Class: WPScan::DB::VulnApi

Inherits:

Object

Object
WPScan::DB::VulnApi

show all

Defined in:: lib/wpscan/db/vuln_api.rb

Overview

WPVulnDB API

Constant Summary collapse

NON_ERROR_CODES =

[200, 401].freeze

Class Attribute Summary collapse

.token ⇒ Object

Returns the value of attribute token.

Class Method Summary collapse

Class Attribute Details

.token ⇒ `Object`

Returns the value of attribute token.



10
11
12

# File 'lib/wpscan/db/vuln_api.rb', line 10

def token
  @token
end

Class Method Details

.get(path, params = {}) ⇒ `Hash`

Parameters:

path (String)
params (Hash) (defaults to: {})

Returns:

(Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 22

def self.get(path, params = {})
  return {} unless token

  res = Browser.get(uri.join(path), params.merge(request_params))

  return {} if res.code == 404 # This is for API inconsistencies when dots in path
  return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)

  raise Error::HTTP, res
rescue Error::HTTP => e
  retries ||= 0

  if (retries += 1) <= 3
    sleep(1)
    retry
  end

  { 'http_error' => e }
end

.plugin_data(slug) ⇒ `Hash`

Returns:

(Hash)



43
44
45

# File 'lib/wpscan/db/vuln_api.rb', line 43

def self.plugin_data(slug)
  get("plugins/#{slug}")&.dig(slug) || {}
end

.request_params ⇒ `Hash`

Returns:

(Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 67

def self.request_params
  {
    headers: {
      'Host' => uri.host, # Reset in case user provided a --vhost for the target
      'Referer' => nil, # Removes referer set by the cmsscanner to the target url
      'User-Agent' => Browser.instance.default_user_agent,
      'Authorization' => "Token token=#{token}"
    }
  }
end

.status ⇒ `Hash`

Returns:

(Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 58

def self.status
  json = get('status', params: { version: WPScan::VERSION }, cache_ttl: 0)

  json['requests_remaining'] = 'Unlimited' if json['requests_remaining'] == -1

  json
end

.theme_data(slug) ⇒ `Hash`

Returns:

(Hash)



48
49
50

# File 'lib/wpscan/db/vuln_api.rb', line 48

def self.theme_data(slug)
  get("themes/#{slug}")&.dig(slug) || {}
end

.uri ⇒ `Addressable::URI`

Returns:

(Addressable::URI)



14
15
16

# File 'lib/wpscan/db/vuln_api.rb', line 14

def self.uri
  @uri ||= Addressable::URI.parse('https://wpvulndb.com/api/v3/')
end

.wordpress_data(version_number) ⇒ `Hash`

Returns:

(Hash)



53
54
55

# File 'lib/wpscan/db/vuln_api.rb', line 53

def self.wordpress_data(version_number)
  get("wordpresses/#{version_number.tr('.', '')}")&.dig(version_number) || {}
end

Class: WPScan::DB::VulnApi

Overview

Constant Summary collapse

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.token ⇒ Object

Class Method Details

.get(path, params = {}) ⇒ Hash

.plugin_data(slug) ⇒ Hash

.request_params ⇒ Hash

.status ⇒ Hash

.theme_data(slug) ⇒ Hash

.uri ⇒ Addressable::URI

.wordpress_data(version_number) ⇒ Hash

.token ⇒ `Object`

.get(path, params = {}) ⇒ `Hash`

.plugin_data(slug) ⇒ `Hash`

.request_params ⇒ `Hash`

.status ⇒ `Hash`

.theme_data(slug) ⇒ `Hash`

.uri ⇒ `Addressable::URI`

.wordpress_data(version_number) ⇒ `Hash`