diff --git a/Gemfile b/Gemfile index 134b17ec..51f2fa45 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' gem 'typhoeus', '~>0.7.0' gem 'nokogiri' gem 'addressable' -gem 'json' +gem 'yajl-ruby' # Better JSON parser regarding memory usage gem 'terminal-table', '~>1.4.5' gem 'ruby-progressbar', '>=1.6.0' diff --git a/lib/common/collections/wp_items.rb b/lib/common/collections/wp_items.rb index 5fdb17ec..0ac3adb4 100755 --- a/lib/common/collections/wp_items.rb +++ b/lib/common/collections/wp_items.rb @@ -67,6 +67,7 @@ class WpItems < Array end protected + # @return [ Class ] def item_class Object.const_get(self.class.to_s.gsub(/.$/, '')) diff --git a/lib/common/collections/wp_items/detectable.rb b/lib/common/collections/wp_items/detectable.rb index d27925df..e10a1990 100755 --- a/lib/common/collections/wp_items/detectable.rb +++ b/lib/common/collections/wp_items/detectable.rb @@ -32,11 +32,7 @@ class WpItems < Array progress_bar.progress += 1 if options[:show_progression] if target_item.exists?(exist_options, response) - unless results.include?(target_item) - if !options[:only_vulnerable] || options[:only_vulnerable] && target_item.vulnerable? - results << target_item - end - end + results << target_item unless results.include?(target_item) end end @@ -53,7 +49,7 @@ class WpItems < Array # run the remaining requests hydra.run - results.select!(&:vulnerable?) if options[:only_vulnerable] + results.select!(&:vulnerable?) if options[:type] == :vulnerable results.sort! results # can't just return results.sort as it would return an array, and we want a WpItems @@ -155,15 +151,7 @@ class WpItems < Array item_class = self.item_class vulns_file = self.vulns_file - targets = vulnerable_targets_items(wp_target, item_class, vulns_file) - - unless options[:only_vulnerable] - unless options[:file] - raise 'A file must be supplied' - end - - targets += targets_items_from_file(options[:file], wp_target, item_class, vulns_file) - end + targets = target_items_from_type(wp_target, item_class, vulns_file, options[:type]) targets.uniq! { |t| t.name } targets.sort_by { rand } @@ -174,14 +162,25 @@ class WpItems < Array # @param [ String ] vulns_file # # @return [ Array ] - def vulnerable_targets_items(wp_target, item_class, vulns_file) + def target_items_from_type(wp_target, item_class, vulns_file, type) targets = [] json = json(vulns_file) - [*json].each do |item| + case type + when :vulnerable + items = json.select { |item| !json[item]['vulnerabilities'].empty? }.keys + when :popular + items = json.select { |item| json[item]['popular'] == true }.keys + when :all + items = json.keys + else + raise "Unknown type #{type}" + end + + items.each do |item| targets << create_item( item_class, - item.keys.inject, + item, wp_target, vulns_file ) @@ -233,6 +232,5 @@ class WpItems < Array def item_class Object.const_get(self.to_s.gsub(/.$/, '')) end - end end diff --git a/lib/common/collections/wp_plugins/detectable.rb b/lib/common/collections/wp_plugins/detectable.rb index 3eb43c3c..30be4381 100644 --- a/lib/common/collections/wp_plugins/detectable.rb +++ b/lib/common/collections/wp_plugins/detectable.rb @@ -2,17 +2,11 @@ class WpPlugins < WpItems module Detectable - # @return [ String ] def vulns_file - PLUGINS_VULNS_FILE + PLUGINS_FILE end - # @return [ String ] - # def item_xpath - # '//plugin' - # end - # @param [ WpTarget ] wp_target # @param [ Hash ] options # diff --git a/lib/common/collections/wp_themes/detectable.rb b/lib/common/collections/wp_themes/detectable.rb index a2c3e594..7e28b8b1 100644 --- a/lib/common/collections/wp_themes/detectable.rb +++ b/lib/common/collections/wp_themes/detectable.rb @@ -5,13 +5,7 @@ class WpThemes < WpItems # @return [ String ] def vulns_file - THEMES_VULNS_FILE + THEMES_FILE end - - # @return [ String ] - # def item_xpath - # '//theme' - # end - end end diff --git a/lib/common/common_helper.rb b/lib/common/common_helper.rb index 82f40516..34604f93 100644 --- a/lib/common/common_helper.rb +++ b/lib/common/common_helper.rb @@ -18,20 +18,15 @@ COMMON_PLUGINS_DIR = File.join(COMMON_LIB_DIR, 'plugins') WPSCAN_PLUGINS_DIR = File.join(WPSCAN_LIB_DIR, 'plugins') # Not used ATM # Data files -PLUGINS_FILE = File.join(DATA_DIR, 'plugins.txt') -PLUGINS_FULL_FILE = File.join(DATA_DIR, 'plugins_full.txt') -PLUGINS_VULNS_FILE = File.join(DATA_DIR, 'plugin_vulns.json') -THEMES_FILE = File.join(DATA_DIR, 'themes.txt') -THEMES_FULL_FILE = File.join(DATA_DIR, 'themes_full.txt') -THEMES_VULNS_FILE = File.join(DATA_DIR, 'theme_vulns.json') -WP_VULNS_FILE = File.join(DATA_DIR, 'wp_vulns.json') -WP_VERSIONS_FILE = File.join(DATA_DIR, 'wp_versions.xml') -LOCAL_FILES_FILE = File.join(DATA_DIR, 'local_vulnerable_files.xml') -# VULNS_XSD = File.join(DATA_DIR, 'vuln.xsd') -WP_VERSIONS_XSD = File.join(DATA_DIR, 'wp_versions.xsd') -LOCAL_FILES_XSD = File.join(DATA_DIR, 'local_vulnerable_files.xsd') -USER_AGENTS_FILE = File.join(DATA_DIR, 'user-agents.txt') -LAST_UPDATE_FILE = File.join(DATA_DIR, '.last_update') +WORDPRESSES_FILE = File.join(DATA_DIR, 'wordpresses.json') +PLUGINS_FILE = File.join(DATA_DIR, 'plugins.json') +THEMES_FILE = File.join(DATA_DIR, 'themes.json') +WP_VERSIONS_FILE = File.join(DATA_DIR, 'wp_versions.xml') +LOCAL_FILES_FILE = File.join(DATA_DIR, 'local_vulnerable_files.xml') +WP_VERSIONS_XSD = File.join(DATA_DIR, 'wp_versions.xsd') +LOCAL_FILES_XSD = File.join(DATA_DIR, 'local_vulnerable_files.xsd') +USER_AGENTS_FILE = File.join(DATA_DIR, 'user-agents.txt') +LAST_UPDATE_FILE = File.join(DATA_DIR, '.last_update') WPSCAN_VERSION = '2.8' diff --git a/lib/common/db_updater.rb b/lib/common/db_updater.rb index 0204a9df..55a37095 100644 --- a/lib/common/db_updater.rb +++ b/lib/common/db_updater.rb @@ -4,9 +4,8 @@ class DbUpdater FILES = %w( local_vulnerable_files.xml local_vulnerable_files.xsd - plugins_full.txt plugins.txt themes_full.txt themes.txt timthumbs.txt