rspec tests

2012-09-17 22:43:24 +02:00
parent 6f5a16d066
commit 18cb395b4d
15 changed files with 359 additions and 495 deletions
--- a/doc/CREDITS.html
+++ b/doc/CREDITS.html
@@ -156,7 +156,8 @@ should be in here, email ryandewhurst at gmail.</p>
 potential solutions to bugs. Callum Pember - Implemented proxy support -
 callumpember at gmail.com g0tmi1k - Additional timthumb checks + bug
 reports. Melvin Lammerts - Reported a couple of fake vulnerabilities -
-melvin at 12k.nl</p>
+melvin at 12k.nl Christian Mehlmauer - @<em>FireFart</em> - Theme
 enumeration</p>
  </div>
--- a/doc/WpItem.html
+++ b/doc/WpItem.html
@@ -65,7 +65,7 @@
        <h3 class="section-header">Methods</h3>
        <ul class="link-list">
-          <li><a href="#method-i-3C-3D-3E">#<=></a></li>
+          <li><a href="#method-c-new">::new</a></li>
          <li><a href="#method-i-3D-3D">#==</a></li>
@@ -83,8 +83,6 @@
          <li><a href="#method-i-has_readme-3F">#has_readme?</a></li>
          <li><a href="#method-i-location_uri_from_file_url">#location_uri_from_file_url</a></li>
          <li><a href="#method-i-readme_url">#readme_url</a></li>
          <li><a href="#method-i-to_s">#to_s</a></li>
@@ -227,6 +225,23 @@
        <h3 class="section-header">Attributes</h3>
        <div id="name-attribute-method" class="method-detail">
          <a name="name"></a>
          <a name="name="></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">name</span><span
              class="attribute-access-type">[RW]</span>
          </div>
          <div class="method-description">
          </div>
        </div>
        <div id="path-attribute-method" class="method-detail">
          <a name="path"></a>
@@ -258,6 +273,40 @@
          </div>
        </div>
        <div id="vulns_xml-attribute-method" class="method-detail">
          <a name="vulns_xml"></a>
          <a name="vulns_xml="></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">vulns_xml</span><span
              class="attribute-access-type">[RW]</span>
          </div>
          <div class="method-description">
          </div>
        </div>
        <div id="vulns_xpath-attribute-method" class="method-detail">
          <a name="vulns_xpath"></a>
          <a name="vulns_xpath="></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">vulns_xpath</span><span
              class="attribute-access-type">[RW]</span>
          </div>
          <div class="method-description">
          </div>
        </div>
@@ -283,17 +332,17 @@
      <!-- Methods -->
-      <div id="public-instance-method-details" class="method-section section">
+      <div id="public-class-method-details" class="method-section section">
-        <h3 class="section-header">Public Instance Methods</h3>
+        <h3 class="section-header">Public Class Methods</h3>
-        <div id="3C-3D-3E-method" class="method-detail ">
+        <div id="new-method" class="method-detail ">
-          <a name="method-i-3C-3D-3E"></a>
+          <a name="method-c-new"></a>
          <div class="method-heading">
-            <span class="method-name">&lt;=&gt;</span><span
+            <span class="method-name">new</span><span
-              class="method-args">(item)</span>
+              class="method-args">(options = {})</span>
            <span class="method-click-advice">click to toggle source</span>
          </div>
@@ -304,20 +353,37 @@
-            <div class="method-source-code" id="3C-3D-3E-source">
+            <div class="method-source-code" id="new-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 64</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 25</span>
-<span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">item</span>)
+<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
-  <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-ivar">@name</span>
+  <span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
  <span class="ruby-ivar">@url</span>            = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
  <span class="ruby-ivar">@path</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
  <span class="ruby-ivar">@name</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>
  <span class="ruby-ivar">@vulns_xml</span>      = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>]
  <span class="ruby-ivar">@vulns_xpath</span>    = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>]
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xml not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_xml</span>
 <span class="ruby-keyword">end</span></pre>
-            </div><!-- 3C-3D-3E-source -->
+            </div><!-- new-source -->
          </div>
-        </div><!-- 3C-3D-3E-method -->
+        </div><!-- new-method -->
      </div><!-- public-class-method-details -->
      <div id="public-instance-method-details" class="method-section section">
        <h3 class="section-header">Public Instance Methods</h3>
        <div id="3D-3D-method" class="method-detail ">
@@ -333,13 +399,13 @@
          <div class="method-description">
-            
+            <p><a href="Object.html">Object</a> comparer</p>
            <div class="method-source-code" id="3D-3D-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 60</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 87</span>
 <span class="ruby-keyword">def</span> <span class="ruby-operator">==</span>(<span class="ruby-identifier">item</span>)
  <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-ivar">@name</span>
 <span class="ruby-keyword">end</span></pre>
@@ -366,13 +432,13 @@
          <div class="method-description">
-            
+            <p>Url for changelog.txt</p>
            <div class="method-source-code" id="changelog_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 80</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 97</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">changelog_url</span>
  <span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;changelog.txt&quot;</span>)
 <span class="ruby-keyword">end</span></pre>
@@ -405,10 +471,10 @@
            <div class="method-source-code" id="directory_listing-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 46</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 70</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">directory_listing?</span>
  <span class="ruby-comment"># Need to remove to file part from the url</span>
-  <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">location_uri_from_file_url</span>(<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>)).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;title&gt;Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
+  <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url_without_filename</span>).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;title&gt;Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
