diff --git a/app/models/wp_item.rb b/app/models/wp_item.rb index 4ef4930e..62c115cb 100644 --- a/app/models/wp_item.rb +++ b/app/models/wp_item.rb @@ -53,7 +53,9 @@ module WPScan # # @return [ Boolean ] def vulnerable_to?(vuln) - return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty? + return false if version && vuln&.introduced_in && version < vuln.introduced_in + + return true unless version && vuln&.fixed_in && !vuln.fixed_in.empty? version < vuln.fixed_in end diff --git a/lib/wpscan/vulnerability.rb b/lib/wpscan/vulnerability.rb index 013ecb31..788a764d 100644 --- a/lib/wpscan/vulnerability.rb +++ b/lib/wpscan/vulnerability.rb @@ -21,6 +21,7 @@ module WPScan references: references, type: json_data['vuln_type'], fixed_in: json_data['fixed_in'], + introduced_in: json_data['introduced_in'], cvss: json_data['cvss']&.symbolize_keys ) end diff --git a/spec/app/models/plugin_spec.rb b/spec/app/models/plugin_spec.rb index b1254aeb..771ced2c 100644 --- a/spec/app/models/plugin_spec.rb +++ b/spec/app/models/plugin_spec.rb @@ -195,50 +195,108 @@ describe WPScan::Model::Plugin do end context 'when vulnerabilities' do - let(:slug) { 'vulnerable-not-popular' } - let(:db_data) { vuln_api_data_for('plugins/vulnerable-not-popular') } + context 'when only fixed_in' do + let(:slug) { 'vulnerable-not-popular' } + let(:db_data) { vuln_api_data_for('plugins/vulnerable-not-popular') } - let(:all_vulns) do - [ - WPScan::Vulnerability.new( - 'First Vuln <= 6.3.10 - LFI', - references: { wpvulndb: '1' }, - type: 'LFI', - fixed_in: '6.3.10' - ), - WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' }) - ] - end - - context 'when no plugin version' do - before { expect(plugin).to receive(:version).at_least(1).and_return(false) } - - it 'returns all the vulnerabilities' do - @expected = all_vulns - end - end - - context 'when plugin version' do - before do - expect(plugin) - .to receive(:version) - .at_least(1) - .and_return(WPScan::Model::Version.new(number)) + let(:all_vulns) do + [ + WPScan::Vulnerability.new( + 'First Vuln <= 6.3.10 - LFI', + references: { wpvulndb: '1' }, + type: 'LFI', + fixed_in: '6.3.10' + ), + WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' }) + ] end - context 'when < to a fixed_in' do - let(:number) { '5.0' } + context 'when no plugin version' do + before { expect(plugin).to receive(:version).at_least(1).and_return(false) } - it 'returns it' do + it 'returns all the vulnerabilities' do @expected = all_vulns end end - context 'when >= to a fixed_in' do - let(:number) { '6.3.10' } + context 'when plugin version' do + before do + expect(plugin) + .to receive(:version) + .at_least(1) + .and_return(WPScan::Model::Version.new(number)) + end - it 'does not return it ' do - @expected = [all_vulns.last] + context 'when < to fixed_in' do + let(:number) { '5.0' } + + it 'returns it' do + @expected = all_vulns + end + end + + context 'when >= to fixed_in' do + let(:number) { '6.3.10' } + + it 'does not return it ' do + @expected = [all_vulns.last] + end + end + end + end + + context 'when introduced_in' do + let(:db_data) { vuln_api_data_for('plugins/vulnerable-introduced-in') } + + let(:all_vulns) do + [ + WPScan::Vulnerability.new( + 'Introduced In 6.4', + fixed_in: '6.5', + introduced_in: '6.4', + references: { wpvulndb: '1' } + ) + ] + end + + context 'when no plugin version' do + before { expect(plugin).to receive(:version).at_least(1).and_return(false) } + + it 'returns all the vulnerabilities' do + @expected = all_vulns + end + end + + context 'when plugin version' do + before do + expect(plugin) + .to receive(:version) + .at_least(1) + .and_return(WPScan::Model::Version.new(number)) + end + + context 'when < to introduced_in' do + let(:number) { '5.0' } + + it 'does not return it' do + @expected = [] + end + end + + context 'when >= to fixed_in' do + let(:number) { '6.5' } + + it 'does not return it' do + @expected = [] + end + end + + context 'when >= to introduced_in' do + let(:number) { '6.4' } + + it 'returns it' do + @expected = all_vulns + end end end end diff --git a/spec/fixtures/db/vuln_api/plugins/vulnerable-introduced-in.json b/spec/fixtures/db/vuln_api/plugins/vulnerable-introduced-in.json new file mode 100644 index 00000000..0ba8e2be --- /dev/null +++ b/spec/fixtures/db/vuln_api/plugins/vulnerable-introduced-in.json @@ -0,0 +1,13 @@ +{ + "latest_version": null, + "last_updated": null, + "popular": false, + "vulnerabilities" : [ + { + "title": "Introduced In 6.4", + "id": 1, + "introduced_in": "6.4", + "fixed_in": "6.5" + } + ] +} \ No newline at end of file