ronin-rb / ronin-vulns

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
https://ronin-rb.dev
GNU Lesser General Public License v3.0
63 stars 16 forks source link

Eventually re-add jruby support #2

Open postmodern opened 2 years ago

postmodern commented 2 years ago

Once JRuby adds support for Ruby 3.0, it can be added to the CI matrix.

postmodern commented 1 year ago

Blocked by a weird JRuby Zlib error that is being worked on upstream.

  1) Ronin::Vulns::LFI#vulnerable? when #filter_bypass is :zlib and when the response does not contain the included Base64 + Zlib compressed /etc/passwd file but when the response contains other Base64 strings must return false
     Failure/Error: Compression.zlib_inflate(Base64.decode64(string)) =~ @test_file

     Zlib::BufError:
       buffer error
     # /data/home/postmodern/code/ronin-rb/vendor/bundle/jruby/3.1.0/gems/ronin-support-1.0.0/lib/ronin/support/compression/zlib.rb:54:in `inflate'
     # /data/home/postmodern/code/ronin-rb/vendor/bundle/jruby/3.1.0/gems/ronin-support-1.0.0/lib/ronin/support/compression.rb:58:in `zlib_inflate'
     # ./lib/ronin/vulns/lfi.rb:238:in `block in vulnerable?'
     # ./lib/ronin/vulns/lfi.rb:236:in `vulnerable?'
     # ./spec/lfi_spec.rb:606:in `block in <main>'
     # /data/home/postmodern/code/ronin-rb/vendor/bundle/jruby/3.1.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block in <main>'