From a0907b123155efae2bed1bc1ffccabc5e0eb0dd3 Mon Sep 17 00:00:00 2001 From: future-ryunosuketanai Date: Mon, 18 Mar 2024 21:43:08 +0900 Subject: [PATCH 1/9] supported the enterprise version of wpscan --- detector/wordpress.go | 58 ++++++++++---- detector/wordpress_test.go | 159 +++++++++++++++++++++++++++++++++++++ models/cvecontents.go | 6 +- 3 files changed, 204 insertions(+), 19 deletions(-) diff --git a/detector/wordpress.go b/detector/wordpress.go index f95ea52e9a..e3342a32da 100644 --- a/detector/wordpress.go +++ b/detector/wordpress.go @@ -9,6 +9,7 @@ import ( "fmt" "io" "net/http" + "strconv" "strings" "time" @@ -35,20 +36,37 @@ type WpCveInfos struct { // WpCveInfo is for wpscan json type WpCveInfo struct { - ID string `json:"id"` - Title string `json:"title"` - CreatedAt time.Time `json:"created_at"` - UpdatedAt time.Time `json:"updated_at"` - VulnType string `json:"vuln_type"` - References References `json:"references"` - FixedIn string `json:"fixed_in"` + ID string `json:"id"` + Title string `json:"title"` + CreatedAt time.Time `json:"created_at"` + UpdatedAt time.Time `json:"updated_at"` + PublishedDate time.Time `json:"published_date"` + Description string `json:"description"` // Enterprise only + Poc string `json:"poc"` // Enterprise only + VulnType string `json:"vuln_type"` + References References `json:"references"` + Cvss Cvss `json:"cvss"` // Enterprise only + Verified bool `json:"verified"` + FixedIn string `json:"fixed_in"` + IntroducedIn string `json:"introduced_in"` + Closed Closed `json:"closed"` } // References is for wpscan json type References struct { - URL []string `json:"url"` - Cve []string `json:"cve"` - Secunia []string `json:"secunia"` + URL []string `json:"url"` + Cve []string `json:"cve"` +} + +// CVSS is for wpscan json +type Cvss struct { + Score string `json:"score"` + Vector string `json:"vector"` + Severity string `json:"severity"` +} + +type Closed struct { + ClosedReason string `json:"closed_reason"` } // DetectWordPressCves access to wpscan and fetch scurity alerts and then set to the given ScanResult. @@ -197,17 +215,25 @@ func extractToVulnInfos(pkgName string, cves []WpCveInfo) (vinfos []models.VulnI }) } + v3score := 0.0 + if vulnerability.Cvss.Score != "" { + v3score, _ = strconv.ParseFloat(vulnerability.Cvss.Score, 64) + } + for _, cveID := range cveIDs { vinfos = append(vinfos, models.VulnInfo{ CveID: cveID, CveContents: models.NewCveContents( models.CveContent{ - Type: models.WpScan, - CveID: cveID, - Title: vulnerability.Title, - References: refs, - Published: vulnerability.CreatedAt, - LastModified: vulnerability.UpdatedAt, + Type: models.WpScan, + CveID: cveID, + Title: vulnerability.Title, + Cvss3Score: v3score, + Cvss3Vector: vulnerability.Cvss.Vector, + Cvss3Severity: vulnerability.Cvss.Severity, + References: refs, + Published: vulnerability.CreatedAt, + LastModified: vulnerability.UpdatedAt, }, ), VulnType: vulnerability.VulnType, diff --git a/detector/wordpress_test.go b/detector/wordpress_test.go index 47ddca1a9b..705d5dc8a0 100644 --- a/detector/wordpress_test.go +++ b/detector/wordpress_test.go @@ -6,6 +6,7 @@ package detector import ( "reflect" "testing" + "time" "github.com/future-architect/vuls/models" ) @@ -82,3 +83,161 @@ func TestRemoveInactive(t *testing.T) { } } } + +// ref: https://wpscan.com/docs/api/v3/v3.yml/ +func Test_convertToVinfos(t *testing.T) { + type args struct { + pkgName string + body string + } + tests := []struct { + name string + args args + wantVinfos []models.VulnInfo + wantErr bool + }{ + { + name: "WordPress vulnerabilities Enterprise", + args: args{ + pkgName: "4.9.4", + body: ` +{ + "4.9.4": { + "release_date": "2018-02-06", + "changelog_url": "https://codex.wordpress.org/Version_4.9.4", + "status": "insecure", + "vulnerabilities": [ + { + "id": "5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919", + "title": "WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)", + "created_at": "2018-02-05T16:50:40.000Z", + "updated_at": "2020-09-22T07:24:12.000Z", + "published_date": "2018-02-05T00:00:00.000Z", + "description": "An application Denial of Service (DoS) was found to affect WordPress versions 4.9.4 and below. We are not aware of a patch for this issue.", + "poc": "string", + "vuln_type": "DOS", + "references": { + "url": [ + "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html" + ] + }, + "cvss": { + "score": "7.5", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "severity": "high" + }, + "verified": false, + "fixed_in": "4.9.5", + "introduced_in": "1.0" + } + ] + } +}`, + }, + wantVinfos: []models.VulnInfo{ + { + CveID: "WPVDBID-5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919", + CveContents: models.NewCveContents( + models.CveContent{ + Type: "wpscan", + CveID: "WPVDBID-5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919", + Title: "WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)", + Cvss3Score: 7.5, + Cvss3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + Cvss3Severity: "high", + References: []models.Reference{ + {Link: "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html"}, + }, + Published: time.Date(2018, 2, 5, 16, 50, 40, 0, time.UTC), + LastModified: time.Date(2020, 9, 22, 7, 24, 12, 0, time.UTC), + }, + ), + VulnType: "DOS", + Confidences: []models.Confidence{ + models.WpScanMatch, + }, + WpPackageFixStats: []models.WpPackageFixStatus{ + { + Name: "4.9.4", + FixedIn: "4.9.5", + }, + }, + }, + }, + }, + { + name: "WordPress vulnerabilities Researcher", + args: args{ + pkgName: "4.9.4", + body: ` +{ + "4.9.4": { + "release_date": "2018-02-06", + "changelog_url": "https://codex.wordpress.org/Version_4.9.4", + "status": "insecure", + "vulnerabilities": [ + { + "id": "5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919", + "title": "WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)", + "created_at": "2018-02-05T16:50:40.000Z", + "updated_at": "2020-09-22T07:24:12.000Z", + "published_date": "2018-02-05T00:00:00.000Z", + "description": null, + "poc": null, + "vuln_type": "DOS", + "references": { + "url": [ + "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html" + ] + }, + "cvss": null, + "verified": false, + "fixed_in": "4.9.5", + "introduced_in": null + } + ] + } +}`, + }, + wantVinfos: []models.VulnInfo{ + { + CveID: "WPVDBID-5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919", + CveContents: models.NewCveContents( + models.CveContent{ + Type: "wpscan", + CveID: "WPVDBID-5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919", + Title: "WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)", + References: []models.Reference{ + {Link: "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html"}, + }, + Published: time.Date(2018, 2, 5, 16, 50, 40, 0, time.UTC), + LastModified: time.Date(2020, 9, 22, 7, 24, 12, 0, time.UTC), + }, + ), + VulnType: "DOS", + Confidences: []models.Confidence{ + models.WpScanMatch, + }, + WpPackageFixStats: []models.WpPackageFixStatus{ + { + Name: "4.9.4", + FixedIn: "4.9.5", + }, + }, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotVinfos, err := convertToVinfos(tt.args.pkgName, tt.args.body) + if (err != nil) != tt.wantErr { + t.Errorf("convertToVinfos() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(gotVinfos, tt.wantVinfos) { + t.Errorf("convertToVinfos() = %v, want %v", gotVinfos, tt.wantVinfos) + } + }) + } +} diff --git a/models/cvecontents.go b/models/cvecontents.go index 83b203ddfb..5387ea8fea 100644 --- a/models/cvecontents.go +++ b/models/cvecontents.go @@ -274,9 +274,9 @@ type CveContent struct { Cvss2Score float64 `json:"cvss2Score"` Cvss2Vector string `json:"cvss2Vector"` Cvss2Severity string `json:"cvss2Severity"` - Cvss3Score float64 `json:"cvss3Score"` - Cvss3Vector string `json:"cvss3Vector"` - Cvss3Severity string `json:"cvss3Severity"` + Cvss3Score float64 `json:"cvss3Score,omitempty"` + Cvss3Vector string `json:"cvss3Vector,omitempty"` + Cvss3Severity string `json:"cvss3Severity,omitempty"` SourceLink string `json:"sourceLink"` Cpes []Cpe `json:"cpes,omitempty"` References References `json:"references,omitempty"` From 90691d5fc1a82676b9f7b24a135ee20fc9a2e581 Mon Sep 17 00:00:00 2001 From: future-ryunosuketanai Date: Mon, 18 Mar 2024 22:05:57 +0900 Subject: [PATCH 2/9] remove omitempty --- models/cvecontents.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/models/cvecontents.go b/models/cvecontents.go index 5387ea8fea..83b203ddfb 100644 --- a/models/cvecontents.go +++ b/models/cvecontents.go @@ -274,9 +274,9 @@ type CveContent struct { Cvss2Score float64 `json:"cvss2Score"` Cvss2Vector string `json:"cvss2Vector"` Cvss2Severity string `json:"cvss2Severity"` - Cvss3Score float64 `json:"cvss3Score,omitempty"` - Cvss3Vector string `json:"cvss3Vector,omitempty"` - Cvss3Severity string `json:"cvss3Severity,omitempty"` + Cvss3Score float64 `json:"cvss3Score"` + Cvss3Vector string `json:"cvss3Vector"` + Cvss3Severity string `json:"cvss3Severity"` SourceLink string `json:"sourceLink"` Cpes []Cpe `json:"cpes,omitempty"` References References `json:"references,omitempty"` From efd724c8dcb50c57cc70aeb941883338c5171076 Mon Sep 17 00:00:00 2001 From: future-ryunosuketanai Date: Wed, 20 Mar 2024 01:23:27 +0900 Subject: [PATCH 3/9] fix struct pointer --- detector/wordpress.go | 60 ++++++++++++++++++++++++++++---------- detector/wordpress_test.go | 44 ++++++++++++++++++---------- 2 files changed, 73 insertions(+), 31 deletions(-) diff --git a/detector/wordpress.go b/detector/wordpress.go index e3342a32da..09f7c7ee45 100644 --- a/detector/wordpress.go +++ b/detector/wordpress.go @@ -41,21 +41,22 @@ type WpCveInfo struct { CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` PublishedDate time.Time `json:"published_date"` - Description string `json:"description"` // Enterprise only - Poc string `json:"poc"` // Enterprise only + Description *string `json:"description"` // Enterprise only + Poc *string `json:"poc"` // Enterprise only VulnType string `json:"vuln_type"` References References `json:"references"` - Cvss Cvss `json:"cvss"` // Enterprise only + Cvss *Cvss `json:"cvss"` // Enterprise only Verified bool `json:"verified"` - FixedIn string `json:"fixed_in"` - IntroducedIn string `json:"introduced_in"` - Closed Closed `json:"closed"` + FixedIn *string `json:"fixed_in"` + IntroducedIn *string `json:"introduced_in"` + Closed *Closed `json:"closed"` } // References is for wpscan json type References struct { - URL []string `json:"url"` - Cve []string `json:"cve"` + URL []string `json:"url"` + Cve []string `json:"cve"` + YouTube []string `json:"youtube,omitempty"` } // CVSS is for wpscan json @@ -209,15 +210,42 @@ func extractToVulnInfos(pkgName string, cves []WpCveInfo) (vinfos []models.VulnI } var refs []models.Reference + if vulnerability.Poc != nil { + refs = append(refs, models.Reference{ + Source: *vulnerability.Poc, + }) + } for _, url := range vulnerability.References.URL { refs = append(refs, models.Reference{ Link: url, }) } + for _, key := range vulnerability.References.YouTube { + refs = append(refs, models.Reference{ + Link: fmt.Sprintf("https://www.youtube.com/watch?v=%s", key), + }) + } - v3score := 0.0 - if vulnerability.Cvss.Score != "" { - v3score, _ = strconv.ParseFloat(vulnerability.Cvss.Score, 64) + var summary, cvss3Vector, cvss3Severity, fixedIn string + var cvss3Score float64 + if vulnerability.Description != nil { + summary = *vulnerability.Description + } + if vulnerability.Cvss != nil { + cvss3Vector = vulnerability.Cvss.Vector + cvss3Severity = vulnerability.Cvss.Severity + cvss3Score, _ = strconv.ParseFloat(vulnerability.Cvss.Score, 64) + } + if vulnerability.FixedIn != nil { + fixedIn = *vulnerability.FixedIn + } + + optional := map[string]string{} + if vulnerability.IntroducedIn != nil { + optional["introduced_in"] = *vulnerability.IntroducedIn + } + if vulnerability.Closed != nil { + optional["closed_reason"] = vulnerability.Closed.ClosedReason } for _, cveID := range cveIDs { @@ -228,12 +256,14 @@ func extractToVulnInfos(pkgName string, cves []WpCveInfo) (vinfos []models.VulnI Type: models.WpScan, CveID: cveID, Title: vulnerability.Title, - Cvss3Score: v3score, - Cvss3Vector: vulnerability.Cvss.Vector, - Cvss3Severity: vulnerability.Cvss.Severity, + Summary: summary, + Cvss3Score: cvss3Score, + Cvss3Vector: cvss3Vector, + Cvss3Severity: cvss3Severity, References: refs, Published: vulnerability.CreatedAt, LastModified: vulnerability.UpdatedAt, + Optional: optional, }, ), VulnType: vulnerability.VulnType, @@ -242,7 +272,7 @@ func extractToVulnInfos(pkgName string, cves []WpCveInfo) (vinfos []models.VulnI }, WpPackageFixStats: []models.WpPackageFixStatus{{ Name: pkgName, - FixedIn: vulnerability.FixedIn, + FixedIn: fixedIn, }}, }) } diff --git a/detector/wordpress_test.go b/detector/wordpress_test.go index 705d5dc8a0..52eca35824 100644 --- a/detector/wordpress_test.go +++ b/detector/wordpress_test.go @@ -91,10 +91,10 @@ func Test_convertToVinfos(t *testing.T) { body string } tests := []struct { - name string - args args - wantVinfos []models.VulnInfo - wantErr bool + name string + args args + expected []models.VulnInfo + expectedErr bool }{ { name: "WordPress vulnerabilities Enterprise", @@ -114,11 +114,14 @@ func Test_convertToVinfos(t *testing.T) { "updated_at": "2020-09-22T07:24:12.000Z", "published_date": "2018-02-05T00:00:00.000Z", "description": "An application Denial of Service (DoS) was found to affect WordPress versions 4.9.4 and below. We are not aware of a patch for this issue.", - "poc": "string", + "poc": "poc source url", "vuln_type": "DOS", "references": { "url": [ "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html" + ], + "cve": [ + "2018-6389" ] }, "cvss": { @@ -134,22 +137,27 @@ func Test_convertToVinfos(t *testing.T) { } }`, }, - wantVinfos: []models.VulnInfo{ + expected: []models.VulnInfo{ { - CveID: "WPVDBID-5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919", + CveID: "CVE-2018-6389", CveContents: models.NewCveContents( models.CveContent{ Type: "wpscan", - CveID: "WPVDBID-5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919", + CveID: "CVE-2018-6389", Title: "WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)", + Summary: "An application Denial of Service (DoS) was found to affect WordPress versions 4.9.4 and below. We are not aware of a patch for this issue.", Cvss3Score: 7.5, Cvss3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", Cvss3Severity: "high", References: []models.Reference{ + {Source: "poc source url"}, {Link: "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html"}, }, Published: time.Date(2018, 2, 5, 16, 50, 40, 0, time.UTC), LastModified: time.Date(2020, 9, 22, 7, 24, 12, 0, time.UTC), + Optional: map[string]string{ + "introduced_in": "1.0", + }, }, ), VulnType: "DOS", @@ -188,6 +196,9 @@ func Test_convertToVinfos(t *testing.T) { "references": { "url": [ "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html" + ], + "cve": [ + "2018-6389" ] }, "cvss": null, @@ -199,19 +210,20 @@ func Test_convertToVinfos(t *testing.T) { } }`, }, - wantVinfos: []models.VulnInfo{ + expected: []models.VulnInfo{ { - CveID: "WPVDBID-5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919", + CveID: "CVE-2018-6389", CveContents: models.NewCveContents( models.CveContent{ Type: "wpscan", - CveID: "WPVDBID-5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919", + CveID: "CVE-2018-6389", Title: "WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)", References: []models.Reference{ {Link: "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html"}, }, Published: time.Date(2018, 2, 5, 16, 50, 40, 0, time.UTC), LastModified: time.Date(2020, 9, 22, 7, 24, 12, 0, time.UTC), + Optional: map[string]string{}, }, ), VulnType: "DOS", @@ -230,13 +242,13 @@ func Test_convertToVinfos(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - gotVinfos, err := convertToVinfos(tt.args.pkgName, tt.args.body) - if (err != nil) != tt.wantErr { - t.Errorf("convertToVinfos() error = %v, wantErr %v", err, tt.wantErr) + got, err := convertToVinfos(tt.args.pkgName, tt.args.body) + if (err != nil) != tt.expectedErr { + t.Errorf("convertToVinfos() error = %v, wantErr %v", err, tt.expectedErr) return } - if !reflect.DeepEqual(gotVinfos, tt.wantVinfos) { - t.Errorf("convertToVinfos() = %v, want %v", gotVinfos, tt.wantVinfos) + if !reflect.DeepEqual(got, tt.expected) { + t.Errorf("convertToVinfos() = %+v, want %+v", got, tt.expected) } }) } From 3a7fde9888e2425cddfdc96bee9af5aae14beab9 Mon Sep 17 00:00:00 2001 From: future-ryunosuketanai <56010048+future-ryunosuketanai@users.noreply.github.com> Date: Thu, 21 Mar 2024 15:31:55 +0900 Subject: [PATCH 4/9] Update detector/wordpress.go Co-authored-by: MaineK00n --- detector/wordpress.go | 1 + 1 file changed, 1 insertion(+) diff --git a/detector/wordpress.go b/detector/wordpress.go index 09f7c7ee45..7c6bea4ca2 100644 --- a/detector/wordpress.go +++ b/detector/wordpress.go @@ -57,6 +57,7 @@ type References struct { URL []string `json:"url"` Cve []string `json:"cve"` YouTube []string `json:"youtube,omitempty"` + ExploitDB []string `json:"exploitdb,omitempty"` } // CVSS is for wpscan json From f2a1cd5a886e9ff8778ac7a0ab953a5e36053693 Mon Sep 17 00:00:00 2001 From: future-ryunosuketanai Date: Thu, 21 Mar 2024 15:44:08 +0900 Subject: [PATCH 5/9] add exploitdb to wpscan ref --- detector/wordpress.go | 15 ++++++++++----- detector/wordpress_test.go | 2 +- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/detector/wordpress.go b/detector/wordpress.go index 7c6bea4ca2..2d8ffe2b7c 100644 --- a/detector/wordpress.go +++ b/detector/wordpress.go @@ -54,9 +54,9 @@ type WpCveInfo struct { // References is for wpscan json type References struct { - URL []string `json:"url"` - Cve []string `json:"cve"` - YouTube []string `json:"youtube,omitempty"` + URL []string `json:"url"` + Cve []string `json:"cve"` + YouTube []string `json:"youtube,omitempty"` ExploitDB []string `json:"exploitdb,omitempty"` } @@ -221,9 +221,14 @@ func extractToVulnInfos(pkgName string, cves []WpCveInfo) (vinfos []models.VulnI Link: url, }) } - for _, key := range vulnerability.References.YouTube { + for _, id := range vulnerability.References.YouTube { refs = append(refs, models.Reference{ - Link: fmt.Sprintf("https://www.youtube.com/watch?v=%s", key), + Link: fmt.Sprintf("https://www.youtube.com/watch?v=%s", id), + }) + } + for _, id := range vulnerability.References.ExploitDB { + refs = append(refs, models.Reference{ + Link: fmt.Sprintf("https://www.exploit-db.com/exploits/%s", id), }) } diff --git a/detector/wordpress_test.go b/detector/wordpress_test.go index 52eca35824..f7f762ec57 100644 --- a/detector/wordpress_test.go +++ b/detector/wordpress_test.go @@ -84,7 +84,7 @@ func TestRemoveInactive(t *testing.T) { } } -// ref: https://wpscan.com/docs/api/v3/v3.yml/ +// https://wpscan.com/docs/api/v3/v3.yml/ func Test_convertToVinfos(t *testing.T) { type args struct { pkgName string From 69211941ade8334f7b03c49395898321c094b5c1 Mon Sep 17 00:00:00 2001 From: future-ryunosuketanai Date: Thu, 21 Mar 2024 15:53:15 +0900 Subject: [PATCH 6/9] unexport WpCveInfos, WpCveInfo, and References --- detector/wordpress.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/detector/wordpress.go b/detector/wordpress.go index 2d8ffe2b7c..29e9cd2f85 100644 --- a/detector/wordpress.go +++ b/detector/wordpress.go @@ -22,20 +22,20 @@ import ( "golang.org/x/xerrors" ) -// WpCveInfos is for wpscan json -type WpCveInfos struct { +// wpCveInfos is for wpscan json +type wpCveInfos struct { ReleaseDate string `json:"release_date"` ChangelogURL string `json:"changelog_url"` // Status string `json:"status"` LatestVersion string `json:"latest_version"` LastUpdated string `json:"last_updated"` // Popular bool `json:"popular"` - Vulnerabilities []WpCveInfo `json:"vulnerabilities"` + Vulnerabilities []wpCveInfo `json:"vulnerabilities"` Error string `json:"error"` } -// WpCveInfo is for wpscan json -type WpCveInfo struct { +// wpCveInfo is for wpscan json +type wpCveInfo struct { ID string `json:"id"` Title string `json:"title"` CreatedAt time.Time `json:"created_at"` @@ -44,7 +44,7 @@ type WpCveInfo struct { Description *string `json:"description"` // Enterprise only Poc *string `json:"poc"` // Enterprise only VulnType string `json:"vuln_type"` - References References `json:"references"` + References references `json:"references"` Cvss *Cvss `json:"cvss"` // Enterprise only Verified bool `json:"verified"` FixedIn *string `json:"fixed_in"` @@ -52,8 +52,8 @@ type WpCveInfo struct { Closed *Closed `json:"closed"` } -// References is for wpscan json -type References struct { +// references is for wpscan json +type references struct { URL []string `json:"url"` Cve []string `json:"cve"` YouTube []string `json:"youtube,omitempty"` @@ -187,7 +187,7 @@ func convertToVinfos(pkgName, body string) (vinfos []models.VulnInfo, err error) return } // "pkgName" : CVE Detailed data - pkgnameCves := map[string]WpCveInfos{} + pkgnameCves := map[string]wpCveInfos{} if err = json.Unmarshal([]byte(body), &pkgnameCves); err != nil { return nil, xerrors.Errorf("Failed to unmarshal %s. err: %w", body, err) } @@ -199,7 +199,7 @@ func convertToVinfos(pkgName, body string) (vinfos []models.VulnInfo, err error) return vinfos, nil } -func extractToVulnInfos(pkgName string, cves []WpCveInfo) (vinfos []models.VulnInfo) { +func extractToVulnInfos(pkgName string, cves []wpCveInfo) (vinfos []models.VulnInfo) { for _, vulnerability := range cves { var cveIDs []string From 920f2b4a3b1e1677164101e3c1b53e90c3a68bd4 Mon Sep 17 00:00:00 2001 From: future-ryunosuketanai Date: Thu, 21 Mar 2024 21:27:15 +0900 Subject: [PATCH 7/9] unexport some wpscan struct and fix poc, exploit assign --- detector/wordpress.go | 30 +++++++++++++++++------------- detector/wordpress_test.go | 4 ++-- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/detector/wordpress.go b/detector/wordpress.go index 29e9cd2f85..764f9e9d31 100644 --- a/detector/wordpress.go +++ b/detector/wordpress.go @@ -19,6 +19,7 @@ import ( "github.com/future-architect/vuls/models" "github.com/future-architect/vuls/util" version "github.com/hashicorp/go-version" + exploitmodels "github.com/vulsio/go-exploitdb/models" "golang.org/x/xerrors" ) @@ -45,11 +46,11 @@ type wpCveInfo struct { Poc *string `json:"poc"` // Enterprise only VulnType string `json:"vuln_type"` References references `json:"references"` - Cvss *Cvss `json:"cvss"` // Enterprise only + Cvss *cvss `json:"cvss"` // Enterprise only Verified bool `json:"verified"` FixedIn *string `json:"fixed_in"` IntroducedIn *string `json:"introduced_in"` - Closed *Closed `json:"closed"` + Closed *closed `json:"closed"` } // references is for wpscan json @@ -60,14 +61,15 @@ type references struct { ExploitDB []string `json:"exploitdb,omitempty"` } -// CVSS is for wpscan json -type Cvss struct { +// cvss is for wpscan json +type cvss struct { Score string `json:"score"` Vector string `json:"vector"` Severity string `json:"severity"` } -type Closed struct { +// closed is for wpscan json +type closed struct { ClosedReason string `json:"closed_reason"` } @@ -202,7 +204,6 @@ func convertToVinfos(pkgName, body string) (vinfos []models.VulnInfo, err error) func extractToVulnInfos(pkgName string, cves []wpCveInfo) (vinfos []models.VulnInfo) { for _, vulnerability := range cves { var cveIDs []string - if len(vulnerability.References.Cve) == 0 { cveIDs = append(cveIDs, fmt.Sprintf("WPVDBID-%s", vulnerability.ID)) } @@ -211,11 +212,6 @@ func extractToVulnInfos(pkgName string, cves []wpCveInfo) (vinfos []models.VulnI } var refs []models.Reference - if vulnerability.Poc != nil { - refs = append(refs, models.Reference{ - Source: *vulnerability.Poc, - }) - } for _, url := range vulnerability.References.URL { refs = append(refs, models.Reference{ Link: url, @@ -226,9 +222,13 @@ func extractToVulnInfos(pkgName string, cves []wpCveInfo) (vinfos []models.VulnI Link: fmt.Sprintf("https://www.youtube.com/watch?v=%s", id), }) } + + var exploits []models.Exploit for _, id := range vulnerability.References.ExploitDB { - refs = append(refs, models.Reference{ - Link: fmt.Sprintf("https://www.exploit-db.com/exploits/%s", id), + exploits = append(exploits, models.Exploit{ + ExploitType: exploitmodels.OffensiveSecurityType, + ID: id, + URL: fmt.Sprintf("https://www.exploit-db.com/exploits/%s", id), }) } @@ -247,6 +247,9 @@ func extractToVulnInfos(pkgName string, cves []wpCveInfo) (vinfos []models.VulnI } optional := map[string]string{} + if vulnerability.Poc != nil { + optional["poc"] = *vulnerability.Poc + } if vulnerability.IntroducedIn != nil { optional["introduced_in"] = *vulnerability.IntroducedIn } @@ -272,6 +275,7 @@ func extractToVulnInfos(pkgName string, cves []wpCveInfo) (vinfos []models.VulnI Optional: optional, }, ), + Exploits: exploits, VulnType: vulnerability.VulnType, Confidences: []models.Confidence{ models.WpScanMatch, diff --git a/detector/wordpress_test.go b/detector/wordpress_test.go index f7f762ec57..6b47d7dec3 100644 --- a/detector/wordpress_test.go +++ b/detector/wordpress_test.go @@ -114,7 +114,7 @@ func Test_convertToVinfos(t *testing.T) { "updated_at": "2020-09-22T07:24:12.000Z", "published_date": "2018-02-05T00:00:00.000Z", "description": "An application Denial of Service (DoS) was found to affect WordPress versions 4.9.4 and below. We are not aware of a patch for this issue.", - "poc": "poc source url", + "poc": "poc url or description", "vuln_type": "DOS", "references": { "url": [ @@ -150,13 +150,13 @@ func Test_convertToVinfos(t *testing.T) { Cvss3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", Cvss3Severity: "high", References: []models.Reference{ - {Source: "poc source url"}, {Link: "https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html"}, }, Published: time.Date(2018, 2, 5, 16, 50, 40, 0, time.UTC), LastModified: time.Date(2020, 9, 22, 7, 24, 12, 0, time.UTC), Optional: map[string]string{ "introduced_in": "1.0", + "poc": "poc url or description", }, }, ), From a2e699bf87a83b72a2ec821c271b6b691fa12f12 Mon Sep 17 00:00:00 2001 From: future-ryunosuketanai Date: Fri, 22 Mar 2024 03:43:08 +0900 Subject: [PATCH 8/9] change OffensiveSecurityType to wpscan --- detector/wordpress.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/detector/wordpress.go b/detector/wordpress.go index 764f9e9d31..1605fd9686 100644 --- a/detector/wordpress.go +++ b/detector/wordpress.go @@ -19,7 +19,6 @@ import ( "github.com/future-architect/vuls/models" "github.com/future-architect/vuls/util" version "github.com/hashicorp/go-version" - exploitmodels "github.com/vulsio/go-exploitdb/models" "golang.org/x/xerrors" ) @@ -226,7 +225,7 @@ func extractToVulnInfos(pkgName string, cves []wpCveInfo) (vinfos []models.VulnI var exploits []models.Exploit for _, id := range vulnerability.References.ExploitDB { exploits = append(exploits, models.Exploit{ - ExploitType: exploitmodels.OffensiveSecurityType, + ExploitType: "wpscan", ID: id, URL: fmt.Sprintf("https://www.exploit-db.com/exploits/%s", id), }) From 5ba5fa4600f08dff6265789d0fce6fa8f4e40bc1 Mon Sep 17 00:00:00 2001 From: future-ryunosuketanai <56010048+future-ryunosuketanai@users.noreply.github.com> Date: Fri, 22 Mar 2024 08:20:54 +0900 Subject: [PATCH 9/9] Update detector/wordpress.go Co-authored-by: MaineK00n --- detector/wordpress.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/detector/wordpress.go b/detector/wordpress.go index 1605fd9686..b08aea8a9d 100644 --- a/detector/wordpress.go +++ b/detector/wordpress.go @@ -226,7 +226,7 @@ func extractToVulnInfos(pkgName string, cves []wpCveInfo) (vinfos []models.VulnI for _, id := range vulnerability.References.ExploitDB { exploits = append(exploits, models.Exploit{ ExploitType: "wpscan", - ID: id, + ID: fmt.Sprintf("Exploit-DB: %s", id), URL: fmt.Sprintf("https://www.exploit-db.com/exploits/%s", id), }) }