garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes regexp perf

Browse Source
This commit is contained in:
erwanlr
2019-07-31 14:54:57 +01:00
parent 53fdac1038
commit 8b67dad456
11 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/finders/db_exports/known_locations.rb
View File

@@ -20,9 +20,9 @@ module WPScan
enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res| enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
if res.effective_url.end_with?('.zip') if res.effective_url.end_with?('.zip')
next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
else else
next unless res.body =~ SQL_PATTERN next unless SQL_PATTERN.match?(res.body)
end end
found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100) found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)

2
app/finders/interesting_findings/duplicator_installer_log.rb
View File

@@ -9,7 +9,7 @@ module WPScan
def aggressive(_opts = {}) def aggressive(_opts = {})
path = 'installer-log.txt' path = 'installer-log.txt'
return unless target.head_and_get(path).body =~ /DUPLICATOR INSTALL-LOG/ return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)
Model::DuplicatorInstallerLog.new( Model::DuplicatorInstallerLog.new(
target.url(path), target.url(path),

2
app/finders/interesting_findings/mu_plugins.rb
View File

@@ -10,7 +10,7 @@ module WPScan
pattern = %r{#{target.content_dir}/mu\-plugins/}i pattern = %r{#{target.content_dir}/mu\-plugins/}i
target.in_scope_uris(target.homepage_res) do |uri| target.in_scope_uris(target.homepage_res) do |uri|
next unless uri.path =~ pattern next unless uri.path&.match?(pattern)
url = target.url('wp-content/mu-plugins/') url = target.url('wp-content/mu-plugins/')

2
app/finders/interesting_findings/upload_sql_dump.rb
View File

@@ -12,7 +12,7 @@ module WPScan
path = 'wp-content/uploads/dump.sql' path = 'wp-content/uploads/dump.sql'
res = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } }) res = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })
return unless res.body =~ SQL_PATTERN return unless SQL_PATTERN.match?(res.body)
Model::UploadSQLDump.new( Model::UploadSQLDump.new(
target.url(path), target.url(path),

2
app/finders/plugin_version/readme.rb
View File

@@ -52,7 +52,7 @@ module WPScan
number = Regexp.last_match[1] number = Regexp.last_match[1]
number if number =~ /[0-9]+/ number if /[0-9]+/.match?(number)
end end
# @param [ String ] body # @param [ String ] body

2
app/finders/plugins/body_pattern.rb
View File

@@ -15,7 +15,7 @@ module WPScan
# #
# @return [ Plugin ] The detected plugin in the response, related to the config # @return [ Plugin ] The detected plugin in the response, related to the config
def process_response(opts, response, slug, klass, config) def process_response(opts, response, slug, klass, config)
return unless response.body =~ config['pattern'] return unless response.body&.match?(config['pattern'])
Model::Plugin.new( Model::Plugin.new(
slug, slug,

2
app/finders/plugins/comment.rb
View File

@@ -18,7 +18,7 @@ module WPScan
response.html.xpath(config['xpath'] || '//comment()').each do |node| response.html.xpath(config['xpath'] || '//comment()').each do |node|
comment = node.text.to_s.strip comment = node.text.to_s.strip
next unless comment =~ config['pattern'] next unless comment&.match?(config['pattern'])
return Model::Plugin.new( return Model::Plugin.new(
slug, slug,

2
app/finders/timthumbs/known_locations.rb
View File

@@ -22,7 +22,7 @@ module WPScan
found = [] found = []
enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res| enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
next unless res.body =~ /no image specified/i next unless /no image specified/i.match?(res.body)
found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100)) found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
end end

2
app/finders/users/login_error_messages.rb
View File

@@ -24,7 +24,7 @@ module WPScan
return found if error.empty? # Protection plugin / error disabled return found if error.empty? # Protection plugin / error disabled
next unless error =~ /The password you entered for the username|Incorrect Password/i next unless /The password you entered for the username|Incorrect Password/i.match?(error)
found << Model::User.new(username, found_by: found_by, confidence: 100) found << Model::User.new(username, found_by: found_by, confidence: 100)
end end

2
lib/wpscan/helper.rb
View File

@@ -14,7 +14,7 @@ end
# @return [ Symbol ] # @return [ Symbol ]
def classify_slug(slug) def classify_slug(slug)
classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/\-{1,}/, '_').camelize.to_s classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/\-{1,}/, '_').camelize.to_s
classified = "D_#{classified}" if classified[0] =~ /\d/ classified = "D_#{classified}" if /\d/.match?(classified[0])
classified.to_sym classified.to_sym
end end

2
lib/wpscan/target/platform/wordpress.rb
View File

@@ -29,7 +29,7 @@ module WPScan
end end
homepage_res.html.css('meta[name="generator"]').each do |node| homepage_res.html.css('meta[name="generator"]').each do |node|
return true if node['content'] =~ /wordpress/i return true if /wordpress/i.match?(node['content'])
end end
return true unless comments_from_page(/wordpress/i, homepage_res).empty? return true unless comments_from_page(/wordpress/i, homepage_res).empty?