garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix specs #853

Browse Source
This commit is contained in:
ethicalhack3r
2015-08-14 16:03:21 +02:00
parent a0fed4a9d0
commit 01c357e146
17 changed files with 278 additions and 316 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.rspec
View File

@@ -1,2 +1,2 @@
--color --color
--fail-fast #--fail-fast

4
lib/common/models/wp_item/vulnerable.rb
View File

@@ -8,8 +8,8 @@ class WpItem
# Filters out already fixed vulnerabilities # Filters out already fixed vulnerabilities
# #
# @return [ Vulnerabilities ] # @return [ Vulnerabilities ]
def vulnerabilities def vulnerabilities
json = json(vulns_file).select { |item| !item['vulnerabilities'].empty? } json = json(vulns_file).select { |item| !item['vulnerabilities'].empty? }
vulnerabilities = Vulnerabilities.new vulnerabilities = Vulnerabilities.new
json.each do |item| json.each do |item|

2
spec/lib/common/collections/wp_plugins_spec.rb
View File

@@ -11,7 +11,7 @@ describe WpPlugins do
let(:expected) do let(:expected) do
{ {
request_params: { cache_ttl: 0, followlocation: true }, request_params: { cache_ttl: 0, followlocation: true },
vulns_file: PLUGINS_VULNS_FILE, vulns_file: PLUGINS_FILE,
targets_items_from_file: [ WpPlugin.new(uri, name: 'plugin1'), targets_items_from_file: [ WpPlugin.new(uri, name: 'plugin1'),
WpPlugin.new(uri, name:'plugin-2'), WpPlugin.new(uri, name:'plugin-2'),
WpPlugin.new(uri, name: 'mr-smith')], WpPlugin.new(uri, name: 'mr-smith')],

2
spec/lib/common/collections/wp_themes_spec.rb
View File

@@ -13,7 +13,7 @@ describe WpThemes do
let(:expected) do let(:expected) do
{ {
request_params: { cache_ttl: 0, followlocation: true }, request_params: { cache_ttl: 0, followlocation: true },
vulns_file: THEMES_VULNS_FILE, vulns_file: THEMES_FILE,
targets_items_from_file: [ WpTheme.new(uri, name: '3colours'), targets_items_from_file: [ WpTheme.new(uri, name: '3colours'),
WpTheme.new(uri, name:'42k'), WpTheme.new(uri, name:'42k'),
WpTheme.new(uri, name: 'a-ri')], WpTheme.new(uri, name: 'a-ri')],

2
spec/lib/common/models/wp_plugin_spec.rb
View File

@@ -6,7 +6,7 @@ describe WpPlugin do
it_behaves_like 'WpPlugin::Vulnerable' it_behaves_like 'WpPlugin::Vulnerable'
it_behaves_like 'WpItem::Vulnerable' do it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { name: 'white-rabbit' } } let(:options) { { name: 'white-rabbit' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' } let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins.json' }
let(:expected_refs) { { let(:expected_refs) { {
'id' => [2993], 'id' => [2993],
'url' => ['Ref 1,Ref 2'], 'url' => ['Ref 1,Ref 2'],