user-agents.txt wp_versions.xml wp_versions.xsd - plugin_vulns.json theme_vulns.json wp_vulns.json LICENSE + wordpresses.json plugins.json themes.json LICENSE ) attr_reader :repo_directory diff --git a/lib/common/models/vulnerability.rb b/lib/common/models/vulnerability.rb index 1e6dccc7..c1a94992 100755 --- a/lib/common/models/vulnerability.rb +++ b/lib/common/models/vulnerability.rb @@ -42,11 +42,12 @@ class Vulnerability # @return [ Vulnerability ] def self.load_from_json_item(json_item) references = {} + references['id'] = [json_item['id']] - %w(id url cve secunia osvdb metasploit exploitdb).each do |key| - if json_item[key] - json_item[key] = [json_item[key]] if json_item[key].class != Array - references[key] = json_item[key] + %w(url cve secunia osvdb metasploit exploitdb).each do |key| + if json_item['references'][key] + json_item['references'][key] = [json_item['references'][key]] if json_item['references'][key].class != Array + references[key] = json_item['references'][key] end end @@ -54,7 +55,7 @@ class Vulnerability json_item['title'], json_item['type'], references, - json_item['fixed_in'], + json_item['fixed_in'] ) end diff --git a/lib/common/models/vulnerability/output.rb b/lib/common/models/vulnerability/output.rb index e6170338..06e81798 100644 --- a/lib/common/models/vulnerability/output.rb +++ b/lib/common/models/vulnerability/output.rb @@ -2,22 +2,22 @@ class Vulnerability module Output - # output the vulnerability def output(verbose = false) puts puts critical("Title: #{title}") + references.each do |key, urls| methodname = "url_#{key}" + urls.each do |u| next unless respond_to?(methodname) url = send(methodname, u) puts " Reference: #{url}" if url end end - unless fixed_in.nil? - puts notice("Fixed in: #{fixed_in}") - end + + puts notice("Fixed in: #{fixed_in}") if fixed_in end end end diff --git a/lib/common/models/wp_item.rb b/lib/common/models/wp_item.rb index 81f00691..5176c30d 100755 --- a/lib/common/models/wp_item.rb +++ b/lib/common/models/wp_item.rb @@ -22,7 +22,7 @@ class WpItem # @return [ Array ] # Make it private ? def allowed_options - [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :vulns_file] + [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :db_file] end # @param [ URI ] target_base_uri @@ -30,7 +30,6 @@ class WpItem # # @return [ WpItem ] def initialize(target_base_uri, options = {}) - options[:wp_content_dir] ||= 'wp-content' options[:wp_plugins_dir] ||= options[:wp_content_dir] + '/plugins' @@ -38,6 +37,27 @@ class WpItem forge_uri(target_base_uri) end + def identifier + @identifier ||= name + end + + # @return [ Hash ] + def db_data + @db_data ||= json(db_file)[identifier] || {} + end + + def latest_version + db_data['latest_version'] + end + + def last_updated + db_data['last_ipdated'] + end + + def popular? + db_data['popular'] + end + # @param [ Hash ] options # # @return [ void ] diff --git a/lib/common/models/wp_item/output.rb b/lib/common/models/wp_item/output.rb index 889883e1..10c51cdd 100644 --- a/lib/common/models/wp_item/output.rb +++ b/lib/common/models/wp_item/output.rb @@ -5,12 +5,17 @@ class WpItem # @return [ Void ] def output(verbose = false) + outdated = VersionCompare.lesser?(version, latest_version) if latest_version + puts puts info("Name: #{self}") #this will also output the version number if detected + puts " | Latest version: #{latest_version} (up to date)" if latest_version && !outdated + puts " | Last updated: #{last_updated}" if last_updated puts " | Location: #{url}" - #puts " | WordPress: #{wordpress_url}" if wordpress_org_item? puts " | Readme: #{readme_url}" if has_readme? puts " | Changelog: #{changelog_url}" if has_changelog? + puts warning("The version is out of date, the latest version is #{latest_version}") if latest_version && outdated + puts warning("Directory listing is enabled: #{url}") if has_directory_listing? puts warning("An error_log file has been found: #{error_log_url}") if has_error_log? diff --git a/lib/common/models/wp_item/vulnerable.rb b/lib/common/models/wp_item/vulnerable.rb index 3b7619cf..25c2413f 100755 --- a/lib/common/models/wp_item/vulnerable.rb +++ b/lib/common/models/wp_item/vulnerable.rb @@ -2,30 +2,23 @@ class WpItem module Vulnerable - attr_accessor :vulns_file, :identifier + attr_accessor :db_file, :identifier # Get the vulnerabilities associated to the WpItem # Filters out already fixed vulnerabilities # # @return [ Vulnerabilities ] def vulnerabilities - json = json(vulns_file) - vulnerabilities = Vulnerabilities.new + return @vulnerabilities if @vulnerabilities - json.each do |item| - asset = item[identifier] + @vulnerabilities = Vulnerabilities.new - next unless asset - - asset['vulnerabilities'].each do |vulnerability| - vulnerability = Vulnerability.load_from_json_item(vulnerability) - vulnerabilities << vulnerability if vulnerable_to?(vulnerability) - end - - break # No need to iterate any further + [*db_data['vulnerabilities']].each do |vulnerability| + vulnerability = Vulnerability.load_from_json_item(vulnerability) + @vulnerabilities << vulnerability if vulnerable_to?