From f1657164d57ca34966d54a0382dfaffb13c54a54 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Tue, 19 Mar 2019 19:09:16 +0000 Subject: [PATCH] Errors moved into their own namespace - Ref #1315 --- app/controllers/core.rb | 6 +- app/controllers/custom_directories.rb | 2 +- app/controllers/password_attack.rb | 4 +- app/models/wp_version.rb | 2 +- lib/wpscan/db/updater.rb | 4 +- lib/wpscan/errors.rb | 6 +- lib/wpscan/errors/http.rb | 56 ++++++++++--------- lib/wpscan/errors/update.rb | 10 ++-- lib/wpscan/errors/wordpress.rb | 38 +++++++------ lib/wpscan/errors/xmlrpc.rb | 10 ++-- .../finder/wp_version/smart_url_checker.rb | 2 +- spec/app/controllers/core_spec.rb | 10 ++-- .../controllers/custom_directories_spec.rb | 2 +- spec/app/controllers/password_attack_spec.rb | 4 +- spec/app/models/wp_version_spec.rb | 2 +- 15 files changed, 85 insertions(+), 73 deletions(-) diff --git a/app/controllers/core.rb b/app/controllers/core.rb index 2af48df9..b8864170 100644 --- a/app/controllers/core.rb +++ b/app/controllers/core.rb @@ -25,7 +25,7 @@ module WPScan # @return [ Boolean ] def update_db_required? if local_db.missing_files? - raise MissingDatabaseFile if parsed_options[:update] == false + raise Error::MissingDatabaseFile if parsed_options[:update] == false return true end @@ -62,7 +62,7 @@ module WPScan # Raises errors if the target is hosted on wordpress.com or is not running WordPress # Also check if the homepage_url is still the install url def check_wordpress_state - raise WordPressHostedError if target.wordpress_hosted? + raise Error::WordPressHosted if target.wordpress_hosted? if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i @@ -71,7 +71,7 @@ module WPScan exit(WPScan::ExitCode::VULNERABLE) end - raise NotWordPressError unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force] + raise Error::NotWordPress unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force] end # Loads the related server module in the target diff --git a/app/controllers/custom_directories.rb b/app/controllers/custom_directories.rb index 04494041..812aad53 100644 --- a/app/controllers/custom_directories.rb +++ b/app/controllers/custom_directories.rb @@ -16,7 +16,7 @@ module WPScan return if target.content_dir - raise WpContentDirNotDetected + raise Error::WpContentDirNotDetected end end end diff --git a/app/controllers/password_attack.rb b/app/controllers/password_attack.rb index 42eb171b..691f13fd 100644 --- a/app/controllers/password_attack.rb +++ b/app/controllers/password_attack.rb @@ -65,11 +65,11 @@ module WPScan when :wp_login WPScan::Finders::Passwords::WpLogin.new(target) when :xmlrpc - raise XMLRPCNotDetected unless xmlrpc + raise Error::XMLRPCNotDetected unless xmlrpc WPScan::Finders::Passwords::XMLRPC.new(xmlrpc) when :xmlrpc_multicall - raise XMLRPCNotDetected unless xmlrpc + raise Error::XMLRPCNotDetected unless xmlrpc WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc) end diff --git a/app/models/wp_version.rb b/app/models/wp_version.rb index c14cbd21..956dee6e 100644 --- a/app/models/wp_version.rb +++ b/app/models/wp_version.rb @@ -4,7 +4,7 @@ module WPScan include Vulnerable def initialize(number, opts = {}) - raise InvalidWordPressVersion unless WpVersion.valid?(number.to_s) + raise Error::InvalidWordPressVersion unless WpVersion.valid?(number.to_s) super(number, opts) end diff --git a/lib/wpscan/db/updater.rb b/lib/wpscan/db/updater.rb index 6104c64b..568158e4 100644 --- a/lib/wpscan/db/updater.rb +++ b/lib/wpscan/db/updater.rb @@ -80,7 +80,7 @@ module WPScan url = "#{remote_file_url(filename)}.sha512" res = Browser.get(url, request_params) - raise DownloadError, res if res.timed_out? || res.code != 200 + raise Error::Download, res if res.timed_out? || res.code != 200 res.body.chomp end @@ -121,7 +121,7 @@ module WPScan file_url = remote_file_url(filename) res = Browser.get(file_url, request_params) - raise DownloadError, res if res.timed_out? || res.code != 200 + raise Error::Download, res if res.timed_out? || res.code != 200 File.open(file_path, 'wb') { |f| f.write(res.body) } diff --git