garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #1406

Browse Source
This commit is contained in:
erwanlr
2019-10-07 07:03:06 +01:00
parent a53f88b626
commit a6855345d7
3 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/finders/users/oembed_api.rb
View File

@@ -34,6 +34,8 @@ module WPScan
def user_details_from_oembed_data(oembed_data) def user_details_from_oembed_data(oembed_data)
return unless oembed_data return unless oembed_data
oembed_data = oembed_data.first if oembed_data.is_a?(Array)
if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z} if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z}
details = [Regexp.last_match[1], 'Author URL', 90] details = [Regexp.last_match[1], 'Author URL', 90]
elsif oembed_data['author_name'] && !oembed_data['author_name'].empty? elsif oembed_data['author_name'] && !oembed_data['author_name'].empty?

14
spec/app/finders/users/oembed_api_spec.rb
View File

@@ -19,15 +19,17 @@ describe WPScan::Finders::Users::OembedApi do
end end
context 'when a JSON response' do context 'when a JSON response' do
let(:body) { File.read(fixture) }
context 'when 404' do context 'when 404' do
let(:body) { File.read(fixtures.join('404.json')) } let(:fixture) { fixtures.join('404.json') }
its(:aggressive) { should eql([]) } its(:aggressive) { should eql([]) }
end end
context 'when 200' do context 'when 200' do
context 'when author_url present' do context 'when author_url present' do
let(:body) { File.read(fixtures.join('200_author_url.json')) } let(:fixture) { fixtures.join('200_author_url.json') }
it 'returns the expected array of users' do it 'returns the expected array of users' do
users = finder.aggressive users = finder.aggressive
@@ -44,7 +46,7 @@ describe WPScan::Finders::Users::OembedApi do
end end
context 'when author_url not present but author_name' do context 'when author_url not present but author_name' do
let(:body) { File.read(fixtures.join('200_author_name.json')) } let(:fixture) { fixtures.join('200_author_name.json') }
it 'returns the expected array of users' do it 'returns the expected array of users' do
users = finder.aggressive users = finder.aggressive
@@ -59,6 +61,12 @@ describe WPScan::Finders::Users::OembedApi do
expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json'] expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json']
end end
end end
context 'when body is an array' do
let(:fixture) { fixtures.join('array.json') }
its(:aggressive) { should eql([]) }
end
end end
end end
end end

6
spec/fixtures/finders/users/oembed_api/array.json vendored Normal file
View File

@@ -0,0 +1,6 @@
[
{
"code":"json_no_route",
"message":"No route was found matching the URL and request method"
}
]