Removes Changelog detection

app/models/wp_item.rb

@@ -9,8 +9,7 @@ module WPScan
       include CMSScanner::Target::Platform::PHP
       include CMSScanner::Target::Server::Generic
 
-      READMES    = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
+      READMES = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
-      CHANGELOGS = %w[changelog.txt CHANGELOG.md changelog.md].freeze
 
       attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data
 
@@ -127,21 +126,6 @@ module WPScan
         @readme_url = false
       end
 
-      # @return [ String, false ] The changelog url if found, false otherwise
-      def changelog_url
-        return if detection_opts[:mode] == :passive
-
-        return @changelog_url unless @changelog_url.nil?
-
-        CHANGELOGS.each do |path|
-          t_url = url(path)
-
-          return @changelog_url = t_url if Browser.forge_request(t_url, blog.head_or_get_params).run.code == 200
-        end
-
-        @changelog_url = false
-      end
-
       # @param [ String ] path
       # @param [ Hash ] params The request params
       #

app/views/cli/wp_item.erb

@@ -8,9 +8,6 @@
 <% if @wp_item.readme_url -%>
  | Readme: <%= @wp_item.readme_url %>
 <% end -%>
-<% if @wp_item.changelog_url -%>
- | Changelog: <%= @wp_item.changelog_url %>
-<% end -%>
 <% if @wp_item.latest_version && @wp_item.outdated? -%>
  | <%= warning_icon %> The version is out of date, the latest version is <%= @wp_item.latest_version %>
 <% end -%>

app/views/json/wp_item.erb

@@ -4,6 +4,5 @@
 "last_updated": <%= @wp_item.last_updated.to_json %>,
 "outdated": <%= @wp_item.outdated?.to_json %>,
 "readme_url": <%= @wp_item.readme_url.to_json %>,
-"changelog_url": <%= @wp_item.changelog_url.to_json %>,
 "directory_listing": <%= @wp_item.directory_listing?.to_json %>,
 "error_log_url": <% if @wp_item.error_log? %><%= @wp_item.url('error_log').to_json %><% else %>null<% end %>

spec/app/models/wp_item_spec.rb

@@ -117,10 +117,6 @@ describe WPScan::Model::WpItem do
     xit
   end
 
-  describe '#changelog_url' do
-    xit
-  end
-
   describe '#directory_listing?' do
     xit
   end

spec/output/main_theme/no_verbose.cli_no_colour

@@ -1,7 +1,6 @@
 [+] WordPress theme in use: test
  | Location: http://ex.lo/wp-content/themes/test/
  | Readme: http://ex.lo/wp-content/themes/test/readme.txt
- | Changelog: http://ex.lo/wp-content/themes/test/changelog.txt
  | Style URL: http://ex.lo/wp-content/themes/test/style.css
  | Style Name: Twenty Fifteen
  | Style URI: https://wordpress.org/themes/twentyfifteen

spec/output/main_theme/no_verbose.json

@@ -6,7 +6,6 @@
     "last_updated": null,
     "outdated": false,
     "readme_url": "http://ex.lo/wp-content/themes/test/readme.txt",
-    "changelog_url": "http://ex.lo/wp-content/themes/test/changelog.txt",
     "directory_listing": false,
     "error_log_url": null,
     "style_url": "http://ex.lo/wp-content/themes/test/style.css",

spec/output/main_theme/verbose.cli_no_colour

@@ -1,7 +1,6 @@
 [+] WordPress theme in use: test
  | Location: http://ex.lo/wp-content/themes/test/
  | Readme: http://ex.lo/wp-content/themes/test/readme.txt
- | Changelog: http://ex.lo/wp-content/themes/test/changelog.txt
  | Style URL: http://ex.lo/wp-content/themes/test/style.css
  | Style Name: Twenty Fifteen
  | Style URI: https://wordpress.org/themes/twentyfifteen

spec/output/main_theme/verbose.json

@@ -6,7 +6,6 @@
     "last_updated": null,
     "outdated": false,
     "readme_url": "http://ex.lo/wp-content/themes/test/readme.txt",
-    "changelog_url": "http://ex.lo/wp-content/themes/test/changelog.txt",
     "directory_listing": false,
     "error_log_url": null,
     "style_url": "http://ex.lo/wp-content/themes/test/style.css",

spec/output/main_theme/vulnerable.cli_no_colour

@@ -1,7 +1,6 @@
 [+] WordPress theme in use: dignitas-themes
  | Location: http://ex.lo/wp-content/themes/dignitas-themes/
  | Readme: http://ex.lo/wp-content/themes/dignitas-themes/readme.txt
- | Changelog: http://ex.lo/wp-content/themes/dignitas-themes/changelog.txt
  | Style URL: http://ex.lo/wp-content/themes/dignitas-themes/style.css
  | Style Name: Twenty Fifteen
  | Style URI: https://wordpress.org/themes/twentyfifteen

spec/output/main_theme/vulnerable.json

@@ -6,7 +6,6 @@
     "last_updated": null,
     "outdated": false,
     "readme_url": "http://ex.lo/wp-content/themes/dignitas-themes/readme.txt",
-    "changelog_url": "http://ex.lo/wp-content/themes/dignitas-themes/changelog.txt",
     "directory_listing": false,
     "error_log_url": null,
     "style_url": "http://ex.lo/wp-content/themes/dignitas-themes/style.css",

spec/shared_examples/views/main_theme.rb

@@ -22,7 +22,7 @@ shared_examples 'App::Views::MainTheme' do
       before do
         expect(target).to receive(:content_dir).at_least(1).and_return('wp-content')
 
-        # Stub all requests to 200, to detect a readme and changelog.
+        # Stub all requests to 200, to detect the readme.
         # Detection of the error_log will fail as the empty body won't match the patterns
         stub_request(:head, /.*/)
         stub_request(:get, /.*/)