Parent

Vulnerable

Files

WpItem

Attributes

name[RW]
path[RW]
url[RW]
vulns_xml[RW]
vulns_xpath[RW]
wp_content_dir[RW]

Public Class Methods

new(options = {}) click to toggle source 
# File lib/wpscan/wp_item.rb, line 25
def initialize(options = {})
  @wp_content_dir = options[:wp_content_dir] || "wp-content"
  @url            = options[:url]
  @path           = options[:path]
  @name           = options[:name] || extract_name_from_url
  @vulns_xml      = options[:vulns_xml]
  @vulns_xpath    = options[:vulns_xpath].sub(/\$name\$/, @name)

  raise("url not set") unless @url
  raise("path not set") unless @path
  raise("wp_content_dir not set") unless @wp_content_dir
  raise("name not set") unless @name
  raise("vulns_xml not set") unless @vulns_xml
end

Public Instance Methods

<=>(other) click to toggle source

Compare

# File lib/wpscan/wp_item.rb, line 97
def <=>(other)
  other.name <=> self.name
end
==(other) click to toggle source

Compare

# File lib/wpscan/wp_item.rb, line 87
def ==(other)
  other.name == self.name
end
===(other) click to toggle source

Compare

# File lib/wpscan/wp_item.rb, line 92
def ===(other)
  other.name == self.name
end
changelog_url() click to toggle source

Url for changelog.txt

# File lib/wpscan/wp_item.rb, line 107
def changelog_url
  get_url_without_filename.merge("changelog.txt")
end
directory_listing?() click to toggle source

Is directory listing enabled?

# File lib/wpscan/wp_item.rb, line 70
def directory_listing?
  # Need to remove to file part from the url
  Browser.instance.get(get_url_without_filename).body[%{<title>Index of}] ? true : false
end
extract_name_from_url() click to toggle source

Extract item name from a url

# File lib/wpscan/wp_item.rb, line 76
def extract_name_from_url
  get_url.to_s[%{^(https?://.*/([^/]+)/)}, 2]
end
get_url() click to toggle source

Get the full url for this item

# File lib/wpscan/wp_item.rb, line 41
def get_url
  url = @url.to_s.end_with?("/") ? @url.to_s : "#@url/"
  # remove first and last /
  wp_content_dir = @wp_content_dir.sub(/^\//, "").sub(/\/$/, "")
  # remove first /
  path = @path.sub(/^\//, "")
  URI.parse("#{url}#{wp_content_dir}/#{path}")
end
get_url_without_filename() click to toggle source

Gets the full url for this item without filenames

# File lib/wpscan/wp_item.rb, line 51
def get_url_without_filename
  location_url = get_url.to_s
  valid_location_url = location_url[%{^(https?://.*/)[^.]+\.[^/]+$}, 1]
  unless valid_location_url
    valid_location_url = add_trailing_slash(location_url)
  end
  URI.parse(valid_location_url)
end
has_changelog?() click to toggle source

changelog.txt present?

# File lib/wpscan/wp_item.rb, line 121
def has_changelog?
  unless @changelog
    status = Browser.instance.get(changelog_url).code
    @changelog = status == 200 ? true : false
  end
  @changelog
end
has_readme?() click to toggle source

readme.txt present?

# File lib/wpscan/wp_item.rb, line 112
def has_readme?
  unless @readme
    status = Browser.instance.get(readme_url).code
    @readme = status == 200 ? true : false
  end
  @readme
end
readme_url() click to toggle source

Url for readme.txt

# File lib/wpscan/wp_item.rb, line 102
def readme_url
  get_url_without_filename.merge("readme.txt")
end
to_s() click to toggle source

To string. Adds a version number if detected

# File lib/wpscan/wp_item.rb, line 81
def to_s
  item_version = version
  "#@name#{' v' + item_version.strip if item_version}"
end
version() click to toggle source

Returns version number from readme.txt if it exists

# File lib/wpscan/wp_item.rb, line 61
def version
  unless @version
    response = Browser.instance.get(get_url.merge("readme.txt").to_s)
    @version = response.body[%{stable tag: #{WpVersion.version_pattern}}, 1]
  end
  @version
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.