(vulnerability) end - vulnerabilities + @vulnerabilities end def vulnerable? diff --git a/lib/common/models/wp_plugin.rb b/lib/common/models/wp_plugin.rb index bfc29200..8c47e158 100755 --- a/lib/common/models/wp_plugin.rb +++ b/lib/common/models/wp_plugin.rb @@ -1,10 +1,6 @@ # encoding: UTF-8 -require 'wp_plugin/vulnerable' - class WpPlugin < WpItem - include WpPlugin::Vulnerable - # Sets the @uri # # @param [ URI ] target_base_uri The URI of the wordpress blog @@ -14,4 +10,7 @@ class WpPlugin < WpItem @uri = target_base_uri.merge(URI.encode(wp_plugins_dir + '/' + name + '/')) end + def db_file + @db_file ||= PLUGINS_FILE + end end diff --git a/lib/common/models/wp_plugin/vulnerable.rb b/lib/common/models/wp_plugin/vulnerable.rb deleted file mode 100644 index 1d994d62..00000000 --- a/lib/common/models/wp_plugin/vulnerable.rb +++ /dev/null @@ -1,20 +0,0 @@ -# encoding: UTF-8 - -class WpPlugin < WpItem - module Vulnerable - - # @return [ String ] The path to the file containing vulnerabilities - def vulns_file - unless @vulns_file - @vulns_file = PLUGINS_VULNS_FILE - end - @vulns_file - end - - # @return [ String ] - def identifier - @name - end - - end -end diff --git a/lib/common/models/wp_theme.rb b/lib/common/models/wp_theme.rb index 81f62a77..0a8a478b 100755 --- a/lib/common/models/wp_theme.rb +++ b/lib/common/models/wp_theme.rb @@ -2,7 +2,6 @@ require 'wp_theme/findable' require 'wp_theme/versionable' -require 'wp_theme/vulnerable' require 'wp_theme/info' require 'wp_theme/output' require 'wp_theme/childtheme' @@ -10,7 +9,6 @@ require 'wp_theme/childtheme' class WpTheme < WpItem extend WpTheme::Findable include WpTheme::Versionable - include WpTheme::Vulnerable include WpTheme::Info include WpTheme::Output include WpTheme::Childtheme @@ -33,4 +31,7 @@ class WpTheme < WpItem @uri.merge('style.css').to_s end + def db_file + @db_file ||= THEMES_FILE + end end diff --git a/lib/common/models/wp_theme/vulnerable.rb b/lib/common/models/wp_theme/vulnerable.rb deleted file mode 100644 index 756f547a..00000000 --- a/lib/common/models/wp_theme/vulnerable.rb +++ /dev/null @@ -1,19 +0,0 @@ -# encoding: UTF-8 - -class WpTheme < WpItem - module Vulnerable - - # @return [ String ] The path to the file containing vulnerabilities - def vulns_file - unless @vulns_file - @vulns_file = THEMES_VULNS_FILE - end - @vulns_file - end - - # @return [ String ] - def identifier - @name - end - end -end diff --git a/lib/common/models/wp_version.rb b/lib/common/models/wp_version.rb index cdf38043..2c18161a 100755 --- a/lib/common/models/wp_version.rb +++ b/lib/common/models/wp_version.rb @@ -1,13 +1,10 @@ # encoding: UTF-8 require 'wp_version/findable' -require 'wp_version/vulnerable' require 'wp_version/output' class WpVersion < WpItem - extend WpVersion::Findable - include WpVersion::Vulnerable include WpVersion::Output # The version number @@ -17,6 +14,14 @@ class WpVersion < WpItem # @return [ Array ] def allowed_options; super << :number << :found_from end + def identifier + @identifier ||= number + end + + def db_file + @db_file ||= WORDPRESSES_FILE + end + # @param [ WpVersion ] other # # @return [ Boolean ] diff --git a/lib/common/models/wp_version/vulnerable.rb b/lib/common/models/wp_version/vulnerable.rb deleted file mode 100644 index ad846a26..00000000 --- a/lib/common/models/wp_version/vulnerable.rb +++ /dev/null @@ -1,19 +0,0 @@ -# encoding: UTF-8 - -class WpVersion < WpItem - module Vulnerable - - # @return [ String ] The path to the file containing vulnerabilities - def vulns_file - unless @vulns_file - @vulns_file = WP_VULNS_FILE - end - @vulns_file - end - - # @return [ String ] - def identifier - @number - end - end -end diff --git a/lib/common/version_compare.rb b/lib/common/version_compare.rb index 3e0ded85..301388ec 100644 --- a/lib/common/version_compare.rb +++ b/lib/common/version_compare.rb @@ -11,8 +11,8 @@ class VersionCompare # @return [ Boolean ] def self.lesser_or_equal?(version1, version2) # Prepend a '0' if the version starts with a '.' - version1 = "0#{version1}" if version1 && version1[0,1] == '.' - version2 = "0#{version2}" if version2 && version2[0,1] == '.' + version1 = prepend_zero(version1) + version2 = prepend_zero(version2) return true if (version1 == version2) # Both versions must be set @@ -27,4 +27,36 @@ class VersionCompare end return false end + + # Compares two version strings. Returns true if version1 < version2 + # and false otherwise + # + # @param [ String ] version1 + # @param [ String ] version2 + # + # @return [ Boolean ] + def self.lesser?(version1, version2) + # Prepend a '0' if the version starts with a '.' + version1 = prepend_zero(version1) + version2 = prepend_zero(version2) + + return false if (version1 == version2) + # Both versions must be set + return false unless (version1 and version2) + return false if (version1.empty? or version2.empty?) + begin + return true if (Gem::Version.new(version1) < Gem::Version.new(version2)) + rescue ArgumentError => e + # Example: ArgumentError: Malformed version number string a + return false if e.message =~ /Malformed version number string/ + raise + end + return false + end + + # @return [ String ] + def self.prepend_zero(version) + return nil if version.nil? + version[0,1] == '.' ? "0#{version}" : version + end end diff --git a/lib/environment.rb b/lib/environment.rb index 46270890..85ae571d 100644 --- a/lib/environment.rb +++ b/lib/environment.rb @@ -31,7 +31,7 @@ begin require 'pathname' # Third party libs require 'typhoeus' - require 'json' + require 'yajl/json_gem' require 'nokogiri' require 'terminal-table' require 'ruby-progressbar' diff --git a/spec/lib/common/collections/wp_plugins_spec.rb b/spec/lib/common/collections/wp_plugins_spec.rb index b1214f0d..5b0a1804 100644 --- a/spec/lib/common/collections/wp_plugins_spec.rb +++ b/spec/lib/common/collections/wp_plugins_spec.rb @@ -11,7 +11,7 @@ describe WpPlugins do let(:expected) do { request_params: { cache_ttl: 0, followlocation: true }, - vulns_file: PLUGINS_VULNS_FILE, + vulns_file: PLUGINS_FILE, targets_items_from_file: [ WpPlugin.new(uri, name: 'plugin1'), WpPlugin.new(uri, name:'plugin-2'), WpPlugin.new(uri, name: 'mr-smith')], diff --git a/spec/lib/common/collections/wp_themes_spec.rb b/spec/lib/common/collections/wp_themes_spec.rb index d173e396..b29c56ec 100644 --- a/spec/lib/common/collections/wp_themes_spec.rb +++ b/spec/lib/common/collections/wp_themes_spec.rb @@ -13,7 +13,7 @@ describe WpThemes do let(:expected) do { request_params: { cache_ttl: 0, followlocation: true }, - vulns_file: THEMES_VULNS_FILE, + vulns_file: THEMES_FILE, targets_items_from_file: [ WpTheme.new(uri, name: '3colours'), WpTheme.new(uri, name:'42k'), WpTheme.new(uri, name: 