regex escaping when using variables

2012-09-20 22:26:34 +02:00
parent 55996b4c90
commit 48b0e88c95
6 changed files with 11 additions and 9 deletions
--- a/data/malwares.txt
+++ b/data/malwares.txt
@@ -1,3 +1,3 @@
-http://.*.rr.nu
-http://www.thesea.org/media.php
+http://.*\.rr\.nu
+http://www\.thesea\.org/media\.php

--- a/lib/environment.rb
+++ b/lib/environment.rb
@@ -40,7 +40,8 @@ begin
 rescue LoadError => e
  puts "[ERROR] #{e}"

-  if missing_gem = e.to_s[%r{ -- ([^\s]+)}, 1]
+  missing_gem = e.to_s[%r{ -- ([^\s]+)}, 1]
+  if missing_gem
    puts "[TIP] Try to run 'gem install #{missing_gem}' or 'gem install --user-install #{missing_gem}'. If you still get an error, Please see README file or https://github.com/wpscanteam/wpscan"
  end
  exit(1)
--- a/lib/wpscan/modules/malwares.rb
+++ b/lib/wpscan/modules/malwares.rb
@@ -53,7 +53,8 @@ module Malwares
    malwares_file_path || DATA_DIR + '/malwares.txt'
  end

-  def self.malware_pattern(url)
-    %r{<(?:script|iframe).* src=(?:"|')(#{url}[^"']*)(?:"|')[^>]*>}i
+  def self.malware_pattern(url_regex)
+    # no need to escape regex here, because malware.txt contains regex
+    %r{<(?:script|iframe).* src=(?:"|')(#{url_regex}[^"']*)(?:"|')[^>]*>}i
  end
 end
--- a/lib/wpscan/wp_detector.rb
+++ b/lib/wpscan/wp_detector.rb
@@ -54,7 +54,7 @@ class WpDetector
    regex2        = %r{\\?/}
    regex3        = %r{\\?/([^/\\"']+)\\?(?:/|"|')}
    # Custom wp-content dir is now used in this regex
-    names = response.body.scan(/#{regex1}#{wp_content_dir}#{regex2}#{type}#{regex3}/i)
+    names = response.body.scan(/#{regex1}#{Regexp.escape(wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/i)

    names.flatten!
    names.uniq!
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -93,10 +93,10 @@ class WpTarget
      # Only use the path because domain can be text or an ip
      uri_path = @uri.path

-      if index_body[/#{uri_path}\/wp-content\/(?:themes|plugins)\//i]
+      if index_body[/#{Regexp.escape(uri_path)}\/wp-content\/(?:themes|plugins)\//i]
        @wp_content_dir = "wp-content"
      else
-        @wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{uri_path}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/i, 1]
+        @wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/i, 1]
      end
    end
    @wp_content_dir
--- a/spec/lib/browser_spec.rb
+++ b/spec/lib/browser_spec.rb
@@ -72,7 +72,7 @@ describe Browser do
  end

  describe "#user_agent" do
-    available_user_agents = [ "ua-1", "ua-2", "ua-3", "ua-4", "ua-6", "ua-7", "ua-8", "ua-9", "ua-10" ]
+    available_user_agents = %w{ ua-1 ua-2 ua-3 ua-4 ua-6 ua-7 ua-8 ua-9 ua-10 ua-11 ua-12 ua-13 ua-14 ua-15 ua-16 ua-17}

    it "should always return the same user agent in static mode" do
      @browser.user_agent = "fake UA"