 <span class="ruby-keyword">end</span></pre>
            </div><!-- directory_listing-3F-source -->
@@ -426,22 +492,22 @@
          <div class="method-heading">
            <span class="method-name">extract_name_from_url</span><span
-              class="method-args">(url)</span>
+              class="method-args">()</span>
            <span class="method-click-advice">click to toggle source</span>
          </div>
          <div class="method-description">
-            
+            <p>Extract item name from a url</p>
            <div class="method-source-code" id="extract_name_from_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 51</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 76</span>
-<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>(<span class="ruby-identifier">url</span>)
+<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>
-  <span class="ruby-identifier">url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
+  <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
 <span class="ruby-keyword">end</span></pre>
            </div><!-- extract_name_from_url-source -->
@@ -466,15 +532,20 @@
          <div class="method-description">
-            
+            <p>Get the full url for this item</p>
            <div class="method-source-code" id="get_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 23</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 41</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url</span>
-  <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{@url.to_s}#@wp_content_dir/#@path&quot;</span>)
+  <span class="ruby-identifier">url</span> = <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@url/&quot;</span>
  <span class="ruby-comment"># remove first and last /</span>
  <span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
  <span class="ruby-comment"># remove first /</span>
  <span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
  <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>)
 <span class="ruby-keyword">end</span></pre>
            </div><!-- get_url-source -->
@@ -499,21 +570,20 @@
          <div class="method-description">
-            
+            <p>Gets the full url for this item without filenames</p>
            <div class="method-source-code" id="get_url_without_filename-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 27</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 51</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url_without_filename</span>
-  <span class="ruby-identifier">matches</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">match</span>(<span class="ruby-regexp">%{^(.*/).*$}</span>)
+  <span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>
-  <span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">matches</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&lt;</span> <span class="ruby-value">2</span>
+  <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
-    <span class="ruby-identifier">dirname</span> = <span class="ruby-ivar">@path</span>
+  <span class="ruby-keyword">unless</span> <span class="ruby-identifier">valid_location_url</span>
-  <span class="ruby-keyword">else</span>
+    <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">location_url</span>)
    <span class="ruby-identifier">dirname</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
  <span class="ruby-keyword">end</span>
-  <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{@url.to_s}#@wp_content_dir/#{dirname}&quot;</span>)
+  <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">valid_location_url</span>)
 <span class="ruby-keyword">end</span></pre>
            </div><!-- get_url_without_filename-source -->
@@ -538,13 +608,13 @@
          <div class="method-description">
-            
+            <p>changelog.txt present?</p>
            <div class="method-source-code" id="has_changelog-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 92</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 111</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">has_changelog?</span>
  <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@changelog</span>
    <span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">changelog_url</span>).<span class="ruby-identifier">code</span>
@@ -575,13 +645,13 @@
          <div class="method-description">
-            
+            <p>readme.txt present?</p>
            <div class="method-source-code" id="has_readme-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 84</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 102</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
  <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@readme</span>
    <span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>).<span class="ruby-identifier">code</span>
@@ -599,43 +669,6 @@
        </div><!-- has_readme-3F-method -->
        <div id="location_uri_from_file_url-method" class="method-detail ">
          <a name="method-i-location_uri_from_file_url"></a>
          <div class="method-heading">
            <span class="method-name">location_uri_from_file_url</span><span
              class="method-args">(location_url)</span>
            <span class="method-click-advice">click to toggle source</span>
          </div>
          <div class="method-description">
            <div class="method-source-code" id="location_uri_from_file_url-source">
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 68</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">location_uri_from_file_url</span>(<span class="ruby-identifier">location_url</span>)
  <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
  <span class="ruby-keyword">unless</span> <span class="ruby-identifier">valid_location_url</span>
    <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">location_url</span>)
  <span class="ruby-keyword">end</span>
  <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">valid_location_url</span>)
 <span class="ruby-keyword">end</span></pre>
            </div><!-- location_uri_from_file_url-source -->
          </div>
        </div><!-- location_uri_from_file_url-method -->
        <div id="readme_url-method" class="method-detail ">
          <a name="method-i-readme_url"></a>
@@ -649,13 +682,13 @@
          <div class="method-description">
-            
+            <p>Url for readme.txt</p>
            <div class="method-source-code" id="readme_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 76</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 92</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
  <span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>)
 <span class="ruby-keyword">end</span></pre>
@@ -682,13 +715,13 @@
          <div class="method-description">
-            
+            <p>To string. Adds a version number if detected</p>
