Module: WPScan::HttpStatusTracking

Included in:
WPScan
Defined in:
lib/wpscan/http_status_tracking.rb

Overview

Module for HTTP status code tracking and error detection

Instance Method Summary collapse

Instance Method Details

#concerning_error_codes?Boolean

Determine if warning should be shown for concerning error codes

Returns:

  • (Boolean) 


81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/wpscan/http_status_tracking.rb', line 81

def concerning_error_codes?
  return false if total_requests.zero?

  counts = error_counts
  # Total errors excluding 404s but including failed requests (code 0)
  total_errors = counts[:client_errors] + counts[:server_errors] + counts[:failed]
  error_percentage = total_errors.to_f / total_requests

  # Warning conditions
  error_percentage > 0.2 ||
    counts[:rate_limit] > 10 ||
    counts[:server_errors] > 10 ||
    counts[:failed] > 10
end

#error_countsObject

Helper to count specific error types



47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/wpscan/http_status_tracking.rb', line 47

def error_counts
  @@status_codes_mutex ||= Mutex.new
  @@status_codes_mutex.synchronize do
    {
      failed: status_codes[0] || 0,
      rate_limit: status_codes[429] || 0,
      server_errors: status_codes.select { |code, _| code >= 500 }.values.sum,
      client_errors: status_codes.select { |code, _count| code >= 400 && code < 500 && code != 404 }.values.sum
    }
  end
end

#error_warning_messagesObject

Get all applicable warning messages based on error types



68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/wpscan/http_status_tracking.rb', line 68

def error_warning_messages
  return [] if total_requests.zero?

  messages = []
  counts = error_counts

  check_specific_error_conditions(messages, counts)
  check_generic_error_rate(messages, counts)

  messages
end

#format_status_codes(codes_hash) ⇒ Object

Format status codes for display (converts code 0 to “failed”)



60
61
62
63
64
65
 
# File 'lib/wpscan/http_status_tracking.rb', line 60

def format_status_codes(codes_hash)
  codes_hash.to_h do |code, count|
    label = code.zero? ? 'failed' : code.to_s
    [label, count]
  end
end

#increment_status_code(code) ⇒ Object

Thread-safe increment of status code count



21
22
23
24
25
26
 
# File 'lib/wpscan/http_status_tracking.rb', line 21

def increment_status_code(code)
  @@status_codes_mutex ||= Mutex.new
  @@status_codes_mutex.synchronize do
    status_codes[code] += 1
  end
end

#reset_status_codesObject

Reset status codes (mainly for testing)



13
14
15
16
17
18
 
# File 'lib/wpscan/http_status_tracking.rb', line 13

def reset_status_codes
  @@status_codes_mutex ||= Mutex.new
  @@status_codes_mutex.synchronize do
    @@status_codes = Hash.new(0)
  end
end

#set_status_code(code, count) ⇒ Object

Thread-safe set of status code count (mainly for testing)



29
30
31
32
33
34
 
# File 'lib/wpscan/http_status_tracking.rb', line 29

def set_status_code(code, count)
  @@status_codes_mutex ||= Mutex.new
  @@status_codes_mutex.synchronize do
    status_codes[code] = count
  end
end

#status_codesObject

Tracking for HTTP status codes



7
8
9
10
 
# File 'lib/wpscan/http_status_tracking.rb', line 7

def status_codes
  @@status_codes_mutex ||= Mutex.new
  @@status_codes ||= Hash.new(0)
end

#top_status_codes(limit = 5) ⇒ Object

Get top N status codes by frequency



37
38
39
40
41
42
43
44
 
# File 'lib/wpscan/http_status_tracking.rb', line 37

def top_status_codes(limit = 5)
  @@status_codes_mutex ||= Mutex.new
  @@status_codes_mutex.synchronize do
    return {} if status_codes.empty?

    status_codes.sort_by { |_code, count| -count }.first(limit).to_h
  end
end