From 01c357e1466f81d999aa5dfc4bf672b0368908af Mon Sep 17 00:00:00 2001 From: ethicalhack3r Date: Fri, 14 Aug 2015 16:03:21 +0200 Subject: [PATCH] Fix specs #853 --- .rspec | 2 +- lib/common/models/wp_item/vulnerable.rb | 4 +- .../lib/common/collections/wp_plugins_spec.rb | 2 +- spec/lib/common/collections/wp_themes_spec.rb | 2 +- spec/lib/common/models/wp_plugin_spec.rb | 2 +- .../wp_items/detectable/vulns.json | 100 +++++++++-------- .../wp_plugins/detectable/vulns.json | 102 +++++++++-------- .../wp_themes/detectable/vulns.json | 104 ++++++++++-------- .../models/vulnerability/json_item.json | 14 ++- .../wp_item/vulnerable/items_vulns.json | 50 +++++---- .../wp_plugin/vulnerable/plugins_vulns.json | 56 ---------- .../wp_theme/vulnerable/themes_vulns.json | 72 ++++++------ .../wp_version/vulnerable/versions_vulns.json | 54 ++++----- spec/shared_examples/wp_items_detectable.rb | 24 +--- spec/shared_examples/wp_plugin_vulnerable.rb | 2 +- spec/shared_examples/wp_theme_vulnerable.rb | 2 +- spec/shared_examples/wp_version_vulnerable.rb | 2 +- 17 files changed, 278 insertions(+), 316 deletions(-) delete mode 100644 spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json diff --git a/.rspec b/.rspec index ba44b749..9c3c126f 100644 --- a/.rspec +++ b/.rspec @@ -1,2 +1,2 @@ --color ---fail-fast +#--fail-fast diff --git a/lib/common/models/wp_item/vulnerable.rb b/lib/common/models/wp_item/vulnerable.rb index 99b9a189..4b03eda2 100755 --- a/lib/common/models/wp_item/vulnerable.rb +++ b/lib/common/models/wp_item/vulnerable.rb @@ -8,8 +8,8 @@ class WpItem # Filters out already fixed vulnerabilities # # @return [ Vulnerabilities ] - def vulnerabilities - json = json(vulns_file).select { |item| !item['vulnerabilities'].empty? } + def vulnerabilities + json = json(vulns_file).select { |item| !item['vulnerabilities'].empty? } vulnerabilities = Vulnerabilities.new json.each do |item| diff --git a/spec/lib/common/collections/wp_plugins_spec.rb b/spec/lib/common/collections/wp_plugins_spec.rb index b1214f0d..5b0a1804 100644 --- a/spec/lib/common/collections/wp_plugins_spec.rb +++ b/spec/lib/common/collections/wp_plugins_spec.rb @@ -11,7 +11,7 @@ describe WpPlugins do let(:expected) do { request_params: { cache_ttl: 0, followlocation: true }, - vulns_file: PLUGINS_VULNS_FILE, + vulns_file: PLUGINS_FILE, targets_items_from_file: [ WpPlugin.new(uri, name: 'plugin1'), WpPlugin.new(uri, name:'plugin-2'), WpPlugin.new(uri, name: 'mr-smith')], diff --git a/spec/lib/common/collections/wp_themes_spec.rb b/spec/lib/common/collections/wp_themes_spec.rb index d173e396..b29c56ec 100644 --- a/spec/lib/common/collections/wp_themes_spec.rb +++ b/spec/lib/common/collections/wp_themes_spec.rb @@ -13,7 +13,7 @@ describe WpThemes do let(:expected) do { request_params: { cache_ttl: 0, followlocation: true }, - vulns_file: THEMES_VULNS_FILE, + vulns_file: THEMES_FILE, targets_items_from_file: [ WpTheme.new(uri, name: '3colours'), WpTheme.new(uri, name:'42k'), WpTheme.new(uri, name: 'a-ri')], diff --git a/spec/lib/common/models/wp_plugin_spec.rb b/spec/lib/common/models/wp_plugin_spec.rb index 29425678..6b740667 100644 --- a/spec/lib/common/models/wp_plugin_spec.rb +++ b/spec/lib/common/models/wp_plugin_spec.rb @@ -6,7 +6,7 @@ describe WpPlugin do it_behaves_like 'WpPlugin::Vulnerable' it_behaves_like 'WpItem::Vulnerable' do let(:options) { { name: 'white-rabbit' } } - let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' } + let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins.json' } let(:expected_refs) { { 'id' => [2993], 'url' => ['Ref 1,Ref 2'], diff --git a/spec/samples/common/collections/wp_items/detectable/vulns.json b/spec/samples/common/collections/wp_items/detectable/vulns.json index fa7b920d..ebd99762 100644 --- a/spec/samples/common/collections/wp_items/detectable/vulns.json +++ b/spec/samples/common/collections/wp_items/detectable/vulns.json @@ -1,58 +1,66 @@ [ { - "mr-smith":{ - "vulnerabilities":[ - { - "id":2989, - "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", - "references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:43:41.000Z" + "name": "mr-smith", + "vulnerabilities":[ + { + "id":2989, + "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", + "references": { + "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com" }, - { - "id":2990, - "title":"Potential Authentication Cookie Forgery", - "references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:43:41.000Z" + }, + { + "id":2990, + "title":"Potential Authentication Cookie Forgery", + "references": { + "url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", "osvdb":"105620", - "cve":"2014-0166", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "cve":"2014-0166" }, - { - "id":2991, - "title":"Privilege escalation: contributors publishing posts", - "references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2991, + "title":"Privilege escalation: contributors publishing posts", + "references": { + "url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", "osvdb":"105630", - "cve":"2014-0165", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "cve":"2014-0165" }, - { - "id":2992, - "title":"Plupload Unspecified XSS", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2992, + "title":"Plupload Unspecified XSS", + "references": { "osvdb":"105622", - "secunia":"57769", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" - } - ] - } + "secunia":"57769" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + } + ] }, { - "neo":{ - "vulnerabilities":[ - { - "id":2993, - "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", - "references":"http://seclists.org/fulldisclosure/2013/Dec/135", - "osvdb":"101101", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } + "name": "neo", + "vulnerabilities":[ + { + "id":2993, + "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", + "references": { + "url": "http://seclists.org/fulldisclosure/2013/Dec/135", + "osvdb":"101101" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] } ] \ No newline at end of file diff --git a/spec/samples/common/collections/wp_plugins/detectable/vulns.json b/spec/samples/common/collections/wp_plugins/detectable/vulns.json index fa7b920d..53777e54 100644 --- a/spec/samples/common/collections/wp_plugins/detectable/vulns.json +++ b/spec/samples/common/collections/wp_plugins/detectable/vulns.json @@ -1,58 +1,66 @@ [ { - "mr-smith":{ - "vulnerabilities":[ - { - "id":2989, - "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", - "references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:43:41.000Z" + "name": "mr-smith", + "vulnerabilities":[ + { + "id":2989, + "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", + "references": { + "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com" }, - { - "id":2990, - "title":"Potential Authentication Cookie Forgery", - "references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", - "osvdb":"105620", - "cve":"2014-0166", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:43:41.000Z" + }, + { + "id":2990, + "title":"Potential Authentication Cookie Forgery", + "references": { + "url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be" }, - { - "id":2991, - "title":"Privilege escalation: contributors publishing posts", - "references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", + "osvdb":"105620", + "cve":"2014-0166", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2991, + "title":"Privilege escalation: contributors publishing posts", + "references": { + "url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", "osvdb":"105630", - "cve":"2014-0165", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "cve":"2014-0165" }, - { - "id":2992, - "title":"Plupload Unspecified XSS", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2992, + "title":"Plupload Unspecified XSS", + "references": { "osvdb":"105622", - "secunia":"57769", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" - } - ] - } + "secunia":"57769" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + } + ] }, { - "neo":{ - "vulnerabilities":[ - { - "id":2993, - "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", - "references":"http://seclists.org/fulldisclosure/2013/Dec/135", - "osvdb":"101101", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } + "name":"neo", + "vulnerabilities":[ + { + "id":2993, + "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", + "references": { + "url": "http://seclists.org/fulldisclosure/2013/Dec/135", + "osvdb":"101101" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] } ] \ No newline at end of file diff --git a/spec/samples/common/collections/wp_themes/detectable/vulns.json b/spec/samples/common/collections/wp_themes/detectable/vulns.json index 80a614e5..fdcc83dc 100644 --- a/spec/samples/common/collections/wp_themes/detectable/vulns.json +++ b/spec/samples/common/collections/wp_themes/detectable/vulns.json @@ -1,58 +1,66 @@ [ { - "shopperpress":{ - "vulnerabilities":[ - { - "id":2989, - "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", - "references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:43:41.000Z" + "name": "shopperpress", + "vulnerabilities":[ + { + "id":2989, + "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", + "references": { + "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com" }, - { - "id":2990, - "title":"Potential Authentication Cookie Forgery", - "references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", - "osvdb":"105620", - "cve":"2014-0166", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:43:41.000Z" + }, + { + "id":2990, + "title":"Potential Authentication Cookie Forgery", + "references": { + "url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", + "osvdb":"105620", + "cve":"2014-0166" }, - { - "id":2991, - "title":"Privilege escalation: contributors publishing posts", - "references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", - "osvdb":"105630", - "cve":"2014-0165", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2991, + "title":"Privilege escalation: contributors publishing posts", + "references": { + "url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", + "osvdb":"105630", + "cve":"2014-0165" }, - { - "id":2992, - "title":"Plupload Unspecified XSS", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + }, + { + "id":2992, + "title":"Plupload Unspecified XSS", + "references": { "osvdb":"105622", - "secunia":"57769", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z", - "fixed_in":"3.8.2" - } - ] - } + "secunia":"57769" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z", + "fixed_in":"3.8.2" + } + ] }, { - "webfolio":{ - "vulnerabilities":[ - { - "id":2993, - "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", - "references":"http://seclists.org/fulldisclosure/2013/Dec/135", - "osvdb":"101101", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } + "name": "webfolio", + "vulnerabilities":[ + { + "id":2993, + "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", + "references": { + "url": "http://seclists.org/fulldisclosure/2013/Dec/135", + "osvdb":"101101" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] } ] diff --git a/spec/samples/common/models/vulnerability/json_item.json b/spec/samples/common/models/vulnerability/json_item.json index 46b4fdfe..778d4ba5 100644 --- a/spec/samples/common/models/vulnerability/json_item.json +++ b/spec/samples/common/models/vulnerability/json_item.json @@ -1,12 +1,14 @@ { "id": "3911", "title": "Vuln Title", - "url": "Ref 1,Ref 2", - "secunia": "secunia", - "osvdb": "osvdb", - "cve": "2011-001", - "metasploit": "exploit/ex1", - "exploitdb": "exploitdb", + "references":{ + "url": "Ref 1,Ref 2", + "secunia": "secunia", + "osvdb": "osvdb", + "cve": "2011-001", + "metasploit": "exploit/ex1", + "exploitdb": "exploitdb" + }, "created_at": "2014-07-28T12:10:45.000Z", "updated_at": "2014-07-28T12:10:45.000Z", "type": "CSRF", diff --git a/spec/samples/common/models/wp_item/vulnerable/items_vulns.json