app/finders/wp_items/urls_in_page.rb
# frozen_string_literal: true
module WPScan
module Finders
module WpItems
# URLs In Homepage Module to use in plugins & themes finders
module UrlsInPage
# @param [ String ] type plugins / themes
# @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
#
# @return [ Array<String> ] The plugins/themes detected in the href, src attributes of the page
def items_from_links(type, uniq: true)
found = []
xpath = format(
'(//@href|//@src|//@data-src)[contains(., "%s")]',
type == 'plugins' ? target.plugins_dir : target.content_dir
)
target.in_scope_uris(page_res, xpath) do |uri|
next unless uri.to_s =~ item_attribute_pattern(type)
slug = Regexp.last_match[1]&.strip
found << slug unless slug&.empty?
end
uniq ? found.uniq.sort : found.sort
end
# @param [ String ] type plugins / themes
# @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
#
# @return [Array<String> ] The plugins/themes detected in the javascript/style of the homepage
def items_from_codes(type, uniq: true)
found = []
page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|
code = tag.text.to_s
next if code.empty?
code.scan(item_code_pattern(type)).flatten.uniq.each { |slug| found << slug }
end
uniq ? found.uniq.sort : found.sort
end
# @param [ String ] type
#
# @return [ Regexp ]
def item_attribute_pattern(type)
@item_attribute_pattern ||= %r{#{item_url_pattern(type)}([^/]+)/}i
end
# @param [ String ] type
#
# @return [ Regexp ]
def item_code_pattern(type)
@item_code_pattern ||= %r{["'( ]#{item_url_pattern(type)}([^\\/)"']+)}i
end
# @param [ String ] type
#
# @return [ Regexp ]
def item_url_pattern(type)
item_dir = type == 'plugins' ? target.plugins_dir : target.content_dir
item_url = type == 'plugins' ? target.plugins_url : target.content_url
url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i
item_dir = %r{(?:#{url}|\\?/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i
type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?/}i
end
end
end
end
end