From 01cd8350bc2db4b1a56a1e4605c84dd8e52c7190 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Thu, 8 Nov 2018 19:16:47 +0000 Subject: [PATCH] Fixes 1242 --- app/models/wp_version.rb | 5 +++++ app/views/cli/wp_version/version.erb | 2 +- app/views/json/wp_version/version.erb | 1 + spec/app/models/wp_version_spec.rb | 6 ++++++ spec/fixtures/db/wordpresses.json | 5 ++++- spec/output/wp_version/confirmed_multiples.cli_no_colour | 2 +- spec/output/wp_version/confirmed_multiples.json | 1 + spec/output/wp_version/confirmed_one.cli_no_colour | 2 +- spec/output/wp_version/confirmed_one.json | 1 + spec/output/wp_version/not_confirmed_entries.cli_no_colour | 2 +- spec/output/wp_version/not_confirmed_entries.json | 1 + .../wp_version/not_confirmed_no_entries.cli_no_colour | 2 +- spec/output/wp_version/not_confirmed_no_entries.json | 1 + spec/output/wp_version/with_vulns.cli_no_colour | 2 +- spec/output/wp_version/with_vulns.json | 1 + 15 files changed, 27 insertions(+), 7 deletions(-) diff --git a/app/models/wp_version.rb b/app/models/wp_version.rb index 0a817aff..bc153f02 100644 --- a/app/models/wp_version.rb +++ b/app/models/wp_version.rb @@ -55,5 +55,10 @@ module WPScan def release_date @release_date ||= db_data['release_date'] end + + # @return [ String ] + def status + @status ||= db_data['status'] + end end end diff --git a/app/views/cli/wp_version/version.erb b/app/views/cli/wp_version/version.erb index b5397788..f83052ed 100644 --- a/app/views/cli/wp_version/version.erb +++ b/app/views/cli/wp_version/version.erb @@ -1,5 +1,5 @@ <% if @version -%> -<%= info_icon %> WordPress version <%= @version.number %> identified (Released on <%= @version.release_date %>). +<%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.capitalize %>, released on <%= @version.release_date %>). <%= render('@finding', item: @version) -%> <% else -%> <%= notice_icon %> The WordPress version could not be detected. diff --git a/app/views/json/wp_version/version.erb b/app/views/json/wp_version/version.erb index babf139e..fdd2937c 100644 --- a/app/views/json/wp_version/version.erb +++ b/app/views/json/wp_version/version.erb @@ -2,6 +2,7 @@ "version": { "number": <%= @version.number.to_json %>, "release_date": <%= @version.release_date.to_json %>, + "status": <%= @version.status.to_json %>, <%= render('@finding', item: @version) -%> }, <% else -%> diff --git a/spec/app/models/wp_version_spec.rb b/spec/app/models/wp_version_spec.rb index 1c4cbeb6..4923e565 100644 --- a/spec/app/models/wp_version_spec.rb +++ b/spec/app/models/wp_version_spec.rb @@ -92,4 +92,10 @@ describe WPScan::WpVersion do its(:release_date) { should eql '2014-01-23' } end + + describe '#status' do + subject(:version) { described_class.new('3.8.1') } + + its(:status) { should eql 'outdated' } + end end diff --git a/spec/fixtures/db/wordpresses.json b/spec/fixtures/db/wordpresses.json index 197d471e..e29c89f1 100644 --- a/spec/fixtures/db/wordpresses.json +++ b/spec/fixtures/db/wordpresses.json @@ -1,9 +1,11 @@ { "4.0": { - "release_date" : "2014-09-04" + "release_date" : "2014-09-04", + "status": "latest" }, "3.8.1": { "release_date" : "2014-01-23", + "status": "outdated", "vulnerabilities" : [ { "created_at" : "2014-08-01T10:58:19.000Z", @@ -30,6 +32,7 @@ }, "3.8": { "release_date" : "2013-12-12", + "status": "insecure", "vulnerabilities" : [ { "references": { diff --git a/spec/output/wp_version/confirmed_multiples.cli_no_colour b/spec/output/wp_version/confirmed_multiples.cli_no_colour index 75eb1e2b..9eef231e 100644 --- a/spec/output/wp_version/confirmed_multiples.cli_no_colour +++ b/spec/output/wp_version/confirmed_multiples.cli_no_colour @@ -1,4 +1,4 @@ -[+] WordPress version 4.0 identified (Released on 2014-09-04). +[+] WordPress version 4.0 identified (Latest, released on 2014-09-04). | Detected By: rspec | Confirmed By: | Confirmed 1 diff --git a/spec/output/wp_version/confirmed_multiples.json