|//script') do |stylesheet_url, _tag|
45
45
  uri = Addressable::URI.parse(stylesheet_url)
46
- next unless uri.query && uri.query.match(pattern)
46
+ next unless uri.query&.match(pattern)
47
47
 
48
48
  version = Regexp.last_match[1].to_s
49
49
 
data/app/finders/wp_version/readme.rb CHANGED
@@ -9,7 +9,7 @@ module WPScan
9
9
 
10
10
  node = Browser.get(readme_url).html.css('h1#logo').last
11
11
 
12
- return unless node && node.text.to_s.strip =~ /\AVersion (.*)\z/i
12
+ return unless node&.text.to_s.strip =~ /\AVersion (.*)\z/i
13
13
 
14
14
  number = Regexp.last_match(1)
15
15
 
data/app/models/theme.rb CHANGED
@@ -89,7 +89,7 @@ module WPScan
89
89
  def parse_style_tag(body, tag)
90
90
  value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
91
91
 
92
- value && !value.strip.empty? ? value.strip : nil
92
+ value && !value.strip.empty? ? value.strip : nil # rubocop:disable Style/SafeNavigation
93
93
  end
94
94
 
95
95
  def ==(other)
data/app/views/cli/core/banner.erb CHANGED
@@ -1,7 +1,7 @@
1
1
  _______________________________________________________________
2
2
  __ _______ _____
3
3
  \ \ / / __ \ / ____|
4
- \ \ /\ / /| |__) | (___ ___ __ _ _ __
4
+ \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
5
5
  \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
6
6
  \ /\ / | | ____) | (__| (_| | | | |
7
7
  \/ \/ |_| |_____/ \___|\__,_|_| |_|
@@ -9,6 +9,6 @@ _______________________________________________________________
9
9
  WordPress Security Scanner by the WPScan Team
10
10
  Version <%= WPScan::VERSION %>
11
11
  Sponsored by Sucuri - https://sucuri.net
12
- @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
12
+ @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
13
13
  _______________________________________________________________
14
14
 
data/app/views/json/core/banner.erb CHANGED
@@ -4,8 +4,7 @@
4
4
  "authors": [
5
5
  "@_WPScan_",
6
6
  "@ethicalhack3r",
7
- "@erwan_lr",
8
- "pvdl",
7
+ "@erwan_lr"
9
8
  "@_FireFart_"
10
9
  ],
11
10
  "sponsored_by": "Sucuri - https://sucuri.net"
data/lib/wpscan/db/dynamic_finders.rb CHANGED
@@ -9,7 +9,7 @@ module WPScan
9
9
 
10
10
  # @return [ Hash ]
11
11
  def self.db_data
12
- @db_data ||= YAML.load_file(db_file)
12
+ @db_data ||= YAML.safe_load(File.read(db_file), [Regexp])
13
13
  end
14
14
 
15
15
  # @return [ Hash ]
data/lib/wpscan/db/updater.rb CHANGED
@@ -139,8 +139,9 @@ module WPScan
139
139
  dl_checksum = download(filename)
140
140
 
141
141
  raise "#{filename}: checksums do not match" unless dl_checksum == db_checksum
142
+
142
143
  updated << filename
143
- rescue => e
144
+ rescue StandardError => e
144
145
  restore_backup(filename)
145
146
  raise e
146
147
  ensure
data/lib/wpscan/helper.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  def read_json_file(file)
2
- # p "Reading #{file}"
3
2
  JSON.parse(File.read(file))
4
- rescue => e
3
+ rescue StandardError => e
5
4
  raise "JSON parsing error in #{file} #{e}"
6
5
  end
data/lib/wpscan/target.rb CHANGED
@@ -8,7 +8,7 @@ module WPScan
8
8
  # @return [ Boolean ]
9
9
  def vulnerable?
10
10
  [@wp_version, @main_theme, @plugins, @themes, @timthumbs].each do |e|
11
- [*e].each { |ae| return true if ae && ae.vulnerable? }
11
+ [*e].each { |ae| return true if ae && ae.vulnerable? } # rubocop:disable Style/SafeNavigation
12
12
  end
13
13
 
14
14
  return true unless [*@config_backups].empty?
data/lib/wpscan/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module WPScan
3
- VERSION = '3.0.6'.freeze
3
+ VERSION = '3.0.7'.freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.6
4
+ version: 3.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-28 00:00:00.000000000 Z
11
+ date: 2017-11-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,126 +16,126 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.0.37.12
19
+ version: 0.0.38.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.0.37.12
26
+ version: 0.0.38.1
27
27
  - !ruby/object:Gem::Dependency
28
- name: yajl-ruby
28
+ name: activesupport
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '1.3'
33
+ version: '5.1'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '1.3'
40
+ version: '5.1'
41
41
  - !ruby/object:Gem::Dependency
42
- name: activesupport
42
+ name: yajl-ruby
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '5.1'
47
+ version: '1.3'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '5.1'
54
+ version: '1.3'
55
55
  - !ruby/object:Gem::Dependency
56
- name: rake
56
+ name: bundler
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '12.0'
61
+ version: '1.6'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '12.0'
68
+ version: '1.6'
69
69
  - !ruby/object:Gem::Dependency
70
- name: rspec
70
+ name: coveralls
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 3.7.0
75
+ version: 0.8.0
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 3.7.0
82
+ version: 0.8.0
83
83
  - !ruby/object:Gem::Dependency
84
- name: rspec-its
84
+ name: rake
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: 1.2.0
89
+ version: '12.0'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: 1.2.0
96
+ version: '12.0'
97
97
  - !ruby/object:Gem::Dependency
98
- name: bundler
98
+ name: rspec
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: '1.6'
103
+ version: 3.7.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: '1.6'
110
+ version: 3.7.0
111
111
  - !ruby/object:Gem::Dependency
112
- name: rubocop
112
+ name: rspec-its
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.50.0
117
+ version: 1.2.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.50.0
124
+ version: 1.2.0
125
125
  - !ruby/object:Gem::Dependency
126
- name: webmock
126
+ name: rubocop
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.22.0
131
+ version: 0.51.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.22.0
138
+ version: 0.51.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: simplecov
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -151,19 +151,19 @@ dependencies:
151
151
  - !ruby/object:Gem::Version
152
152
  version: 0.14.0
153
153
  - !ruby/object:Gem::Dependency
154
- name: coveralls
154
+ name: webmock
155
155
  requirement: !ruby/object:Gem::Requirement
156
156
  requirements:
157
157
  - - "~>"
158
158
  - !ruby/object:Gem::Version
159
- version: 0.8.0
159
+ version: 1.22.0
160
160
  type: :development
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - "~>"
165
165
  - !ruby/object:Gem::Version
166
- version: 0.8.0
166
+ version: 1.22.0
167
167
  description: WPScan is a black box WordPress vulnerability scanner.
168
168
  email:
169
169
  - team@wpscan.org
@@ -340,7 +340,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
340
340
  requirements:
341
341
  - - ">="
342
342
  - !ruby/object:Gem::Version
343
- version: 2.2.2
343
+ version: '2.3'
344
344
  required_rubygems_version: !ruby/object:Gem::Requirement
345
345
  requirements:
346
346
  - - ">="