Class: WPScan::DB::VulnApi

Inherits:

Object

• Object
• WPScan::DB::VulnApi

Defined in:

lib/wpscan/db/vuln_api.rb

Overview

WPVulnDB API

Constant Summary

NON_ERROR_CODES =

[200, 403].freeze

Class Attribute Summary

• .token ⇒ Object

  Returns the value of attribute token.

Class Method Summary

• .default_request_params ⇒ Hash
• .get(path, params = {}) ⇒ Hash
• .plugin_data(slug) ⇒ Hash
• .status ⇒ Hash
• .theme_data(slug) ⇒ Hash
• .uri ⇒ Addressable::URI
• .wordpress_data(version_number) ⇒ Hash

Class Attribute Details

.token ⇒ Object

Returns the value of attribute token.

# File 'lib/wpscan/db/vuln_api.rb', line 10

def token
  @token
end

Class Method Details

.default_request_params ⇒ Hash

Note:

Those params can not be overriden by CLI options

Returns:

• (Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 72

def self.default_request_params
  @default_request_params ||= Browser.instance.default_request_params.merge(
    headers: {
      'User-Agent' => Browser.instance.default_user_agent,
      'Authorization' => "Token token=#{token}"
    }
  )
end

.get(path, params = {}) ⇒ Hash

Parameters:

• path (String)
• params (Hash) (defaults to: {})

Returns:

• (Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 22

def self.get(path, params = {})
  return {} unless token
  return {} if path.end_with?('/latest') # Remove this when api/v4 is up

  # Typhoeus.get is used rather than Browser.get to avoid merging irrelevant params from the CLI
  res = Typhoeus.get(uri.join(path), default_request_params.merge(params))

  return {} if res.code == 404 || res.code == 429
  return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)

  raise Error::HTTP, res
rescue Error::HTTP => e
  retries ||= 0

  if (retries += 1) <= 3
    @default_request_params[:headers]['X-Retry'] = retries

    sleep(1)
    retry
  end

  { 'http_error' => e }
end

.plugin_data(slug) ⇒ Hash

Returns:

• (Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 47

def self.plugin_data(slug)
  get("plugins/#{slug}")&.dig(slug) || {}
end

.status ⇒ Hash

Returns:

• (Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 62

def self.status
  json = get('status', params: { version: WPScan::VERSION }, cache_ttl: 0)

  json['requests_remaining'] = 'Unlimited' if json['requests_remaining'] == -1

  json
end

.theme_data(slug) ⇒ Hash

Returns:

• (Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 52

def self.theme_data(slug)
  get("themes/#{slug}")&.dig(slug) || {}
end

.uri ⇒ Addressable::URI

Returns:

• (Addressable::URI)

# File 'lib/wpscan/db/vuln_api.rb', line 14

def self.uri
  @uri ||= Addressable::URI.parse('https://wpscan.com/api/v3/')
end

.wordpress_data(version_number) ⇒ Hash

Returns:

• (Hash)

# File 'lib/wpscan/db/vuln_api.rb', line 57

def self.wordpress_data(version_number)
  get("wordpresses/#{version_number.tr('.', '')}")&.dig(version_number) || {}
end