From a206675f3e0c4ccec32cdaed7c12d8146b05f503 Mon Sep 17 00:00:00 2001 From: Kota Kanbe Date: Tue, 29 Dec 2020 07:25:58 +0900 Subject: [PATCH] fix(wordpress): remove cache because not permitted. (#1107) --- report/report.go | 10 +++----- wordpress/wordpress.go | 22 ++++------------- wordpress/wordpress_test.go | 49 ------------------------------------- 3 files changed, 8 insertions(+), 73 deletions(-) diff --git a/report/report.go b/report/report.go index 20016af5..b4cc3883 100644 --- a/report/report.go +++ b/report/report.go @@ -35,10 +35,6 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode // Use the same reportedAt for all rs reportedAt := time.Now() - - // For reducing wpscan.com API calls - wpCache := map[string]string{} - for i, r := range rs { if !c.Conf.RefreshCve && !needToRefreshCve(r) { util.Log.Info("No need to refresh") @@ -97,7 +93,7 @@ func FillCveInfos(dbclient DBClient, rs []models.ScanResult, dir string) ([]mode } wpConf := c.Conf.Servers[r.ServerName].WordPress - if err := DetectWordPressCves(&r, &wpConf, wpCache); err != nil { + if err := DetectWordPressCves(&r, &wpConf); err != nil { return nil, xerrors.Errorf("Failed to detect WordPress Cves: %w", err) } @@ -232,11 +228,11 @@ func DetectGitHubCves(r *models.ScanResult, githubConfs map[string]config.GitHub } // DetectWordPressCves detects CVEs of WordPress -func DetectWordPressCves(r *models.ScanResult, wpCnf *config.WordPressConf, wpCache map[string]string) error { +func DetectWordPressCves(r *models.ScanResult, wpCnf *config.WordPressConf) error { if wpCnf.WPVulnDBToken == "" { return nil } - n, err := wordpress.FillWordPress(r, wpCnf.WPVulnDBToken, wpCache) + n, err := wordpress.FillWordPress(r, wpCnf.WPVulnDBToken) if err != nil { return xerrors.Errorf("Failed to detect CVE with wpscan.com: %w", err) } diff --git a/wordpress/wordpress.go b/wordpress/wordpress.go index aea08063..e139fb1d 100644 --- a/wordpress/wordpress.go +++ b/wordpress/wordpress.go @@ -48,14 +48,14 @@ type References struct { // FillWordPress access to wpvulndb and fetch scurity alerts and then set to the given ScanResult. // https://wpscan.com/ -func FillWordPress(r *models.ScanResult, token string, wpCache map[string]string) (int, error) { +func FillWordPress(r *models.ScanResult, token string) (int, error) { // Core ver := strings.Replace(r.WordPressPackages.CoreVersion(), ".", "", -1) if ver == "" { return 0, xerrors.New("Failed to get WordPress core version") } url := fmt.Sprintf("https://wpscan.com/api/v3/wordpresses/%s", ver) - wpVinfos, err := wpscan(url, ver, token, wpCache) + wpVinfos, err := wpscan(url, ver, token) if err != nil { return 0, err } @@ -67,7 +67,7 @@ func FillWordPress(r *models.ScanResult, token string, wpCache map[string]string } for _, p := range themes { url := fmt.Sprintf("https://wpscan.com/api/v3/themes/%s", p.Name) - candidates, err := wpscan(url, p.Name, token, wpCache) + candidates, err := wpscan(url, p.Name, token) if err != nil { return 0, err } @@ -82,7 +82,7 @@ func FillWordPress(r *models.ScanResult, token string, wpCache map[string]string } for _, p := range plugins { url := fmt.Sprintf("https://wpscan.com/api/v3/plugins/%s", p.Name) - candidates, err := wpscan(url, p.Name, token, wpCache) + candidates, err := wpscan(url, p.Name, token) if err != nil { return 0, err } @@ -104,10 +104,7 @@ func FillWordPress(r *models.ScanResult, token string, wpCache map[string]string return len(wpVinfos), nil } -func wpscan(url, name, token string, wpCache map[string]string) (vinfos []models.VulnInfo, err error) { - if body, ok := searchCache(name, wpCache); ok { - return convertToVinfos(name, body) - } +func wpscan(url, name, token string) (vinfos []models.VulnInfo, err error) { body, err := httpRequest(url, token) if err != nil { return nil, err @@ -115,7 +112,6 @@ func wpscan(url, name, token string, wpCache map[string]string) (vinfos []models if body == "" { util.Log.Debugf("wpscan.com response body is empty. URL: %s", url) } - wpCache[name] = body return convertToVinfos(name, body) } @@ -256,11 +252,3 @@ func removeInactives(pkgs models.WordPressPackages) (removed models.WordPressPac } return removed } - -func searchCache(name string, wpVulnCaches map[string]string) (string, bool) { - value, ok := wpVulnCaches[name] - if ok { - return value, true - } - return "", false -} diff --git a/wordpress/wordpress_test.go b/wordpress/wordpress_test.go index 537cc709..909a0f1e 100644 --- a/wordpress/wordpress_test.go +++ b/wordpress/wordpress_test.go @@ -79,52 +79,3 @@ func TestRemoveInactive(t *testing.T) { } } } - -func TestSearchCache(t *testing.T) { - - var tests = []struct { - name string - wpVulnCache map[string]string - value string - ok bool - }{ - { - name: "akismet", - wpVulnCache: map[string]string{ - "akismet": "body", - }, - value: "body", - ok: true, - }, - { - name: "akismet", - wpVulnCache: map[string]string{ - "BackWPup": "body", - "akismet": "body", - }, - value: "body", - ok: true, - }, - { - name: "akismet", - wpVulnCache: map[string]string{ - "BackWPup": "body", - }, - value: "", - ok: false, - }, - { - name: "akismet", - wpVulnCache: nil, - value: "", - ok: false, - }, - } - - for i, tt := range tests { - value, ok := searchCache(tt.name, tt.wpVulnCache) - if value != tt.value || ok != tt.ok { - t.Errorf("[%d] searchCache error ", i) - } - } -}