Formatting

Fix case where a theme slug is all non-latin characters

.github/workflows/build.yml

@@ -9,7 +9,7 @@ jobs:
 
     strategy:
       matrix:
-        ruby: [2.7, '3.0', 3.1]
+        ruby: [2.7, '3.0', 3.1, 3.2]
 
     steps:
     - name: Checkout code

README.md

@@ -38,7 +38,9 @@ When using a pentesting distubution (such as Kali Linux), it is recommended to i
 
 ### In macOSX via Homebrew
 
-`brew install wpscanteam/tap/wpscan`
+```shell
+brew install wpscanteam/tap/wpscan
+```
 
 ### From RubyGems
 

app/finders/db_exports/known_locations.rb

@@ -7,6 +7,10 @@ module WPScan
       class KnownLocations < CMSScanner::Finders::Finder
         include CMSScanner::Finders::Finder::Enumerator
 
+        def valid_response_codes
+          @valid_response_codes ||= [200, 206].freeze
+        end
+
         SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
 
         # @param [ Hash ] opts
@@ -17,7 +21,7 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: valid_response_codes)) do |res|
             if res.effective_url.end_with?('.zip')
               next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
             else

app/finders/users/oembed_api.rb

@@ -36,6 +36,8 @@ module WPScan
 
           oembed_data = oembed_data.first if oembed_data.is_a?(Array)
 
+          oembed_data = {} unless oembed_data.is_a?(Hash)
+
           if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z}
             details = [Regexp.last_match[1], 'Author URL', 90]
           elsif oembed_data['author_name'] && !oembed_data['author_name'].empty?

app/finders/users/wp_json_api.rb

@@ -42,12 +42,16 @@ module WPScan
         def users_from_response(response)
           found = []
 
-          JSON.parse(response.body)&.each do |user|
-            found << Model::User.new(user['slug'],
-                                     id: user['id'],
-                                     found_by: found_by,
-                                     confidence: 100,
-                                     interesting_entries: [response.effective_url])
+          json = JSON.parse(response.body)
+
+          if json.is_a?(Enumerable)
+            json.each do |user|
+              found << Model::User.new(user['slug'],
+                                       id: user['id'],
+                                       found_by: found_by,
+                                       confidence: 100,
+                                       interesting_entries: [response.effective_url])
+            end
           end
 
           found

app/models/theme.rb

@@ -92,7 +92,7 @@ module WPScan
           tags: 'Tags',
           text_domain: 'Text Domain'
         }.each do |attribute, tag|
-          instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
+          instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag)&.force_encoding('UTF-8'))
         end
       end
 

lib/wpscan/helper.rb

@@ -16,5 +16,8 @@ def classify_slug(slug)
   classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/-{1,}/, '_').camelize.to_s
   classified = "D_#{classified}" if /\d/.match?(classified[0])
 
+  # Special case for slugs with all non-latin characters.
+  classified = "HexSlug_#{slug.bytes.map { |i| i.to_s(16) }.join}" if classified.empty?
+
   classified.to_sym
 end

spec/app/finders/users/oembed_api_spec.rb

@@ -13,9 +13,17 @@ describe WPScan::Finders::Users::OembedApi do
     end
 
     context 'when not a JSON response' do
-      let(:body) { '' }
+      context 'when empty' do
+        let(:body) { '' }
 
-      its(:aggressive) { should eql([]) }
+        its(:aggressive) { should eql([]) }
+      end
+
+      context 'when a string' do
+        let(:body) { '404' }
+
+        its(:aggressive) { should eql([]) }
+      end
     end
 
     context 'when a JSON response' do

spec/app/finders/users/wp_json_api_spec.rb

@@ -20,9 +20,17 @@ describe WPScan::Finders::Users::WpJsonApi do
       end
 
       context 'when not a JSON response' do
-        let(:body) { '' }
+        context 'when empty' do
+          let(:body) { '' }
 
-        its(:aggressive) { should eql([]) }
+          its(:aggressive) { should eql([]) }
+        end
+
+        context 'when a string' do
+          let(:body) { '404' }
+
+          its(:aggressive) { should eql([]) }
+        end
       end
 
       context 'when a JSON response' do

spec/lib/helper_spec.rb

@@ -7,7 +7,8 @@ describe '#classify_slug' do
     '12-slug' => :D_12Slug,
     'slug.s' => :SlugS,
     'slug yolo $' => :SlugYolo,
-    'slug $ ab.cd/12' => :SlugAbCd12
+    'slug $ ab.cd/12' => :SlugAbCd12,
+    'カスタムテーマ' => :HexSlug_e382abe382b9e382bfe383a0e38386e383bce3839e
   }.each do |slug, expected_symbol|
     context "when #{slug}" do
       it "returns #{expected_symbol}" do