Module: WPScan::Finders::WpItems::UrlsInPage

Included in:

MainTheme::CssStyleInHomepage, MainTheme::UrlsInHomepage, Plugins::UrlsInHomepage, Themes::UrlsInHomepage

Defined in:

app/finders/wp_items/urls_in_page.rb

Overview

URLs In Homepage Module to use in plugins & themes finders

Instance Method Summary

• #item_attribute_pattern(type) ⇒ Regexp
• #item_code_pattern(type) ⇒ Regexp
• #item_url_pattern(type) ⇒ Regexp
• #items_from_codes(type, uniq: true) ⇒ Array<String>

  The plugins/themes detected in the javascript/style of the homepage.

• #items_from_links(type, uniq: true) ⇒ Array<String>

  The plugins/themes detected in the href, src attributes of the page.

Instance Method Details

#item_attribute_pattern(type) ⇒ Regexp

Parameters:

• type (String)

Returns:

• (Regexp)

# File 'app/finders/wp_items/urls_in_page.rb', line 50

def item_attribute_pattern(type)
  @item_attribute_pattern ||= %r{#{item_url_pattern(type)}([^/]+)/}i
end

#item_code_pattern(type) ⇒ Regexp

Parameters:

• type (String)

Returns:

• (Regexp)

# File 'app/finders/wp_items/urls_in_page.rb', line 57

def item_code_pattern(type)
  @item_code_pattern ||= %r{["'( ]#{item_url_pattern(type)}([^\\/)"']+)}i
end

#item_url_pattern(type) ⇒ Regexp

Parameters:

• type (String)

Returns:

• (Regexp)

# File 'app/finders/wp_items/urls_in_page.rb', line 64

def item_url_pattern(type)
  item_dir = type == 'plugins' ? target.plugins_dir : target.content_dir
  item_url = type == 'plugins' ? target.plugins_url : target.content_url

  url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i
  item_dir = %r{(?:#{url}|\\?/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i

  type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?/}i
end

#items_from_codes(type, uniq: true) ⇒ Array<String>

Returns The plugins/themes detected in the javascript/style of the homepage.

Parameters:

• type (String) —

  plugins / themes

• uniq (Boolean) (defaults to: true) —

  Wether or not to apply the #uniq on the results

Returns:

• (Array<String>) —

  The plugins/themes detected in the javascript/style of the homepage

# File 'app/finders/wp_items/urls_in_page.rb', line 34

def items_from_codes(type, uniq: true)
  found = []

  page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|
    code = tag.text.to_s
    next if code.empty?

    code.scan(item_code_pattern(type)).flatten.uniq.each { |slug| found << slug }
  end

  uniq ? found.uniq.sort : found.sort
end

#items_from_links(type, uniq: true) ⇒ Array<String>

Returns The plugins/themes detected in the href, src attributes of the page.

Parameters:

• type (String) —

  plugins / themes

• uniq (Boolean) (defaults to: true) —

  Wether or not to apply the #uniq on the results

Returns:

• (Array<String>) —

  The plugins/themes detected in the href, src attributes of the page

# File 'app/finders/wp_items/urls_in_page.rb', line 12

def items_from_links(type, uniq: true)
  found = []
  xpath = format(
    '(//@href|//@src|//@data-src)[contains(., "%s")]',
    type == 'plugins' ? target.plugins_dir : target.content_dir
  )

  target.in_scope_uris(page_res, xpath) do |uri|
    next unless uri.to_s =~ item_attribute_pattern(type)

    slug = Regexp.last_match[1]&.strip

    found << slug unless slug&.empty?
  end

  uniq ? found.uniq.sort : found.sort
end