more reference tags, fixes issue #268

data/vuln.xsd

@@ -8,12 +8,22 @@
     </xs:restriction>
   </xs:simpleType>
 
+  <xs:simpleType name="inttype">
+    <xs:restriction base="xs:positiveInteger" />
+  </xs:simpleType>
+
   <xs:simpleType name="uritype">
     <xs:restriction base="xs:anyURI">
       <xs:minLength value="1" />
     </xs:restriction>
   </xs:simpleType>
 
+  <xs:simpleType name="cvetype">
+    <xs:restriction base="xs:token">
+      <xs:pattern value="[0-9]{4}-[0-9]{4,}"/>
+    </xs:restriction>
+  </xs:simpleType>
+
   <xs:simpleType name="typetype">
     <xs:restriction base="stringtype">
       <xs:enumeration value="SQLI"/>
@@ -34,37 +44,50 @@
   </xs:simpleType>
 
   <xs:complexType name="itemtype">
-    <xs:sequence>
+    <xs:sequence minOccurs="1" maxOccurs="unbounded">
-      <xs:element name="vulnerability" type="vulntype" maxOccurs="unbounded" minOccurs="1" />
+      <xs:element name="vulnerability" type="vulntype" />
     </xs:sequence>
     <xs:attribute type="stringtype" name="name" use="required"/>
   </xs:complexType>
 
   <xs:complexType name="wordpresstype">
-    <xs:sequence>
+    <xs:sequence minOccurs="1" maxOccurs="unbounded">
-      <xs:element name="vulnerability" type="vulntype" maxOccurs="unbounded" minOccurs="1" />
+      <xs:element name="vulnerability" type="vulntype"/>
     </xs:sequence>
     <xs:attribute type="stringtype" name="version" use="required"/>
   </xs:complexType>
 
   <xs:complexType name="vulntype">
-    <xs:sequence minOccurs="1" maxOccurs="1">
+    <xs:sequence minOccurs="1" maxOccurs="unbounded">
-      <xs:element name="title" type="stringtype"/>
+      <xs:choice>
-      <xs:element name="reference" type="uritype" maxOccurs="unbounded" minOccurs="1"/>
+        <xs:element name="title" type="stringtype"/>
-      <xs:element name="metasploit" type="stringtype" maxOccurs="unbounded" minOccurs="0"/>
+        <xs:element name="type" type="typetype"/>
-      <xs:element name="cve" type="stringtype" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="fixed_in" type="stringtype"/>
-      <xs:element name="type" type="typetype"/>
+        <xs:element name="references" type="referencetype"/>
-      <xs:element name="fixed_in" type="stringtype" minOccurs="0" maxOccurs="1"/>
+      </xs:choice>
+    </xs:sequence>
+  </xs:complexType>
+
+  <xs:complexType name="referencetype">
+    <xs:sequence minOccurs="1" maxOccurs="unbounded">
+      <xs:choice>
+        <xs:element name="url" type="uritype" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="cve" type="cvetype" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="secunia" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="osvdb" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="metasploit" type="stringtype" minOccurs="0" maxOccurs="unbounded"/>
+        <xs:element name="exploitdb" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
+      </xs:choice>
     </xs:sequence>
   </xs:complexType>
 
   <xs:element name="vulnerabilities">
     <xs:complexType>
-      <xs:sequence>
+      <xs:choice>
         <xs:element name="plugin" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
         <xs:element name="theme" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
         <xs:element name="wordpress" type="wordpresstype" maxOccurs="unbounded" minOccurs="0"/>
-      </xs:sequence>
+      </xs:choice>
     </xs:complexType>
     <xs:unique name="uniquePlugin">
       <xs:selector xpath="plugin"/>

lib/common/models/vulnerability.rb

@@ -5,24 +5,20 @@ require 'vulnerability/output'
 class Vulnerability
   include Vulnerability::Output
 
-  attr_accessor :title, :references, :type, :fixed_in, :metasploit_modules, :cve
+  attr_accessor :title, :references, :type, :fixed_in
 
   #
   # @param [ String ] title The title of the vulnerability
   # @param [ String ] type  The type of the vulnerability
-  # @param [ Array ] references References urls
+  # @param [ Hash ] references References
-  # @param [ Array ] metasploit_modules Metasploit modules for the vulnerability
   # @param [ String ] fixed_in  Vuln fixed in Version X
-  # @param [ Array ] cve CVE numbers for the vulnerability
   #
   # @return [ Vulnerability ]
-  def initialize(title, type, references, metasploit_modules = [], fixed_in = '', cve = [])
+  def initialize(title, type, references = {}, fixed_in = '')
     @title              = title
     @type               = type
     @references         = references
-    @metasploit_modules = metasploit_modules
     @fixed_in           = fixed_in
-    @cve                = cve
   end
 
