module Pluginscan # Responsible for calling the WPVulnDB API module WPVulnDB class APIError < StandardError; end class AccessDeniedError < APIError; end class UnexpectedJSONError < APIError; end class API def initialize @api = AdvisoriesAPI.new(api_name: 'wpvulndb', timeout: 10) end def get_plugin_advisories(plugin_slug) @api.get(uri(plugin_slug)) end private def uri(plugin_slug) "#{base_uri}/plugins/#{plugin_slug}" end def base_uri 'https://wpvulndb.com/api/v2' end end class APIResponseHandler def call(response, plugin_slug) case response.code when 200 DataMapper.new.call(response.parsed_response, plugin_slug) when 404 [] when 403 raise(AccessDeniedError, "We got blocked by wpvulndb for suspicious activity :( Contact team@wpvulndb.com") else raise(APIError, "Something went wrong when calling wpvulndb - got a #{response.code} code: '#{response.body[0..50]}'") end end end class DataMapper def call(response_data, plugin_slug) plugin_data = response_data.fetch(plugin_slug) do raise(UnexpectedJSONError, "Couldn't find data for '#{plugin_slug}' in api response") end vulns = plugin_data.fetch('vulnerabilities') do raise(UnexpectedJSONError, "Couldn't find a list of vulnerabilities") end vulns.map{ |v| Advisory.new(v) } end end class Advisory attr_reader :title attr_reader :fixed_in def initialize(data) @id = data.fetch('id') @title = data.fetch('title') @created_at = data.fetch('created_at') @fixed_in = data.fetch('fixed_in') end def date Date.parse(@created_at) end def url "https://wpvulndb.com/vulnerabilities/#{@id}" end end end end