Implement Erwan's feedbaxk #853

2015-08-14 21:51:55 +02:00
parent 8727935cb2
commit 57f6206aee
8 changed files with 61 additions and 62 deletions
--- a/lib/common/models/wp_item/vulnerable.rb
+++ b/lib/common/models/wp_item/vulnerable.rb
@@ -9,14 +9,13 @@ class WpItem
    #
    # @return [ Vulnerabilities ]
    def vulnerabilities      
-      json = json(vulns_file).select { |item| !item['vulnerabilities'].empty? }
+      json = json(vulns_file)
      vulnerabilities = Vulnerabilities.new
      json.each do |item|
-        asset = item['version'][identifier] if item['version']
+        asset = item['version'] || item['name']
        asset = item['name'][identifier] if item['name']
-        next unless asset
+        next unless asset == identifier
        item['vulnerabilities'].each do |vulnerability|
          vulnerability = Vulnerability.load_from_json_item(vulnerability)
--- a/spec/lib/common/models/wp_item_spec.rb
+++ b/spec/lib/common/models/wp_item_spec.rb
@@ -15,7 +15,7 @@ describe WpItem do
    let(:identifier)    { 'neo' }
    let(:expected_refs)  { {
        'id'  => [2993],
-        'url' => ['Ref 1,Ref 2'],
+        'url' => ['Ref 1', 'Ref 2'],
        'cve' => ['2011-001'],
        'secunia' => ['secunia'],
        'osvdb' => ['osvdb'],
--- a/spec/lib/common/models/wp_plugin_spec.rb
+++ b/spec/lib/common/models/wp_plugin_spec.rb
@@ -9,7 +9,7 @@ describe WpPlugin do
    let(:vulns_file)     { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins.json' }
    let(:expected_refs)  { {
        'id'  => [2993],
-        'url' => ['Ref 1,Ref 2'],
+        'url' => ['Ref 1', 'Ref 2'],
        'cve' => ['2011-001'],
        'secunia' => ['secunia'],
        'osvdb' => ['osvdb'],
--- a/spec/lib/common/models/wp_theme_spec.rb
+++ b/spec/lib/common/models/wp_theme_spec.rb
@@ -10,7 +10,7 @@ describe WpTheme do
    let(:vulns_file)     { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
    let(:expected_refs)  { {
        'id' => [2993],
-        'url' => ['Ref 1,Ref 2'],
+        'url' => ['Ref 1', 'Ref 2'],
        'cve' => ['2011-001'],
        'secunia' => ['secunia'],
        'osvdb' => ['osvdb'],
--- a/spec/samples/common/models/wp_item/vulnerable/items_vulns.json
+++ b/spec/samples/common/models/wp_item/vulnerable/items_vulns.json
@@ -6,7 +6,7 @@
            "id":2989,
            "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
            "references": {
-              "url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com"
+              "url": ["https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/" ,"http://www.example.com"]
            },
            "created_at":"2014-07-28T12:10:07.000Z",
            "updated_at":"2014-07-28T12:43:41.000Z"
@@ -20,12 +20,12 @@
            "id":2993,
            "title":"I'm the one",
            "references": {
-               "url":"Ref 1,Ref 2",
+               "url": ["Ref 1", "Ref 2"],
-               "osvdb":"osvdb",
+               "osvdb": ["osvdb"],
-               "cve":"2011-001",
+               "cve": ["2011-001"],
-               "secunia":"secunia",
+               "secunia": ["secunia"],
-               "metasploit":"exploit/ex1",
+               "metasploit": ["exploit/ex1"],
-               "exploitdb":"exploitdb"
+               "exploitdb": ["exploitdb"]
            },
            "type":"XSS",
            "fixed_in":"",
--- a/spec/samples/common/models/wp_plugin/vulnerable/plugins.json
+++ b/spec/samples/common/models/wp_plugin/vulnerable/plugins.json
@@ -6,12 +6,12 @@
            "id":2993,
            "title":"I should not appear in the results",
            "references": {
-               "url":"Ref 1,Ref 2",
+               "url": ["Ref 1","Ref 2"],
-               "osvdb":"osvdb",
+               "osvdb": ["osvdb"],
-               "cve":"2011-001",
+               "cve": ["2011-001"],
-               "secunia":"secunia",
+               "secunia": ["secunia"],
-               "metasploit":"exploit/ex1",
+               "metasploit": ["exploit/ex1"],
-               "exploitdb":"exploitdb"
+               "exploitdb": ["exploitdb"]
            },
            "type":"XSS",
            "fixed_in":"",
@@ -22,12 +22,12 @@
            "id":2989,
            "title":"Neither do I",
            "references": {
-               "url":"Ref 1,Ref 2",
+               "url": ["Ref 1" ,"Ref 2"],
-               "osvdb":"osvdb",
+               "osvdb": ["osvdb"],
-               "cve":"2011-001",
+               "cve": ["2011-001"],
