class WpItem

Attributes

base_url[R]

name[R]

path[R]

type[R]

vulns_file[R]

vulns_xpath[R]

wp_content_dir[R]

wp_plugins_dir[R]

Public Class Methods

new(options) click to toggle source

# File lib/wpscan/wp_item.rb, line 25
def initialize(options)
  @type           = options[:type]
  @wp_content_dir = options[:wp_content_dir] ? options[:wp_content_dir].sub(%r^\//, '').sub(%r\/$/, '') : 'wp-content'
  @wp_plugins_dir = options[:wp_plugins_dir] || "#@wp_content_dir/plugins"
  @base_url       = options[:base_url]
  @path           = options[:path]
  @name           = options[:name] || extract_name_from_url
  @vulns_file     = options[:vulns_file]
  @vulns_xpath    = options[:vulns_xpath].sub(%r\$name\$/, @name) unless options[:vulns_xpath] == nil

  raise('base_url not set')       unless @base_url
  raise('path not set')           unless @path
  raise('wp_content_dir not set') unless @wp_content_dir
  raise('name not set')           unless @name
  raise('vulns_file not set')     unless @vulns_file
  raise('type not set')           unless @type
end

Public Instance Methods

<=>(other) click to toggle source

Compare

# File lib/wpscan/wp_item.rb, line 149
def <=>(other)
  other.name <=> self.name
end

==(other) click to toggle source

Compare

# File lib/wpscan/wp_item.rb, line 139
def ==(other)
  other.name == self.name
end

===(other) click to toggle source

Compare

# File lib/wpscan/wp_item.rb, line 144
def ===(other)
  other.name == self.name
end

changelog_url() click to toggle source

Url for changelog.txt

# File lib/wpscan/wp_item.rb, line 159
def changelog_url
  get_url_without_filename.merge('changelog.txt')
end

directory_listing?() click to toggle source

Is directory listing enabled?

# File lib/wpscan/wp_item.rb, line 122
def directory_listing?
  # Need to remove to file part from the url
  Browser.instance.get(get_url_without_filename).body[%r{<title>Index of}] ? true : false
end

extract_name_from_url() click to toggle source

Extract item name from a url

# File lib/wpscan/wp_item.rb, line 128
def extract_name_from_url
  get_full_url.to_s[%r{^(https?://.*/([^/]+)/)}, 2]
end

get_full_url() click to toggle source

Get the full url for this item

# File lib/wpscan/wp_item.rb, line 84
def get_full_url
  url = @base_url.to_s.end_with?('/') ? @base_url.to_s : "#@base_url/"
  # remove first and last /
  wp_content_dir = @wp_content_dir.sub(%r^\//, "").sub(%r\/$/, '')
  # remove first /
  path = @path.sub(%r^\//, '')
  if type == 'plugins'
    # plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir
    ret = URI.parse(URI.encode("#{url}#@wp_plugins_dir/#{path}"))
  elsif type == 'timthumbs'
    # timthumbs have folder in path variable
    ret = URI.parse(URI.encode("#{url}#{wp_content_dir}/#{path}"))
  else
    ret = URI.parse(URI.encode("#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}"))
  end
  ret
end

get_sub_folder() click to toggle source

# File lib/wpscan/wp_item.rb, line 70
def get_sub_folder
  case @type
  when 'themes'
    folder = 'themes'
  when 'timthumbs'
    # not needed
    folder = nil
  else
    raise("unknown type #@type")
  end
  folder
end

get_url_without_filename() click to toggle source

Gets the full url for this item without filenames

# File lib/wpscan/wp_item.rb, line 103
def get_url_without_filename
  location_url = get_full_url.to_s
  valid_location_url = location_url[%r{^(https?://.*/)[^.]+\.[^/]+$}, 1]
  unless valid_location_url
    valid_location_url = add_trailing_slash(location_url)
  end
  URI.parse(URI.encode(valid_location_url))
end

has_changelog?() click to toggle source

changelog.txt present?

# File lib/wpscan/wp_item.rb, line 173
def has_changelog?
  unless @changelog
    status = Browser.instance.get(changelog_url).code
    @changelog = status == 200 ? true : false
  end
  @changelog
end

has_readme?() click to toggle source

readme.txt present?

# File lib/wpscan/wp_item.rb, line 164
def has_readme?
  unless @readme
    status = Browser.instance.get(readme_url).code
    @readme = status == 200 ? true : false
  end
  @readme
end

readme_url() click to toggle source

Url for readme.txt

# File lib/wpscan/wp_item.rb, line 154
def readme_url
  get_url_without_filename.merge('readme.txt')
end

to_s() click to toggle source

To string. Adds a version number if detected

# File lib/wpscan/wp_item.rb, line 133
def to_s
  item_version = version
  "#@name#{' v' + item_version.strip if item_version}"
end

version() click to toggle source

Returns version number from readme.txt if it exists

# File lib/wpscan/wp_item.rb, line 113
def version
  unless @version
    response = Browser.instance.get(get_full_url.merge('readme.txt').to_s)
    @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}, 1]
  end
  @version
end

wp_org_item?() click to toggle source

returns true if this theme or plugin is hosted on wordpress.org

# File lib/wpscan/wp_item.rb, line 57
def wp_org_item?
  case @type
  when 'themes'
    file = THEMES_FULL_FILE
  when 'plugins'
    file = PLUGINS_FULL_FILE
  else
    raise("Unknown type #@type")
  end
  f = File.readlines(file, encoding: 'UTF-8').grep(%r^#{Regexp.escape(@name)}$/)
  f.empty? ? false : true
end

wp_org_url() click to toggle source

The wordpress.org plugins directory URL See: github.com/wpscanteam/wpscan/issues/100

# File lib/wpscan/wp_item.rb, line 45
def wp_org_url
  case @type
  when 'themes'
    return URI('http://wordpress.org/extend/themes/').merge("#@name/")
  when 'plugins'
    return URI('http://wordpress.org/extend/plugins/').merge("#@name/")
  else
    raise("No Wordpress URL for #@type")
  end
end