Checks the potential introduced_in version

2021-03-22 11:35:11 +01:00
parent b0e946ee29
commit 4d00d97be9
4 changed files with 110 additions and 36 deletions
--- a/app/models/wp_item.rb
+++ b/app/models/wp_item.rb
@@ -53,7 +53,9 @@ module WPScan
      #
      # @return [ Boolean ]
      def vulnerable_to?(vuln)
-        return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
+        return false if version && vuln&.introduced_in && version < vuln.introduced_in
+
+        return true unless version && vuln&.fixed_in && !vuln.fixed_in.empty?

        version < vuln.fixed_in
      end
--- a/lib/wpscan/vulnerability.rb
+++ b/lib/wpscan/vulnerability.rb
@@ -21,6 +21,7 @@ module WPScan
        references: references,
        type: json_data['vuln_type'],
        fixed_in: json_data['fixed_in'],
+        introduced_in: json_data['introduced_in'],
        cvss: json_data['cvss']&.symbolize_keys
      )
    end
--- a/spec/app/models/plugin_spec.rb
+++ b/spec/app/models/plugin_spec.rb
@@ -195,50 +195,108 @@ describe WPScan::Model::Plugin do
      end

      context 'when vulnerabilities' do
-        let(:slug)    { 'vulnerable-not-popular' }
-        let(:db_data) { vuln_api_data_for('plugins/vulnerable-not-popular') }
+        context 'when only fixed_in' do
+          let(:slug)    { 'vulnerable-not-popular' }
+          let(:db_data) { vuln_api_data_for('plugins/vulnerable-not-popular') }

-        let(:all_vulns) do
-          [
-            WPScan::Vulnerability.new(
-              'First Vuln <= 6.3.10 - LFI',
-              references: { wpvulndb: '1' },
-              type: 'LFI',
-              fixed_in: '6.3.10'
-            ),
-            WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
-          ]
-        end
-
-        context 'when no plugin version' do
-          before { expect(plugin).to receive(:version).at_least(1).and_return(false) }
-
-          it 'returns all the vulnerabilities' do
-            @expected = all_vulns
-          end
-        end
-
-        context 'when plugin version' do
-          before do
-            expect(plugin)
-              .to receive(:version)
-              .at_least(1)
-              .and_return(WPScan::Model::Version.new(number))
+          let(:all_vulns) do
+            [
+              WPScan::Vulnerability.new(
+                'First Vuln <= 6.3.10 - LFI',
+                references: { wpvulndb: '1' },
+                type: 'LFI',
+                fixed_in: '6.3.10'
+              ),
+              WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
+            ]
          end

-          context 'when < to a fixed_in' do
-            let(:number) { '5.0' }
+          context 'when no plugin version' do
+            before { expect(plugin).to receive(:version).at_least(1).and_return(false) }

-            it 'returns it' do
+            it 'returns all the vulnerabilities' do
              @expected = all_vulns
            end
          end

-          context 'when >= to a fixed_in' do
-            let(:number) { '6.3.10' }
+          context 'when plugin version' do
+            before do
+              expect(plugin)
+                .to receive(:version)
+                .at_least(1)
+                .and_return(WPScan::Model::Version.new(number))
+            end

-            it 'does not return it ' do
-              @expected = [all_vulns.last]
+            context 'when < to fixed_in' do
+              let(:number) { '5.0' }
+
+              it 'returns it' do
+                @expected = all_vulns
+              end
+            end
+
+            context 'when >= to fixed_in' do
+              let(:number) { '6.3.10' }
+
+              it 'does not return it ' do
+                @expected = [all_vulns.last]
+              end
+            end
+          end
+        end
+
+        context 'when introduced_in' do
+          let(:db_data) { vuln_api_data_for('plugins/vulnerable-introduced-in') }
+
+          let(:all_vulns) do
+            [
+              WPScan::Vulnerability.new(
+                'Introduced In 6.4',
+                fixed_in: '6.5',
+                introduced_in: '6.4',
+                references: { wpvulndb: '1' }
+              )
+            ]
+          end
+
+          context 'when no plugin version' do
+            before { expect(plugin).to receive(:version).at_least(1).and_return(false) }
+
+            it 'returns all the vulnerabilities' do
+              @expected = all_vulns
+            end
+          end
+
+          context 'when plugin version' do
+            before do
+              expect(plugin)
+                .to receive(:version)
+                .at_least(1)
+                .and_return(WPScan::Model::Version.new(number))
+            end
+
+            context 'when < to introduced_in' do
+              let(:number) { '5.0' }
+
+              it 'does not return it' do
+                @expected = []
+              end
+            end
+
+            context 'when >= to fixed_in' do
+              let(:number) { '6.5' }
+
+              it 'does not return it' do
+                @expected = []
+              end
+            end
+
+            context 'when >= to introduced_in' do
+              let(:number) { '6.4' }
+
+              it 'returns it' do
+                @expected = all_vulns
+              end
            end
          end
        end
--- a/spec/fixtures/db/vuln_api/plugins/vulnerable-introduced-in.json
+++ b/spec/fixtures/db/vuln_api/plugins/vulnerable-introduced-in.json
@@ -0,0 +1,13 @@
+{
+  "latest_version": null,
+  "last_updated": null,
+  "popular": false,
+  "vulnerabilities" : [
+    {
+      "title": "Introduced In 6.4",
+      "id": 1,
+      "introduced_in": "6.4",
+      "fixed_in": "6.5"
+    }
+  ]
+}