Class: WPScan::DB::Updater

Inherits:

Object

• Object
• WPScan::DB::Updater

Defined in:

lib/wpscan/db/updater.rb

Overview

Class used to perform DB updates :nocov:

Constant Summary

FILES =

/!\ Might want to also update the Enumeration#cli_options when some filenames are changed here

%w[
  plugins.json themes.json wordpresses.json
  timthumbs-v3.txt config_backups.txt db_exports.txt
  dynamic_finders.yml wp_fingerprints.json LICENSE
].freeze

OLD_FILES =

%w[wordpress.db user-agents.txt dynamic_finders_01.yml].freeze

Instance Attribute Summary

• #repo_directory ⇒ Object readonly

  Returns the value of attribute repo_directory.

Instance Method Summary

• #backup_file_path(filename) ⇒ String
• #create_backup(filename) ⇒ Object
• #delete_backup(filename) ⇒ Object
• #delete_old_files ⇒ Object

  Removes DB files which are no longer used this doesn’t raise errors if they don’t exist.

• #download(filename) ⇒ String

  The checksum of the downloaded file.

• #initialize(repo_directory) ⇒ Updater constructor

  A new instance of Updater.

• #last_update ⇒ Time^?
• #last_update_file ⇒ String
• #local_file_checksum(filename) ⇒ Object
• #local_file_path(filename) ⇒ String
• #missing_files? ⇒ Boolean
• #outdated? ⇒ Boolean
• #remote_file_checksum(filename) ⇒ String

  The checksum of the associated remote filename.

• #remote_file_url(filename) ⇒ String

  The raw file URL associated with the given filename.

• #request_params ⇒ Hash

  The params for Typhoeus::Request.

• #restore_backup(filename) ⇒ Object
• #update ⇒ Array<String>

  The filenames updated.

Constructor Details

#initialize(repo_directory) ⇒ Updater

Returns a new instance of Updater.

# File 'lib/wpscan/db/updater.rb', line 19

def initialize(repo_directory)
  @repo_directory = Pathname.new(repo_directory).expand_path

  FileUtils.mkdir_p(repo_directory.to_s) unless Dir.exist?(repo_directory.to_s)

  raise "#{repo_directory} is not writable" unless repo_directory.writable?

  delete_old_files
end

Instance Attribute Details

#repo_directory ⇒ Object (readonly)

Returns the value of attribute repo_directory.

# File 'lib/wpscan/db/updater.rb', line 17

def repo_directory
  @repo_directory
end

Instance Method Details

#backup_file_path(filename) ⇒ String

Returns:

• (String)

# File 'lib/wpscan/db/updater.rb', line 101

def backup_file_path(filename)
  repo_directory.join("#{filename}.back").to_s
end

#create_backup(filename) ⇒ Object

# File 'lib/wpscan/db/updater.rb', line 105

def create_backup(filename)
  return unless File.exist?(local_file_path(filename))

  FileUtils.cp(local_file_path(filename), backup_file_path(filename))
end

#delete_backup(filename) ⇒ Object

# File 'lib/wpscan/db/updater.rb', line 117

def delete_backup(filename)
  FileUtils.rm(backup_file_path(filename))
end

#delete_old_files ⇒ Object

Removes DB files which are no longer used this doesn’t raise errors if they don’t exist

# File 'lib/wpscan/db/updater.rb', line 31

def delete_old_files
  OLD_FILES.each do |old_file|
    FileUtils.remove_file(local_file_path(old_file), true)
  end
end

#download(filename) ⇒ String

Returns The checksum of the downloaded file.

Returns:

• (String) —

  The checksum of the downloaded file

Raises:

• (Error::Download)

# File 'lib/wpscan/db/updater.rb', line 122

def download(filename)
  file_path = local_file_path(filename)
  file_url  = remote_file_url(filename)

  res = Browser.get(file_url, request_params)
  raise Error::Download, res if res.timed_out? || res.code != 200

  File.open(file_path, 'wb') { |f| f.write(res.body) }

  local_file_checksum(filename)
end

#last_update ⇒ Time^?

Returns:

• (Time, nil)

# File 'lib/wpscan/db/updater.rb', line 38

def last_update
  Time.parse(File.read(last_update_file))
rescue ArgumentError, Errno::ENOENT
  nil # returns nil if the file does not exist or contains invalid time data
end

#last_update_file ⇒ String

Returns:

• (String)

# File 'lib/wpscan/db/updater.rb', line 45

def last_update_file
  @last_update_file ||= repo_directory.join('.last_update').to_s
end

#local_file_checksum(filename) ⇒ Object

# File 'lib/wpscan/db/updater.rb', line 96

def local_file_checksum(filename)
  Digest::SHA512.file(local_file_path(filename)).hexdigest
end

#local_file_path(filename) ⇒ String

Returns:

• (String)

# File 'lib/wpscan/db/updater.rb', line 92

def local_file_path(filename)
  repo_directory.join(filename.to_s).to_s
end

#missing_files? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/wpscan/db/updater.rb', line 57

def missing_files?
  FILES.each do |file|
    return true unless File.exist?(repo_directory.join(file))
  end
  false
end

#outdated? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/wpscan/db/updater.rb', line 50

def outdated?
  date = last_update

  date.nil? || date < 5.days.ago
end

#remote_file_checksum(filename) ⇒ String

Returns The checksum of the associated remote filename.

Returns:

• (String) —

  The checksum of the associated remote filename

Raises:

• (Error::Download)

# File 'lib/wpscan/db/updater.rb', line 82

def remote_file_checksum(filename)
  url = "#{remote_file_url(filename)}.sha512"

  res = Browser.get(url, request_params)
  raise Error::Download, res if res.timed_out? || res.code != 200

  res.body.chomp
end

#remote_file_url(filename) ⇒ String

Returns The raw file URL associated with the given filename.

Returns:

• (String) —

  The raw file URL associated with the given filename

# File 'lib/wpscan/db/updater.rb', line 77

def remote_file_url(filename)
  "https://data.wpscan.org/#{filename}"
end

#request_params ⇒ Hash

Note:

Those params can’t be overriden by CLI options

Returns The params for Typhoeus::Request.

Returns:

• (Hash) —

  The params for Typhoeus::Request

# File 'lib/wpscan/db/updater.rb', line 66

def request_params
  @request_params ||= {
    timeout: 600,
    connecttimeout: 300,
    accept_encoding: 'gzip, deflate',
    cache_ttl: 0,
    headers: { 'User-Agent' => Browser.instance.default_user_agent }
  }
end

#restore_backup(filename) ⇒ Object

# File 'lib/wpscan/db/updater.rb', line 111

def restore_backup(filename)
  return unless File.exist?(backup_file_path(filename))

  FileUtils.cp(backup_file_path(filename), local_file_path(filename))
end

#update ⇒ Array<String>

Returns The filenames updated.

Returns:

• (Array<String>) —

  The filenames updated

# File 'lib/wpscan/db/updater.rb', line 135

def update
  updated = []

  FILES.each do |filename|
    begin
      db_checksum = remote_file_checksum(filename)

      # Checking if the file needs to be updated
      next if File.exist?(local_file_path(filename)) && db_checksum == local_file_checksum(filename)

      create_backup(filename)
      dl_checksum = download(filename)

      raise "#{filename}: checksums do not match" unless dl_checksum == db_checksum

      updated << filename
    rescue StandardError => e
      restore_backup(filename)
      raise e
    ensure
      delete_backup(filename) if File.exist?(backup_file_path(filename))
    end
  end

  File.write(last_update_file, Time.now)

  updated
end