Class: DbUpdater

Inherits:
Object
  • Object
show all
Defined in:
lib/common/db_updater.rb

Overview

DB Updater

Constant Summary collapse

FILES =
%w(
local_vulnerable_files.xml local_vulnerable_files.xsd
plugins_full.txt plugins.txt themes_full.txt themes.txt
timthumbs.txt user-agents.txt wp_versions.xml wp_versions.xsd
plugin_vulns.json theme_vulns.json wp_vulns.json

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(repo_directory) ⇒ DbUpdater

Returns a new instance of DbUpdater


14
15
16
17
18
19
# File 'lib/common/db_updater.rb', line 14

def initialize(repo_directory)
  @repo_directory = repo_directory

  fail "#{repo_directory} is not writable" unless \
    Pathname.new(repo_directory).writable?
end

Instance Attribute Details

#repo_directoryObject (readonly)

Returns the value of attribute repo_directory


12
13
14
# File 'lib/common/db_updater.rb', line 12

def repo_directory
  @repo_directory
end

Instance Method Details

#backup_file_path(filename) ⇒ Object


51
52
53
# File 'lib/common/db_updater.rb', line 51

def backup_file_path(filename)
  File.join(repo_directory, "#{filename}.back")
end

#create_backup(filename) ⇒ Object


55
56
57
58
# File 'lib/common/db_updater.rb', line 55

def create_backup(filename)
  return unless File.exist?(local_file_path(filename))
  FileUtils.cp(local_file_path(filename), backup_file_path(filename))
end

#delete_backup(filename) ⇒ Object


65
66
67
# File 'lib/common/db_updater.rb', line 65

def delete_backup(filename)
  FileUtils.rm(backup_file_path(filename))
end

#download(filename) ⇒ String

Returns The checksum of the downloaded file

Returns:

  • (String)

    The checksum of the downloaded file


70
71
72
73
74
75
76
77
78
79
# File 'lib/common/db_updater.rb', line 70

def download(filename)
  file_path = local_file_path(filename)
  file_url  = remote_file_url(filename)

  res = Browser.get(file_url, request_params)
  fail "Error while downloading #{file_url}" unless res.code == 200
  File.open(file_path, 'wb') { |f| f.write(res.body) }

  local_file_checksum(filename)
end

#local_file_checksum(filename) ⇒ Object


47
48
49
# File 'lib/common/db_updater.rb', line 47

def local_file_checksum(filename)
  Digest::SHA512.file(local_file_path(filename)).hexdigest
end

#local_file_path(filename) ⇒ Object


43
44
45
# File 'lib/common/db_updater.rb', line 43

def local_file_path(filename)
  File.join(repo_directory, "#{filename}")
end

#remote_file_checksum(filename) ⇒ String

Returns The checksum of the associated remote filename

Returns:

  • (String)

    The checksum of the associated remote filename


35
36
37
38
39
40
41
# File 'lib/common/db_updater.rb', line 35

def remote_file_checksum(filename)
  url = "#{remote_file_url(filename)}.sha512"

  res = Browser.get(url, request_params)
  fail "Unable to get #{url}" unless res.code == 200
  res.body
end

#remote_file_url(filename) ⇒ String

Returns The raw file URL associated with the given filename

Returns:

  • (String)

    The raw file URL associated with the given filename


30
31
32
# File 'lib/common/db_updater.rb', line 30

def remote_file_url(filename)
  "https://raw.githubusercontent.com/wpscanteam/vulndb/master/#{filename}"
end

#request_paramsHash

Returns The params for Typhoeus::Request

Returns:

  • (Hash)

    The params for Typhoeus::Request


22
23
24
25
26
27
# File 'lib/common/db_updater.rb', line 22

def request_params
  {
    ssl_verifyhost: 2,
    ssl_verifypeer: true
  }
end

#restore_backup(filename) ⇒ Object


60
61
62
63
# File 'lib/common/db_updater.rb', line 60

def restore_backup(filename)
  return unless File.exist?(backup_file_path(filename))
  FileUtils.cp(backup_file_path(filename), local_file_path(filename))
end

#update(verbose = false) ⇒ Object


81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# File 'lib/common/db_updater.rb', line 81

def update(verbose = false)
  FILES.each do |filename|
    begin
      puts "[+] Checking #{filename}" if verbose
      db_checksum = remote_file_checksum(filename)

      # Checking if the file needs to be updated
      if File.exist?(local_file_path(filename)) && db_checksum == local_file_checksum(filename)
        puts '  [i] Already Up-To-Date' if verbose
        next
      end

      puts '  [i] Needs to be updated' if verbose
      create_backup(filename)
      puts '  [i] Backup Created' if verbose
      puts '  [i] Downloading new file' if verbose
      dl_checksum = download(filename)
      puts "  [i] Downloaded File Checksum: #{dl_checksum}" if verbose

      unless dl_checksum == db_checksum
        fail "#{filename}: checksums do not match"
      end
    rescue => e
      puts '  [i] Restoring Backup due to error' if verbose
      restore_backup(filename)
      raise e
    ensure
      if File.exist?(backup_file_path(filename))
        puts '  [i] Deleting Backup' if verbose
        delete_backup(filename)
      end
    end
  end
end