Class: WPScan::Vulnerability

Inherits:

Object

• Object
• WPScan::Vulnerability

Includes:

References

Defined in:

lib/wpscan/vulnerability.rb

Overview

Vulnerability model.

Instance Attribute Summary

• #cvss ⇒ Object readonly

  Returns the value of attribute cvss.

• #fixed_in ⇒ Object readonly

  Returns the value of attribute fixed_in.

• #introduced_in ⇒ Object readonly

  Returns the value of attribute introduced_in.

• #poc ⇒ Object readonly

  Returns the value of attribute poc.

• #title ⇒ Object readonly

  Returns the value of attribute title.

• #type ⇒ Object readonly

  Returns the value of attribute type.

• #uuid ⇒ Object readonly

  Returns the value of attribute uuid.

Class Method Summary

• .load_from_json(json_data) ⇒ Vulnerability

Instance Method Summary

• #==(other) ⇒ Boolean
• #initialize(title, references: {}, type: nil, fixed_in: nil, introduced_in: nil, cvss: nil, poc: nil, uuid: nil) ⇒ Vulnerability constructor

  rubocop:disable Metrics/ParameterLists.

Methods included from References

#cve_url, #cve_urls, #cves, #exploitdb_ids, #exploitdb_url, #exploitdb_urls, #msf_modules, #msf_url, #msf_urls, #packetstorm_ids, #packetstorm_url, #packetstorm_urls, #references, #references=, #references_urls, #securityfocus_ids, #securityfocus_url, #securityfocus_urls, #urls, #wpvulndb_ids, #wpvulndb_url, #wpvulndb_urls, #youtube_url, #youtube_urls

Constructor Details

#initialize(title, references: {}, type: nil, fixed_in: nil, introduced_in: nil, cvss: nil, poc: nil, uuid: nil) ⇒ Vulnerability

rubocop:disable Metrics/ParameterLists

Parameters:

• title (String)
• references (Hash) (defaults to: {})
• type (String) (defaults to: nil)
• fixed_in (String) (defaults to: nil)
• introduced_in (String) (defaults to: nil)
• cvss (HashSymbol) (defaults to: nil)

Options Hash (references:):

• :cve (Array<String>, String)
• :secunia (Array<String>, String)
• :osvdb (Array<String>, String)
• :exploitdb (Array<String>, String)
• :url (Array<String>) —

  URL(s) to related advisories etc

• :metasploit (Array<String>, String) —

  The related metasploit module(s)

• :youtube (Array<String>)

Options Hash (cvss:):

• :score (String)
• :vector (String)

# File 'lib/wpscan/vulnerability.rb', line 26

def initialize(title, references: {}, type: nil, fixed_in: nil, introduced_in: nil, cvss: nil, poc: nil, uuid: nil)
  # rubocop:enable Metrics/ParameterLists
  @title         = title
  @type          = type
  @fixed_in      = fixed_in
  @introduced_in = introduced_in
  @cvss          = { score: cvss[:score], vector: cvss[:vector] } if cvss
  @poc           = poc
  @uuid          = uuid

  self.references = references
end

Instance Attribute Details

#cvss ⇒ Object (readonly)

Returns the value of attribute cvss.

# File 'lib/wpscan/vulnerability.rb', line 8

def cvss
  @cvss
end

#fixed_in ⇒ Object (readonly)

Returns the value of attribute fixed_in.

# File 'lib/wpscan/vulnerability.rb', line 8

def fixed_in
  @fixed_in
end

#introduced_in ⇒ Object (readonly)

Returns the value of attribute introduced_in.

# File 'lib/wpscan/vulnerability.rb', line 8

def introduced_in
  @introduced_in
end

#poc ⇒ Object (readonly)

Returns the value of attribute poc.

# File 'lib/wpscan/vulnerability.rb', line 8

def poc
  @poc
end

#title ⇒ Object (readonly)

Returns the value of attribute title.

# File 'lib/wpscan/vulnerability.rb', line 8

def title
  @title
end

#type ⇒ Object (readonly)

Returns the value of attribute type.

# File 'lib/wpscan/vulnerability.rb', line 8

def type
  @type
end

#uuid ⇒ Object (readonly)

Returns the value of attribute uuid.

# File 'lib/wpscan/vulnerability.rb', line 8

def uuid
  @uuid
end

Class Method Details

.load_from_json(json_data) ⇒ Vulnerability

Parameters:

• json_data (Hash)

Returns:

• (Vulnerability)

# File 'lib/wpscan/vulnerability.rb', line 41

def self.load_from_json(json_data)
  references = { wpvulndb: json_data['id'].to_s }

  if json_data['references']
    references_keys.each do |key|
      references[key] = json_data['references'][key.to_s] if json_data['references'].key?(key.to_s)
    end
  end

  new(
    json_data['title'],
    references: references,
    type: json_data['vuln_type'],
    fixed_in: json_data['fixed_in'],
    introduced_in: json_data['introduced_in'],
    cvss: json_data['cvss']&.symbolize_keys,
    poc: json_data['poc'],
    uuid: json_data['id'].to_s # The 'id' field IS the UUID in WPScan API
  )
end

Instance Method Details

#==(other) ⇒ Boolean

Parameters:

• other (Vulnerability)

Returns:

• (Boolean)

# File 'lib/wpscan/vulnerability.rb', line 65

def ==(other)
  title == other.title &&
    type == other.type &&
    references == other.references &&
    fixed_in == other.fixed_in &&
    cvss == other.cvss &&
    poc == other.poc &&
    uuid == other.uuid
end