Handle a string response from a WP REST API endpoint

2023-11-30 16:47:21 -04:00
parent 96b6b81d78
commit 804bdfc146
2 changed files with 16 additions and 6 deletions
--- a/app/finders/users/wp_json_api.rb
+++ b/app/finders/users/wp_json_api.rb
@@ -42,12 +42,16 @@ module WPScan
        def users_from_response(response)
          found = []

-          JSON.parse(response.body)&.each do |user|
-            found << Model::User.new(user['slug'],
-                                     id: user['id'],
-                                     found_by: found_by,
-                                     confidence: 100,
-                                     interesting_entries: [response.effective_url])
+          json = JSON.parse(response.body)
+
+          if json.is_a? Enumerable
+            json.each do |user|
+              found << Model::User.new(user['slug'],
+                                      id: user['id'],
+                                      found_by: found_by,
+                                      confidence: 100,
+                                      interesting_entries: [response.effective_url])
+            end
          end

          found
--- a/spec/app/finders/users/wp_json_api_spec.rb
+++ b/spec/app/finders/users/wp_json_api_spec.rb
@@ -25,6 +25,12 @@ describe WPScan::Finders::Users::WpJsonApi do
        its(:aggressive) { should eql([]) }
      end

+      context 'when a string response' do
+        let(:body) { '404' }
+
+        its(:aggressive) { should eql([]) }
+      end
+
      context 'when a JSON response' do
        context 'when unauthorised' do
          let(:body) { File.read(fixtures.join('401.json')) }