   # @param [ Vulnerability ] other
@@ -33,9 +29,7 @@ class Vulnerability
     title == other.title &&
         type == other.type &&
         references == other.references &&
-        fixed_in == other.fixed_in &&
+        fixed_in == other.fixed_in
-        cve == other.cve &&
-        metasploit_modules == other.metasploit_modules
   end
   # :nocov:
 
@@ -45,13 +39,21 @@ class Vulnerability
   #
   # @return [ Vulnerability ]
   def self.load_from_xml_node(xml_node)
+		references = {}
+		refs = xml_node.search('references')
+		if refs
+			references[:url] = refs.search('url').map(&:text)
+			references[:cve] = refs.search('cve').map(&:text)
+			references[:secunia] = refs.search('secunia').map(&:text)
+			references[:osvdb] = refs.search('osvdb').map(&:text)
+			references[:metasploit] = refs.search('metasploit').map(&:text)
+			references[:exploitdb] = refs.search('exploitdb').map(&:text)
+		end
     new(
       xml_node.search('title').text,
       xml_node.search('type').text,
-      xml_node.search('reference').map(&:text),
+      references,
-      xml_node.search('metasploit').map(&:text),
       xml_node.search('fixed_in').text,
-      xml_node.search('cve').map(&:text)
     )
   end
 

lib/common/models/vulnerability/output.rb

@@ -7,16 +7,28 @@ class Vulnerability
     def output
       puts ' |'
       puts ' | ' + red("* Title: #{title}")
-      references.each do |r|
+      references.each do |key, urls|
-        puts ' | ' + red("* Reference: #{r}")
+				urls.each do |u|
-      end
+					case(key)
-      cve.each do |c|
+					when :url
-        puts ' | ' + red("* CVE-#{c} - #{Output.cve_url(c)}")
+						url = u
-      end
+					when :metasploit
-      metasploit_modules.each do |m|
+						url = Output.metasploit_module_url(u)
-        puts ' | ' + red("* Metasploit module: #{Output.metasploit_module_url(m)}")
+					when :secunia
-      end
+						url = Output.secunia_url(u)
-    end
+					when :osvdb
+						url = Output.osvdb_url(u)
+					when :cve
+						url = Output.cve_url(u)
+					when :exploitdb
+						url = Output.exploitdb_url(u)
+					else
+						url = u
+					end
+					puts ' | ' + red("* Reference: #{url}") if url
+				end
+			end
+		end
 
     # @return [ String ] The url to the metasploit module page
     def self.metasploit_module_url(module_path)
@@ -27,7 +39,19 @@ class Vulnerability
 
     def self.cve_url(cve)
       "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-#{cve}"
-    end
+		end
+
+		def self.osvdb_url(id)
+			"http://osvdb.org/#{id}"
+		end
+
+		def self.secunia_url(id)
+			"http://secunia.com/advisories/#{id}"
+		end
+
+		def self.exploitdb_url(id)
+			"http://www.exploit-db.com/exploits/#{id}/"
+		end
 
   end
 end

spec/lib/common/models/vulnerability_spec.rb

@@ -5,10 +5,10 @@ require 'spec_helper'
 describe Vulnerability do
 
   describe '#new' do
-    subject(:vulnerability) { Vulnerability.new(title, type, references, modules, fixed_version) }
+    subject(:vulnerability) { Vulnerability.new(title, type, references, fixed_version) }
     let(:title)             { 'A vulnerability title' }
     let(:type)              { 'XSS' }
-    let(:references)        { %w{http://ref1.com http://ref2.com} }
+    let(:references)        { {:url => 'example.com', :metasploit => 'm', :exploitdb => 'e'} }
 
     context 'w/o metasploit and fixed version modules argument' do
       subject(:vulnerability) { Vulnerability.new(title, type, references) }
@@ -16,36 +16,15 @@ describe Vulnerability do
       its(:title)              { should be title }
       its(:references)         { should be references }
       its(:type)               { should be type }
-      its(:metasploit_modules) { should be_empty }
       its(:fixed_in)           { should be_empty }
-      its(:cve)                { should be_empty }
     end
 
