From c31a06e2559300ebc188032081177378e1b1c876 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Wed, 17 Sep 2014 16:01:41 +0200 Subject: [PATCH] Removes the source code updaters --- lib/common/common_helper.rb | 21 +---- lib/common/{updater => }/db_updater.rb | 6 +- lib/common/updater/git_updater.rb | 37 -------- lib/common/updater/svn_updater.rb | 23 ----- lib/common/updater/updater.rb | 25 ------ lib/common/updater/updater_factory.rb | 20 ----- lib/wpscan/wpscan_helper.rb | 4 +- spec/lib/common/updater/git_updater_spec.rb | 74 ---------------- spec/lib/common/updater/svn_updater_spec.rb | 86 ------------------- .../common/updater/updater_factory_spec.rb | 29 ------- spec/lib/common/updater/updater_spec.rb | 27 ------ wpscan.rb | 18 +--- 12 files changed, 6 insertions(+), 364 deletions(-) rename lib/common/{updater => }/db_updater.rb (96%) delete mode 100644 lib/common/updater/git_updater.rb delete mode 100644 lib/common/updater/svn_updater.rb delete mode 100644 lib/common/updater/updater.rb delete mode 100644 lib/common/updater/updater_factory.rb delete mode 100644 spec/lib/common/updater/git_updater_spec.rb delete mode 100644 spec/lib/common/updater/svn_updater_spec.rb delete mode 100644 spec/lib/common/updater/updater_factory_spec.rb delete mode 100644 spec/lib/common/updater/updater_spec.rb diff --git a/lib/common/common_helper.rb b/lib/common/common_helper.rb index 6e271cfc..d90fc096 100644 --- a/lib/common/common_helper.rb +++ b/lib/common/common_helper.rb @@ -73,20 +73,6 @@ def add_trailing_slash(url) url =~ /\/$/ ? url : "#{url}/" end -# loading the updater -require_files_from_directory(UPDATER_LIB_DIR) -@updater = UpdaterFactory.get_updater(ROOT_DIR) - -if @updater - REVISION = @updater.local_revision_number() -else - REVISION = nil -end - -def version - REVISION ? "v#{WPSCAN_VERSION}r#{REVISION}" : "v#{WPSCAN_VERSION}" -end - def missing_db_file? DbUpdater::FILES.each do |db_file| return true unless File.exist?(File.join(DATA_DIR, db_file)) @@ -134,12 +120,7 @@ def banner puts ' \\/ \\/ |_| |_____/ \\___|\\__,_|_| |_|' puts puts ' WordPress Security Scanner by the WPScan Team ' - # Alignment of the version (w & w/o the Revision) - if REVISION - puts " Version #{version}" - else - puts " Version #{version}" - end + puts " Version #{WPSCAN_VERSION}" puts ' Sponsored by the RandomStorm Open Source Initiative' puts ' @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_' puts '_______________________________________________________________' diff --git a/lib/common/updater/db_updater.rb b/lib/common/db_updater.rb similarity index 96% rename from lib/common/updater/db_updater.rb rename to lib/common/db_updater.rb index 63a7c597..32fe0847 100644 --- a/lib/common/updater/db_updater.rb +++ b/lib/common/db_updater.rb @@ -1,9 +1,7 @@ # encoding: UTF-8 -require 'common/updater/updater' - -# Updater for the Database (currently only 3 .json) -class DbUpdater < Updater +# DB Updater +class DbUpdater FILES = %w( local_vulnerable_files.xml local_vulnerable_files.xsd malwares.txt plugins_full.txt plugins.txt themes_full.txt themes.txt diff --git a/lib/common/updater/git_updater.rb b/lib/common/updater/git_updater.rb deleted file mode 100644 index ae56b016..00000000 --- a/lib/common/updater/git_updater.rb +++ /dev/null @@ -1,37 +0,0 @@ -# encoding: UTF-8 - -require 'common/updater/updater' - -class GitUpdater < Updater - - def is_installed? - %x[git #{repo_directory_arguments()} status 2>&1] =~ /On branch/ ? true : false - end - - # Git has not a revsion number like SVN, - # so we will take the 7 first chars of the last commit hash - def local_revision_number - git_log = %x[git #{repo_directory_arguments()} log -1 2>&1] - git_log[/commit ([0-9a-z]{7})/i, 1].to_s - end - - def update - %x[git #{repo_directory_arguments()} pull] - end - - def has_local_changes? - %x[git #{repo_directory_arguments()} diff --exit-code 2>&1] =~ /diff/ ? true : false - end - - def reset_head - %x[git #{repo_directory_arguments()} reset --hard HEAD] - end - - protected - def repo_directory_arguments - if @repo_directory - return "--git-dir=\"#{@repo_directory}/.git\" --work-tree=\"#{@repo_directory}\"" - end - end - -end diff --git a/lib/common/updater/svn_updater.rb b/lib/common/updater/svn_updater.rb deleted file mode 100644 index 26d0c850..00000000 --- a/lib/common/updater/svn_updater.rb +++ /dev/null @@ -1,23 +0,0 @@ -# encoding: UTF-8 - -require 'common/updater/updater' - -class SvnUpdater < Updater - - REVISION_PATTERN = /revision="(\d+)"/i - TRUNK_URL = 'https://github.com/wpscanteam/wpscan' - - def is_installed? - %x[svn info "#@repo_directory" --xml 2>&1] =~ /revision=/ ? true : false - end - - def local_revision_number - local_revision = %x[svn info "#@repo_directory" --xml 2>&1] - local_revision[REVISION_PATTERN, 1].to_s - end - - def update - %x[svn up "#@repo_directory"] - end - -end diff --git a/lib/common/updater/updater.rb b/lib/common/updater/updater.rb deleted file mode 100644 index 5fee7e87..00000000 --- a/lib/common/updater/updater.rb +++ /dev/null @@ -1,25 +0,0 @@ -# encoding: UTF-8 - -# This class act as an absract one -class Updater - - attr_reader :repo_directory - - # TODO : add a last '/ to repo_directory if it's not present - def initialize(repo_directory = nil) - @repo_directory = repo_directory - end - - def is_installed? - raise NotImplementedError - end - - def local_revision_number - raise NotImplementedError - end - - def update - raise NotImplementedError - end - -end diff --git a/lib/common/updater/updater_factory.rb b/lib/common/updater/updater_factory.rb deleted file mode 100644 index 2f12443a..00000000 --- a/lib/common/updater/updater_factory.rb +++ /dev/null @@ -1,20 +0,0 @@ -# encoding: UTF-8 - -# Factory -class UpdaterFactory - def self.get_updater(repo_directory) - available_updaters_classes.each do |updater_symbol| - updater = Object.const_get(updater_symbol).new(repo_directory) - - return updater if updater.is_installed? - end - nil - end - - protected - - # @return [ Array ] The symbols related to code updaters - def self.available_updaters_classes - Object.constants.grep(/^(?:Svn|Git|Test)Updater$/) - end -end diff --git a/lib/wpscan/wpscan_helper.rb b/lib/wpscan/wpscan_helper.rb index 8757e6f7..637be9e9 100644 --- a/lib/wpscan/wpscan_helper.rb +++ b/lib/wpscan/wpscan_helper.rb @@ -46,7 +46,7 @@ def usage puts '-Use custom plugins directory ...' puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins" puts - puts '-Update ...' + puts '-Update the DB ...' puts "ruby #{script_name} --update" puts puts '-Debug output ...' @@ -62,7 +62,7 @@ def help puts puts 'Some values are settable in a config file, see the example.conf.json' puts - puts '--update Update to the latest revision.' + puts '--update Update to the database to the latest version.' puts '--url | -u The WordPress URL/domain to scan.' puts '--force | -f Forces WPScan to not check if the remote site is running WordPress.' puts '--enumerate | -e [option(s)] Enumeration.' diff --git a/spec/lib/common/updater/git_updater_spec.rb b/spec/lib/common/updater/git_updater_spec.rb deleted file mode 100644 index f10838cb..00000000 --- a/spec/lib/common/updater/git_updater_spec.rb +++ /dev/null @@ -1,74 +0,0 @@ -# encoding: UTF-8 - -require 'spec_helper' - -describe GitUpdater do - - before :each do - @git_updater = GitUpdater.new - end - - describe '#is_installed?' do - after :each do - stub_system_command(@git_updater, /^git .* status/, @stub_value) - expect(@git_updater.is_installed?).to be === @expected - end - - it 'should return false if the command is not found' do - @stub_value = 'git: command not found' - @expected = false - end - - it 'should return true if the repo is a git one' do - @stub_value = "# On branch master\n# Changed but not updated:" - @expected = true - end - end - - describe '#local_revision_number' do - after :each do - stub_system_command(@git_updater, /^git .* log/, @stub_value) - expect(@git_updater.local_revision_number).to be === @expected - end - - it 'should return 79c01f3' do - @stub_value = ' - commit 79c01f3ed535a8e33876ea091d8217cae7df4028 - Author: Moi - Date: Wed Jul 11 23:22:16 2012 +0100' - @expected = '79c01f3' - end - end - - describe '#update' do - it 'should do nothing xD' do - stub_system_command(@git_updater, /^git .* pull/, 'Already up-to-date.') - expect(@git_updater.update()).to be === 'Already up-to-date.' - end - end - - describe '#has_local_changes?' do - after :each do - stub_system_command(@git_updater, /^git .* diff --exit-code 2>&1/, @stub_value) - expect(@git_updater.has_local_changes?).to be === @expected - end - - it 'should return true if there are local changes' do - @stub_value = 'diff' - @expected = true - end - - it 'should return false if there are no local changes' do - @stub_value = '' - @expected = false - end - end - - describe '#reset_head' do - it 'should reset the local repo' do - stub_system_command(@git_updater, /^git .