class WPScan::Finders::DynamicFinder::Version::QueryParameter

Version finder using QueryParameter method

Public Class Methods

child_class_constants() click to toggle source

@return [ Hash ]

# File lib/wpscan/finders/dynamic_finder/version/query_parameter.rb, line 10
def self.child_class_constants
  @child_class_constants ||= super().merge(
    XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)=(?<v>\d+\.[.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
  )
end

Public Instance Methods

find(response, _opts = {}) click to toggle source

@param [ Typhoeus::Response ] response @param [ Hash ] opts @return [ Array<Version>, nil ]

# File lib/wpscan/finders/dynamic_finder/version/query_parameter.rb, line 19
def find(response, _opts = {})
  found = []

  scan_response(response).each do |version_number, occurences|
    found << create_version(
      version_number,
      confidence: self.class::CONFIDENCE_PER_OCCURENCE * occurences.size,
      interesting_entries: occurences
    )
  end

  found.compact
end
path_pattern() click to toggle source

@return [ Regexp ]

# File lib/wpscan/finders/dynamic_finder/version/query_parameter.rb, line 56
def path_pattern
  @path_pattern ||= %r{/(?:#{self.class::FILES.join('|')})\z}i
end
scan_response(response) click to toggle source

@param [ Typhoeus::Response ] response @return [ Hash ]

# File lib/wpscan/finders/dynamic_finder/version/query_parameter.rb, line 35
def scan_response(response)
  found = {}

  target.in_scope_uris(response, xpath) do |uri|
    next unless uri.path =~ path_pattern && uri.query&.match(self.class::PATTERN)

    version = Regexp.last_match[:v].to_s

    found[version] ||= []
    found[version] << uri.to_s
  end

  found
end
xpath() click to toggle source

@return [ String ]

# File lib/wpscan/finders/dynamic_finder/version/query_parameter.rb, line 51
def xpath
  @xpath ||= self.class::XPATH || '//link[@href]/@href|//script[@src]/@src'
end