100
spec/samples/common/collections/wp_items/detectable/vulns.json
View File

@@ -1,58 +1,66 @@
[ [
{ {
"mr-smith":{ "name": "mr-smith",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2989, "id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", "references": {
"created_at":"2014-07-28T12:10:07.000Z", "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com"
"updated_at":"2014-07-28T12:43:41.000Z"
}, },
{ "created_at":"2014-07-28T12:10:07.000Z",
"id":2990, "updated_at":"2014-07-28T12:43:41.000Z"
"title":"Potential Authentication Cookie Forgery", },
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", {
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references": {
"url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620", "osvdb":"105620",
"cve":"2014-0166", "cve":"2014-0166"
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}, },
{ "created_at":"2014-07-28T12:10:07.000Z",
"id":2991, "updated_at":"2014-07-28T12:10:07.000Z",
"title":"Privilege escalation: contributors publishing posts", "fixed_in":"3.8.2"
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", },
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references": {
"url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630", "osvdb":"105630",
"cve":"2014-0165", "cve":"2014-0165"
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}, },
{ "created_at":"2014-07-28T12:10:07.000Z",
"id":2992, "updated_at":"2014-07-28T12:10:07.000Z",
"title":"Plupload Unspecified XSS", "fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"references": {
"osvdb":"105622", "osvdb":"105622",
"secunia":"57769", "secunia":"57769"
"created_at":"2014-07-28T12:10:07.000Z", },
"updated_at":"2014-07-28T12:10:07.000Z", "created_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2" "updated_at":"2014-07-28T12:10:07.000Z",
} "fixed_in":"3.8.2"
] }
} ]
}, },
{ {
"neo":{ "name": "neo",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2993, "id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135", "references": {
"osvdb":"101101", "url": "http://seclists.org/fulldisclosure/2013/Dec/135",
"created_at":"2014-07-28T12:10:07.000Z", "osvdb":"101101"
"updated_at":"2014-07-28T12:10:07.000Z" },
} "created_at":"2014-07-28T12:10:07.000Z",
] "updated_at":"2014-07-28T12:10:07.000Z"
} }
]
} }
] ]

102
spec/samples/common/collections/wp_plugins/detectable/vulns.json
View File

@@ -1,58 +1,66 @@
[ [
{ {
"mr-smith":{ "name": "mr-smith",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2989, "id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", "references": {
"created_at":"2014-07-28T12:10:07.000Z", "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com"
"updated_at":"2014-07-28T12:43:41.000Z"
}, },
{ "created_at":"2014-07-28T12:10:07.000Z",
"id":2990, "updated_at":"2014-07-28T12:43:41.000Z"
"title":"Potential Authentication Cookie Forgery", },
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", {
"osvdb":"105620", "id":2990,
"cve":"2014-0166", "title":"Potential Authentication Cookie Forgery",
"created_at":"2014-07-28T12:10:07.000Z", "references": {
"updated_at":"2014-07-28T12:10:07.000Z", "url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be"
"fixed_in":"3.8.2"
}, },
{ "osvdb":"105620",
"id":2991, "cve":"2014-0166",
"title":"Privilege escalation: contributors publishing posts", "created_at":"2014-07-28T12:10:07.000Z",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", "updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references": {
"url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630", "osvdb":"105630",
"cve":"2014-0165", "cve":"2014-0165"
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}, },
{ "created_at":"2014-07-28T12:10:07.000Z",
"id":2992, "updated_at":"2014-07-28T12:10:07.000Z",
"title":"Plupload Unspecified XSS", "fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"references": {
"osvdb":"105622", "osvdb":"105622",
"secunia":"57769", "secunia":"57769"
"created_at":"2014-07-28T12:10:07.000Z", },
"updated_at":"2014-07-28T12:10:07.000Z", "created_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2" "updated_at":"2014-07-28T12:10:07.000Z",
} "fixed_in":"3.8.2"
] }
} ]
}, },
{ {
"neo":{ "name":"neo",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2993, "id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135", "references": {
"osvdb":"101101", "url": "http://seclists.org/fulldisclosure/2013/Dec/135",
"created_at":"2014-07-28T12:10:07.000Z", "osvdb":"101101"
"updated_at":"2014-07-28T12:10:07.000Z" },
} "created_at":"2014-07-28T12:10:07.000Z",
] "updated_at":"2014-07-28T12:10:07.000Z"
} }
]
} }
] ]

