Merge pull request #929 from wpscanteam/wp_metadata

WP Metadata Integration
2016-04-28 14:35:43 +02:00
parent 75b8c303e2 2e05f4171e
commit 73171eb39d
5 changed files with 25 additions and 6 deletions
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.3.0
+2.3.1
--- a/.travis.yml
+++ b/.travis.yml
@@ -10,6 +10,7 @@ rvm:
  - 2.2.3
  - 2.2.4
  - 2.3.0
+  - 2.3.1
 before_install:
  - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
 script: bundle exec rspec
--- a/README.md
+++ b/README.md
@@ -92,7 +92,7 @@ WPScan comes pre-installed on the following Linux distributions:

 Prerequisites:

- Ruby >= 2.1.9 - Recommended: 2.3.0
+- Ruby >= 2.1.9 - Recommended: 2.3.1
 - Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
 - RubyGems      - Recommended: latest
 - Git
@@ -156,8 +156,8 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
    curl -sSL https://get.rvm.io | bash -s stable
    source ~/.rvm/scripts/rvm
    echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
-    rvm install 2.3.0
-    rvm use 2.3.0 --default
+    rvm install 2.3.1
+    rvm use 2.3.1 --default
    echo "gem: --no-ri --no-rdoc" > ~/.gemrc
    gem install bundler
    git clone https://github.com/wpscanteam/wpscan.git
--- a/lib/common/models/wp_version.rb
+++ b/lib/common/models/wp_version.rb
@@ -8,7 +8,7 @@ class WpVersion < WpItem
  include WpVersion::Output

  # The version number
-  attr_accessor :number
+  attr_accessor :number, :metadata
  alias_method :version, :number # Needed to have the right behaviour in Vulnerable#vulnerable_to?

  # @return [ Array ]
@@ -35,4 +35,14 @@ class WpVersion < WpItem
      a << node.text.to_s
    end
  end
+
+  # @return [ Hash ] Metadata for specific WP version from WORDPRESSES_FILE
+  def metadata(version)
+    json = json(db_file)
+
+    metadata = {}
+    metadata[:release_date]  = json[version]['release_date']
+    metadata[:changelog_url] = json[version]['changelog_url']
+    metadata
+  end
 end
--- a/lib/common/models/wp_version/output.rb
+++ b/lib/common/models/wp_version/output.rb
@@ -4,8 +4,16 @@ class WpVersion < WpItem
  module Output

    def output(verbose = false)
+      metadata = self.metadata(self.number)
+
      puts
-      puts info("WordPress version #{self.number} identified from #{self.found_from}")
+      if verbose
+        puts info("WordPress version #{self.number} identified from #{self.found_from}")
+        puts " | Released: #{metadata[:release_date]}"
+        puts " | Changelog: #{metadata[:changelog_url]}"
+      else
+        puts info("WordPress version #{self.number} identified from #{self.found_from} #{"(Released on #{metadata[:release_date]})" if metadata[:release_date]}")
+      end

      vulnerabilities = self.vulnerabilities
@@ -1 +1 @@
 .3.0
 .3.1