rspec tests

doc/CREDITS.html

@@ -156,7 +156,8 @@ should be in here, email ryandewhurst at gmail.</p>
 potential solutions to bugs. Callum Pember - Implemented proxy support -
 callumpember at gmail.com g0tmi1k - Additional timthumb checks + bug
 reports. Melvin Lammerts - Reported a couple of fake vulnerabilities -
-melvin at 12k.nl</p>
+melvin at 12k.nl Christian Mehlmauer - @<em>FireFart</em> - Theme
+enumeration</p>
 
   </div>
 

doc/WpItem.html

@@ -65,7 +65,7 @@
         <h3 class="section-header">Methods</h3>
         <ul class="link-list">
           
-          <li><a href="#method-i-3C-3D-3E">#<=></a></li>
+          <li><a href="#method-c-new">::new</a></li>
           
           <li><a href="#method-i-3D-3D">#==</a></li>
           
@@ -83,8 +83,6 @@
           
           <li><a href="#method-i-has_readme-3F">#has_readme?</a></li>
           
-          <li><a href="#method-i-location_uri_from_file_url">#location_uri_from_file_url</a></li>
-          
           <li><a href="#method-i-readme_url">#readme_url</a></li>
           
           <li><a href="#method-i-to_s">#to_s</a></li>
@@ -227,6 +225,23 @@
         <h3 class="section-header">Attributes</h3>
 
         
+        <div id="name-attribute-method" class="method-detail">
+          <a name="name"></a>
+          
+          <a name="name="></a>
+          
+          <div class="method-heading attribute-method-heading">
+            <span class="method-name">name</span><span
+              class="attribute-access-type">[RW]</span>
+          </div>
+
+          <div class="method-description">
+          
+          
+          
+          </div>
+        </div>
+        
         <div id="path-attribute-method" class="method-detail">
           <a name="path"></a>
           
@@ -258,6 +273,40 @@
           
           
           
+          </div>
+        </div>
+        
+        <div id="vulns_xml-attribute-method" class="method-detail">
+          <a name="vulns_xml"></a>
+          
+          <a name="vulns_xml="></a>
+          
+          <div class="method-heading attribute-method-heading">
+            <span class="method-name">vulns_xml</span><span
+              class="attribute-access-type">[RW]</span>
+          </div>
+
+          <div class="method-description">
+          
+          
+          
+          </div>
+        </div>
+        
+        <div id="vulns_xpath-attribute-method" class="method-detail">
+          <a name="vulns_xpath"></a>
+          
+          <a name="vulns_xpath="></a>
+          
+          <div class="method-heading attribute-method-heading">
+            <span class="method-name">vulns_xpath</span><span
+              class="attribute-access-type">[RW]</span>
+          </div>
+
+          <div class="method-description">
+          
+          
+          
           </div>
         </div>
         
@@ -283,17 +332,17 @@
 
       <!-- Methods -->
       
-      <div id="public-instance-method-details" class="method-section section">
+      <div id="public-class-method-details" class="method-section section">
-        <h3 class="section-header">Public Instance Methods</h3>
+        <h3 class="section-header">Public Class Methods</h3>
 
       
-        <div id="3C-3D-3E-method" class="method-detail ">
+        <div id="new-method" class="method-detail ">
-          <a name="method-i-3C-3D-3E"></a>
+          <a name="method-c-new"></a>
 
           
           <div class="method-heading">
-            <span class="method-name">&lt;=&gt;</span><span
+            <span class="method-name">new</span><span
-              class="method-args">(item)</span>
+              class="method-args">(options = {})</span>
             <span class="method-click-advice">click to toggle source</span>
           </div>
           
@@ -304,20 +353,37 @@
             
 
             
-            <div class="method-source-code" id="3C-3D-3E-source">
+            <div class="method-source-code" id="new-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 64</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 25</span>
-<span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">item</span>)
+<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
-  <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-ivar">@name</span>
+  <span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
+  <span class="ruby-ivar">@url</span>            = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-ivar">@path</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
+  <span class="ruby-ivar">@name</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>
+  <span class="ruby-ivar">@vulns_xml</span>      = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>]
+  <span class="ruby-ivar">@vulns_xpath</span>    = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>]
+
+  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
+  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
+  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
+  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
+  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xml not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_xml</span>
 <span class="ruby-keyword">end</span></pre>
-            </div><!-- 3C-3D-3E-source -->
+            </div><!-- new-source -->
             
           </div>
 
           
 
           
-        </div><!-- 3C-3D-3E-method -->
+        </div><!-- new-method -->
+
+      
+      </div><!-- public-class-method-details -->
+    
+      <div id="public-instance-method-details" class="method-section section">
+        <h3 class="section-header">Public Instance Methods</h3>
 
       
         <div id="3D-3D-method" class="method-detail ">
@@ -333,13 +399,13 @@
 
           <div class="method-description">
             
-            
+            <p><a href="Object.html">Object</a> comparer</p>
             
 
             
             <div class="method-source-code" id="3D-3D-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 60</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 87</span>
 <span class="ruby-keyword">def</span> <span class="ruby-operator">==</span>(<span class="ruby-identifier">item</span>)
   <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-ivar">@name</span>
 <span class="ruby-keyword">end</span></pre>
@@ -366,13 +432,13 @@
 
           <div class="method-description">
             
-            
+            <p>Url for changelog.txt</p>
             
 
             
