diff --git a/lib/common/models/wp_item.rb b/lib/common/models/wp_item.rb index 651d19b9..5176c30d 100755 --- a/lib/common/models/wp_item.rb +++ b/lib/common/models/wp_item.rb @@ -22,7 +22,7 @@ class WpItem # @return [ Array ] # Make it private ? def allowed_options - [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :vulns_file] + [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :db_file] end # @param [ URI ] target_base_uri @@ -37,6 +37,27 @@ class WpItem forge_uri(target_base_uri) end + def identifier + @identifier ||= name + end + + # @return [ Hash ] + def db_data + @db_data ||= json(db_file)[identifier] || {} + end + + def latest_version + db_data['latest_version'] + end + + def last_updated + db_data['last_ipdated'] + end + + def popular? + db_data['popular'] + end + # @param [ Hash ] options # # @return [ void ] diff --git a/lib/common/models/wp_item/output.rb b/lib/common/models/wp_item/output.rb index 17e8f219..4d749017 100644 --- a/lib/common/models/wp_item/output.rb +++ b/lib/common/models/wp_item/output.rb @@ -7,8 +7,8 @@ class WpItem def output(verbose = false) puts puts info("Name: #{self}") #this will also output the version number if detected - puts " | Latest version:" - puts " | Last updated:" + puts " | Latest version: #{latest_version}" if latest_version + puts " | Last updated: #{last_updated}" if last_updated puts " | Location: #{url}" #puts " | WordPress: #{wordpress_url}" if wordpress_org_item? puts " | Readme: #{readme_url}" if has_readme? diff --git a/lib/common/models/wp_item/vulnerable.rb b/lib/common/models/wp_item/vulnerable.rb index a62aa33f..25c2413f 100755 --- a/lib/common/models/wp_item/vulnerable.rb +++ b/lib/common/models/wp_item/vulnerable.rb @@ -2,24 +2,23 @@ class WpItem module Vulnerable - attr_accessor :vulns_file, :identifier + attr_accessor :db_file, :identifier # Get the vulnerabilities associated to the WpItem # Filters out already fixed vulnerabilities # # @return [ Vulnerabilities ] def vulnerabilities - json = json(vulns_file) - vulnerabilities = Vulnerabilities.new + return @vulnerabilities if @vulnerabilities - return vulnerabilities if json.empty? + @vulnerabilities = Vulnerabilities.new - json[identifier]['vulnerabilities'].each do |vulnerability| + [*db_data['vulnerabilities']].each do |vulnerability| vulnerability = Vulnerability.load_from_json_item(vulnerability) - vulnerabilities << vulnerability if vulnerable_to?(vulnerability) + @vulnerabilities << vulnerability if vulnerable_to?(vulnerability) end - vulnerabilities + @vulnerabilities end def vulnerable? diff --git a/lib/common/models/wp_plugin.rb b/lib/common/models/wp_plugin.rb index bfc29200..8c47e158 100755 --- a/lib/common/models/wp_plugin.rb +++ b/lib/common/models/wp_plugin.rb @@ -1,10 +1,6 @@ # encoding: UTF-8 -require 'wp_plugin/vulnerable' - class WpPlugin < WpItem - include WpPlugin::Vulnerable - # Sets the @uri # # @param [ URI ] target_base_uri The URI of the wordpress blog @@ -14,4 +10,7 @@ class WpPlugin < WpItem @uri = target_base_uri.merge(URI.encode(wp_plugins_dir + '/' + name + '/')) end + def db_file + @db_file ||= PLUGINS_FILE + end end diff --git a/lib/common/models/wp_plugin/vulnerable.rb b/lib/common/models/wp_plugin/vulnerable.rb deleted file mode 100644 index f9eb4ac3..00000000 --- a/lib/common/models/wp_plugin/vulnerable.rb +++ /dev/null @@ -1,15 +0,0 @@ -# encoding: UTF-8 - -class WpPlugin < WpItem - module Vulnerable - # @return [ String ] The path to the file containing vulnerabilities - def vulns_file - @vulns_file ||= PLUGINS_FILE - end - - # @return [ String ] - def identifier - @name - end - end -end diff --git a/lib/common/models/wp_theme.rb b/lib/common/models/wp_theme.rb index 81f62a77..0a8a478b 100755 --- a/lib/common/models/wp_theme.rb +++ b/lib/common/models/wp_theme.rb @@ -2,7 +2,6 @@ require 'wp_theme/findable' require 'wp_theme/versionable' -require 'wp_theme/vulnerable' require 'wp_theme/info' require 'wp_theme/output' require 'wp_theme/childtheme' @@ -10,7 +9,6 @@ require 'wp_theme/childtheme' class WpTheme < WpItem extend