Fixes regexp perf

2019-07-31 14:54:57 +01:00
parent 53fdac1038
commit 8b67dad456
11 changed files with 12 additions and 12 deletions
--- a/app/finders/db_exports/known_locations.rb
+++ b/app/finders/db_exports/known_locations.rb
@@ -20,9 +20,9 @@ module WPScan

          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
            if res.effective_url.end_with?('.zip')
-              next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
+              next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
            else
-              next unless res.body =~ SQL_PATTERN
+              next unless SQL_PATTERN.match?(res.body)
            end

            found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
--- a/app/finders/interesting_findings/duplicator_installer_log.rb
+++ b/app/finders/interesting_findings/duplicator_installer_log.rb
@@ -9,7 +9,7 @@ module WPScan
        def aggressive(_opts = {})
          path = 'installer-log.txt'

-          return unless target.head_and_get(path).body =~ /DUPLICATOR INSTALL-LOG/
+          return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)

          Model::DuplicatorInstallerLog.new(
            target.url(path),
--- a/app/finders/interesting_findings/mu_plugins.rb
+++ b/app/finders/interesting_findings/mu_plugins.rb
@@ -10,7 +10,7 @@ module WPScan
          pattern = %r{#{target.content_dir}/mu\-plugins/}i

          target.in_scope_uris(target.homepage_res) do |uri|
-            next unless uri.path =~ pattern
+            next unless uri.path&.match?(pattern)

            url = target.url('wp-content/mu-plugins/')

--- a/app/finders/interesting_findings/upload_sql_dump.rb
+++ b/app/finders/interesting_findings/upload_sql_dump.rb
@@ -12,7 +12,7 @@ module WPScan
          path = 'wp-content/uploads/dump.sql'
          res  = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })

-          return unless res.body =~ SQL_PATTERN
+          return unless SQL_PATTERN.match?(res.body)

          Model::UploadSQLDump.new(
            target.url(path),
--- a/app/finders/plugin_version/readme.rb
+++ b/app/finders/plugin_version/readme.rb
@@ -52,7 +52,7 @@ module WPScan

          number = Regexp.last_match[1]

-          number if number =~ /[0-9]+/
+          number if /[0-9]+/.match?(number)
        end

        # @param [ String ] body
--- a/app/finders/plugins/body_pattern.rb
+++ b/app/finders/plugins/body_pattern.rb
@@ -15,7 +15,7 @@ module WPScan
        #
        # @return [ Plugin ] The detected plugin in the response, related to the config
        def process_response(opts, response, slug, klass, config)
-          return unless response.body =~ config['pattern']
+          return unless response.body&.match?(config['pattern'])

          Model::Plugin.new(
            slug,
--- a/app/finders/plugins/comment.rb
+++ b/app/finders/plugins/comment.rb
@@ -18,7 +18,7 @@ module WPScan
          response.html.xpath(config['xpath'] || '//comment()').each do |node|
            comment = node.text.to_s.strip

-            next unless comment =~ config['pattern']
+            next unless comment&.match?(config['pattern'])

            return Model::Plugin.new(
              slug,
--- a/app/finders/timthumbs/known_locations.rb
+++ b/app/finders/timthumbs/known_locations.rb
@@ -22,7 +22,7 @@ module WPScan
          found = []

          enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
-            next unless res.body =~ /no image specified/i
+            next unless /no image specified/i.match?(res.body)

            found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
          end
--- a/app/finders/users/login_error_messages.rb
+++ b/app/finders/users/login_error_messages.rb
@@ -24,7 +24,7 @@ module WPScan

            return found if error.empty? # Protection plugin / error disabled

-            next unless error =~ /The password you entered for the username|Incorrect Password/i
+            next unless /The password you entered for the username|Incorrect Password/i.match?(error)

            found << Model::User.new(username, found_by: found_by, confidence: 100)
          end
--- a/lib/wpscan/helper.rb
+++ b/lib/wpscan/helper.rb
@@ -14,7 +14,7 @@ end
 # @return [ Symbol ]
 def classify_slug(slug)
  classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/\-{1,}/, '_').camelize.to_s
-  classified = "D_#{classified}" if classified[0] =~ /\d/
+  classified = "D_#{classified}" if /\d/.match?(classified[0])

  classified.to_sym
 end
--- a/lib/wpscan/target/platform/wordpress.rb
+++ b/lib/wpscan/target/platform/wordpress.rb
@@ -29,7 +29,7 @@ module WPScan
          end

          homepage_res.html.css('meta[name="generator"]').each do |node|
-            return true if node['content'] =~ /wordpress/i
+            return true if /wordpress/i.match?(node['content'])
          end

          return true unless comments_from_page(/wordpress/i, homepage_res).empty?