garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Errors moved into their own namespace - Ref #1315

Browse Source
This commit is contained in:
erwanlr
2019-03-19 19:09:16 +00:00
parent 357e13be2b
commit f1657164d5
15 changed files with 85 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/core.rb
View File

@@ -25,7 +25,7 @@ module WPScan
# @return [ Boolean ] # @return [ Boolean ]
def update_db_required? def update_db_required?
if local_db.missing_files? if local_db.missing_files?
raise MissingDatabaseFile if parsed_options[:update] == false raise Error::MissingDatabaseFile if parsed_options[:update] == false
return true return true
end end
@@ -62,7 +62,7 @@ module WPScan
# Raises errors if the target is hosted on wordpress.com or is not running WordPress # Raises errors if the target is hosted on wordpress.com or is not running WordPress
# Also check if the homepage_url is still the install url # Also check if the homepage_url is still the install url
def check_wordpress_state def check_wordpress_state
raise WordPressHostedError if target.wordpress_hosted? raise Error::WordPressHosted if target.wordpress_hosted?
if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i
@@ -71,7 +71,7 @@ module WPScan
exit(WPScan::ExitCode::VULNERABLE) exit(WPScan::ExitCode::VULNERABLE)
end end
raise NotWordPressError unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force] raise Error::NotWordPress unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
end end
# Loads the related server module in the target # Loads the related server module in the target

2
app/controllers/custom_directories.rb
View File

@@ -16,7 +16,7 @@ module WPScan
return if target.content_dir return if target.content_dir
raise WpContentDirNotDetected raise Error::WpContentDirNotDetected
end end
end end
end end

4
app/controllers/password_attack.rb
View File

@@ -65,11 +65,11 @@ module WPScan
when :wp_login when :wp_login
WPScan::Finders::Passwords::WpLogin.new(target) WPScan::Finders::Passwords::WpLogin.new(target)
when :xmlrpc when :xmlrpc
raise XMLRPCNotDetected unless xmlrpc raise Error::XMLRPCNotDetected unless xmlrpc
WPScan::Finders::Passwords::XMLRPC.new(xmlrpc) WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
when :xmlrpc_multicall when :xmlrpc_multicall
raise XMLRPCNotDetected unless xmlrpc raise Error::XMLRPCNotDetected unless xmlrpc
WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc) WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
end end

2
app/models/wp_version.rb
View File

@@ -4,7 +4,7 @@ module WPScan
include Vulnerable include Vulnerable
def initialize(number, opts = {}) def initialize(number, opts = {})
raise InvalidWordPressVersion unless WpVersion.valid?(number.to_s) raise Error::InvalidWordPressVersion unless WpVersion.valid?(number.to_s)
super(number, opts) super(number, opts)
end end

4
lib/wpscan/db/updater.rb
View File

@@ -80,7 +80,7 @@ module WPScan
url = "#{remote_file_url(filename)}.sha512" url = "#{remote_file_url(filename)}.sha512"
res = Browser.get(url, request_params) res = Browser.get(url, request_params)
raise DownloadError, res if res.timed_out? || res.code != 200 raise Error::Download, res if res.timed_out? || res.code != 200
res.body.chomp res.body.chomp
end end
@@ -121,7 +121,7 @@ module WPScan
file_url = remote_file_url(filename) file_url = remote_file_url(filename)
res = Browser.get(file_url, request_params) res = Browser.get(file_url, request_params)
raise DownloadError, res if res.timed_out? || res.code != 200 raise Error::Download, res if res.timed_out? || res.code != 200
File.open(file_path, 'wb') { |f| f.write(res.body) } File.open(file_path, 'wb') { |f| f.write(res.body) }

6
lib/wpscan/errors.rb
View File

@@ -1,5 +1,9 @@
module WPScan module WPScan
class Error < StandardError module Error
include CMSScanner::Error
class Standard < StandardError
end
end end
end end

56
lib/wpscan/errors/http.rb
View File

@@ -1,34 +1,36 @@
module WPScan module WPScan
# HTTP Error module Error
class HTTPError < Error # HTTP Error
attr_reader :response class HTTP < Standard
attr_reader :response
# @param [ Typhoeus::Response ] res # @param [ Typhoeus::Response ] res
def initialize(response) def initialize(response)
@response = response @response = response
end
def failure_details
msg = response.effective_url
msg += if response.code.zero? || response.timed_out?
" (#{response.return_message})"
else
" (status: #{response.code})"
end
msg
end
def to_s
"HTTP Error: #{failure_details}"
end
end end
def failure_details # Used in the Updater
msg = response.effective_url class Download < HTTP
def to_s
msg += if response.code.zero? || response.timed_out? "Unable to get #{failure_details}"
" (#{response.return_message})" end
else
" (status: #{response.code})"
end
msg
end
def to_s
"HTTP Error: #{failure_details}"
end
end
# Used in the Updater
class DownloadError < HTTPError
def to_s
"Unable to get #{failure_details}"
end end
end end
end end

10
lib/wpscan/errors/update.rb
View File

@@ -1,8 +1,10 @@
module WPScan module WPScan
# Error raised when there is a missing DB file and --no-update supplied module Error
class MissingDatabaseFile < Error # Error raised when there is a missing DB file and --no-update supplied
def to_s class MissingDatabaseFile < Standard
'Update required, you can not run a scan if a database file is missing.' def to_s
'Update required, you can not run a scan if a database file is missing.'
end
end end
end end
end end