             <div class="method-source-code" id="changelog_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 80</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 97</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">changelog_url</span>
   <span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;changelog.txt&quot;</span>)
 <span class="ruby-keyword">end</span></pre>
@@ -405,10 +471,10 @@
             
             <div class="method-source-code" id="directory_listing-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 46</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 70</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">directory_listing?</span>
   <span class="ruby-comment"># Need to remove to file part from the url</span>
-  <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">location_uri_from_file_url</span>(<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>)).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;title&gt;Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
+  <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url_without_filename</span>).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;title&gt;Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
 <span class="ruby-keyword">end</span></pre>
             </div><!-- directory_listing-3F-source -->
             
@@ -426,22 +492,22 @@
           
           <div class="method-heading">
             <span class="method-name">extract_name_from_url</span><span
-              class="method-args">(url)</span>
+              class="method-args">()</span>
             <span class="method-click-advice">click to toggle source</span>
           </div>
           
 
           <div class="method-description">
             
-            
+            <p>Extract item name from a url</p>
             
 
             
             <div class="method-source-code" id="extract_name_from_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 51</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 76</span>
-<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>(<span class="ruby-identifier">url</span>)
+<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>
-  <span class="ruby-identifier">url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
+  <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
 <span class="ruby-keyword">end</span></pre>
             </div><!-- extract_name_from_url-source -->
             
@@ -466,15 +532,20 @@
 
           <div class="method-description">
             
-            
+            <p>Get the full url for this item</p>
             
 
             
             <div class="method-source-code" id="get_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 23</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 41</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url</span>
-  <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{@url.to_s}#@wp_content_dir/#@path&quot;</span>)
+  <span class="ruby-identifier">url</span> = <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@url/&quot;</span>
+  <span class="ruby-comment"># remove first and last /</span>
+  <span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
+  <span class="ruby-comment"># remove first /</span>
+  <span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
+  <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>)
 <span class="ruby-keyword">end</span></pre>
             </div><!-- get_url-source -->
             
@@ -499,21 +570,20 @@
 
           <div class="method-description">
             
-            
+            <p>Gets the full url for this item without filenames</p>
             
 
             
             <div class="method-source-code" id="get_url_without_filename-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 27</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 51</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url_without_filename</span>
-  <span class="ruby-identifier">matches</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">match</span>(<span class="ruby-regexp">%{^(.*/).*$}</span>)
+  <span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>
-  <span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">matches</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&lt;</span> <span class="ruby-value">2</span>
+  <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
-    <span class="ruby-identifier">dirname</span> = <span class="ruby-ivar">@path</span>
+  <span class="ruby-keyword">unless</span> <span class="ruby-identifier">valid_location_url</span>
-  <span class="ruby-keyword">else</span>
+    <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">location_url</span>)
-    <span class="ruby-identifier">dirname</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
   <span class="ruby-keyword">end</span>
-  <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{@url.to_s}#@wp_content_dir/#{dirname}&quot;</span>)
+  <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">valid_location_url</span>)
 <span class="ruby-keyword">end</span></pre>
             </div><!-- get_url_without_filename-source -->
             
@@ -538,13 +608,13 @@
 
           <div class="method-description">
             
-            
+            <p>changelog.txt present?</p>
             
 
             
             <div class="method-source-code" id="has_changelog-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 92</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 111</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">has_changelog?</span>
   <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@changelog</span>
     <span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">changelog_url</span>).<span class="ruby-identifier">code</span>
@@ -575,13 +645,13 @@
 
           <div class="method-description">
             
-            
+            <p>readme.txt present?</p>
             
 
             
             <div class="method-source-code" id="has_readme-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 84</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 102</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
   <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@readme</span>
     <span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>).<span class="ruby-identifier">code</span>
@@ -599,43 +669,6 @@
         </div><!-- has_readme-3F-method -->
 
       
-        <div id="location_uri_from_file_url-method" class="method-detail ">
-          <a name="method-i-location_uri_from_file_url"></a>
-
-          
-          <div class="method-heading">
-            <span class="method-name">location_uri_from_file_url</span><span
-              class="method-args">(location_url)</span>
-            <span class="method-click-advice">click to toggle source</span>
-          </div>
-          
-
-          <div class="method-description">
-            
-            
-            
-
-            
-            <div class="method-source-code" id="location_uri_from_file_url-source">
-<pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 68</span>
-<span class="ruby-keyword">def</span> <span class="ruby-identifier">location_uri_from_file_url</span>(<span class="ruby-identifier">location_url</span>)
-  <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
-  <span class="ruby-keyword">unless</span> <span class="ruby-identifier">valid_location_url</span>
-    <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">location_url</span>)
-  <span class="ruby-keyword">end</span>
-  <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">valid_location_url</span>)
-<span class="ruby-keyword">end</span></pre>
-            </div><!-- location_uri_from_file_url-source -->
-            
-          </div>
-
-          
-
-          
-        </div><!-- location_uri_from_file_url-method -->
-
-      
         <div id="readme_url-method" class="method-detail ">
           <a name="method-i-readme_url"></a>
 
@@ -649,13 +682,13 @@
 
           <div class="method-description">
             
-            
+            <p>Url for readme.txt</p>
             
 
             
             <div class="method-source-code" id="readme_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 76</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 92</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
   <span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>)
 <span class="ruby-keyword">end</span></pre>
@@ -682,13 +715,13 @@
 