-               "secunia":"secunia",
+               "secunia": ["secunia"],
-               "metasploit":"exploit/ex1",
+               "metasploit": ["exploit/ex1"],
-               "exploitdb":"exploitdb"
+               "exploitdb": ["exploitdb"]
            },
            "type":"XSS",
            "fixed_in":"",
@@ -43,12 +43,12 @@
             "id":2993,
             "title":"Follow me!",
             "references": {
-               "url":"Ref 1,Ref 2",
+               "url": ["Ref 1", "Ref 2"],
-               "osvdb":"osvdb",
+               "osvdb": ["osvdb"],
-               "cve":"2011-001",
+               "cve": ["2011-001"],
-               "secunia":"secunia",
+               "secunia": ["secunia"],
-               "metasploit":"exploit/ex1",
+               "metasploit": ["exploit/ex1"],
-               "exploitdb":"exploitdb"
+               "exploitdb": ["exploitdb"]
             },
             "type":"REDIRECT",
             "fixed_in":"",
--- a/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json
+++ b/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json
@@ -6,12 +6,12 @@
            "id":2989,
            "title":"I should not appear in the results",
            "references": {
-               "url":"Ref 1,Ref 2",
+               "url": ["Ref 1", "Ref 2"],
-               "osvdb":"osvdb",
+               "osvdb": ["osvdb"],
-               "cve":"2011-001",
+               "cve": ["2011-001"],
-               "secunia":"secunia",
+               "secunia": ["secunia"],
-               "metasploit":"exploit/ex1",
+               "metasploit": ["exploit/ex1"],
-               "exploitdb":"exploitdb"
+               "exploitdb": ["exploitdb"]
            },
            "type":"XSS",
            "fixed_in":"",
@@ -22,12 +22,12 @@
            "id":2989,
            "title":"Neither do I",
            "references": {
-               "url":"Ref 1,Ref 2",
+               "url": ["Ref 1", "Ref 2"],
-               "osvdb":"osvdb",
+               "osvdb": ["osvdb"],
-               "cve":"2011-001",
+               "cve": ["2011-001"],
-               "secunia":"secunia",
+               "secunia": ["secunia"],
-               "metasploit":"exploit/ex1",
+               "metasploit": ["exploit/ex1"],
-               "exploitdb":"exploitdb"
+               "exploitdb": ["exploitdb"]
            },
            "type":"XSS",
            "fixed_in":"",
@@ -43,12 +43,12 @@
            "id":2993,
            "title":"I see you",
            "references": {
-               "url":"Ref 1,Ref 2",
+               "url": ["Ref 1", "Ref 2"],
-               "osvdb":"osvdb",
+               "osvdb": ["osvdb"],
-               "cve":"2011-001",
+               "cve": ["2011-001"],
-               "secunia":"secunia",
+               "secunia": ["secunia"],
-               "metasploit":"exploit/ex1",
+               "metasploit": ["exploit/ex1"],
-               "exploitdb":"exploitdb"
+               "exploitdb": ["exploitdb"]
            },
            "type":"FPD",
            "fixed_in":"",
--- a/spec/samples/common/models/wp_version/vulnerable/versions_vulns.json
+++ b/spec/samples/common/models/wp_version/vulnerable/versions_vulns.json
@@ -6,12 +6,12 @@
            "id":2989,
            "title":"I should not appear in the results",
            "references": {
-               "url":"Ref 1,Ref 2",
+               "url": ["Ref 1", "Ref 2"],
-               "osvdb":"osvdb",
+               "osvdb": ["osvdb"],
-               "cve":"2011-001",
+               "cve": ["2011-001"],
-               "secunia":"secunia",
+               "secunia": ["secunia"],
-               "metasploit":"exploit/ex1",
+               "metasploit": ["exploit/ex1"],
-               "exploitdb":"exploitdb"
+               "exploitdb": ["exploitdb"]
               },
            "type":"XSS",
            "fixed_in":"",
@@ -27,12 +27,12 @@
            "id":2993,
            "title":"Here I Am",
            "references": {
-               "url":"Ref 1,Ref 2",
+               "url": ["Ref 1", "Ref 2"],
-               "osvdb":"osvdb",
+               "osvdb": ["osvdb"],
-               "cve":"2011-001",
+               "cve": ["2011-001"],
-               "secunia":"secunia",
+               "secunia": ["secunia"],
-               "metasploit":"exploit/ex1",
+               "metasploit": ["exploit/ex1"],
-               "exploitdb":"exploitdb"
+               "exploitdb": ["exploitdb"]
            },
            "type":"SQLI",
            "fixed_in":"",