Supports loading api token from ENV, Fixes #1460
This commit is contained in:
erwanlr
@@ -4,6 +4,8 @@ module WPScan
|
|||||||
module Controller
|
module Controller
|
||||||
# Controller to handle the API token
|
# Controller to handle the API token
|
||||||
class VulnApi < CMSScanner::Controller::Base
|
class VulnApi < CMSScanner::Controller::Base
|
||||||
|
ENV_KEY = 'WPSCAN_API_TOKEN'
|
||||||
|
|
||||||
def cli_options
|
def cli_options
|
||||||
[
|
[
|
||||||
OptString.new(['--api-token TOKEN', 'The WPVulnDB API Token to display vulnerability data'])
|
OptString.new(['--api-token TOKEN', 'The WPVulnDB API Token to display vulnerability data'])
|
||||||
@@ -11,9 +13,9 @@ module WPScan
|
|||||||
end
|
end
|
||||||
|
|
||||||
def before_scan
|
def before_scan
|
||||||
return unless ParsedCli.api_token
|
return unless ParsedCli.api_token || ENV.key?(ENV_KEY)
|
||||||
|
|
||||||
DB::VulnApi.token = ParsedCli.api_token
|
DB::VulnApi.token = ParsedCli.api_token || ENV[ENV_KEY]
|
||||||
|
|
||||||
api_status = DB::VulnApi.status
|
api_status = DB::VulnApi.status
|
||||||
|
|
||||||
|
|||||||
@@ -74,20 +74,40 @@ describe WPScan::Controller::VulnApi do
|
|||||||
context 'when limited requests' do
|
context 'when limited requests' do
|
||||||
let(:requests) { 100 }
|
let(:requests) { 100 }
|
||||||
|
|
||||||
it 'does not raise an error' do
|
it 'sets the token and does not raise an error' do
|
||||||
expect { controller.before_scan }.to_not raise_error
|
expect { controller.before_scan }.to_not raise_error
|
||||||
|
|
||||||
|
expect(WPScan::DB::VulnApi.token).to eql 'token'
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when unlimited requests' do
|
context 'when unlimited requests' do
|
||||||
let(:requests) { 'Unlimited' }
|
let(:requests) { 'Unlimited' }
|
||||||
|
|
||||||
it 'does not raise an error' do
|
it 'sets the token and does not raise an error' do
|
||||||
expect { controller.before_scan }.to_not raise_error
|
expect { controller.before_scan }.to_not raise_error
|
||||||
|
|
||||||
|
expect(WPScan::DB::VulnApi.token).to eql 'token'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when token in ENV' do
|
||||||
|
before do
|
||||||
|
ENV[described_class::ENV_KEY] = 'token-from-env'
|
||||||
|
|
||||||
|
expect(WPScan::DB::VulnApi)
|
||||||
|
.to receive(:status)
|
||||||
|
.and_return('success' => true, 'plan' => 'free', 'requests_remaining' => 'Unlimited')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'sets the token and does not raise an error' do
|
||||||
|
expect { controller.before_scan }.to_not raise_error
|
||||||
|
|
||||||
|
expect(WPScan::DB::VulnApi.token).to eql 'token-from-env'
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user