diff --git a/app/models/plugin.rb b/app/models/plugin.rb index 3d0195aa..f271fb88 100644 --- a/app/models/plugin.rb +++ b/app/models/plugin.rb @@ -16,8 +16,8 @@ module WPScan end # @return [ JSON ] - def db_data - @db_data ||= DB::Plugin.db_data(slug) + def metadata + @metadata ||= DB::Plugin.metadata_at(slug) end # @param [ Hash ] opts diff --git a/app/models/theme.rb b/app/models/theme.rb index 1079e211..6886313e 100644 --- a/app/models/theme.rb +++ b/app/models/theme.rb @@ -22,8 +22,8 @@ module WPScan end # @return [ JSON ] - def db_data - @db_data ||= DB::Theme.db_data(slug) + def metadata + @metadata ||= DB::Theme.metadata_at(slug) end # @param [ Hash ] opts diff --git a/app/models/wp_item.rb b/app/models/wp_item.rb index c4dab331..d367f9d3 100644 --- a/app/models/wp_item.rb +++ b/app/models/wp_item.rb @@ -39,10 +39,11 @@ module WPScan @vulnerabilities = [] - [*db_data['vulnerabilities']].each do |json_vuln| - vulnerability = Vulnerability.load_from_json(json_vuln) - @vulnerabilities << vulnerability if vulnerable_to?(vulnerability) - end + # TODO Get them from API + #[*db_data['vulnerabilities']].each do |json_vuln| + # vulnerability = Vulnerability.load_from_json(json_vuln) + # @vulnerabilities << vulnerability if vulnerable_to?(vulnerability) + #end @vulnerabilities end @@ -60,18 +61,18 @@ module WPScan # @return [ String ] def latest_version - @latest_version ||= db_data['latest_version'] ? Model::Version.new(db_data['latest_version']) : nil + @latest_version ||= metadata['latest_version'] ? Model::Version.new(metadata['latest_version']) : nil end # Not used anywhere ATM # @return [ Boolean ] def popular? - @popular ||= db_data['popular'] + @popular ||= metadata['popular'] end # @return [ String ] def last_updated - @last_updated ||= db_data['last_updated'] + @last_updated ||= metadata['last_updated'] end # @return [ Boolean ] diff --git a/app/models/wp_version.rb b/app/models/wp_version.rb index c1fed313..7bdc936b 100644 --- a/app/models/wp_version.rb +++ b/app/models/wp_version.rb @@ -36,8 +36,8 @@ module WPScan end # @return [ JSON ] - def db_data - @db_data ||= DB::Version.db_data(number) + def metadata + @metadata ||= DB::Version.metadata_at(number) end # @return [ Array ] @@ -46,21 +46,22 @@ module WPScan @vulnerabilities = [] - [*db_data['vulnerabilities']].each do |json_vuln| - @vulnerabilities << Vulnerability.load_from_json(json_vuln) - end + # TODO get them from API + #[*db_data['vulnerabilities']].each do |json_vuln| + # @vulnerabilities << Vulnerability.load_from_json(json_vuln) + #end @vulnerabilities end # @return [ String ] def release_date - @release_date ||= db_data['release_date'] || 'Unknown' + @release_date ||= metadata['release_date'] || 'Unknown' end # @return [ String ] def status - @status ||= db_data['status'] || 'Unknown' + @status ||= metadata['status'] || 'Unknown' end end end diff --git a/lib/wpscan/db/plugin.rb b/lib/wpscan/db/plugin.rb index 62cd3628..fc98949d 100644 --- a/lib/wpscan/db/plugin.rb +++ b/lib/wpscan/db/plugin.rb @@ -4,9 +4,9 @@ module WPScan module DB # Plugin DB class Plugin < WpItem - # @return [ String ] - def self.db_file - @db_file ||= DB_DIR.join('plugins.json').to_s + # @return [ Hash ] + def self.metadata + @metadata ||= super['plugins'] || {} end end end diff --git a/lib/wpscan/db/plugins.rb b/lib/wpscan/db/plugins.rb index f8472ca3..ad404a32 100644 --- a/lib/wpscan/db/plugins.rb +++ b/lib/wpscan/db/plugins.rb @@ -5,8 +5,8 @@ module WPScan # WP Plugins class Plugins < WpItems # @return [ JSON ] - def self.db - Plugin.db + def self.metadata + Plugin.metadata end end end diff --git a/lib/wpscan/db/theme.rb b/lib/wpscan/db/theme.rb index 9d919414..23b8b006 100644 --- a/lib/wpscan/db/theme.rb +++ b/lib/wpscan/db/theme.rb @@ -4,9 +4,9 @@ module WPScan module DB # Theme DB class Theme < WpItem - # @return [ String ] - def self.db_file - @db_file ||= DB_DIR.join('themes.json').to_s + # @return [ Hash ] + def self.metadata + @metadata ||= super['themes'] || {} end end end diff --git a/lib/wpscan/db/themes.rb b/lib/wpscan/db/themes.rb index 1eeb4aef..dbe273d3 100644 --- a/lib/wpscan/db/themes.rb +++ b/lib/wpscan/db/themes.rb @@ -5,8 +5,8 @@ module WPScan # WP Themes class Themes < WpItems # @return [ JSON ] - def self.db - Theme.db + def self.metadata + Theme.metadata end end end diff --git a/lib/wpscan/db/updater.rb b/lib/wpscan/db/updater.rb index 834cba75..adbb70fd 100644 --- a/lib/wpscan/db/updater.rb +++ b/lib/wpscan/db/updater.rb @@ -7,12 +7,15 @@ module WPScan class Updater # /!