            <div class="method-source-code" id="to_s-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 55</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 81</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
  <span class="ruby-identifier">item_version</span> = <span class="ruby-identifier">version</span>
  <span class="ruby-node">&quot;#@name#{' v' + item_version.strip if item_version}&quot;</span>
@@ -716,13 +749,13 @@
          <div class="method-description">
-            
+            <p>Returns version number from readme.txt if it exists</p>
            <div class="method-source-code" id="version-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 37</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 61</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
  <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@version</span>
    <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)
--- a/doc/WpPlugin.html
+++ b/doc/WpPlugin.html
@@ -202,28 +202,6 @@
      <!-- Attributes -->
      <div id="attribute-method-details" class="method-section section">
        <h3 class="section-header">Attributes</h3>
        <div id="name-attribute-method" class="method-detail">
          <a name="name"></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">name</span><span
              class="attribute-access-type">[R]</span>
          </div>
          <div class="method-description">
          </div>
        </div>
      </div><!-- attribute-method-details -->
      <!-- Methods -->
@@ -250,21 +228,11 @@
            <div class="method-source-code" id="new-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 25</span>
+<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 20</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
-  <span class="ruby-ivar">@url</span>            = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>]   = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/plugin_vulns.xml'</span>
-  <span class="ruby-ivar">@path</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
+  <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">&quot;//plugin[@name='#@name']/vulnerability&quot;</span>
-  <span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
+  <span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
  <span class="ruby-ivar">@name</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>(<span class="ruby-identifier">get_url</span>)
  <span class="ruby-ivar">@vulns_xml</span>      = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/plugin_vulns.xml'</span>
  <span class="ruby-ivar">@vulns_xpath</span>    = <span class="ruby-node">&quot;//plugin[@name='#@name']/vulnerability&quot;</span>
  <span class="ruby-ivar">@version</span>        = <span class="ruby-keyword">nil</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xml not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_xml</span>
 <span class="ruby-keyword">end</span></pre>
            </div><!-- new-source -->
@@ -304,7 +272,7 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
            <div class="method-source-code" id="error_log-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 46</span>
+<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 31</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log?</span>
  <span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">error_log_url</span>(), <span class="ruby-value">:headers</span> =<span class="ruby-operator">&gt;</span> { <span class="ruby-string">&quot;range&quot;</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;bytes=0-700&quot;</span>}).<span class="ruby-identifier">body</span>
  <span class="ruby-identifier">response_body</span>[<span class="ruby-regexp">%{PHP Fatal error}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
@@ -338,7 +306,7 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
            <div class="method-source-code" id="error_log_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 51</span>
+<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 36</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log_url</span>
  <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
 <span class="ruby-keyword">end</span></pre>
--- a/doc/WpTheme.html
+++ b/doc/WpTheme.html
@@ -75,8 +75,6 @@
          <li><a href="#method-i-3D-3D-3D">#===</a></li>
          <li><a href="#method-i-to_s">#to_s</a></li>
        </ul>
      </div>
@@ -286,7 +284,7 @@
            <div class="method-source-code" id="find-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 53</span>
+<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 42</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>)
  <span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">/find_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
    <span class="ruby-identifier">theme</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">target_uri</span>)
@@ -326,21 +324,11 @@
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 25</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
-  <span class="ruby-ivar">@url</span>            = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>]   = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/wp_theme_vulns.xml'</span>
-  <span class="ruby-ivar">@name</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>(<span class="ruby-identifier">get_url</span>)
+  <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">&quot;//theme[@name='#{@name}']/vulnerability&quot;</span>
  <span class="ruby-ivar">@path</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
  <span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
  <span class="ruby-ivar">@vulns_xml</span>      = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/wp_theme_vulns.xml'</span>
  <span class="ruby-ivar">@vulns_xpath</span>    = <span class="ruby-node">&quot;//theme[@name='#{@name}']/vulnerability&quot;</span>
  <span class="ruby-ivar">@version</span>              = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version</span>]
  <span class="ruby-ivar">@style_url</span>            = <span class="ruby-identifier">options</span>[<span class="ruby-value">:style_url</span>]
-
+  <span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xml not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_xml</span>
 <span class="ruby-keyword">end</span></pre>
            </div><!-- new-source -->
@@ -377,7 +365,7 @@
            <div class="method-source-code" id="find_from_css_link-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 74</span>
+<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 58</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_css_link</span>(<span class="ruby-identifier">target_uri</span>)
  <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>)
@@ -423,7 +411,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
            <div class="method-source-code" id="find_from_wooframework-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 91</span>
