RubygemsResearch

Sha256: 58dda0e9b41db93631a2cea643dc8f12fc0d2114aee5f48b66e7195b41ac8fb4

Contents?: true

Size: 1.93 KB

Versions: 1

Compression:

Stored size: 1.93 KB

module Pluginscan
  # Responsible for calling the WPVulnDB API
  module WPVulnDB
    class APIError < StandardError; end
    class AccessDeniedError < APIError; end
    class UnexpectedJSONError < APIError; end

    class API
      def initialize
        @api = AdvisoriesAPI.new(api_name: 'wpvulndb', timeout: 10)
      end

      def get_plugin_advisories(plugin_slug)
        @api.get(uri(plugin_slug))
      end

      private

      def uri(plugin_slug)
        "#{base_uri}/plugins/#{plugin_slug}"
      end

      def base_uri
        'https://wpvulndb.com/api/v2'
      end
    end

    class APIResponseHandler
      def call(response, plugin_slug)
        case response.code
        when 200
          DataMapper.new.call(response.parsed_response, plugin_slug)
        when 404
          []
        when 403
          raise(AccessDeniedError, "We got blocked by wpvulndb for suspicious activity :( Contact team@wpvulndb.com")
        else
          raise(APIError, "Something went wrong when calling wpvulndb - got a #{response.code} code: '#{response.body[0..50]}'")
        end
      end
    end

    class DataMapper
      def call(response_data, plugin_slug)
        plugin_data = response_data.fetch(plugin_slug) do
          raise(UnexpectedJSONError, "Couldn't find data for '#{plugin_slug}' in api response")
        end

        vulns = plugin_data.fetch('vulnerabilities') do
          raise(UnexpectedJSONError, "Couldn't find a list of vulnerabilities")
        end

        vulns.map{ |v| Advisory.new(v) }
      end
    end

    class Advisory
      attr_reader :title
      attr_reader :fixed_in

      def initialize(data)
        @id = data.fetch('id')
        @title = data.fetch('title')
        @created_at = data.fetch('created_at')
        @fixed_in = data.fetch('fixed_in')
      end

      def date
        Date.parse(@created_at)
      end

      def url
        "https://wpvulndb.com/vulnerabilities/#{@id}"
      end
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
pluginscan-0.9.0	lib/pluginscan/reports/vulnerability_report/wp_vuln_db_api.rb