diff --git a/app/finders/wp_items/urls_in_homepage.rb b/app/finders/wp_items/urls_in_homepage.rb
index 10cb231e..d17ffa44 100644
--- a/app/finders/wp_items/urls_in_homepage.rb
+++ b/app/finders/wp_items/urls_in_homepage.rb
@@ -15,7 +15,9 @@ module WPScan
target.in_scope_uris(target.homepage_res) do |uri|
next unless uri.to_s =~ item_attribute_pattern(type)
- found << Regexp.last_match[1]
+ slug = Regexp.last_match[1]&.strip
+
+ found << slug unless slug&.empty?
end
uniq ? found.uniq.sort : found.sort
@@ -42,7 +44,7 @@ module WPScan
#
# @return [ Regexp ]
def item_attribute_pattern(type)
- @item_attribute_pattern ||= %r{\A#{item_url_pattern(type)}([^/]+)/}i
+ @item_attribute_pattern ||= %r{#{item_url_pattern(type)}([^/]+)/}i
end
# @param [ String ] type
@@ -59,7 +61,7 @@ module WPScan
item_dir = type == 'plugins' ? target.plugins_dir : target.content_dir
item_url = type == 'plugins' ? target.plugins_url : target.content_url
- url = /#{item_url.gsub(/\A(?:http|https)/i, 'https?').gsub('/', '\\\\\?\/')}/i
+ url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i
item_dir = %r{(?:#{url}|\\?\/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i
type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?\/}i
diff --git a/spec/app/finders/plugins/urls_in_homepage_spec.rb b/spec/app/finders/plugins/urls_in_homepage_spec.rb
index 1d25f3bd..225eb12f 100644
--- a/spec/app/finders/plugins/urls_in_homepage_spec.rb
+++ b/spec/app/finders/plugins/urls_in_homepage_spec.rb
@@ -3,14 +3,16 @@
describe WPScan::Finders::Plugins::UrlsInHomepage do
subject(:finder) { described_class.new(target) }
let(:target) { WPScan::Target.new(url) }
- let(:url) { 'http://wp.lab/' }
+ let(:url) { 'https://wp.lab/' }
let(:fixtures) { FINDERS_FIXTURES.join('plugins', 'urls_in_homepage') }
+ before { target.scope << 'sub.lab' }
+
it_behaves_like 'App::Finders::WpItems::URLsInHomepage' do
let(:type) { 'plugins' }
let(:uniq_links) { true }
let(:uniq_codes) { true }
- let(:expected_from_links) { (1..4).map { |i| "dl-#{i}" } }
+ let(:expected_from_links) { (1..5).map { |i| "dl-#{i}" } }
let(:expected_from_codes) { (1..6).map { |i| "dc-#{i}" } }
end
diff --git a/spec/app/finders/themes/urls_in_homepage_spec.rb b/spec/app/finders/themes/urls_in_homepage_spec.rb
index bc175f61..d6b152bb 100644
--- a/spec/app/finders/themes/urls_in_homepage_spec.rb
+++ b/spec/app/finders/themes/urls_in_homepage_spec.rb
@@ -6,6 +6,8 @@ describe WPScan::Finders::Themes::UrlsInHomepage do
let(:url) { 'http://wp.lab/' }
let(:fixtures) { FINDERS_FIXTURES.join('themes', 'urls_in_homepage') }
+ # before { target.scope << 'sub.lab' }
+
it_behaves_like 'App::Finders::WpItems::URLsInHomepage' do
let(:type) { 'themes' }
let(:uniq_links) { true }
diff --git a/spec/fixtures/finders/plugins/urls_in_homepage/found.html b/spec/fixtures/finders/plugins/urls_in_homepage/found.html
index 2ea147b8..f290a047 100644
--- a/spec/fixtures/finders/plugins/urls_in_homepage/found.html
+++ b/spec/fixtures/finders/plugins/urls_in_homepage/found.html
@@ -8,7 +8,7 @@
-
+
@@ -17,6 +17,12 @@
+
+
+
+
+
+
It should not be detected