+<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 75</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_wooframework</span>(<span class="ruby-identifier">target_uri</span>)
  <span class="ruby-identifier">body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
  <span class="ruby-identifier">regexp</span> = <span class="ruby-regexp">%{&lt;meta name=&quot;generator&quot; content=&quot;([^\s&quot;]+)\s?([^&quot;]+)?&quot; /&gt;\s+&lt;meta name=&quot;generator&quot; content=&quot;WooFramework\s?([^&quot;]+)?&quot; /&gt;}</span>
@@ -476,7 +464,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
            <div class="method-source-code" id="3D-3D-3D-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 67</span>
+<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 51</span>
 <span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">wp_theme</span>)
  <span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">version</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@version</span>
 <span class="ruby-keyword">end</span></pre>
@@ -490,40 +478,6 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
        </div><!-- 3D-3D-3D-method -->
        <div id="to_s-method" class="method-detail ">
          <a name="method-i-to_s"></a>
          <div class="method-heading">
            <span class="method-name">to_s</span><span
              class="method-args">()</span>
            <span class="method-click-advice">click to toggle source</span>
          </div>
          <div class="method-description">
            <div class="method-source-code" id="to_s-source">
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 62</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
  <span class="ruby-identifier">version</span> = <span class="ruby-identifier">version</span>()
  <span class="ruby-node">&quot;#{@name}#{' v' + version if version}&quot;</span>
 <span class="ruby-keyword">end</span></pre>
            </div><!-- to_s-source -->
          </div>
        </div><!-- to_s-method -->
      </div><!-- public-instance-method-details -->
    </div><!-- 5Buntitled-5D -->
--- a/doc/created.rid
+++ b/doc/created.rid
@@ -1,5 +1,5 @@
-Mon, 17 Sep 2012 19:45:07 +0200
+Mon, 17 Sep 2012 22:40:58 +0200
-./CREDITS	Thu, 13 Sep 2012 22:54:08 +0200
+./CREDITS	Mon, 17 Sep 2012 20:18:24 +0200
 ./lib/browser.rb	Sun, 16 Sep 2012 15:18:58 +0200
 ./lib/cache_file_store.rb	Sat, 15 Sep 2012 08:04:03 +0200
 ./lib/common_helper.rb	Sat, 15 Sep 2012 08:04:08 +0200
@@ -24,11 +24,11 @@ Mon, 17 Sep 2012 19:45:07 +0200
 ./lib/wpscan/vulnerable.rb	Sat, 15 Sep 2012 08:02:37 +0200
 ./lib/wpscan/wp_detector.rb	Mon, 17 Sep 2012 17:40:36 +0200
 ./lib/wpscan/wp_enumerator.rb	Mon, 17 Sep 2012 17:54:28 +0200
-./lib/wpscan/wp_item.rb	Mon, 17 Sep 2012 19:43:28 +0200
+./lib/wpscan/wp_item.rb	Mon, 17 Sep 2012 22:04:16 +0200
 ./lib/wpscan/wp_options.rb	Sun, 16 Sep 2012 23:02:21 +0200
-./lib/wpscan/wp_plugin.rb	Mon, 17 Sep 2012 19:43:42 +0200
+./lib/wpscan/wp_plugin.rb	Mon, 17 Sep 2012 22:03:47 +0200
 ./lib/wpscan/wp_target.rb	Sun, 16 Sep 2012 23:48:55 +0200
-./lib/wpscan/wp_theme.rb	Mon, 17 Sep 2012 19:43:53 +0200
+./lib/wpscan/wp_theme.rb	Mon, 17 Sep 2012 22:23:12 +0200
 ./lib/wpscan/wp_version.rb	Sun, 16 Sep 2012 23:48:18 +0200
 ./lib/wpscan/wp_vulnerability.rb	Sat, 15 Sep 2012 08:03:09 +0200
 ./lib/wpscan/wpscan_helper.rb	Sat, 15 Sep 2012 21:19:30 +0200
--- a/doc/index.html
+++ b/doc/index.html
@@ -163,27 +163,29 @@
      <li><a href="CacheFileStore.html#method-c-new">::new &mdash; CacheFileStore</a></li>
-      <li><a href="WpVulnerability.html#method-c-new">::new &mdash; WpVulnerability</a></li>
+      <li><a href="WpscanOptions.html#method-c-new">::new &mdash; WpscanOptions</a></li>
      <li><a href="WpVersion.html#method-c-new">::new &mdash; WpVersion</a></li>
-      <li><a href="WpTheme.html#method-c-new">::new &mdash; WpTheme</a></li>
+      <li><a href="WpVulnerability.html#method-c-new">::new &mdash; WpVulnerability</a></li>
-      <li><a href="WpscanOptions.html#method-c-new">::new &mdash; WpscanOptions</a></li>
+      <li><a href="WpItem.html#method-c-new">::new &mdash; WpItem</a></li>
      <li><a href="RpcClient.html#method-c-new">::new &mdash; RpcClient</a></li>
      <li><a href="Updater.html#method-c-new">::new &mdash; Updater</a></li>
-      <li><a href="Generate_List.html#method-c-new">::new &mdash; Generate_List</a></li>
+      <li><a href="Svn_Parser.html#method-c-new">::new &mdash; Svn_Parser</a></li>
      <li><a href="Exploit.html#method-c-new">::new &mdash; Exploit</a></li>
      <li><a href="WpPlugin.html#method-c-new">::new &mdash; WpPlugin</a></li>
      <li><a href="WpTheme.html#method-c-new">::new &mdash; WpTheme</a></li>
      <li><a href="WpTarget.html#method-c-new">::new &mdash; WpTarget</a></li>
-      <li><a href="Svn_Parser.html#method-c-new">::new &mdash; Svn_Parser</a></li>
+      <li><a href="Generate_List.html#method-c-new">::new &mdash; Generate_List</a></li>
      <li><a href="Exploit.html#method-c-new">::new &mdash; Exploit</a></li>
      <li><a href="WpscanOptions.html#method-c-option_to_instance_variable_setter">::option_to_instance_variable_setter &mdash; WpscanOptions</a></li>
@@ -195,8 +197,6 @@
      <li><a href="WpVersion.html#method-c-version_pattern">::version_pattern &mdash; WpVersion</a></li>
      <li><a href="WpItem.html#method-i-3C-3D-3E">#<=> &mdash; WpItem</a></li>
      <li><a href="WpItem.html#method-i-3D-3D">#== &mdash; WpItem</a></li>
      <li><a href="WpTheme.html#method-i-3D-3D-3D">#=== &mdash; WpTheme</a></li>
@@ -315,11 +315,11 @@
      <li><a href="Object.html#method-i-help">#help &mdash; Object</a></li>
-      <li><a href="Updater.html#method-i-is_installed-3F">#is_installed? &mdash; Updater</a></li>
+      <li><a href="SvnUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; SvnUpdater</a></li>
      <li><a href="GitUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; GitUpdater</a></li>
-      <li><a href="SvnUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; SvnUpdater</a></li>
+      <li><a href="Updater.html#method-i-is_installed-3F">#is_installed? &mdash; Updater</a></li>
      <li><a href="WebSite.html#method-i-is_online-3F">#is_online? &mdash; WebSite</a></li>
@@ -339,14 +339,12 @@
      <li><a href="Browser.html#method-i-load_config">#load_config &mdash; Browser</a></li>
      <li><a href="Updater.html#method-i-local_revision_number">#local_revision_number &mdash; Updater</a></li>
      <li><a href="SvnUpdater.html#method-i-local_revision_number">#local_revision_number &mdash; SvnUpdater</a></li>
      <li><a href="GitUpdater.html#method-i-local_revision_number">#local_revision_number &mdash; GitUpdater</a></li>
      <li><a href="Updater.html#method-i-local_revision_number">#local_revision_number &mdash; Updater</a></li>
      <li><a href="WpItem.html#method-i-location_uri_from_file_url">#location_uri_from_file_url &mdash; WpItem</a></li>
