lib/scanner/plugins/http/file_presence.rb in yawast-0.7.0.beta1 vs lib/scanner/plugins/http/file_presence.rb in yawast-0.7.0.beta2
- old
+ new
@@ -1,17 +1,19 @@
+# frozen_string_literal: true
+
require 'securerandom'
module Yawast
module Scanner
module Plugins
module Http
class FilePresence
def self.check_path(uri, path, vuln)
- #note: this only checks directly at the root, I'm not sure if this is what we want
+ # note: this only checks directly at the root, I'm not sure if this is what we want
# should probably be relative to what's passed in, instead of overriding the path.
check = uri.copy
- check.path = "#{path}"
+ check.path = path.to_s
code = Yawast::Shared::Http.get_status_code(check)
if code == '200'
msg = "'#{path}' found: #{check}"
@@ -24,11 +26,11 @@
puts ''
end
end
def self.check_all(uri, common_files)
- #first, we need to see if the site responds to 404 in a reasonable way
+ # first, we need to see if the site responds to 404 in a reasonable way
unless Yawast::Shared::Http.check_not_found(uri, true)
puts 'Site does not respond properly to non-existent file requests; skipping some checks.'
return
end
@@ -39,10 +41,11 @@
check_wsftp_log uri
check_trace_axd uri
check_elmah_axd uri
check_readme_html uri
check_release_notes_txt uri
+ check_change_log_txt uri
if common_files
puts ''
puts 'Checking for common files (this will take a few minutes)...'
check_common uri
@@ -67,11 +70,11 @@
def self.check_sitemap(uri)
check_path(uri, '/sitemap.xml', false)
end
def self.check_wsftp_log(uri)
- #check both upper and lower, as they are both seen in the wild
+ # check both upper and lower, as they are both seen in the wild
check_path(uri, '/WS_FTP.LOG', false)
check_path(uri, '/ws_ftp.log', false)
end
def self.check_trace_axd(uri)
@@ -89,10 +92,15 @@
def self.check_release_notes_txt(uri)
check_path(uri, '/RELEASE-NOTES.txt', false)
check_path(uri, '/docs/RELEASE-NOTES.txt', false)
end
+ def self.check_change_log_txt(uri)
+ check_path(uri, '/CHANGELOG.txt', false)
+ check_path(uri, '/core/CHANGELOG.txt', false)
+ end
+
def self.check_common(uri)
begin
@search_list = []
File.open(File.dirname(__FILE__) + '/../../../resources/common_file.txt', 'r') do |f|
@@ -103,11 +111,11 @@
pool_size = 16
@jobs = Queue.new
@results = Queue.new
- #load the queue, starting at /
+ # load the queue, starting at /
base = uri.copy
base.path = '/'
load_queue base
workers = (pool_size).times.map do
@@ -123,23 +131,23 @@
end
results = Thread.new do
begin
while true
- if @results.length > 0
+ if @results.length.positive?
out = @results.pop(true)
Yawast::Utilities.puts_info out
end
end
- rescue ThreadError
- #do nothing
+ rescue ThreadError # rubocop:disable Lint/HandleExceptions
+ # do nothing
end
end
workers.map(&:join)
results.terminate
- rescue => e
+ rescue => e # rubocop:disable Style/RescueStandardError
Yawast::Utilities.puts_error "Error searching for files (#{e.message})"
end
end
def self.load_queue(uri)
@@ -147,14 +155,14 @@
check = uri.copy
begin
check.path = "/#{line}"
- #add the job to the queue
+ # add the job to the queue
@jobs.push check
- rescue
- #who cares
+ rescue # rubocop:disable Lint/HandleExceptions
+ # who cares
end
end
end
def self.process(uri)
@@ -163,10 +171,10 @@
if res.code == '200'
@results.push "'#{uri.path}' found: #{uri}"
Yawast::Shared::Output.log_append_value 'http', 'http_file', uri
end
- rescue => e
+ rescue => e # rubocop:disable Style/RescueStandardError
unless e.message.include?('end of file') || e.message.include?('getaddrinfo')
Yawast::Utilities.puts_error "Error searching for file '#{uri.path}' (#{e.message})"
end
end
end