From 40c2e9a54bb8e79231c614fbe04905b16f373ca2 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Thu, 10 Oct 2019 22:33:19 +0100
Subject: [PATCH] Fixes non detection of plugins/themes from homepage in some
 cases

---
 app/finders/wp_items/urls_in_homepage.rb                  | 8 +++++---
 spec/app/finders/plugins/urls_in_homepage_spec.rb         | 6 ++++--
 spec/app/finders/themes/urls_in_homepage_spec.rb          | 2 ++
 spec/fixtures/finders/plugins/urls_in_homepage/found.html | 8 +++++++-
 spec/fixtures/finders/themes/urls_in_homepage/found.html  | 2 +-
 5 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/app/finders/wp_items/urls_in_homepage.rb b/app/finders/wp_items/urls_in_homepage.rb
index 10cb231e..d17ffa44 100644
--- a/app/finders/wp_items/urls_in_homepage.rb
+++ b/app/finders/wp_items/urls_in_homepage.rb
@@ -15,7 +15,9 @@ module WPScan
           target.in_scope_uris(target.homepage_res) do |uri|
             next unless uri.to_s =~ item_attribute_pattern(type)
 
-            found << Regexp.last_match[1]
+            slug = Regexp.last_match[1]&.strip
+
+            found << slug unless slug&.empty?
           end
 
           uniq ? found.uniq.sort : found.sort
@@ -42,7 +44,7 @@ module WPScan
         #
         # @return [ Regexp ]
         def item_attribute_pattern(type)
-          @item_attribute_pattern ||= %r{\A#{item_url_pattern(type)}([^/]+)/}i
+          @item_attribute_pattern ||= %r{#{item_url_pattern(type)}([^/]+)/}i
         end
 
         # @param [ String ] type
@@ -59,7 +61,7 @@ module WPScan
           item_dir = type == 'plugins' ? target.plugins_dir : target.content_dir
           item_url = type == 'plugins' ? target.plugins_url : target.content_url
 
-          url = /#{item_url.gsub(/\A(?:http|https)/i, 'https?').gsub('/', '\\\\\?\/')}/i
+          url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i
           item_dir = %r{(?:#{url}|\\?\/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i
 
           type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?\/}i
diff --git a/spec/app/finders/plugins/urls_in_homepage_spec.rb b/spec/app/finders/plugins/urls_in_homepage_spec.rb
index 1d25f3bd..225eb12f 100644
--- a/spec/app/finders/plugins/urls_in_homepage_spec.rb
+++ b/spec/app/finders/plugins/urls_in_homepage_spec.rb
@@ -3,14 +3,16 @@
 describe WPScan::Finders::Plugins::UrlsInHomepage do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
-  let(:url)        { 'http://wp.lab/' }
+  let(:url)        { 'https://wp.lab/' }
   let(:fixtures)   { FINDERS_FIXTURES.join('plugins', 'urls_in_homepage') }
 
+  before { target.scope << 'sub.lab' }
+
   it_behaves_like 'App::Finders::WpItems::URLsInHomepage' do
     let(:type)                { 'plugins' }
     let(:uniq_links)          { true }
     let(:uniq_codes)          { true }
-    let(:expected_from_links) { (1..4).map { |i| "dl-#{i}" } }
+    let(:expected_from_links) { (1..5).map { |i| "dl-#{i}" } }
     let(:expected_from_codes) { (1..6).map { |i| "dc-#{i}" } }
   end
 
diff --git a/spec/app/finders/themes/urls_in_homepage_spec.rb b/spec/app/finders/themes/urls_in_homepage_spec.rb
index bc175f61..d6b152bb 100644
--- a/spec/app/finders/themes/urls_in_homepage_spec.rb
+++ b/spec/app/finders/themes/urls_in_homepage_spec.rb
@@ -6,6 +6,8 @@ describe WPScan::Finders::Themes::UrlsInHomepage do
   let(:url)        { 'http://wp.lab/' }
   let(:fixtures)   { FINDERS_FIXTURES.join('themes', 'urls_in_homepage') }
 
+  # before { target.scope << 'sub.lab' }
+
   it_behaves_like 'App::Finders::WpItems::URLsInHomepage' do
     let(:type)                { 'themes' }
     let(:uniq_links)          { true }
diff --git a/spec/fixtures/finders/plugins/urls_in_homepage/found.html b/spec/fixtures/finders/plugins/urls_in_homepage/found.html
index 2ea147b8..f290a047 100644
--- a/spec/fixtures/finders/plugins/urls_in_homepage/found.html
+++ b/spec/fixtures/finders/plugins/urls_in_homepage/found.html
@@ -8,7 +8,7 @@
   <script type='text/javascript' src='http://platform.twitter.com/widgets.js?ver=1.0.0'></script>
 
   <!-- plugins that should be detected -->
-  <link rel='stylesheet' href='http://wp.lab/wp-content/plugins/dl-1/cache/7f81.css?m=12' type='text/css' media='screen'/>
+  <link rel='stylesheet' href='https://wp.lab/wp-content/plugins/dl-1/cache/7f81.css?m=12' type='text/css' media='screen'/>
   <link rel="stylesheet" href="/wp-content/plugins/dl-2/css/frontend.css?ver=3.9.2"/>
 
   <script type='text/javascript' src='http://wp.lab/wp-content/plugins/dl-3/s2member-o.php?ws=1'></script>
@@ -17,6 +17,12 @@
   <!-- Duplicate, dl-4 should only be detected once -->
   <script type='text/javascript' src='/wp-content/plugins/dl-4/main2.js'></script>
 
+  <!-- in scope domain -->
+  <link rel="stylesheet" href="http://sub.lab/wp-content/plugins/dl-5/css/"/>
+
+  <!-- Should not be detected -->
+  <link rel="stylesheet" href="https://wp.lab/wp-content/plugins//css/"/>
+  <link rel="stylesheet" href="http://sub.lab/wp-content/plugins/ /aa/"/>
   <a href="http://wp.lab/wp-content/plugins/somefile.php">It should not be detected</a>
 
   <style type="text/css">
diff --git a/spec/fixtures/finders/themes/urls_in_homepage/found.html b/spec/fixtures/finders/themes/urls_in_homepage/found.html
index 36a5520e..350b6a2c 100644
--- a/spec/fixtures/finders/themes/urls_in_homepage/found.html
+++ b/spec/fixtures/finders/themes/urls_in_homepage/found.html
@@ -1,6 +1,6 @@
 <link rel='stylesheet' href='http://wp.lab/wp-content/themes/dl-1/style.css?ver=4.1.1' type='text/css' media='all'>
 
-<img src="http://wp.lab/wp-content/themes/image.png" alt="Should not be detected" />
+<img src="https://wp.lab/wp-content/themes/image.png" alt="Should not be detected" />
 
 <style type="text/css">
   #fancybox-loading.fancybox-ie div {