Uses head_and_get to check for Readme and Changelog locations

2019-03-24 22:01:19 +00:00
parent f1d15ca7f2
commit 15fd3b969f
2 changed files with 17 additions and 12 deletions
--- a/app/models/wp_item.rb
+++ b/app/models/wp_item.rb
@@ -112,30 +112,34 @@ module WPScan
        @classify ||= classify_slug(slug)
      end

-      # @return [ String ] The readme url if found
+      # @return [ String, False ] The readme url if found, false otherwise
      def readme_url
        return if detection_opts[:mode] == :passive

-        if @readme_url.nil?
+        return @readme_url unless @readme_url.nil?
+
        READMES.each do |path|
-            return @readme_url = url(path) if Browser.get(url(path)).code == 200
+          if Browser.instance.forge_request(url(path), blog.head_or_get_params).run.code == 200
+            return @readme_url = url(path)
          end
        end

-        @readme_url
+        @readme_url = false
      end

-      # @return [ String, false ] The changelog url if found
+      # @return [ String, false ] The changelog url if found, false otherwise
      def changelog_url
        return if detection_opts[:mode] == :passive

-        if @changelog_url.nil?
+        return @changelog_url unless @changelog_url.nil?
+
        CHANGELOGS.each do |path|
-            return @changelog_url = url(path) if Browser.get(url(path)).code == 200
+          if Browser.instance.forge_request(url(path), blog.head_or_get_params).run.code == 200
+            return @changelog_url = url(path)
          end
        end

-        @changelog_url
+        @changelog_url = false
      end

      # @param [ String ] path
--- a/spec/shared_examples/views/main_theme.rb
+++ b/spec/shared_examples/views/main_theme.rb
@@ -22,8 +22,9 @@ shared_examples 'App::Views::MainTheme' do
      before do
        expect(target).to receive(:content_dir).at_least(1).and_return('wp-content')

-        # Stub the checks for error/debug logs and readmes to 404
-        stub_request(:head, /.*/).and_return(status: 404)
+        # Stub all requests to 200, to detect a readme and changelog.
+        # Detection of the error_log will fail as the empty body won't match the patterns
+        stub_request(:head, /.*/)
        stub_request(:get, /.*/)

        stub_request(:get, /.*\.css\z/)