Updates deps

2019-04-24 12:42:18 +01:00
parent f9f307118d
commit 5c842e192b
11 changed files with 26 additions and 32 deletions
--- a/app/finders/interesting_findings/mu_plugins.rb
+++ b/app/finders/interesting_findings/mu_plugins.rb
@@ -9,8 +9,8 @@ module WPScan
        def passive(_opts = {})
          pattern = %r{#{target.content_dir}/mu\-plugins/}i
-          target.in_scope_urls(target.homepage_res) do |url|
+          target.in_scope_uris(target.homepage_res) do |uri|
-            next unless Addressable::URI.parse(url).path =~ pattern
+            next unless uri.path =~ pattern
            url = target.url('wp-content/mu-plugins/')
--- a/app/finders/main_theme/css_style.rb
+++ b/app/finders/main_theme/css_style.rb
@@ -20,10 +20,10 @@ module WPScan
        end
        def passive_from_css_href(res, opts)
-          target.in_scope_urls(res, '//style/@src|//link/@href') do |url|
+          target.in_scope_uris(res, '//style/@src|//link/@href') do |uri|
-            next unless Addressable::URI.parse(url).path =~ %r{/themes/([^\/]+)/style.css\z}i
+            next unless uri.path =~ %r{/themes/([^\/]+)/style.css\z}i
-            return create_theme(Regexp.last_match[1], url, opts)
+            return create_theme(Regexp.last_match[1], uri.to_s, opts)
          end
          nil
        end
--- a/app/finders/users/author_id_brute_forcing.rb
+++ b/app/finders/users/author_id_brute_forcing.rb
@@ -83,8 +83,8 @@ module WPScan
        # @return [ String, nil ] The username found
        def username_from_response(res)
          # Permalink enabled
-          target.in_scope_urls(res, '//link/@href|//a/@href') do |url|
+          target.in_scope_uris(res, '//link/@href|//a/@href') do |uri|
-            username = username_from_author_url(url)
+            username = username_from_author_url(uri.to_s)
            return username if username
          end
--- a/app/finders/users/author_posts.rb
+++ b/app/finders/users/author_posts.rb
@@ -45,9 +45,7 @@ module WPScan
        def potential_usernames(res)
          usernames = []
-          target.in_scope_urls(res, '//a/@href') do |url, node|
+          target.in_scope_uris(res, '//a/@href') do |uri, node|
            uri = Addressable::URI.parse(url)
            if uri.path =~ %r{/author/([^/\b]+)/?\z}i
              usernames << [Regexp.last_match[1], 'Author Pattern', 100]
            elsif /author=[0-9]+/.match?(uri.query)
--- a/app/finders/users/wp_json_api.rb
+++ b/app/finders/users/wp_json_api.rb
@@ -57,9 +57,7 @@ module WPScan
        def api_url
          return @api_url if @api_url
-          target.in_scope_urls(target.homepage_res, "//link[@rel='https://api.w.org/']/@href").each do |url, _tag|
+          target.in_scope_uris(target.homepage_res, "//link[@rel='https://api.w.org/']/@href").each do |uri|
            uri = Addressable::URI.parse(url.strip)
            return @api_url = uri.join('wp/v2/users/').to_s if uri.path.include?('wp-json')
          end
--- a/app/finders/wp_items/urls_in_homepage.rb
+++ b/app/finders/wp_items/urls_in_homepage.rb
@@ -12,8 +12,8 @@ module WPScan
        def items_from_links(type, uniq = true)
          found = []
-          target.in_scope_urls(target.homepage_res) do |url|
+          target.in_scope_uris(target.homepage_res) do |uri|
-            next unless url =~ item_attribute_pattern(type)
+            next unless uri.to_s =~ item_attribute_pattern(type)
            found << Regexp.last_match[1]
          end
--- a/app/models/wp_item.rb
+++ b/app/models/wp_item.rb
@@ -13,7 +13,7 @@ module WPScan
      attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data
-      delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, :head_or_get_params, to: :blog
+      delegate :homepage_res, :xpath_pattern_from_page, :in_scope_uris, :head_or_get_params, to: :blog
      # @param [ String ] slug The plugin/theme slug
      # @param [ Target ] blog The targeted blog
--- a/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
+++ b/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
