garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added cve tag to xml file

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-08-23 14:02:09 +02:00
parent 55089646c2
commit 1f5cb4b0a0
7 changed files with 126 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
data/plugin_vulns.xml
View File

@@ -1388,9 +1388,10 @@
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>[CVE-2013-1636] WordPress pretty-link plugin XSS in SWF</title>
<title>WordPress pretty-link plugin XSS in SWF</title>
<reference>http://seclists.org/bugtraq/2013/Feb/100</reference>
<reference>http://packetstormsecurity.com/files/120433/wpprettylink163-xss.txt</reference>
<cve>2013-1636</cve>
<type>XSS</type>
</vulnerability>
</plugin>
@@ -1467,8 +1468,11 @@
<plugin name="download-monitor">
<vulnerability>
<title>CVE-2013-5098, CVE-2013-3262: Download Monitor &lt; 3.3.6.2 Cross Site Scripting</title>
<reference>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5098</reference>
<title>Download Monitor &lt; 3.3.6.2 Cross Site Scripting</title>
<reference>http://www.securityfocus.com/bid/61407</reference>
<reference>http://secunia.com/advisories/53116</reference>
<cve>2013-5098</cve>
<cve>2013-3262</cve>
<type>XSS</type>
<fixed_in>3.3.6.2</fixed_in>
</vulnerability>
@@ -2290,9 +2294,10 @@
<type>MULTI</type>
</vulnerability>
<vulnerability>
<title>NextGEN Gallery 1.9.12 Arbitrary File Upload (CVE-2013-3684)</title>
<title>NextGEN Gallery 1.9.12 Arbitrary File Upload</title>
<reference>http://wordpress.org/plugins/nextgen-gallery/changelog/</reference>
<reference>http://osvdb.org/94232</reference>
<cve>2013-3684</cve>
<type>UPLOAD</type>
<fixed_in>1.9.13</fixed_in>
</vulnerability>
@@ -4128,223 +4133,249 @@
<plugin name="zopim-live-chat">
<vulnerability>
<title>CVE-2013-1808: zopim-live-chat &lt;= 1.2.5 XSS in ZeroClipboard</title>
<title>zopim-live-chat &lt;= 1.2.5 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="ed2k-link-selector">
<vulnerability>
<title>CVE-2013-1808: ed2k-link-selector &lt;= 1.1.7 XSS in ZeroClipboard</title>
<title>ed2k-link-selector &lt;= 1.1.7 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wppygments">
<vulnerability>
<title>CVE-2013-1808: wppygments &lt;= 0.3.2 XSS in ZeroClipboard</title>
<title>wppygments &lt;= 0.3.2 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="copy-in-clipboard">
<vulnerability>
<title>CVE-2013-1808: copy-in-clipboard &lt;= 0.8 XSS in ZeroClipboard</title>
<title>copy-in-clipboard &lt;= 0.8 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="search-and-share">
<vulnerability>
<title>CVE-2013-1808: search-and-share &lt;= 0.9.3 XSS in ZeroClipboard</title>
<title>search-and-share &lt;= 0.9.3 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="placester">
<vulnerability>
<title>CVE-2013-1808: placester &lt;= 0.3.12 XSS in ZeroClipboard</title>
<title>placester &lt;= 0.3.12 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="drp-coupon">
<vulnerability>
<title>CVE-2013-1808: drp-coupon &lt;= 2.1 XSS in ZeroClipboard</title>
<title>drp-coupon &lt;= 2.1 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="coupon-code-plugin">
