Module: WPScan::Finders::WpItems::UrlsInPage
- Included in:
- MainTheme::CssStyleInHomepage, MainTheme::UrlsInHomepage, Plugins::UrlsInHomepage, Themes::UrlsInHomepage
- Defined in:
- app/finders/wp_items/urls_in_page.rb
Overview
URLs In Homepage Module to use in plugins & themes finders
Instance Method Summary collapse
- #item_attribute_pattern(type) ⇒ Regexp
- #item_code_pattern(type) ⇒ Regexp
- #item_url_pattern(type) ⇒ Regexp
-
#items_from_codes(type, uniq: true) ⇒ Array<String>
The plugins/themes detected in the javascript/style of the homepage.
-
#items_from_links(type, uniq: true) ⇒ Array<String>
The plugins/themes detected in the href, src attributes of the page.
Instance Method Details
#item_attribute_pattern(type) ⇒ Regexp
50 51 52 |
# File 'app/finders/wp_items/urls_in_page.rb', line 50 def item_attribute_pattern(type) @item_attribute_pattern ||= %r{#{item_url_pattern(type)}([^/]+)/}i end |
#item_code_pattern(type) ⇒ Regexp
57 58 59 |
# File 'app/finders/wp_items/urls_in_page.rb', line 57 def item_code_pattern(type) @item_code_pattern ||= %r{["'( ]#{item_url_pattern(type)}([^\\/)"']+)}i end |
#item_url_pattern(type) ⇒ Regexp
64 65 66 67 68 69 70 71 72 |
# File 'app/finders/wp_items/urls_in_page.rb', line 64 def item_url_pattern(type) item_dir = type == 'plugins' ? target.plugins_dir : target.content_dir item_url = type == 'plugins' ? target.plugins_url : target.content_url url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i item_dir = %r{(?:#{url}|\\?/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?/}i end |
#items_from_codes(type, uniq: true) ⇒ Array<String>
Returns The plugins/themes detected in the javascript/style of the homepage.
34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'app/finders/wp_items/urls_in_page.rb', line 34 def items_from_codes(type, uniq: true) found = [] page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag| code = tag.text.to_s next if code.empty? code.scan(item_code_pattern(type)).flatten.uniq.each { |slug| found << slug } end uniq ? found.uniq.sort : found.sort end |
#items_from_links(type, uniq: true) ⇒ Array<String>
Returns The plugins/themes detected in the href, src attributes of the page.
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# File 'app/finders/wp_items/urls_in_page.rb', line 12 def items_from_links(type, uniq: true) found = [] xpath = format( '(//@href|//@src|//@data-src)[contains(., "%s")]', type == 'plugins' ? target.plugins_dir : target.content_dir ) target.in_scope_uris(page_res, xpath) do |uri| next unless uri.to_s =~ item_attribute_pattern(type) slug = Regexp.last_match[1]&.strip found << slug unless slug&.empty? end uniq ? found.uniq.sort : found.sort end |