HELLO v3!!!

lib/wpscan/db/dynamic_finders/base.rb

@@ -0,0 +1,41 @@
+module WPScan
+  module DB
+    module DynamicFinders
+      class Base
+        # @return [ String ]
+        def self.db_file
+          @db_file ||= File.join(DB_DIR, 'dynamic_finders.yml')
+        end
+
+        # @return [ Hash ]
+        def self.db_data
+          # true allows aliases to be loaded
+          @db_data ||= YAML.safe_load(File.read(db_file), [Regexp], [], true)
+        end
+
+        # @return [ Array<Symbol> ]
+        def self.allowed_classes
+          @allowed_classes ||= %i[Comment Xpath HeaderPattern BodyPattern JavascriptVar QueryParameter ConfigParser]
+        end
+
+        # @param [ Symbol ] sym
+        def self.method_missing(sym)
+          super unless sym =~ /\A(passive|aggressive)_(.*)_finder_configs\z/i
+
+          finder_class = Regexp.last_match[2].camelize.to_sym
+
+          raise "#{finder_class} is not allowed as a Dynamic Finder" unless allowed_classes.include?(finder_class)
+
+          finder_configs(
+            finder_class,
+            Regexp.last_match[1] == 'aggressive'
+          )
+        end
+
+        def self.respond_to_missing?(sym, *_args)
+          sym =~ /\A(passive|aggressive)_(.*)_finder_configs\z/i
+        end
+      end
+    end
+  end
+end

lib/wpscan/db/dynamic_finders/plugin.rb

@@ -0,0 +1,111 @@
+module WPScan
+  module DB
+    module DynamicFinders
+      class Plugin < Base
+        # @return [ Hash ]
+        def self.db_data
+          @db_data ||= super['plugins'] || {}
+        end
+
+        def self.version_finder_module
+          Finders::PluginVersion
+        end
+
+        # @param [ Symbol ] finder_class
+        # @param [ Boolean ] aggressive
+        # @return [ Hash ]
+        def self.finder_configs(finder_class, aggressive = false)
+          configs = {}
+
+          return configs unless allowed_classes.include?(finder_class)
+
+          db_data.each do |slug, finders|
+            # Quite sure better can be done with some kind of logic statement in the select
+            fs = if aggressive
+                   finders.reject { |_f, c| c['path'].nil? }
+                 else
+                   finders.select { |_f, c| c['path'].nil? }
+                 end
+
+            fs.each do |finder_name, config|
+              klass = config['class'] || finder_name
+
+              next unless klass.to_sym == finder_class
+
+              configs[slug] ||= {}
+              configs[slug][finder_name] = config
+            end
+          end
+
+          configs
+        end
+
+        # @return [ Hash ]
+        def self.versions_finders_configs
+          return @versions_finders_configs if @versions_finders_configs
+
+          @versions_finders_configs = {}
+
+          db_data.each do |slug, finders|
+            finders.each do |finder_name, config|
+              next unless config.key?('version')
+
+              @versions_finders_configs[slug] ||= {}
+              @versions_finders_configs[slug][finder_name] = config
+            end
+          end
+
+          @versions_finders_configs
+        end
+
+        # @param [ String ] slug
+        # @return [ Constant ]
+        def self.maybe_create_modudle(slug)
+          # What about slugs such as js_composer which will be done as JsComposer, just like js-composer
+          constant_name = classify_slug(slug)
+
+          unless version_finder_module.constants.include?(constant_name)
+            version_finder_module.const_set(constant_name, Module.new)
+          end
+
+          version_finder_module.const_get(constant_name)
+        end
+
+        def self.create_versions_finders
+          versions_finders_configs.each do |slug, finders|
+            # Kind of an issue here, module is created even if there is no valid classes
+            # Could put the #maybe_ directly in the #send() BUT it would be checked everytime,
+            # which is kind of a waste
+            mod = maybe_create_modudle(slug)
+
+            finders.each do |finder_class, config|
+              klass = config['class'] || finder_class
+
+              # Instead of raising exceptions, skip unallowed/already defined finders
+              # So that, when new DF configs are put in the .yml
+              # users with old version of WPScan will still be able to scan blogs
+              # when updating the DB but not the tool
+              next if mod.constants.include?(finder_class.to_sym) ||
+                      !allowed_classes.include?(klass.to_sym)
+
+              version_finder_super_class(klass).create_child_class(mod, finder_class.to_sym, config)
+            end
+          end
+        end
+
+        # The idea here would be to check if the class exist in
+        # the Finders::DynamicFinders::Plugins/Themes::klass or WpItemVersion::klass
+        # and return the related constant when one has been found.
+        #
+        # So far, the Finders::DynamicFinders::WPItemVersion is enought
+        # as nothing else is used
+        #
+        # @param [ String, Symbol ] klass
+        # @return [ Constant ]
+        def self.version_finder_super_class(klass)
+          "WPScan::Finders::DynamicFinder::WpItemVersion::#{klass}".constantize
+        end
+      end
+    end
+  end
+end

