From 1097edde542d06cd4d83bddb73f4d53fe4af8b15 Mon Sep 17 00:00:00 2001
From: Elbert Alias <77259+AliasIO@users.noreply.github.com>
Date: Mon, 29 Nov 2021 14:35:07 +1100
Subject: [PATCH] Prevent cross-domain redirection on subsequent requests, add
 option to disable redirects on all requests

---
 src/drivers/npm/README.md |  2 ++
 src/drivers/npm/cli.js    |  2 ++
 src/drivers/npm/driver.js | 32 ++++++++++++++++++++++----------
 3 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/src/drivers/npm/README.md b/src/drivers/npm/README.md
index 0e2e5e022..986e7c784 100644
--- a/src/drivers/npm/README.md
+++ b/src/drivers/npm/README.md
@@ -35,6 +35,7 @@ wappalyzer <url> [options]
 -r, --recursive          Follow links on pages (crawler)
 -a, --user-agent=...     Set the user agent string
 -n, --no-scripts         Disabled JavaScript on web pages
+-N, --no-redirect        Disable cross-domain redirects
 ```
 
 
@@ -66,6 +67,7 @@ const options = {
   htmlMaxCols: 2000,
   htmlMaxRows: 2000,
   noScripts: false,
+  noRedirect: false,
 };
 
 const wappalyzer = new Wappalyzer(options)
diff --git a/src/drivers/npm/cli.js b/src/drivers/npm/cli.js
index d6e53d5a2..423ab999a 100755
--- a/src/drivers/npm/cli.js
+++ b/src/drivers/npm/cli.js
@@ -22,6 +22,7 @@ const aliases = {
   r: 'recursive',
   w: 'maxWait',
   n: 'noScripts',
+  N: 'noRedirect',
 }
 
 while (true) {
@@ -75,6 +76,7 @@ Options:
   -r, --recursive          Follow links on pages (crawler)
   -a, --user-agent=...     Set the user agent string
   -n, --no-scripts         Disabled JavaScript on web pages
+  -N, --no-redirect        Disable cross-domain redirects
 `)
 
   process.exit(1)
diff --git a/src/drivers/npm/driver.js b/src/drivers/npm/driver.js
index 32d64365e..a0dfaf602 100644
--- a/src/drivers/npm/driver.js
+++ b/src/drivers/npm/driver.js
@@ -610,21 +610,33 @@ class Site {
             ]
           })
 
+          // Prevent cross-domain redirects
           if (response.status() >= 300 && response.status() < 400) {
             if (headers.location) {
-              url = new URL(headers.location.slice(-1), url)
+              const _url = new URL(headers.location.slice(-1), url)
+
+              if (
+                _url.hostname.replace(/^www\./, '') ===
+                  this.originalUrl.hostname.replace(/^www\./, '') ||
+                (Object.keys(this.analyzedUrls).length === 1 &&
+                  !this.options.noRedirect)
+              ) {
+                url = _url
+
+                return
+              }
             }
-          } else {
-            responseReceived = true
+          }
 
-            const certIssuer = response.securityDetails()
-              ? response.securityDetails().issuer()
-              : ''
+          responseReceived = true
 
-            await this.onDetect(url, await analyze({ headers, certIssuer }))
+          const certIssuer = response.securityDetails()
+            ? response.securityDetails().issuer()
+            : ''
 
-            await this.emit('response', { page, response, headers, certIssuer })
-          }
+          await this.onDetect(url, await analyze({ headers, certIssuer }))
+
+          await this.emit('response', { page, response, headers, certIssuer })
         }
       } catch (error) {
         this.error(error)
@@ -983,7 +995,7 @@ class Site {
       ])
     } catch (error) {
       this.analyzedUrls[url.href] = {
-        status: 0,
+        status: this.analyzedUrls[url.href]?.status || 0,
         error: error.message || error.toString(),
       }