diff --git a/app/finders/users/oembed_api.rb b/app/finders/users/oembed_api.rb index 65f4ab77..0e3a7d0a 100644 --- a/app/finders/users/oembed_api.rb +++ b/app/finders/users/oembed_api.rb @@ -14,29 +14,35 @@ module WPScan # @param [ Hash ] opts # - # TODO: make this code pretty :x - # # @return [ Array ] def aggressive(_opts = {}) - found = [] - found_by_msg = 'Oembed API - %s (Aggressive Detection)' - oembed_data = JSON.parse(Browser.get(api_url).body) + details = user_details_from_oembed_data(oembed_data) + + return [] unless details + + [CMSScanner::User.new(details[0], + found_by: format(found_by_msg, details[1]), + confidence: details[2], + interesting_entries: [api_url])] + rescue JSON::ParserError + [] + end + + def user_details_from_oembed_data(oembed_data) + return unless oembed_data if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z} details = [Regexp.last_match[1], 'Author URL', 90] elsif oembed_data['author_name'] && !oembed_data['author_name'].empty? - details = [oembed_data['author_name'].delete(' '), 'Author Name', 70] + details = [oembed_data['author_name'], 'Author Name', 70] end - return unless details + details + end - found << CMSScanner::User.new(details[0], - found_by: format(found_by_msg, details[1]), - confidence: details[2], - interesting_entries: [api_url]) - rescue JSON::ParserError - found + def found_by_msg + 'Oembed API - %s (Aggressive Detection)' end # @return [ String ] The URL of the API listing the Users diff --git a/spec/app/finders/users/oembed_api_spec.rb b/spec/app/finders/users/oembed_api_spec.rb index f695fac6..978539d0 100644 --- a/spec/app/finders/users/oembed_api_spec.rb +++ b/spec/app/finders/users/oembed_api_spec.rb @@ -7,6 +7,59 @@ describe WPScan::Finders::Users::OembedApi do let(:fixtures) { File.join(FINDERS_FIXTURES, 'users', 'oembed_api') } describe '#aggressive' do - xit + before do + allow(target).to receive(:sub_dir).and_return(false) + stub_request(:get, finder.api_url).to_return(body: body) + end + + context 'when not a JSON response' do + let(:body) { '' } + + its(:aggressive) { should eql([]) } + end + + context 'when a JSON response' do + context 'when 404' do + let(:body) { File.read(File.join(fixtures, '404.json')) } + + its(:aggressive) { should eql([]) } + end + + context 'when 200' do + context 'when author_url present' do + let(:body) { File.read(File.join(fixtures, '200_author_url.json')) } + + it 'returns the expected array of users' do + users = finder.aggressive + + expect(users.size).to eql 1 + + user = users.first + + expect(user.username).to eql 'admin' + expect(user.confidence).to eql 90 + expect(user.found_by).to eql 'Oembed API - Author URL (Aggressive Detection)' + expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json'] + end + end + + context 'when author_url not present but author_name' do + let(:body) { File.read(File.join(fixtures, '200_author_name.json')) } + + it 'returns the expected array of users' do + users = finder.aggressive + + expect(users.size).to eql 1 + + user = users.first + + expect(user.username).to eql 'admin sa' + expect(user.confidence).to eql 70 + expect(user.found_by).to eql 'Oembed API - Author Name (Aggressive Detection)' + expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json'] + end + end + end + end end end diff --git a/spec/app/finders/users/wp_json_api_spec.rb b/spec/app/finders/users/wp_json_api_spec.rb index bd417900..72257095 100644 --- a/spec/app/finders/users/wp_json_api_spec.rb +++ b/spec/app/finders/users/wp_json_api_spec.rb @@ -8,7 +8,6 @@ describe WPScan::Finders::Users::WpJsonApi do describe '#aggressive' do before do - # allow(target).to receive(:content_dir).and_return('wp-content') allow(target).to receive(:sub_dir).and_return(false) stub_request(:get, finder.api_url).to_return(body: body) end diff --git a/spec/fixtures/finders/users/oembed_api/200_author_name.json b/spec/fixtures/finders/users/oembed_api/200_author_name.json new file mode 100644 index 00000000..892654c9 --- /dev/null +++ b/spec/fixtures/finders/users/oembed_api/200_author_name.json @@ -0,0 +1,11 @@ +{ + "type" : "rich", + "version" : "1.0", + "provider_url" : "https://wp.lab", + "provider_name" : "WP Lab", + "width" : 600, + "author_name" : "admin sa", + "height" : 338, + "html" : "aaa", + "title" : "HOME" +} diff --git a/spec/fixtures/finders/users/oembed_api/200_author_url.json b/spec/fixtures/finders/users/oembed_api/200_author_url.json new file mode 100644 index 00000000..3fedb4d7 --- /dev/null +++ b/spec/fixtures/finders/users/oembed_api/200_author_url.json @@ -0,0 +1,12 @@ +{ + "type" : "rich", + "version" : "1.0", + "provider_url" : "https://wp.lab", + "provider_name" : "WP Lab", + "author_url" : "https://wp.lab/author/admin/", + "width" : 600, + "author_name" : "admin", + "height" : 338, + "html" : "aaa", + "title" : "HOME" +} diff --git a/spec/fixtures/finders/users/oembed_api/404.json b/spec/fixtures/finders/users/oembed_api/404.json new file mode 100644 index 00000000..2d87289c --- /dev/null +++ b/spec/fixtures/finders/users/oembed_api/404.json @@ -0,0 +1 @@ +{"code":"oembed_invalid_url","message":"Not Found","data":{"status":404}} \ No newline at end of file