a/lib/wpscan/errors.rb b/lib/wpscan/errors.rb index 2158491a..780456eb 100644 --- a/lib/wpscan/errors.rb +++ b/lib/wpscan/errors.rb @@ -1,5 +1,9 @@ module WPScan - class Error < StandardError + module Error + include CMSScanner::Error + + class Standard < StandardError + end end end diff --git a/lib/wpscan/errors/http.rb b/lib/wpscan/errors/http.rb index 0f788271..55c67634 100644 --- a/lib/wpscan/errors/http.rb +++ b/lib/wpscan/errors/http.rb @@ -1,34 +1,36 @@ module WPScan - # HTTP Error - class HTTPError < Error - attr_reader :response + module Error + # HTTP Error + class HTTP < Standard + attr_reader :response - # @param [ Typhoeus::Response ] res - def initialize(response) - @response = response + # @param [ Typhoeus::Response ] res + def initialize(response) + @response = response + end + + def failure_details + msg = response.effective_url + + msg += if response.code.zero? || response.timed_out? + " (#{response.return_message})" + else + " (status: #{response.code})" + end + + msg + end + + def to_s + "HTTP Error: #{failure_details}" + end end - def failure_details - msg = response.effective_url - - msg += if response.code.zero? || response.timed_out? - " (#{response.return_message})" - else - " (status: #{response.code})" - end - - msg - end - - def to_s - "HTTP Error: #{failure_details}" - end - end - - # Used in the Updater - class DownloadError < HTTPError - def to_s - "Unable to get #{failure_details}" + # Used in the Updater + class Download < HTTP + def to_s + "Unable to get #{failure_details}" + end end end end diff --git a/lib/wpscan/errors/update.rb b/lib/wpscan/errors/update.rb index 4c5310ae..f02d7a9c 100644 --- a/lib/wpscan/errors/update.rb +++ b/lib/wpscan/errors/update.rb @@ -1,8 +1,10 @@ module WPScan - # Error raised when there is a missing DB file and --no-update supplied - class MissingDatabaseFile < Error - def to_s - 'Update required, you can not run a scan if a database file is missing.' + module Error + # Error raised when there is a missing DB file and --no-update supplied + class MissingDatabaseFile < Standard + def to_s + 'Update required, you can not run a scan if a database file is missing.' + end end end end diff --git a/lib/wpscan/errors/wordpress.rb b/lib/wpscan/errors/wordpress.rb index 7e2ef5ea..fccc7b1e 100644 --- a/lib/wpscan/errors/wordpress.rb +++ b/lib/wpscan/errors/wordpress.rb @@ -1,28 +1,30 @@ module WPScan - # WordPress hosted (*.wordpress.com) - class WordPressHostedError < Error - def to_s - 'Scanning *.wordpress.com hosted blogs is not supported.' + module Error + # WordPress hosted (*.wordpress.com) + class WordPressHosted < Standard + def to_s + 'Scanning *.wordpress.com hosted blogs is not supported.' + end end - end - # Not WordPress Error - class NotWordPressError < Error - def to_s - 'The remote website is up, but does not seem to be running WordPress.' + # Not WordPress Error + class NotWordPress < Standard + def to_s + 'The remote website is up, but does not seem to be running WordPress.' + end end - end - # Invalid Wp Version (used in the WpVersion#new) - class InvalidWordPressVersion < Error - def to_s - 'The WordPress version is invalid' + # Invalid Wp Version (used in the WpVersion#new) + class InvalidWordPressVersion < Standard + def to_s + 'The WordPress version is invalid' + end end - end - class WpContentDirNotDetected < Error - def to_s - 'Unable to identify the wp-content dir, please supply it with --wp-content-dir' + class WpContentDirNotDetected < Standard + def to_s + 'Unable to identify the wp-content dir, please supply it with --wp-content-dir' + end end end end diff --git a/lib/wpscan/errors/xmlrpc.rb b/lib/wpscan/errors/xmlrpc.rb index 45e5eb95..0623c617 100644 --- a/lib/wpscan/errors/xmlrpc.rb +++ b/lib/wpscan/errors/xmlrpc.rb @@ -1,8 +1,10 @@ module WPScan - # XML-RPC Not Detected - class XMLRPCNotDetected < Error - def to_s - 'The XML-RPC Interface was not detected.' + module Error + # XML-RPC Not Detected + class XMLRPCNotDetected < Standard + def to_s + 'The XML-RPC Interface was not detected.' + end end end end diff --git