RubyDoc.info: Class: Yawast::Scanner::ObjectPresence – Documentation for yawast (0.2.1)

.check_cross_domain(uri) ⇒ `Object`

# File 'lib/scanner/obj_presence.rb', line 11

def self.check_cross_domain(uri)
  check_path(uri, '/crossdomain.xml', false)
  check_path(uri, '/clientaccesspolicy.xml', false)
end

.check_elmah_axd(uri) ⇒ `Object`



30
31
32

# File 'lib/scanner/obj_presence.rb', line 30

def self.check_elmah_axd(uri)
  check_path(uri, '/elmah.axd', false)
end

.check_path(uri, path, vuln) ⇒ `Object`

# File 'lib/scanner/obj_presence.rb', line 42

def self.check_path(uri, path, vuln)
  #note: this only checks directly at the root, I'm not sure if this is what we want
  # should probably be relative to what's passed in, instead of overriding the path.
  check = uri.copy
  check.path = "#{path}"
  code = Yawast::Shared::Http.get_status_code(check)

  if code == "200"
    msg = "'#{path}' found: #{check}"

    if vuln
      Yawast::Utilities.puts_vuln msg
    else
      Yawast::Utilities.puts_warn msg
    end

    puts ''
  end
end

.check_readme_html(uri) ⇒ `Object`



34
35
36

# File 'lib/scanner/obj_presence.rb', line 34

def self.check_readme_html(uri)
  check_path(uri, '/readme.html', false)
end

.check_release_notes_txt(uri) ⇒ `Object`



38
39
40

# File 'lib/scanner/obj_presence.rb', line 38

def self.check_release_notes_txt(uri)
  check_path(uri, '/RELEASE-NOTES.txt', false)
end

.check_sitemap(uri) ⇒ `Object`



16
17
18

# File 'lib/scanner/obj_presence.rb', line 16

def self.check_sitemap(uri)
  check_path(uri, '/sitemap.xml', false)
end

.check_source_control(uri) ⇒ `Object`

# File 'lib/scanner/obj_presence.rb', line 4

def self.check_source_control(uri)
  check_path(uri, '/.git/', true)
  check_path(uri, '/.hg/', true)
  check_path(uri, '/.svn/', true)
  check_path(uri, '/.bzr/', true)
end

.check_trace_axd(uri) ⇒ `Object`



26
27
28

# File 'lib/scanner/obj_presence.rb', line 26

def self.check_trace_axd(uri)
  check_path(uri, '/Trace.axd', false)
end

.check_wsftp_log(uri) ⇒ `Object`

# File 'lib/scanner/obj_presence.rb', line 20

def self.check_wsftp_log(uri)
  #check both upper and lower, as they are both seen in the wild
  check_path(uri, '/WS_FTP.LOG', false)
  check_path(uri, '/ws_ftp.log', false)
end

Class: Yawast::Scanner::ObjectPresence

Class Method Summary collapse

Class Method Details

.check_cross_domain(uri) ⇒ `Object`

.check_elmah_axd(uri) ⇒ `Object`

.check_path(uri, path, vuln) ⇒ `Object`

.check_readme_html(uri) ⇒ `Object`

.check_release_notes_txt(uri) ⇒ `Object`

.check_sitemap(uri) ⇒ `Object`

.check_source_control(uri) ⇒ `Object`

.check_trace_axd(uri) ⇒ `Object`

.check_wsftp_log(uri) ⇒ `Object`

Class: Yawast::Scanner::ObjectPresence

Class Method Summary collapse

Class Method Details

.check_cross_domain(uri) ⇒ Object

.check_elmah_axd(uri) ⇒ Object

.check_path(uri, path, vuln) ⇒ Object

.check_readme_html(uri) ⇒ Object

.check_release_notes_txt(uri) ⇒ Object

.check_sitemap(uri) ⇒ Object

.check_source_control(uri) ⇒ Object

.check_trace_axd(uri) ⇒ Object

.check_wsftp_log(uri) ⇒ Object

.check_cross_domain(uri) ⇒ `Object`

.check_elmah_axd(uri) ⇒ `Object`

.check_path(uri, path, vuln) ⇒ `Object`

.check_readme_html(uri) ⇒ `Object`

.check_release_notes_txt(uri) ⇒ `Object`

.check_sitemap(uri) ⇒ `Object`

.check_source_control(uri) ⇒ `Object`

.check_trace_axd(uri) ⇒ `Object`

.check_wsftp_log(uri) ⇒ `Object`