forked from securityroots/dradispro-scripting
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfind_xss.rb
More file actions
38 lines (34 loc) · 1.26 KB
/
find_xss.rb
File metadata and controls
38 lines (34 loc) · 1.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# find_xss.rb - Find projects with XSS Issues in them.
#
# Copyright (C) 2016 Security Roots Ltd.
#
# This file is part of the Dradis Pro Scripting Examples (DPSE) collection.
# The collection can be found at
# https://github.com/securityroots/dradispro-scripting
#
# DPSE free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# DPSE is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with DPSE. If not, see <http://www.gnu.org/licenses/>.
if ARGV.size != 1
puts "Usage:\n\tRAILS_ENV=#{Rails.env} bundle exec rails runner #{$0} <days ago>"
exit 1
end
puts; puts; puts
days_ago = (ARGV.size == 1 ? ARGV[0].to_i : 5).days.ago
Project.where('projects.updated_at >= ?', days_ago).each do |project|
project.issues.each do |issue|
if issue.title =~ /XSS/i
puts "* Project #{project.name} has '#{issue.title}'"
break
end
end
end