From c7d49556f1ad3d2e5c97ed01dbad71be0712c28d Mon Sep 17 00:00:00 2001
From: Alex Sanford <alex.sanford1@gmail.com>
Date: Thu, 30 Nov 2023 16:58:26 -0400
Subject: [PATCH] Add fix for oembed API

---
 app/finders/users/oembed_api.rb            |  2 ++
 app/finders/users/wp_json_api.rb           |  2 +-
 spec/app/finders/users/oembed_api_spec.rb  | 12 ++++++++++--
 spec/app/finders/users/wp_json_api_spec.rb | 14 ++++++++------
 4 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/app/finders/users/oembed_api.rb b/app/finders/users/oembed_api.rb
index f97813a6..d34c9697 100644
--- a/app/finders/users/oembed_api.rb
+++ b/app/finders/users/oembed_api.rb
@@ -36,6 +36,8 @@ module WPScan
 
           oembed_data = oembed_data.first if oembed_data.is_a?(Array)
 
+          oembed_data = {} unless oembed_data.is_a?(Hash)
+
           if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z}
             details = [Regexp.last_match[1], 'Author URL', 90]
           elsif oembed_data['author_name'] && !oembed_data['author_name'].empty?
diff --git a/app/finders/users/wp_json_api.rb b/app/finders/users/wp_json_api.rb
index 25c1a9f3..332ee41c 100644
--- a/app/finders/users/wp_json_api.rb
+++ b/app/finders/users/wp_json_api.rb
@@ -44,7 +44,7 @@ module WPScan
 
           json = JSON.parse(response.body)
 
-          if json.is_a? Enumerable
+          if json.is_a?(Enumerable)
             json.each do |user|
               found << Model::User.new(user['slug'],
                                       id: user['id'],
diff --git a/spec/app/finders/users/oembed_api_spec.rb b/spec/app/finders/users/oembed_api_spec.rb
index 01d05357..c4a2dea5 100644
--- a/spec/app/finders/users/oembed_api_spec.rb
+++ b/spec/app/finders/users/oembed_api_spec.rb
@@ -13,9 +13,17 @@ describe WPScan::Finders::Users::OembedApi do
     end
 
     context 'when not a JSON response' do
-      let(:body) { '' }
+      context 'when empty' do
+        let(:body) { '' }
 
-      its(:aggressive) { should eql([]) }
+        its(:aggressive) { should eql([]) }
+      end
+
+      context 'when a string' do
+        let(:body) { '404' }
+
+        its(:aggressive) { should eql([]) }
+      end
     end
 
     context 'when a JSON response' do
diff --git a/spec/app/finders/users/wp_json_api_spec.rb b/spec/app/finders/users/wp_json_api_spec.rb
index 64453dfb..7f38a818 100644
--- a/spec/app/finders/users/wp_json_api_spec.rb
+++ b/spec/app/finders/users/wp_json_api_spec.rb
@@ -20,15 +20,17 @@ describe WPScan::Finders::Users::WpJsonApi do
       end
 
       context 'when not a JSON response' do
-        let(:body) { '' }
+        context 'when empty' do
+          let(:body) { '' }
 
-        its(:aggressive) { should eql([]) }
-      end
+          its(:aggressive) { should eql([]) }
+        end
 
-      context 'when a string response' do
-        let(:body) { '404' }
+        context 'when a string' do
+          let(:body) { '404' }
 
-        its(:aggressive) { should eql([]) }
+          its(:aggressive) { should eql([]) }
+        end
       end
 
       context 'when a JSON response' do