@@ -35,15 +35,13 @@ module WPScan
          def scan_response(response)
            found = {}
-            target.in_scope_urls(response, xpath) do |url, _tag|
+            target.in_scope_uris(response, xpath) do |uri|
              uri = Addressable::URI.parse(url)
              next unless uri.path =~ path_pattern && uri.query&.match(self.class::PATTERN)
              version = Regexp.last_match[:v].to_s
              found[version] ||= []
-              found[version] << url
+              found[version] << uri.to_s
            end
            found
--- a/lib/wpscan/target/platform/wordpress.rb
+++ b/lib/wpscan/target/platform/wordpress.rb
@@ -24,8 +24,8 @@ module WPScan
        #
        # @return [ Boolean ]
        def wordpress?(detection_mode)
-          in_scope_urls(homepage_res) do |url|
+          in_scope_uris(homepage_res) do |uri|
-            return true if Addressable::URI.parse(url).path.match(WORDPRESS_PATTERN)
+            return true if uri.path.match(WORDPRESS_PATTERN)
          end
          homepage_res.html.css('meta[name="generator"]').each do |node|
@@ -36,8 +36,8 @@ module WPScan
          if %i[mixed aggressive].include?(detection_mode)
            %w[wp-admin/install.php wp-login.php].each do |path|
-              in_scope_urls(Browser.get_and_follow_location(url(path))).each do |url|
+              in_scope_uris(Browser.get_and_follow_location(url(path))).each do |uri|
-                return true if Addressable::URI.parse(url).path.match(WORDPRESS_PATTERN)
+                return true if uri.path.match(WORDPRESS_PATTERN)
              end
            end
          end
@@ -85,8 +85,8 @@ module WPScan
          unless content_dir(:passive)
            pattern = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
-            urls_from_page(homepage_res) do |url|
+            uris_from_page(homepage_res) do |uri|
-              return true if url.match?(pattern)
+              return true if uri.to_s.match?(pattern)
            end
          end
--- a/lib/wpscan/target/platform/wordpress/custom_directories.rb
+++ b/lib/wpscan/target/platform/wordpress/custom_directories.rb
@@ -20,8 +20,8 @@ module WPScan
            # scope_url_pattern is from CMSScanner::Target
            pattern = %r{#{scope_url_pattern}([\w\s\-/]+)\\?/(?:themes|plugins|uploads|cache)\\?/}i
-            in_scope_urls(homepage_res) do |url|
+            in_scope_uris(homepage_res) do |uri|
-              return @content_dir = Regexp.last_match[1] if url.match(pattern)
+              return @content_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
            end
            # Checks for the pattern in raw JS code, as well as @content attributes of meta tags
@@ -105,8 +105,8 @@ module WPScan
            # url_pattern is from CMSScanner::Target
            pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
-            in_scope_urls(homepage_res) do |url|
+            in_scope_uris(homepage_res) do |uri|
-              return @sub_dir = Regexp.last_match[1] if url.match(pattern)
+              return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
            end
            @sub_dir = false
--- a/wpscan.gemspec
+++ b/wpscan.gemspec
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
  s.executables           = ['wpscan']
  s.require_paths         = ['lib']
-  s.add_dependency 'cms_scanner', '~> 0.0.44.3'
+  s.add_dependency 'cms_scanner', '~> 0.5.0'
  s.add_development_dependency 'bundler',   '>= 1.6'
  s.add_development_dependency 'coveralls', '~> 0.8.0'
@@ -29,7 +29,7 @@ Gem::Specification.new do |s|
  s.add_development_dependency 'rake', '~> 12.3'
  s.add_development_dependency 'rspec', '~> 3.8.0'
  s.add_development_dependency 'rspec-its', '~> 1.3.0'
-  s.add_development_dependency 'rubocop', '~> 0.67.1'
+  s.add_development_dependency 'rubocop', '~> 0.67.2'
  s.add_development_dependency 'simplecov', '~> 0.16.1'
  s.add_development_dependency 'stackprof', '~> 0.2.12'
  s.add_development_dependency 'webmock', '~> 3.5.1'