Class: WPScan::Model::WpVersion

Inherits:

CMSScanner::Model::Version

• Object
• CMSScanner::Model::Version
• WPScan::Model::WpVersion

Includes:

Vulnerable

Defined in:

app/models/wp_version.rb

Overview

WP Version

Class Method Summary

• .all ⇒ Array<String>

  All the version numbers.

• .valid?(number) ⇒ Boolean

  True if the number is a valid WP version, false otherwise.

Instance Method Summary

• #db_data ⇒ Hash
• #initialize(number, opts = {}) ⇒ WpVersion constructor

  A new instance of WpVersion.

• #metadata ⇒ Hash

  Retrieve the metadata from the vuln API if available (and a valid token is given), or the local metadata db otherwise.

• #release_date ⇒ String
• #status ⇒ String
• #vulnerabilities ⇒ Array<Vulnerability>

Methods included from Vulnerable

#vulnerable?

Constructor Details

#initialize(number, opts = {}) ⇒ WpVersion

Returns a new instance of WpVersion.

Raises:

• (Error::InvalidWordPressVersion)

# File 'app/models/wp_version.rb', line 9

def initialize(number, opts = {})
  raise Error::InvalidWordPressVersion unless WpVersion.valid?(number.to_s)

  super(number, opts)
end

Class Method Details

.all ⇒ Array<String>

Returns All the version numbers.

Returns:

• (Array<String>) —

  All the version numbers

# File 'app/models/wp_version.rb', line 23

def self.all
  return @all_numbers if @all_numbers

  @all_numbers = []

  DB::Fingerprints.wp_fingerprints.each_value do |fp|
    @all_numbers << fp.values
  end

  # @all_numbers.flatten.uniq.sort! {} doesn't produce the same result here.
  @all_numbers.flatten!
  @all_numbers.uniq!
  @all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }
end

.valid?(number) ⇒ Boolean

Returns true if the number is a valid WP version, false otherwise.

Parameters:

• number (String)

Returns:

• (Boolean) —

  true if the number is a valid WP version, false otherwise

# File 'app/models/wp_version.rb', line 18

def self.valid?(number)
  all.include?(number)
end

Instance Method Details

#db_data ⇒ Hash

Returns:

• (Hash)

# File 'app/models/wp_version.rb', line 46

def db_data
  @db_data ||= DB::VulnApi.wordpress_data(number)
end

#metadata ⇒ Hash

Retrieve the metadata from the vuln API if available (and a valid token is given), or the local metadata db otherwise

Returns:

• (Hash)

# File 'app/models/wp_version.rb', line 41

def metadata
  @metadata ||= db_data.empty? ? DB::Version.metadata_at(number) : db_data
end

#release_date ⇒ String

Returns:

• (String)

# File 'app/models/wp_version.rb', line 64

def release_date
  @release_date ||= metadata['release_date'] || 'Unknown'
end

#status ⇒ String

Returns:

• (String)

# File 'app/models/wp_version.rb', line 69

def status
  @status ||= metadata['status'] || 'Unknown'
end

#vulnerabilities ⇒ Array<Vulnerability>

Returns:

• (Array<Vulnerability>)

# File 'app/models/wp_version.rb', line 51

def vulnerabilities
  return @vulnerabilities if @vulnerabilities

  @vulnerabilities = []

  [*db_data['vulnerabilities']].each do |json_vuln|
    @vulnerabilities << Vulnerability.load_from_json(json_vuln)
  end

  @vulnerabilities
end