lib/wpscan/db/dynamic_finders/theme.rb

@@ -0,0 +1,16 @@
+module WPScan
+  module DB
+    module DynamicFinders
+      class Theme < Plugin
+        # @return [ Hash ]
+        def self.db_data
+          @db_data ||= super['themes'] || {}
+        end
+
+        def self.version_finder_module
+          Finders::ThemeVersion
+        end
+      end
+    end
+  end
+end

lib/wpscan/db/dynamic_finders/wordpress.rb

@@ -0,0 +1,75 @@
+module WPScan
+  module DB
+    module DynamicFinders
+      class Wordpress < Base
+        # @return [ Hash ]
+        def self.db_data
+          @db_data ||= super['wordpress'] || {}
+        end
+
+        # @return [ Constant ]
+        def self.version_finder_module
+          Finders::WpVersion
+        end
+
+        # @return [ Array<Symbol> ]
+        def self.allowed_classes
+          @allowed_classes ||= %i[
+            Comment Xpath HeaderPattern BodyPattern JavascriptVar QueryParameter WpItemQueryParameter
+          ]
+        end
+
+        # @param [ Symbol ] finder_class
+        # @param [ Boolean ] aggressive
+        # @return [ Hash ]
+        def self.finder_configs(finder_class, aggressive = false)
+          configs = {}
+
+          return configs unless allowed_classes.include?(finder_class)
+
+          finders = if aggressive
+                      db_data.reject { |_f, c| c['path'].nil? }
+                    else
+                      db_data.select { |_f, c| c['path'].nil? }
+                    end
+
+          finders.each do |finder_name, config|
+            klass = config['class'] || finder_name
+
+            next unless klass.to_sym == finder_class
+
+            configs[finder_name] = config
+          end
+
+          configs
+        end
+
+        # @return [ Hash ]
+        def self.versions_finders_configs
+          @versions_finders_configs ||= db_data.select { |_finder_name, config| config.key?('version') }
+        end
+
+        def self.create_versions_finders
+          versions_finders_configs.each do |finder_class, config|
+            klass = config['class'] || finder_class
+
+            # Instead of raising exceptions, skip unallowed/already defined finders
+            # So that, when new DF configs are put in the .yml
+            # users with old version of WPScan will still be able to scan blogs
+            # when updating the DB but not the tool
+            next if version_finder_module.constants.include?(finder_class.to_sym) ||
+                    !allowed_classes.include?(klass.to_sym)
+
+            version_finder_super_class(klass).create_child_class(version_finder_module, finder_class.to_sym, config)
+          end
+        end
+
+        # @param [ String, Symbol ] klass
+        # @return [ Constant ]
+        def self.version_finder_super_class(klass)
+          "WPScan::Finders::DynamicFinder::WpVersion::#{klass}".constantize
+        end
+      end
+    end
+  end
+end