From 10616b18fc49c52e169d0fd7b3363954d6687c84 Mon Sep 17 00:00:00 2001
From: Christian Mehlmauer <firefart@gmail.com>
Date: Mon, 21 Jan 2013 22:18:12 +0100
Subject: [PATCH] more XSD checking

---
 data/vuln.xsd                                 | 18 ++++++
 data/wp_versions.xml                          | 36 ++++++------
 data/wp_versions.xsd                          | 55 +++++++++++++++++++
 lib/common_helper.rb                          |  3 +
 lib/wpscan/wp_version.rb                      |  2 +-
 .../plugins/checker/checker_plugin.rb         |  2 +-
 spec/xml_checks_spec.rb                       | 20 +++----
 7 files changed, 105 insertions(+), 31 deletions(-)
 create mode 100644 data/wp_versions.xsd

diff --git a/data/vuln.xsd b/data/vuln.xsd
index 8178dcc1..e7eaa5f2 100644
--- a/data/vuln.xsd
+++ b/data/vuln.xsd
@@ -1,5 +1,23 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
+<!--
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012-2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+-->
+
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
 
   <xs:simpleType name="stringtype">
diff --git a/data/wp_versions.xml b/data/wp_versions.xml
index f7f7d47b..91c9bbcf 100644
--- a/data/wp_versions.xml
+++ b/data/wp_versions.xml
@@ -1,24 +1,23 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
-WPScan - WordPress Security Scanner
-Copyright (C) 2011  Ryan Dewhurst AKA ethicalhack3r
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-ryandewhurst at gmail
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012-2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 -->
+
 <!--
   This file contains identification data to identify WordPress verions.
   http://wordpress.org/download/release-archive/
@@ -26,7 +25,8 @@ ryandewhurst at gmail
   Position is important, DO NOT change anything unless you know what you are doing :p
 -->
 
-<wp-versions>
+<wp-versions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="wp_versions.xsd">
 
   <file src="wp-includes/js/wp-lists.js">
     <hash md5="87ce7e6067f829ba65df86fddb32bf5b">
diff --git a/data/wp_versions.xsd b/data/wp_versions.xsd
new file mode 100644
index 00000000..915be417
--- /dev/null
+++ b/data/wp_versions.xsd
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012-2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+-->
+
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+  <xs:simpleType name="stringtype">
+    <xs:restriction base="xs:string"/>
+  </xs:simpleType>
+
+  <xs:complexType name="filetype">
+    <xs:sequence>
+      <xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1" />
+    </xs:sequence>
+    <xs:attribute type="stringtype" name="src" use="required"/>
+  </xs:complexType>
+
+  <xs:simpleType name="md5type">
+    <xs:restriction base="stringtype">
+      <xs:pattern value="[0-9a-f]{32}"/>
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:complexType name="hashtype">
+    <xs:sequence minOccurs="1" maxOccurs="1">
+      <xs:element name="version" type="stringtype"/>
+    </xs:sequence>
+    <xs:attribute type="md5type" name="md5" use="required"/>
+  </xs:complexType>
+
+  <xs:element name="wp-versions">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="file" type="filetype" maxOccurs="unbounded" minOccurs="0"/>
+      </xs:sequence>
+    </xs:complexType>
+  </xs:element>
+
+</xs:schema>
\ No newline at end of file
diff --git a/lib/common_helper.rb b/lib/common_helper.rb
index 5849f4d8..cbeb52fc 100644
--- a/lib/common_helper.rb
+++ b/lib/common_helper.rb
@@ -39,7 +39,10 @@ THEMES_FILE         = DATA_DIR + "/themes.txt"
 THEMES_FULL_FILE    = DATA_DIR + "/themes_full.txt"
 THEMES_VULNS_FILE   = DATA_DIR + "/theme_vulns.xml"
 WP_VULNS_FILE       = DATA_DIR + "/wp_vulns.xml"
+WP_VERSIONS_FILE    = DATA_DIR + "/wp_versions.xml"
+LOCAL_FILES_FILE    = DATA_DIR + "/local_vulnerable_files.xml"
 VULNS_XSD           = DATA_DIR + "/vuln.xsd"
+WP_VERSIONS_XSD     = DATA_DIR + "/wp_versions.xsd"
 