      <li><a href="RpcClient.html#method-i-login">#login &mdash; RpcClient</a></li>
      <li><a href="WpLoginProtection.html#method-i-login_protection_plugin">#login_protection_plugin &mdash; WpLoginProtection</a></li>
@@ -361,14 +359,14 @@
      <li><a href="Browser.html#method-i-merge_request_params">#merge_request_params &mdash; Browser</a></li>
      <li><a href="Exploit.html#method-i-meterpreter_read">#meterpreter_read &mdash; Exploit</a></li>
      <li><a href="RpcClient.html#method-i-meterpreter_read">#meterpreter_read &mdash; RpcClient</a></li>
-      <li><a href="Exploit.html#method-i-meterpreter_write">#meterpreter_write &mdash; Exploit</a></li>
+      <li><a href="Exploit.html#method-i-meterpreter_read">#meterpreter_read &mdash; Exploit</a></li>
      <li><a href="RpcClient.html#method-i-meterpreter_write">#meterpreter_write &mdash; RpcClient</a></li>
      <li><a href="Exploit.html#method-i-meterpreter_write">#meterpreter_write &mdash; Exploit</a></li>
      <li><a href="Svn_Parser.html#method-i-parse">#parse &mdash; Svn_Parser</a></li>
      <li><a href="WpPlugins.html#method-i-plugins_from_aggressive_detection">#plugins_from_aggressive_detection &mdash; WpPlugins</a></li>
@@ -427,8 +425,6 @@
      <li><a href="WpItem.html#method-i-to_s">#to_s &mdash; WpItem</a></li>
      <li><a href="WpTheme.html#method-i-to_s">#to_s &mdash; WpTheme</a></li>
      <li><a href="GitUpdater.html#method-i-update">#update &mdash; GitUpdater</a></li>
      <li><a href="Updater.html#method-i-update">#update &mdash; Updater</a></li>
@@ -447,10 +443,10 @@
      <li><a href="WpUsernames.html#method-i-usernames">#usernames &mdash; WpUsernames</a></li>
      <li><a href="WpItem.html#method-i-version">#version &mdash; WpItem</a></li>
      <li><a href="WpTarget.html#method-i-version">#version &mdash; WpTarget</a></li>
      <li><a href="WpItem.html#method-i-version">#version &mdash; WpItem</a></li>
      <li><a href="Vulnerable.html#method-i-vulnerabilities">#vulnerabilities &mdash; Vulnerable</a></li>
      <li><a href="WpscanOptions.html#method-i-wordlist-3D">#wordlist= &mdash; WpscanOptions</a></li>
--- a/doc/lib/wpscan/wp_plugin_rb.html
+++ b/doc/lib/wpscan/wp_plugin_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-17 19:43:42 +0200</dd>
+      <dd class="modified-date">2012-09-17 22:03:47 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/doc/lib/wpscan/wp_theme_rb.html
+++ b/doc/lib/wpscan/wp_theme_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-17 19:43:53 +0200</dd>
+      <dd class="modified-date">2012-09-17 22:23:12 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/lib/wpscan/wp_item.rb
+++ b/lib/wpscan/wp_item.rb
@@ -16,8 +16,10 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #++
 require "#{WPSCAN_LIB_DIR}/vulnerable"
 class WpItem < Vulnerable
-  attr_accessor :path, :url, :wp_content_dir, :name
+  attr_accessor :path, :url, :wp_content_dir, :name, :vulns_xml, :vulns_xpath
  @version = nil
  def initialize(options = {})
@@ -25,6 +27,14 @@ class WpItem < Vulnerable
    @url            = options[:url]
    @path           = options[:path]
    @name           = options[:name] || extract_name_from_url
    @vulns_xml      = options[:vulns_xml]
    @vulns_xpath    = options[:vulns_xpath]
    raise("url not set") unless @url
    raise("path not set") unless @path
    raise("wp_content_dir not set") unless @wp_content_dir
    raise("name not set") unless @name
    raise("vulns_xml not set") unless @vulns_xml
  end
  # Get the full url for this item
--- a/lib/wpscan/wp_plugin.rb
+++ b/lib/wpscan/wp_plugin.rb
@@ -16,27 +16,11 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #++
 require "#{WPSCAN_LIB_DIR}/vulnerable"
 class WpPlugin < WpItem
  attr_reader :name
  def initialize(options = {})
-    @url            = options[:url]
+    options[:vulns_xml]   = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml'
-    @path           = options[:path]
+    options[:vulns_xpath] = "//plugin[@name='#@name']/vulnerability"
-    @wp_content_dir = options[:wp_content_dir]
+    super(options)
    @vulns_xml      = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml'
    @vulns_xpath    = "//plugin[@name='#@name']/vulnerability"
    @version        = nil
    raise("url not set") unless @url
    raise("path not set") unless @path
    raise("wp_content_dir not set") unless @wp_content_dir
    raise("name not set") unless @name
    raise("vulns_xml not set") unless @vulns_xml
    super(:wp_content_dir => @wp_content_dir, :url => @url, :path => @path)
  end
  # Discover any error_log files created by WordPress
--- a/lib/wpscan/wp_theme.rb
+++ b/lib/wpscan/wp_theme.rb
@@ -23,22 +23,11 @@ class WpTheme < WpItem
  attr_reader :name, :style_url, :version
  def initialize(options = {})
-    @url            = options[:url]
+    options[:vulns_xml]   = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml'
-    @path           = options[:path]
+    options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability"
    @wp_content_dir = options[:wp_content_dir]
    @vulns_xml      = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml'
    @vulns_xpath    = "//theme[@name='#{@name}']/vulnerability"
    @version              = options[:version]
    @style_url            = options[:style_url]
-
+    super(options)
    raise("url not set") unless @url
    raise("path not set") unless @path
    raise("wp_content_dir not set") unless @wp_content_dir
    raise("name not set") unless @name
    raise("vulns_xml not set") unless @vulns_xml
    super(:wp_content_dir => @wp_content_dir, :url => @url, :path => @path)
  end
  def version
@@ -59,11 +48,6 @@ class WpTheme < WpItem
    nil
  end
  def to_s
    version = version()
    "#{@name}#{' v' + version if version}"
  end
  def ===(wp_theme)
    wp_theme.name === @name and wp_theme.version === @version
  end
@@ -105,5 +89,4 @@ class WpTheme < WpItem
      )
    end
  end
 end
--- a/spec/lib/wpscan/wp_item_spec.rb
+++ b/spec/lib/wpscan/wp_item_spec.rb
@@ -19,14 +19,12 @@
 require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
 describe WpPlugin do
  before :all do
    @browser = Browser.instance(:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json')
  end
  before :each do
    @instance = WpItem.new(:wp_content_dir  => "wp-content",
                           :url             => "http://sub.example.com/path/to/wordpress/",
-                           :path            => "plugins/test/asdf.php")
+                           :path            => "plugins/test/asdf.php",
                           :vulns_xml       => "XXX.xml"
    )
  end
  describe "#initialize" do
@@ -76,9 +74,20 @@ describe WpPlugin do
      @instance.path = "plugins/test/"
      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
    end
    it "should return the correct url (https)" do