           <div class="method-description">
             
-            
+            <p>To string. Adds a version number if detected</p>
             
 
             
             <div class="method-source-code" id="to_s-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 55</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 81</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
   <span class="ruby-identifier">item_version</span> = <span class="ruby-identifier">version</span>
   <span class="ruby-node">&quot;#@name#{' v' + item_version.strip if item_version}&quot;</span>
@@ -716,13 +749,13 @@
 
           <div class="method-description">
             
-            
+            <p>Returns version number from readme.txt if it exists</p>
             
 
             
             <div class="method-source-code" id="version-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 37</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 61</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
   <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@version</span>
     <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)

doc/WpPlugin.html

@@ -202,28 +202,6 @@
       
 
       
-      <!-- Attributes -->
-      <div id="attribute-method-details" class="method-section section">
-        <h3 class="section-header">Attributes</h3>
-
-        
-        <div id="name-attribute-method" class="method-detail">
-          <a name="name"></a>
-          
-          <div class="method-heading attribute-method-heading">
-            <span class="method-name">name</span><span
-              class="attribute-access-type">[R]</span>
-          </div>
-
-          <div class="method-description">
-          
-          
-          
-          </div>
-        </div>
-        
-      </div><!-- attribute-method-details -->
-      
 
       <!-- Methods -->
       
@@ -250,21 +228,11 @@
             
             <div class="method-source-code" id="new-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 25</span>
+<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 20</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
-  <span class="ruby-ivar">@url</span>            = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>]   = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/plugin_vulns.xml'</span>
-  <span class="ruby-ivar">@path</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
+  <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">&quot;//plugin[@name='#@name']/vulnerability&quot;</span>
-  <span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
+  <span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-ivar">@name</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>(<span class="ruby-identifier">get_url</span>)
-  <span class="ruby-ivar">@vulns_xml</span>      = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/plugin_vulns.xml'</span>
-  <span class="ruby-ivar">@vulns_xpath</span>    = <span class="ruby-node">&quot;//plugin[@name='#@name']/vulnerability&quot;</span>
-  <span class="ruby-ivar">@version</span>        = <span class="ruby-keyword">nil</span>
-
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xml not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_xml</span>
 <span class="ruby-keyword">end</span></pre>
             </div><!-- new-source -->
             
@@ -304,7 +272,7 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
             
             <div class="method-source-code" id="error_log-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 46</span>
+<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 31</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log?</span>
   <span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">error_log_url</span>(), <span class="ruby-value">:headers</span> =<span class="ruby-operator">&gt;</span> { <span class="ruby-string">&quot;range&quot;</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;bytes=0-700&quot;</span>}).<span class="ruby-identifier">body</span>
   <span class="ruby-identifier">response_body</span>[<span class="ruby-regexp">%{PHP Fatal error}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
@@ -338,7 +306,7 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
             
             <div class="method-source-code" id="error_log_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 51</span>
+<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 36</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log_url</span>
   <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
 <span class="ruby-keyword">end</span></pre>

doc/WpTheme.html

@@ -75,8 +75,6 @@
           
           <li><a href="#method-i-3D-3D-3D">#===</a></li>
           
-          <li><a href="#method-i-to_s">#to_s</a></li>
-          
         </ul>
       </div>
       
@@ -286,7 +284,7 @@
             
             <div class="method-source-code" id="find-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 53</span>
+<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 42</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>)
   <span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">/find_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
     <span class="ruby-identifier">theme</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">target_uri</span>)
@@ -326,21 +324,11 @@
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 25</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
-  <span class="ruby-ivar">@url</span>            = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>]   = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/wp_theme_vulns.xml'</span>
-  <span class="ruby-ivar">@name</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>(<span class="ruby-identifier">get_url</span>)
+  <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">&quot;//theme[@name='#{@name}']/vulnerability&quot;</span>
-  <span class="ruby-ivar">@path</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
+  <span class="ruby-ivar">@version</span>              = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version</span>]
-  <span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
+  <span class="ruby-ivar">@style_url</span>            = <span class="ruby-identifier">options</span>[<span class="ruby-value">:style_url</span>]
-  <span class="ruby-ivar">@vulns_xml</span>      = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/wp_theme_vulns.xml'</span>
+  <span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-ivar">@vulns_xpath</span>    = <span class="ruby-node">&quot;//theme[@name='#{@name}']/vulnerability&quot;</span>
-
-  <span class="ruby-ivar">@version</span>        = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version</span>]
-  <span class="ruby-ivar">@style_url</span>      = <span class="ruby-identifier">options</span>[<span class="ruby-value">:style_url</span>]
-
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xml not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_xml</span>
 <span class="ruby-keyword">end</span></pre>
             </div><!-- new-source -->
             
@@ -377,7 +365,7 @@
             
             <div class="method-source-code" id="find_from_css_link-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 74</span>
+<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 58</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_css_link</span>(<span class="ruby-identifier">target_uri</span>)
   <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>)
 
@@ -423,7 +411,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
             
             <div class="method-source-code" id="find_from_wooframework-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 91</span>
+<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 75</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_wooframework</span>(<span class="ruby-identifier">target_uri</span>)
   <span class="ruby-identifier">body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
   <span class="ruby-identifier">regexp</span> = <span class="ruby-regexp">%{&lt;meta name=&quot;generator&quot; content=&quot;([^\s&quot;]+)\s?([^&quot;]+)?&quot; /&gt;\s+&lt;meta name=&quot;generator&quot; content=&quot;WooFramework\s?([^&quot;]+)?&quot; /&gt;}</span>
@@ -476,7 +464,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
             
