garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updates rubocop & fixes offences

Browse Source
This commit is contained in:
erwanlr
2020-06-23 20:30:48 +02:00
parent e223936a81
commit d76d4b70f5
24 changed files with 43 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/wpscan/finders/dynamic_finder/version/config_parser.rb
View File

@@ -11,7 +11,7 @@ module WPScan
def self.child_class_constants
@child_class_constants ||= super.merge(
PARSER: nil, KEY: nil, PATTERN: /(?<v>\d+\.[\.\d]+)/, CONFIDENCE: 70
PARSER: nil, KEY: nil, PATTERN: /(?<v>\d+\.[.\d]+)/, CONFIDENCE: 70
)
end

2
lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
View File

@@ -9,7 +9,7 @@ module WPScan
# @return [ Hash ]
def self.child_class_constants
@child_class_constants ||= super().merge(
XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)\=(?<v>\d+\.[\.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)=(?<v>\d+\.[.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
)
end

2
lib/wpscan/finders/dynamic_finder/version/xpath.rb
View File

@@ -9,7 +9,7 @@ module WPScan
# @return [ Hash ]
def self.child_class_constants
@child_class_constants ||= super().merge(
XPATH: nil, PATTERN: /\A(?<v>\d+\.[\.\d]+)/, CONFIDENCE: 60
XPATH: nil, PATTERN: /\A(?<v>\d+\.[.\d]+)/, CONFIDENCE: 60
)
end

2
lib/wpscan/finders/dynamic_finder/wp_version.rb
View File

@@ -33,7 +33,7 @@ module WPScan
# @return [ Hash ]
def self.child_class_constants
@child_class_constants ||= super().merge(PATTERN: /ver\=(?<v>\d+\.[\.\d]+)/i)
@child_class_constants ||= super().merge(PATTERN: /ver=(?<v>\d+\.[.\d]+)/i)
end
end

2
lib/wpscan/helper.rb
View File

@@ -13,7 +13,7 @@ end
#
# @return [ Symbol ]
def classify_slug(slug)
classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/\-{1,}/, '_').camelize.to_s
classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/-{1,}/, '_').camelize.to_s
classified = "D_#{classified}" if /\d/.match?(classified[0])
classified.to_sym

8
lib/wpscan/target/platform/wordpress.rb
View File

@@ -11,9 +11,9 @@ module WPScan
module WordPress
include CMSScanner::Target::Platform::PHP
WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|(?:mu\-)?plugins|uploads))|wp-includes)/}i.freeze
WP_JSON_OEMBED_PATTERN = %r{/wp\-json/oembed/}i.freeze
WP_ADMIN_AJAX_PATTERN = %r{\\?/wp\-admin\\?/admin\-ajax\.php}i.freeze
WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|(?:mu-)?plugins|uploads))|wp-includes)/}i.freeze
WP_JSON_OEMBED_PATTERN = %r{/wp-json/oembed/}i.freeze
WP_ADMIN_AJAX_PATTERN = %r{\\?/wp-admin\\?/admin-ajax\.php}i.freeze
# These methods are used in the associated interesting_findings finders
# to keep the boolean state of the finding rather than re-check the whole thing again
@@ -147,7 +147,7 @@ module WPScan
res = Browser.get_and_follow_location(@login_url)
@login_url = res.effective_url if res.effective_url =~ /wp\-login\.php\z/i && in_scope?(res.effective_url)
@login_url = res.effective_url if res.effective_url =~ /wp-login\.php\z/i && in_scope?(res.effective_url)
@login_url
end

6
lib/wpscan/target/platform/wordpress/custom_directories.rb
View File

@@ -104,7 +104,7 @@ module WPScan
return @sub_dir unless @sub_dir.nil?
# url_pattern is from CMSScanner::Target
pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp-includes/)}i
xpath = '(//@src|//@href|//@data-src)[contains(., "xmlrpc.php") or contains(., "wp-includes/")]'
[homepage_res, error_404_res].each do |page_res|
@@ -124,9 +124,9 @@ module WPScan
def url(path = nil)
return @uri.to_s unless path
if %r{wp\-content/plugins}i.match?(path)
if %r{wp-content/plugins}i.match?(path)
path = +path.gsub('wp-content/plugins', plugins_dir)
elsif /wp\-content/i.match?(path)
elsif /wp-content/i.match?(path)
path = +path.gsub('wp-content', content_dir)
elsif path[0] != '/' && sub_dir
path = "#{sub_dir}/#{path}"