SamJoan
commented
5 years ago Hi @chalizard97
Thanks for your contribution!
I am willing to accept this pull request provided that you implement a couple of unit tests for it. The reason I ask for these is that I need some way of verifying that the functionality you implemented is still working once I release a new version of droopescan. Unit tests help me in this way by detecting simple errors.
I noticed the current integration tests are currently failing. I think that it's because a dependency has not been added to the setup.py file or requirements.txt.
Thanks! Pedro
We add new plugins Detect_CVE in droopescan/dscan/plugins/Detect_CVE to detect 2 widely know CVE of Drupal CVE-2018-7600 and CVE-2019-6340
It automatically add new feature when scan a drupal CMS to check whether it is vulnerable to either of 2 these 2 CVEs or not.
How it works: Just run a normally drupal scan command: droopescan scan drupal -u https://example.com
It will return right before themes found:
example.com | VULNERABLE | CVE-2018-7600 example.com | NOT VULNERABLE | CVE-2019-6340