             <div class="method-source-code" id="3D-3D-3D-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 67</span>
+<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 51</span>
 <span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">wp_theme</span>)
   <span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">version</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@version</span>
 <span class="ruby-keyword">end</span></pre>
@@ -490,40 +478,6 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
         </div><!-- 3D-3D-3D-method -->
 
       
-        <div id="to_s-method" class="method-detail ">
-          <a name="method-i-to_s"></a>
-
-          
-          <div class="method-heading">
-            <span class="method-name">to_s</span><span
-              class="method-args">()</span>
-            <span class="method-click-advice">click to toggle source</span>
-          </div>
-          
-
-          <div class="method-description">
-            
-            
-            
-
-            
-            <div class="method-source-code" id="to_s-source">
-<pre>
-<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 62</span>
-<span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
-  <span class="ruby-identifier">version</span> = <span class="ruby-identifier">version</span>()
-  <span class="ruby-node">&quot;#{@name}#{' v' + version if version}&quot;</span>
-<span class="ruby-keyword">end</span></pre>
-            </div><!-- to_s-source -->
-            
-          </div>
-
-          
-
-          
-        </div><!-- to_s-method -->
-
-      
       </div><!-- public-instance-method-details -->
     
     </div><!-- 5Buntitled-5D -->

doc/created.rid

@@ -1,5 +1,5 @@
-Mon, 17 Sep 2012 19:45:07 +0200
+Mon, 17 Sep 2012 22:40:58 +0200
-./CREDITS	Thu, 13 Sep 2012 22:54:08 +0200
+./CREDITS	Mon, 17 Sep 2012 20:18:24 +0200
 ./lib/browser.rb	Sun, 16 Sep 2012 15:18:58 +0200
 ./lib/cache_file_store.rb	Sat, 15 Sep 2012 08:04:03 +0200
 ./lib/common_helper.rb	Sat, 15 Sep 2012 08:04:08 +0200
@@ -24,11 +24,11 @@ Mon, 17 Sep 2012 19:45:07 +0200
 ./lib/wpscan/vulnerable.rb	Sat, 15 Sep 2012 08:02:37 +0200
 ./lib/wpscan/wp_detector.rb	Mon, 17 Sep 2012 17:40:36 +0200
 ./lib/wpscan/wp_enumerator.rb	Mon, 17 Sep 2012 17:54:28 +0200
-./lib/wpscan/wp_item.rb	Mon, 17 Sep 2012 19:43:28 +0200
+./lib/wpscan/wp_item.rb	Mon, 17 Sep 2012 22:04:16 +0200
 ./lib/wpscan/wp_options.rb	Sun, 16 Sep 2012 23:02:21 +0200
-./lib/wpscan/wp_plugin.rb	Mon, 17 Sep 2012 19:43:42 +0200
+./lib/wpscan/wp_plugin.rb	Mon, 17 Sep 2012 22:03:47 +0200
 ./lib/wpscan/wp_target.rb	Sun, 16 Sep 2012 23:48:55 +0200
-./lib/wpscan/wp_theme.rb	Mon, 17 Sep 2012 19:43:53 +0200
+./lib/wpscan/wp_theme.rb	Mon, 17 Sep 2012 22:23:12 +0200
 ./lib/wpscan/wp_version.rb	Sun, 16 Sep 2012 23:48:18 +0200
 ./lib/wpscan/wp_vulnerability.rb	Sat, 15 Sep 2012 08:03:09 +0200
 ./lib/wpscan/wpscan_helper.rb	Sat, 15 Sep 2012 21:19:30 +0200

doc/index.html

@@ -163,27 +163,29 @@
     
       <li><a href="CacheFileStore.html#method-c-new">::new &mdash; CacheFileStore</a></li>
     
-      <li><a href="WpVulnerability.html#method-c-new">::new &mdash; WpVulnerability</a></li>
+      <li><a href="WpscanOptions.html#method-c-new">::new &mdash; WpscanOptions</a></li>
     
       <li><a href="WpVersion.html#method-c-new">::new &mdash; WpVersion</a></li>
     
-      <li><a href="WpTheme.html#method-c-new">::new &mdash; WpTheme</a></li>
+      <li><a href="WpVulnerability.html#method-c-new">::new &mdash; WpVulnerability</a></li>
     
-      <li><a href="WpscanOptions.html#method-c-new">::new &mdash; WpscanOptions</a></li>
+      <li><a href="WpItem.html#method-c-new">::new &mdash; WpItem</a></li>
     
       <li><a href="RpcClient.html#method-c-new">::new &mdash; RpcClient</a></li>
     
       <li><a href="Updater.html#method-c-new">::new &mdash; Updater</a></li>
     
-      <li><a href="Generate_List.html#method-c-new">::new &mdash; Generate_List</a></li>
+      <li><a href="Svn_Parser.html#method-c-new">::new &mdash; Svn_Parser</a></li>
-    
-      <li><a href="Exploit.html#method-c-new">::new &mdash; Exploit</a></li>
     
