Work on json database file parsing, still needs some work.

lib/common/models/vulnerability.rb

@@ -40,22 +40,47 @@ class Vulnerability
   # @param [ Nokogiri::XML::Node ] xml_node
   #
   # @return [ Vulnerability ]
-  def self.load_from_xml_node(xml_node)
+  # def self.load_from_xml_node(xml_node)
+  #   references = {}
+  #   refs = xml_node.search('references')
+
+  #   if refs
+  #     references[:url] = refs.search('url').map(&:text)
+  #     references[:cve] = refs.search('cve').map(&:text)
+  #     references[:secunia] = refs.search('secunia').map(&:text)
+  #     references[:osvdb] = refs.search('osvdb').map(&:text)
+  #     references[:metasploit] = refs.search('metasploit').map(&:text)
+  #     references[:exploitdb] = refs.search('exploitdb').map(&:text)
+  #   end
+
+  #   new(
+  #     xml_node.search('title').text,
+  #     xml_node.search('type').text,
+  #     references,
+  #     xml_node.search('fixed_in').text,
+  #   )
+  # end
+
+  # Create the Vulnerability from the json_item
+  #
+  # @param [ Hash ] json_item
+  #
+  # @return [ Vulnerability ]
+  def self.load_from_json_item(json_item)
     references = {}
-    refs = xml_node.search('references')
-    if refs
-      references[:url] = refs.search('url').map(&:text)
-      references[:cve] = refs.search('cve').map(&:text)
-      references[:secunia] = refs.search('secunia').map(&:text)
-      references[:osvdb] = refs.search('osvdb').map(&:text)
-      references[:metasploit] = refs.search('metasploit').map(&:text)
-      references[:exploitdb] = refs.search('exploitdb').map(&:text)
-    end
+
+    references[:url]        = json_item['references'].split(',') if json_item['references']
+    references[:cve]        = json_item['cve'].split(',') if json_item['cve']
+    references[:secunia]    = json_item['secunia'].split(',') if json_item['secunia']
+    references[:osvdb]      = json_item['osvdb'].split(',') if json_item['osvdb']
+    references[:metasploit] = json_item['metasploit'].split(',') if json_item['metasploit']
+    references[:exploitdb]  = json_item['exploitdb'].split(',') if json_item['exploitdb']
+
     new(
-      xml_node.search('title').text,
-      xml_node.search('type').text,
+      json_item['title'],
+      json_item['type'],
       references,
-      xml_node.search('fixed_in').text,
+      json_item['fixed_in'],
     )
   end
 

lib/common/models/vulnerability/output.rb

@@ -14,7 +14,7 @@ class Vulnerability
           puts "    Reference: #{url}" if url
         end
       end
-      if !fixed_in.empty?
+      if !fixed_in.nil?
          puts "#{blue('[i]')} Fixed in: #{fixed_in}"
       end
     end

lib/common/models/wp_item/vulnerable.rb

@@ -2,22 +2,35 @@
 
 class WpItem
   module Vulnerable
-    attr_accessor :vulns_file, :vulns_xpath
+    attr_accessor :vulns_file, :identifier
 
     # Get the vulnerabilities associated to the WpItem
     # Filters out already fixed vulnerabilities
     #
     # @return [ Vulnerabilities ]
     def vulnerabilities
-      xml             = xml(vulns_file)
+      # xml             = xml(vulns_file)
+      json            = json(vulns_file)
       vulnerabilities = Vulnerabilities.new
 
-      xml.xpath(vulns_xpath).each do |node|
-        vuln = Vulnerability.load_from_xml_node(node)
-        if vulnerable_to?(vuln)
-          vulnerabilities << vuln
+      json.each do |item|
+        asset = item[identifier]
+
+        if asset
+          asset['vulnerabilities'].each do |vulnerability|
+            vulnerability = Vulnerability.load_from_json_item(vulnerability)
+            vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
+          end
         end
       end
+
+      # xml.xpath(vulns_xpath).each do |node|
+      #   vuln = Vulnerability.load_from_xml_node(node)
+      #   if vulnerable_to?(vuln)
+      #     vulnerabilities << vuln
+      #   end
+      # end
+
       vulnerabilities
     end
 

lib/common/models/wp_plugin/vulnerable.rb

@@ -12,9 +12,14 @@ class WpPlugin < WpItem
     end
 
     # @return [ String ]
-    def vulns_xpath
-      "//plugin[@name='#{@name}']/vulnerability"
+    def identifier
+      @name
     end
 
+    # # @return [ String ]
+    # def vulns_xpath
+    #   "//plugin[@name='#{@name}']/vulnerability"
+    # end
+
   end
 end

lib/common/models/wp_theme/vulnerable.rb

@@ -12,9 +12,14 @@ class WpTheme < WpItem
     end
 
     # @return [ String ]
-    def vulns_xpath
-      "//theme[@name='#{@name}']/vulnerability"
-    end
+    def identifier
+      @name
+    end    
+
+    # @return [ String ]
+    # def vulns_xpath
+    #   "//theme[@name='#{@name}']/vulnerability"
+    # end
 
   end
 end

lib/common/models/wp_version/vulnerable.rb

@@ -12,9 +12,14 @@ class WpVersion < WpItem
     end
 
     # @return [ String ]
-    def vulns_xpath
-      "//wordpress[@version='#{@number}']/vulnerability"
-    end
+    def identifier
+      @number
+    end  
+
+    # @return [ String ]
+    # def vulns_xpath
+    #   "//wordpress[@version='#{@number}']/vulnerability"
+    # end
 
   end
 end