Sha256: b769fff77b8a2274734648c6a0d1eec4f7f07b4911a35faf7d768cf1dd06f06f

Contents?: true

Size: 1.68 KB

Versions: 11

Compression:

Stored size: 1.68 KB

Contents

module Yawast
  module Scanner
    class ObjectPresence
      def self.check_source_control(uri)
        check_path(uri, '/.git/', true)
        check_path(uri, '/.hg/', true)
        check_path(uri, '/.svn/', true)
        check_path(uri, '/.bzr/', true)
      end

      def self.check_cross_domain(uri)
        check_path(uri, '/crossdomain.xml', false)
        check_path(uri, '/clientaccesspolicy.xml', false)
      end

      def self.check_sitemap(uri)
        check_path(uri, '/sitemap.xml', false)
      end

      def self.check_wsftp_log(uri)
        #check both upper and lower, as they are both seen in the wild
        check_path(uri, '/WS_FTP.LOG', false)
        check_path(uri, '/ws_ftp.log', false)
      end

      def self.check_trace_axd(uri)
        check_path(uri, '/Trace.axd', false)
      end

      def self.check_elmah_axd(uri)
        check_path(uri, '/elmah.axd', false)
      end

      def self.check_readme_html(uri)
        check_path(uri, '/readme.html', false)
      end

      def self.check_release_notes_txt(uri)
        check_path(uri, '/RELEASE-NOTES.txt', false)
      end

      def self.check_path(uri, path, vuln)
        #note: this only checks directly at the root, I'm not sure if this is what we want
        # should probably be relative to what's passed in, instead of overriding the path.
        check = uri.copy
        check.path = "#{path}"
        code = Yawast::Shared::Http.get_status_code(check)

        if code == "200"
          msg = "'#{path}' found: #{check}"

          if vuln
            Yawast::Utilities.puts_vuln msg
          else
            Yawast::Utilities.puts_warn msg
          end

          puts ''
        end
      end
    end
  end
end

Version data entries

11 entries across 11 versions & 1 rubygems

Version Path
yawast-0.4.0.beta3 lib/scanner/obj_presence.rb
yawast-0.4.0.beta2 lib/scanner/obj_presence.rb
yawast-0.4.0.beta1 lib/scanner/obj_presence.rb
yawast-0.3.0 lib/scanner/obj_presence.rb
yawast-0.3.0.beta2 lib/scanner/obj_presence.rb
yawast-0.3.0.beta1 lib/scanner/obj_presence.rb
yawast-0.2.2 lib/scanner/obj_presence.rb
yawast-0.2.1 lib/scanner/obj_presence.rb
yawast-0.2.0.beta3 lib/scanner/obj_presence.rb
yawast-0.2.0.beta2 lib/scanner/obj_presence.rb
yawast-0.2.0.beta1 lib/scanner/obj_presence.rb