      @instance.url = "https://sub.example.com/path/to/wordpress/"
      @instance.get_url_without_filename.to_s.should == "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
    end
    it "should add the last slash if it's not present" do
      @instance.path = "plugins/test-one"
      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/"
    end
  end
  describe "#version" do
    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' }
    it "should return a version number" do
      stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1")
      @instance.version.should == "1.2.4.3.2.1"
@@ -88,18 +97,38 @@ describe WpPlugin do
      stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: trunk")
      @instance.version.should be nil
    end
    it "should return nil if the version is invalid (IE : trunk etc)" do
      stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200,
                                                              :body => File.new(fixtures_dir + '/trunk-version.txt'))
      @instance.version.should be_nil
    end
    it "should return the version 0.4" do
      stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200,
                                                              :body => File.new(fixtures_dir + '/simple-login-lockdown-0.4.txt'))
      @instance.version.should === "0.4"
    end
  end
  describe "#directory_listing?" do
    it "should return true" do
-      stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200, :body => "<html><head><title>Index of asdf</title></head></html>")
+      stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200,
                                                                            :body => "<html><head><title>Index of asdf</title></head></html>")
      @instance.directory_listing?.should == true
    end
    it "should return false" do
-      stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200, :body => "<html><head><title>My Wordpress Site</title></head></html>")
+      stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200,
                                                                            :body => "<html><head><title>My Wordpress Site</title></head></html>")
      @instance.directory_listing?.should == false
    end
    it "should return false on a 404" do
      stub_request(:get, @instance.get_url_without_filename.to_s.to_s).to_return(:status => 404)
      @instance.directory_listing?.should be_false
    end
  end
  describe "#extract_name_from_url" do
@@ -146,14 +175,18 @@ describe WpPlugin do
    it "should return false" do
      instance2 = WpItem.new(:wp_content_dir  => "wp-content",
                             :url             => "http://sub.example.com/path/to/wordpress/",
-                             :path            => "plugins/newname/asdf.php")
+                             :path            => "plugins/newname/asdf.php",
                             :vulns_xml       => "XXX.xml"
      )
      (@instance==instance2).should == false
    end
    it "should return true" do
      instance2 = WpItem.new(:wp_content_dir  => "wp-content",
                             :url             => "http://sub.example.com/path/to/wordpress/",
-                             :path            => "plugins/test/asdf.php")
+                             :path            => "plugins/test/asdf.php",
                             :vulns_xml       => "XXX.xml"
      )
      (@instance==instance2).should == true
    end
  end
--- a/spec/lib/wpscan/wp_plugin_spec.rb
+++ b/spec/lib/wpscan/wp_plugin_spec.rb
@@ -19,252 +19,60 @@
 require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
 describe WpPlugin do
  before :all do
    @browser = Browser.instance(:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json')
  end
  describe "#location_uri_from_url" do
    after :each do
      if @url
        uri = WpPlugin.location_uri_from_url(@url)
        uri.should be_a URI
        uri.to_s.should === @expected_uri_string
      end
    end
    #it "should raise an error if the url is not valid" do
    #  expect { WpPlugin.location_uri_from_url("example.com") }.to raise_error
    #  expect { WpPlugin.location_uri_from_url("http://example.com/wp-includes/plugins/example/") }.to raise_error
    #end
    it "should return the uri without the file" do
      @url                 = "http://example.com/wp-content/plugins/example/readme.txt"
      @expected_uri_string = "http://example.com/wp-content/plugins/example/"
    end
    it "should return the uri without the file" do
      @url                 = "https://sub.example.com/path/to/dir/wp-content/plugins/example/readme.txt"
      @expected_uri_string = "https://sub.example.com/path/to/dir/wp-content/plugins/example/"
    end
    it "should return the same uri" do
      @url                 = "http://example.com/wp-content/plugins/hello-world/"
      @expected_uri_string = @url
    end
    # http://code.google.com/p/wpscan/issues/detail?id=146
    it "should not raise an error if the url uses https" do
      @url                 = "https://example.com/folder1/folder2/wp-content/plugins/user-role-editor/index.php"
      @expected_uri_string = "https://example.com/folder1/folder2/wp-content/plugins/user-role-editor/"
    end
    it "should add the last slash if it's not present" do
      @url                 = "http://example.com/wp-content/plugins/test-one"
      @expected_uri_string = "#{@url}/"
    end
  end
  describe "#extract_name_from_location_url" do
    it "should return 'example-plugin'" do
      WpPlugin.extract_name_from_location_url('http://example.com/wp-content/plugins/example-plugin/').should === 'example-plugin'
    end
    it "should return 'example-plugin'" do
      WpPlugin.extract_name_from_location_url('https://sub.example.com/path/to/a/wp-content/plugins/example-plugin/').should === 'example-plugin'
    end
  end
  describe "#create_location_url_from_name" do
    after :each do
      WpPlugin.create_location_url_from_name(@plugin_name, @target_url).should === @expected_url
    end
    it "should return 'http://example.com/$wp-plugins$/example/'" do
      @plugin_name  = "example"
      @target_url   = "http://example.com/"
      @expected_url = "http://example.com/$wp-plugins$/example/"
    end
    it "should return 'http://example.com/$wp-plugins$/example/' even if the last '/' is not in the target url" do
      @plugin_name  = "example"
      @target_url   = "http://example.com"
      @expected_url = "http://example.com/$wp-plugins$/example/"
    end
    it "should return http://example.com/$wp-plugins$/example-test/" do
      @plugin_name  = "example-test"
      @target_url   = "http://example.com"
      @expected_url = "http://example.com/$wp-plugins$/example-test/"
    end
    it "should return http://example.com/$wp-plugins$/something%20with%20spaces/" do
      @plugin_name  = "something with spaces"