b/spec/samples/common/models/wp_item/vulnerable/items_vulns.json index 46ae9b2c..4c9a3b2e 100644 --- a/spec/samples/common/models/wp_item/vulnerable/items_vulns.json +++ b/spec/samples/common/models/wp_item/vulnerable/items_vulns.json @@ -1,35 +1,37 @@ [ { - "not-this-one":{ - "vulnerabilities":[ - { - "id":2989, - "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", - "url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:43:41.000Z" - } - ] - } + "name": "not-this-one", + "vulnerabilities":[ + { + "id":2989, + "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", + "references": { + "url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com" + }, + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:43:41.000Z" + } + ] }, { - "neo":{ - "vulnerabilities":[ - { - "id":2993, - "title":"I'm the one", + "name": "neo", + "vulnerabilities":[ + { + "id":2993, + "title":"I'm the one", + "references": { "url":"Ref 1,Ref 2", "osvdb":"osvdb", "cve":"2011-001", "secunia":"secunia", "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } + "exploitdb":"exploitdb" + }, + "type":"XSS", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] } ] \ No newline at end of file diff --git a/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json b/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json deleted file mode 100644 index 878c1692..00000000 --- a/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json +++ /dev/null @@ -1,56 +0,0 @@ -[ - { - "mr-smith":{ - "vulnerabilities":[ - { - "id":2989, - "title":"I should not appear in the results", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - }, - { - "id":2989, - "title":"Neither do I", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } - }, - { - "white-rabbit":{ - "vulnerabilities":[ - { - "id":2993, - "title":"Follow me!", - "url":"Ref 1,Ref 2", - "osvdb":"osvdb", - "cve":"2011-001", - "secunia":"secunia", - "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"REDIRECT", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } - } -] diff --git a/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json b/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json index 03a89b8a..accd3061 100644 --- a/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json +++ b/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json @@ -1,56 +1,60 @@ [ { - "mr-smith":{ - "vulnerabilities":[ - { - "id":2989, - "title":"I should not appear in the results", + "name": "mr-smith", + "vulnerabilities":[ + { + "id":2989, + "title":"I should not appear in the results", + "references": { "url":"Ref 1,Ref 2", "osvdb":"osvdb", "cve":"2011-001", "secunia":"secunia", "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" + "exploitdb":"exploitdb" }, - { - "id":2989, - "title":"Neither do I", + "type":"XSS", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + }, + { + "id":2989, + "title":"Neither do I", + "references": { "url":"Ref 1,Ref 2", "osvdb":"osvdb", "cve":"2011-001", "secunia":"secunia", "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } + "exploitdb":"exploitdb" + }, + "type":"XSS", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } ] - } - }, + }, { - "the-oracle":{ - "vulnerabilities":[ - { - "id":2993, - "title":"I see you", + "name": "the-oracle", + "vulnerabilities":[ + { + "id":2993, + "title":"I see you", + "references": { "url":"Ref 1,Ref 2", "osvdb":"osvdb", "cve":"2011-001", "secunia":"secunia", "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"FPD", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } + "exploitdb":"exploitdb" + }, + "type":"FPD", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] } ] diff --git a/spec/samples/common/models/wp_version/vulnerable/versions_vulns.json b/spec/samples/common/models/wp_version/vulnerable/versions_vulns.json index 8ed78ed1..e348293e 100644 --- a/spec/samples/common/models/wp_version/vulnerable/versions_vulns.json +++ b/spec/samples/common/models/wp_version/vulnerable/versions_vulns.json @@ -1,42 +1,44 @@ [ { - "3.5":{ - "vulnerabilities":[ - { - "id":2989, - "title":"I should not appear in the results", + "version": "3.5", + "vulnerabilities":[ + { + "id":2989, + "title":"I should not appear in the results", + "references": { "url":"Ref 1,Ref 2", "osvdb":"osvdb", "cve":"2011-001", "secunia":"secunia", "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"XSS", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } + "exploitdb":"exploitdb" + }, + "type":"XSS", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] }, { - "3.2":{ - "vulnerabilities":[ - { - "id":2993, - "title":"Here I Am", + "version": "3.2", + "vulnerabilities":[ + { + "id":2993, + "title":"Here I Am", + "references": { "url":"Ref 1,Ref 2", "osvdb":"osvdb", "cve":"2011-001", "secunia":"secunia", "metasploit":"exploit/ex1", - "exploitdb":"exploitdb", - "type":"SQLI", - "fixed_in":"", - "created_at":"2014-07-28T12:10:07.000Z", - "updated_at":"2014-07-28T12:10:07.000Z" - } - ] - } + "exploitdb":"exploitdb" + }, + "type":"SQLI", + "fixed_in":"", + "created_at":"2014-07-28T12:10:07.000Z", + "updated_at":"2014-07-28T12:10:07.000Z" + } + ] } ] diff --git a/spec/shared_examples/wp_items_detectable.rb b/spec/shared_examples/wp_items_detectable.rb index 574621c0..7376e753 100644 --- a/spec/shared_examples/wp_items_detectable.rb +++ b/spec/shared_examples/wp_items_detectable.rb @@ -70,9 +70,9 @@ shared_examples 'WpItems::Detectable' do end end - describe '::vulnerable_targets_items' do + describe '::target_items' do after do - results = subject.send(:vulnerable_targets_items, wp_target, item_class, vulns_file) + results = subject.send(:target_items, wp_target, item_class, vulns_file, :all) expect(results.map { |i| i.name }).to eq @expected.map { |i| i.name } @@ -100,7 +100,7 @@ shared_examples 'WpItems::Detectable' do end describe '::targets_items' do - let(:options) { {} } + let(:options) { { type: :all } } after do if @expected @@ -111,28 +111,12 @@ shared_examples 'WpItems::Detectable' do end context 'when :only_vulnerable' do - let(:options) { { only_vulnerable: true } } + let(:options) { { type: :vulnerable } } it 'returns the expected Array of WpItem' do @expected = expected[:vulnerable_targets_items] end end - - context 'when not :only_vulnerable' do - context 'when no :file' do - it 'raises an error' do - expect { subject.send(:targets_items, wp_target, options) }.to raise_error('A file must be supplied') - end - end - - context 'when :file' do - let(:options) { { file: targets_items_file } } - - it 'returns the expected Array of WpItem' do - @expected = (expected[:targets_items_from_file] + expected[:vulnerable_targets_items]).uniq {|t| t.name } - end - end - end end describe '::passive_detection' do diff --git a/spec/shared_examples/wp_plugin_vulnerable.rb b/spec/shared_examples/wp_plugin_vulnerable.rb index 44a77f87..d46e854d 100644 --- a/spec/shared_examples/wp_plugin_vulnerable.rb +++ b/spec/shared_examples/wp_plugin_vulnerable.rb @@ -7,7 +7,7 @@ shared_examples 'WpPlugin::Vulnerable' do context 'when :vulns_file is no set' do it 'returns the default one' do - @expected = PLUGINS_VULNS_FILE + @expected = PLUGINS_FILE end end diff --git a/spec/shared_examples/wp_theme_vulnerable.rb b/spec/shared_examples/wp_theme_vulnerable.rb index 8552769a..fc7a4139 100644 --- a/spec/shared_examples/wp_theme_vulnerable.rb +++ b/spec/shared_examples/wp_theme_vulnerable.rb @@ -7,7 +7,7 @@ shared_examples 'WpTheme::Vulnerable' do context 'when :vulns_file is not set' do it 'returns the default one' do - @expected = THEMES_VULNS_FILE + @expected = THEMES_FILE end end diff --git a/spec/shared_examples/wp_version_vulnerable.rb b/spec/shared_examples/wp_version_vulnerable.rb index 1dd14320..428fee24 100644 --- a/spec/shared_examples/wp_version_vulnerable.rb +++ b/spec/shared_examples/wp_version_vulnerable.rb @@ -7,7 +7,7 @@ shared_examples 'WpVersion::Vulnerable' do context 'when :vulns_file is no set' do it 'returns the default one' do - @expected = WP_VULNS_FILE + @expected = WORDPRESSES_FILE end end