Class: WPScan::Model::Plugin

Inherits:
WpItem
  • Object
show all
Defined in:
app/models/plugin.rb

Overview

WordPress Plugin

Constant Summary

Constants inherited from WpItem

WpItem::READMES

Constants included from WpItem::WordpressOrgData

WpItem::WordpressOrgData::WORDPRESS_ORG_API_TIMEOUT

Constants included from Target::Platform::PHP

Target::Platform::PHP::DEBUG_LOG_PATTERN, Target::Platform::PHP::ERROR_LOG_PATTERN, Target::Platform::PHP::FPD_PATTERN

Constants included from Finders::Finding

Finders::Finding::FINDING_OPTS

Instance Attribute Summary

Attributes inherited from WpItem

#blog, #detection_opts, #path_from_blog, #slug, #uri, #version_detection_opts

Instance Method Summary collapse

Methods inherited from WpItem

#==, #classify, #directory_listing?, #error_log?, #head_and_get, #last_updated, #last_updated_cli_suffix, #last_updated_display, #last_updated_iso, #last_updated_relative, #last_updated_source, #latest_version, #outdated?, #parse_last_updated, #pluralize_unit, #popular?, #readme_url, #relative_time_for, #resolve_last_updated, #to_s, #url, #vulnerabilities, #vulnerable_to?

Methods included from WpItem::WordpressOrgData

#active_installs, #wordpress_org_data

Methods included from Target::Server::Generic

#directory_listing?, #directory_listing_entries, #headers, #server

Methods included from Target::Platform::PHP

#debug_log?, #error_log?, #full_path_disclosure?, #full_path_disclosure_entries, #install_body_cap, #log_file?, #stream_capped_body

Methods included from Finders::Finding

#<=>, #confidence, #confidence=, #confirmed_by, #eql?, included, #interesting_entries, #parse_finding_options

Methods included from Vulnerable

#filtered_vulnerabilities, #vulnerability_filter, #vulnerable?

Constructor Details

#initialize(slug, blog, opts = {}) ⇒ Plugin

See WpItem



8
9
10
11
12
13
14
15
16
 
# File 'app/models/plugin.rb', line 8

def initialize(slug, blog, opts = {})
  super

  # To be used by #head_and_get
  # If custom wp-content, it will be replaced by blog#url
  @path_from_blog = "wp-content/plugins/#{slug}/"

  @uri = Addressable::URI.parse(blog.url(path_from_blog))
end

Instance Method Details

#db_dataHash

Returns:

  • (Hash) 


26
27
28
 
# File 'app/models/plugin.rb', line 26

def db_data
  @db_data ||= DB::VulnApi.plugin_data(slug)
end

#metadataHash

Retrieve the metadata from the vuln API if available (and a valid token is given), or the local metadata db otherwise

Returns:

  • (Hash) 


21
22
23
 
# File 'app/models/plugin.rb', line 21

def metadata
  @metadata ||= db_data.empty? ? DB::Plugin.metadata_at(slug) : db_data
end

#potential_readme_filenamesArray<String>

Returns:

  • (Array<String>) 


46
47
48
 
# File 'app/models/plugin.rb', line 46

def potential_readme_filenames
  @potential_readme_filenames ||= Array(DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super)
end

#version(opts = {}) ⇒ Model::Version, false

Parameters:

  • opts (Hash) (defaults to: {})

Returns:



33
34
35
36
37
 
# File 'app/models/plugin.rb', line 33

def version(opts = {})
  @version = Finders::PluginVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?

  @version
end

#wordpress_org_api_urlString

Returns:

  • (String) 


40
41
42
43
 
# File 'app/models/plugin.rb', line 40

def wordpress_org_api_url
  encoded_slug = Addressable::URI.encode_component(slug, Addressable::URI::CharacterClasses::UNRESERVED)
  "https://api.wordpress.org/plugins/info/1.2/?action=plugin_information&request[slug]=#{encoded_slug}"
end