From 18cb395b4dbaf0cbc8710a4f44574f9b15d97b2b Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Mon, 17 Sep 2012 22:43:24 +0200 Subject: [PATCH] rspec tests --- doc/CREDITS.html | 3 +- doc/WpItem.html | 201 ++++++++++-------- doc/WpPlugin.html | 44 +--- doc/WpTheme.html | 64 +----- doc/created.rid | 10 +- doc/index.html | 40 ++-- doc/lib/wpscan/wp_plugin_rb.html | 2 +- doc/lib/wpscan/wp_theme_rb.html | 2 +- lib/wpscan/wp_item.rb | 12 +- lib/wpscan/wp_plugin.rb | 22 +- lib/wpscan/wp_theme.rb | 27 +-- spec/lib/wpscan/wp_item_spec.rb | 51 ++++- spec/lib/wpscan/wp_plugin_spec.rb | 260 +++-------------------- spec/lib/wpscan/wp_theme_spec.rb | 90 +++++++- spec/lib/wpscan/wp_vulnerability_spec.rb | 26 +++ 15 files changed, 359 insertions(+), 495 deletions(-) create mode 100644 spec/lib/wpscan/wp_vulnerability_spec.rb diff --git a/doc/CREDITS.html b/doc/CREDITS.html index 168ae32a..ef7c285a 100644 --- a/doc/CREDITS.html +++ b/doc/CREDITS.html @@ -156,7 +156,8 @@ should be in here, email ryandewhurst at gmail.

potential solutions to bugs. Callum Pember - Implemented proxy support - callumpember at gmail.com g0tmi1k - Additional timthumb checks + bug reports. Melvin Lammerts - Reported a couple of fake vulnerabilities - -melvin at 12k.nl

+melvin at 12k.nl Christian Mehlmauer - @FireFart - Theme +enumeration

diff --git a/doc/WpItem.html b/doc/WpItem.html index cb191386..83c20376 100644 --- a/doc/WpItem.html +++ b/doc/WpItem.html @@ -65,7 +65,7 @@

Methods

@@ -286,7 +284,7 @@ 
-# File lib/wpscan/wp_theme.rb, line 53
+# File lib/wpscan/wp_theme.rb, line 42
 def self.find(target_uri)
   self.methods.grep(/find_from_/).each do |method_to_call|
     theme = self.send(method_to_call, target_uri)
@@ -326,21 +324,11 @@
 
 # File lib/wpscan/wp_theme.rb, line 25
 def initialize(options = {})
-  @url            = options[:url]
-  @name           = options[:name] || extract_name_from_url(get_url)
-  @path           = options[:path]
-  @wp_content_dir = options[:wp_content_dir]
-  @vulns_xml      = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml'
-  @vulns_xpath    = "//theme[@name='#{@name}']/vulnerability"
-
-  @version        = options[:version]
-  @style_url      = options[:style_url]
-
-  raise("url not set") unless @url
-  raise("path not set") unless @path
-  raise("wp_content_dir not set") unless @wp_content_dir
-  raise("name not set") unless @name
-  raise("vulns_xml not set") unless @vulns_xml
+  options[:vulns_xml]   = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml'
+  options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability"
+  @version              = options[:version]
+  @style_url            = options[:style_url]
+  super(options)
 end
@@ -377,7 +365,7 @@ diff --git a/doc/created.rid b/doc/created.rid index 8b26bbe5..e9d3b50b 100644 --- a/doc/created.rid +++ b/doc/created.rid @@ -1,5 +1,5 @@ -Mon, 17 Sep 2012 19:45:07 +0200 -./CREDITS Thu, 13 Sep 2012 22:54:08 +0200 +Mon, 17 Sep 2012 22:40:58 +0200 +./CREDITS Mon, 17 Sep 2012 20:18:24 +0200 ./lib/browser.rb Sun, 16 Sep 2012 15:18:58 +0200 ./lib/cache_file_store.rb Sat, 15 Sep 2012 08:04:03 +0200 ./lib/common_helper.rb Sat, 15 Sep 2012 08:04:08 +0200 @@ -24,11 +24,11 @@ Mon, 17 Sep 2012 19:45:07 +0200 ./lib/wpscan/vulnerable.rb Sat, 15 Sep 2012 08:02:37 +0200 ./lib/wpscan/wp_detector.rb Mon, 17 Sep 2012 17:40:36 +0200 ./lib/wpscan/wp_enumerator.rb Mon, 17 Sep 2012 17:54:28 +0200 -./lib/wpscan/wp_item.rb Mon, 17 Sep 2012 19:43:28 +0200 +./lib/wpscan/wp_item.rb Mon, 17 Sep 2012 22:04:16 +0200 ./lib/wpscan/wp_options.rb Sun, 16 Sep 2012 23:02:21 +0200 -./lib/wpscan/wp_plugin.rb Mon, 17 Sep 2012 19:43:42 +0200 +./lib/wpscan/wp_plugin.rb Mon, 17 Sep 2012 22:03:47 +0200 ./lib/wpscan/wp_target.rb Sun, 16 Sep 2012 23:48:55 +0200 -./lib/wpscan/wp_theme.rb Mon, 17 Sep 2012 19:43:53 +0200 +./lib/wpscan/wp_theme.rb Mon, 17 Sep 2012 22:23:12 +0200 ./lib/wpscan/wp_version.rb Sun, 16 Sep 2012 23:48:18 +0200 ./lib/wpscan/wp_vulnerability.rb Sat, 15 Sep 2012 08:03:09 +0200 ./lib/wpscan/wpscan_helper.rb Sat, 15 Sep 2012 21:19:30 +0200 diff --git a/doc/index.html b/doc/index.html index 50b1025b..6beb79b9 100644 --- a/doc/index.html +++ b/doc/index.html @@ -163,27 +163,29 @@