       <li><a href="WpPlugin.html#method-c-new">::new &mdash; WpPlugin</a></li>
     
+      <li><a href="WpTheme.html#method-c-new">::new &mdash; WpTheme</a></li>
+    
       <li><a href="WpTarget.html#method-c-new">::new &mdash; WpTarget</a></li>
     
-      <li><a href="Svn_Parser.html#method-c-new">::new &mdash; Svn_Parser</a></li>
+      <li><a href="Generate_List.html#method-c-new">::new &mdash; Generate_List</a></li>
+    
+      <li><a href="Exploit.html#method-c-new">::new &mdash; Exploit</a></li>
     
       <li><a href="WpscanOptions.html#method-c-option_to_instance_variable_setter">::option_to_instance_variable_setter &mdash; WpscanOptions</a></li>
     
@@ -195,8 +197,6 @@
     
       <li><a href="WpVersion.html#method-c-version_pattern">::version_pattern &mdash; WpVersion</a></li>
     
-      <li><a href="WpItem.html#method-i-3C-3D-3E">#<=> &mdash; WpItem</a></li>
-    
       <li><a href="WpItem.html#method-i-3D-3D">#== &mdash; WpItem</a></li>
     
       <li><a href="WpTheme.html#method-i-3D-3D-3D">#=== &mdash; WpTheme</a></li>
@@ -315,11 +315,11 @@
     
       <li><a href="Object.html#method-i-help">#help &mdash; Object</a></li>
     
-      <li><a href="Updater.html#method-i-is_installed-3F">#is_installed? &mdash; Updater</a></li>
+      <li><a href="SvnUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; SvnUpdater</a></li>
     
       <li><a href="GitUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; GitUpdater</a></li>
     
-      <li><a href="SvnUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; SvnUpdater</a></li>
+      <li><a href="Updater.html#method-i-is_installed-3F">#is_installed? &mdash; Updater</a></li>
     
       <li><a href="WebSite.html#method-i-is_online-3F">#is_online? &mdash; WebSite</a></li>
     
@@ -339,14 +339,12 @@
     
       <li><a href="Browser.html#method-i-load_config">#load_config &mdash; Browser</a></li>
     
+      <li><a href="Updater.html#method-i-local_revision_number">#local_revision_number &mdash; Updater</a></li>
+    
       <li><a href="SvnUpdater.html#method-i-local_revision_number">#local_revision_number &mdash; SvnUpdater</a></li>
     
       <li><a href="GitUpdater.html#method-i-local_revision_number">#local_revision_number &mdash; GitUpdater</a></li>
     
-      <li><a href="Updater.html#method-i-local_revision_number">#local_revision_number &mdash; Updater</a></li>
-    
-      <li><a href="WpItem.html#method-i-location_uri_from_file_url">#location_uri_from_file_url &mdash; WpItem</a></li>
-    
       <li><a href="RpcClient.html#method-i-login">#login &mdash; RpcClient</a></li>
     
       <li><a href="WpLoginProtection.html#method-i-login_protection_plugin">#login_protection_plugin &mdash; WpLoginProtection</a></li>
@@ -361,14 +359,14 @@
     
       <li><a href="Browser.html#method-i-merge_request_params">#merge_request_params &mdash; Browser</a></li>
     
-      <li><a href="Exploit.html#method-i-meterpreter_read">#meterpreter_read &mdash; Exploit</a></li>
-    
       <li><a href="RpcClient.html#method-i-meterpreter_read">#meterpreter_read &mdash; RpcClient</a></li>
     
-      <li><a href="Exploit.html#method-i-meterpreter_write">#meterpreter_write &mdash; Exploit</a></li>
+      <li><a href="Exploit.html#method-i-meterpreter_read">#meterpreter_read &mdash; Exploit</a></li>
     
       <li><a href="RpcClient.html#method-i-meterpreter_write">#meterpreter_write &mdash; RpcClient</a></li>
     
+      <li><a href="Exploit.html#method-i-meterpreter_write">#meterpreter_write &mdash; Exploit</a></li>
+    
       <li><a href="Svn_Parser.html#method-i-parse">#parse &mdash; Svn_Parser</a></li>
     
       <li><a href="WpPlugins.html#method-i-plugins_from_aggressive_detection">#plugins_from_aggressive_detection &mdash; WpPlugins</a></li>
@@ -427,8 +425,6 @@
     
       <li><a href="WpItem.html#method-i-to_s">#to_s &mdash; WpItem</a></li>
     
-      <li><a href="WpTheme.html#method-i-to_s">#to_s &mdash; WpTheme</a></li>
-    
       <li><a href="GitUpdater.html#method-i-update">#update &mdash; GitUpdater</a></li>
     
       <li><a href="Updater.html#method-i-update">#update &mdash; Updater</a></li>
@@ -447,10 +443,10 @@
     
       <li><a href="WpUsernames.html#method-i-usernames">#usernames &mdash; WpUsernames</a></li>
     
-      <li><a href="WpItem.html#method-i-version">#version &mdash; WpItem</a></li>
-    
       <li><a href="WpTarget.html#method-i-version">#version &mdash; WpTarget</a></li>
     
+      <li><a href="WpItem.html#method-i-version">#version &mdash; WpItem</a></li>
+    
       <li><a href="Vulnerable.html#method-i-vulnerabilities">#vulnerabilities &mdash; Vulnerable</a></li>
     
