HELLO v3!!!

2018-09-26 21:12:01 +02:00
parent 28b9c15256
commit d268a86795
1871 changed files with 988118 additions and 0 deletions
--- a/lib/wpscan/db/dynamic_finders/wordpress.rb
+++ b/lib/wpscan/db/dynamic_finders/wordpress.rb
@@ -0,0 +1,75 @@
+module WPScan
+  module DB
+    module DynamicFinders
+      class Wordpress < Base
+        # @return [ Hash ]
+        def self.db_data
+          @db_data ||= super['wordpress'] || {}
+        end
+
+        # @return [ Constant ]
+        def self.version_finder_module
+          Finders::WpVersion
+        end
+
+        # @return [ Array<Symbol> ]
+        def self.allowed_classes
+          @allowed_classes ||= %i[
+            Comment Xpath HeaderPattern BodyPattern JavascriptVar QueryParameter WpItemQueryParameter
+          ]
+        end
+
+        # @param [ Symbol ] finder_class
+        # @param [ Boolean ] aggressive
+        # @return [ Hash ]
+        def self.finder_configs(finder_class, aggressive = false)
+          configs = {}
+
+          return configs unless allowed_classes.include?(finder_class)
+
+          finders = if aggressive
+                      db_data.reject { |_f, c| c['path'].nil? }
+                    else
+                      db_data.select { |_f, c| c['path'].nil? }
+                    end
+
+          finders.each do |finder_name, config|
+            klass = config['class'] || finder_name
+
+            next unless klass.to_sym == finder_class
+
+            configs[finder_name] = config
+          end
+
+          configs
+        end
+
+        # @return [ Hash ]
+        def self.versions_finders_configs
+          @versions_finders_configs ||= db_data.select { |_finder_name, config| config.key?('version') }
+        end
+
+        def self.create_versions_finders
+          versions_finders_configs.each do |finder_class, config|
+            klass = config['class'] || finder_class
+
+            # Instead of raising exceptions, skip unallowed/already defined finders
+            # So that, when new DF configs are put in the .yml
+            # users with old version of WPScan will still be able to scan blogs
+            # when updating the DB but not the tool
+            next if version_finder_module.constants.include?(finder_class.to_sym) ||
+                    !allowed_classes.include?(klass.to_sym)
+
+            version_finder_super_class(klass).create_child_class(version_finder_module, finder_class.to_sym, config)
+          end
+        end
+
+        # @param [ String, Symbol ] klass
+        # @return [ Constant ]
+        def self.version_finder_super_class(klass)
+          "WPScan::Finders::DynamicFinder::WpVersion::#{klass}".constantize
+        end
+      end
+    end
+  end
+end