class WPScan::Finders::DynamicFinder::Version::ConfigParser

Version finder using by parsing config files, such as composer.json and so on

Constants

ALLOWED_PARSERS

Public Class Methods

child_class_constants() click to toggle source
# File lib/wpscan/finders/dynamic_finder/version/config_parser.rb, line 12
def self.child_class_constants
  @child_class_constants ||= super.merge(
    PARSER: nil, KEY: nil, PATTERN: /(?<v>\d+\.[.\d]+)/, CONFIDENCE: 70
  )
end

Public Instance Methods

find(response, _opts = {}) click to toggle source

@param [ Typhoeus::Response ] response @param [ Hash ] opts @return [ Version ]

# File lib/wpscan/finders/dynamic_finder/version/config_parser.rb, line 40
def find(response, _opts = {})
  parsed_body = parse(response.body)
  # Create indexes for the #dig, digits are converted to integers
  indexes     = self.class::KEY.split(':').map { |e| e == e.to_i.to_s ? e.to_i : e }

  return unless (data = parsed_body&.dig(*indexes)) && data =~ self.class::PATTERN

  create_version(
    Regexp.last_match[:v],
    interesting_entries: ["#{response.effective_url}, Match: '#{Regexp.last_match}'"]
  )
end
parse(body) click to toggle source

@param [ String ] body @return [ Hash, nil ] The parsed body, with an available parser, if possible

# File lib/wpscan/finders/dynamic_finder/version/config_parser.rb, line 20
def parse(body)
  parsers = ALLOWED_PARSERS.include?(self.class::PARSER) ? [self.class::PARSER] : ALLOWED_PARSERS

  parsers.each do |parser|
    parsed = parser.respond_to?(:safe_load) ? parser.safe_load(body) : parser.load(body)

    return parsed if parsed.is_a?(Hash) || parsed.is_a?(Array)
  rescue StandardError
    next
  end

  nil # Make sure nil is returned in case none of the parsers managed to parse the body correctly
end
passive(opts = {}) click to toggle source

No Passive way

# File lib/wpscan/finders/dynamic_finder/version/config_parser.rb, line 35
def passive(opts = {}); end