       <li><a href="WpscanOptions.html#method-i-wordlist-3D">#wordlist= &mdash; WpscanOptions</a></li>

doc/lib/wpscan/wp_plugin_rb.html

@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-17 19:43:42 +0200</dd>
+      <dd class="modified-date">2012-09-17 22:03:47 +0200</dd>
 
       
       <dt class="requires">Requires</dt>

doc/lib/wpscan/wp_theme_rb.html

@@ -24,7 +24,7 @@
   <div id="metadata">
     <dl>
       <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-17 19:43:53 +0200</dd>
+      <dd class="modified-date">2012-09-17 22:23:12 +0200</dd>
 
       
       <dt class="requires">Requires</dt>

lib/wpscan/wp_item.rb

@@ -16,8 +16,10 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #++
 
+require "#{WPSCAN_LIB_DIR}/vulnerable"
+
 class WpItem < Vulnerable
-  attr_accessor :path, :url, :wp_content_dir, :name
+  attr_accessor :path, :url, :wp_content_dir, :name, :vulns_xml, :vulns_xpath
   @version = nil
 
   def initialize(options = {})
@@ -25,6 +27,14 @@ class WpItem < Vulnerable
     @url            = options[:url]
     @path           = options[:path]
     @name           = options[:name] || extract_name_from_url
+    @vulns_xml      = options[:vulns_xml]
+    @vulns_xpath    = options[:vulns_xpath]
+
+    raise("url not set") unless @url
+    raise("path not set") unless @path
+    raise("wp_content_dir not set") unless @wp_content_dir
+    raise("name not set") unless @name
+    raise("vulns_xml not set") unless @vulns_xml
   end
 
   # Get the full url for this item

lib/wpscan/wp_plugin.rb

@@ -16,27 +16,11 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #++
 
-require "#{WPSCAN_LIB_DIR}/vulnerable"
-
 class WpPlugin < WpItem
-
-  attr_reader :name
-
   def initialize(options = {})
-    @url            = options[:url]
+    options[:vulns_xml]   = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml'
-    @path           = options[:path]
+    options[:vulns_xpath] = "//plugin[@name='#@name']/vulnerability"
-    @wp_content_dir = options[:wp_content_dir]
+    super(options)
-    @vulns_xml      = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml'
-    @vulns_xpath    = "//plugin[@name='#@name']/vulnerability"
-    @version        = nil
-
-    raise("url not set") unless @url
-    raise("path not set") unless @path
-    raise("wp_content_dir not set") unless @wp_content_dir
-    raise("name not set") unless @name
-    raise("vulns_xml not set") unless @vulns_xml
-
-    super(:wp_content_dir => @wp_content_dir, :url => @url, :path => @path)
   end
 
   # Discover any error_log files created by WordPress

lib/wpscan/wp_theme.rb

@@ -23,22 +23,11 @@ class WpTheme < WpItem
   attr_reader :name, :style_url, :version
 
   def initialize(options = {})
-    @url            = options[:url]
+    options[:vulns_xml]   = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml'
-    @path           = options[:path]
+    options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability"
-    @wp_content_dir = options[:wp_content_dir]
+    @version              = options[:version]
-    @vulns_xml      = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml'
+    @style_url            = options[:style_url]
-    @vulns_xpath    = "//theme[@name='#{@name}']/vulnerability"
+    super(options)
-
-    @version        = options[:version]
-    @style_url      = options[:style_url]
-
-    raise("url not set") unless @url
-    raise("path not set") unless @path
-    raise("wp_content_dir not set") unless @wp_content_dir
-    raise("name not set") unless @name
-    raise("vulns_xml not set") unless @vulns_xml
-
-    super(:wp_content_dir => @wp_content_dir, :url => @url, :path => @path)
   end
 
   def version
@@ -59,11 +48,6 @@ class WpTheme < WpItem
     nil
   end
 
-  def to_s
-    version = version()
-    "#{@name}#{' v' + version if version}"
-  end
-
   def ===(wp_theme)
     wp_theme.name === @name and wp_theme.version === @version
   end
@@ -105,5 +89,4 @@ class WpTheme < WpItem
       )
     end
   end
-
 end

spec/lib/wpscan/wp_item_spec.rb

@@ -19,14 +19,12 @@
 require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
 
 describe WpPlugin do
-  before :all do
-    @browser = Browser.instance(:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json')
-  end
-
   before :each do
     @instance = WpItem.new(:wp_content_dir  => "wp-content",
                            :url             => "http://sub.example.com/path/to/wordpress/",
-                           :path            => "plugins/test/asdf.php")
+                           :path            => "plugins/test/asdf.php",
+                           :vulns_xml       => "XXX.xml"
+    )
   end
 
   describe "#initialize" do
@@ -76,9 +74,20 @@ describe WpPlugin do
       @instance.path = "plugins/test/"
       @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
     end
+
+    it "should return the correct url (https)" do
+      @instance.url = "https://sub.example.com/path/to/wordpress/"
+      @instance.get_url_without_filename.to_s.should == "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
+    end
+
+    it "should add the last slash if it's not present" do
+      @instance.path = "plugins/test-one"
+      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/"
+    end
   end
 