  • ::new — CacheFileStore
    • -
  • ::new — WpVulnerability
    • +
  • ::new — WpscanOptions
  • ::new — WpVersion
    • -
  • ::new — WpTheme
    • +
  • ::new — WpVulnerability
    • -
  • ::new — WpscanOptions
    • +
  • ::new — WpItem
  • ::new — RpcClient
  • ::new — Updater
    • -
  • ::new — Generate_List
    • - -
  • ::new — Exploit
    • +
  • ::new — Svn_Parser
  • ::new — WpPlugin
    • +
  • ::new — WpTheme
    • +
  • ::new — WpTarget
    • -
  • ::new — Svn_Parser
    • +
  • ::new — Generate_List
    • + +
  • ::new — Exploit
  • ::option_to_instance_variable_setter — WpscanOptions
    • @@ -195,8 +197,6 @@
  • ::version_pattern — WpVersion
    • -
  • #<=> — WpItem
    • -
  • #== — WpItem
  • #=== — WpTheme
    • @@ -315,11 +315,11 @@
  • #help — Object
    • -
  • #is_installed? — Updater
    • +
  • #is_installed? — SvnUpdater
  • #is_installed? — GitUpdater
    • -
  • #is_installed? — SvnUpdater
    • +
  • #is_installed? — Updater
  • #is_online? — WebSite
    • @@ -339,14 +339,12 @@
  • #load_config — Browser
    • +
  • #local_revision_number — Updater
    • +
  • #local_revision_number — SvnUpdater
  • #local_revision_number — GitUpdater
    • -
  • #local_revision_number — Updater
    • - -
  • #location_uri_from_file_url — WpItem
    • -
  • #login — RpcClient
  • #login_protection_plugin — WpLoginProtection
    • @@ -361,14 +359,14 @@
  • #merge_request_params — Browser
    • -
  • #meterpreter_read — Exploit
    • -
  • #meterpreter_read — RpcClient
    • -
  • #meterpreter_write — Exploit
    • +
  • #meterpreter_read — Exploit
  • #meterpreter_write — RpcClient
    • +
  • #meterpreter_write — Exploit
    • +
  • #parse — Svn_Parser
  • #plugins_from_aggressive_detection — WpPlugins
    • @@ -427,8 +425,6 @@
  • #to_s — WpItem
    • -
  • #to_s — WpTheme
    • -
  • #update — GitUpdater
  • #update — Updater
    • @@ -447,10 +443,10 @@
  • #usernames — WpUsernames
    • -
  • #version — WpItem
    • -
  • #version — WpTarget
    • +
  • #version — WpItem
    • +
  • #vulnerabilities — Vulnerable
  • #wordlist= — WpscanOptions
    • diff --git a/doc/lib/wpscan/wp_plugin_rb.html b/doc/lib/wpscan/wp_plugin_rb.html index 65f044bd..36da7dec 100644 --- a/doc/lib/wpscan/wp_plugin_rb.html +++ b/doc/lib/wpscan/wp_plugin_rb.html @@ -24,7 +24,7 @@
    Last Modified
    -
    2012-09-17 19:43:42 +0200
    +
    2012-09-17 22:03:47 +0200
    Requires
    diff --git a/doc/lib/wpscan/wp_theme_rb.html b/doc/lib/wpscan/wp_theme_rb.html index bd4cf842..41e768ab 100644 --- a/doc/lib/wpscan/wp_theme_rb.html +++ b/doc/lib/wpscan/wp_theme_rb.html @@ -24,7 +24,7 @@
    Last Modified
    -
    2012-09-17 19:43:53 +0200
    +
    2012-09-17 22:23:12 +0200
    Requires
    diff --git a/lib/wpscan/wp_item.rb b/lib/wpscan/wp_item.rb index 588ef53d..ac870141 100644 --- a/lib/wpscan/wp_item.rb +++ b/lib/wpscan/wp_item.rb @@ -16,8 +16,10 @@ # along with this program. If not, see . #++ +require "#{WPSCAN_LIB_DIR}/vulnerable" + class WpItem < Vulnerable - attr_accessor :path, :url, :wp_content_dir, :name + attr_accessor :path, :url, :wp_content_dir, :name, :vulns_xml, :vulns_xpath @version = nil def initialize(options = {}) @@ -25,6 +27,14 @@ class WpItem < Vulnerable @url = options[:url] @path = options[:path] @name = options[:name] || extract_name_from_url + @vulns_xml = options[:vulns_xml] + @vulns_xpath = options[:vulns_xpath] + + raise("url not set") unless @url + raise("path not set") unless @path + raise("wp_content_dir not set") unless @wp_content_dir + raise("name not set") unless @name + raise("vulns_xml not set") unless @vulns_xml end # Get the full url for this item diff --git a/lib/wpscan/wp_plugin.rb b/lib/wpscan/wp_plugin.rb index e2764d6b..40d6856c 100644 --- a/lib/wpscan/wp_plugin.rb +++ b/lib/wpscan/wp_plugin.rb @@ -16,27 +16,11 @@ # along with this program. If not, see . #++ -require "#{WPSCAN_LIB_DIR}/vulnerable" - class WpPlugin < WpItem - - attr_reader :name - def initialize(options = {}) - @url = options[:url] - @path = options[:path] - @wp_content_dir = options[:wp_content_dir] - @vulns_xml = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml' - @vulns_xpath = "//plugin[@name='#@name']/vulnerability" - @version = nil - - raise("url not set") unless @url - raise("path not set") unless @path - raise("wp_content_dir not set") unless @wp_content_dir - raise("name not set") unless @name - raise("vulns_xml not set") unless @vulns_xml - - super(:wp_content_dir => @wp_content_dir, :url => @url, :path => @path) + options[:vulns_xml] = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml' + options[:vulns_xpath] = "//plugin[@name='#@name']/vulnerability" + super(options) end # Discover any error_log files created by WordPress diff --git a/lib/wpscan/wp_theme.rb b/lib/wpscan/wp_theme.rb index 94352ad9..c4057437 100644 --- a/lib/wpscan/wp_theme.rb +++ b/lib/wpscan/wp_theme.rb @@ -23,22 +23,11 @@ class WpTheme < WpItem attr_reader :name, :style_url, :version def initialize(options = {}) - @url = options[:url] - @path = options[:path] - @wp_content_dir = options[:wp_content_dir] - @vulns_xml = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml' - @vulns_xpath = "//theme[@name='#{@name}']/vulnerability" - - @version = options[:version] - @style_url = options[:style_url] - - raise("url not set") unless @url - raise("path not set") unless @path - raise("wp_content_dir not set") unless @wp_content_dir - raise("name not set") unless @name - raise("vulns_xml not set") unless @vulns_xml - - super(:wp_content_dir => @wp_content_dir, :url => @url, :path => @path) + options[:vulns_xml] = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml' + options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability" + @version = options[:version] + @style_url = options[:style_url] + super(options) end def version @@ -59,11 +48,6 @@ class WpTheme < WpItem nil end - def to_s - version = version() - "#{@name}#{' v' + version if version}" - end - def ===(wp_theme) wp_theme.name === @name and wp_theme.version === @version end @@ -105,5 +89,4 @@ class WpTheme < WpItem ) end end - end diff --git a/spec/lib/wpscan/wp_item_spec.rb b/spec/lib/wpscan/wp_item_spec.rb index 8b6d900e..8cc2b0a5 100644 --- a/spec/lib/wpscan/wp_item_spec.rb +++ b/spec/lib/wpscan/wp_item_spec.rb @@ -19,14 +19,12 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpPlugin do - before :all do - @browser = Browser.instance(:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json') - end - before :each do @instance = WpItem.new(:wp_content_dir => "wp-content", :url => "http://sub.example.com/path/to/wordpress/", - :path => "plugins/test/asdf.php") + :path => "plugins/test/asdf.php", + :vulns_xml => "XXX.xml" + ) end describe "#initialize" do @@ -76,9 +74,20 @@ describe WpPlugin do @instance.path = "plugins/test/" @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/" end + + it "should return the correct url (https)" do + @instance.url = "https://sub.example.com/path/to/wordpress/" + @instance.get_url_without_filename.to_s.should == "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/" + end + + it "should add the last slash if it's not present" do + @instance.path = "plugins/test-one" + @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/" + end end describe "#version" do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' } it "should return a version number" do stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1") @instance.version.should == "1.2.4.3.2.1" @@ -88,18 +97,38 @@ describe WpPlugin do stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: trunk") @instance.version.should be nil end + + it "should return nil if the version is invalid (IE : trunk etc)" do + stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, + :body => File.new(fixtures_dir + '/trunk-version.txt')) + @instance.version.should be_nil + end + + it "should return the version 0.4" do + stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, + :body => File.new(fixtures_dir + '/simple-login-lockdown-0.4.txt')) + + @instance.version.should === "0.4" + end end describe "#directory_listing?" do it "should return true" do - stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200, :body => "Index of asdf") + stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200, + :body => "Index of asdf") @instance.directory_listing?.should == true end it "should return false" do - stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200, :body => "My Wordpress Site") + stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200, + :body => "My Wordpress Site") @instance.directory_listing?.should == false end + + it "should return false on a 404" do + stub_request(:get, @instance.get_url_without_filename.to_s.to_s).to_return(:status => 404) + @instance.directory_listing?.should be_false + end end describe "#extract_name_from_url" do @@ -146,14 +175,18 @@ describe WpPlugin do it "should return false" do instance2 = WpItem.new(:wp_content_dir => "wp-content", :url => "http://sub.example.com/path/to/wordpress/", - :path => "plugins/newname/asdf.php") + :path => "plugins/newname/asdf.php", + :vulns_xml => "XXX.xml" + ) (@instance==instance2).should == false end it "should return true" do instance2 = WpItem.new(:wp_content_dir => "wp-content", :url => "http://sub.example.com/path/to/wordpress/", - :path => "plugins/test/asdf.php") + :path => "plugins/test/asdf.php", + :vulns_xml => "XXX.xml" + ) (@instance==instance2).should == true end end diff --git a/spec/lib/wpscan/wp_plugin_spec.rb b/spec/lib/wpscan/wp_plugin_spec.rb index 5fc829f2..565fe93a 100644 --- a/spec/lib/wpscan/wp_plugin_spec.rb +++ b/spec/lib/wpscan/wp_plugin_spec.rb @@ -19,252 +19,60 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpPlugin do - - before :all do - @browser = Browser.instance(:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json') - end - - describe "#location_uri_from_url" do - after :each do - if @url - uri = WpPlugin.location_uri_from_url(@url) - - uri.should be_a URI - uri.to_s.should === @expected_uri_string - end - end - - #it "should raise an error if the url is not valid" do - # expect { WpPlugin.location_uri_from_url("example.com") }.to raise_error - # expect { WpPlugin.location_uri_from_url("http://example.com/wp-includes/plugins/example/") }.to raise_error - #end - - it "should return the uri without the file" do - @url = "http://example.com/wp-content/plugins/example/readme.txt" - @expected_uri_string = "http://example.com/wp-content/plugins/example/" - end - - it "should return the uri without the file" do - @url = "https://sub.example.com/path/to/dir/wp-content/plugins/example/readme.txt" - @expected_uri_string = "https://sub.example.com/path/to/dir/wp-content/plugins/example/" - end - - it "should return the same uri" do - @url = "http://example.com/wp-content/plugins/hello-world/" - @expected_uri_string = @url - end - - # http://code.google.com/p/wpscan/issues/detail?id=146 - it "should not raise an error if the url uses https" do - @url = "https://example.com/folder1/folder2/wp-content/plugins/user-role-editor/index.php" - @expected_uri_string = "https://example.com/folder1/folder2/wp-content/plugins/user-role-editor/" - end - - it "should add the last slash if it's not present" do - @url = "http://example.com/wp-content/plugins/test-one" - @expected_uri_string = "#{@url}/" - end - end - - describe "#extract_name_from_location_url" do - it "should return 'example-plugin'" do - WpPlugin.extract_name_from_location_url('http://example.com/wp-content/plugins/example-plugin/').should === 'example-plugin' - end - - it "should return 'example-plugin'" do - WpPlugin.extract_name_from_location_url('https://sub.example.com/path/to/a/wp-content/plugins/example-plugin/').should === 'example-plugin' - end - end - - describe "#create_location_url_from_name" do - after :each do - WpPlugin.create_location_url_from_name(@plugin_name, @target_url).should === @expected_url - end - - it "should return 'http://example.com/$wp-plugins$/example/'" do - @plugin_name = "example" - @target_url = "http://example.com/" - @expected_url = "http://example.com/$wp-plugins$/example/" - end - - it "should return 'http://example.com/$wp-plugins$/example/' even if the last '/' is not in the target url" do - @plugin_name = "example" - @target_url = "http://example.com" - @expected_url = "http://example.com/$wp-plugins$/example/" - end - - it "should return http://example.com/$wp-plugins$/example-test/" do - @plugin_name = "example-test" - @target_url = "http://example.com" - @expected_url = "http://example.com/$wp-plugins$/example-test/" - end - - it "should return http://example.com/$wp-plugins$/something%20with%20spaces/" do - @plugin_name = "something with spaces" - @target_url = "http://example.com" - @expected_url = URI.escape("http://example.com/$wp-plugins$/something with spaces/") - end - end - - describe "#create_url_from_raw" do - it "should return http://example.com/$wp-plugins$/example-test/readme.txt" do - WpPlugin.create_url_from_raw("example-test/readme.txt", URI.parse("http://example.com")).should === "http://example.com/$wp-plugins$/example-test/readme.txt" - end - end - describe "#initialize" do - let(:location_url) { 'http://example.com/wp-content/plugins/example/' } - - it "should raise an exception" do - expect { WpPlugin.new('invalid location url') }.to raise_error + it "should not raise an exception" do + expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error end - it "should initialize the object (no options given), :name should be 'example'" do - options = WpOptions.get_empty_options - options[:url] = location_url - wp_plugin = WpPlugin.new(options) - wp_plugin.name.should === 'example' - wp_plugin.get_url.should === location_url + it "should raise an exception (url not set)" do + expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error end - it "should initialize the object (options[:name] = 'example')" do - options = WpOptions.get_empty_options - options[:url] = location_url - options[:name] = "example" - wp_plugin = WpPlugin.new(options) - wp_plugin.name.should === 'example' - wp_plugin.location_url.should === location_url + it "should raise an exception (path not set)" do + expect { WpPlugin.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error + end + + it "should raise an exception (wp_content_dir not set)" do + expect { WpPlugin.new(:url => "url", :path => "path", :name => "name") }.to raise_error + end + + it "should raise an exception (name not set)" do + expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error end end - # TODO - describe "operators : ==, ===, <=>" do - - end - - #TODO - describe "#location_url" do - - end - - describe "#version" do - let(:location_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/' } - let(:wp_plugin) { WpPlugin.new(location_url) } - let(:readme_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/readme.txt' } - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' } - - it "should return nil if the readme.txt does not exist" do - stub_request(:get, readme_url). - to_return(:status => 404) - - wp_plugin.version.should be_nil - end - - it "should return nil if the version is invalid (IE : trunk etc)" do - stub_request(:get, readme_url). - to_return(:status => 200, :body => File.new(fixtures_dir + '/trunk-version.txt')) - - wp_plugin.version.should be_nil - end - - it "should return the version 0.4" do - stub_request(:get, readme_url). - to_return(:status => 200, :body => File.new(fixtures_dir + '/simple-login-lockdown-0.4.txt')) - - wp_plugin.version.should === '0.4' + describe "#error_log_url" do + it "should return a correct url" do + temp = WpPlugin.new(:url => "http://wordpress.com", + :path => "plugins/test/asdf.php", + :wp_content_dir => "wp-content") + temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log" end end - describe "#to_s" do - after :each do - wp_plugin = WpPlugin.new(WpPlugin.create_location_url_from_name(@name, "http://example.localhost")) - wp_plugin.stub(:version => @version) - wp_plugin.to_s.should === @expected - end - - it "should not include the version if it's not detected" do - @name = "a-plugin" - @version = nil - @expected = "a-plugin" - end - - it "should show the version if it's detected" do - @name = "another-plugin" - @version = "3.2" - @expected = "another-plugin v3.2" - end - end - - describe "#vulnerabilities" do - let(:location_url) { 'http://example.localhost/wp-content/plugins/spec-plugin/' } - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' } - let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' } - let(:wp_plugin) { WpPlugin.new(location_url, :vulns_xml => vulns_xml) } - - - it "should return an empty array when no vulnerabilities are found" do - WpPlugin.new( - 'http://example.localhost/wp-content/plugins/no-vulns/', - :vulns_xml => vulns_xml - ).vulnerabilities.should be_empty - end - - it "should return an arry with 2 vulnerabilities" do - vulnerabilities = wp_plugin.vulnerabilities - - vulnerabilities.should_not be_empty - vulnerabilities.length.should == 2 - vulnerabilities.each { |vulnerability| vulnerability.should be_a WpVulnerability } - vulnerabilities[0].title.should === 'WPScan Spec' - vulnerabilities[1].title.should === 'Spec SQL Injection' - end - end - - describe "#error_log* (#error_log_url & #error_log?)" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/error_log' } - let(:location_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/' } - let(:error_log_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/error_log' } - let(:wp_plugin) { WpPlugin.new(location_url) } - - it "should return the url of the error log" do - wp_plugin.error_log_url.should === error_log_url - end - - it "should return false on a 404" do - stub_request(:get, error_log_url). - to_return(:status => 404) - - wp_plugin.error_log?.should be_false + describe "#error_log?" do + before :each do + @temp = WpPlugin.new(:url => "http://wordpress.com", + :path => "plugins/test/asdf.php", + :wp_content_dir => "wp-content") end it "should return true" do - stub_request(:get, error_log_url). - to_return(:status => 200, :body => File.new(fixtures_dir + '/error_log')) - - wp_plugin.error_log?.should be_true - end - end - - describe "#directory_listing?" do - let(:wp_plugin) { WpPlugin.new('http://example.localhost/wp-content/plugins/simple-login-lockdown/readme.txt') } - - it "should return false on a 404" do - stub_request(:get, wp_plugin.location_url).to_return(:status => 404) - - wp_plugin.directory_listing?.should be_false + stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 200, :body => "PHP Fatal error") + @temp.error_log?.should be true end - it "should return false on a blank page" do - stub_request(:get, wp_plugin.location_url).to_return(:status => 200, :body => '') - - wp_plugin.directory_listing?.should be_false + it "should return false" do + stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 500, :body => "Access denied") + @temp.error_log?.should be false end it "should return true" do - stub_request(:get, wp_plugin.location_url). - to_return(:status => 200, :body => "Index of simple-login-lockdown") + fixtures_dir = SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/error_log" + stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 200, + :body => File.new(fixtures_dir + '/error_log')) - wp_plugin.directory_listing?.should be_true + @temp.error_log?.should be true end end end diff --git a/spec/lib/wpscan/wp_theme_spec.rb b/spec/lib/wpscan/wp_theme_spec.rb index d7a994b5..989d0609 100644 --- a/spec/lib/wpscan/wp_theme_spec.rb +++ b/spec/lib/wpscan/wp_theme_spec.rb @@ -19,7 +19,6 @@ require File.expand_path(File.dirname(__FILE__) + "/wpscan_helper") describe WpTheme do - before :all do @target_uri = URI.parse("http://example.localhost/") @@ -29,21 +28,25 @@ describe WpTheme do ) end - describe "#to_s" do - it "should return the theme name and the version if there is one" do - wp_theme = WpTheme.new(:name => "bueno", :version => "1.2.3", :url => "", :path => "", :wp_content_dir => "") - - wp_theme.to_s.should === "bueno v1.2.3" + describe "#initialize" do + it "should not raise an exception" do + expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error end - it "should not add the version if there is not" do - style_url = @target_uri.merge("wp-content/themes/hello-world/style.css").to_s + it "should raise an exception (url not set)" do + expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error + end - stub_request(:get, style_url).to_return(:status => 200, :body => "") + it "should raise an exception (path not set)" do + expect { WpTheme.