Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
wpscanteam
GitHub Repository: wpscanteam/wpscan
 Path: blob/master/app/models/wp_version.rb
485 views
1
# frozen_string_literal: true

2


3
module WPScan

4
  module Model

5
    # WP Version

6
    class WpVersion < CMSScanner::Model::Version

7
      include Vulnerable

8


9
      def initialize(number, opts = {})

10
        raise Error::InvalidWordPressVersion unless WpVersion.valid?(number.to_s)

11


12
        super(number, opts)

13
      end

14


15
      # @param [ String ] number

16
      #

17
      # @return [ Boolean ] true if the number is a valid WP version, false otherwise

18
      def self.valid?(number)

19
        all.include?(number)

20
      end

21


22
      # @return [ Array<String> ] All the version numbers

23
      def self.all

24
        return @all_numbers if @all_numbers

25


26
        @all_numbers = []

27


28
        DB::Version.metadata.each_key do |ver|

29
          @all_numbers << ver

30
        end

31


32
        DB::Fingerprints.wp_fingerprints.each_value do |fp|

33
          @all_numbers << fp.values

34
        end

35


36
        # @all_numbers.flatten.uniq.sort! {} doesn't produce the same result here.

37
        @all_numbers.flatten!

38
        @all_numbers.uniq!

39
        @all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }

40
      end

41


42
      # Retrieve the metadata from the vuln API if available (and a valid token is given),

43
      # or the local metadata db otherwise

44
      # @return [ Hash ]

45
      def metadata

46
        @metadata ||= db_data.empty? ? DB::Version.metadata_at(number) : db_data

47
      end

48


49
      # @return [ Hash ]

50
      def db_data

51
        @db_data ||= DB::VulnApi.wordpress_data(number)

52
      end

53


54
      # @return [ Array<Vulnerability> ]

55
      def vulnerabilities

56
        return @vulnerabilities if @vulnerabilities

57


58
        @vulnerabilities = []

59


60
        Array(db_data['vulnerabilities']).each do |json_vuln|

61
          @vulnerabilities << Vulnerability.load_from_json(json_vuln)

62
        end

63


64
        @vulnerabilities

65
      end

66


67
      # @return [ String ]

68
      def release_date

69
        @release_date ||= metadata['release_date'] || 'Unknown'

70
      end

71


72
      # @return [ String ]

73
      def status

74
        @status ||= metadata['status'] || 'Unknown'

75
      end

76
    end

77
  end

78
end

79


80