remove junk from real_names

lib/common_helper.rb

@@ -51,6 +51,31 @@ def add_trailing_slash(url)
   url
 end
 
+# Gets the string all elements in stringarray ends with
+def get_equal_string_end(stringarray = [""])
+  already_found = ""
+  looping = true
+  counter = -1
+  if stringarray.kind_of? Array and stringarray.length > 1
+    base = stringarray[0]
+    while looping
+      character = base[counter, 1]
+      stringarray.each do |s|
+        if s[counter, 1] != character
+          looping = false
+          break
+        end
+      end
+      if looping == false or (counter * -1 ) >= base.length
+        break
+      end
+      already_found = "#{character if character}#{already_found}"
+      counter -= 1
+    end
+  end
+  already_found
+end
+
 if RUBY_VERSION < "1.9"
   class Array
     # Fix for grep with symbols in ruby <= 1.8.7

lib/wpscan/modules/wp_usernames.rb

@@ -51,6 +51,7 @@ module WpUsernames
                        :real_name => real_name ? real_name : "empty"}
       end
     end
+    usernames = remove_junk_from_real_name(usernames)
 
     # clean the array, remove nils and possible duplicates
     usernames.flatten!
@@ -79,6 +80,21 @@ module WpUsernames
     body[%r{<title>([^<]*)</title>}i, 1]
   end
 
+  def remove_junk_from_real_name(usernames)
+    real_names = []
+    usernames.each do |u|
+      real_name = u[:real_name]
+      unless real_name == "empty"
+        real_names << real_name
+      end
+    end
+    junk = get_equal_string_end(real_names)
+    usernames.each do |u|
+      u[:real_name] = u[:real_name].sub(/#{junk}$/, "")
+    end
+    usernames
+  end
+
   def author_url(author_id)
     @uri.merge("?author=#{author_id}").to_s
   end

spec/lib/common_helper_spec.rb

@@ -0,0 +1,69 @@
+#--
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#++
+
+require File.expand_path(File.dirname(__FILE__) + '../../../lib/wpscan/wpscan_helper')
+
+describe "common_helper" do
+  describe "#get_equal_string" do
+    after :each do
+      output = get_equal_string_end(@input)
+      output.should == @expected
+    end
+
+    it "sould return an empty string" do
+      @input = [""]
+      @expected = ""
+    end
+
+    it "sould return an empty string" do
+      @input = []
+      @expected = ""
+    end
+
+    it "sould return asdf" do
+      @input = ["kjh asdf", "oijr asdf"]
+      @expected = " asdf"
+    end
+
+    it "sould return &laquo;  BlogName" do
+      @input = ["user1 &laquo;  BlogName",
+                "user2 &laquo;  BlogName",
+                "user3 &laquo;  BlogName",
+                "user4 &laquo;  BlogName"]
+      @expected = " &laquo;  BlogName"
+    end
+
+    it "sould return an empty string" do
+      @input = %w{user1 user2 user3 user4}
+      @expected = ""
+    end
+
+    it "sould return an empty string" do
+      @input = ["user1 &laquo;  BlogName",
+                "user2 &laquo;  BlogName",
+                "user3 &laquo;  BlogName",
+                "user4 &laquo;  BlogNamea"]
+      @expected = ""
+    end
+
+    it "sould return an empty string" do
+      @input = %w{ user1 }
+      @expected = ""
+    end
+  end
+end