Module: CMSScanner::Target::Platform::PHP

Defined in:

lib/cms_scanner/target/platform/php.rb

Overview

Some PHP specific implementation

Constant Summary

DEBUG_LOG_PATTERN =

/(?:\[\d{2}-[a-zA-Z]{3}-\d{4}\s\d{2}:\d{2}:\d{2}\s[A-Z]{3}\]|
PHP\s(?:Fatal|Warning|Strict|Error|Notice):)/x.freeze

FPD_PATTERN =

/Fatal error:.+? in (.+?) on/.freeze

ERROR_LOG_PATTERN =

/PHP Fatal error/i.freeze

Instance Method Summary

• #debug_log?(path, params = {}) ⇒ Boolean

  True if url(path) is a debug log, false otherwise.

• #error_log?(path, params = {}) ⇒ Boolean

  Wether or not url(path) is an error log file.

• #full_path_disclosure?(path = nil, params = {}) ⇒ Boolean

  True if url(path) contains a FPD, false otherwise.

• #full_path_disclosure_entries(path = nil, params = {}) ⇒ Array<String>

  The FPD found, or an empty array if none.

• #log_file?(path, pattern, params = {}) ⇒ Boolean

Instance Method Details

#debug_log?(path, params = {}) ⇒ Boolean

Returns true if url(path) is a debug log, false otherwise.

Parameters:

• path (String)
• params (Hash) (defaults to: {}) —

  The request params

Returns:

• (Boolean) —

  true if url(path) is a debug log, false otherwise

# File 'lib/cms_scanner/target/platform/php.rb', line 30

def debug_log?(path, params = {})
  log_file?(path, DEBUG_LOG_PATTERN, params)
end

#error_log?(path, params = {}) ⇒ Boolean

Returns Wether or not url(path) is an error log file.

Parameters:

• path (String)
• params (Hash) (defaults to: {}) —

  The request params

Returns:

• (Boolean) —

  Wether or not url(path) is an error log file

# File 'lib/cms_scanner/target/platform/php.rb', line 38

def error_log?(path, params = {})
  log_file?(path, ERROR_LOG_PATTERN, params)
end

#full_path_disclosure?(path = nil, params = {}) ⇒ Boolean

Returns true if url(path) contains a FPD, false otherwise.

Parameters:

• path (String) (defaults to: nil)
• params (Hash) (defaults to: {}) —

  The request params

Returns:

• (Boolean) —

  true if url(path) contains a FPD, false otherwise

# File 'lib/cms_scanner/target/platform/php.rb', line 46

def full_path_disclosure?(path = nil, params = {})
  !full_path_disclosure_entries(path, params).empty?
end

#full_path_disclosure_entries(path = nil, params = {}) ⇒ Array<String>

Returns The FPD found, or an empty array if none.

Parameters:

• path (String) (defaults to: nil)
• params (Hash) (defaults to: {}) —

  The request params

Returns:

• (Array<String>) —

  The FPD found, or an empty array if none

# File 'lib/cms_scanner/target/platform/php.rb', line 54

def full_path_disclosure_entries(path = nil, params = {})
  res = NS::Browser.get(url(path), params)

  res.body.scan(FPD_PATTERN).flatten
end

#log_file?(path, pattern, params = {}) ⇒ Boolean

Parameters:

• path (String)
• pattern (Regexp)
• params (Hash) (defaults to: {}) —

  The request params

Returns:

• (Boolean)

# File 'lib/cms_scanner/target/platform/php.rb', line 18

def log_file?(path, pattern, params = {})
  # Only the first 700 bytes of the file are retrieved to avoid getting entire log file
  # which can be huge (~ 2Go)
  res = head_and_get(path, [200], get: params.merge(headers: { 'Range' => 'bytes=0-700' }))

  res.body&.match?(pattern) ? true : false
end