Class: WPScan::Finders::DynamicFinder::Version::QueryParameter

Inherits:

Finder

• Object
• Finder
• Finder
• Finder
• WPScan::Finders::DynamicFinder::Version::QueryParameter

Defined in:

lib/wpscan/finders/dynamic_finder/version/query_parameter.rb

Overview

Version finder using QueryParameter method

Direct Known Subclasses

WpItemVersion::QueryParameter, WpVersion::QueryParameter

Constant Summary

Constants inherited from Finder

Finder::DIRECT_ACCESS

Instance Attribute Summary

Attributes inherited from Finder

#progress_bar, #target

Class Method Summary

• .child_class_constants ⇒ Hash

Instance Method Summary

• #find(response, _opts = {}) ⇒ Array<Version>^?
• #path_pattern ⇒ Regexp
• #scan_response(response) ⇒ Hash
• #xpath ⇒ String

Methods inherited from Finder

#aggressive, child_class_constant, create_child_class, #passive

Methods inherited from Finder

#aggressive, #browser, #create_progress_bar, #found_by, #hydra, #initialize, #passive, #titleize

Constructor Details

This class inherits a constructor from WPScan::Finders::Finder

Class Method Details

.child_class_constants ⇒ Hash

Returns:

• (Hash)

# File 'lib/wpscan/finders/dynamic_finder/version/query_parameter.rb', line 10

def self.child_class_constants
  @child_class_constants ||= super.merge(
    XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)=(?<v>\d+\.[.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
  )
end

Instance Method Details

#find(response, _opts = {}) ⇒ Array<Version>^?

Parameters:

• response (Typhoeus::Response)
• opts (Hash)

Returns:

• (Array<Version>, nil)

# File 'lib/wpscan/finders/dynamic_finder/version/query_parameter.rb', line 19

def find(response, _opts = {})
  found = scan_response(response).map do |version_number, occurences|
    create_version(
      version_number,
      confidence: self.class::CONFIDENCE_PER_OCCURENCE * occurences.size,
      interesting_entries: occurences
    )
  end

  found.compact
end

#path_pattern ⇒ Regexp

Returns:

• (Regexp)

# File 'lib/wpscan/finders/dynamic_finder/version/query_parameter.rb', line 54

def path_pattern
  @path_pattern ||= %r{/(?:#{self.class::FILES.join('|')})\z}i
end

#scan_response(response) ⇒ Hash

Parameters:

• response (Typhoeus::Response)

Returns:

• (Hash)

# File 'lib/wpscan/finders/dynamic_finder/version/query_parameter.rb', line 33

def scan_response(response)
  found = {}

  target.in_scope_uris(response, xpath) do |uri|
    next unless uri.path =~ path_pattern && uri.query&.match(self.class::PATTERN)

    version = Regexp.last_match[:v].to_s

    found[version] ||= []
    found[version] << uri.to_s
  end

  found
end

#xpath ⇒ String

Returns:

• (String)

# File 'lib/wpscan/finders/dynamic_finder/version/query_parameter.rb', line 49

def xpath
  @xpath ||= self.class::XPATH || '//link[@href]/@href|//script[@src]/@src'
end