Removes the source code updaters

2014-09-17 16:01:41 +02:00
parent ea36c79c26
commit c31a06e255
12 changed files with 6 additions and 364 deletions
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -73,20 +73,6 @@ def add_trailing_slash(url)
  url =~ /\/$/ ? url : "#{url}/"
 end
 # loading the updater
 require_files_from_directory(UPDATER_LIB_DIR)
@updater = UpdaterFactory.get_updater(ROOT_DIR)
 if @updater
  REVISION = @updater.local_revision_number()
 else
  REVISION = nil
 end
 def version
  REVISION ? "v#{WPSCAN_VERSION}r#{REVISION}" : "v#{WPSCAN_VERSION}"
 end
 def missing_db_file?
  DbUpdater::FILES.each do |db_file|
    return true unless File.exist?(File.join(DATA_DIR, db_file))
@@ -134,12 +120,7 @@ def banner
  puts '            \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_|'
  puts
  puts '        WordPress Security Scanner by the WPScan Team '
-  # Alignment of the version (w & w/o the Revision)
+  puts "                       Version #{WPSCAN_VERSION}"
  if REVISION
    puts "                    Version #{version}"
  else
    puts "                        Version #{version}"
  end
  puts '     Sponsored by the RandomStorm Open Source Initiative'
  puts '   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_'
  puts '_______________________________________________________________'
--- a/lib/common/updater/db_updater.rb
+++ b/lib/common/updater/db_updater.rb
@@ -1,9 +1,7 @@
 # encoding: UTF-8
-require 'common/updater/updater'
+# DB Updater
-
+class DbUpdater
 # Updater for the Database (currently only 3 .json)
 class DbUpdater < Updater
  FILES = %w(
    local_vulnerable_files.xml local_vulnerable_files.xsd malwares.txt
    plugins_full.txt plugins.txt themes_full.txt themes.txt
--- a/lib/common/updater/git_updater.rb
+++ b/lib/common/updater/git_updater.rb
@@ -1,37 +0,0 @@
 # encoding: UTF-8
 require 'common/updater/updater'
 class GitUpdater < Updater
  def is_installed?
    %x[git #{repo_directory_arguments()} status 2>&1] =~ /On branch/ ? true : false
  end
  # Git has not a revsion number like SVN,
  # so we will take the 7 first chars of the last commit hash
  def local_revision_number
    git_log = %x[git #{repo_directory_arguments()} log -1 2>&1]
    git_log[/commit ([0-9a-z]{7})/i, 1].to_s
  end
  def update
    %x[git #{repo_directory_arguments()} pull]
  end
  def has_local_changes?
    %x[git #{repo_directory_arguments()} diff --exit-code 2>&1] =~ /diff/ ? true : false
  end
  def reset_head
    %x[git #{repo_directory_arguments()} reset --hard HEAD]
  end
  protected
  def repo_directory_arguments
    if @repo_directory
      return "--git-dir=\"#{@repo_directory}/.git\" --work-tree=\"#{@repo_directory}\""
    end
  end
 end
--- a/lib/common/updater/svn_updater.rb
+++ b/lib/common/updater/svn_updater.rb
@@ -1,23 +0,0 @@
 # encoding: UTF-8
 require 'common/updater/updater'
 class SvnUpdater < Updater
  REVISION_PATTERN = /revision="(\d+)"/i
  TRUNK_URL        = 'https://github.com/wpscanteam/wpscan'
  def is_installed?
    %x[svn info "#@repo_directory" --xml 2>&1] =~ /revision=/ ? true : false
  end
  def local_revision_number
    local_revision = %x[svn info "#@repo_directory" --xml 2>&1]
    local_revision[REVISION_PATTERN, 1].to_s
  end
  def update
    %x[svn up "#@repo_directory"]
  end
 end
--- a/lib/common/updater/updater.rb
+++ b/lib/common/updater/updater.rb
@@ -1,25 +0,0 @@
 # encoding: UTF-8
 # This class act as an absract one
 class Updater
  attr_reader :repo_directory
  # TODO : add a last '/ to repo_directory if it's not present
  def initialize(repo_directory = nil)
    @repo_directory = repo_directory
  end
  def is_installed?
