Code factoring

lib/browser.rb

@@ -166,13 +166,21 @@ class Browser
 
   def get(url, params = {})
     run_request(
-      forge_request(url, params.merge(:method => :get))
+      forge_request(url, params.merge(method: :get))
     )
   end
 
   def post(url, params = {})
     run_request(
-      forge_request(url, params.merge(:method => :post))
+      forge_request(url, params.merge(method: :post))
+    )
+  end
+
+  def get_and_follow_location(url, params = {})
+    params[:max_redirects] ||= 2
+
+    run_request(
+      forge_request(url, params.merge(method: :get, follow_location: true))
     )
   end
 

lib/wpscan/wp_target.rb

@@ -47,26 +47,17 @@ class WpTarget < WebSite
   def wordpress?
     wordpress = false
 
-    response = Browser.instance.get(
-      @uri.to_s,
-      { follow_location: true, max_redirects: 2 }
-    )
+    response = Browser.instance.get_and_follow_location(@uri.to_s)
 
     if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
       wordpress = true
     else
-      response = Browser.instance.get(
-        xml_rpc_url,
-        { follow_location: true, max_redirects: 2 }
-      )
+      response = Browser.instance.get_and_follow_location(xml_rpc_url)
 
       if response.body =~ %r{XML-RPC server accepts POST requests only}i
         wordpress = true
       else
-        response = Browser.instance.get(
-          login_url,
-          { follow_location: true, max_redirects: 2 }
-        )
+        response = Browser.instance.get_and_follow_location(login_url)
 
         if response.body =~ %r{WordPress}i
           wordpress = true

lib/wpscan/wp_version.rb

@@ -61,7 +61,7 @@ class WpVersion < Vulnerable
   # that it is reinstated on upgrade.
   def self.find_from_meta_generator(options)
     target_uri = options[:base_url]
-    response = Browser.instance.get(target_uri.to_s, { follow_location: true, max_redirects: 2 })
+    response = Browser.instance.get_and_follow_location(target_uri.to_s)
 
     response.body[%r{name="generator" content="wordpress #{WpVersion.version_pattern}"}i, 1]
   end
@@ -70,7 +70,7 @@ class WpVersion < Vulnerable
   # the generator tag in the RSS feed source.
   def self.find_from_rss_generator(options)
     target_uri = options[:base_url]
-    response = Browser.instance.get(target_uri.merge('feed/').to_s, { follow_location: true, max_redirects: 2 })
+    response = Browser.instance.get_and_follow_location(target_uri.merge('feed/').to_s)
 
     response.body[%r{<generator>http://wordpress.org/\?v=#{WpVersion.version_pattern}</generator>}i, 1]
   end
@@ -79,7 +79,7 @@ class WpVersion < Vulnerable
   # the generator tag in the RDF feed source.
   def self.find_from_rdf_generator(options)
     target_uri = options[:base_url]
-    response = Browser.instance.get(target_uri.merge('feed/rdf/').to_s, { follow_location: true, max_redirects: 2 })
+    response = Browser.instance.get_and_follow_location(target_uri.merge('feed/rdf/').to_s)
 
     response.body[%r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{WpVersion.version_pattern}" />}i, 1]
   end
@@ -90,7 +90,7 @@ class WpVersion < Vulnerable
   # Have not been able to find an example of this - Ryan
   #def self.find_from_rss2_generator(options)
   #  target_uri = options[:base_url]
-  #  response = Browser.instance.get(target_uri.merge('feed/rss/').to_s, {:follow_location => true, :max_redirects => 2})
+  #  response = Browser.instance.get_and_follow_location(target_uri.merge('feed/rss/').to_s)
   #
   #  response.body[%r{<generator>http://wordpress.org/?v=(#{WpVersion.version_pattern})</generator>}i, 1]
   #end
@@ -99,7 +99,7 @@ class WpVersion < Vulnerable
   # the generator tag in the Atom source.
   def self.find_from_atom_generator(options)
     target_uri = options[:base_url]
-    response = Browser.instance.get(target_uri.merge('feed/atom/').to_s, { follow_location: true, max_redirects: 2 })
+    response = Browser.instance.get_and_follow_location(target_uri.merge('feed/atom/').to_s)
 
     response.body[%r{<generator uri="http://wordpress.org/" version="#{WpVersion.version_pattern}">WordPress</generator>}i, 1]
   end
@@ -110,7 +110,7 @@ class WpVersion < Vulnerable
   # Have not been able to find an example of this - Ryan
   #def self.find_from_comments_rss_generator(options)
   #  target_uri = options[:base_url]
-  #  response = Browser.instance.get(target_uri.merge('comments/feed/').to_s, {:follow_location => true, :max_redirects => 2})
+  #  response = Browser.instance.get_and_follow_location(target_uri.merge('comments/feed/').to_s)
   #
   #  response.body[%r{<!-- generator="WordPress/#{WpVersion.version_pattern}" -->}i, 1]
   #end

spec/lib/browser_spec.rb

@@ -331,6 +331,29 @@ describe Browser do
     end
   end
 
+  describe '#get_and_follow_location' do
+    # Typhoeus does not follow the location (maybe it's fixed in > 0.4.2)
+    # Or, something else is wrong
+
+    #context 'whitout max_redirects params' do
+    #  context 'when multiples redirection' do
+    #    it 'returns the last redirection response' do
+    #      url               = 'http://target.com'
+    #      first_redirection = 'www.first-redirection.com'
+    #      last_redirection  = 'last-redirection.com'
+
+    #      stub_request(:get, url).to_return(status: 301, headers: { location: first_redirection })
+    #      stub_request(:get, first_redirection).to_return(status: 301, headers: { location: last_redirection })
+    #      stub_request(:get, last_redirection).to_return(status: 200, body: 'Hello World!')
+
+    #      response = @browser.get_and_follow_location(url)
+
+    #      response.body.should === 'Hellow World!'
+    #    end
+    #  end
+    #end
+  end
+
   describe '#Browser.generate_cache_key_from_request' do
     it '2 requests with the same url, without params must have the same cache_key' do