Class: WPScan::WpItem

Inherits:

Object

• Object
• WPScan::WpItem

Includes:

CMSScanner::Target::Platform::PHP, CMSScanner::Target::Server::Generic, Finders::Finding, Vulnerable

Defined in:

app/models/wp_item.rb

Overview

WpItem (superclass of Plugin & Theme)

Direct Known Subclasses

DB::Plugin, DB::Theme, Plugin, Theme

Constant Summary

READMES =

%w[readme.txt README.txt README.md readme.md Readme.txt].freeze

CHANGELOGS =

%w[changelog.txt CHANGELOG.md changelog.md].freeze

Instance Attribute Summary

• #blog ⇒ Object readonly

  Returns the value of attribute blog.

• #db_data ⇒ Object readonly

  Returns the value of attribute db_data.

• #detection_opts ⇒ Object readonly

  Returns the value of attribute detection_opts.

• #slug ⇒ Object readonly

  Returns the value of attribute slug.

• #uri ⇒ Object readonly

  Returns the value of attribute uri.

• #version_detection_opts ⇒ Object readonly

  Returns the value of attribute version_detection_opts.

Instance Method Summary

• #==(other) ⇒ Boolean
• #changelog_url ⇒ String, false

  The changelog urr if found.

• #classify ⇒ Symbol

  The Class symbol associated to the item.

• #directory_listing?(path = nil, params = {}) ⇒ Boolean
• #error_log?(path = 'error_log', params = {}) ⇒ Boolean
• #initialize(slug, blog, opts = {}) ⇒ WpItem constructor

  A new instance of WpItem.

• #last_updated ⇒ String
• #latest_version ⇒ String
• #outdated? ⇒ Boolean
• #popular? ⇒ Boolean

  Not used anywhere ATM.

• #readme_url ⇒ String

  The readme url if found.

• #to_s ⇒ Object
• #url(path = nil) ⇒ String

  URI.encode is preferered over Addressable::URI.encode as it will encode leading # character: URI.encode(‘#t#’) => %23t%23 Addressable::URI.encode(‘#t#’) => #t%23.

• #vulnerabilities ⇒ Array<Vulnerabily>
• #vulnerable_to?(vuln) ⇒ Boolean

  Checks if the wp_item is vulnerable to a specific vulnerability.

Methods included from Vulnerable

#vulnerable?

Constructor Details

#initialize(slug, blog, opts = {}) ⇒ WpItem

Returns a new instance of WpItem.

Parameters:

• slug (String) —

  The plugin/theme slug

• blog (Target) —

  The targeted blog

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :mode (Symbol) —

  The detection mode to use

• :version_detection (Hash) —

  The options to use when looking for the version

• :url (String) —

  The URL of the item

# File 'app/models/wp_item.rb', line 22

def initialize(slug, blog, opts = {})
  @slug  = URI.decode(slug)
  @blog  = blog
  @uri   = Addressable::URI.parse(opts[:url]) if opts[:url]

  @detection_opts         = { mode: opts[:mode] }
  @version_detection_opts = opts[:version_detection] || {}

  parse_finding_options(opts)
end

Instance Attribute Details

#blog ⇒ Object (readonly)

Returns the value of attribute blog.

# File 'app/models/wp_item.rb', line 12

def blog
  @blog
end

#db_data ⇒ Object (readonly)

Returns the value of attribute db_data.

# File 'app/models/wp_item.rb', line 12

def db_data
  @db_data
end

#detection_opts ⇒ Object (readonly)

Returns the value of attribute detection_opts.

# File 'app/models/wp_item.rb', line 12

def detection_opts
  @detection_opts
end

#slug ⇒ Object (readonly)

Returns the value of attribute slug.

# File 'app/models/wp_item.rb', line 12

def slug
  @slug
end

#uri ⇒ Object (readonly)

Returns the value of attribute uri.

# File 'app/models/wp_item.rb', line 12

def uri
  @uri
end

#version_detection_opts ⇒ Object (readonly)

Returns the value of attribute version_detection_opts.

