Class: WPScan::Theme

Inherits:

WpItem

• Object
• WpItem
• WPScan::Theme

Defined in:

app/models/theme.rb

Overview

WordPress Theme

Constant Summary

Constants inherited from WpItem

WpItem::CHANGELOGS, WpItem::READMES

Instance Attribute Summary

• #author ⇒ Object readonly

  Returns the value of attribute author.

• #author_uri ⇒ Object readonly

  Returns the value of attribute author_uri.

• #description ⇒ Object readonly

  Returns the value of attribute description.

• #license ⇒ Object readonly

  Returns the value of attribute license.

• #license_uri ⇒ Object readonly

  Returns the value of attribute license_uri.

• #style_name ⇒ Object readonly

  Returns the value of attribute style_name.

• #style_uri ⇒ Object readonly

  Returns the value of attribute style_uri.

• #style_url ⇒ Object readonly

  Returns the value of attribute style_url.

• #tags ⇒ Object readonly

  Returns the value of attribute tags.

• #template ⇒ Object readonly

  Returns the value of attribute template.

• #text_domain ⇒ Object readonly

  Returns the value of attribute text_domain.

Attributes inherited from WpItem

#detection_opts, #name, #target, #uri

Instance Method Summary

• #==(other) ⇒ Object
• #db_data ⇒ JSON
• #initialize(name, target, opts = {}) ⇒ Theme constructor

  See WpItem.

• #parent_theme ⇒ Theme
• #parent_themes(depth = 3) ⇒ Object
• #parse_style ⇒ Object
• #parse_style_tag(body, tag) ⇒ String
• #style_body ⇒ Object
• #version(opts = {}) ⇒ WPScan::Version, false

Methods inherited from WpItem

#changelog_url, #classify_name, #directory_listing?, #error_log?, #last_updated, #latest_version, #outdated?, #popular?, #readme_url, #to_s, #url, #vulnerabilities, #vulnerable_to?

Methods included from Vulnerable

#vulnerable?

Constructor Details

#initialize(name, target, opts = {}) ⇒ Theme

See WpItem

# File 'app/models/theme.rb', line 8

def initialize(name, target, opts = {})
  super(name, target, opts)

  @uri       = Addressable::URI.parse(target.url("wp-content/themes/#{name}/"))
  @style_url = opts[:style_url] || url('style.css')

  parse_style
end

Instance Attribute Details

#author ⇒ Object (readonly)

Returns the value of attribute author.

# File 'app/models/theme.rb', line 4

def author
  @author
end

#author_uri ⇒ Object (readonly)

Returns the value of attribute author_uri.

# File 'app/models/theme.rb', line 4

def author_uri
  @author_uri
end

#description ⇒ Object (readonly)

Returns the value of attribute description.

# File 'app/models/theme.rb', line 4

def description
  @description
end

#license ⇒ Object (readonly)

Returns the value of attribute license.

# File 'app/models/theme.rb', line 4

def license
  @license
end

#license_uri ⇒ Object (readonly)

Returns the value of attribute license_uri.

# File 'app/models/theme.rb', line 4

def license_uri
  @license_uri
end

#style_name ⇒ Object (readonly)

Returns the value of attribute style_name.

# File 'app/models/theme.rb', line 4

def style_name
  @style_name
end

#style_uri ⇒ Object (readonly)

Returns the value of attribute style_uri.

# File 'app/models/theme.rb', line 4

def style_uri
  @style_uri
end

#style_url ⇒ Object (readonly)

Returns the value of attribute style_url.

# File 'app/models/theme.rb', line 4

def style_url
  @style_url
end

#tags ⇒ Object (readonly)

Returns the value of attribute tags.

# File 'app/models/theme.rb', line 4

def tags
  @tags
end

#template ⇒ Object (readonly)

Returns the value of attribute template.

# File 'app/models/theme.rb', line 4

def template
  @template
end

#text_domain ⇒ Object (readonly)

Returns the value of attribute text_domain.

# File 'app/models/theme.rb', line 4

def text_domain
  @text_domain
end

Instance Method Details

#==(other) ⇒ Object

# File 'app/models/theme.rb', line 95

def ==(other)
  super(other) && style_url == other.style_url
end

#db_data ⇒ JSON

Returns:

• (JSON)

# File 'app/models/theme.rb', line 18

def db_data
  DB::Theme.db_data(name)
end

#parent_theme ⇒ Theme

Returns:

• (Theme)

# File 'app/models/theme.rb', line 32

def parent_theme
  return unless template
  return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i

  opts = detection_opts.merge(
    style_url: url(Regexp.last_match[1]),
    found_by: 'Parent Themes (Passive Detection)',
    confidence: 100
  )

  self.class.new(template, target, opts)
end

#parent_themes(depth = 3) ⇒ Object

Parameters:

• depth (Integer) (defaults to: 3)

# File 'app/models/theme.rb', line 48

def parent_themes(depth = 3)
  theme  = self
  found  = []

  (1..depth).each do |_|
    parent = theme.parent_theme

    break unless parent

    found << parent
    theme = parent
  end

  found
end

#parse_style ⇒ Object

# File 'app/models/theme.rb', line 68

def parse_style
  {
    style_name: 'Theme Name',
    style_uri: 'Theme URI',
    author: 'Author',
    author_uri: 'Author URI',
    template: 'Template',
    description: 'Description',
    license: 'License',
    license_uri: 'License URI',
    tags: 'Tags',
    text_domain: 'Text Domain'
  }.each do |attribute, tag|
    instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
  end
end

#parse_style_tag(body, tag) ⇒ String

Parameters:

• bofy (String)
• tag (String)

Returns:

• (String)

# File 'app/models/theme.rb', line 89

def parse_style_tag(body, tag)
  value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]

  value && !value.strip.empty? ? value.strip : nil
end

#style_body ⇒ Object

# File 'app/models/theme.rb', line 64

def style_body
  @style_body ||= Browser.get(style_url).body
end

#version(opts = {}) ⇒ WPScan::Version, false

Parameters:

• opts (Hash) (defaults to: {})

Returns:

• (WPScan::Version, false)

# File 'app/models/theme.rb', line 25

def version(opts = {})
  @version = Finders::ThemeVersion::Base.find(self, detection_opts.merge(opts)) if @version.nil?

  @version
end