add word boundary to links re

src/wfuzz/plugins/scripts/links.py

@@ -31,9 +31,9 @@ def __init__(self):
         BasePlugin.__init__(self)
 
         regex = [
-            r'ref="((?!mailto:|tel:|#|javascript:).*?)"',
-            r'src="((?!javascript:).*?)"',
-            r'action="((?!javascript:).*?)"',
+            r'\b(?:(?<!data-)href)="((?!mailto:|tel:|#|javascript:).*?)"',
+            r'\bsrc="((?!javascript:).*?)"',
+            r'\baction="((?!javascript:).*?)"',
             # http://en.wikipedia.org/wiki/Meta_refresh
             r'<meta.*content="\d+;url=(.*?)">',
             r'getJSON\("(.*?)"',
@@ -44,8 +44,8 @@ def __init__(self):
             self.regex.append(re.compile(regex_str, re.MULTILINE | re.DOTALL))
 
         self.regex_header = [
-            ('Link', re.compile(r'<(.*)>;')),
-            ('Location', re.compile(r'(.*)')),
+            ("Link", re.compile(r"<(.*)>;")),
+            ("Location", re.compile(r"(.*)")),
         ]
 
         self.add_path = self.kbase["links.add_path"]
@@ -67,7 +67,9 @@ def process(self, fuzzresult):
 
         for header, regex in self.regex_header:
             if header in fuzzresult.history.headers.response:
-                for link_url in regex.findall(fuzzresult.history.headers.response[header]):
+                for link_url in regex.findall(
+                    fuzzresult.history.headers.response[header]
+                ):
                     if link_url:
                         self.process_link(fuzzresult, link_url)
 

tests/plugins/test_links.py

@@ -7,6 +7,11 @@
 @pytest.mark.parametrize(
     "example_full_fuzzres_content, expected_links",
     [
+        (b'<link rel="manifest" data-href="/android-chrome-manifest.json">\n', [],),
+        (
+            b'<href="1.json"href="2.json">\n',
+            ["http://www.wfuzz.org/1.json", "http://www.wfuzz.org/2.json"],
+        ),
         (
             b'<link rel="manifest" href="/android-chrome-manifest.json">\n',
             ["http://www.wfuzz.org/android-chrome-manifest.json"],