   describe "#version" do
+    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' }
     it "should return a version number" do
       stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1")
       @instance.version.should == "1.2.4.3.2.1"
@@ -88,18 +97,38 @@ describe WpPlugin do
       stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: trunk")
       @instance.version.should be nil
     end
+
+    it "should return nil if the version is invalid (IE : trunk etc)" do
+      stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200,
+                                                              :body => File.new(fixtures_dir + '/trunk-version.txt'))
+      @instance.version.should be_nil
+    end
+
+    it "should return the version 0.4" do
+      stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200,
+                                                              :body => File.new(fixtures_dir + '/simple-login-lockdown-0.4.txt'))
+
+      @instance.version.should === "0.4"
+    end
   end
 
   describe "#directory_listing?" do
     it "should return true" do
-      stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200, :body => "<html><head><title>Index of asdf</title></head></html>")
+      stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200,
+                                                                            :body => "<html><head><title>Index of asdf</title></head></html>")
       @instance.directory_listing?.should == true
     end
 
     it "should return false" do
-      stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200, :body => "<html><head><title>My Wordpress Site</title></head></html>")
+      stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200,
+                                                                            :body => "<html><head><title>My Wordpress Site</title></head></html>")
       @instance.directory_listing?.should == false
     end
+
+    it "should return false on a 404" do
+      stub_request(:get, @instance.get_url_without_filename.to_s.to_s).to_return(:status => 404)
+      @instance.directory_listing?.should be_false
+    end
   end
 
   describe "#extract_name_from_url" do
@@ -146,14 +175,18 @@ describe WpPlugin do
     it "should return false" do
       instance2 = WpItem.new(:wp_content_dir  => "wp-content",
                              :url             => "http://sub.example.com/path/to/wordpress/",
-                             :path            => "plugins/newname/asdf.php")
+                             :path            => "plugins/newname/asdf.php",
+                             :vulns_xml       => "XXX.xml"
+      )
       (@instance==instance2).should == false
     end
 
     it "should return true" do
       instance2 = WpItem.new(:wp_content_dir  => "wp-content",
                              :url             => "http://sub.example.com/path/to/wordpress/",
-                             :path            => "plugins/test/asdf.php")
+                             :path            => "plugins/test/asdf.php",
+                             :vulns_xml       => "XXX.xml"
+      )
       (@instance==instance2).should == true
     end
   end

spec/lib/wpscan/wp_plugin_spec.rb

@@ -19,252 +19,60 @@
 require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
 
 describe WpPlugin do
-
-  before :all do
-    @browser = Browser.instance(:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json')
-  end
-
-  describe "#location_uri_from_url" do
-    after :each do
-      if @url
-        uri = WpPlugin.location_uri_from_url(@url)
-
-        uri.should be_a URI
-        uri.to_s.should === @expected_uri_string
-      end
-    end
-
-    #it "should raise an error if the url is not valid" do
-    #  expect { WpPlugin.location_uri_from_url("example.com") }.to raise_error
-    #  expect { WpPlugin.location_uri_from_url("http://example.com/wp-includes/plugins/example/") }.to raise_error
-    #end
-
-    it "should return the uri without the file" do
-      @url                 = "http://example.com/wp-content/plugins/example/readme.txt"
-      @expected_uri_string = "http://example.com/wp-content/plugins/example/"
-    end
-
-    it "should return the uri without the file" do
-      @url                 = "https://sub.example.com/path/to/dir/wp-content/plugins/example/readme.txt"
-      @expected_uri_string = "https://sub.example.com/path/to/dir/wp-content/plugins/example/"
-    end
-
-    it "should return the same uri" do
-      @url                 = "http://example.com/wp-content/plugins/hello-world/"
-      @expected_uri_string = @url
-    end
-
-    # http://code.google.com/p/wpscan/issues/detail?id=146
-    it "should not raise an error if the url uses https" do
-      @url                 = "https://example.com/folder1/folder2/wp-content/plugins/user-role-editor/index.php"
-      @expected_uri_string = "https://example.com/folder1/folder2/wp-content/plugins/user-role-editor/"
-    end
-
-    it "should add the last slash if it's not present" do
-      @url                 = "http://example.com/wp-content/plugins/test-one"
-      @expected_uri_string = "#{@url}/"
-    end
-  end
-
-  describe "#extract_name_from_location_url" do
-    it "should return 'example-plugin'" do
-      WpPlugin.extract_name_from_location_url('http://example.com/wp-content/plugins/example-plugin/').should === 'example-plugin'
-    end
-
-    it "should return 'example-plugin'" do
-      WpPlugin.extract_name_from_location_url('https://sub.example.com/path/to/a/wp-content/plugins/example-plugin/').should === 'example-plugin'
-    end
-  end
-
-  describe "#create_location_url_from_name" do
-    after :each do
-      WpPlugin.create_location_url_from_name(@plugin_name, @target_url).should === @expected_url
-    end
-
-    it "should return 'http://example.com/$wp-plugins$/example/'" do
-      @plugin_name  = "example"
-      @target_url   = "http://example.com/"
-      @expected_url = "http://example.com/$wp-plugins$/example/"
-    end
-
-    it "should return 'http://example.com/$wp-plugins$/example/' even if the last '/' is not in the target url" do
-      @plugin_name  = "example"
-      @target_url   = "http://example.com"
-      @expected_url = "http://example.com/$wp-plugins$/example/"
-    end
-
-    it "should return http://example.com/$wp-plugins$/example-test/" do
-      @plugin_name  = "example-test"
-      @target_url   = "http://example.com"
-      @expected_url = "http://example.com/$wp-plugins$/example-test/"
-    end
-
-    it "should return http://example.com/$wp-plugins$/something%20with%20spaces/" do
-      @plugin_name  = "something with spaces"
-      @target_url   = "http://example.com"
-      @expected_url = URI.escape("http://example.com/$wp-plugins$/something with spaces/")
-    end
-  end
-
-  describe "#create_url_from_raw" do
-    it "should return http://example.com/$wp-plugins$/example-test/readme.txt" do
-      WpPlugin.create_url_from_raw("example-test/readme.txt", URI.parse("http://example.com")).should === "http://example.com/$wp-plugins$/example-test/readme.txt"
-    end
-  end
-
   describe "#initialize" do
-    let(:location_url) { 'http://example.com/wp-content/plugins/example/' }
+    it "should not raise an exception" do
-
+      expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
-    it "should raise an exception" do
-      expect { WpPlugin.new('invalid location url') }.to raise_error
     end
 