38
lib/wpscan/errors/wordpress.rb
View File

@@ -1,28 +1,30 @@
module WPScan module WPScan
# WordPress hosted (*.wordpress.com) module Error
class WordPressHostedError < Error # WordPress hosted (*.wordpress.com)
def to_s class WordPressHosted < Standard
'Scanning *.wordpress.com hosted blogs is not supported.' def to_s
'Scanning *.wordpress.com hosted blogs is not supported.'
end
end end
end
# Not WordPress Error # Not WordPress Error
class NotWordPressError < Error class NotWordPress < Standard
def to_s def to_s
'The remote website is up, but does not seem to be running WordPress.' 'The remote website is up, but does not seem to be running WordPress.'
end
end end
end
# Invalid Wp Version (used in the WpVersion#new) # Invalid Wp Version (used in the WpVersion#new)
class InvalidWordPressVersion < Error class InvalidWordPressVersion < Standard
def to_s def to_s
'The WordPress version is invalid' 'The WordPress version is invalid'
end
end end
end
class WpContentDirNotDetected < Error class WpContentDirNotDetected < Standard
def to_s def to_s
'Unable to identify the wp-content dir, please supply it with --wp-content-dir' 'Unable to identify the wp-content dir, please supply it with --wp-content-dir'
end
end end
end end
end end

10
lib/wpscan/errors/xmlrpc.rb
View File

@@ -1,8 +1,10 @@
module WPScan module WPScan
# XML-RPC Not Detected module Error
class XMLRPCNotDetected < Error # XML-RPC Not Detected
def to_s class XMLRPCNotDetected < Standard
'The XML-RPC Interface was not detected.' def to_s
'The XML-RPC Interface was not detected.'
end
end end
end end
end end

2
lib/wpscan/finders/finder/wp_version/smart_url_checker.rb
View File

@@ -13,7 +13,7 @@ module WPScan
confidence: opts[:confidence] || 80, confidence: opts[:confidence] || 80,
interesting_entries: opts[:entries] interesting_entries: opts[:entries]
) )
rescue WPScan::InvalidWordPressVersion rescue WPScan::Error::InvalidWordPressVersion
nil # Invalid Version returned as nil and will be ignored by Finders nil # Invalid Version returned as nil and will be ignored by Finders
end end
end end

10
spec/app/controllers/core_spec.rb
View File

@@ -70,7 +70,7 @@ describe WPScan::Controller::Core do
let(:cli_args) { "#{super()} --no-update" } let(:cli_args) { "#{super()} --no-update" }
it 'raises an error' do it 'raises an error' do
expect { core.update_db_required? }. to raise_error(WPScan::MissingDatabaseFile) expect { core.update_db_required? }. to raise_error(WPScan::Error::MissingDatabaseFile)
end end
end end
@@ -199,7 +199,7 @@ describe WPScan::Controller::Core do
let(:redirection) { 'http://g.com/' } let(:redirection) { 'http://g.com/' }
it 'raises an error' do it 'raises an error' do
expect { core.before_scan }.to raise_error(CMSScanner::HTTPRedirectError) expect { core.before_scan }.to raise_error(CMSScanner::Error::HTTPRedirect)
end end
end end
@@ -218,7 +218,7 @@ describe WPScan::Controller::Core do
it 'raises an error' do it 'raises an error' do
expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false) expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false)
expect { core.before_scan }.to raise_error(WPScan::NotWordPressError) expect { core.before_scan }.to raise_error(WPScan::Error::NotWordPress)
end end
end end
end end
@@ -230,7 +230,7 @@ describe WPScan::Controller::Core do
before { expect(core).to receive(:load_server_module) } before { expect(core).to receive(:load_server_module) }
it 'raises an error' do it 'raises an error' do
expect { core.before_scan }.to raise_error(WPScan::WordPressHostedError) expect { core.before_scan }.to raise_error(WPScan::Error::WordPressHosted)
end end
end end
@@ -253,7 +253,7 @@ describe WPScan::Controller::Core do
context 'when no --force' do context 'when no --force' do
it 'raises an error' do it 'raises an error' do
expect { core.before_scan }.to raise_error(WPScan::NotWordPressError) expect { core.before_scan }.to raise_error(WPScan::Error::NotWordPress)
end end
end end

2
spec/app/controllers/custom_directories_spec.rb
View File

@@ -23,7 +23,7 @@ describe WPScan::Controller::CustomDirectories do
before { expect(controller.target).to receive(:content_dir) } before { expect(controller.target).to receive(:content_dir) }
it 'raises an exception' do it 'raises an exception' do
expect { controller.before_scan }.to raise_error(WPScan::WpContentDirNotDetected) expect { controller.before_scan }.to raise_error(WPScan::Error::WpContentDirNotDetected)
end end
end end

4
spec/app/controllers/password_attack_spec.rb
View File

@@ -75,7 +75,7 @@ describe WPScan::Controller::PasswordAttack do
let(:attack) { 'xmlrpc' } let(:attack) { 'xmlrpc' }
it 'raises an error' do it 'raises an error' do
expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected) expect { controller.attacker }.to raise_error(WPScan::Error::XMLRPCNotDetected)
end end
end end
@@ -83,7 +83,7 @@ describe WPScan::Controller::PasswordAttack do
let(:attack) { 'xmlrpc-multicall' } let(:attack) { 'xmlrpc-multicall' }
it 'raises an error' do it 'raises an error' do
expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected) expect { controller.attacker }.to raise_error(WPScan::Error::XMLRPCNotDetected)
end end
end end
end end

2
spec/app/models/wp_version_spec.rb
View File

@@ -2,7 +2,7 @@ describe WPScan::WpVersion do
describe '#new' do describe '#new' do
context 'when invalid number' do context 'when invalid number' do
it 'raises an error' do it 'raises an error' do
expect { described_class.new('aa') }.to raise_error WPScan::InvalidWordPressVersion expect { described_class.new('aa') }.to raise_error WPScan::Error::InvalidWordPressVersion
end end
end end