Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(wpscan): support enterprise feature #1875

Merged
merged 9 commits into from
Mar 22, 2024
Merged

feat(wpscan): support enterprise feature #1875

merged 9 commits into from
Mar 22, 2024

Conversation

future-ryunosuketanai
Copy link
Contributor

@future-ryunosuketanai future-ryunosuketanai commented Mar 18, 2024
edited by MaineK00n
Loading

What did you implement:

There are two versions of wpscan:
・Free researcher version
・Paid enterprise version

This PR have accommodated the values obtained in the enterprise version.
And changed the structure that is only used for unmarshal of json in wpscan to unexported.

Type of change

Please delete options that are not relevant.

  • New feature (non-breaking change which adds functionality)

How Has This Been Tested?

I ran make test in the local environment.
And I have also confirmed the passing of the following tests added this time.

$ go test -v -run Test_convertToVinfos
=== RUN   Test_convertToVinfos
=== RUN   Test_convertToVinfos/WordPress_vulnerabilities_Enterprise
=== RUN   Test_convertToVinfos/WordPress_vulnerabilities_Researcher
--- PASS: Test_convertToVinfos (0.00s)
    --- PASS: Test_convertToVinfos/WordPress_vulnerabilities_Enterprise (0.00s)
    --- PASS: Test_convertToVinfos/WordPress_vulnerabilities_Researcher (0.00s)
PASS
ok      github.com/future-architect/vuls/detector       0.016s

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: Yes

Reference

MaineK00n
MaineK00n reviewed Mar 18, 2024
View reviewed changes
detector/wordpress.go Outdated Show resolved Hide resolved
detector/wordpress.go Show resolved Hide resolved
detector/wordpress_test.go Show resolved Hide resolved
MaineK00n
MaineK00n reviewed Mar 18, 2024
View reviewed changes
detector/wordpress.go Outdated Show resolved Hide resolved
@future-ryunosuketanai future-ryunosuketanai changed the title [WIP] supported the enterprise of wpscan feat(wpscan): support enterprise feature Mar 19, 2024
@future-ryunosuketanai future-ryunosuketanai marked this pull request as ready for review March 19, 2024 16:36
@future-ryunosuketanai
Copy link
Contributor Author

@MaineK00n @shino
Thank you for your thoughtful comments and suggestions.
I have made the corrections, so please review the PR.

MaineK00n
MaineK00n reviewed Mar 20, 2024
View reviewed changes
detector/wordpress.go Outdated Show resolved Hide resolved
MaineK00n
MaineK00n reviewed Mar 20, 2024
View reviewed changes
Copy link
Collaborator

@MaineK00n MaineK00n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's necessary to export WpCveInfos, WpCveInfo, and References, what do you think?
I think unnecessary exports create unnecessary guarantees for backward compatibility.

:100644 100644 09f7c7e 0000000 M	detector/wordpress.go

diff --git a/detector/wordpress.go b/detector/wordpress.go
index 09f7c7e..4086b63 100644
--- a/detector/wordpress.go
+++ b/detector/wordpress.go
@@ -22,20 +22,20 @@ import (
 	"golang.org/x/xerrors"
 )
 
-// WpCveInfos is for wpscan json
-type WpCveInfos struct {
+// wpCveInfos is for wpscan json
+type wpCveInfos struct {
 	ReleaseDate  string `json:"release_date"`
 	ChangelogURL string `json:"changelog_url"`
 	// Status        string `json:"status"`
 	LatestVersion string `json:"latest_version"`
 	LastUpdated   string `json:"last_updated"`
 	// Popular         bool        `json:"popular"`
-	Vulnerabilities []WpCveInfo `json:"vulnerabilities"`
+	Vulnerabilities []wpCveInfo `json:"vulnerabilities"`
 	Error           string      `json:"error"`
 }
 
-// WpCveInfo is for wpscan json
-type WpCveInfo struct {
+// wpCveInfo is for wpscan json
+type wpCveInfo struct {
 	ID            string     `json:"id"`
 	Title         string     `json:"title"`
 	CreatedAt     time.Time  `json:"created_at"`
@@ -44,7 +44,7 @@ type WpCveInfo struct {
 	Description   *string    `json:"description"` // Enterprise only
 	Poc           *string    `json:"poc"`         // Enterprise only
 	VulnType      string     `json:"vuln_type"`
-	References    References `json:"references"`
+	References    references `json:"references"`
 	Cvss          *Cvss      `json:"cvss"` // Enterprise only
 	Verified      bool       `json:"verified"`
 	FixedIn       *string    `json:"fixed_in"`
@@ -52,8 +52,8 @@ type WpCveInfo struct {
 	Closed        *Closed    `json:"closed"`
 }
 
-// References is for wpscan json
-type References struct {
+// references is for wpscan json
+type references struct {
 	URL     []string `json:"url"`
 	Cve     []string `json:"cve"`
 	YouTube []string `json:"youtube,omitempty"`

future-ryunosuketanai
future-ryunosuketanai commented Mar 21, 2024
View reviewed changes
Copy link
Contributor Author

@future-ryunosuketanai future-ryunosuketanai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MaineK00n @shino
Based on your comments, I have made two corrections. Please check them.
・Added exploitdb
・Changed some structures to unexported.

MaineK00n
MaineK00n reviewed Mar 21, 2024
View reviewed changes
detector/wordpress.go Outdated Show resolved Hide resolved
shino
shino reviewed Mar 21, 2024
View reviewed changes
detector/wordpress.go Outdated Show resolved Hide resolved
shino
shino reviewed Mar 21, 2024
View reviewed changes
detector/wordpress.go Outdated Show resolved Hide resolved
MaineK00n
MaineK00n reviewed Mar 21, 2024
View reviewed changes
detector/wordpress.go Outdated Show resolved Hide resolved
@future-ryunosuketanai @MaineK00n
Update detector/wordpress.go
5ba5fa4 
Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
shino
shino approved these changes Mar 21, 2024
View reviewed changes
Copy link
Collaborator

@shino shino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great contribution! Thanks a lot!!

@shino shino merged commit 50580f6 into future-architect:master Mar 22, 2024
7 checks passed
Destroyercodm added a commit to Destroyercodm/vuls that referenced this pull request Mar 23, 2024
@Destroyercodm
Revert "feat(wpscan): support enterprise feature (future-architect#1875
d66dd90 
…)"

This reverts commit 50580f6.
@future-ryunosuketanai future-ryunosuketanai deleted the detector/wordpress-enterprise branch April 3, 2024 06:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaineK00n MaineK00n MaineK00n approved these changes

@shino shino shino approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@future-ryunosuketanai @shino @MaineK00n