more reference tags, fixes issue #268

spec/lib/common/models/vulnerability_spec.rb

@@ -5,10 +5,10 @@ require 'spec_helper'
 describe Vulnerability do
 
   describe '#new' do
-    subject(:vulnerability) { Vulnerability.new(title, type, references, modules, fixed_version) }
+    subject(:vulnerability) { Vulnerability.new(title, type, references, fixed_version) }
     let(:title)             { 'A vulnerability title' }
     let(:type)              { 'XSS' }
-    let(:references)        { %w{http://ref1.com http://ref2.com} }
+    let(:references)        { {:url => 'example.com', :metasploit => 'm', :exploitdb => 'e'} }
 
     context 'w/o metasploit and fixed version modules argument' do
       subject(:vulnerability) { Vulnerability.new(title, type, references) }
@@ -16,36 +16,15 @@ describe Vulnerability do
       its(:title)              { should be title }
       its(:references)         { should be references }
       its(:type)               { should be type }
-      its(:metasploit_modules) { should be_empty }
       its(:fixed_in)           { should be_empty }
-      its(:cve)                { should be_empty }
     end
 
-    context 'with metasploit modules argument' do
-      subject(:vulnerability) { Vulnerability.new(title, type, references, modules) }
-      let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
-
-      its(:metasploit_modules) { should be modules }
-      its(:fixed_in)           { should be_empty }
-      its(:cve)                { should be_empty }
-    end
-
-    context 'with metasploit modules and fixed version argument' do
-      let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
+    context 'with fixed version argument' do
       let(:fixed_version)  { '1.0' }
-
-      its(:metasploit_modules) { should be modules }
-      its(:fixed_in)           { should == '1.0' }
-      its(:cve)                { should be_empty }
-    end
-
-    context 'with cve argument' do
-      subject(:vulnerability) { Vulnerability.new(title, type, references, [], '', cve) }
-      let(:cve) { %w{2011-001 2011-002} }
-
-      its(:metasploit_modules) { should be_empty }
-      its(:fixed_in)           { should be_empty }
-      its(:cve)                { should be cve }
+			its(:title)              { should be title }
+			its(:references)         { should be references }
+			its(:type)               { should be type }
+			its(:fixed_in)           { should be fixed_version }
     end
 
   end
@@ -56,11 +35,18 @@ describe Vulnerability do
       xml(MODELS_FIXTURES + '/vulnerability/xml_node.xml').xpath('//vulnerability')
     }
 
+		expected_refs = {
+				:url=>['Ref 1', 'Ref 2'],
+				:cve=>['2011-001'],
+				:secunia=>['secunia'],
+				:osvdb=>['osvdb'],
+				:metasploit=>['exploit/ex1'],
+				:exploitdb=>['exploitdb']
+		}
+
     its(:title)              { should == 'Vuln Title' }
     its(:type)               { should == 'CSRF' }
-    its(:references)         { should == ['Ref 1', 'Ref 2'] }
-    its(:metasploit_modules) { should == %w{exploit/ex1} }
-    its(:cve)                { should == %w{2011-001} }
+    its(:references)         { should ==  expected_refs}
     its(:fixed_in)           { should == '1.0'}
   end
 

spec/lib/common/models/wp_item_spec.rb

@@ -13,7 +13,15 @@ describe WpItem do
   it_behaves_like 'WpItem::Vulnerable' do
     let(:vulns_file)     { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.xml' }
     let(:vulns_xpath)    { "//item[@name='neo']/vulnerability" }
-    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', ['http://ref1.com']) }
+		let(:expected_refs)  { {
+				:url => ['Ref 1', 'Ref 2'],
+				:cve => ['2011-001'],
+				:secunia => ['secunia'],
+				:osvdb => ['osvdb'],
+				:metasploit => ['exploit/ex1'],
+				:exploitdb => ['exploitdb']
+		} }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', expected_refs) }
   end
 
   subject(:wp_item) { WpItem.new(uri, options) }

spec/lib/common/models/wp_plugin_spec.rb

@@ -7,7 +7,15 @@ describe WpPlugin do
   it_behaves_like 'WpItem::Vulnerable' do
     let(:options)        { { name: 'white-rabbit' } }
     let(:vulns_file)     { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.xml' }
-    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Follow me!', 'REDIRECT', ['http://ref2.com']) }
+		let(:expected_refs)  { {
+				:url => ['Ref 1', 'Ref 2'],
+				:cve => ['2011-001'],
+				:secunia => ['secunia'],
+				:osvdb => ['osvdb'],
+				:metasploit => ['exploit/ex1'],
+				:exploitdb => ['exploitdb']
+		} }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Follow me!', 'REDIRECT', expected_refs) }
   end
 
   subject(:wp_plugin) { WpPlugin.new(uri, options) }

spec/lib/common/models/wp_theme_spec.rb

@@ -8,7 +8,15 @@ describe WpTheme do
   it_behaves_like 'WpItem::Vulnerable' do
     let(:options)        { { name: 'the-oracle' } }
     let(:vulns_file)     { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.xml' }
-    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('I see you', 'FPD', ['http://ref.com']) }
+		let(:expected_refs)  { {
+				:url => ['Ref 1', 'Ref 2'],
+				:cve => ['2011-001'],
+				:secunia => ['secunia'],
+				:osvdb => ['osvdb'],
+				:metasploit => ['exploit/ex1'],
+				:exploitdb => ['exploitdb']
+		} }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('I see you', 'FPD', expected_refs) }
   end
 