\ Might want to also update the Enumeration#cli_options when some filenames are changed here FILES = %w[ - plugins.json themes.json wordpresses.json + metadata.json wp_fingerprints.json timthumbs-v3.txt config_backups.txt db_exports.txt - dynamic_finders.yml wp_fingerprints.json LICENSE + dynamic_finders.yml LICENSE ].freeze - OLD_FILES = %w[wordpress.db user-agents.txt dynamic_finders_01.yml].freeze + OLD_FILES = %w[ + wordpress.db user-agents.txt dynamic_finders_01.yml + wordpressess.json plugins.json themes.json + ].freeze attr_reader :repo_directory diff --git a/lib/wpscan/db/wp_item.rb b/lib/wpscan/db/wp_item.rb index 3ac34ac6..01da5743 100644 --- a/lib/wpscan/db/wp_item.rb +++ b/lib/wpscan/db/wp_item.rb @@ -6,14 +6,19 @@ module WPScan class WpItem # @param [ String ] identifier The plugin/theme slug or version number # - # @return [ Hash ] The JSON data from the DB associated to the identifier - def self.db_data(identifier) - db[identifier] || {} + # @return [ Hash ] The JSON data from the metadata associated to the identifier + def self.metadata_at(identifier) + metadata[identifier] || {} end # @return [ JSON ] - def self.db - @db ||= read_json_file(db_file) + def self.metadata + @metadata ||= read_json_file(metadata_file) + end + + # @return [ String ] + def self.metadata_file + @metadata_file ||= DB_DIR.join('metadata.json').to_s end end end diff --git a/lib/wpscan/db/wp_items.rb b/lib/wpscan/db/wp_items.rb index 0cf4984c..432c926e 100644 --- a/lib/wpscan/db/wp_items.rb +++ b/lib/wpscan/db/wp_items.rb @@ -6,17 +6,17 @@ module WPScan class WpItems # @return [ Array ] The slug of all items def self.all_slugs - db.keys + metadata.keys end # @return [ Array ] The slug of all popular items def self.popular_slugs - db.select { |_key, item| item['popular'] == true }.keys + metadata.select { |_key, item| item['popular'] == true }.keys end # @return [ Array ] The slug of all vulnerable items def self.vulnerable_slugs - db.reject { |_key, item| item['vulnerabilities'].empty? }.keys + metadata.select { |_key, item| item['vulnerabilities'] == true }.keys end end end diff --git a/lib/wpscan/db/wp_version.rb b/lib/wpscan/db/wp_version.rb index c03a74b4..85405c31 100644 --- a/lib/wpscan/db/wp_version.rb +++ b/lib/wpscan/db/wp_version.rb @@ -4,9 +4,9 @@ module WPScan module DB # WP Version class Version < WpItem - # @return [ String ] - def self.db_file - @db_file ||= DB_DIR.join('wordpresses.json').to_s + # @return [ Hash ] + def self.metadata + @metadata ||= super['wordpress'] || {} end end end diff --git a/spec/fixtures/db/metadata.json b/spec/fixtures/db/metadata.json new file mode 100644 index 00000000..801e9b34 --- /dev/null +++ b/spec/fixtures/db/metadata.json @@ -0,0 +1,50 @@ +{ + "wordpress": { + "4.0": { + "release_date": "2014-09-04", + "status": "latest" + }, + "3.8.1": { + "release_date": "2014-01-23", + "status": "outdated" + }, + "3.8": { + "release_date": "2013-12-12", + "status": "insecure" + } + }, + "plugins": { + "no-vulns-popular": { + "vulnerabilities": false, + "popular": true, + "latest_version": "2.0", + "last_updated": "2015-05-16T00:00:00.000Z" + }, + "vulnerable-not-popular": { + "latest_version": null, + "last_updated": null, + "popular": false, + "vulnerabilities": true + } + }, + "themes": { + "no-vulns-popular": { + "popular": true, + "latest_version": "2.0", + "last_updated": "2015-05-16T00:00:00.000Z", + "vulnerabilities": false + }, + "dignitas-themes": { + "popular": true, + "latest_version": null, + "last_updated": null, + "vulnerabilities" : true + }, + "yaaburnee-themes": { + "popular": false, + "latest_version": null, + "last_updated": null, + "vulnerabilities" : true + } + } +} \ No newline at end of file