# File 'app/models/wp_item.rb', line 12

def version_detection_opts
  @version_detection_opts
end

Instance Method Details

#==(other) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/wp_item.rb', line 99

def ==(other)
  self.class == other.class && slug == other.slug
end

#changelog_url ⇒ String, false

Returns The changelog urr if found.

Returns:

• (String, false) —

  The changelog urr if found

# File 'app/models/wp_item.rb', line 126

def changelog_url
  return if detection_opts[:mode] == :passive

  if @changelog_url.nil?
    CHANGELOGS.each do |path|
      return @changelog_url = url(path) if Browser.get(url(path)).code == 200
    end
  end

  @changelog_url
end

#classify ⇒ Symbol

Returns The Class symbol associated to the item.

Returns:

• (Symbol) —

  The Class symbol associated to the item

# File 'app/models/wp_item.rb', line 108

def classify
  @classify ||= classify_slug(slug)
end

#directory_listing?(path = nil, params = {}) ⇒ Boolean

Parameters:

• path (String) (defaults to: nil)
• params (Hash) (defaults to: {}) —

  The request params

Returns:

• (Boolean)

# File 'app/models/wp_item.rb', line 142

def directory_listing?(path = nil, params = {})
  return if detection_opts[:mode] == :passive

  super(path, params)
end

#error_log?(path = 'error_log', params = {}) ⇒ Boolean

Parameters:

• path (String) (defaults to: 'error_log')
• params (Hash) (defaults to: {}) —

  The request params

Returns:

• (Boolean)

# File 'app/models/wp_item.rb', line 152

def error_log?(path = 'error_log', params = {})
  return if detection_opts[:mode] == :passive

  super(path, params)
end

#last_updated ⇒ String

Returns:

• (String)

# File 'app/models/wp_item.rb', line 70

def last_updated
  @last_updated ||= db_data['last_updated']
end

#latest_version ⇒ String

Returns:

• (String)

# File 'app/models/wp_item.rb', line 59

def latest_version
  @latest_version ||= db_data['latest_version'] ? WPScan::Version.new(db_data['latest_version']) : nil
end

#outdated? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/wp_item.rb', line 75

def outdated?
  @outdated ||= if version && latest_version
                  version < latest_version
                else
                  false
                end
end

#popular? ⇒ Boolean

Not used anywhere ATM

Returns:

• (Boolean)

# File 'app/models/wp_item.rb', line 65

def popular?
  @popular ||= db_data['popular']
end

#readme_url ⇒ String

Returns The readme url if found.

Returns:

• (String) —

  The readme url if found

# File 'app/models/wp_item.rb', line 113

def readme_url
  return if detection_opts[:mode] == :passive

  if @readme_url.nil?
    READMES.each do |path|
      return @readme_url = url(path) if Browser.get(url(path)).code == 200
    end
  end

  @readme_url
end

#to_s ⇒ Object

# File 'app/models/wp_item.rb', line 103

def to_s
  slug
end

#url(path = nil) ⇒ String

URI.encode is preferered over Addressable::URI.encode as it will encode leading # character: URI.encode(‘#t#’) => %23t%23 Addressable::URI.encode(‘#t#’) => #t%23

Parameters:

• path (String) (defaults to: nil) —

  Optional path to merge with the uri

Returns:

• (String)

# File 'app/models/wp_item.rb', line 91

def url(path = nil)
  return unless @uri
  return @uri.to_s unless path

  @uri.join(URI.encode(path)).to_s
end

#vulnerabilities ⇒ Array<Vulnerabily>

Returns:

• (Array<Vulnerabily>)

# File 'app/models/wp_item.rb', line 34

def vulnerabilities
  return @vulnerabilities if @vulnerabilities

  @vulnerabilities = []

  [*db_data['vulnerabilities']].each do |json_vuln|
    vulnerability = Vulnerability.load_from_json(json_vuln)
    @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
  end

  @vulnerabilities
end

#vulnerable_to?(vuln) ⇒ Boolean

Checks if the wp_item is vulnerable to a specific vulnerability

Parameters:

• vuln (Vulnerability) —

  Vulnerability to check the item against

Returns:

• (Boolean)

# File 'app/models/wp_item.rb', line 52

def vulnerable_to?(vuln)
  return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?

  version < vuln.fixed_in
end