a/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb b/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb index 33691bd8..a10ecaca 100644 --- a/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb +++ b/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb @@ -13,7 +13,7 @@ module WPScan confidence: opts[:confidence] || 80, interesting_entries: opts[:entries] ) - rescue WPScan::InvalidWordPressVersion + rescue WPScan::Error::InvalidWordPressVersion nil # Invalid Version returned as nil and will be ignored by Finders end end diff --git a/spec/app/controllers/core_spec.rb b/spec/app/controllers/core_spec.rb index 01d517f8..e086124c 100644 --- a/spec/app/controllers/core_spec.rb +++ b/spec/app/controllers/core_spec.rb @@ -70,7 +70,7 @@ describe WPScan::Controller::Core do let(:cli_args) { "#{super()} --no-update" } it 'raises an error' do - expect { core.update_db_required? }. to raise_error(WPScan::MissingDatabaseFile) + expect { core.update_db_required? }. to raise_error(WPScan::Error::MissingDatabaseFile) end end @@ -199,7 +199,7 @@ describe WPScan::Controller::Core do let(:redirection) { 'http://g.com/' } it 'raises an error' do - expect { core.before_scan }.to raise_error(CMSScanner::HTTPRedirectError) + expect { core.before_scan }.to raise_error(CMSScanner::Error::HTTPRedirect) end end @@ -218,7 +218,7 @@ describe WPScan::Controller::Core do it 'raises an error' do expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false) - expect { core.before_scan }.to raise_error(WPScan::NotWordPressError) + expect { core.before_scan }.to raise_error(WPScan::Error::NotWordPress) end end end @@ -230,7 +230,7 @@ describe WPScan::Controller::Core do before { expect(core).to receive(:load_server_module) } it 'raises an error' do - expect { core.before_scan }.to raise_error(WPScan::WordPressHostedError) + expect { core.before_scan }.to raise_error(WPScan::Error::WordPressHosted) end end @@ -253,7 +253,7 @@ describe WPScan::Controller::Core do context 'when no --force' do it 'raises an error' do - expect { core.before_scan }.to raise_error(WPScan::NotWordPressError) + expect { core.before_scan }.to raise_error(WPScan::Error::NotWordPress) end end diff --git a/spec/app/controllers/custom_directories_spec.rb b/spec/app/controllers/custom_directories_spec.rb index fc3e0f3a..3b585c3c 100644 --- a/spec/app/controllers/custom_directories_spec.rb +++ b/spec/app/controllers/custom_directories_spec.rb @@ -23,7 +23,7 @@ describe WPScan::Controller::CustomDirectories do before { expect(controller.target).to receive(:content_dir) } it 'raises an exception' do - expect { controller.before_scan }.to raise_error(WPScan::WpContentDirNotDetected) + expect { controller.before_scan }.to raise_error(WPScan::Error::WpContentDirNotDetected) end end diff --git a/spec/app/controllers/password_attack_spec.rb b/spec/app/controllers/password_attack_spec.rb index d6693a32..1eb7a68b 100644 --- a/spec/app/controllers/password_attack_spec.rb +++ b/spec/app/controllers/password_attack_spec.rb @@ -75,7 +75,7 @@ describe WPScan::Controller::PasswordAttack do let(:attack) { 'xmlrpc' } it 'raises an error' do - expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected) + expect { controller.attacker }.to raise_error(WPScan::Error::XMLRPCNotDetected) end end @@ -83,7 +83,7 @@ describe WPScan::Controller::PasswordAttack do let(:attack) { 'xmlrpc-multicall' } it 'raises an error' do - expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected) + expect { controller.attacker }.to raise_error(WPScan::Error::XMLRPCNotDetected) end end end diff --git a/spec/app/models/wp_version_spec.rb b/spec/app/models/wp_version_spec.rb index 64279e4f..4260df87 100644 --- a/spec/app/models/wp_version_spec.rb +++ b/spec/app/models/wp_version_spec.rb @@ -2,7 +2,7 @@ describe WPScan::WpVersion do describe '#new' do context 'when invalid number' do it 'raises an error' do - expect { described_class.new('aa') }.to raise_error WPScan::InvalidWordPressVersion + expect { described_class.new('aa') }.to raise_error WPScan::Error::InvalidWordPressVersion end end