104
spec/samples/common/collections/wp_themes/detectable/vulns.json
View File

@@ -1,58 +1,66 @@
[ [
{ {
"shopperpress":{ "name": "shopperpress",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2989, "id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", "references": {
"created_at":"2014-07-28T12:10:07.000Z", "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com"
"updated_at":"2014-07-28T12:43:41.000Z"
}, },
{ "created_at":"2014-07-28T12:10:07.000Z",
"id":2990, "updated_at":"2014-07-28T12:43:41.000Z"
"title":"Potential Authentication Cookie Forgery", },
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be", {
"osvdb":"105620", "id":2990,
"cve":"2014-0166", "title":"Potential Authentication Cookie Forgery",
"created_at":"2014-07-28T12:10:07.000Z", "references": {
"updated_at":"2014-07-28T12:10:07.000Z", "url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"fixed_in":"3.8.2" "osvdb":"105620",
"cve":"2014-0166"
}, },
{ "created_at":"2014-07-28T12:10:07.000Z",
"id":2991, "updated_at":"2014-07-28T12:10:07.000Z",
"title":"Privilege escalation: contributors publishing posts", "fixed_in":"3.8.2"
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165", },
"osvdb":"105630", {
"cve":"2014-0165", "id":2991,
"created_at":"2014-07-28T12:10:07.000Z", "title":"Privilege escalation: contributors publishing posts",
"updated_at":"2014-07-28T12:10:07.000Z", "references": {
"fixed_in":"3.8.2" "url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165"
}, },
{ "created_at":"2014-07-28T12:10:07.000Z",
"id":2992, "updated_at":"2014-07-28T12:10:07.000Z",
"title":"Plupload Unspecified XSS", "fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"references": {
"osvdb":"105622", "osvdb":"105622",
"secunia":"57769", "secunia":"57769"
"created_at":"2014-07-28T12:10:07.000Z", },
"updated_at":"2014-07-28T12:10:07.000Z", "created_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2" "updated_at":"2014-07-28T12:10:07.000Z",
} "fixed_in":"3.8.2"
] }
} ]
}, },
{ {
"webfolio":{ "name": "webfolio",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2993, "id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure", "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135", "references": {
"osvdb":"101101", "url": "http://seclists.org/fulldisclosure/2013/Dec/135",
"created_at":"2014-07-28T12:10:07.000Z", "osvdb":"101101"
"updated_at":"2014-07-28T12:10:07.000Z" },
} "created_at":"2014-07-28T12:10:07.000Z",
] "updated_at":"2014-07-28T12:10:07.000Z"
} }
]
} }
] ]

14
spec/samples/common/models/vulnerability/json_item.json
View File

@@ -1,12 +1,14 @@
{ {
"id": "3911", "id": "3911",
"title": "Vuln Title", "title": "Vuln Title",
"url": "Ref 1,Ref 2", "references":{
"secunia": "secunia", "url": "Ref 1,Ref 2",
"osvdb": "osvdb", "secunia": "secunia",
"cve": "2011-001", "osvdb": "osvdb",
"metasploit": "exploit/ex1", "cve": "2011-001",
"exploitdb": "exploitdb", "metasploit": "exploit/ex1",
"exploitdb": "exploitdb"
},
"created_at": "2014-07-28T12:10:45.000Z", "created_at": "2014-07-28T12:10:45.000Z",
"updated_at": "2014-07-28T12:10:45.000Z", "updated_at": "2014-07-28T12:10:45.000Z",
"type": "CSRF", "type": "CSRF",

50
spec/samples/common/models/wp_item/vulnerable/items_vulns.json
View File

@@ -1,35 +1,37 @@
[ [
{ {
"not-this-one":{ "name": "not-this-one",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2989, "id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1", "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com", "references": {
"created_at":"2014-07-28T12:10:07.000Z", "url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com"
"updated_at":"2014-07-28T12:43:41.000Z" },
} "created_at":"2014-07-28T12:10:07.000Z",
] "updated_at":"2014-07-28T12:43:41.000Z"
} }
]
}, },
{ {
"neo":{ "name": "neo",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2993, "id":2993,
"title":"I'm the one", "title":"I'm the one",
"references": {
"url":"Ref 1,Ref 2", "url":"Ref 1,Ref 2",
"osvdb":"osvdb", "osvdb":"osvdb",
"cve":"2011-001", "cve":"2011-001",
"secunia":"secunia", "secunia":"secunia",
"metasploit":"exploit/ex1", "metasploit":"exploit/ex1",
"exploitdb":"exploitdb", "exploitdb":"exploitdb"
"type":"XSS", },
"fixed_in":"", "type":"XSS",
"created_at":"2014-07-28T12:10:07.000Z", "fixed_in":"",
"updated_at":"2014-07-28T12:10:07.000Z" "created_at":"2014-07-28T12:10:07.000Z",
} "updated_at":"2014-07-28T12:10:07.000Z"
] }
} ]
} }
] ]