WpTheme::Findable include WpTheme::Versionable - include WpTheme::Vulnerable include WpTheme::Info include WpTheme::Output include WpTheme::Childtheme @@ -33,4 +31,7 @@ class WpTheme < WpItem @uri.merge('style.css').to_s end + def db_file + @db_file ||= THEMES_FILE + end end diff --git a/lib/common/models/wp_theme/vulnerable.rb b/lib/common/models/wp_theme/vulnerable.rb deleted file mode 100644 index a38bfd80..00000000 --- a/lib/common/models/wp_theme/vulnerable.rb +++ /dev/null @@ -1,15 +0,0 @@ -# encoding: UTF-8 - -class WpTheme < WpItem - module Vulnerable - # @return [ String ] The path to the file containing vulnerabilities - def vulns_file - @vulns_file ||= THEMES_FILE - end - - # @return [ String ] - def identifier - @name - end - end -end diff --git a/lib/common/models/wp_version.rb b/lib/common/models/wp_version.rb index cdf38043..2c18161a 100755 --- a/lib/common/models/wp_version.rb +++ b/lib/common/models/wp_version.rb @@ -1,13 +1,10 @@ # encoding: UTF-8 require 'wp_version/findable' -require 'wp_version/vulnerable' require 'wp_version/output' class WpVersion < WpItem - extend WpVersion::Findable - include WpVersion::Vulnerable include WpVersion::Output # The version number @@ -17,6 +14,14 @@ class WpVersion < WpItem # @return [ Array ] def allowed_options; super << :number << :found_from end + def identifier + @identifier ||= number + end + + def db_file + @db_file ||= WORDPRESSES_FILE + end + # @param [ WpVersion ] other # # @return [ Boolean ] diff --git a/lib/common/models/wp_version/vulnerable.rb b/lib/common/models/wp_version/vulnerable.rb deleted file mode 100644 index 53b56ad3..00000000 --- a/lib/common/models/wp_version/vulnerable.rb +++ /dev/null @@ -1,15 +0,0 @@ -# encoding: UTF-8 - -class WpVersion < WpItem - module Vulnerable - # @return [ String ] The path to the file containing vulnerabilities - def vulns_file - @vulns_file ||= WORDPRESSES_FILE - end - - # @return [ String ] - def identifier - @number - end - end -end diff --git a/spec/lib/common/models/wp_item_spec.rb b/spec/lib/common/models/wp_item_spec.rb index 6c2e1aa6..3af882d8 100644 --- a/spec/lib/common/models/wp_item_spec.rb +++ b/spec/lib/common/models/wp_item_spec.rb @@ -11,7 +11,7 @@ describe WpItem do end it_behaves_like 'WpItem::Versionable' it_behaves_like 'WpItem::Vulnerable' do - let(:vulns_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' } + let(:db_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' } let(:identifier) { 'neo' } let(:expected_refs) { { 'id' => [2993], diff --git a/spec/lib/common/models/wp_plugin_spec.rb b/spec/lib/common/models/wp_plugin_spec.rb index 37848946..bc88247c 100644 --- a/spec/lib/common/models/wp_plugin_spec.rb +++ b/spec/lib/common/models/wp_plugin_spec.rb @@ -5,8 +5,8 @@ require 'spec_helper' describe WpPlugin do it_behaves_like 'WpPlugin::Vulnerable' it_behaves_like 'WpItem::Vulnerable' do - let(:options) { { name: 'white-rabbit' } } - let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins.json' } + let(:options) { { name: 'white-rabbit' } } + let(:db_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins.json' } let(:expected_refs) { { 'id' => [2993], 'url' => ['Ref 1', 'Ref 2'], diff --git a/spec/lib/common/models/wp_theme_spec.rb b/spec/lib/common/models/wp_theme_spec.rb index a11b7959..2c7986e5 100644 --- a/spec/lib/common/models/wp_theme_spec.rb +++ b/spec/lib/common/models/wp_theme_spec.rb @@ -7,7 +7,7 @@ describe WpTheme do it_behaves_like 'WpTheme::Vulnerable' it_behaves_like 'WpItem::Vulnerable' do let(:options) { { name: 'the-oracle' } } - let(:vulns_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' } + let(:db_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' } let(:expected_refs) { { 'id' => [2993], 'url' => ['Ref 1', 'Ref 2'], diff --git a/spec/shared_examples/wp_item_vulnerable.rb b/spec/shared_examples/wp_item_vulnerable.rb index 1bf2e7d1..e062c735 100644 --- a/spec/shared_examples/wp_item_vulnerable.rb +++ b/spec/shared_examples/wp_item_vulnerable.rb @@ -3,8 +3,8 @@ shared_examples 'WpItem::Vulnerable' do # 2 variables have to be set in the described class or subject: - # let(:vulns_file) { } - # let(:expected_vulns) { } The expected Vulnerabilities when using vulns_file and vulns_xpath + # let(:db_file) { } + # let(:expected_vulns) { } The expected Vulnerabilities when using db_file and vulns_xpath # # 1 variable is optional, used if supplied, otherwise subject.vulns_xpath is used # let(:vulns_xpath) { } @@ -18,7 +18,7 @@ shared_examples 'WpItem::Vulnerable' do end after do - subject.vulns_file = @vulns_file + subject.db_file = @db_file subject.identifier = identifier if defined?