    raise NotImplementedError
  end
  def local_revision_number
    raise NotImplementedError
  end
  def update
    raise NotImplementedError
  end
 end
--- a/lib/common/updater/updater_factory.rb
+++ b/lib/common/updater/updater_factory.rb
@@ -1,20 +0,0 @@
 # encoding: UTF-8
 # Factory
 class UpdaterFactory
  def self.get_updater(repo_directory)
    available_updaters_classes.each do |updater_symbol|
      updater = Object.const_get(updater_symbol).new(repo_directory)
      return updater if updater.is_installed?
    end
    nil
  end
  protected
  # @return [ Array<Symbol> ] The symbols related to code updaters
  def self.available_updaters_classes
    Object.constants.grep(/^(?:Svn|Git|Test)Updater$/)
  end
 end
--- a/lib/wpscan/wpscan_helper.rb
+++ b/lib/wpscan/wpscan_helper.rb
@@ -46,7 +46,7 @@ def usage
  puts '-Use custom plugins directory ...'
  puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins"
  puts
-  puts '-Update ...'
+  puts '-Update the DB ...'
  puts "ruby #{script_name} --update"
  puts
  puts '-Debug output ...'
@@ -62,7 +62,7 @@ def help
  puts
  puts 'Some values are settable in a config file, see the example.conf.json'
  puts
-  puts '--update                            Update to the latest revision.'
+  puts '--update                            Update to the database to the latest version.'
  puts '--url       | -u <target url>       The WordPress URL/domain to scan.'
  puts '--force     | -f                    Forces WPScan to not check if the remote site is running WordPress.'
  puts '--enumerate | -e [option(s)]        Enumeration.'
--- a/spec/lib/common/updater/git_updater_spec.rb
+++ b/spec/lib/common/updater/git_updater_spec.rb
@@ -1,74 +0,0 @@
 # encoding: UTF-8
 require 'spec_helper'
 describe GitUpdater do
  before :each do
    @git_updater = GitUpdater.new
  end
  describe '#is_installed?' do
    after :each do
      stub_system_command(@git_updater, /^git .* status/, @stub_value)
      expect(@git_updater.is_installed?).to be === @expected
    end
    it 'should return false if the command is not found' do
      @stub_value = 'git: command not found'
      @expected   = false
    end
    it 'should return true if the repo is a git one' do
      @stub_value = "# On branch master\n# Changed but not updated:"
      @expected   = true
    end
  end
  describe '#local_revision_number' do
    after :each do
      stub_system_command(@git_updater, /^git .* log/, @stub_value)
      expect(@git_updater.local_revision_number).to be === @expected
    end
    it 'should return 79c01f3' do
      @stub_value = '
        commit 79c01f3ed535a8e33876ea091d8217cae7df4028
        Author: Moi <tadimm>
        Date:   Wed Jul 11 23:22:16 2012 +0100'
      @expected = '79c01f3'
    end
  end
  describe '#update' do
    it 'should do nothing xD' do
      stub_system_command(@git_updater, /^git .* pull/, 'Already up-to-date.')
      expect(@git_updater.update()).to be === 'Already up-to-date.'
    end
  end
  describe '#has_local_changes?' do
    after :each do
      stub_system_command(@git_updater, /^git .* diff --exit-code 2>&1/, @stub_value)
      expect(@git_updater.has_local_changes?).to be === @expected
    end
    it 'should return true if there are local changes' do
      @stub_value = 'diff'
      @expected   = true
    end
    it 'should return false if there are no local changes' do
      @stub_value = ''
      @expected   = false
    end
  end
  describe '#reset_head' do
    it 'should reset the local repo' do
      stub_system_command(@git_updater, /^git .* reset --hard HEAD/, 'HEAD is now at')
      expect(@git_updater.reset_head).to match(/^HEAD is now at/)
    end
  end
 end
--- a/spec/lib/common/updater/svn_updater_spec.rb
+++ b/spec/lib/common/updater/svn_updater_spec.rb
@@ -1,86 +0,0 @@
 # encoding: UTF-8
 require 'spec_helper'
 describe SvnUpdater do
  before :each do
    @svn_updater = SvnUpdater.new
  end
  describe '#is_installed?' do
    after :each do
      stub_system_command(@svn_updater, /^svn info/, @stub_value)
      expect(@svn_updater.is_installed?).to be === @expected
    end
    it 'should return false if the svn command is not found' do
      @stub_value = 'svn: command not found'
      @expected   = false
    end
    it 'should return false if the repository is not manage by svn' do