-    context 'with metasploit modules argument' do
+    context 'with fixed version argument' do
-      subject(:vulnerability) { Vulnerability.new(title, type, references, modules) }
-      let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
-
-      its(:metasploit_modules) { should be modules }
-      its(:fixed_in)           { should be_empty }
-      its(:cve)                { should be_empty }
-    end
-
-    context 'with metasploit modules and fixed version argument' do
-      let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
       let(:fixed_version)  { '1.0' }
-
+			its(:title)              { should be title }
-      its(:metasploit_modules) { should be modules }
+			its(:references)         { should be references }
-      its(:fixed_in)           { should == '1.0' }
+			its(:type)               { should be type }
-      its(:cve)                { should be_empty }
+			its(:fixed_in)           { should be fixed_version }
-    end
-
-    context 'with cve argument' do
-      subject(:vulnerability) { Vulnerability.new(title, type, references, [], '', cve) }
-      let(:cve) { %w{2011-001 2011-002} }
-
-      its(:metasploit_modules) { should be_empty }
-      its(:fixed_in)           { should be_empty }
-      its(:cve)                { should be cve }
     end
 
   end
@@ -56,11 +35,18 @@ describe Vulnerability do
       xml(MODELS_FIXTURES + '/vulnerability/xml_node.xml').xpath('//vulnerability')
     }
 
+		expected_refs = {
+				:url=>['Ref 1', 'Ref 2'],
+				:cve=>['2011-001'],
+				:secunia=>['secunia'],
+				:osvdb=>['osvdb'],
+				:metasploit=>['exploit/ex1'],
+				:exploitdb=>['exploitdb']
+		}
+
     its(:title)              { should == 'Vuln Title' }
     its(:type)               { should == 'CSRF' }
-    its(:references)         { should == ['Ref 1', 'Ref 2'] }
+    its(:references)         { should ==  expected_refs}
-    its(:metasploit_modules) { should == %w{exploit/ex1} }
-    its(:cve)                { should == %w{2011-001} }
     its(:fixed_in)           { should == '1.0'}
   end
 

spec/lib/common/models/wp_item_spec.rb

@@ -13,7 +13,15 @@ describe WpItem do
   it_behaves_like 'WpItem::Vulnerable' do
     let(:vulns_file)     { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.xml' }
     let(:vulns_xpath)    { "//item[@name='neo']/vulnerability" }
-    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', ['http://ref1.com']) }
+		let(:expected_refs)  { {
+				:url => ['Ref 1', 'Ref 2'],
+				:cve => ['2011-001'],
+				:secunia => ['secunia'],
+				:osvdb => ['osvdb'],
+				:metasploit => ['exploit/ex1'],
+				:exploitdb => ['exploitdb']
+		} }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', expected_refs) }
   end
 
   subject(:wp_item) { WpItem.new(uri, options) }

spec/lib/common/models/wp_plugin_spec.rb

@@ -7,7 +7,15 @@ describe WpPlugin do
   it_behaves_like 'WpItem::Vulnerable' do
     let(:options)        { { name: 'white-rabbit' } }
     let(:vulns_file)     { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.xml' }
-    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Follow me!', 'REDIRECT', ['http://ref2.com']) }
+		let(:expected_refs)  { {
+				:url => ['Ref 1', 'Ref 2'],
+				:cve => ['2011-001'],
+				:secunia => ['secunia'],
+				:osvdb => ['osvdb'],
+				:metasploit => ['exploit/ex1'],
+				:exploitdb => ['exploitdb']
+		} }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Follow me!', 'REDIRECT', expected_refs) }
   end
 
   subject(:wp_plugin) { WpPlugin.new(uri, options) }

spec/lib/common/models/wp_theme_spec.rb

@@ -8,7 +8,15 @@ describe WpTheme do
   it_behaves_like 'WpItem::Vulnerable' do
     let(:options)        { { name: 'the-oracle' } }
     let(:vulns_file)     { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.xml' }
-    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('I see you', 'FPD', ['http://ref.com']) }
+		let(:expected_refs)  { {
+				:url => ['Ref 1', 'Ref 2'],
+				:cve => ['2011-001'],
+				:secunia => ['secunia'],
+				:osvdb => ['osvdb'],
+				:metasploit => ['exploit/ex1'],
+				:exploitdb => ['exploitdb']
+		} }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('I see you', 'FPD', expected_refs) }
   end
 
   subject(:wp_theme)  { WpTheme.new(uri, options) }

spec/lib/common/models/wp_version_spec.rb

@@ -7,7 +7,15 @@ describe WpVersion do
   it_behaves_like 'WpItem::Vulnerable' do
     let(:options)        { { number: '3.2' } }
     let(:vulns_file)     { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.xml' }
-    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', ['http://ref1.com']) }
+		let(:expected_refs)  { {
+				:url => ['Ref 1', 'Ref 2'],
+				:cve => ['2011-001'],
+				:secunia => ['secunia'],
+				:osvdb => ['osvdb'],
+				:metasploit => ['exploit/ex1'],
+				:exploitdb => ['exploitdb']
+		} }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', expected_refs) }
   end
 