'a-ri')], diff --git a/spec/lib/common/models/wp_item_spec.rb b/spec/lib/common/models/wp_item_spec.rb index 2cc8f93f..3af882d8 100644 --- a/spec/lib/common/models/wp_item_spec.rb +++ b/spec/lib/common/models/wp_item_spec.rb @@ -11,11 +11,11 @@ describe WpItem do end it_behaves_like 'WpItem::Versionable' it_behaves_like 'WpItem::Vulnerable' do - let(:vulns_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' } + let(:db_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' } let(:identifier) { 'neo' } let(:expected_refs) { { 'id' => [2993], - 'url' => ['Ref 1,Ref 2'], + 'url' => ['Ref 1', 'Ref 2'], 'cve' => ['2011-001'], 'secunia' => ['secunia'], 'osvdb' => ['osvdb'], diff --git a/spec/lib/common/models/wp_plugin_spec.rb b/spec/lib/common/models/wp_plugin_spec.rb index 29425678..bc88247c 100644 --- a/spec/lib/common/models/wp_plugin_spec.rb +++ b/spec/lib/common/models/wp_plugin_spec.rb @@ -5,11 +5,11 @@ require 'spec_helper' describe WpPlugin do it_behaves_like 'WpPlugin::Vulnerable' it_behaves_like 'WpItem::Vulnerable' do - let(:options) { { name: 'white-rabbit' } } - let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' } + let(:options) { { name: 'white-rabbit' } } + let(:db_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins.json' } let(:expected_refs) { { 'id' => [2993], - 'url' => ['Ref 1,Ref 2'], + 'url' => ['Ref 1', 'Ref 2'], 'cve' => ['2011-001'], 'secunia' => ['secunia'], 'osvdb' => ['osvdb'], diff --git a/spec/lib/common/models/wp_theme_spec.rb b/spec/lib/common/models/wp_theme_spec.rb index 2809464d..2c7986e5 100644 --- a/spec/lib/common/models/wp_theme_spec.rb +++ b/spec/lib/common/models/wp_theme_spec.rb @@ -7,10 +7,10 @@ describe WpTheme do it_behaves_like 'WpTheme::Vulnerable' it_behaves_like 'WpItem::Vulnerable' do let(:options) { { name: 'the-oracle' } } - let(:vulns_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' } + let(:db_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' } let(:expected_refs) { { 'id' => [2993], - 'url' => ['Ref 1,Ref 2'], + 'url' => ['Ref 1', 'Ref 2'], 'cve' => ['2011-001'], 'secunia' => ['secunia'], 'osvdb' => ['osvdb'], diff --git a/spec/lib/common/version_compare_spec.rb b/spec/lib/common/version_compare_spec.rb index 0a62b74f..80382179 100644 --- a/spec/lib/common/version_compare_spec.rb +++ b/spec/lib/common/version_compare_spec.rb @@ -121,4 +121,122 @@ describe 'VersionCompare' do end end + + describe '::lesser?' do + context 'version checked is newer' do + after { expect(VersionCompare::lesser?(@version1, @version2)).to be_truthy } + + it 'returns true' do + @version1 = '1.0' + @version2 = '2.0' + end + + it 'returns true' do + @version1 = '1.0' + @version2 = '1.1' + end + + it 'returns true' do + @version1 = '1.0a' + @version2 = '1.0b' + end + + it 'returns true' do + @version1 = '1.0' + @version2 = '5000000' + end + + it 'returns true' do + @version1 = '0' + @version2 = '1' + end + + it 'returns true' do + @version1 = '0.4.2b' + @version2 = '2.3.3' + end + + it 'returns true' do + @version1 = '.47' + @version2 = '.50.3' + end + end + + context 'version checked is older' do + after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey } + + it 'returns false' do + @version1 = '1' + @version2 = '0' + end + + it 'returns false' do + @version1 = '1.0' + @version2 = '0.5' + end + + it 'returns false' do + @version1 = '500000' + @version2 = '1' + end + + it 'returns false' do + @version1 = '1.6.3.7.3.4' + @version2 = '1.2.4.567.679.8.e' + end + + it 'returns false' do + @version1 = '.47' + @version2 = '.46.3' + end + end + + context 'version checked is the same' do + after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey } + + it 'returns true' do + @version1 = '1' + @version2 = '1' + end + + it 'returns true' do + @version1 = 'a' + @version2 = 'a' + end + + end + + context 'version number causes Gem::Version new Exception' do + after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey } + + it 'returns false' do + @version1 = 'a' + @version2 = 'b' + end + end + + context 'one version number is not set' do + after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey } + + it 'returns false (version2 nil)' do + @version1 = '1' + @version2 = nil + end + + it 'returns false (version1 nil)' do + @version1 = nil + @version2 = '1' + end + + it 'returns false (version2 empty)' do + @version1 = '1' + @version2 = '' + end + + it 'returns false (version1 empty)' do + @version1 = '' + @version2 = '1' + end + end + end end diff --git a/spec/samples/common/collections/wp_items/detectable/vulns.json b/spec/samples/common/collections/wp_items/detectable/vulns.json index fa7b920d..80ee2ba6 100644 --- a/spec/samples/common/collections/wp_items/detectable/vulns.json +++ b/spec/samples/common/collections/wp_items/detectable/vulns.json @@ -1,58 +1,64 @@ -[ - { - "mr-smith":{ - "vulnerabilities":[ - { - "id":2989, - "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", - "references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:43:41.000Z" +{ + "mr-smith": { + "vulnerabilities":[ + { + "id":2989, + "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", + "references": { + "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com" }, - { - "id":2990, - "title":"Potential Authentication Cookie Forgery", - "references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:43:41.000Z" + }, + { + "id":2990, + "title":"Potential Authentication Cookie Forgery", + "references": { + "url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", "osvdb":"105620", - "cve":"2014-0166", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "cve":"2014-0166" }, - { - "id":2991, - "title":"Privilege escalation: contributors publishing posts", - "references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2991, + "title":"Privilege escalation: contributors publishing