VulnAPI Implementation

Author: erwanlr

.rubocop.yml

@@ -8,12 +8,12 @@ ClassVars:
   Enabled: false
 LineLength:
   Max: 120
+Lint/UriEscapeUnescape:
+  Enabled: false
 MethodLength:
   Max: 20
   Exclude:
   - 'app/controllers/enumeration/cli_options.rb'
-Lint/UriEscapeUnescape:
-  Enabled: false
 Metrics/AbcSize:
   Max: 25
 Metrics/BlockLength:
@@ -29,3 +29,6 @@ Style/Documentation:
   Enabled: false
 Style/FormatStringToken:
   Enabled: false
+Style/NumericPredicate:
+  Exclude:
+  - 'app/controllers/vuln_api.rb'

app/controllers.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'controllers/core'
-require_relative 'controllers/api_token'
+require_relative 'controllers/vuln_api'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'
 require_relative 'controllers/main_theme'

app/controllers/api_token.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Controller
+    # Controller to handle the API token
+    class VulnApi < CMSScanner::Controller::Base
+      def cli_options
+        [
+          OptString.new(['--api-token TOKEN', 'The WPVulnDB API Token to display vulnerability data'])
+        ]
+      end
+
+      def before_scan
+        return unless ParsedCli.api_token
+
+        DB::VulnApi.token = ParsedCli.api_token
+
+        api_status = DB::VulnApi.status
+
+        raise Error::InvalidApiToken if api_status['error']
+        raise Error::ApiLimitReached if api_status['requests_remaining'] == 0
+        raise api_status['http_error'] if api_status['http_error']
+      end
+
+      def after_scan
+        output('status', status: DB::VulnApi.status, api_requests: WPScan.api_requests)
+      end
+    end
+  end
+end

app/controllers/vuln_api.rb

@@ -15,9 +15,16 @@ def initialize(slug, blog, opts = {})
         @uri = Addressable::URI.parse(blog.url(path_from_blog))
       end
 
-      # @return [ JSON ]
+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
+      # @return [ Hash ]
       def metadata
-        @metadata ||= DB::Plugin.metadata_at(slug)
+        @metadata ||= db_data.empty? ? DB::Plugin.metadata_at(slug) : db_data
+      end
+
+      # @return [ Hash ]
+      def db_data
+        @db_data ||= DB::VulnApi.plugin_data(slug)
       end
 
       # @param [ Hash ] opts

app/models/plugin.rb

@@ -21,9 +21,16 @@ def initialize(slug, blog, opts = {})
         parse_style
       end
 
+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
       # @return [ JSON ]
       def metadata
-        @metadata ||= DB::Theme.metadata_at(slug)
+        @metadata ||= db_data.empty? ? DB::Theme.metadata_at(slug) : db_data
+      end
+
+      # @return [ Hash ]
+      def db_data
+        @db_data ||= DB::VulnApi.theme_data(slug)
       end
 
       # @param [ Hash ] opts

app/models/theme.rb

@@ -39,11 +39,10 @@ def vulnerabilities
 
         @vulnerabilities = []
 
-        # TODO Get them from API
-        #[*db_data['vulnerabilities']].each do |json_vuln|
-        #  vulnerability = Vulnerability.load_from_json(json_vuln)
-        #  @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
-        #end
+        [*db_data['vulnerabilities']].each do |json_vuln|
+          vulnerability = Vulnerability.load_from_json(json_vuln)
+          @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
+        end
 
         @vulnerabilities
       end
@@ -67,7 +66,7 @@ def latest_version
       # Not used anywhere ATM
       # @return [ Boolean ]
       def popular?
-        @popular ||= metadata['popular']
+        @popular ||= metadata['popular'] ? true : false
       end
 
       # @return [ String ]

app/models/wp_item.rb

@@ -35,9 +35,16 @@ def self.all
         @all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }
       end
 
-      # @return [ JSON ]
+      # Retrieve the metadata from the vuln API if available (and a valid token is given),
+      # or the local metadata db otherwise
+      # @return [ Hash ]
       def metadata
-        @metadata ||= DB::Version.metadata_at(number)
+        @metadata ||= db_data.empty? ? DB::Version.metadata_at(number) : db_data
+      end
+
+      # @return [ Hash ]
+      def db_data
+        @db_data ||= DB::VulnApi.wordpress_data(number)
       end
 
       # @return [ Array<Vulnerability> ]
@@ -46,10 +53,9 @@ def vulnerabilities
 
         @vulnerabilities = []
 
-        # TODO get them from API
-        #[*db_data['vulnerabilities']].each do |json_vuln|
-        #  @vulnerabilities << Vulnerability.load_from_json(json_vuln)
-        #end
+        [*db_data['vulnerabilities']].each do |json_vuln|
+          @vulnerabilities << Vulnerability.load_from_json(json_vuln)
+        end
 
         @vulnerabilities
       end

app/models/wp_version.rb

@@ -0,0 +1,13 @@
+<% unless @status.empty? -%>
+<% if @status['http_error'] -%>
+<%= critical_icon %> WPVulnDB API, <%= @status['http_error'].to_s %>
+<% else -%>
+<%= info_icon %> WPVulnDB API OK
+ | Plan: <%= @status['plan'] %>
+ | Requests Done (during the scan): <%= @api_requests %>
+ | Requests Remaining: <%= @status['requests_remaining'] %>
+<% end -%>
+<% else -%>
+<%= warning_icon %> No WPVulnDB API Token given, as a result vulnerability data has not been output.
+<%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/register.
+<% end -%>

app/views/cli/vuln_api/status.erb

@@ -0,0 +1,13 @@
+"vuln_api": {
+<% unless @status.empty? -%>
+<% if @status['http_error'] -%>
+"http_error": <%= @status['http_error'].to_s.to_json %>
+<% else -%>
+"plan": <%= @status['plan'].to_json %>,
+"requests_done_during_scan": <%= @api_requests.to_json %>,
+"requests_remaining": <%= @status['requests_remaining'].to_json %>
+<% end -%>
+<% else -%>
+"error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpvulndb.com/register."
+<% end -%>
+},