Prevent cross-domain redirection on subsequent requests, add option to disable redirects on all requests

3 years ago · 1097edde54
parent 3def9cf856
commit 1097edde54
3 changed files with 26 additions and 10 deletions
--- a/src/drivers/npm/README.md
+++ b/src/drivers/npm/README.md
@ -35,6 +35,7 @@ wappalyzer <url> [options]
 -r, --recursive          Follow links on pages (crawler)
 -a, --user-agent=...     Set the user agent string
 -n, --no-scripts         Disabled JavaScript on web pages
+-N, --no-redirect        Disable cross-domain redirects
 ```


@ -66,6 +67,7 @@ const options = {
  htmlMaxCols: 2000,
  htmlMaxRows: 2000,
  noScripts: false,
+  noRedirect: false,
 };

 const wappalyzer = new Wappalyzer(options)
--- a/src/drivers/npm/cli.js
+++ b/src/drivers/npm/cli.js
@ -22,6 +22,7 @@ const aliases = {
  r: 'recursive',
  w: 'maxWait',
  n: 'noScripts',
+  N: 'noRedirect',
 }

 while (true) {
@ -75,6 +76,7 @@ Options:
  -r, --recursive          Follow links on pages (crawler)
  -a, --user-agent=...     Set the user agent string
  -n, --no-scripts         Disabled JavaScript on web pages
+  -N, --no-redirect        Disable cross-domain redirects
 `)

  process.exit(1)
--- a/src/drivers/npm/driver.js
+++ b/src/drivers/npm/driver.js
@ -610,11 +610,24 @@ class Site {
            ]
          })

+          // Prevent cross-domain redirects
          if (response.status() >= 300 && response.status() < 400) {
            if (headers.location) {
-              url = new URL(headers.location.slice(-1), url)
+              const _url = new URL(headers.location.slice(-1), url)
+
+              if (
+                _url.hostname.replace(/^www\./, '') ===
+                  this.originalUrl.hostname.replace(/^www\./, '') ||
+                (Object.keys(this.analyzedUrls).length === 1 &&
+                  !this.options.noRedirect)
+              ) {
+                url = _url
+
+                return
              }
-          } else {
+            }
+          }
+
          responseReceived = true

          const certIssuer = response.securityDetails()
@ -625,7 +638,6 @@ class Site {

          await this.emit('response', { page, response, headers, certIssuer })
        }
-        }
      } catch (error) {
        this.error(error)
      }
@ -983,7 +995,7 @@ class Site {
      ])
    } catch (error) {
      this.analyzedUrls[url.href] = {
-        status: 0,
+        status: this.analyzedUrls[url.href]?.status || 0,
        error: error.message || error.toString(),
      }