   subject(:wp_version) { WpVersion.new(uri, options) }

spec/samples/common/models/vulnerability/xml_node.xml

@@ -1,9 +1,14 @@
 <vulnerability>
   <title>Vuln Title</title>
-  <reference>Ref 1</reference>
+  <references>
-  <reference>Ref 2</reference>
+    <metasploit>exploit/ex1</metasploit>
-  <cve>2011-001</cve>
+    <url>Ref 1</url>
+    <url>Ref 2</url>
+    <cve>2011-001</cve>
+    <secunia>secunia</secunia>
+    <osvdb>osvdb</osvdb>
+    <exploitdb>exploitdb</exploitdb>
+  </references>
   <type>CSRF</type>
-  <metasploit>exploit/ex1</metasploit>
   <fixed_in>1.0</fixed_in>
 </vulnerability>

spec/samples/common/models/wp_item/vulnerable/items_vulns.xml

@@ -5,7 +5,15 @@
   <item name="not-this-one">
     <vulnerability>
       <title>I should not appear in the results</title>
-      <reference>http://ref1.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>RFI</type>
     </vulnerability>
   </item>
@@ -13,7 +21,15 @@
   <item name="neo">
     <vulnerability>
       <title>I'm the one</title>
-      <reference>http://ref1.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>XSS</type>
     </vulnerability>
   </item>

spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.xml

@@ -4,12 +4,28 @@
   <plugin name="mr-smith">
     <vulnerability>
       <title>I should not appear in the results</title>
-      <reference>http://ref1.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>RCE</type>
     </vulnerability>
     <vulnerability>
       <title>Neither do I</title>
-      <reference>http://ref3.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>FPD</type>
     </vulnerability>
   </plugin>
@@ -17,7 +33,15 @@
   <plugin name="white-rabbit">
     <vulnerability>
       <title>Follow me!</title>
-      <reference>http://ref2.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>REDIRECT</type>
     </vulnerability>
   </plugin>

spec/samples/common/models/wp_theme/vulnerable/themes_vulns.xml

@@ -4,12 +4,28 @@
   <theme name="not-this-one">
     <vulnerability>
       <title>I should not appear in the results</title>
-      <reference>http://some-ref.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>SQLI</type>
     </vulnerability>
     <vulnerability>
       <title>Neither do I</title>
-      <reference>http://some-other-ref.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>XSS</type>
     </vulnerability>
   </theme>
@@ -17,7 +33,15 @@
   <theme name="the-oracle">
     <vulnerability>
       <title>I see you</title>
-      <reference>http://ref.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>FPD</type>
     </vulnerability>
   </theme>

spec/samples/common/models/wp_version/vulnerable/versions_vulns.xml

@@ -4,7 +4,15 @@
   <wordpress version="3.5">
     <vulnerability>
       <title>I should not appear in the results</title>
-      <reference>http://ref2.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>XSS</type>
     </vulnerability>
   </wordpress>
@@ -12,7 +20,15 @@
   <wordpress version="3.2">
     <vulnerability>
       <title>Here I Am</title>
-      <reference>http://ref1.com</reference>
+      <references>
+        <metasploit>exploit/ex1</metasploit>
+        <url>Ref 1</url>
+        <url>Ref 2</url>
+        <cve>2011-001</cve>
+        <secunia>secunia</secunia>
+        <osvdb>osvdb</osvdb>
+        <exploitdb>exploitdb</exploitdb>
+      </references>
       <type>SQLI</type>
     </vulnerability>
   </wordpress>

spec/shared_examples/wp_item_vulnerable.rb

@@ -60,10 +60,10 @@ shared_examples 'WpItem::Vulnerable' do
     let(:version_orig) { '1.5.6' }
     let(:version_newer) { '1.6' }
     let(:version_older) { '1.0' }
-    let(:newer) { Vulnerability.new('Newer', 'XSS', ['ref'], nil, version_newer) }
+    let(:newer) { Vulnerability.new('Newer', 'XSS', { :url => ['http://ref.com'] }, version_newer) }
-    let(:older) { Vulnerability.new('Older', 'XSS', ['ref'], nil, version_older) }
+    let(:older) { Vulnerability.new('Older', 'XSS', { :url => ['http://ref.com'] }, version_older) }
-    let(:same) { Vulnerability.new('Same', 'XSS', ['ref'], nil, version_orig) }
+    let(:same) { Vulnerability.new('Same', 'XSS', { :url => ['http://ref.com'] }, version_orig) }
-    let(:no_fixed_info) { Vulnerability.new('Same', 'XSS', ['ref'], nil, nil) }
+    let(:no_fixed_info) { Vulnerability.new('Same', 'XSS', { :url => ['http://ref.com'] }, nil) }
 
     before do
       stub_request(:get, /.*\/readme\.txt/i).to_return(status: 200, body: "Stable Tag: #{version_orig}")