(identifier) result = subject.vulnerabilities @@ -26,16 +26,16 @@ shared_examples 'WpItem::Vulnerable' do expect(result).to eq @expected end - context 'when the vulns_file is empty' do + context 'when the db_file is empty' do it 'returns an empty Vulnerabilities' do - @vulns_file = empty_file - @expected = Vulnerabilities.new + @db_file = empty_file + @expected = Vulnerabilities.new end end it 'returns the expected vulnerabilities' do - @vulns_file = vulns_file - @expected = expected_vulns + @db_file = db_file + @expected = expected_vulns end end diff --git a/spec/shared_examples/wp_plugin_vulnerable.rb b/spec/shared_examples/wp_plugin_vulnerable.rb index d46e854d..5569f603 100644 --- a/spec/shared_examples/wp_plugin_vulnerable.rb +++ b/spec/shared_examples/wp_plugin_vulnerable.rb @@ -2,25 +2,25 @@ shared_examples 'WpPlugin::Vulnerable' do - describe '#vulns_file' do - after { expect(subject.vulns_file).to eq @expected } + describe '#db_file' do + after { expect(subject.db_file).to eq @expected } - context 'when :vulns_file is no set' do + context 'when :db_file is no set' do it 'returns the default one' do @expected = PLUGINS_FILE end end - context 'when the :vulns_file is already set' do + context 'when the :db_file is already set' do it 'returns it' do - @expected = 'test.json' - subject.vulns_file = @expected + @expected = 'test.json' + subject.db_file = @expected end end end describe '#identifier' do - its(:identifier) { is_expected.to eq 'plugin-name' } + its(:identifier) { should eq 'plugin-name' } end end diff --git a/spec/shared_examples/wp_theme_vulnerable.rb b/spec/shared_examples/wp_theme_vulnerable.rb index fc7a4139..032a8408 100644 --- a/spec/shared_examples/wp_theme_vulnerable.rb +++ b/spec/shared_examples/wp_theme_vulnerable.rb @@ -2,25 +2,25 @@ shared_examples 'WpTheme::Vulnerable' do - describe '#vulns_file' do - after { expect(subject.vulns_file).to eq @expected } + describe '#db_file' do + after { expect(subject.db_file).to eq @expected } - context 'when :vulns_file is not set' do + context 'when :db_file is not set' do it 'returns the default one' do @expected = THEMES_FILE end end - context 'when the :vulns_file is already set' do + context 'when the :db_file is already set' do it 'returns it' do - @expected = 'test.json' - subject.vulns_file = @expected + @expected = 'test.json' + subject.db_file = @expected end end end describe '#identifier' do - its(:identifier) { is_expected.to eq 'theme-name' } + its(:identifier) { should eq 'theme-name' } end end diff --git a/spec/shared_examples/wp_version_vulnerable.rb b/spec/shared_examples/wp_version_vulnerable.rb index 428fee24..a98b36ed 100644 --- a/spec/shared_examples/wp_version_vulnerable.rb +++ b/spec/shared_examples/wp_version_vulnerable.rb @@ -2,25 +2,25 @@ shared_examples 'WpVersion::Vulnerable' do - describe '#vulns_file' do - after { expect(subject.vulns_file).to eq @expected } + describe '#db_file' do + after { expect(subject.db_file).to eq @expected } - context 'when :vulns_file is no set' do + context 'when :db_file is no set' do it 'returns the default one' do @expected = WORDPRESSES_FILE end end - context 'when the :vulns_file is already set' do + context 'when the :db_file is already set' do it 'returns it' do - @expected = 'test.json' - subject.vulns_file = @expected + @expected = 'test.json' + subject.db_file = @expected end end end describe '#identifier' do - its(:identifier) { is_expected.to eq '1.2' } + its(:identifier) { should eq '1.2' } end end