Adds YT references and CVSS to output
This commit is contained in:
erwanlr
@@ -202,11 +202,11 @@ describe WPScan::Model::Plugin do
|
||||
[
|
||||
WPScan::Vulnerability.new(
|
||||
'First Vuln <= 6.3.10 - LFI',
|
||||
{ wpvulndb: '1' },
|
||||
'LFI',
|
||||
'6.3.10'
|
||||
references: { wpvulndb: '1' },
|
||||
type: 'LFI',
|
||||
fixed_in: '6.3.10'
|
||||
),
|
||||
WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
|
||||
WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
|
||||
]
|
||||
end
|
||||
|
||||
|
||||
@@ -224,11 +224,11 @@ describe WPScan::Model::Theme do
|
||||
[
|
||||
WPScan::Vulnerability.new(
|
||||
'First Vuln',
|
||||
{ wpvulndb: '1' },
|
||||
'LFI',
|
||||
'6.3.10'
|
||||
references: { wpvulndb: '1' },
|
||||
type: 'LFI',
|
||||
fixed_in: '6.3.10'
|
||||
),
|
||||
WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
|
||||
WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
|
||||
]
|
||||
end
|
||||
|
||||
|
||||
@@ -55,31 +55,15 @@ describe WPScan::Model::WpVersion do
|
||||
expect(version).to be_vulnerable
|
||||
end
|
||||
|
||||
let(:all_vulns) do
|
||||
[
|
||||
WPScan::Vulnerability.new(
|
||||
'WP 3.8.1 - Vuln 1',
|
||||
{ wpvulndb: '1' },
|
||||
'SQLI'
|
||||
),
|
||||
WPScan::Vulnerability.new(
|
||||
'WP 3.8.1 - Vuln 2',
|
||||
{ url: %w[url-2 url-3], osvdb: %w[10], cve: %w[2014-0166], wpvulndb: '2' },
|
||||
nil,
|
||||
'3.8.2'
|
||||
)
|
||||
]
|
||||
end
|
||||
|
||||
context 'when a signle vuln' do
|
||||
let(:number) { '3.8.1' }
|
||||
let(:number) { '3.8' }
|
||||
let(:db_data) { vuln_api_data_for('wordpresses/38') }
|
||||
|
||||
it 'returns the expected result' do
|
||||
@expected = [WPScan::Vulnerability.new(
|
||||
'WP 3.8 - Vuln 1',
|
||||
{ url: %w[url-4], wpvulndb: '3' },
|
||||
'AUTHBYPASS'
|
||||
references: { url: %w[url-4], wpvulndb: '3' },
|
||||
type: 'AUTHBYPASS'
|
||||
)]
|
||||
end
|
||||
end
|
||||
@@ -92,14 +76,14 @@ describe WPScan::Model::WpVersion do
|
||||
@expected = [
|
||||
WPScan::Vulnerability.new(
|
||||
'WP 3.8.1 - Vuln 1',
|
||||
{ wpvulndb: '1' },
|
||||
'SQLI'
|
||||
references: { wpvulndb: '1' },
|
||||
type: 'SQLI',
|
||||
cvss: { score: '5.4', vector: 'VECTOR' }
|
||||
),
|
||||
WPScan::Vulnerability.new(
|
||||
'WP 3.8.1 - Vuln 2',
|
||||
{ url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
|
||||
nil,
|
||||
'3.8.2'
|
||||
references: { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
|
||||
fixed_in: '3.8.2'
|
||||
)
|
||||
]
|
||||
end
|
||||
|
||||
@@ -9,7 +9,9 @@
|
||||
"id" : 1,
|
||||
"vuln_type" : "SQLI",
|
||||
"published_date" : null,
|
||||
"fixed_in" : null
|
||||
"fixed_in" : null,
|
||||
"cvss_risk_score": "5.4",
|
||||
"cvss_vector": "VECTOR"
|
||||
},
|
||||
{
|
||||
"references" : {
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
describe WPScan::Vulnerability do
|
||||
subject(:vuln) { described_class.new(title, references) }
|
||||
subject(:vuln) { described_class.new(title, references: references) }
|
||||
let(:title) { 'Test Vuln' }
|
||||
let(:references) { {} }
|
||||
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
| [!] 2 vulnerabilities identified:
|
||||
|
|
||||
| [!] Title: WP 3.8.1 - Vuln 1
|
||||
| CVSS: 5.4 (VECTOR)
|
||||
| Reference: https://wpvulndb.com/vulnerabilities/1
|
||||
|
|
||||
| [!] Title: WP 3.8.1 - Vuln 2
|
||||
|
||||
@@ -14,6 +14,10 @@
|
||||
"vulnerabilities": [
|
||||
{
|
||||
"title": "WP 3.8.1 - Vuln 1",
|
||||
"cvss": {
|
||||
"score": "5.4",
|
||||
"vector": "VECTOR"
|
||||
},
|
||||
"fixed_in": null,
|
||||
"references": {
|
||||
"wpvulndb": [
|
||||
|
||||
Reference in New Issue
Block a user