garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds YT references and CVSS to output

Browse Source
This commit is contained in:
erwanlr
2020-04-15 17:02:41 +02:00
parent e606f4ce18
commit f146ee7e9f
12 changed files with 46 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
lib/wpscan/references.rb
View File

@@ -2,9 +2,7 @@
module WPScan
# References module (which should be included along with the CMSScanner::References)
# to allow the use of the wpvulndb and youtube references.
# Notes: The youtube references are not handled the same way all the others, especialy in the JSON output
# as we output the full URL and not just the ID. Hence the override of the references= method
# to allow the use of the wpvulndb reference.
module References
extend ActiveSupport::Concern
@@ -12,27 +10,12 @@ module WPScan
module ClassMethods
# @return [ Array<Symbol> ]
def references_keys
@references_keys ||= super << :wpvulndb << :youtube
end
end
# @param [ Hash ] refs
def references=(refs)
@references = {}
self.class.references_keys.each do |key|
next unless refs.key?(key)
@references[key] = if key == :youtube
[*refs[:youtube]].map { |id| youtube_url(id) }
else
[*refs[key]].map(&:to_s)
end
@references_keys ||= super << :wpvulndb
end
end
def references_urls
wpvulndb_urls + super + youtube_urls
wpvulndb_urls + super
end
def wpvulndb_ids
@@ -46,13 +29,5 @@ module WPScan
def wpvulndb_url(id)
"https://wpvulndb.com/vulnerabilities/#{id}"
end
def youtube_urls
references[:youtube] || []
end
def youtube_url(id)
"https://www.youtube.com/watch?v=#{id}"
end
end
end

9
lib/wpscan/vulnerability.rb
View File

@@ -16,11 +16,14 @@ module WPScan
end
end
cvss = { score: json_data['cvss_risk_score'], vector: json_data['cvss_vector'] } if json_data['cvss_risk_score']
new(
json_data['title'],
references,
json_data['vuln_type'],
json_data['fixed_in']
references: references,
type: json_data['vuln_type'],
fixed_in: json_data['fixed_in'],
cvss: cvss
)
end
end