56
spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json
View File

@@ -1,56 +0,0 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
},
{
"id":2989,
"title":"Neither do I",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"white-rabbit":{
"vulnerabilities":[
{
"id":2993,
"title":"Follow me!",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"REDIRECT",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

72
spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json
View File

@@ -1,56 +1,60 @@
[ [
{ {
"mr-smith":{ "name": "mr-smith",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2989, "id":2989,
"title":"I should not appear in the results", "title":"I should not appear in the results",
"references": {
"url":"Ref 1,Ref 2", "url":"Ref 1,Ref 2",
"osvdb":"osvdb", "osvdb":"osvdb",
"cve":"2011-001", "cve":"2011-001",
"secunia":"secunia", "secunia":"secunia",
"metasploit":"exploit/ex1", "metasploit":"exploit/ex1",
"exploitdb":"exploitdb", "exploitdb":"exploitdb"
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}, },
{ "type":"XSS",
"id":2989, "fixed_in":"",
"title":"Neither do I", "created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
},
{
"id":2989,
"title":"Neither do I",
"references": {
"url":"Ref 1,Ref 2", "url":"Ref 1,Ref 2",
"osvdb":"osvdb", "osvdb":"osvdb",
"cve":"2011-001", "cve":"2011-001",
"secunia":"secunia", "secunia":"secunia",
"metasploit":"exploit/ex1", "metasploit":"exploit/ex1",
"exploitdb":"exploitdb", "exploitdb":"exploitdb"
"type":"XSS", },
"fixed_in":"", "type":"XSS",
"created_at":"2014-07-28T12:10:07.000Z", "fixed_in":"",
"updated_at":"2014-07-28T12:10:07.000Z" "created_at":"2014-07-28T12:10:07.000Z",
} "updated_at":"2014-07-28T12:10:07.000Z"
}
] ]
} },
},
{ {
"the-oracle":{ "name": "the-oracle",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2993, "id":2993,
"title":"I see you", "title":"I see you",
"references": {
"url":"Ref 1,Ref 2", "url":"Ref 1,Ref 2",
"osvdb":"osvdb", "osvdb":"osvdb",
"cve":"2011-001", "cve":"2011-001",
"secunia":"secunia", "secunia":"secunia",
"metasploit":"exploit/ex1", "metasploit":"exploit/ex1",
"exploitdb":"exploitdb", "exploitdb":"exploitdb"
"type":"FPD", },
"fixed_in":"", "type":"FPD",
"created_at":"2014-07-28T12:10:07.000Z", "fixed_in":"",
"updated_at":"2014-07-28T12:10:07.000Z" "created_at":"2014-07-28T12:10:07.000Z",
} "updated_at":"2014-07-28T12:10:07.000Z"
] }
} ]
} }
] ]

54
spec/samples/common/models/wp_version/vulnerable/versions_vulns.json
View File