<vulnerability>
<title>CVE-2013-1808: coupon-code-plugin &lt;= 2.1 XSS in ZeroClipboard</title>
<title>coupon-code-plugin &lt;= 2.1 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="q2w3-inc-manager">
<vulnerability>
<title>CVE-2013-1808: q2w3-inc-manager &lt;= 2.3.1 XSS in ZeroClipboard</title>
<title>q2w3-inc-manager &lt;= 2.3.1 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="scorerender">
<vulnerability>
<title>CVE-2013-1808: scorerender &lt;= 0.3.4 XSS in ZeroClipboard</title>
<title>scorerender &lt;= 0.3.4 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-link-to-us">
<vulnerability>
<title>CVE-2013-1808: wp-link-to-us &lt;= 2.0 XSS in ZeroClipboard</title>
<title>wp-link-to-us &lt;= 2.0 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="buckets">
<vulnerability>
<title>CVE-2013-1808: buckets &lt;= 0.1.9.2 XSS in ZeroClipboard</title>
<title>buckets &lt;= 0.1.9.2 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="java-trackback">
<vulnerability>
<title>CVE-2013-1808: java-trackback &lt;= 0.2 XSS in ZeroClipboard</title>
<title>java-trackback &lt;= 0.2 XSS in ZeroClipboard</title>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="slidedeck2">
<vulnerability>
<title>CVE-2013-1808: slidedeck2 &lt;= 2.1.20130228 XSS in ZeroClipboard</title>
<title>slidedeck2 &lt;= 2.1.20130228 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="wp-clone-by-wp-academy">
<vulnerability>
<title>CVE-2013-1808: wp-clone-by-wp-academy &lt;= 2.1.1 XSS in ZeroClipboard</title>
<title>wp-clone-by-wp-academy &lt;= 2.1.1 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="tiny-url">
<vulnerability>
<title>CVE-2013-1808: tiny-url &lt;= 1.3.2 XSS in ZeroClipboard</title>
<title>tiny-url &lt;= 1.3.2 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="thethe-layout-grid">
<vulnerability>
<title>CVE-2013-1808: thethe-layout-grid &lt;= 1.0.0 XSS in ZeroClipboard.</title>
<title>thethe-layout-grid &lt;= 1.0.0 XSS in ZeroClipboard.</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="paypal-digital-goods-monetization-powered-by-cleeng">
<vulnerability>
<title>CVE-2013-1808: paypal-digital-goods-monetization-powered-by-cleeng &lt;= 2.2.13 XSS in ZeroClipboard</title>
<title>paypal-digital-goods-monetization-powered-by-cleeng &lt;= 2.2.13 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="mobileview">
<vulnerability>
<title>CVE-2013-1808: mobileview &lt;= 1.0.7 XSS in ZeroClipboard</title>
<title>mobileview &lt;= 1.0.7 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="jaspreetchahals-coupons-lite">
<vulnerability>
<title>CVE-2013-1808: jaspreetchahals-coupons-lite &lt;= 2.1 XSS in ZeroClipboard</title>
<title>jaspreetchahals-coupons-lite &lt;= 2.1 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="geshi-source-colorer">
<vulnerability>
<title>CVE-2013-1808: geshi-source-colorer &lt;= 0.13 XSS in ZeroClipboard</title>
<title>geshi-source-colorer &lt;= 0.13 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="click-to-copy-grab-box">
<vulnerability>
<title>CVE-2013-1808: click-to-copy-grab-box &lt;= 0.1.1 XSS in ZeroClipboard</title>
