Class: WPScan::DB::VulnApi
- Inherits:
-
Object
- Object
- WPScan::DB::VulnApi
- Defined in:
- lib/wpscan/db/vuln_api.rb
Overview
WPVulnDB API
Constant Summary collapse
- NON_ERROR_CODES =
[200, 403].freeze
Class Attribute Summary collapse
-
.token ⇒ Object
Returns the value of attribute token.
Class Method Summary collapse
- .default_request_params ⇒ Hash
- .get(path, params = {}) ⇒ Hash
- .plugin_data(slug) ⇒ Hash
- .status ⇒ Hash
- .theme_data(slug) ⇒ Hash
- .uri ⇒ Addressable::URI
- .wordpress_data(version_number) ⇒ Hash
Class Attribute Details
.token ⇒ Object
Returns the value of attribute token.
10 11 12 |
# File 'lib/wpscan/db/vuln_api.rb', line 10 def token @token end |
Class Method Details
.default_request_params ⇒ Hash
Note:
Those params can not be overriden by CLI options
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/wpscan/db/vuln_api.rb', line 79 def self.default_request_params @default_request_params ||= begin params = Browser.instance.default_request_params.merge( headers: { 'User-Agent' => Browser.instance.default_user_agent, 'Authorization' => "Token token=#{token}" } ) if ParsedCli.proxy_target_only params.delete(:proxy) params.delete(:proxyuserpwd) end params end end |
.get(path, params = {}) ⇒ Hash
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/wpscan/db/vuln_api.rb', line 22 def self.get(path, params = {}) return {} unless token # Guard against a slug or WordPress version equal to the literal # string "latest": such a value would map to the # /{plugins,themes,wordpresses,all}/latest list endpoints, which # return a payload the per-entity parser below cannot handle. return {} if path.end_with?('/latest') # Typhoeus.get is used rather than Browser.get to avoid merging irrelevant params from the CLI res = Typhoeus.get(uri.join(path), default_request_params.merge(params)) return {} if [404, 429].include?(res.code) return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code) raise Error::HTTP, res rescue Error::HTTP => e retries ||= 0 if (retries += 1) <= 3 @default_request_params[:headers]['X-Retry'] = retries sleep(1) retry end { 'http_error' => e } rescue JSON::ParserError => e # API returned non-JSON response (HTML, plain text, etc.) { 'parse_error' => e } end |
.plugin_data(slug) ⇒ Hash
54 55 56 |
# File 'lib/wpscan/db/vuln_api.rb', line 54 def self.plugin_data(slug) get("plugins/#{slug}")&.dig(slug) || {} end |
.status ⇒ Hash
69 70 71 72 73 74 75 |
# File 'lib/wpscan/db/vuln_api.rb', line 69 def self.status json = get('status', params: { version: WPScan::VERSION }, cache_ttl: 0) json['requests_remaining'] = 'Unlimited' if json['requests_remaining'] == -1 json end |
.theme_data(slug) ⇒ Hash
59 60 61 |
# File 'lib/wpscan/db/vuln_api.rb', line 59 def self.theme_data(slug) get("themes/#{slug}")&.dig(slug) || {} end |
.uri ⇒ Addressable::URI
14 15 16 |
# File 'lib/wpscan/db/vuln_api.rb', line 14 def self.uri @uri ||= Addressable::URI.parse('https://wpscan.com/api/v4/') end |
.wordpress_data(version_number) ⇒ Hash
64 65 66 |
# File 'lib/wpscan/db/vuln_api.rb', line 64 def self.wordpress_data(version_number) get("wordpresses/#{version_number.tr('.', '')}")&.dig(version_number) || {} end |