Class: WPScan::Formatter::Base

Inherits:

Object

• Object
• WPScan::Formatter::Base

Defined in:

lib/wpscan/formatter.rb

Overview

Base Formatter

Direct Known Subclasses

Cli, Json, Jsonl

Constant Summary

ERB_SUPPORTS_KVARGS =

Ruby 2.6+

::ERB.instance_method(:initialize).parameters.assoc(:key)

Instance Attribute Summary

• #controller_name ⇒ Object readonly

  Returns the value of attribute controller_name.

Instance Method Summary

• #base_format ⇒ String

  The underscored format to use as a base.

• #beautify ⇒ Object

  This is called after the scan and used in some formatters (e.g JSON) to indent results.

• #format ⇒ String

  The underscored name of the class.

• #formats ⇒ Array<String>
• #initialize ⇒ Base constructor

  A new instance of Base.

• #output(tpl, vars = {}, controller_name = nil) ⇒ Object
• #render(tpl, vars = {}, controller_name = nil) ⇒ Object
• #streams? ⇒ Boolean

  Whether this formatter can render findings incrementally as they arrive (cli, jsonl), or needs to receive the full result set first (json, sarif — they emit a single well-formed document at end-of-scan).

• #template_vars(vars) ⇒ Void
• #user_interaction? ⇒ Boolean
• #view_path(tpl) ⇒ String

  The path of the view.

• #views_directories ⇒ Array<String>

  The directories to look into for views.

Constructor Details

#initialize ⇒ Base

Returns a new instance of Base.

# File 'lib/wpscan/formatter.rb', line 54

def initialize
  # Can't put this at the top level of the class, due to the WPScan::
  extend WPScan::Formatter::InstanceMethods
end

Instance Attribute Details

#controller_name ⇒ Object (readonly)

Returns the value of attribute controller_name.

# File 'lib/wpscan/formatter.rb', line 52

def controller_name
  @controller_name
end

Instance Method Details

#base_format ⇒ String

Returns The underscored format to use as a base.

Returns:

• (String) —

  The underscored format to use as a base

# File 'lib/wpscan/formatter.rb', line 78

def base_format; end

#beautify ⇒ Object

This is called after the scan and used in some formatters (e.g JSON) to indent results

# File 'lib/wpscan/formatter.rb', line 88

def beautify; end

#format ⇒ String

Returns The underscored name of the class.

Returns:

• (String) —

  The underscored name of the class

# File 'lib/wpscan/formatter.rb', line 60

def format
  self.class.name.demodulize.underscore
end

#formats ⇒ Array<String>

Returns:

• (Array<String>)

# File 'lib/wpscan/formatter.rb', line 81

def formats
  [format, base_format].compact
end

#output(tpl, vars = {}, controller_name = nil) ⇒ Object

See Also:

• #render

# File 'lib/wpscan/formatter.rb', line 91

def output(tpl, vars = {}, controller_name = nil)
  puts render(tpl, vars, controller_name)
end

#render(tpl, vars = {}, controller_name = nil) ⇒ Object

Parameters:

• tpl (String)
• vars (Hash) (defaults to: {})
• controller_name (String) (defaults to: nil)

# File 'lib/wpscan/formatter.rb', line 100

def render(tpl, vars = {}, controller_name = nil)
  template_vars(vars)
  @controller_name = controller_name if controller_name

  # '-' disables new lines when -%> is used.
  # See http://www.ruby-doc.org/stdlib/libdoc/erb/rdoc/ERB.html
  ERB.new(File.read(view_path(tpl)), trim_mode: '-').result(binding)
end

#streams? ⇒ Boolean

Whether this formatter can render findings incrementally as they arrive (cli, jsonl), or needs to receive the full result set first (json, sarif — they emit a single well-formed document at end-of-scan).

Returns:

• (Boolean)

# File 'lib/wpscan/formatter.rb', line 73

def streams?
  false
end

#template_vars(vars) ⇒ Void

Parameters:

• vars (Hash)

Returns:

• (Void)

# File 'lib/wpscan/formatter.rb', line 112

def template_vars(vars)
  vars.each do |key, value|
    instance_variable_set("@#{key}", value) unless key == :views_directories
  end
end

#user_interaction? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/wpscan/formatter.rb', line 65

def user_interaction?
  format == 'cli'
end

#view_path(tpl) ⇒ String

Returns The path of the view.

Parameters:

• tpl (String)

Returns:

• (String) —

  The path of the view

# File 'lib/wpscan/formatter.rb', line 121

def view_path(tpl)
  if tpl[0, 1] == '@' # Global Template
    tpl = tpl.delete('@')
  else
    raise 'The controller_name can not be nil' unless controller_name

    tpl = "#{controller_name}/#{tpl}"
  end

  raise "Wrong tpl format: '#{tpl}'" unless %r{\A[\w/_]+\z}.match?(tpl)

  views_directories.reverse_each do |dir|
    formats.each do |format|
      potential_file = File.join(dir, format, "#{tpl}.erb")

      return potential_file if File.exist?(potential_file)
    end
  end

  raise "View not found for #{format}/#{tpl}"
end

#views_directories ⇒ Array<String>

Returns The directories to look into for views.

Returns:

• (Array<String>) —

  The directories to look into for views

# File 'lib/wpscan/formatter.rb', line 144

def views_directories
  @views_directories ||= [
    APP_DIR, WPScan::APP_DIR,
    File.join(Dir.home, ".#{WPScan.app_name}"), File.join(Dir.pwd, ".#{WPScan.app_name}")
  ].uniq.reduce([]) { |acc, elem| acc << Pathname.new(elem).join('views').to_s }
end