From 8361ec97e44a19fcd98bd9f3d30d0442fd15f1ca Mon Sep 17 00:00:00 2001 From: erwanlr Date: Wed, 15 Jul 2020 16:45:36 +0200 Subject: [PATCH] Rubocop: Adds new cops by default, fixes offences --- .rubocop.yml | 29 +------------------ app/finders/interesting_findings/multisite.rb | 4 +-- app/finders/passwords/wp_login.rb | 2 +- app/finders/passwords/xml_rpc.rb | 2 +- app/finders/users.rb | 2 +- app/finders/users/login_error_messages.rb | 2 +- app/models/plugin.rb | 2 +- app/models/wp_item.rb | 2 +- app/models/wp_version.rb | 2 +- lib/wpscan/target.rb | 8 ++--- .../dynamic_finder/plugin_version_spec.rb | 6 ++-- .../dynamic_finder/theme_version_spec.rb | 6 ++-- .../finders/dynamic_finder/wp_version_spec.rb | 4 +-- 13 files changed, 22 insertions(+), 49 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index a6cd330b..c4755d62 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,25 +1,14 @@ require: rubocop-performance AllCops: + NewCops: enable TargetRubyVersion: 2.5 Exclude: - '*.gemspec' - 'vendor/**/*' -Layout/EmptyLinesAroundAttributeAccessor: - Enabled: true Layout/LineLength: Max: 120 -Layout/SpaceAroundMethodCallOperator: - Enabled: true -Lint/DeprecatedOpenSSLConstant: - Enabled: true -Lint/MixedRegexpCaptureTypes: - Enabled: true Lint/UriEscapeUnescape: Enabled: false -Lint/RaiseException: - Enabled: true -Lint/StructNewOverride: - Enabled: true Metrics/AbcSize: Max: 25 Metrics/BlockLength: @@ -39,24 +28,8 @@ Style/ClassVars: Enabled: false Style/Documentation: Enabled: false -Style/ExponentialNotation: - Enabled: true Style/FormatStringToken: Enabled: false -Style/HashEachMethods: - Enabled: true -Style/HashTransformKeys: - Enabled: true -Style/HashTransformValues: - Enabled: true Style/NumericPredicate: Exclude: - 'app/controllers/vuln_api.rb' -Style/RedundantFetchBlock: - Enabled: true -Style/RedundantRegexpCharacterClass: - Enabled: true -Style/RedundantRegexpEscape: - Enabled: true -Style/SlicingWithRange: - Enabled: true diff --git a/app/finders/interesting_findings/multisite.rb b/app/finders/interesting_findings/multisite.rb index 546611c4..4ecc9e6d 100644 --- a/app/finders/interesting_findings/multisite.rb +++ b/app/finders/interesting_findings/multisite.rb @@ -12,8 +12,8 @@ module WPScan location = res.headers_hash['location'] return unless [200, 302].include?(res.code) - return if res.code == 302 && location =~ /wp-login\.php\?action=register/ - return unless res.code == 200 || res.code == 302 && location =~ /wp-signup\.php/ + return if res.code == 302 && location.include?('wp-login.php?action=register') + return unless res.code == 200 || res.code == 302 && location.include?('wp-signup.php') target.multisite = true diff --git a/app/finders/passwords/wp_login.rb b/app/finders/passwords/wp_login.rb index c037f8f2..78ce0200 100644 --- a/app/finders/passwords/wp_login.rb +++ b/app/finders/passwords/wp_login.rb @@ -13,7 +13,7 @@ module WPScan def valid_credentials?(response) response.code == 302 && - [*response.headers['Set-Cookie']]&.any? { |cookie| cookie =~ /wordpress_logged_in_/i } + Array(response.headers['Set-Cookie'])&.any? { |cookie| cookie =~ /wordpress_logged_in_/i } end def errored_response?(response) diff --git a/app/finders/passwords/xml_rpc.rb b/app/finders/passwords/xml_rpc.rb index bddedbe7..dc44e9e1 100644 --- a/app/finders/passwords/xml_rpc.rb +++ b/app/finders/passwords/xml_rpc.rb @@ -12,7 +12,7 @@ module WPScan end def valid_credentials?(response) - response.code == 200 && response.body =~ /blogName/ + response.code == 200 && response.body.include?('blogName') end def errored_response?(response) diff --git a/app/finders/users.rb b/app/finders/users.rb index 9a520ddd..22649b07 100644 --- a/app/finders/users.rb +++ b/app/finders/users.rb @@ -6,7 +6,7 @@ require_relative 'users/oembed_api' require_relative 'users/rss_generator' require_relative 'users/author_id_brute_forcing' require_relative 'users/login_error_messages' -require_relative 'users/yoast_seo_author_sitemap.rb' +require_relative 'users/yoast_seo_author_sitemap' module WPScan module Finders diff --git a/app/finders/users/login_error_messages.rb b/app/finders/users/login_error_messages.rb index 8cde0da2..41c9d558 100644 --- a/app/finders/users/login_error_messages.rb +++ b/app/finders/users/login_error_messages.rb @@ -37,7 +37,7 @@ module WPScan # usernames from the potential Users found unames = opts[:found].map(&:username) - [*opts[:list]].each { |uname| unames << uname.chomp } + Array(opts[:list]).each { |uname| unames << uname.chomp } unames.uniq end diff --git a/app/models/plugin.rb b/app/models/plugin.rb index 33db83e7..e9da343c 100644 --- a/app/models/plugin.rb +++ b/app/models/plugin.rb @@ -38,7 +38,7 @@ module WPScan # @return [ Array ] def potential_readme_filenames - @potential_readme_filenames ||= [*(DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super)] + @potential_readme_filenames ||= Array((DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super)) end end end diff --git a/app/models/wp_item.rb b/app/models/wp_item.rb index ad67bd20..4ef4930e 100644 --- a/app/models/wp_item.rb +++ b/app/models/wp_item.rb @@ -39,7 +39,7 @@ module WPScan @vulnerabilities = [] - [*db_data['vulnerabilities']].each do |json_vuln| + Array(db_data['vulnerabilities']).each do |json_vuln| vulnerability = Vulnerability.load_from_json(json_vuln) @vulnerabilities << vulnerability if vulnerable_to?(vulnerability) end diff --git a/app/models/wp_version.rb b/app/models/wp_version.rb index f08b635d..b8b4cfd6 100644 --- a/app/models/wp_version.rb +++ b/app/models/wp_version.rb @@ -53,7 +53,7 @@ module WPScan @vulnerabilities = [] - [*db_data['vulnerabilities']].each do |json_vuln| + Array(db_data['vulnerabilities']).each do |json_vuln| @vulnerabilities << Vulnerability.load_from_json(json_vuln) end diff --git a/lib/wpscan/target.rb b/lib/wpscan/target.rb index 0a8455f0..796a1883 100644 --- a/lib/wpscan/target.rb +++ b/lib/wpscan/target.rb @@ -19,13 +19,13 @@ module WPScan # @return [ Boolean ] def vulnerable? [@wp_version, @main_theme, @plugins, @themes, @timthumbs].each do |e| - [*e].each { |ae| return true if ae && ae.vulnerable? } # rubocop:disable Style/SafeNavigation + Array(e).each { |ae| return true if ae && ae.vulnerable? } # rubocop:disable Style/SafeNavigation end - return true unless [*@config_backups].empty? - return true unless [*@db_exports].empty? + return true unless Array(@config_backups).empty? + return true unless Array(@db_exports).empty? - [*@users].each { |u| return true if u.password } + Array(@users).each { |u| return true if u.password } false end diff --git a/spec/lib/finders/dynamic_finder/plugin_version_spec.rb b/spec/lib/finders/dynamic_finder/plugin_version_spec.rb index 04bce07c..16c73c9c 100644 --- a/spec/lib/finders/dynamic_finder/plugin_version_spec.rb +++ b/spec/lib/finders/dynamic_finder/plugin_version_spec.rb @@ -74,7 +74,7 @@ WPScan::DB::DynamicFinders::Plugin.versions_finders_configs.each do |slug, confi end it 'returns the expected version/s' do - found = [*finder.passive] + found = Array(finder.passive) expect(found).to_not be_empty @@ -104,7 +104,7 @@ WPScan::DB::DynamicFinders::Plugin.versions_finders_configs.each do |slug, confi end it 'returns the expected version/s' do - found = [*finder.passive] + found = Array(finder.passive) expect(found).to_not be_empty @@ -149,7 +149,7 @@ WPScan::DB::DynamicFinders::Plugin.versions_finders_configs.each do |slug, confi end it 'returns the expected version' do - found = [*finder.aggressive] + found = Array(finder.aggressive) expect(found).to_not be_empty diff --git a/spec/lib/finders/dynamic_finder/theme_version_spec.rb b/spec/lib/finders/dynamic_finder/theme_version_spec.rb index 4482c6a0..7336fb62 100644 --- a/spec/lib/finders/dynamic_finder/theme_version_spec.rb +++ b/spec/lib/finders/dynamic_finder/theme_version_spec.rb @@ -79,7 +79,7 @@ WPScan::DB::DynamicFinders::Theme.versions_finders_configs.each do |slug, config end it 'returns the expected version/s' do - found = [*finder.passive] + found = Array(finder.passive) expect(found).to_not be_empty @@ -109,7 +109,7 @@ WPScan::DB::DynamicFinders::Theme.versions_finders_configs.each do |slug, config end it 'returns the expected version/s' do - found = [*finder.passive] + found = Array(finder.passive) expect(found).to_not be_empty @@ -154,7 +154,7 @@ WPScan::DB::DynamicFinders::Theme.versions_finders_configs.each do |slug, config end it 'returns the expected version' do - found = [*finder.aggressive] + found = Array(finder.aggressive) expect(found).to_not be_empty diff --git a/spec/lib/finders/dynamic_finder/wp_version_spec.rb b/spec/lib/finders/dynamic_finder/wp_version_spec.rb index 29161120..c0654c78 100644 --- a/spec/lib/finders/dynamic_finder/wp_version_spec.rb +++ b/spec/lib/finders/dynamic_finder/wp_version_spec.rb @@ -46,7 +46,7 @@ WPScan::DB::DynamicFinders::Wordpress.versions_finders_configs.each do |finder_c end it 'returns the expected version from the homepage' do - found = [*finder.passive] + found = Array(finder.passive) expect(found).to_not be_empty @@ -81,7 +81,7 @@ WPScan::DB::DynamicFinders::Wordpress.versions_finders_configs.each do |finder_c end it 'returns the expected version' do - found = [*finder.aggressive] + found = Array(finder.aggressive) expect(found).to_not be_empty