diff --git a/.gitignore b/.gitignore index 59013f4e..41dc3eaa 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ log.txt .yardoc debug.log wordlist.txt +rspec_results.html diff --git a/dev/pre-commit-hook.rb b/dev/pre-commit-hook.rb new file mode 100755 index 00000000..abebf44c --- /dev/null +++ b/dev/pre-commit-hook.rb @@ -0,0 +1,38 @@ +#!/usr/bin/env ruby + +# ln -sf /Users/xxx/wpscan/.git/hooks/pre-commit + +require 'pty' +html_path = 'rspec_results.html' + +begin + PTY.spawn( 'rspec spec --format h > rspec_results.html' ) do |stdin, stdout, pid| + begin + stdin.each { |line| print line } + rescue Errno::EIO + end + end +rescue PTY::ChildExited + puts 'Child process exit!' +end + +# find out if there were any errors +html = open(html_path).read +examples = html.match(/(\d+) examples/)[0].to_i rescue 0 +errors = html.match(/(\d+) errors/)[0].to_i rescue 0 +if errors == 0 then + errors = html.match(/(\d+) failure/)[0].to_i rescue 0 +end +pending = html.match(/(\d+) pending/)[0].to_i rescue 0 + +if errors.zero? + puts "0 failed! #{examples} run, #{pending} pending" + sleep 1 + exit 0 +else + puts "\aCOMMIT FAILED!!" + puts "View your rspec results at #{File.expand_path(html_path)}" + puts + puts "#{errors} failed! #{examples} run, #{pending} pending" + exit 1 +end \ No newline at end of file diff --git a/lib/common/models/wp_item/output.rb b/lib/common/models/wp_item/output.rb index f9370eb1..6605b04d 100644 --- a/lib/common/models/wp_item/output.rb +++ b/lib/common/models/wp_item/output.rb @@ -13,6 +13,10 @@ class WpItem puts " | Readme: #{readme_url}" if has_readme? puts " | Changelog: #{changelog_url}" if has_changelog? + if respond_to?(:additional_output) + additional_output + end + vulnerabilities.output if has_error_log? diff --git a/lib/common/models/wp_theme.rb b/lib/common/models/wp_theme.rb index b6abbbfb..fe28360d 100755 --- a/lib/common/models/wp_theme.rb +++ b/lib/common/models/wp_theme.rb @@ -3,16 +3,26 @@ require 'wp_theme/findable' require 'wp_theme/versionable' require 'wp_theme/vulnerable' +require 'wp_theme/info' +require 'wp_theme/output' class WpTheme < WpItem extend WpTheme::Findable include WpTheme::Versionable include WpTheme::Vulnerable + include WpTheme::Info + include WpTheme::Output attr_writer :style_url def allowed_options; super << :style_url end + def initialize(*args) + super(*args) + + parse_style + end + # Sets the @uri # # @param [ URI ] target_base_uri The URI of the wordpress blog @@ -28,6 +38,6 @@ class WpTheme < WpItem @style_url = uri.merge('style.css').to_s end @style_url - end + end end diff --git a/lib/common/models/wp_theme/info.rb b/lib/common/models/wp_theme/info.rb new file mode 100644 index 00000000..120c753c --- /dev/null +++ b/lib/common/models/wp_theme/info.rb @@ -0,0 +1,34 @@ +# encoding: UTF-8 + +class WpTheme < WpItem + module Info + + attr_reader :theme_name, :theme_uri, :theme_description, + :theme_author, :theme_author_uri, :theme_template, + :theme_license, :theme_license_uri, :theme_tags, + :theme_text_domain + + def parse_style + style = Browser.get(style_url).body + @theme_name = parse_style_tag(style, 'Theme Name') + @theme_uri = parse_style_tag(style, 'Theme URI') + @theme_description = parse_style_tag(style, 'Description') + @theme_author = parse_style_tag(style, 'Author') + @theme_author_uri = parse_style_tag(style, 'Author URI') + @theme_template = parse_style_tag(style, 'Template') + @theme_license = parse_style_tag(style, 'License') + @theme_license_uri = parse_style_tag(style, 'License URI') + @theme_tags = parse_style_tag(style, 'Tags') + @theme_text_domain = parse_style_tag(style, 'Text Domain') + end + + private + + def parse_style_tag(style, tag) + value = style[/^\s*#{Regexp.escape(tag)}:\s*(.*)/i, 1] + return value.strip if value + nil + end + + end +end \ No newline at end of file diff --git a/lib/common/models/wp_theme/output.rb b/lib/common/models/wp_theme/output.rb new file mode 100644 index 00000000..eecf9660 --- /dev/null +++ b/lib/common/models/wp_theme/output.rb @@ -0,0 +1,21 @@ +# encoding: UTF-8 + +class WpTheme + module Output + + # @return [ Void ] + def additional_output + puts " | Style URL: #{style_url}" + puts " | Theme Name: #@theme_name" if @theme_name + puts " | Theme URI: #@theme_uri" if @theme_uri + puts " | Description: #@theme_description" if @theme_description + puts " | Author: #@theme_author" if @theme_author + puts " | Author URI: #@theme_author_uri" if @theme_author_uri + puts " | Template: #@theme_template" if @theme_template + puts " | License: #@theme_license" if @theme_license_uri + puts " | Tags: #@theme_tags" if @theme_tags + puts " | Text Domain: #@theme_text_domain" if @theme_text_domain + end + + end +end