class WPScan::Finders::DynamicFinder::Version::JavascriptVar

Version finder using JavaScript Variable method

Public Class Methods

child_class_constants() click to toggle source

@return [ Hash ]

# File lib/wpscan/finders/dynamic_finder/version/javascript_var.rb, line 10
def self.child_class_constants
  @child_class_constants ||= super().merge(
    XPATH: '//script[not(@src)]', VERSION_KEY: nil,
    PATTERN: nil, CONFIDENCE: 60
  )
end

Public Instance Methods

find(response, _opts = {}) click to toggle source

@param [ Typhoeus::Response ] response @param [ Hash ] opts @return [ Version ]

# File lib/wpscan/finders/dynamic_finder/version/javascript_var.rb, line 20
def find(response, _opts = {})
  target.xpath_pattern_from_page(
    self.class::XPATH, self.class::PATTERN, response
  ) do |match_data, _node|
    next unless (version_number = version_number_from_match_data(match_data))

    # If the text to be output in the interesting_entries is > 50 chars,
    # get 20 chars before and after (when possible) the detected version instead
    match = match_data.to_s
    match = match[/.*?(.{,20}#{Regexp.escape(version_number)}.{,20}).*/, 1] if match.size > 50

    return create_version(
      version_number,
      interesting_entries: ["#{response.effective_url}, Match: '#{match.strip}'"]
    )
  end
  nil
end
version_number_from_match_data(match_data) click to toggle source

@param [ MatchData ] match_data @return [ String ]

# File lib/wpscan/finders/dynamic_finder/version/javascript_var.rb, line 41
def version_number_from_match_data(match_data)
  if self.class::VERSION_KEY
    begin
      json = JSON.parse("{#{match_data[:json].strip.chomp(',').tr("'", '"')}}")
    rescue JSON::ParserError
      return
    end

    json.dig(*self.class::VERSION_KEY.split(':'))
  else
    match_data[:v]
  end
end