      @stub_value = "svn: '.' is not a working copy"
      @expected   = false
    end
    it 'should return true' do
      @stub_value = '<?xml version="1.0"?>
        <info>
          <entry kind="dir" path="." revision="362">
            <url>https://wpscan.googlecode.com/svn/trunk</url>
            <repository>
              <root>https://wpscan.googlecode.com/svn</root>
              <uuid>0b0242d5-46e6-2201-410d-bc09fd35266c</uuid>
            </repository>
            <wc-info>
              <schedule>normal</schedule>
              <depth>infinity</depth>
            </wc-info>
            <commit revision="362">
              <author>author@mail.tld</author>
              <date>2012-06-02T06:26:25.309806Z</date>
            </commit>
          </entry>
        </info>'
      @expected = true
    end
  end
  describe '#local_revision_number' do
    after :each do
      stub_system_command(@svn_updater, /^svn info/, @stub_value)
      expect(@svn_updater.local_revision_number).to be === @expected
    end
    it 'should return 399' do
      @stub_value = '<?xml version="1.0"?>
        <info>
          <entry kind="dir" path="." revision="362">
            <url>https://wpscan.googlecode.com/svn/trunk</url>
            <repository>
              <root>https://wpscan.googlecode.com/svn</root>
              <uuid>0b0242d5-46e6-2201-410d-bc09fd35266c</uuid>
            </repository>
            <wc-info>
              <schedule>normal</schedule>
              <depth>infinity</depth>
            </wc-info>
            <commit revision="362">
              <author>author@mail.tld</author>
              <date>2012-06-02T06:26:25.309806Z</date>
            </commit>
          </entry>
        </info>'
      @expected = '362'
    end
  end
  describe '#update' do
    it 'should do nothing xD' do
      stub_system_command(@svn_updater, /^svn up/, 'At revision 425.')
      expect(@svn_updater.update()).to be === 'At revision 425.'
    end
  end
 end
--- a/spec/lib/common/updater/updater_factory_spec.rb
+++ b/spec/lib/common/updater/updater_factory_spec.rb
@@ -1,29 +0,0 @@
 # encoding: UTF-8
 require 'spec_helper'
 describe UpdaterFactory do
  describe '#available_updaters_classes' do
    after :each do
      expect(UpdaterFactory.available_updaters_classes.sort).to be === @expected.sort
    end
    it 'should return [:GitUpdater, :SvnUpdater]' do
      @expected = [:GitUpdater, :SvnUpdater]
    end
    it 'should return [:TestUpdater, :GitUpdater, :SvnUpdater]' do
      class TestUpdater < Updater
      end
      @expected = [:GitUpdater, :SvnUpdater, :TestUpdater]
    end
  end
  # TODO : Find a way to test that
  describe '#get_updater' do
  end
 end
--- a/spec/lib/common/updater/updater_spec.rb
+++ b/spec/lib/common/updater/updater_spec.rb
@@ -1,27 +0,0 @@
 # encoding: UTF-8
 require 'spec_helper'
 describe Updater do
  before :all do
    class TestUpdater < Updater
    end
  end
  after :all do
    Object.send(:remove_const, :TestUpdater)
  end
  describe 'non implementation of #is_installed?, #has_update? and #update' do
    it 'should raise errors' do
      test_updater = TestUpdater.new
      methods_to_call = [:is_installed?, :update, :local_revision_number]
      methods_to_call.each do |method_to_call|
        expect { test_updater.send(method_to_call) }.to raise_error(NotImplementedError)
      end
    end
  end
 end
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -33,7 +33,7 @@ def main
    end
    if wpscan_options.version
-      puts "Current version: #{version}"
+      puts "Current version: #{WPSCAN_VERSION}"
      exit(0)
    end
@@ -49,22 +49,6 @@ def main
      puts 'Done.'
    end
    # Check for updates
    if wpscan_options.update
      if !@updater.nil?
        if @updater.has_local_changes?
          print "#{red('[!]')} Local file changes detected, an update will override local changes, do you want to continue updating? [y/n] "
          Readline.readline =~ /^y/i ? @updater.reset_head : raise('Update aborted')
        end
        puts @updater.update()
      else
        puts '[i] Svn / Git not installed, or wpscan has not been installed with one of them.'
        puts "#{red('[!]')} Update aborted"
      end
      exit(0)
    end
    unless wpscan_options.url
      raise 'The URL is mandatory, please supply it with --url or -u'
    end