      @target_url   = "http://example.com"
      @expected_url = URI.escape("http://example.com/$wp-plugins$/something with spaces/")
    end
  end
  describe "#create_url_from_raw" do
    it "should return http://example.com/$wp-plugins$/example-test/readme.txt" do
      WpPlugin.create_url_from_raw("example-test/readme.txt", URI.parse("http://example.com")).should === "http://example.com/$wp-plugins$/example-test/readme.txt"
    end
  end
  describe "#initialize" do
-    let(:location_url) { 'http://example.com/wp-content/plugins/example/' }
+    it "should not raise an exception" do
-
+      expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
    it "should raise an exception" do
      expect { WpPlugin.new('invalid location url') }.to raise_error
    end
-    it "should initialize the object (no options given), :name should be 'example'" do
+    it "should raise an exception (url not set)" do
-      options = WpOptions.get_empty_options
+      expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
      options[:url] = location_url
      wp_plugin = WpPlugin.new(options)
      wp_plugin.name.should === 'example'
      wp_plugin.get_url.should === location_url
    end
-    it "should initialize the object (options[:name] = 'example')" do
+    it "should raise an exception (path not set)" do
-      options = WpOptions.get_empty_options
+      expect { WpPlugin.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
-      options[:url] = location_url
+    end
-      options[:name] = "example"
+
-      wp_plugin = WpPlugin.new(options)
+    it "should raise an exception (wp_content_dir not set)" do
-      wp_plugin.name.should === 'example'
+      expect { WpPlugin.new(:url => "url", :path => "path", :name => "name") }.to raise_error
-      wp_plugin.location_url.should === location_url
+    end
    it "should raise an exception (name not set)" do
      expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
    end
  end
-  # TODO
+  describe "#error_log_url" do
-  describe "operators : ==, ===, <=>" do
+    it "should return a correct url" do
-
+      temp = WpPlugin.new(:url            => "http://wordpress.com",
-  end
+                          :path           => "plugins/test/asdf.php",
-
+                          :wp_content_dir => "wp-content")
-  #TODO
+      temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log"
  describe "#location_url" do
  end
  describe "#version" do
    let(:location_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/' }
    let(:wp_plugin) { WpPlugin.new(location_url) }
    let(:readme_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/readme.txt' }
    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' }
    it "should return nil if the readme.txt does not exist" do
      stub_request(:get, readme_url).
        to_return(:status => 404)
      wp_plugin.version.should be_nil
    end
    it "should return nil if the version is invalid (IE : trunk etc)" do
      stub_request(:get, readme_url).
        to_return(:status => 200, :body => File.new(fixtures_dir + '/trunk-version.txt'))
      wp_plugin.version.should be_nil
    end
    it "should return the version 0.4" do
      stub_request(:get, readme_url).
        to_return(:status => 200, :body => File.new(fixtures_dir + '/simple-login-lockdown-0.4.txt'))
      wp_plugin.version.should === '0.4'
    end
  end
-  describe "#to_s" do
+  describe "#error_log?" do
-    after :each do
+    before :each do
-      wp_plugin = WpPlugin.new(WpPlugin.create_location_url_from_name(@name, "http://example.localhost"))
+      @temp = WpPlugin.new(:url           => "http://wordpress.com",
-      wp_plugin.stub(:version => @version)
+                          :path           => "plugins/test/asdf.php",
-      wp_plugin.to_s.should === @expected
+                          :wp_content_dir => "wp-content")
    end
    it "should not include the version if it's not detected" do
      @name = "a-plugin"
      @version = nil
      @expected = "a-plugin"
    end
    it "should show the version if it's detected" do
      @name = "another-plugin"
      @version = "3.2"
      @expected = "another-plugin v3.2"
    end
  end
  describe "#vulnerabilities" do
    let(:location_url) { 'http://example.localhost/wp-content/plugins/spec-plugin/' }
    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' }
    let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' }
    let(:wp_plugin) { WpPlugin.new(location_url, :vulns_xml => vulns_xml) }
    it "should return an empty array when no vulnerabilities are found" do
      WpPlugin.new(
        'http://example.localhost/wp-content/plugins/no-vulns/',
        :vulns_xml => vulns_xml
      ).vulnerabilities.should be_empty
    end
    it "should return an arry with 2 vulnerabilities" do
      vulnerabilities = wp_plugin.vulnerabilities
      vulnerabilities.should_not be_empty
      vulnerabilities.length.should == 2
      vulnerabilities.each { |vulnerability| vulnerability.should be_a WpVulnerability }
      vulnerabilities[0].title.should === 'WPScan Spec'
      vulnerabilities[1].title.should === 'Spec SQL Injection'
    end
  end
  describe "#error_log* (#error_log_url & #error_log?)" do
    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/error_log' }
    let(:location_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/' }
    let(:error_log_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/error_log' }
    let(:wp_plugin) { WpPlugin.new(location_url) }
    it "should return the url of the error log" do
      wp_plugin.error_log_url.should === error_log_url
    end
    it "should return false on a 404" do
      stub_request(:get, error_log_url).
        to_return(:status => 404)
      wp_plugin.error_log?.should be_false
    end
    it "should return true" do
-      stub_request(:get, error_log_url).
+      stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 200, :body => "PHP Fatal error")
-        to_return(:status => 200, :body => File.new(fixtures_dir + '/error_log'))
+      @temp.error_log?.should be true
      wp_plugin.error_log?.should be_true
    end
    end
-  describe "#directory_listing?" do
+    it "should return false" do
-    let(:wp_plugin) { WpPlugin.new('http://example.localhost/wp-content/plugins/simple-login-lockdown/readme.txt') }
+      stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 500, :body => "Access denied")
-
+      @temp.error_log?.should be false
    it "should return false on a 404" do
      stub_request(:get, wp_plugin.location_url).to_return(:status => 404)
      wp_plugin.directory_listing?.should be_false
    end
    it "should return false on a blank page" do
      stub_request(:get, wp_plugin.location_url).to_return(:status => 200, :body => '')
      wp_plugin.directory_listing?.should be_false
    end
    it "should return true" do
-      stub_request(:get, wp_plugin.location_url).