<title>click-to-copy-grab-box &lt;= 0.1.1 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="cleeng">
<vulnerability>
<title>CVE-2013-1808: cleeng &lt;= 2.3.2 XSS in ZeroClipboard</title>
<title>cleeng &lt;= 2.3.2 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="bp-code-snippets">
<vulnerability>
<title>CVE-2013-1808: bp-code-snippets &lt;= 2.0 XSS in ZeroClipboard</title>
<title>bp-code-snippets &lt;= 2.0 XSS in ZeroClipboard</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/2</reference>
<reference>http://1337day.com/exploit/20396</reference>
<cve>2013-1808</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="snazzy-archives">
<vulnerability>
<title>CVE-2009-4168: snazzy-archives &lt;= 1.7.1 XSS vulnerability</title>
<title>snazzy-archives &lt;= 1.7.1 XSS vulnerability</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/10/3</reference>
<cve>2009-4168</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="vkontakte-api">
<vulnerability>
<title>CVE-2009-4168: vkontakte-api XSS vulnerability</title>
<title>vkontakte-api XSS vulnerability</title>
<reference>http://www.openwall.com/lists/oss-security/2013/03/11/1</reference>
<cve>2009-4168</cve>
<type>XSS</type>
</vulnerability>
</plugin>
@@ -4436,7 +4467,7 @@
<title>ofc_upload_image.php Arbitrary File Upload Vulnerability</title>
<reference>http://www.exploit-db.com/exploits/24492/</reference>
<reference>http://secunia.com/advisories/37903</reference>
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4140</reference>
<cve>2009-4140</cve>
<type>UPLOAD</type>
<fixed_in>0.5</fixed_in>
</vulnerability>
@@ -4538,7 +4569,7 @@
<vulnerability>
<title>facebook-members CSRF</title>
<reference>https://secunia.com/advisories/52962/</reference>
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2703</reference>
<cve>2013-2703</cve>
<type>CSRF</type>
<fixed_in>5.0.5</fixed_in>
</vulnerability>
@@ -4548,7 +4579,7 @@
<vulnerability>
<title>foursquare-checkins CSRF</title>
<reference>https://secunia.com/advisories/53151/</reference>
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2709</reference>
<cve>2013-2709</cve>
<type>CSRF</type>
<fixed_in>1.3</fixed_in>
</vulnerability>
@@ -4567,7 +4598,7 @@
<vulnerability>
<title>all-in-one-webmaster CSRF</title>
<reference>https://secunia.com/advisories/52877/</reference>
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2696</reference>
<cve>2013-2696</cve>
<type>CSRF</type>
<fixed_in>8.2.4</fixed_in>
</vulnerability>
@@ -4619,7 +4650,7 @@
<vulnerability>
<title>easy-adsense-lite CSRF</title>
<reference>https://secunia.com/advisories/52953/</reference>
<reference>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2702</reference>
<cve>2013-2702</cve>
<type>CSRF</type>
<fixed_in>6.10</fixed_in>
</vulnerability>
@@ -4627,27 +4658,31 @@
<plugin name="uk-cookie">
<vulnerability>
<title>CVE-2012-5856: uk-cookie plugin XSS</title>
<title>uk-cookie plugin XSS</title>
<reference>http://osvdb.org/87561</reference>
<reference>http://seclists.org/bugtraq/2012/Nov/50</reference>
<cve>2012-5856</cve>
<type>XSS</type>
</vulnerability>
<vulnerability>