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error + end - wp_theme = WpTheme.new(:name => "hello-world", :style_url => style_url, :url => "", :path => "", :wp_content_dir => "") + it "should raise an exception (wp_content_dir not set)" do + expect { WpTheme.new(:url => "url", :path => "path", :name => "name") }.to raise_error + end - wp_theme.to_s.should === "hello-world" + it "should raise an exception (name not set)" do + expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error end end @@ -174,4 +177,69 @@ describe WpTheme do end end + describe "#===" do + it "should return false (name not equal)" do + instance = WpTheme.new(:wp_content_dir => "wp-content", + :url => "http://sub.example.com/path/to/wordpress/", + :path => "themes/name/asdf.php", + :vulns_xml => "XXX.xml", + :version => "1.0" + ) + instance2 = WpTheme.new(:wp_content_dir => "wp-content", + :url => "http://sub.example.com/path/to/wordpress/", + :path => "themes/newname/asdf.php", + :vulns_xml => "XXX.xml", + :version => "1.0" + ) + (instance===instance2).should == false + end + + it "should return false (version not equal)" do + instance = WpTheme.new(:wp_content_dir => "wp-content", + :url => "http://sub.example.com/path/to/wordpress/", + :path => "themes/name/asdf.php", + :vulns_xml => "XXX.xml", + :version => "1.0" + ) + instance2 = WpTheme.new(:wp_content_dir => "wp-content", + :url => "http://sub.example.com/path/to/wordpress/", + :path => "themes/name/asdf.php", + :vulns_xml => "XXX.xml", + :version => "2.0" + ) + (instance===instance2).should == false + end + + it "should return false (version and name not equal)" do + instance = WpTheme.new(:wp_content_dir => "wp-content", + :url => "http://sub.example.com/path/to/wordpress/", + :path => "themes/name/asdf.php", + :vulns_xml => "XXX.xml", + :version => "1.0" + ) + instance2 = WpTheme.new(:wp_content_dir => "wp-content", + :url => "http://sub.example.com/path/to/wordpress/", + :path => "themes/newname/asdf.php", + :vulns_xml => "XXX.xml", + :version => "2.0" + ) + (instance===instance2).should == false + end + + it "should return true" do + instance = WpTheme.new(:wp_content_dir => "wp-content", + :url => "http://sub.example.com/path/to/wordpress/", + :path => "themes/test/asdf.php", + :vulns_xml => "XXX.xml", + :version => "1.0" + ) + instance2 = WpTheme.new(:wp_content_dir => "wp-content", + :url => "http://sub.example.com/path/to/wordpress/", + :path => "themes/test/asdf.php", + :vulns_xml => "XXX.xml", + :version => "1.0" + ) + (instance===instance2).should == true + end + end end diff --git a/spec/lib/wpscan/wp_vulnerability_spec.rb b/spec/lib/wpscan/wp_vulnerability_spec.rb new file mode 100644 index 00000000..5d0c7ab2 --- /dev/null +++ b/spec/lib/wpscan/wp_vulnerability_spec.rb @@ -0,0 +1,26 @@ +# TODO + +describe "#vulnerabilities" do + let(:location_url) { 'http://example.localhost/wp-content/plugins/spec-plugin/' } + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' } + let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' } + let(:wp_plugin) { WpPlugin.new(location_url, :vulns_xml => vulns_xml) } + + + it "should return an empty array when no vulnerabilities are found" do + WpPlugin.new( + 'http://example.localhost/wp-content/plugins/no-vulns/', + :vulns_xml => vulns_xml + ).vulnerabilities.should be_empty + end + + it "should return an arry with 2 vulnerabilities" do + vulnerabilities = wp_plugin.vulnerabilities + + vulnerabilities.should_not be_empty + vulnerabilities.length.should == 2 + vulnerabilities.each { |vulnerability| vulnerability.should be_a WpVulnerability } + vulnerabilities[0].title.should === 'WPScan Spec' + vulnerabilities[1].title.should === 'Spec SQL Injection' + end +end \ No newline at end of file