From 7ea1acb7c1b1b7d2b393b323e503e0442e2ed459 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Mon, 25 Mar 2019 21:25:00 +0000 Subject: [PATCH] Fixes non detection of plugin/theme readme and changelog files due to changes in CMSSCanner --- app/models/plugin.rb | 4 ++++ app/models/theme.rb | 4 ++++ app/models/wp_item.rb | 32 ++++++++++++++++++++++++++++---- spec/app/models/wp_item_spec.rb | 5 +++++ 4 files changed, 41 insertions(+), 4 deletions(-) diff --git a/app/models/plugin.rb b/app/models/plugin.rb index 0d854984..5ef7a33d 100644 --- a/app/models/plugin.rb +++ b/app/models/plugin.rb @@ -9,6 +9,10 @@ module WPScan super(slug, blog, opts) @uri = Addressable::URI.parse(blog.url("wp-content/plugins/#{slug}/")) + + # To be used by #head_and_get + # If custom wp-content, it will be replaced by blog#url + @path_from_blog = "wp-content/plugins/#{slug}/" end # @return [ JSON ] diff --git a/app/models/theme.rb b/app/models/theme.rb index c5fe28a2..fca4037f 100644 --- a/app/models/theme.rb +++ b/app/models/theme.rb @@ -14,6 +14,10 @@ module WPScan @uri = Addressable::URI.parse(blog.url("wp-content/themes/#{slug}/")) @style_url = opts[:style_url] || url('style.css') + # To be used by #head_and_get + # If custom wp-content, it will be replaced by blog#url + @path_from_blog = "wp-content/themes/#{slug}/" + parse_style end diff --git a/app/models/wp_item.rb b/app/models/wp_item.rb index 21be924c..8c388408 100644 --- a/app/models/wp_item.rb +++ b/app/models/wp_item.rb @@ -12,9 +12,9 @@ module WPScan READMES = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze CHANGELOGS = %w[changelog.txt CHANGELOG.md changelog.md].freeze - attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :db_data + attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data - delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, :head_and_get, to: :blog + delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, to: :blog # @param [ String ] slug The plugin/theme slug # @param [ Target ] blog The targeted blog @@ -119,7 +119,9 @@ module WPScan return @readme_url unless @readme_url.nil? READMES.each do |path| - return @readme_url = url(path) if Browser.forge_request(url(path), blog.head_or_get_params).run.code == 200 + t_url = url(path) + + return @readme_url = t_url if Browser.forge_request(t_url, blog.head_or_get_params).run.code == 200 end @readme_url = false @@ -132,7 +134,9 @@ module WPScan return @changelog_url unless @changelog_url.nil? CHANGELOGS.each do |path| - return @changelog_url = url(path) if Browser.forge_request(url(path), blog.head_or_get_params).run.code == 200 + t_url = url(path) + + return @changelog_url = t_url if Browser.forge_request(t_url, blog.head_or_get_params).run.code == 200 end @changelog_url = false @@ -157,6 +161,26 @@ module WPScan super(path, params) end + + # See CMSScanner::Target#head_and_get + # + # This is used by the error_log? above in the super() + # to have the correct path (ie readme.txt checked from the plugin/theme location + # and not from the blog root). Could also be used in finders + # + # @param [ String ] path + # @param [ Array ] codes + # @param [ Hash ] params The requests params + # @option params [ Hash ] :head Request params for the HEAD + # @option params [ hash ] :get Request params for the GET + # + # @return [ Typhoeus::Response ] + def head_and_get(path, codes = [200], params = {}) + final_path = +@path_from_blog + final_path << URI.encode(path) unless path.nil? + + blog.head_and_get(final_path, codes, params) + end end end end diff --git a/spec/app/models/wp_item_spec.rb b/spec/app/models/wp_item_spec.rb index 573f9fc3..ad2eda54 100644 --- a/spec/app/models/wp_item_spec.rb +++ b/spec/app/models/wp_item_spec.rb @@ -112,6 +112,7 @@ describe WPScan::Model::WpItem do end end + # Guess all the below should be in the theme/plugin specs describe '#readme_url' do xit end @@ -127,4 +128,8 @@ describe WPScan::Model::WpItem do describe '#error_log?' do xit end + + describe '#head_and_get' do + xit + end end