Class: WPScan::Finders::DynamicFinder::Version::ConfigParser

Inherits:

Finder

• Object
• CMSScanner::Finders::Finder
• Finder
• Finder
• WPScan::Finders::DynamicFinder::Version::ConfigParser

Defined in:

lib/wpscan/finders/dynamic_finder/version/config_parser.rb

Overview

Version finder using by parsing config files, such as composer.json and so on

Direct Known Subclasses

WpItemVersion::ConfigParser

Constant Summary

ALLOWED_PARSERS =

[JSON, YAML].freeze

Class Method Summary

• .child_class_constants ⇒ Object

Instance Method Summary

• #find(response, _opts = {}) ⇒ Version
• #parse(body) ⇒ Hash^?

  The parsed body, with an available parser, if possible.

• #passive(opts = {}) ⇒ Object

  No Passive way.

Methods inherited from Finder

#aggressive, child_class_constant, create_child_class

Class Method Details

.child_class_constants ⇒ Object

# File 'lib/wpscan/finders/dynamic_finder/version/config_parser.rb', line 12

def self.child_class_constants
  @child_class_constants ||= super.merge(
    PARSER: nil, KEY: nil, PATTERN: /(?<v>\d+\.[.\d]+)/, CONFIDENCE: 70
  )
end

Instance Method Details

#find(response, _opts = {}) ⇒ Version

Parameters:

• response (Typhoeus::Response)
• opts (Hash)

Returns:

• (Version)

# File 'lib/wpscan/finders/dynamic_finder/version/config_parser.rb', line 40

def find(response, _opts = {})
  parsed_body = parse(response.body)
  # Create indexes for the #dig, digits are converted to integers
  indexes     = self.class::KEY.split(':').map { |e| e == e.to_i.to_s ? e.to_i : e }

  return unless (data = parsed_body&.dig(*indexes)) && data =~ self.class::PATTERN

  create_version(
    Regexp.last_match[:v],
    interesting_entries: ["#{response.effective_url}, Match: '#{Regexp.last_match}'"]
  )
end

#parse(body) ⇒ Hash^?

Returns The parsed body, with an available parser, if possible.

Parameters:

• body (String)

Returns:

• (Hash, nil) —

  The parsed body, with an available parser, if possible

# File 'lib/wpscan/finders/dynamic_finder/version/config_parser.rb', line 20

def parse(body)
  parsers = ALLOWED_PARSERS.include?(self.class::PARSER) ? [self.class::PARSER] : ALLOWED_PARSERS

  parsers.each do |parser|
    parsed = parser.respond_to?(:safe_load) ? parser.safe_load(body) : parser.load(body)

    return parsed if parsed.is_a?(Hash) || parsed.is_a?(Array)
  rescue StandardError
    next
  end

  nil # Make sure nil is returned in case none of the parsers managed to parse the body correctly
end

#passive(opts = {}) ⇒ Object

No Passive way

# File 'lib/wpscan/finders/dynamic_finder/version/config_parser.rb', line 35

def passive(opts = {}); end