Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
wpscanteam
GitHub Repository: wpscanteam/wpscan
 Path: blob/master/app/finders/wp_items/urls_in_page.rb
485 views
1
# frozen_string_literal: true

2


3
module WPScan

4
  module Finders

5
    module WpItems

6
      # URLs In Homepage Module to use in plugins & themes finders

7
      module UrlsInPage

8
        # @param [ String ] type plugins / themes

9
        # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results

10
        #

11
        # @return [ Array<String> ] The plugins/themes detected in the href, src attributes of the page

12
        def items_from_links(type, uniq: true)

13
          found = []

14
          xpath = format(

15
            '(//@href|//@src|//@data-src)[contains(., "%s")]',

16
            type == 'plugins' ? target.plugins_dir : target.content_dir

17
          )

18


19
          target.in_scope_uris(page_res, xpath) do |uri|

20
            next unless uri.to_s =~ item_attribute_pattern(type)

21


22
            slug = Regexp.last_match[1]&.strip

23


24
            found << slug unless slug&.empty?

25
          end

26


27
          uniq ? found.uniq.sort : found.sort

28
        end

29


30
        # @param [ String ] type plugins / themes

31
        # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results

32
        #

33
        # @return [Array<String> ] The plugins/themes detected in the javascript/style of the homepage

34
        def items_from_codes(type, uniq: true)

35
          found = []

36


37
          page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|

38
            code = tag.text.to_s

39
            next if code.empty?

40


41
            code.scan(item_code_pattern(type)).flatten.uniq.each { |slug| found << slug }

42
          end

43


44
          uniq ? found.uniq.sort : found.sort

45
        end

46


47
        # @param [ String ] type

48
        #

49
        # @return [ Regexp ]

50
        def item_attribute_pattern(type)

51
          @item_attribute_pattern ||= %r{#{item_url_pattern(type)}([^/]+)/}i

52
        end

53


54
        # @param [ String ] type

55
        #

56
        # @return [ Regexp ]

57
        def item_code_pattern(type)

58
          @item_code_pattern ||= %r{["'( ]#{item_url_pattern(type)}([^\\/)"']+)}i

59
        end

60


61
        # @param [ String ] type

62
        #

63
        # @return [ Regexp ]

64
        def item_url_pattern(type)

65
          item_dir = type == 'plugins' ? target.plugins_dir : target.content_dir

66
          item_url = type == 'plugins' ? target.plugins_url : target.content_url

67


68
          url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i

69
          item_dir = %r{(?:#{url}|\\?/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i

70


71
          type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?/}i

72
        end

73
      end

74
    end

75
  end

76
end

77


78