diff --git a/lib/wpscan/typhoeus/response.rb b/lib/wpscan/typhoeus/response.rb index 893f48f0..2fe5e741 100644 --- a/lib/wpscan/typhoeus/response.rb +++ b/lib/wpscan/typhoeus/response.rb @@ -7,7 +7,8 @@ module Typhoeus # # @return [ Boolean ] def from_vuln_api? - effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) && !effective_url.include?('v3/status') + effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) && + !effective_url.start_with?(WPScan::DB::VulnApi.uri.join('status').to_s) end end end diff --git a/spec/lib/typhoeus/response_spec.rb b/spec/lib/typhoeus/response_spec.rb index f4fb7086..bde38caa 100644 --- a/spec/lib/typhoeus/response_spec.rb +++ b/spec/lib/typhoeus/response_spec.rb @@ -1,15 +1,13 @@ # frozen_string_literal: true describe Typhoeus::Response do - subject(:response) { described_class.new(options) } - let(:options) { { return_code: 200 } } - describe '#from_vuln_api?' do - context 'when response from the Vuln API' do + context 'when a response from the Vuln API' do %w[ https://wpscan.com/api/v3/plugins/wpscan https://wpscan.com/api/v3/plugins/status-test https://wpscan.com/api/v3/themes/test + https://wpscan.com/api/v3/plugins/test/v3/status ].each do |response_url| it "returnse false for #{response_url}" do expect(described_class.new(return_code: 200, effective_url: response_url).from_vuln_api?).to be true @@ -17,15 +15,13 @@ describe Typhoeus::Response do end end - context 'when not a response from the Vuln API' do + context 'when not a response from the Vuln API (/status endpoint is ignored)' do %w[ https://wpscan.com/something http://wp.lab/ https://wp.lab/status https://wpscan.com/api/v3/status ].each do |response_url| - let(:options) { super().merge(effective_url: response_url) } - it "returns false for #{response_url}" do expect(described_class.new(return_code: 200, effective_url: response_url).from_vuln_api?).to be false end