Fix for #694

2014-09-21 22:02:30 +02:00
parent 6800d51347
commit b19696090f
6 changed files with 40 additions and 38 deletions
--- a/lib/common/models/vulnerability.rb
+++ b/lib/common/models/vulnerability.rb
@@ -43,9 +43,11 @@ class Vulnerability
  def self.load_from_json_item(json_item)
    references = {}

-    [:url, :cve, :secunia, :osvdb, :metasploit, :exploitdb].each do |key|
-      #json_item['id'] = json_item['id'].to_s.split(',')
-      references[key] = json_item[key.to_s].to_s.split(',') if json_item[key.to_s]
+    %w(url cve secunia osvdb metasploit exploitdb).each do |key|
+      if json_item[key]
+        json_item[key]  = [json_item[key]] if json_item[key].class != Array
+        references[key] = json_item[key]
+      end
    end

    new(
--- a/spec/lib/common/models/vulnerability_spec.rb
+++ b/spec/lib/common/models/vulnerability_spec.rb
@@ -37,12 +37,12 @@ describe Vulnerability do
    }

    expected_refs = {
-      :url        => ['Ref 1', 'Ref 2'],
-      :cve        => ['2011-001'],
-      :secunia    => ['secunia'],
-      :osvdb      => ['osvdb'],
-      :metasploit => ['exploit/ex1'],
-      :exploitdb  => ['exploitdb']
+      'url'        => ['Ref 1,Ref 2'],
+      'cve'        => ['2011-001'],
+      'secunia'    => ['secunia'],
+      'osvdb'      => ['osvdb'],
+      'metasploit' => ['exploit/ex1'],
+      'exploitdb'  => ['exploitdb']
    }

    its(:title)      { should == 'Vuln Title' }
@@ -51,4 +51,4 @@ describe Vulnerability do
    its(:fixed_in)   { should == '1.0'}
  end

-end
+end
--- a/spec/lib/common/models/wp_item_spec.rb
+++ b/spec/lib/common/models/wp_item_spec.rb
@@ -14,12 +14,12 @@ describe WpItem do
    let(:vulns_file)     { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' }
    let(:identifier)    { 'neo' }
    let(:expected_refs)  { {
-        :url => ['Ref 1', 'Ref 2'],
-        :cve => ['2011-001'],
-        :secunia => ['secunia'],
-        :osvdb => ['osvdb'],
-        :metasploit => ['exploit/ex1'],
-        :exploitdb => ['exploitdb']
+        'url' => ['Ref 1,Ref 2'],
+        'cve' => ['2011-001'],
+        'secunia' => ['secunia'],
+        'osvdb' => ['osvdb'],
+        'metasploit' => ['exploit/ex1'],
+        'exploitdb' => ['exploitdb']
    } }
    let(:expected_vulns) { Vulnerabilities.new(1, Vulnerability.new("I'm the one", 'XSS', expected_refs)) }
  end
@@ -167,4 +167,4 @@ describe WpItem do
    end
  end

-end
+end
--- a/spec/lib/common/models/wp_plugin_spec.rb
+++ b/spec/lib/common/models/wp_plugin_spec.rb
@@ -8,12 +8,12 @@ describe WpPlugin do
    let(:options)        { { name: 'white-rabbit' } }
    let(:vulns_file)     { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' }
    let(:expected_refs)  { {
-        :url => ['Ref 1', 'Ref 2'],
-        :cve => ['2011-001'],
-        :secunia => ['secunia'],
-        :osvdb => ['osvdb'],
-        :metasploit => ['exploit/ex1'],
-        :exploitdb => ['exploitdb']
+        'url' => ['Ref 1,Ref 2'],
+        'cve' => ['2011-001'],
+        'secunia' => ['secunia'],
+        'osvdb' => ['osvdb'],
+        'metasploit' => ['exploit/ex1'],
+        'exploitdb' => ['exploitdb']
    } }
    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Follow me!', 'REDIRECT', expected_refs) }
  end
@@ -26,4 +26,4 @@ describe WpPlugin do
    its('uri.to_s') { is_expected.to eq 'http://example.com/wp-content/plugins/plugin-name/' }
  end

-end
+end
--- a/spec/lib/common/models/wp_theme_spec.rb
+++ b/spec/lib/common/models/wp_theme_spec.rb
@@ -9,12 +9,12 @@ describe WpTheme do
    let(:options)        { { name: 'the-oracle' } }
    let(:vulns_file)     { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
    let(:expected_refs)  { {
-        :url => ['Ref 1', 'Ref 2'],
-        :cve => ['2011-001'],
-        :secunia => ['secunia'],
-        :osvdb => ['osvdb'],
-        :metasploit => ['exploit/ex1'],
-        :exploitdb => ['exploitdb']
+        'url' => ['Ref 1,Ref 2'],
+        'cve' => ['2011-001'],
+        'secunia' => ['secunia'],
+        'osvdb' => ['osvdb'],
+        'metasploit' => ['exploit/ex1'],
+        'exploitdb' => ['exploitdb']
    } }
    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('I see you', 'FPD', expected_refs) }
  end
@@ -32,4 +32,4 @@ describe WpTheme do
    its(:uri) { is_expected.to eq uri.merge(theme_path) }
  end

-end
+end
--- a/spec/lib/common/models/wp_version_spec.rb
+++ b/spec/lib/common/models/wp_version_spec.rb
@@ -8,12 +8,12 @@ describe WpVersion do
    let(:options)        { { number: '3.2' } }
    let(:vulns_file)     { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.json' }
    let(:expected_refs)  { {
-        :url => ['Ref 1', 'Ref 2'],
-        :cve => ['2011-001'],
-        :secunia => ['secunia'],
-        :osvdb => ['osvdb'],
-        :metasploit => ['exploit/ex1'],
-        :exploitdb => ['exploitdb']
+        'url' => ['Ref 1,Ref 2'],
+        'cve' => ['2011-001'],
+        'secunia' => ['secunia'],
+        'osvdb' => ['osvdb'],
+        'metasploit' => ['exploit/ex1'],
+        'exploitdb' => ['exploitdb']
    } }
    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', expected_refs) }
  end
@@ -28,4 +28,4 @@ describe WpVersion do
    end
  end

-end
+end