garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Uses head_and_get to check for Readme and Changelog locations

Browse Source
This commit is contained in:
erwanlr
2019-03-24 22:01:19 +00:00
parent f1d15ca7f2
commit 15fd3b969f
2 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
app/models/wp_item.rb
View File

@@ -112,30 +112,34 @@ module WPScan
@classify ||= classify_slug(slug) @classify ||= classify_slug(slug)
end end
# @return [ String ] The readme url if found # @return [ String, False ] The readme url if found, false otherwise
def readme_url def readme_url
return if detection_opts[:mode] == :passive return if detection_opts[:mode] == :passive
if @readme_url.nil? return @readme_url unless @readme_url.nil?
READMES.each do |path|
return @readme_url = url(path) if Browser.get(url(path)).code == 200 READMES.each do |path|
if Browser.instance.forge_request(url(path), blog.head_or_get_params).run.code == 200
return @readme_url = url(path)
end end
end end
@readme_url @readme_url = false
end end
# @return [ String, false ] The changelog url if found # @return [ String, false ] The changelog url if found, false otherwise
def changelog_url def changelog_url
return if detection_opts[:mode] == :passive return if detection_opts[:mode] == :passive
if @changelog_url.nil? return @changelog_url unless @changelog_url.nil?
CHANGELOGS.each do |path|
return @changelog_url = url(path) if Browser.get(url(path)).code == 200 CHANGELOGS.each do |path|
if Browser.instance.forge_request(url(path), blog.head_or_get_params).run.code == 200
return @changelog_url = url(path)
end end
end end
@changelog_url @changelog_url = false
end end
# @param [ String ] path # @param [ String ] path

5
spec/shared_examples/views/main_theme.rb
View File

@@ -22,8 +22,9 @@ shared_examples 'App::Views::MainTheme' do
before do before do
expect(target).to receive(:content_dir).at_least(1).and_return('wp-content') expect(target).to receive(:content_dir).at_least(1).and_return('wp-content')
# Stub the checks for error/debug logs and readmes to 404 # Stub all requests to 200, to detect a readme and changelog.
stub_request(:head, /.*/).and_return(status: 404) # Detection of the error_log will fail as the empty body won't match the patterns
stub_request(:head, /.*/)
stub_request(:get, /.*/) stub_request(:get, /.*/)
stub_request(:get, /.*\.css\z/) stub_request(:get, /.*\.css\z/)