* reset --hard HEAD/, 'HEAD is now at') - expect(@git_updater.reset_head).to match(/^HEAD is now at/) - end - end - -end diff --git a/spec/lib/common/updater/svn_updater_spec.rb b/spec/lib/common/updater/svn_updater_spec.rb deleted file mode 100644 index 351ac12a..00000000 --- a/spec/lib/common/updater/svn_updater_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# encoding: UTF-8 - -require 'spec_helper' - -describe SvnUpdater do - - before :each do - @svn_updater = SvnUpdater.new - end - - describe '#is_installed?' do - after :each do - stub_system_command(@svn_updater, /^svn info/, @stub_value) - expect(@svn_updater.is_installed?).to be === @expected - end - - it 'should return false if the svn command is not found' do - @stub_value = 'svn: command not found' - @expected = false - end - - it 'should return false if the repository is not manage by svn' do - @stub_value = "svn: '.' is not a working copy" - @expected = false - end - - it 'should return true' do - @stub_value = ' - - - https://wpscan.googlecode.com/svn/trunk - - https://wpscan.googlecode.com/svn - 0b0242d5-46e6-2201-410d-bc09fd35266c - - - normal - infinity - - - author@mail.tld - 2012-06-02T06:26:25.309806Z - - - ' - @expected = true - end - end - - describe '#local_revision_number' do - after :each do - stub_system_command(@svn_updater, /^svn info/, @stub_value) - expect(@svn_updater.local_revision_number).to be === @expected - end - - it 'should return 399' do - @stub_value = ' - - - https://wpscan.googlecode.com/svn/trunk - - https://wpscan.googlecode.com/svn - 0b0242d5-46e6-2201-410d-bc09fd35266c - - - normal - infinity - - - author@mail.tld - 2012-06-02T06:26:25.309806Z - - - ' - @expected = '362' - end - end - - describe '#update' do - it 'should do nothing xD' do - stub_system_command(@svn_updater, /^svn up/, 'At revision 425.') - expect(@svn_updater.update()).to be === 'At revision 425.' - end - end - -end diff --git a/spec/lib/common/updater/updater_factory_spec.rb b/spec/lib/common/updater/updater_factory_spec.rb deleted file mode 100644 index dc51f4fd..00000000 --- a/spec/lib/common/updater/updater_factory_spec.rb +++ /dev/null @@ -1,29 +0,0 @@ -# encoding: UTF-8 - -require 'spec_helper' - -describe UpdaterFactory do - - describe '#available_updaters_classes' do - after :each do - expect(UpdaterFactory.available_updaters_classes.sort).to be === @expected.sort - end - - it 'should return [:GitUpdater, :SvnUpdater]' do - @expected = [:GitUpdater, :SvnUpdater] - end - - it 'should return [:TestUpdater, :GitUpdater, :SvnUpdater]' do - class TestUpdater < Updater - end - - @expected = [:GitUpdater, :SvnUpdater, :TestUpdater] - end - end - - # TODO : Find a way to test that - describe '#get_updater' do - - end - -end diff --git a/spec/lib/common/updater/updater_spec.rb b/spec/lib/common/updater/updater_spec.rb deleted file mode 100644 index 9b7561ae..00000000 --- a/spec/lib/common/updater/updater_spec.rb +++ /dev/null @@ -1,27 +0,0 @@ -# encoding: UTF-8 - -require 'spec_helper' - -describe Updater do - - before :all do - class TestUpdater < Updater - end - end - - after :all do - Object.send(:remove_const, :TestUpdater) - end - - describe 'non implementation of #is_installed?, #has_update? and #update' do - it 'should raise errors' do - test_updater = TestUpdater.new - methods_to_call = [:is_installed?, :update, :local_revision_number] - - methods_to_call.each do |method_to_call| - expect { test_updater.send(method_to_call) }.to raise_error(NotImplementedError) - end - end - end - -end diff --git a/wpscan.rb b/wpscan.rb index d3e51643..a18a304b 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -33,7 +33,7 @@ def main end if wpscan_options.version - puts "Current version: #{version}" + puts "Current version: #{WPSCAN_VERSION}" exit(0) end @@ -49,22 +49,6 @@ def main puts 'Done.' end - # Check for updates - if wpscan_options.update - if !@updater.nil? - if @updater.has_local_changes? - print "#{red('[!]')} Local file changes detected, an update will override local changes, do you want to continue updating? [y/n] " - Readline.readline =~ /^y/i ? @updater.reset_head : raise('Update aborted') - end - puts @updater.update() - else - puts '[i] Svn / Git not installed, or wpscan has not been installed with one of them.' - puts "#{red('[!]')} Update aborted" - end - - exit(0) - end - unless wpscan_options.url raise 'The URL is mandatory, please supply it with --url or -u' end