+      fixtures_dir = SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/error_log"
-        to_return(:status => 200, :body => "<title>Index of simple-login-lockdown</title>")
+      stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 200,
                                                             :body => File.new(fixtures_dir + '/error_log'))
-      wp_plugin.directory_listing?.should be_true
+      @temp.error_log?.should be true
    end
  end
 end
--- a/spec/lib/wpscan/wp_theme_spec.rb
+++ b/spec/lib/wpscan/wp_theme_spec.rb
@@ -19,7 +19,6 @@
 require File.expand_path(File.dirname(__FILE__) + "/wpscan_helper")
 describe WpTheme do
  before :all do
    @target_uri = URI.parse("http://example.localhost/")
@@ -29,21 +28,25 @@ describe WpTheme do
    )
  end
-  describe "#to_s" do
+  describe "#initialize" do
-    it "should return the theme name and the version if there is one" do
+    it "should not raise an exception" do
-      wp_theme = WpTheme.new(:name => "bueno", :version => "1.2.3", :url => "", :path => "", :wp_content_dir => "")
+      expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
      wp_theme.to_s.should === "bueno v1.2.3"
    end
-    it "should not add the version if there is not" do
+    it "should raise an exception (url not set)" do
-      style_url = @target_uri.merge("wp-content/themes/hello-world/style.css").to_s
+      expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
    end
-      stub_request(:get, style_url).to_return(:status => 200, :body => "")
+    it "should raise an exception (path not set)" do
      expect { WpTheme.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
    end
-      wp_theme = WpTheme.new(:name => "hello-world", :style_url => style_url, :url => "", :path => "", :wp_content_dir => "")
+    it "should raise an exception (wp_content_dir not set)" do
      expect { WpTheme.new(:url => "url", :path => "path", :name => "name") }.to raise_error
    end
-      wp_theme.to_s.should === "hello-world"
+    it "should raise an exception (name not set)" do
      expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
    end
  end
@@ -174,4 +177,69 @@ describe WpTheme do
    end
  end
  describe "#===" do
    it "should return false (name not equal)" do
      instance = WpTheme.new(:wp_content_dir  => "wp-content",
                             :url             => "http://sub.example.com/path/to/wordpress/",
                             :path            => "themes/name/asdf.php",
                             :vulns_xml       => "XXX.xml",
                             :version         => "1.0"
      )
      instance2 = WpTheme.new(:wp_content_dir  => "wp-content",
                              :url             => "http://sub.example.com/path/to/wordpress/",
                              :path            => "themes/newname/asdf.php",
                              :vulns_xml       => "XXX.xml",
                              :version         => "1.0"
      )
      (instance===instance2).should == false
    end
    it "should return false (version not equal)" do
      instance = WpTheme.new(:wp_content_dir  => "wp-content",
                             :url             => "http://sub.example.com/path/to/wordpress/",
                             :path            => "themes/name/asdf.php",
                             :vulns_xml       => "XXX.xml",
                             :version         => "1.0"
      )
      instance2 = WpTheme.new(:wp_content_dir  => "wp-content",
                              :url             => "http://sub.example.com/path/to/wordpress/",
                              :path            => "themes/name/asdf.php",
                              :vulns_xml       => "XXX.xml",
                              :version         => "2.0"
      )
      (instance===instance2).should == false
    end
    it "should return false (version and name not equal)" do
      instance = WpTheme.new(:wp_content_dir  => "wp-content",
                             :url             => "http://sub.example.com/path/to/wordpress/",
                             :path            => "themes/name/asdf.php",
                             :vulns_xml       => "XXX.xml",
                             :version         => "1.0"
      )
      instance2 = WpTheme.new(:wp_content_dir  => "wp-content",
                              :url             => "http://sub.example.com/path/to/wordpress/",
                              :path            => "themes/newname/asdf.php",
                              :vulns_xml       => "XXX.xml",
                              :version         => "2.0"
      )
      (instance===instance2).should == false
    end
    it "should return true" do
      instance = WpTheme.new(:wp_content_dir  => "wp-content",
                             :url             => "http://sub.example.com/path/to/wordpress/",
                             :path            => "themes/test/asdf.php",
                             :vulns_xml       => "XXX.xml",
                             :version         => "1.0"
      )
      instance2 = WpTheme.new(:wp_content_dir  => "wp-content",
                              :url             => "http://sub.example.com/path/to/wordpress/",
                              :path            => "themes/test/asdf.php",
                              :vulns_xml       => "XXX.xml",
                              :version         => "1.0"
      )
      (instance===instance2).should == true
    end
  end
 end
--- a/spec/lib/wpscan/wp_vulnerability_spec.rb
+++ b/spec/lib/wpscan/wp_vulnerability_spec.rb
@@ -0,0 +1,26 @@
 # TODO
 describe "#vulnerabilities" do
  let(:location_url) { 'http://example.localhost/wp-content/plugins/spec-plugin/' }
  let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' }
  let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' }
  let(:wp_plugin) { WpPlugin.new(location_url, :vulns_xml => vulns_xml) }
  it "should return an empty array when no vulnerabilities are found" do
    WpPlugin.new(
        'http://example.localhost/wp-content/plugins/no-vulns/',
        :vulns_xml => vulns_xml
    ).vulnerabilities.should be_empty
  end
  it "should return an arry with 2 vulnerabilities" do
    vulnerabilities = wp_plugin.vulnerabilities
    vulnerabilities.should_not be_empty
    vulnerabilities.length.should == 2
    vulnerabilities.each { |vulnerability| vulnerability.should be_a WpVulnerability }
    vulnerabilities[0].title.should === 'WPScan Spec'
    vulnerabilities[1].title.should === 'Spec SQL Injection'
  end
 end