<title>CVE-2013-2180: uk-cookie CSRF</title>
<title>uk-cookie CSRF</title>
<reference>http://www.openwall.com/lists/oss-security/2013/06/06/10</reference>
<reference>http://osvdb.org/94032</reference>
<cve>2013-2180</cve>
<type>CSRF</type>
</vulnerability>
</plugin>
<plugin name="wp-cleanfix">
<vulnerability>
<title>CVE-2013-2108|CVE-2013-2109: wp-cleanfix Remote Command Execution, CSRF and XSS</title>
<title>wp-cleanfix Remote Command Execution, CSRF and XSS</title>
<reference>https://github.com/wpscanteam/wpscan/issues/186</reference>
<reference>http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning</reference>
<reference>http://osvdb.org/93450</reference>
<reference>http://secunia.com/advisories/53395/</reference>
<reference>http://osvdb.org/93468</reference>
<cve>2013-2108</cve>
<cve>2013-2109</cve>
<type>MULTI</type>
<fixed_in>3.0.2</fixed_in>
</vulnerability>
@@ -4811,10 +4846,11 @@
<plugin name="underconstruction">
<vulnerability>
<title>CSRF in WordPress underConstruction plugin (CVE-2013-2699)</title>
<title>CSRF in WordPress underConstruction plugin</title>
<reference>http://wordpress.org/plugins/underconstruction/changelog/</reference>
<reference>http://secunia.com/advisories/52881/</reference>
<reference>http://osvdb.org/93857</reference>
<cve>2013-2699</cve>
<type>CSRF</type>
<fixed_in>1.09</fixed_in>
</vulnerability>
@@ -4971,16 +5007,18 @@
<plugin name="xorbin-analog-flash-clock">
<vulnerability>
<title>CVE-2013-4692: Xorbin Analog Flash Clock 1.0 Flash-based XSS</title>
<title>Xorbin Analog Flash Clock 1.0 Flash-based XSS</title>
<reference>http://advisory.prakharprasad.com/xorbin_afc_wp.txt</reference>
<cve>2013-4692</cve>
<type>XSS</type>
</vulnerability>
</plugin>
<plugin name="xorbin-digital-flash-clock">
<vulnerability>
<title>CVE-2013-4693: Xorbin Digital Flash Clock 1.0 Flash-based XSS</title>
<title>Xorbin Digital Flash Clock 1.0 Flash-based XSS</title>
<reference>http://advisory.prakharprasad.com/xorbin_dfc_wp.txt</reference>
<cve>2013-4693</cve>
<type>XSS</type>
</vulnerability>
</plugin>
@@ -5020,8 +5058,9 @@
<plugin name="duplicator">
<vulnerability>
<title>CVE-2013-4625: Duplicator installer.cleanup.php package Parameter XSS</title>
<title>Duplicator installer.cleanup.php package Parameter XSS</title>
<reference>http://osvdb.org/95627</reference>
<cve>2013-4625</cve>
<type>XSS</type>
<fixed_in>0.4.5</fixed_in>
</vulnerability>
@@ -5056,8 +5095,9 @@
<plugin name="xhanch-my-twitter">
<vulnerability>
<title>CVE-2013-3253: CSRF in admin/setting.php in Xhanch</title>
<reference>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3253</reference>
<title>CSRF in admin/setting.php in Xhanch</title>
<reference>http://secunia.com/advisories/53133</reference>
<cve>2013-3253</cve>
<type>CSRF</type>
<fixed_in>2.7.7</fixed_in>
</vulnerability>
@@ -5065,8 +5105,9 @@
<plugin name="sexybookmarks">
<vulnerability>
<title>CVE-2013-3256: CSRF in sexybookmarks</title>
<title>CSRF in sexybookmarks</title>
<reference>http://wordpress.org/plugins/sexybookmarks/changelog/</reference>
<cve>2013-3256</cve>
<type>CSRF</type>
<fixed_in>6.1.5.0</fixed_in>
</vulnerability>