posts", + "references": { + "url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", "osvdb":"105630", - "cve":"2014-0165", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "cve":"2014-0165" }, - { - "id":2992, - "title":"Plupload Unspecified XSS", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2992, + "title":"Plupload Unspecified XSS", + "references": { "osvdb":"105622", - "secunia":"57769", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" - } - ] - } + "secunia":"57769" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + } + ] }, - { - "neo":{ - "vulnerabilities":[ - { - "id":2993, - "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", - "references":"http://seclists.org/fulldisclosure/2013/Dec/135", - "osvdb":"101101", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } + "neo": { + "vulnerabilities":[ + { + "id":2993, + "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", + "references": { + "url": "http://seclists.org/fulldisclosure/2013/Dec/135", + "osvdb":"101101" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] } -] \ No newline at end of file +} diff --git a/spec/samples/common/collections/wp_plugins/detectable/vulns.json b/spec/samples/common/collections/wp_plugins/detectable/vulns.json index fa7b920d..6b0e28cc 100644 --- a/spec/samples/common/collections/wp_plugins/detectable/vulns.json +++ b/spec/samples/common/collections/wp_plugins/detectable/vulns.json @@ -1,58 +1,64 @@ -[ - { - "mr-smith":{ - "vulnerabilities":[ - { - "id":2989, - "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", - "references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:43:41.000Z" +{ + "mr-smith": { + "vulnerabilities":[ + { + "id":2989, + "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", + "references": { + "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com" }, - { - "id":2990, - "title":"Potential Authentication Cookie Forgery", - "references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", - "osvdb":"105620", - "cve":"2014-0166", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:43:41.000Z" + }, + { + "id":2990, + "title":"Potential Authentication Cookie Forgery", + "references": { + "url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be" }, - { - "id":2991, - "title":"Privilege escalation: contributors publishing posts", - "references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", + "osvdb":"105620", + "cve":"2014-0166", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2991, + "title":"Privilege escalation: contributors publishing posts", + "references": { + "url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", "osvdb":"105630", - "cve":"2014-0165", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "cve":"2014-0165" }, - { - "id":2992, - "title":"Plupload Unspecified XSS", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2992, + "title":"Plupload Unspecified XSS", + "references": { "osvdb":"105622", - "secunia":"57769", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" - } - ] - } + "secunia":"57769" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + } + ] }, - { - "neo":{ - "vulnerabilities":[ - { - "id":2993, - "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", - "references":"http://seclists.org/fulldisclosure/2013/Dec/135", - "osvdb":"101101", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } + "neo": { + "vulnerabilities":[ + { + "id":2993, + "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", + "references": { + "url": "http://seclists.org/fulldisclosure/2013/Dec/135", + "osvdb":"101101" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] } -] \ No newline at end of file +} diff --git a/spec/samples/common/collections/wp_themes/detectable/vulns.json b/spec/samples/common/collections/wp_themes/detectable/vulns.json index 80a614e5..086ae752 100644 --- a/spec/samples/common/collections/wp_themes/detectable/vulns.json +++ b/spec/samples/common/collections/wp_themes/detectable/vulns.json @@ -1,58 +1,65 @@ -[ - { - "shopperpress":{ - "vulnerabilities":[ - { - "id":2989, - "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", - "references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:43:41.000Z" +{ + "shopperpress": { + "vulnerabilities":[ + { + "id":2989, + "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", + "references": { + "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com" }, - { - "id":2990, - "title":"Potential Authentication Cookie Forgery", - "references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", - "osvdb":"105620", - "cve":"2014-0166", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:43:41.000Z" + }, + { + "id":2990, + "title":"Potential Authentication Cookie Forgery", + "references": { + "url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", + "osvdb":"105620", + "cve":"2014-0166" }, - { - "id":2991, - "title":"Privilege escalation: contributors publishing posts", - "references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", - "osvdb":"105630", - "cve":"2014-0165", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2991, + "title":"Privilege escalation: contributors publishing posts", + "references": { + "url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", + "osvdb":"105630", + "cve":"2014-0165" }, - { - "id":2992, - "title":"Plupload Unspecified XSS", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2992, + "title":"Plupload Unspecified XSS", + "references": { "osvdb":"105622", - "secunia":"57769", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" - } - ] - } + "secunia":"57769" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + } + ] }, - { - "webfolio":{ - "vulnerabilities":[ - { - "id":2993, - "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", - "references":"http://seclists.org/fulldisclosure/2013/Dec/135", - "osvdb":"101101", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } + "webfolio": { + "vulnerabilities":[ + { + "id":2993, + "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", + "references": { + "url": "http://seclists.org/fulldisclosure/2013/Dec/135", + "osvdb":"101101" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] } -] +} + diff --git a/spec/samples/common/models/vulnerability/json_item.json b/spec/samples/common/models/vulnerability/json_item.json index 46b4fdfe..778d4ba5 100644 --- a/spec/samples/common/models/vulnerability/json_item.json +++ b/spec/samples/common/models/vulnerability/json_item.json @@ -1,12 +1,14 @@ { "id": "3911", "title": "Vuln Title", - "url": "Ref 1,Ref 2", - "secunia": "secunia", - "osvdb": "osvdb", - "cve": "2011-001", - "metasploit": "exploit/ex1", - "exploitdb": "exploitdb", + "references":{ + "url": "Ref 1,Ref 2", + "secunia": "secunia", + "osvdb": "osvdb", + "cve": "2011-001", + "metasploit": "exploit/ex1", + "exploitdb": "exploitdb" + }, "created_at": "2014-07-28T12:10:45.000Z", "updated_at": "2014-07-28T12:10:45.000Z", "type": "CSRF", diff --git a/spec/samples/common/models/wp_item/vulnerable/items_vulns.json b/spec/samples/common/models/wp_item/vulnerable/items_vulns.json index 46ae9b2c..b221ffc9 100644 --- a/spec/samples/common/models/wp_item/vulnerable/items_vulns.json +++ b/spec/samples/common/models/wp_item/vulnerable/items_vulns.json @@ -1,35 +1,35 @@ -[ - { - "not-this-one":{ - "vulnerabilities":[ - { - "id":2989, - "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", - "url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:43:41.000Z" - } - ] - } +{ + "not-this-one": { + "vulnerabilities":[ + { + "id":2989, + "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", + "references": { + "url": ["https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/" ,"http://www.example.com"] + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:43:41.000Z" + } + ] }, - { - "neo":{ - "vulnerabilities":[ - { - "id":2993, - "title":"I'm the one", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } + "neo": { + "vulnerabilities":[ + { + "id":2993, + "title":"I'm the one", + "references": { + "url": ["Ref 1", "Ref 2"], + "osvdb": ["osvdb"], + "cve": ["2011-001"], + "secunia": ["secunia"], + "metasploit": ["exploit/ex1"], + "exploitdb": ["exploitdb"] + }, + "type":"XSS", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] } -] \ No newline at end of file +} diff --git a/spec/samples/common/models/wp_plugin/vulnerable/plugins.json b/spec/samples/common/models/wp_plugin/vulnerable/plugins.json new file mode 100644 index 00000000..7498bd34 --- /dev/null +++ b/spec/samples/common/models/wp_plugin/vulnerable/plugins.json @@ -0,0 +1,58 @@ +{ + "mr-smith": { + "vulnerabilities":[ + { + "id":2993, + "title":"I should not appear in the results", + "references": { + "url": ["Ref 1","Ref 2"], + "osvdb": ["osvdb"], + "cve": ["2011-001"], + "secunia": ["secunia"], + "metasploit": ["exploit/ex1"], + "exploitdb": ["exploitdb"] + }, + "type":"XSS", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + }, + { + "id":2989, + "title":"Neither do I", + "references": { + "url": ["Ref 1" ,"Ref 2"], + "osvdb": ["osvdb"], + "cve": ["2011-001"], + "secunia": ["secunia"], + "metasploit": ["exploit/ex1"], + "exploitdb": ["exploitdb"] + }, + "type":"XSS", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] + }, + "white-rabbit": { + "vulnerabilities": [ + { + "id":2993, + "title":"Follow me!", + "references": { + "url": ["Ref 1", "Ref 2"], + "osvdb": ["osvdb"], + "cve": ["2011-001"], + "secunia": ["secunia"], + "metasploit": ["exploit/ex1"], + "exploitdb": ["exploitdb"] + }, + "type":"REDIRECT", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] + } +} diff --git a/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json b/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json deleted file mode 100644 index 878c1692..00000000 --- a/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json +++ /dev/null @@ -1,56 +0,0 @@ -[ - { - "mr-smith":{ - "vulnerabilities":[ - { - "id":2989, - "title":"I should not appear in the results", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - }, - { - "id":2989, - "title":"Neither do I", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } - }, - { - "white-rabbit":{ - "vulnerabilities":[ - { - "id":2993, - "title":"Follow me!", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"REDIRECT", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } - } -] diff --git a/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json b/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json index 03a89b8a..c123ae9f 100644 --- a/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json +++ b/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json @@ -1,56 +1,59 @@ -[ - { - "mr-smith":{ - "vulnerabilities":[ - { - "id":2989, - "title":"I should not appear in the results", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" +{ + "mr-smith": { + "vulnerabilities":[ + { + "id":2989, + "title":"I should not appear in the results", + "references": { + "url": ["Ref 1", "Ref 2"], + "osvdb": ["osvdb"], + "cve": ["2011-001"], + "secunia": ["secunia"], + "metasploit": ["exploit/ex1"], + "exploitdb": ["exploitdb"] }, - { - "id":2989, - "title":"Neither do I", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } + "type":"XSS", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + }, + { + "id":2989, + "title":"Neither do I", + "references": { + "url": ["Ref 1", "Ref 2"], + "osvdb": ["osvdb"], + "cve": ["2011-001"], + "secunia": ["secunia"], + "metasploit": ["exploit/ex1"], + "exploitdb": ["exploitdb"] + }, + "type":"XSS", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } ] - } - }, - { - "the-oracle":{ + }, + "the-oracle": { "vulnerabilities":[ { "id":2993, "title":"I see you", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", + "references": { + "url": ["Ref 1", "Ref 