garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #208 - Fixed vulnerable plugins still appear in the results

Browse Source
This commit is contained in:
erwanlr
2013-07-24 14:18:02 +02:00
parent 73f42bb73d
commit 669e1458da
4 changed files with 36 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/common/collections/wp_items/detectable.rb
View File

@@ -35,10 +35,12 @@ class WpItems < Array
if target_item.exists?(exist_options, response) if target_item.exists?(exist_options, response)
if !results.include?(target_item) if !results.include?(target_item)
if !options[:only_vulnerable] || options[:only_vulnerable] && target_item.vulnerable?
results << target_item results << target_item
end end
end end
end end
end
hydra.queue(request) hydra.queue(request)
end end

4
lib/common/models/wp_item/vulnerable.rb
View File

@@ -21,6 +21,10 @@ class WpItem
vulnerabilities vulnerabilities
end end
def vulnerable?
vulnerabilities.empty? ? false : true
end
# Checks if a item is vulnerable to a specific vulnerability # Checks if a item is vulnerable to a specific vulnerability
# #
# @param [ Vulnerability ] vuln Vulnerability to check the item against # @param [ Vulnerability ] vuln Vulnerability to check the item against

17
spec/shared_examples/wp_item_vulnerable.rb
View File

@@ -39,6 +39,23 @@ shared_examples 'WpItem::Vulnerable' do
end end
end end
describe '#vulnerable?' do
after do
subject.stub(:vulnerabilities).and_return(@stub)
subject.vulnerable?.should == @expected
end
it 'returns false when no vulnerabilities' do
@stub = []
@expected = false
end
it 'returns true when vulnerabilities' do
@stub = ['not empty']
@expected = true
end
end
describe '#vulnerable_to?' do describe '#vulnerable_to?' do
let(:version_orig) { '1.5.6' } let(:version_orig) { '1.5.6' }
let(:version_newer) { '1.6' } let(:version_newer) { '1.6' }

16
spec/shared_examples/wp_items_detectable.rb
View File

@@ -178,12 +178,20 @@ shared_examples 'WpItems::Detectable' do
let(:options) { { only_vulnerable: true } } let(:options) { { only_vulnerable: true } }
let(:targets) { expected[:vulnerable_targets_items] } let(:targets) { expected[:vulnerable_targets_items] }
it 'only checks vulnerable targets' do it 'only checks and return vulnerable targets' do
target = targets.sample samples = targets.sample(2)
@expected = subject.new << target fixed_target = samples[0]
vulnerable_target = samples[1]
stub_targets_dont_exist(targets) stub_targets_dont_exist(targets)
target.stub(:exists?).and_return(true)
vulnerable_target.stub(:exists?).and_return(true)
vulnerable_target.stub(:vulnerable?).and_return(true)
fixed_target.stub(:exists?).and_return(true)
fixed_target.stub(:vulnerable?).and_return(false)
@expected = subject.new << vulnerable_target
subject.should_receive(:targets_items).and_return(targets) subject.should_receive(:targets_items).and_return(targets)
end end