 WPSCAN_VERSION       = "2.0"
 
diff --git a/lib/wpscan/wp_version.rb b/lib/wpscan/wp_version.rb
index 158be288..36d8914f 100644
--- a/lib/wpscan/wp_version.rb
+++ b/lib/wpscan/wp_version.rb
@@ -124,7 +124,7 @@ class WpVersion < Vulnerable
   def self.find_from_advanced_fingerprinting(options)
     target_uri = options[:base_url]
     # needed for rpsec tests
-    version_xml = options[:version_xml] || DATA_DIR + "/wp_versions.xml"
+    version_xml = options[:version_xml] || WP_VERSIONS_FILE
     xml = Nokogiri::XML(File.open(version_xml)) do |config|
       config.noblanks
     end
diff --git a/lib/wpstools/plugins/checker/checker_plugin.rb b/lib/wpstools/plugins/checker/checker_plugin.rb
index 23240b5f..d888f9c5 100644
--- a/lib/wpstools/plugins/checker/checker_plugin.rb
+++ b/lib/wpstools/plugins/checker/checker_plugin.rb
@@ -93,7 +93,7 @@ class CheckerPlugin < Plugin
 
   def check_local_vulnerable_files(dir_to_scan)
     if Dir::exist?(dir_to_scan)
-      xml_file               = DATA_DIR + "/local_vulnerable_files.xml"
+      xml_file               = LOCAL_FILES_FILE
       local_hashes           = {}
       file_extension_to_scan = "*.{js,php,swf,html,htm}"
 
diff --git a/spec/xml_checks_spec.rb b/spec/xml_checks_spec.rb
index 59d3612a..30b80440 100644
--- a/spec/xml_checks_spec.rb
+++ b/spec/xml_checks_spec.rb
@@ -21,13 +21,11 @@ require 'spec_helper'
 describe "XML checks" do
 
   after :each do
-    full_path = "#{DATA_DIR}/#@file"
-
-    FileTest.exists?(full_path).should be_true
+    FileTest.exists?(@file).should be_true
 
     if @xsd
       xsd = Nokogiri::XML::Schema(File.read(@xsd))
-      doc = Nokogiri::XML(File.read(full_path))
+      doc = Nokogiri::XML(File.read(@file))
 
       errors = []
       xsd.validate(doc).each do |error|
@@ -36,33 +34,33 @@ describe "XML checks" do
 
       errors.should === []
     else
-      expect { Nokogiri::XML(File.read(full_path)) { |config| config.strict } }.to_not raise_error
+      expect { Nokogiri::XML(File.read(@file)) { |config| config.strict } }.to_not raise_error
     end
 
   end
 
   it "check plugin_vulns.xml for syntax errors" do
-    @file = "plugin_vulns.xml"
+    @file = PLUGINS_VULNS_FILE
     @xsd = VULNS_XSD
   end
 
   it "check theme_vulns.xml for syntax errors" do
-    @file = "theme_vulns.xml"
+    @file = THEMES_VULNS_FILE
     @xsd = VULNS_XSD
   end
 
   it "check wp_versions.xml for syntax errors" do
-    @file = "wp_versions.xml"
-    @xsd = nil
+    @file = WP_VERSIONS_FILE
+    @xsd = WP_VERSIONS_XSD
   end
 
   it "check wp_vulns.xml for syntax errors" do
-    @file = "wp_vulns.xml"
+    @file = WP_VULNS_FILE
     @xsd = VULNS_XSD
   end
 
   it "check local_vulnerable_files.xml for syntax errors" do
-    @file = "local_vulnerable_files.xml"
+    @file = LOCAL_FILES_FILE
     @xsd = nil
   end
 end
\ No newline at end of file