b/spec/output/wp_version/confirmed_multiples.json index bd47879a..8965eb40 100644 --- a/spec/output/wp_version/confirmed_multiples.json +++ b/spec/output/wp_version/confirmed_multiples.json @@ -2,6 +2,7 @@ "version": { "number": "4.0", "release_date": "2014-09-04", + "status": "latest", "found_by": "rspec", "confidence": 0, "interesting_entries": [ diff --git a/spec/output/wp_version/confirmed_one.cli_no_colour b/spec/output/wp_version/confirmed_one.cli_no_colour index 75c89109..cd70774c 100644 --- a/spec/output/wp_version/confirmed_one.cli_no_colour +++ b/spec/output/wp_version/confirmed_one.cli_no_colour @@ -1,4 +1,4 @@ -[+] WordPress version 4.0 identified (Released on 2014-09-04). +[+] WordPress version 4.0 identified (Latest, released on 2014-09-04). | Detected By: rspec | Confirmed By: Confirmed 1 | - IE1 diff --git a/spec/output/wp_version/confirmed_one.json b/spec/output/wp_version/confirmed_one.json index 5d748206..c507d133 100644 --- a/spec/output/wp_version/confirmed_one.json +++ b/spec/output/wp_version/confirmed_one.json @@ -2,6 +2,7 @@ "version": { "number": "4.0", "release_date": "2014-09-04", + "status": "latest", "found_by": "rspec", "confidence": 0, "interesting_entries": [ diff --git a/spec/output/wp_version/not_confirmed_entries.cli_no_colour b/spec/output/wp_version/not_confirmed_entries.cli_no_colour index 6cf39f33..7a6da9ad 100644 --- a/spec/output/wp_version/not_confirmed_entries.cli_no_colour +++ b/spec/output/wp_version/not_confirmed_entries.cli_no_colour @@ -1,4 +1,4 @@ -[+] WordPress version 4.0 identified (Released on 2014-09-04). +[+] WordPress version 4.0 identified (Latest, released on 2014-09-04). | Detected By: rspec | - IE1 | - IE2 diff --git a/spec/output/wp_version/not_confirmed_entries.json b/spec/output/wp_version/not_confirmed_entries.json index 204d071f..e70f1c90 100644 --- a/spec/output/wp_version/not_confirmed_entries.json +++ b/spec/output/wp_version/not_confirmed_entries.json @@ -2,6 +2,7 @@ "version": { "number": "4.0", "release_date": "2014-09-04", + "status": "latest", "found_by": "rspec", "confidence": 0, "interesting_entries": [ diff --git a/spec/output/wp_version/not_confirmed_no_entries.cli_no_colour b/spec/output/wp_version/not_confirmed_no_entries.cli_no_colour index fd5340cb..7d31d51c 100644 --- a/spec/output/wp_version/not_confirmed_no_entries.cli_no_colour +++ b/spec/output/wp_version/not_confirmed_no_entries.cli_no_colour @@ -1,3 +1,3 @@ -[+] WordPress version 4.0 identified (Released on 2014-09-04). +[+] WordPress version 4.0 identified (Latest, released on 2014-09-04). | Detected By: rspec diff --git a/spec/output/wp_version/not_confirmed_no_entries.json b/spec/output/wp_version/not_confirmed_no_entries.json index a7e10916..28f487af 100644 --- a/spec/output/wp_version/not_confirmed_no_entries.json +++ b/spec/output/wp_version/not_confirmed_no_entries.json @@ -2,6 +2,7 @@ "version": { "number": "4.0", "release_date": "2014-09-04", + "status": "latest", "found_by": "rspec", "confidence": 0, "interesting_entries": [ diff --git a/spec/output/wp_version/with_vulns.cli_no_colour b/spec/output/wp_version/with_vulns.cli_no_colour index 8c55466c..d9c1e8ba 100644 --- a/spec/output/wp_version/with_vulns.cli_no_colour +++ b/spec/output/wp_version/with_vulns.cli_no_colour @@ -1,4 +1,4 @@ -[+] WordPress version 3.8.1 identified (Released on 2014-01-23). +[+] WordPress version 3.8.1 identified (Outdated, released on 2014-01-23). | Detected By: rspec | | [!] 2 vulnerabilities identified: diff --git a/spec/output/wp_version/with_vulns.json b/spec/output/wp_version/with_vulns.json index 2b720834..c34c751c 100644 --- a/spec/output/wp_version/with_vulns.json +++ b/spec/output/wp_version/with_vulns.json @@ -2,6 +2,7 @@ "version": { "number": "3.8.1", "release_date": "2014-01-23", + "status": "outdated", "found_by": "rspec", "confidence": 0, "interesting_entries": [