1
data/vuln.xsd
View File

@@ -52,6 +52,7 @@
<xs:element name="title" type="stringtype"/>
<xs:element name="reference" type="uritype" maxOccurs="unbounded" minOccurs="1"/>
<xs:element name="metasploit" type="stringtype" maxOccurs="unbounded" minOccurs="0"/>
<xs:element name="cve" type="stringtype" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="type" type="typetype"/>
<xs:element name="fixed_in" type="stringtype" minOccurs="0" maxOccurs="1"/>
</xs:sequence>

14
lib/common/models/vulnerability.rb
View File

@@ -5,22 +5,24 @@ require 'vulnerability/output'
class Vulnerability
include Vulnerability::Output
attr_accessor :title, :references, :type, :fixed_in, :metasploit_modules
attr_accessor :title, :references, :type, :fixed_in, :metasploit_modules, :cve
#
# @param [ String ] title The title of the vulnerability
# @param [ String ] type The type of the vulnerability
# @param [ Array ] references References urls
# @param [ Array ] metasploit_modules Metasploit modules for the vulnerability
# @param [ String ] fixed_in Vuln fixed in Version X
# @param [ String ] fixed_in Vuln fixed in Version X
# @param [ Array ] cve CVE numbers for the vulnerability
#
# @return [ Vulnerability ]
def initialize(title, type, references, metasploit_modules = [], fixed_in = '')
def initialize(title, type, references, metasploit_modules = [], fixed_in = '', cve = [])
@title = title
@type = type
@references = references
@metasploit_modules = metasploit_modules
@fixed_in = fixed_in
@fixed_in = fixed_in
@cve = cve
end
# @param [ Vulnerability ] other
@@ -32,6 +34,7 @@ class Vulnerability
type == other.type &&
references == other.references &&
fixed_in == other.fixed_in &&
cve == other.cve &&
metasploit_modules == other.metasploit_modules
end
# :nocov:
@@ -47,7 +50,8 @@ class Vulnerability
xml_node.search('type').text,
xml_node.search('reference').map(&:text),
xml_node.search('metasploit').map(&:text),
xml_node.search('fixed_in').text
xml_node.search('fixed_in').text,
xml_node.search('cve').map(&:text)
)
end

7
lib/common/models/vulnerability/output.rb
View File

@@ -10,6 +10,9 @@ class Vulnerability
references.each do |r|
puts ' | ' + red("* Reference: #{r}")
end
cve.each do |c|
puts ' | ' + red("* CVE-#{c} - #{Output.cve_url(c)}")
end
metasploit_modules.each do |m|
puts ' | ' + red("* Metasploit module: #{Output.metasploit_module_url(m)}")
end
@@ -22,5 +25,9 @@ class Vulnerability
"http://www.metasploit.com/modules/#{module_path}"
end
def self.cve_url(cve)
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE#{cve}"
end
end
end

8
spec/lib/common/models/vulnerability/output_spec.rb
View File

@@ -19,7 +19,13 @@ describe Vulnerability::Output do
@module = 'gathering/yolo'
@expected = modules_url + @module
end
end
end
describe '::cve_url' do
it 'returns the correct url' do
Vulnerability::Output.cve_url('1111-1111').should == 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1111-1111'
end
end
describe '#output' do
# How to test it ? oO

16
spec/lib/common/models/vulnerability_spec.rb
View File

@@ -18,6 +18,7 @@ describe Vulnerability do
its(:type) { should be type }
its(:metasploit_modules) { should be_empty }
its(:fixed_in) { should be_empty }
its(:cve) { should be_empty }
end
context 'with metasploit modules argument' do
@@ -26,6 +27,7 @@ describe Vulnerability do
its(:metasploit_modules) { should be modules }
its(:fixed_in) { should be_empty }
its(:cve) { should be_empty }
end
context 'with metasploit modules and fixed version argument' do
@@ -33,8 +35,19 @@ describe Vulnerability do
let(:fixed_version) { '1.0' }
its(:metasploit_modules) { should be modules }
its(:fixed_in) { should == '1.0' }
its(:fixed_in) { should == '1.0' }
its(:cve) { should be_empty }
end
context 'with cve argument' do
subject(:vulnerability) { Vulnerability.new(title, type, references, [], '', cve) }
let(:cve) { %w{2011-001 2011-002} }
its(:metasploit_modules) { should be_empty }
its(:fixed_in) { should be_empty }
its(:cve) { should be cve }
end
end
describe '::load_from_xml_node' do
@@ -47,6 +60,7 @@ describe Vulnerability do
its(:type) { should == 'CSRF' }
its(:references) { should == ['Ref 1', 'Ref 2'] }
its(:metasploit_modules) { should == %w{exploit/ex1} }
its(:cve) { should == %w{2011-001} }
its(:fixed_in) { should == '1.0'}
end

1
spec/samples/common/models/vulnerability/xml_node.xml
View File

@@ -2,6 +2,7 @@
<title>Vuln Title</title>
<reference>Ref 1</reference>
<reference>Ref 2</reference>
<cve>2011-001</cve>
<type>CSRF</type>
<metasploit>exploit/ex1</metasploit>
<fixed_in>1.0</fixed_in>