Class: WPScan::DB::VulnApi

Inherits:

Object

Object
WPScan::DB::VulnApi

show all

Defined in:: lib/wpscan/db/vuln_api.rb

Overview

WPVulnDB API

Constant Summary collapse

NON_ERROR_CODES =

[200, 401].freeze

Class Attribute Summary collapse

.token ⇒ Object

Returns the value of attribute token.

Class Method Summary collapse

Class Attribute Details

.token ⇒ `Object`

Returns the value of attribute token.



10
11
12

# File 'lib/wpscan/db/vuln_api.rb', line 10

def token
  @token
end

Class Method Details

.default_request_params ⇒ `Hash`

Note:

Those params can not be overriden by CLI options

Returns:

(Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 70

def self.default_request_params
  Browser.instance.default_connect_request_params.merge(
    headers: {
      'User-Agent' => Browser.instance.default_user_agent,
      'Authorization' => "Token token=#{token}"
    }
  )
end

.get(path, params = {}) ⇒ `Hash`

Parameters:

path (String)
params (Hash) (defaults to: {})

Returns:

(Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 22

def self.get(path, params = {})
  return {} unless token
  return {} if path.end_with?('/latest') # Remove this when api/v4 is up

  # Typhoeus.get is used rather than Browser.get to avoid merging irrelevant params from the CLI
  res = Typhoeus.get(uri.join(path), default_request_params.merge(params))

  return {} if res.code == 404 # This is for API inconsistencies when dots in path
  return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)

  raise Error::HTTP, res
rescue Error::HTTP => e
  retries ||= 0

  if (retries += 1) <= 3
    sleep(1)
    retry
  end

  { 'http_error' => e }
end

.plugin_data(slug) ⇒ `Hash`

Returns:

(Hash)



45
46
47

# File 'lib/wpscan/db/vuln_api.rb', line 45

def self.plugin_data(slug)
  get("plugins/#{slug}")&.dig(slug) || {}
end

.status ⇒ `Hash`

Returns:

(Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 60

def self.status
  json = get('status', params: { version: WPScan::VERSION }, cache_ttl: 0)

  json['requests_remaining'] = 'Unlimited' if json['requests_remaining'] == -1

  json
end

.theme_data(slug) ⇒ `Hash`

Returns:

(Hash)



50
51
52

# File 'lib/wpscan/db/vuln_api.rb', line 50

def self.theme_data(slug)
  get("themes/#{slug}")&.dig(slug) || {}
end

.uri ⇒ `Addressable::URI`

Returns:

(Addressable::URI)



14
15
16

# File 'lib/wpscan/db/vuln_api.rb', line 14

def self.uri
  @uri ||= Addressable::URI.parse('https://wpscan.com/api/v3/')
end

.wordpress_data(version_number) ⇒ `Hash`

Returns:

(Hash)



55
56
57

# File 'lib/wpscan/db/vuln_api.rb', line 55

def self.wordpress_data(version_number)
  get("wordpresses/#{version_number.tr('.', '')}")&.dig(version_number) || {}
end

Class: WPScan::DB::VulnApi

Overview

Constant Summary collapse

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.token ⇒ Object

Class Method Details

.default_request_params ⇒ Hash

.get(path, params = {}) ⇒ Hash

.plugin_data(slug) ⇒ Hash

.status ⇒ Hash

.theme_data(slug) ⇒ Hash

.uri ⇒ Addressable::URI

.wordpress_data(version_number) ⇒ Hash

.token ⇒ `Object`

.default_request_params ⇒ `Hash`

.get(path, params = {}) ⇒ `Hash`

.plugin_data(slug) ⇒ `Hash`

.status ⇒ `Hash`

.theme_data(slug) ⇒ `Hash`

.uri ⇒ `Addressable::URI`

.wordpress_data(version_number) ⇒ `Hash`