From 2534098509025989abe9b69bebb6fba6e9c5488b Mon Sep 17 00:00:00 2001
From: Shigechika AIKAWA <shige@aikawa.jp>
Date: Fri, 11 Dec 2020 05:53:41 +0900
Subject: [PATCH] fix(report): wpvulndb poor versioning(#1088) (#1089)

---
 models/vulninfos.go    |  2 +-
 report/util.go         |  4 ++--
 wordpress/wordpress.go | 14 ++++++++------
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/models/vulninfos.go b/models/vulninfos.go
index 1d92f334..5431c0e6 100644
--- a/models/vulninfos.go
+++ b/models/vulninfos.go
@@ -694,7 +694,7 @@ func (v VulnInfo) Cvss3CalcURL() string {
 func (v VulnInfo) VendorLinks(family string) map[string]string {
 	links := map[string]string{}
 	if strings.HasPrefix(v.CveID, "WPVDBID") {
-		links["WPVulnDB"] = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s",
+		links["WPVulnDB"] = fmt.Sprintf("https://wpscan.com/vulnerabilities/%s",
 			strings.TrimPrefix(v.CveID, "WPVDBID-"))
 		return links
 	}
diff --git a/report/util.go b/report/util.go
index 07bc8ffe..513bd5a9 100644
--- a/report/util.go
+++ b/report/util.go
@@ -140,7 +140,7 @@ No CVE-IDs are found in updatable packages.
 		if strings.HasPrefix(vinfo.CveID, "CVE-") {
 			link = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vinfo.CveID)
 		} else if strings.HasPrefix(vinfo.CveID, "WPVDBID-") {
-			link = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s", strings.TrimPrefix(vinfo.CveID, "WPVDBID-"))
+			link = fmt.Sprintf("https://wpscan.com/vulnerabilities/%s", strings.TrimPrefix(vinfo.CveID, "WPVDBID-"))
 		}
 
 		data = append(data, []string{
@@ -401,7 +401,7 @@ func formatCsvList(r models.ScanResult, path string) error {
 		if strings.HasPrefix(vinfo.CveID, "CVE-") {
 			link = fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", vinfo.CveID)
 		} else if strings.HasPrefix(vinfo.CveID, "WPVDBID-") {
-			link = fmt.Sprintf("https://wpvulndb.com/vulnerabilities/%s", strings.TrimPrefix(vinfo.CveID, "WPVDBID-"))
+			link = fmt.Sprintf("https://wpscan.com/vulnerabilities/%s", strings.TrimPrefix(vinfo.CveID, "WPVDBID-"))
 		}
 
 		data = append(data, []string{
diff --git a/wordpress/wordpress.go b/wordpress/wordpress.go
index b15e0d5e..470edbf9 100644
--- a/wordpress/wordpress.go
+++ b/wordpress/wordpress.go
@@ -47,7 +47,7 @@ type References struct {
 }
 
 // FillWordPress access to wpvulndb and fetch scurity alerts and then set to the given ScanResult.
-// https://wpvulndb.com/
+// https://wpscan.com/
 func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]string) (int, error) {
 	// Core
 	ver := strings.Replace(r.WordPressPackages.CoreVersion(), ".", "", -1)
@@ -57,7 +57,7 @@ func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]
 
 	body, ok := searchCache(ver, wpVulnCaches)
 	if !ok {
-		url := fmt.Sprintf("https://wpvulndb.com/api/v3/wordpresses/%s", ver)
+		url := fmt.Sprintf("https://wpscan.com/api/v3/wordpresses/%s", ver)
 		var err error
 		body, err = httpRequest(url, token)
 		if err != nil {
@@ -87,7 +87,7 @@ func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]
 	for _, p := range themes {
 		body, ok := searchCache(p.Name, wpVulnCaches)
 		if !ok {
-			url := fmt.Sprintf("https://wpvulndb.com/api/v3/themes/%s", p.Name)
+			url := fmt.Sprintf("https://wpscan.com/api/v3/themes/%s", p.Name)
 			var err error
 			body, err = httpRequest(url, token)
 			if err != nil {
@@ -113,7 +113,8 @@ func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]
 				}
 				ok, err := match(pkg.Version, fixstat.FixedIn)
 				if err != nil {
-					return 0, xerrors.Errorf("Not a semantic versioning: %w", err)
+					util.Log.Infof("[poor] %s installed: %s, fixedIn: %s", pkg.Name, pkg.Version, fixstat.FixedIn)
+					continue
 				}
 				if ok {
 					wpVinfos = append(wpVinfos, v)
@@ -129,7 +130,7 @@ func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]
 	for _, p := range plugins {
 		body, ok := searchCache(p.Name, wpVulnCaches)
 		if !ok {
-			url := fmt.Sprintf("https://wpvulndb.com/api/v3/plugins/%s", p.Name)
+			url := fmt.Sprintf("https://wpscan.com/api/v3/plugins/%s", p.Name)
 			var err error
 			body, err = httpRequest(url, token)
 			if err != nil {
@@ -155,7 +156,8 @@ func FillWordPress(r *models.ScanResult, token string, wpVulnCaches *map[string]
 				}
 				ok, err := match(pkg.Version, fixstat.FixedIn)
 				if err != nil {
-					return 0, xerrors.Errorf("Not a semantic versioning: %w", err)
+					util.Log.Infof("[poor] %s installed: %s, fixedIn: %s", pkg.Name, pkg.Version, fixstat.FixedIn)
+					continue
 				}
 				if ok {
 					wpVinfos = append(wpVinfos, v)