@@ -1,42 +1,44 @@
[ [
{ {
"3.5":{ "version": "3.5",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2989, "id":2989,
"title":"I should not appear in the results", "title":"I should not appear in the results",
"references": {
"url":"Ref 1,Ref 2", "url":"Ref 1,Ref 2",
"osvdb":"osvdb", "osvdb":"osvdb",
"cve":"2011-001", "cve":"2011-001",
"secunia":"secunia", "secunia":"secunia",
"metasploit":"exploit/ex1", "metasploit":"exploit/ex1",
"exploitdb":"exploitdb", "exploitdb":"exploitdb"
"type":"XSS", },
"fixed_in":"", "type":"XSS",
"created_at":"2014-07-28T12:10:07.000Z", "fixed_in":"",
"updated_at":"2014-07-28T12:10:07.000Z" "created_at":"2014-07-28T12:10:07.000Z",
} "updated_at":"2014-07-28T12:10:07.000Z"
] }
} ]
}, },
{ {
"3.2":{ "version": "3.2",
"vulnerabilities":[ "vulnerabilities":[
{ {
"id":2993, "id":2993,
"title":"Here I Am", "title":"Here I Am",
"references": {
"url":"Ref 1,Ref 2", "url":"Ref 1,Ref 2",
"osvdb":"osvdb", "osvdb":"osvdb",
"cve":"2011-001", "cve":"2011-001",
"secunia":"secunia", "secunia":"secunia",
"metasploit":"exploit/ex1", "metasploit":"exploit/ex1",
"exploitdb":"exploitdb", "exploitdb":"exploitdb"
"type":"SQLI", },
"fixed_in":"", "type":"SQLI",
"created_at":"2014-07-28T12:10:07.000Z", "fixed_in":"",
"updated_at":"2014-07-28T12:10:07.000Z" "created_at":"2014-07-28T12:10:07.000Z",
} "updated_at":"2014-07-28T12:10:07.000Z"
] }
} ]
} }
] ]

24
spec/shared_examples/wp_items_detectable.rb
View File

@@ -70,9 +70,9 @@ shared_examples 'WpItems::Detectable' do
end end
end end
describe '::vulnerable_targets_items' do describe '::target_items' do
after do after do
results = subject.send(:vulnerable_targets_items, wp_target, item_class, vulns_file) results = subject.send(:target_items, wp_target, item_class, vulns_file, :all)
expect(results.map { |i| i.name }).to eq @expected.map { |i| i.name } expect(results.map { |i| i.name }).to eq @expected.map { |i| i.name }
@@ -100,7 +100,7 @@ shared_examples 'WpItems::Detectable' do
end end
describe '::targets_items' do describe '::targets_items' do
let(:options) { {} } let(:options) { { type: :all } }
after do after do
if @expected if @expected
@@ -111,28 +111,12 @@ shared_examples 'WpItems::Detectable' do
end end
context 'when :only_vulnerable' do context 'when :only_vulnerable' do
let(:options) { { only_vulnerable: true } } let(:options) { { type: :vulnerable } }
it 'returns the expected Array of WpItem' do it 'returns the expected Array of WpItem' do
@expected = expected[:vulnerable_targets_items] @expected = expected[:vulnerable_targets_items]
end end
end end
context 'when not :only_vulnerable' do
context 'when no :file' do
it 'raises an error' do
expect { subject.send(:targets_items, wp_target, options) }.to raise_error('A file must be supplied')
end
end
context 'when :file' do
let(:options) { { file: targets_items_file } }
it 'returns the expected Array of WpItem' do
@expected = (expected[:targets_items_from_file] + expected[:vulnerable_targets_items]).uniq {|t| t.name }
end
end
end
end end
describe '::passive_detection' do describe '::passive_detection' do

2
spec/shared_examples/wp_plugin_vulnerable.rb
View File

@@ -7,7 +7,7 @@ shared_examples 'WpPlugin::Vulnerable' do
context 'when :vulns_file is no set' do context 'when :vulns_file is no set' do
it 'returns the default one' do it 'returns the default one' do
@expected = PLUGINS_VULNS_FILE @expected = PLUGINS_FILE
end end
end end

2
spec/shared_examples/wp_theme_vulnerable.rb
View File

@@ -7,7 +7,7 @@ shared_examples 'WpTheme::Vulnerable' do
context 'when :vulns_file is not set' do context 'when :vulns_file is not set' do
it 'returns the default one' do it 'returns the default one' do
@expected = THEMES_VULNS_FILE @expected = THEMES_FILE
end end
end end

2
spec/shared_examples/wp_version_vulnerable.rb
View File

@@ -7,7 +7,7 @@ shared_examples 'WpVersion::Vulnerable' do
context 'when :vulns_file is no set' do context 'when :vulns_file is no set' do
it 'returns the default one' do it 'returns the default one' do
@expected = WP_VULNS_FILE @expected = WORDPRESSES_FILE
end end
end end