VulnAPI Implementation

2019-07-18 20:32:15 +01:00
parent 84422b10c8
commit 463e77f0a5
60 changed files with 1126 additions and 223 deletions
--- a/app/models/plugin.rb
+++ b/app/models/plugin.rb
@@ -15,9 +15,16 @@ module WPScan
        @uri = Addressable::URI.parse(blog.url(path_from_blog))
      end

-      # @return [ JSON ]
+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
+      # @return [ Hash ]
      def metadata
-        @metadata ||= DB::Plugin.metadata_at(slug)
+        @metadata ||= db_data.empty? ? DB::Plugin.metadata_at(slug) : db_data
+      end
+
+      # @return [ Hash ]
+      def db_data
+        @db_data ||= DB::VulnApi.plugin_data(slug)
      end

      # @param [ Hash ] opts
--- a/app/models/theme.rb
+++ b/app/models/theme.rb
@@ -21,9 +21,16 @@ module WPScan
        parse_style
      end

+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
      # @return [ JSON ]
      def metadata
-        @metadata ||= DB::Theme.metadata_at(slug)
+        @metadata ||= db_data.empty? ? DB::Theme.metadata_at(slug) : db_data
+      end
+
+      # @return [ Hash ]
+      def db_data
+        @db_data ||= DB::VulnApi.theme_data(slug)
      end

      # @param [ Hash ] opts
--- a/app/models/wp_item.rb
+++ b/app/models/wp_item.rb
@@ -39,11 +39,10 @@ module WPScan

        @vulnerabilities = []

-        # TODO Get them from API
-        #[*db_data['vulnerabilities']].each do |json_vuln|
-        #  vulnerability = Vulnerability.load_from_json(json_vuln)
-        #  @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
-        #end
+        [*db_data['vulnerabilities']].each do |json_vuln|
+          vulnerability = Vulnerability.load_from_json(json_vuln)
+          @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
+        end

        @vulnerabilities
      end
@@ -67,7 +66,7 @@ module WPScan
      # Not used anywhere ATM
      # @return [ Boolean ]
      def popular?
-        @popular ||= metadata['popular']
+        @popular ||= metadata['popular'] ? true : false
      end

      # @return [ String ]
--- a/app/models/wp_version.rb
+++ b/app/models/wp_version.rb
@@ -35,9 +35,16 @@ module WPScan
        @all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }
      end

-      # @return [ JSON ]
+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
+      # @return [ Hash ]
      def metadata
-        @metadata ||= DB::Version.metadata_at(number)
+        @metadata ||= db_data.empty? ? DB::Version.metadata_at(number) : db_data
+      end
+
+      # @return [ Hash ]
+      def db_data
+        @db_data ||= DB::VulnApi.wordpress_data(number)
      end

      # @return [ Array<Vulnerability> ]
@@ -46,10 +53,9 @@ module WPScan

        @vulnerabilities = []

-        # TODO get them from API
-        #[*db_data['vulnerabilities']].each do |json_vuln|
-        #  @vulnerabilities << Vulnerability.load_from_json(json_vuln)
-        #end
+        [*db_data['vulnerabilities']].each do |json_vuln|
+          @vulnerabilities << Vulnerability.load_from_json(json_vuln)
+        end

        @vulnerabilities
      end