Adds YT references and CVSS to output

2020-04-15 17:02:41 +02:00
parent e606f4ce18
commit f146ee7e9f
12 changed files with 46 additions and 71 deletions
--- a/spec/app/models/plugin_spec.rb
+++ b/spec/app/models/plugin_spec.rb
@@ -202,11 +202,11 @@ describe WPScan::Model::Plugin do
          [
            WPScan::Vulnerability.new(
              'First Vuln <= 6.3.10 - LFI',
-              { wpvulndb: '1' },
-              'LFI',
-              '6.3.10'
+              references: { wpvulndb: '1' },
+              type: 'LFI',
+              fixed_in: '6.3.10'
            ),
-            WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
+            WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
          ]
        end

--- a/spec/app/models/theme_spec.rb
+++ b/spec/app/models/theme_spec.rb
@@ -224,11 +224,11 @@ describe WPScan::Model::Theme do
          [
            WPScan::Vulnerability.new(
              'First Vuln',
-              { wpvulndb: '1' },
-              'LFI',
-              '6.3.10'
+              references: { wpvulndb: '1' },
+              type: 'LFI',
+              fixed_in: '6.3.10'
            ),
-            WPScan::Vulnerability.new('No Fixed In', wpvulndb: '2')
+            WPScan::Vulnerability.new('No Fixed In', references: { wpvulndb: '2' })
          ]
        end

--- a/spec/app/models/wp_version_spec.rb
+++ b/spec/app/models/wp_version_spec.rb
@@ -55,31 +55,15 @@ describe WPScan::Model::WpVersion do
        expect(version).to be_vulnerable
      end

-      let(:all_vulns) do
-        [
-          WPScan::Vulnerability.new(
-            'WP 3.8.1 - Vuln 1',
-            { wpvulndb: '1' },
-            'SQLI'
-          ),
-          WPScan::Vulnerability.new(
-            'WP 3.8.1 - Vuln 2',
-            { url: %w[url-2 url-3], osvdb: %w[10], cve: %w[2014-0166], wpvulndb: '2' },
-            nil,
-            '3.8.2'
-          )
-        ]
-      end
-
      context 'when a signle vuln' do
-        let(:number) { '3.8.1' }
+        let(:number) { '3.8' }
        let(:db_data) { vuln_api_data_for('wordpresses/38') }

        it 'returns the expected result' do
          @expected = [WPScan::Vulnerability.new(
            'WP 3.8 - Vuln 1',
-            { url: %w[url-4], wpvulndb: '3' },
-            'AUTHBYPASS'
+            references: { url: %w[url-4], wpvulndb: '3' },
+            type: 'AUTHBYPASS'
          )]
        end
      end
@@ -92,14 +76,14 @@ describe WPScan::Model::WpVersion do
          @expected = [
            WPScan::Vulnerability.new(
              'WP 3.8.1 - Vuln 1',
-              { wpvulndb: '1' },
-              'SQLI'
+              references: { wpvulndb: '1' },
+              type: 'SQLI',
+              cvss: { score: '5.4', vector: 'VECTOR' }
            ),
            WPScan::Vulnerability.new(
              'WP 3.8.1 - Vuln 2',
-              { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
-              nil,
-              '3.8.2'
+              references: { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
+              fixed_in: '3.8.2'
            )
          ]
        end