From 0e429700c6db961f83c77d29ab1a9ab0b45f2c4c Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Sat, 12 Oct 2019 11:48:14 +0100
Subject: [PATCH] Fixes #1412

---
 lib/wpscan/target/platform/wordpress/custom_directories.rb   | 2 +-
 .../platform/wordpress/custom_directories/simple_link.html   | 3 +++
 .../target/platform/wordpress/custom_directories.rb          | 5 ++++-
 3 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 spec/fixtures/target/platform/wordpress/custom_directories/simple_link.html

diff --git a/lib/wpscan/target/platform/wordpress/custom_directories.rb b/lib/wpscan/target/platform/wordpress/custom_directories.rb
index 83499180..1b21e557 100644
--- a/lib/wpscan/target/platform/wordpress/custom_directories.rb
+++ b/lib/wpscan/target/platform/wordpress/custom_directories.rb
@@ -19,7 +19,7 @@ module WPScan
             # scope_url_pattern is from CMSScanner::Target
             pattern = %r{#{scope_url_pattern}([\w\s\-/]+?)\\?/(?:themes|plugins|uploads|cache)\\?/}i
 
-            in_scope_uris(homepage_res) do |uri|
+            in_scope_uris(homepage_res, '//link/@href|//script/@src|//img/@src') do |uri|
               return @content_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
             end
 
diff --git a/spec/fixtures/target/platform/wordpress/custom_directories/simple_link.html b/spec/fixtures/target/platform/wordpress/custom_directories/simple_link.html
new file mode 100644
index 00000000..082befc9
--- /dev/null
+++ b/spec/fixtures/target/platform/wordpress/custom_directories/simple_link.html
@@ -0,0 +1,3 @@
+<!-- Those one should not be detected -->
+<a href="https://ex.lo/wordpress/plugins/">PLUGINS WORDPRESS</a>
+<a href="https://ex.lo/wordpress/plugins/something/">PLUGINS WORDPRESS</a>
diff --git a/spec/shared_examples/target/platform/wordpress/custom_directories.rb b/spec/shared_examples/target/platform/wordpress/custom_directories.rb
index 2cda36dc..ce4d354c 100644
--- a/spec/shared_examples/target/platform/wordpress/custom_directories.rb
+++ b/spec/shared_examples/target/platform/wordpress/custom_directories.rb
@@ -9,11 +9,14 @@ shared_examples 'WordPress::CustomDirectories' do
       relative_one: 'wp-content', relative_two: 'wp-content', cache: 'wp-content',
       in_raw_js: 'wp-content', in_raw_js_escaped: 'wp-content', with_sub_dir: 'app',
       relative_two_sub_dir: 'cms/wp-content', in_meta_content: 'wp-content',
-      themes_path_plugin_folder: 'wp-content'
+      themes_path_plugin_folder: 'wp-content', simple_link: nil
     }.each do |file, expected|
       it "returns #{expected} for #{file}.html" do
         stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{file}.html")))
 
+        # For cases where the expected is nil
+        allow(target).to receive(:default_content_dir_exists?).and_return(false)
+
         expect(target.content_dir).to eql expected
       end
     end