diff --git a/lib/common/common_helper.rb b/lib/common/common_helper.rb index b6518e2d..62200cb1 100644 --- a/lib/common/common_helper.rb +++ b/lib/common/common_helper.rb @@ -147,3 +147,9 @@ def get_metasploit_url(module_path) module_path = module_path.sub(/^\//, '') "http://www.metasploit.com/modules/#{module_path}" end + +def xml(file) + Nokogiri::XML(File.open(file)) do |config| + config.noblanks + end +end diff --git a/lib/common/hacks.rb b/lib/common/hacks.rb index 0a2dcda7..f4e069bc 100644 --- a/lib/common/hacks.rb +++ b/lib/common/hacks.rb @@ -1,14 +1,5 @@ # encoding: UTF-8 -# Default option changed from DEFAULT_XML to NOBLANKS -module Nokogiri - class << self - def XML thing, url = nil, encoding = nil, options = XML::ParseOptions::NOBLANKS, &block - Nokogiri::XML::Document.parse(thing, url, encoding, options, &block) - end - end -end - # Since ruby 1.9.2, URI::escape is obsolete # See http://rosettacode.org/wiki/URL_encoding#Ruby and http://www.ruby-forum.com/topic/207489 if RUBY_VERSION >= '1.9.2' diff --git a/lib/wpscan/vulnerable.rb b/lib/wpscan/vulnerable.rb index 71a9c05c..53a5623a 100644 --- a/lib/wpscan/vulnerable.rb +++ b/lib/wpscan/vulnerable.rb @@ -23,7 +23,7 @@ class Vulnerable # @return an array of WpVulnerability (can be empty) def vulnerabilities - xml = Nokogiri::XML(File.open(@vulns_file)) + xml = xml(@vulns_file) vulnerabilities = [] xml.xpath(@vulns_xpath).each do |node| diff --git a/lib/wpscan/wp_enumerator.rb b/lib/wpscan/wp_enumerator.rb index 32fc2b24..ef1e7a2b 100644 --- a/lib/wpscan/wp_enumerator.rb +++ b/lib/wpscan/wp_enumerator.rb @@ -121,7 +121,7 @@ class WpEnumerator # Timthumbs have no XML file unless type =~ /timthumbs/i - xml = Nokogiri::XML(File.open(vulns_file)) + xml = xml(vulns_file) # We check if the plugin name from the plugin_vulns_file is already in targets, otherwise we add it xml.xpath(options[:vulns_xpath_2]).each do |node| diff --git a/lib/wpscan/wp_version.rb b/lib/wpscan/wp_version.rb index 535c93f2..bb6e5163 100644 --- a/lib/wpscan/wp_version.rb +++ b/lib/wpscan/wp_version.rb @@ -146,7 +146,7 @@ class WpVersion < Vulnerable version_xml = options[:version_xml] || WP_VERSIONS_FILE # needed for rpsec wp_content = options[:wp_content_dir] wp_plugins = "#{wp_content}/plugins" - xml = Nokogiri::XML(File.open(version_xml)) + xml = xml(version_xml) xml.xpath('//file').each do |node| file_src = node.attribute('src').text diff --git a/lib/wpstools/plugins/checker/checker_plugin.rb b/lib/wpstools/plugins/checker/checker_plugin.rb index 1112b08c..4c9c9361 100644 --- a/lib/wpstools/plugins/checker/checker_plugin.rb +++ b/lib/wpstools/plugins/checker/checker_plugin.rb @@ -46,7 +46,7 @@ class CheckerPlugin < Plugin puts '[+] Checking vulnerabilities reference urls' vuln_ref_files.each do |vuln_ref_file| - xml = Nokogiri::XML(File.open(vuln_ref_file)) + xml = xml(vuln_ref_file) urls = [] xml.xpath('//reference').each { |node| urls << node.text } @@ -111,7 +111,7 @@ class CheckerPlugin < Plugin puts '[+] Checking for vulnerable files ...' - xml = Nokogiri::XML(File.open(xml_file)) + xml = xml(xml_file) xml.xpath('//hash').each do |node| sha1sum = node.attribute('sha1').text diff --git a/lib/wpstools/plugins/stats/stats_plugin.rb b/lib/wpstools/plugins/stats/stats_plugin.rb index 4244fe88..038da70c 100644 --- a/lib/wpstools/plugins/stats/stats_plugin.rb +++ b/lib/wpstools/plugins/stats/stats_plugin.rb @@ -44,24 +44,20 @@ class StatsPlugin < Plugin end end - def xml(file) - Nokogiri::XML(File.open(file)) - end - def vuln_plugin_count(file=PLUGINS_VULNS_FILE) - self.xml(file).xpath("count(//plugin)").to_i + xml(file).xpath("count(//plugin)").to_i end def vuln_theme_count(file=THEMES_VULNS_FILE) - self.xml(file).xpath("count(//theme)").to_i + xml(file).xpath("count(//theme)").to_i end def plugin_vulns_count(file=PLUGINS_VULNS_FILE) - self.xml(file).xpath("count(//vulnerability)").to_i + xml(file).xpath("count(//vulnerability)").to_i end def theme_vulns_count(file=THEMES_VULNS_FILE) - self.xml(file).xpath("count(//vulnerability)").to_i + xml(file).xpath("count(//vulnerability)").to_i end def total_plugins(file=PLUGINS_FULL_FILE, xml=PLUGINS_VULNS_FILE)