Fixes regexp perf

wpscanteam · Jul 31, 2019 · 8b67dad · 8b67dad
1 parent 53fdac1
commit 8b67dad
Show file tree

Hide file tree

Showing 11 changed files with 12 additions and 12 deletions.
diff --git a/app/finders/db_exports/known_locations.rb b/app/finders/db_exports/known_locations.rb
@@ -20,9 +20,9 @@ def aggressive(opts = {})
 
           enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
             if res.effective_url.end_with?('.zip')
-              next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
+              next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
             else
-              next unless res.body =~ SQL_PATTERN
+              next unless SQL_PATTERN.match?(res.body)
             end
 
             found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)

diff --git a/app/finders/interesting_findings/duplicator_installer_log.rb b/app/finders/interesting_findings/duplicator_installer_log.rb
@@ -9,7 +9,7 @@ class DuplicatorInstallerLog < CMSScanner::Finders::Finder
         def aggressive(_opts = {})
           path = 'installer-log.txt'
 
-          return unless target.head_and_get(path).body =~ /DUPLICATOR INSTALL-LOG/
+          return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)
 
           Model::DuplicatorInstallerLog.new(
             target.url(path),

diff --git a/app/finders/interesting_findings/mu_plugins.rb b/app/finders/interesting_findings/mu_plugins.rb
@@ -10,7 +10,7 @@ def passive(_opts = {})
           pattern = %r{#{target.content_dir}/mu\-plugins/}i
 
           target.in_scope_uris(target.homepage_res) do |uri|
-            next unless uri.path =~ pattern
+            next unless uri.path&.match?(pattern)
 
             url = target.url('wp-content/mu-plugins/')
 

diff --git a/app/finders/interesting_findings/upload_sql_dump.rb b/app/finders/interesting_findings/upload_sql_dump.rb
@@ -12,7 +12,7 @@ def aggressive(_opts = {})
           path = 'wp-content/uploads/dump.sql'
           res  = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })
 
-          return unless res.body =~ SQL_PATTERN
+          return unless SQL_PATTERN.match?(res.body)
 
           Model::UploadSQLDump.new(
             target.url(path),

diff --git a/app/finders/plugin_version/readme.rb b/app/finders/plugin_version/readme.rb
@@ -52,7 +52,7 @@ def from_stable_tag(body)
 
           number = Regexp.last_match[1]
 
-          number if number =~ /[0-9]+/
+          number if /[0-9]+/.match?(number)
         end
 
         # @param [ String ] body

diff --git a/app/finders/plugins/body_pattern.rb b/app/finders/plugins/body_pattern.rb
@@ -15,7 +15,7 @@ class BodyPattern < Finders::DynamicFinder::WpItems::Finder
         #
         # @return [ Plugin ] The detected plugin in the response, related to the config
         def process_response(opts, response, slug, klass, config)
-          return unless response.body =~ config['pattern']
+          return unless response.body&.match?(config['pattern'])
 
           Model::Plugin.new(
             slug,

diff --git a/app/finders/plugins/comment.rb b/app/finders/plugins/comment.rb
@@ -18,7 +18,7 @@ def process_response(opts, response, slug, klass, config)
           response.html.xpath(config['xpath'] || '//comment()').each do |node|
             comment = node.text.to_s.strip
 
-            next unless comment =~ config['pattern']
+            next unless comment&.match?(config['pattern'])
 
             return Model::Plugin.new(
               slug,

diff --git a/app/finders/timthumbs/known_locations.rb b/app/finders/timthumbs/known_locations.rb
@@ -22,7 +22,7 @@ def aggressive(opts = {})
           found = []
 
           enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
-            next unless res.body =~ /no image specified/i
+            next unless /no image specified/i.match?(res.body)
 
             found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
           end

diff --git a/app/finders/users/login_error_messages.rb b/app/finders/users/login_error_messages.rb
@@ -24,7 +24,7 @@ def aggressive(opts = {})
 
             return found if error.empty? # Protection plugin / error disabled
 
-            next unless error =~ /The password you entered for the username|Incorrect Password/i
+            next unless /The password you entered for the username|Incorrect Password/i.match?(error)
 
             found << Model::User.new(username, found_by: found_by, confidence: 100)
           end

diff --git a/lib/wpscan/helper.rb b/lib/wpscan/helper.rb
@@ -14,7 +14,7 @@ def read_json_file(file)
 # @return [ Symbol ]
 def classify_slug(slug)
   classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/\-{1,}/, '_').camelize.to_s
-  classified = "D_#{classified}" if classified[0] =~ /\d/
+  classified = "D_#{classified}" if /\d/.match?(classified[0])
 
   classified.to_sym
 end
diff --git a/lib/wpscan/target/platform/wordpress.rb b/lib/wpscan/target/platform/wordpress.rb
@@ -29,7 +29,7 @@ def wordpress?(detection_mode)
           end
 
           homepage_res.html.css('meta[name="generator"]').each do |node|
-            return true if node['content'] =~ /wordpress/i
+            return true if /wordpress/i.match?(node['content'])
           end
 
           return true unless comments_from_page(/wordpress/i, homepage_res).empty?