2"], + "osvdb": ["osvdb"], + "cve": ["2011-001"], + "secunia": ["secunia"], + "metasploit": ["exploit/ex1"], + "exploitdb": ["exploitdb"] + }, "type":"FPD", "fixed_in":"", "created_at":"2014-07-28T12:10:07.000Z", "updated_at":"2014-07-28T12:10:07.000Z" } ] - } } -] +} + diff --git a/spec/samples/common/models/wp_version/vulnerable/versions_vulns.json b/spec/samples/common/models/wp_version/vulnerable/versions_vulns.json index 8ed78ed1..2d2407e4 100644 --- a/spec/samples/common/models/wp_version/vulnerable/versions_vulns.json +++ b/spec/samples/common/models/wp_version/vulnerable/versions_vulns.json @@ -1,42 +1,42 @@ -[ - { - "3.5":{ - "vulnerabilities":[ - { - "id":2989, - "title":"I should not appear in the results", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } - }, - { - "3.2":{ - "vulnerabilities":[ - { - "id":2993, - "title":"Here I Am", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"SQLI", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } +{ + "3.5": { + "vulnerabilities":[ + { + "id":2989, + "title":"I should not appear in the results", + "references": { + "url": ["Ref 1", "Ref 2"], + "osvdb": ["osvdb"], + "cve": ["2011-001"], + "secunia": ["secunia"], + "metasploit": ["exploit/ex1"], + "exploitdb": ["exploitdb"] + }, + "type":"XSS", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] + }, + "3.2": { + "vulnerabilities":[ + { + "id":2993, + "title":"Here I Am", + "references": { + "url": ["Ref 1", "Ref 2"], + "osvdb": ["osvdb"], + "cve": ["2011-001"], + "secunia": ["secunia"], + "metasploit": ["exploit/ex1"], + "exploitdb": ["exploitdb"] + }, + "type":"SQLI", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] } -] +} diff --git a/spec/shared_examples/wp_item_vulnerable.rb b/spec/shared_examples/wp_item_vulnerable.rb index 1bf2e7d1..e062c735 100644 --- a/spec/shared_examples/wp_item_vulnerable.rb +++ b/spec/shared_examples/wp_item_vulnerable.rb @@ -3,8 +3,8 @@ shared_examples 'WpItem::Vulnerable' do # 2 variables have to be set in the described class or subject: - # let(:vulns_file) { } - # let(:expected_vulns) { } The expected Vulnerabilities when using vulns_file and vulns_xpath + # let(:db_file) { } + # let(:expected_vulns) { } The expected Vulnerabilities when using db_file and vulns_xpath # # 1 variable is optional, used if supplied, otherwise subject.vulns_xpath is used # let(:vulns_xpath) { } @@ -18,7 +18,7 @@ shared_examples 'WpItem::Vulnerable' do end after do - subject.vulns_file = @vulns_file + subject.db_file = @db_file subject.identifier = identifier if defined?(identifier) result = subject.vulnerabilities @@ -26,16 +26,16 @@ shared_examples 'WpItem::Vulnerable' do expect(result).to eq @expected end - context 'when the vulns_file is empty' do + context 'when the db_file is empty' do it 'returns an empty Vulnerabilities' do - @vulns_file = empty_file - @expected = Vulnerabilities.new + @db_file = empty_file + @expected = Vulnerabilities.new end end it 'returns the expected vulnerabilities' do - @vulns_file = vulns_file - @expected = expected_vulns + @db_file = db_file + @expected = expected_vulns end end diff --git a/spec/shared_examples/wp_items_detectable.rb b/spec/shared_examples/wp_items_detectable.rb index 574621c0..883f4a80 100644 --- a/spec/shared_examples/wp_items_detectable.rb +++ b/spec/shared_examples/wp_items_detectable.rb @@ -39,68 +39,8 @@ shared_examples 'WpItems::Detectable' do end end - describe '::targets_items_from_file' do - after do - results = subject.send(:targets_items_from_file, file, wp_target, item_class, vulns_file) - - expect(results.map { |i| i.name }).to eq @expected.map { |i| i.name } - - unless results.empty? - results.each do |item| - expect(item).to be_a item_class - end - end - end - - # should raise error. - # context 'when an empty file' do - # let(:file) { empty_file } - - # it 'returns an empty Array' do - # @expected = [] - # end - # end - - context 'when a file' do - let(:file) { targets_items_file } - - it 'returns the expected Array of WpItem' do - @expected = expected[:targets_items_from_file] - end - end - end - - describe '::vulnerable_targets_items' do - after do - results = subject.send(:vulnerable_targets_items, wp_target, item_class, vulns_file) - - expect(results.map { |i| i.name }).to eq @expected.map { |i| i.name } - - unless results.empty? - results.each do |item| - expect(item).to be_a item_class - end - end - end - - # should raise error. - # context 'when an empty file' do - # let(:file) { empty_file } - - # it 'returns an empty Array' do - # @expected = [] - # end - # end - - context 'when a file' do - it 'returns the expected Array of WpItem' do - @expected = expected[:vulnerable_targets_items] - end - end - end - describe '::targets_items' do - let(:options) { {} } + let(:options) { { type: :all } } after do if @expected @@ -110,29 +50,13 @@ shared_examples 'WpItems::Detectable' do end end - context 'when :only_vulnerable' do - let(:options) { { only_vulnerable: true } } + context 'when :type = :vulnerable' do + let(:options) { { type: :vulnerable } } it 'returns the expected Array of WpItem' do @expected = expected[:vulnerable_targets_items] end end - - context 'when not :only_vulnerable' do - context 'when no :file' do - it 'raises an error' do - expect { subject.send(:targets_items, wp_target, options) }.to raise_error('A file must be supplied') - end - end - - context 'when :file' do - let(:options) { { file: targets_items_file } } - - it 'returns the expected Array of WpItem' do - @expected = (expected[:targets_items_from_file] + expected[:vulnerable_targets_items]).uniq {|t| t.name } - end - end - end end describe '::passive_detection' do @@ -176,8 +100,8 @@ shared_examples 'WpItems::Detectable' do expect(result.sort.map { |i| i.name }).to eq @expected.sort.map { |i| i.name } end - context 'when :only_vulnerable' do - let(:options) { { only_vulnerable: true } } + context 'when :type = :vulnerable' do + let(:options) { { type: :vulnerable } } let(:targets) { expected[:vulnerable_targets_items] } it 'only checks and return vulnerable targets' do @@ -207,7 +131,7 @@ shared_examples 'WpItems::Detectable' do end end - context 'when no :only_vulnerable' do + context 'when no :type = :vulnerable' do let(:targets) { (expected[:vulnerable_targets_items] + expected[:targets_items_from_file]).uniq { |t| t.name } } it 'checks all targets, and merge the results with passive_detection' do diff --git a/spec/shared_examples/wp_plugin_vulnerable.rb b/spec/shared_examples/wp_plugin_vulnerable.rb index 44a77f87..5569f603 100644 --- a/spec/shared_examples/wp_plugin_vulnerable.rb +++ b/spec/shared_examples/wp_plugin_vulnerable.rb @@ -2,25 +2,25 @@ shared_examples 'WpPlugin::Vulnerable' do - describe '#vulns_file' do - after { expect(subject.vulns_file).to eq @expected } + describe '#db_file' do + after { expect(subject.db_file).to eq @expected } - context 'when :vulns_file is no set' do + context 'when :db_file is no set' do it 'returns the default one' do - @expected = PLUGINS_VULNS_FILE + @expected = PLUGINS_FILE end end - context 'when the :vulns_file is already set' do + context 'when the :db_file is already set' do it 'returns it' do - @expected = 'test.json' - subject.vulns_file = @expected + @expected = 'test.json' + subject.db_file = @expected end end end describe '#identifier' do - its(:identifier) { is_expected.to eq 'plugin-name' } + its(:identifier) { should eq 'plugin-name' } end end diff --git a/spec/shared_examples/wp_theme_vulnerable.rb b/spec/shared_examples/wp_theme_vulnerable.rb index 8552769a..032a8408 100644 --- a/spec/shared_examples/wp_theme_vulnerable.rb +++ b/spec/shared_examples/wp_theme_vulnerable.rb @@ -2,25 +2,25 @@ shared_examples 'WpTheme::Vulnerable' do - describe '#vulns_file' do - after { expect(subject.vulns_file).to eq @expected } + describe '#db_file' do + after { expect(subject.db_file).to eq @expected } - context 'when :vulns_file is not set' do + context 'when :db_file is not set' do it 'returns the default one' do - @expected = THEMES_VULNS_FILE + @expected = THEMES_FILE end end - context 'when the :vulns_file is already set' do + context 'when the :db_file is already set' do it 'returns it' do - @expected = 'test.json' - subject.vulns_file = @expected + @expected = 'test.json' + subject.db_file = @expected end end end describe '#identifier' do - its(:identifier) { is_expected.to eq 'theme-name' } + its(:identifier) { should eq 'theme-name' } end end diff --git a/spec/shared_examples/wp_version_vulnerable.rb b/spec/shared_examples/wp_version_vulnerable.rb index 1dd14320..a98b36ed 100644 --- a/spec/shared_examples/wp_version_vulnerable.rb +++ b/spec/shared_examples/wp_version_vulnerable.rb @@ -2,25 +2,25 @@ shared_examples 'WpVersion::Vulnerable' do - describe '#vulns_file' do - after { expect(subject.vulns_file).to eq @expected } + describe '#db_file' do + after { expect(subject.db_file).to eq @expected } - context 'when :vulns_file is no set' do + context 'when :db_file is no set' do it 'returns the default one' do - @expected = WP_VULNS_FILE + @expected = WORDPRESSES_FILE end end - context 'when the :vulns_file is already set' do + context 'when the :db_file is already set' do it 'returns it' do - @expected = 'test.json' - subject.vulns_file = @expected + @expected = 'test.json' + subject.db_file = @expected end end end describe '#identifier' do - its(:identifier) { is_expected.to eq '1.2' } + its(:identifier) { should eq '1.2' } end end diff --git a/wpscan.rb b/wpscan.rb index a95033f8..5cd6afd3 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -273,15 +273,29 @@ def main # Enumerate the installed plugins if wpscan_options.enumerate_plugins or wpscan_options.enumerate_only_vulnerable_plugins or wpscan_options.enumerate_all_plugins puts - puts info("Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ...") + if wpscan_options.enumerate_only_vulnerable_plugins + puts info('Enumerating installed plugins (only ones with known vulnerabilities) ...') + plugin_enumeration_type = :vulnerable + end + + if wpscan_options.enumerate_plugins + puts info('Enumerating installed plugins (only ones marked as popular) ...') + plugin_enumeration_type = :popular + end + + if wpscan_options.enumerate_all_plugins + puts info('Enumerating all plugins (may take a while and use a lot of system resources) ...') + plugin_enumeration_type = :all + end puts wp_plugins = WpPlugins.aggressive_detection(wp_target, enum_options.merge( - file: wpscan_options.enumerate_all_plugins ? PLUGINS_FULL_FILE : PLUGINS_FILE, - only_vulnerable: wpscan_options.enumerate_only_vulnerable_plugins || false + file: PLUGINS_FILE, + type: plugin_enumeration_type ) ) + puts if !wp_plugins.empty? puts info("We found #{wp_plugins.size} plugins:") @@ -295,13 +309,26 @@ def main # Enumerate installed themes if wpscan_options.enumerate_themes or wpscan_options.enumerate_only_vulnerable_themes or wpscan_options.enumerate_all_themes puts - puts info("Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ...") + if wpscan_options.enumerate_only_vulnerable_themes + puts info('Enumerating installed themes (only ones with known vulnerabilities) ...') + theme_enumeration_type = :vulnerable + end + + if wpscan_options.enumerate_themes + puts info('Enumerating installed themes (only ones marked as popular) ...') + theme_enumeration_type = :popular + end + + if wpscan_options.enumerate_all_themes + puts info('Enumerating all themes (may take a while and use a lot of system resources) ...') + theme_enumeration_type = :all + end puts wp_themes = WpThemes.aggressive_detection(wp_target, enum_options.merge( - file: wpscan_options.enumerate_all_themes ? THEMES_FULL_FILE : THEMES_FILE, - only_vulnerable: wpscan_options.enumerate_only_vulnerable_themes || false + file: THEMES_FILE, + type: theme_enumeration_type ) ) puts