Fix case where a theme slug is all non-latin characters

Merge pull request #1787 from 0n1shi/fix/db-exports-not-detected
Fixed #1759
2023-11-02 19:10:15 -03:00 · 2023-10-13 23:21:50 -03:00 · 2023-10-14 01:21:27 +09:00 · 2023-10-12 17:29:52 -03:00 · 2023-10-12 17:06:25 -03:00 · 2023-09-26 15:35:56 -03:00
6 changed files with 15 additions and 5 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -9,7 +9,7 @@ jobs:

    strategy:
      matrix:
-        ruby: [2.7, '3.0', 3.1]
+        ruby: [2.7, '3.0', 3.1, 3.2]

    steps:
    - name: Checkout code
--- a/README.md
+++ b/README.md
@@ -38,7 +38,9 @@ When using a pentesting distubution (such as Kali Linux), it is recommended to i

 ### In macOSX via Homebrew

-`brew install wpscanteam/tap/wpscan`
+```shell
+brew install wpscanteam/tap/wpscan
+```

 ### From RubyGems

--- a/app/finders/db_exports/known_locations.rb
+++ b/app/finders/db_exports/known_locations.rb
@@ -7,6 +7,10 @@ module WPScan
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator

+        def valid_response_codes
+          @valid_response_codes ||= [200, 206].freeze
+        end
+
        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze

        # @param [ Hash ] opts
@@ -17,7 +21,7 @@ module WPScan
        def aggressive(opts = {})
          found = []

-          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: valid_response_codes)) do |res|
            if res.effective_url.end_with?('.zip')
              next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
            else
--- a/app/models/theme.rb
+++ b/app/models/theme.rb
@@ -92,7 +92,7 @@ module WPScan
          tags: 'Tags',
          text_domain: 'Text Domain'
        }.each do |attribute, tag|
-          instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
+          instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag)&.force_encoding('UTF-8'))
        end
      end

--- a/lib/wpscan/helper.rb
+++ b/lib/wpscan/helper.rb
@@ -16,5 +16,8 @@ def classify_slug(slug)
  classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/-{1,}/, '_').camelize.to_s
  classified = "D_#{classified}" if /\d/.match?(classified[0])

+  # Special case for slugs with all non-latin characters.
+  classified = "HexSlug_#{slug.bytes.map { |i| i.to_s(16) }.join}" if classified.empty?
+
  classified.to_sym
 end
--- a/spec/lib/helper_spec.rb
+++ b/spec/lib/helper_spec.rb
@@ -7,7 +7,8 @@ describe '#classify_slug' do
    '12-slug' => :D_12Slug,
    'slug.s' => :SlugS,
    'slug yolo $' => :SlugYolo,
-    'slug $ ab.cd/12' => :SlugAbCd12
+    'slug $ ab.cd/12' => :SlugAbCd12,
+    'カスタムテーマ' => :HexSlug_e382abe382b9e382bfe383a0e38386e383bce3839e
  }.each do |slug, expected_symbol|
    context "when #{slug}" do
      it "returns #{expected_symbol}" do
Author	SHA1	Message	Date
Alex Sanford	de4f65e69b	Fix case where a theme slug is all non-latin characters	2023-11-02 19:10:15 -03:00
Alex Sanford	bce3b48ac7	Merge pull request #1787 from 0n1shi/fix/db-exports-not-detected Fixed #1759	2023-10-13 23:21:50 -03:00
Kazuki Onishi	2c1eb27f79	Use valid_response_codes	2023-10-14 01:21:27 +09:00
Alex Sanford	a423b15d53	Merge pull request #1711 from devidw/patch-1 README: Inline to code block for macOS download	2023-10-12 17:29:52 -03:00
Alex Sanford	162fcf4c2d	Merge pull request #1803 from wpscanteam/tweak/add-ruby-3.2-to-build Re-add ruby 3.2 to build	2023-10-12 17:06:25 -03:00
Alex Sanford	c11f4b9064	Re-add ruby 3.2 to build	2023-09-26 15:35:56 -03:00
Kazuki Onishi	99fca11958	Fixed issue #1759	2023-06-18 14:57:44 +09:00
David Wolf	a5adcfec97	README: Inline to code block for macOS download	2022-02-22 19:55:32 +01:00