garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Header names are case insensitive

Browse Source 
Move header checks to web_site
This commit is contained in:
Christian Mehlmauer
2013-08-10 11:49:30 +02:00
parent 6c008015e9
commit 5ea911c9b3
6 changed files with 20 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/wpscan/web_site.rb
View File

@@ -1,9 +1,11 @@
# encoding: UTF-8
require 'web_site/robots_txt'
require 'web_site/interesting_headers'
class WebSite
include WebSite::RobotsTxt
include WebSite::InterestingHeaders
attr_reader :uri

14
lib/wpscan/wp_target/interesting_headers.rb → lib/wpscan/web_site/interesting_headers.rb
View File

@@ -1,6 +1,6 @@
# encoding: UTF-8
class WpTarget < WebSite
class WebSite
module InterestingHeaders
# Checks for interesting headers
@@ -8,10 +8,15 @@ class WpTarget < WebSite
def interesting_headers
response = Browser.head(@uri.to_s)
headers = response.headers
InterestingHeaders.known_headers.each do |h|
headers.delete(h)
# Header Names are case insensitve so convert them to upcase
headers_uppercase = headers.inject({}) do |hash, keys|
hash[keys[0].upcase] = keys[1]
hash
end
headers.to_a.compact.sort
InterestingHeaders.known_headers.each do |h|
headers_uppercase.delete(h.upcase)
end
headers_uppercase.to_a.compact.sort
end
protected
@@ -25,7 +30,6 @@ class WpTarget < WebSite
Content-Length
Connection
Etag
ETag
Expires
Last-Modified
Pragma

2
lib/wpscan/wp_target.rb
View File

@@ -6,7 +6,6 @@ require 'wp_target/wp_readme'
require 'wp_target/wp_registrable'
require 'wp_target/wp_config_backup'
require 'wp_target/wp_login_protection'
require 'wp_target/interesting_headers'
require 'wp_target/wp_custom_directories'
require 'wp_target/wp_full_path_disclosure'
@@ -16,7 +15,6 @@ class WpTarget < WebSite
include WpTarget::WpRegistrable
include WpTarget::WpConfigBackup
include WpTarget::WpLoginProtection
include WpTarget::InterestingHeaders
include WpTarget::WpCustomDirectories
include WpTarget::WpFullPathDisclosure

1
spec/lib/wpscan/web_site_spec.rb
View File

@@ -7,6 +7,7 @@ describe 'WebSite' do
subject(:web_site) { WebSite.new('http://example.localhost/') }
it_behaves_like 'WebSite::RobotsTxt'
it_behaves_like 'WebSite::InterestingHeaders'
before :all do
Browser::reset

1
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -23,7 +23,6 @@ describe WpTarget do
it_behaves_like 'WpTarget::WpRegistrable'
it_behaves_like 'WpTarget::WpConfigBackup'
it_behaves_like 'WpTarget::WpLoginProtection'
it_behaves_like 'WpTarget::InterestingHeaders'
it_behaves_like 'WpTarget::WpCustomDirectories'
it_behaves_like 'WpTarget::WpFullPathDisclosure'

16
spec/shared_examples/wp_target/interesting_headers.rb → spec/shared_examples/web_site/interesting_headers.rb
View File

@@ -1,27 +1,27 @@
# encoding: UTF-8
shared_examples 'WpTarget::InterestingHeaders' do
shared_examples 'WebSite::InterestingHeaders' do
let(:known_headers) { WpTarget::InterestingHeaders.known_headers }
let(:known_headers) { WebSite::InterestingHeaders.known_headers }
describe '#interesting_headers' do
it 'returns MyTestHeader' do
stub_request(:head, wp_target.url).
stub_request(:head, web_site.url).
to_return(status: 200, headers: { 'Mytestheader' => 'Mytestheadervalue' })
wp_target.interesting_headers.should =~ [ [ 'Mytestheader', 'Mytestheadervalue' ] ]
web_site.interesting_headers.should =~ [ [ 'MYTESTHEADER', 'Mytestheadervalue' ] ]
end
it 'removes known headers' do
stub_request(:head, wp_target.url).
stub_request(:head, web_site.url).
to_return(status: 200, headers: { 'Location' => 'a', 'Connection' => 'Close' })
wp_target.interesting_headers.should be_empty
web_site.interesting_headers.should be_empty
end
it 'returns nothing' do
stub_request(:head, wp_target.url).
stub_request(:head, web_site.url).
to_return(status: 200, headers: { })
wp_target.interesting_headers.should be_empty
web_site.interesting_headers.should be_empty
end
end