garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'ruby-2.7'

Browse Source
This commit is contained in:
erwanlr
2020-01-02 14:53:46 +00:00
parent ab052add27 5887fede15
commit 4a032d5e12
6 changed files with 21 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.github/workflows/gempush.yml vendored
View File

@@ -14,19 +14,19 @@ jobs:
- name: Set up Ruby 2.6 - name: Set up Ruby 2.6
uses: actions/setup-ruby@v1 uses: actions/setup-ruby@v1
with: with:
version: 2.6.x ruby-version: 2.6.x
- name: Publish to GPR #- name: Publish to GPR
run: | # run: |
mkdir -p $HOME/.gem # mkdir -p $HOME/.gem
touch $HOME/.gem/credentials # touch $HOME/.gem/credentials
chmod 0600 $HOME/.gem/credentials # chmod 0600 $HOME/.gem/credentials
printf -- "---\n:github: Bearer ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials # printf -- "---\n:github: Bearer ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
gem build *.gemspec # gem build *.gemspec
gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem # gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
env: # env:
GEM_HOST_API_KEY: ${{secrets.GITHUB_TOKEN}} # GEM_HOST_API_KEY: ${{secrets.GITHUB_TOKEN}}
OWNER: username # OWNER: wpscanteam
- name: Publish to RubyGems - name: Publish to RubyGems
run: | run: |

4
.rubocop.yml
View File

@@ -4,6 +4,8 @@ AllCops:
Exclude: Exclude:
- '*.gemspec' - '*.gemspec'
- 'vendor/**/*' - 'vendor/**/*'
Layout/LineLength:
Max: 120
Lint/UriEscapeUnescape: Lint/UriEscapeUnescape:
Enabled: false Enabled: false
Metrics/AbcSize: Metrics/AbcSize:
@@ -17,8 +19,6 @@ Metrics/ClassLength:
- 'app/controllers/enumeration/cli_options.rb' - 'app/controllers/enumeration/cli_options.rb'
Metrics/CyclomaticComplexity: Metrics/CyclomaticComplexity:
Max: 8 Max: 8
Metrics/LineLength:
Max: 120
Metrics/MethodLength: Metrics/MethodLength:
Max: 20 Max: 20
Exclude: Exclude:

11
app/models/wp_item.rb
View File

@@ -23,7 +23,7 @@ module WPScan
# @option opts [ Hash ] :version_detection The options to use when looking for the version # @option opts [ Hash ] :version_detection The options to use when looking for the version
# @option opts [ String ] :url The URL of the item # @option opts [ String ] :url The URL of the item
def initialize(slug, blog, opts = {}) def initialize(slug, blog, opts = {})
@slug = URI.decode(slug) @slug = Addressable::URI.unencode(slug)
@blog = blog @blog = blog
@uri = Addressable::URI.parse(opts[:url]) if opts[:url] @uri = Addressable::URI.parse(opts[:url]) if opts[:url]
@@ -83,11 +83,6 @@ module WPScan
end end
end end
# URI.encode is preferered over Addressable::URI.encode as it will encode
# leading # character:
# URI.encode('#t#') => %23t%23
# Addressable::URI.encode('#t#') => #t%23
#
# @param [ String ] path Optional path to merge with the uri # @param [ String ] path Optional path to merge with the uri
# #
# @return [ String ] # @return [ String ]
@@ -95,7 +90,7 @@ module WPScan
return unless @uri return unless @uri
return @uri.to_s unless path return @uri.to_s unless path
@uri.join(URI.encode(path)).to_s @uri.join(Addressable::URI.encode(path)).to_s
end end
# @return [ Boolean ] # @return [ Boolean ]
@@ -166,7 +161,7 @@ module WPScan
# @return [ Typhoeus::Response ] # @return [ Typhoeus::Response ]
def head_and_get(path, codes = [200], params = {}) def head_and_get(path, codes = [200], params = {})
final_path = +@path_from_blog final_path = +@path_from_blog
final_path << URI.encode(path) unless path.nil? final_path << path unless path.nil?
blog.head_and_get(final_path, codes, params) blog.head_and_get(final_path, codes, params)
end end

4
lib/wpscan/target/platform/wordpress/custom_directories.rb
View File

@@ -71,7 +71,7 @@ module WPScan
# #
# @return [ String ] # @return [ String ]
def plugin_url(slug) def plugin_url(slug)
plugins_uri.join("#{URI.encode(slug)}/").to_s plugins_uri.join("#{Addressable::URI.encode(slug)}/").to_s
end end
# @return [ String ] # @return [ String ]
@@ -93,7 +93,7 @@ module WPScan
# #
# @return [ String ] # @return [ String ]
def theme_url(slug) def theme_url(slug)
themes_uri.join("#{URI.encode(slug)}/").to_s themes_uri.join("#{Addressable::URI.encode(slug)}/").to_s
end end
# @return [ String, False ] String of the sub_dir found, false otherwise # @return [ String, False ] String of the sub_dir found, false otherwise

2
spec/app/models/wp_item_spec.rb
View File

@@ -46,7 +46,7 @@ describe WPScan::Model::WpItem do
end end
it 'encodes the path' do it 'encodes the path' do
expect(wp_item.url('#t#')).to eql "#{item_url}%23t%23" expect(wp_item.url('#t#')).to eql "#{item_url}#t%23"
expect(wp_item.url('t .txt')).to eql "#{item_url}t%20.txt" expect(wp_item.url('t .txt')).to eql "#{item_url}t%20.txt"
end end
end end

2
wpscan.gemspec
View File

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
s.executables = ['wpscan'] s.executables = ['wpscan']
s.require_paths = ['lib'] s.require_paths = ['lib']
s.add_dependency 'cms_scanner', '~> 0.7.1' s.add_dependency 'cms_scanner', '~> 0.8.1'
s.add_development_dependency 'bundler', '>= 1.6' s.add_development_dependency 'bundler', '>= 1.6'
s.add_development_dependency 'coveralls', '~> 0.8.0' s.add_development_dependency 'coveralls', '~> 0.8.0'