   subject(:wp_theme)  { WpTheme.new(uri, options) }

spec/lib/common/models/wp_version_spec.rb

@@ -7,7 +7,15 @@ describe WpVersion do
   it_behaves_like 'WpItem::Vulnerable' do
     let(:options)        { { number: '3.2' } }
     let(:vulns_file)     { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.xml' }
-    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', ['http://ref1.com']) }
+		let(:expected_refs)  { {
+				:url => ['Ref 1', 'Ref 2'],
+				:cve => ['2011-001'],
+				:secunia => ['secunia'],
+				:osvdb => ['osvdb'],
+				:metasploit => ['exploit/ex1'],
+				:exploitdb => ['exploitdb']
+		} }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', expected_refs) }
   end
 
   subject(:wp_version) { WpVersion.new(uri, options) }

spec/samples/common/models/vulnerability/xml_node.xml

@@ -1,9 +1,14 @@
 <vulnerability>
   <title>Vuln Title</title>
-  <reference>Ref 1</reference>
-  <reference>Ref 2</reference>
-  <cve>2011-001</cve>
+  <references>
+    <metasploit>exploit/ex1</metasploit>
+    <url>Ref 1</url>
+    <url>Ref 2</url>
+    <cve>2011-001</cve>
+    <secunia>secunia</secunia>
+    <osvdb>osvdb</osvdb>
+    <exploitdb>exploitdb</exploitdb>
+  </references>
   <type>CSRF</type>
-  <metasploit>exploit/ex1</metasploit>
   <fixed_in>1.0</fixed_in>
 </vulnerability>

spec/samples/common/models/wp_item/vulnerable/items_vulns.xml

@@ -5,7 +5,15 @@
   <item name="not-this-one">
     <vulnerability>
       <title>I should not appear in the results</title>
-      <reference>http://ref1.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>RFI</type>
     </vulnerability>
   </item>
@@ -13,7 +21,15 @@
   <item name="neo">
     <vulnerability>
       <title>I'm the one</title>
-      <reference>http://ref1.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>XSS</type>
     </vulnerability>
   </item>

spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.xml

@@ -4,12 +4,28 @@
   <plugin name="mr-smith">
     <vulnerability>
       <title>I should not appear in the results</title>
-      <reference>http://ref1.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>RCE</type>
     </vulnerability>
     <vulnerability>
       <title>Neither do I</title>
-      <reference>http://ref3.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>FPD</type>
     </vulnerability>
   </plugin>
@@ -17,7 +33,15 @@
   <plugin name="white-rabbit">
     <vulnerability>
       <title>Follow me!</title>
-      <reference>http://ref2.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>REDIRECT</type>
     </vulnerability>
   </plugin>

spec/samples/common/models/wp_theme/vulnerable/themes_vulns.xml

@@ -4,12 +4,28 @@
   <theme name="not-this-one">
     <vulnerability>
       <title>I should not appear in the results</title>
-      <reference>http://some-ref.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>SQLI</type>
     </vulnerability>
     <vulnerability>
       <title>Neither do I</title>
-      <reference>http://some-other-ref.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>XSS</type>
     </vulnerability>
   </theme>
@@ -17,7 +33,15 @@
   <theme name="the-oracle">
     <vulnerability>
       <title>I see you</title>
-      <reference>http://ref.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>FPD</type>
     </vulnerability>
   </theme>

spec/samples/common/models/wp_version/vulnerable/versions_vulns.xml

@@ -4,7 +4,15 @@
   <wordpress version="3.5">
     <vulnerability>
       <title>I should not appear in the results</title>
-      <reference>http://ref2.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>XSS</type>
     </vulnerability>
   </wordpress>
@@ -12,7 +20,15 @@
   <wordpress version="3.2">
     <vulnerability>
       <title>Here I Am</title>
-      <reference>http://ref1.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>SQLI</type>
     </vulnerability>
   </wordpress>

spec/shared_examples/wp_item_vulnerable.rb

@@ -60,10 +60,10 @@ shared_examples 'WpItem::Vulnerable' do
     let(:version_orig) { '1.5.6' }
     let(:version_newer) { '1.6' }
     let(:version_older) { '1.0' }
-    let(:newer) { Vulnerability.new('Newer', 'XSS', ['ref'], nil, version_newer) }
-    let(:older) { Vulnerability.new('Older', 'XSS', ['ref'], nil, version_older) }
-    let(:same) { Vulnerability.new('Same', 'XSS', ['ref'], nil, version_orig) }
-    let(:no_fixed_info) { Vulnerability.new('Same', 'XSS', ['ref'], nil, nil) }
+    let(:newer) { Vulnerability.new('Newer', 'XSS', { :url => ['http://ref.com'] }, version_newer) }
+    let(:older) { Vulnerability.new('Older', 'XSS', { :url => ['http://ref.com'] }, version_older) }
+    let(:same) { Vulnerability.new('Same', 'XSS', { :url => ['http://ref.com'] }, version_orig) }
+    let(:no_fixed_info) { Vulnerability.new('Same', 'XSS', { :url => ['http://ref.com'] }, nil) }
 
     before do
       stub_request(:get, /.*\/readme\.txt/i).to_return(status: 200, body: "Stable Tag: #{version_orig}")