From 48b0e88c958d3e767e13beda041e212e09d70f0c Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Thu, 20 Sep 2012 22:26:34 +0200 Subject: [PATCH] regex escaping when using variables --- data/malwares.txt | 4 ++-- lib/environment.rb | 3 ++- lib/wpscan/modules/malwares.rb | 5 +++-- lib/wpscan/wp_detector.rb | 2 +- lib/wpscan/wp_target.rb | 4 ++-- spec/lib/browser_spec.rb | 2 +- 6 files changed, 11 insertions(+), 9 deletions(-) diff --git a/data/malwares.txt b/data/malwares.txt index 5b770ab9..b182d9db 100644 --- a/data/malwares.txt +++ b/data/malwares.txt @@ -1,3 +1,3 @@ -http://.*.rr.nu -http://www.thesea.org/media.php +http://.*\.rr\.nu +http://www\.thesea\.org/media\.php diff --git a/lib/environment.rb b/lib/environment.rb index dacf2fc6..b628b8dd 100644 --- a/lib/environment.rb +++ b/lib/environment.rb @@ -40,7 +40,8 @@ begin rescue LoadError => e puts "[ERROR] #{e}" - if missing_gem = e.to_s[%r{ -- ([^\s]+)}, 1] + missing_gem = e.to_s[%r{ -- ([^\s]+)}, 1] + if missing_gem puts "[TIP] Try to run 'gem install #{missing_gem}' or 'gem install --user-install #{missing_gem}'. If you still get an error, Please see README file or https://github.com/wpscanteam/wpscan" end exit(1) diff --git a/lib/wpscan/modules/malwares.rb b/lib/wpscan/modules/malwares.rb index e57d51d2..919f56e8 100644 --- a/lib/wpscan/modules/malwares.rb +++ b/lib/wpscan/modules/malwares.rb @@ -53,7 +53,8 @@ module Malwares malwares_file_path || DATA_DIR + '/malwares.txt' end - def self.malware_pattern(url) - %r{<(?:script|iframe).* src=(?:"|')(#{url}[^"']*)(?:"|')[^>]*>}i + def self.malware_pattern(url_regex) + # no need to escape regex here, because malware.txt contains regex + %r{<(?:script|iframe).* src=(?:"|')(#{url_regex}[^"']*)(?:"|')[^>]*>}i end end diff --git a/lib/wpscan/wp_detector.rb b/lib/wpscan/wp_detector.rb index a477236a..fffc491b 100644 --- a/lib/wpscan/wp_detector.rb +++ b/lib/wpscan/wp_detector.rb @@ -54,7 +54,7 @@ class WpDetector regex2 = %r{\\?/} regex3 = %r{\\?/([^/\\"']+)\\?(?:/|"|')} # Custom wp-content dir is now used in this regex - names = response.body.scan(/#{regex1}#{wp_content_dir}#{regex2}#{type}#{regex3}/i) + names = response.body.scan(/#{regex1}#{Regexp.escape(wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/i) names.flatten! names.uniq! diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb index 9059df2c..ae4a9a15 100644 --- a/lib/wpscan/wp_target.rb +++ b/lib/wpscan/wp_target.rb @@ -93,10 +93,10 @@ class WpTarget # Only use the path because domain can be text or an ip uri_path = @uri.path - if index_body[/#{uri_path}\/wp-content\/(?:themes|plugins)\//i] + if index_body[/#{Regexp.escape(uri_path)}\/wp-content\/(?:themes|plugins)\//i] @wp_content_dir = "wp-content" else - @wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{uri_path}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/i, 1] + @wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/i, 1] end end @wp_content_dir diff --git a/spec/lib/browser_spec.rb b/spec/lib/browser_spec.rb index ab642154..2c13d83a 100644 --- a/spec/lib/browser_spec.rb +++ b/spec/lib/browser_spec.rb @@ -72,7 +72,7 @@ describe Browser do end describe "#user_agent" do - available_user_agents = [ "ua-1", "ua-2", "ua-3", "ua-4", "ua-6", "ua-7", "ua-8", "ua-9", "ua-10" ] + available_user_agents = %w{ ua-1 ua-2 ua-3 ua-4 ua-6 ua-7 ua-8 ua-9 ua-10 ua-11 ua-12 ua-13 ua-14 ua-15 ua-16 ua-17} it "should always return the same user agent in static mode" do @browser.user_agent = "fake UA"