-    it "should initialize the object (no options given), :name should be 'example'" do
+    it "should raise an exception (url not set)" do
-      options = WpOptions.get_empty_options
+      expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
-      options[:url] = location_url
-      wp_plugin = WpPlugin.new(options)
-      wp_plugin.name.should === 'example'
-      wp_plugin.get_url.should === location_url
     end
 
-    it "should initialize the object (options[:name] = 'example')" do
+    it "should raise an exception (path not set)" do
-      options = WpOptions.get_empty_options
+      expect { WpPlugin.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
-      options[:url] = location_url
+    end
-      options[:name] = "example"
+
-      wp_plugin = WpPlugin.new(options)
+    it "should raise an exception (wp_content_dir not set)" do
-      wp_plugin.name.should === 'example'
+      expect { WpPlugin.new(:url => "url", :path => "path", :name => "name") }.to raise_error
-      wp_plugin.location_url.should === location_url
+    end
+
+    it "should raise an exception (name not set)" do
+      expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
     end
   end
 
-  # TODO
+  describe "#error_log_url" do
-  describe "operators : ==, ===, <=>" do
+    it "should return a correct url" do
-
+      temp = WpPlugin.new(:url            => "http://wordpress.com",
-  end
+                          :path           => "plugins/test/asdf.php",
-
+                          :wp_content_dir => "wp-content")
-  #TODO
+      temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log"
-  describe "#location_url" do
-
-  end
-
-  describe "#version" do
-    let(:location_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/' }
-    let(:wp_plugin) { WpPlugin.new(location_url) }
-    let(:readme_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/readme.txt' }
-    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' }
-
-    it "should return nil if the readme.txt does not exist" do
-      stub_request(:get, readme_url).
-        to_return(:status => 404)
-
-      wp_plugin.version.should be_nil
-    end
-
-    it "should return nil if the version is invalid (IE : trunk etc)" do
-      stub_request(:get, readme_url).
-        to_return(:status => 200, :body => File.new(fixtures_dir + '/trunk-version.txt'))
-
-      wp_plugin.version.should be_nil
-    end
-
-    it "should return the version 0.4" do
-      stub_request(:get, readme_url).
-        to_return(:status => 200, :body => File.new(fixtures_dir + '/simple-login-lockdown-0.4.txt'))
-
-      wp_plugin.version.should === '0.4'
     end
   end
 
-  describe "#to_s" do
+  describe "#error_log?" do
-    after :each do
+    before :each do
-      wp_plugin = WpPlugin.new(WpPlugin.create_location_url_from_name(@name, "http://example.localhost"))
+      @temp = WpPlugin.new(:url           => "http://wordpress.com",
-      wp_plugin.stub(:version => @version)
+                          :path           => "plugins/test/asdf.php",
-      wp_plugin.to_s.should === @expected
+                          :wp_content_dir => "wp-content")
-    end
-
-    it "should not include the version if it's not detected" do
-      @name = "a-plugin"
-      @version = nil
-      @expected = "a-plugin"
-    end
-
-    it "should show the version if it's detected" do
-      @name = "another-plugin"
-      @version = "3.2"
-      @expected = "another-plugin v3.2"
-    end
-  end
-
-  describe "#vulnerabilities" do
-    let(:location_url) { 'http://example.localhost/wp-content/plugins/spec-plugin/' }
-    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' }
-    let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' }
-    let(:wp_plugin) { WpPlugin.new(location_url, :vulns_xml => vulns_xml) }
-
-
-    it "should return an empty array when no vulnerabilities are found" do
-      WpPlugin.new(
-        'http://example.localhost/wp-content/plugins/no-vulns/',
-        :vulns_xml => vulns_xml
-      ).vulnerabilities.should be_empty
-    end
-
-    it "should return an arry with 2 vulnerabilities" do
-      vulnerabilities = wp_plugin.vulnerabilities
-
-      vulnerabilities.should_not be_empty
-      vulnerabilities.length.should == 2
-      vulnerabilities.each { |vulnerability| vulnerability.should be_a WpVulnerability }
-      vulnerabilities[0].title.should === 'WPScan Spec'
-      vulnerabilities[1].title.should === 'Spec SQL Injection'
-    end
-  end
-
-  describe "#error_log* (#error_log_url & #error_log?)" do
-    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/error_log' }
-    let(:location_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/' }
-    let(:error_log_url) { 'http://example.localhost/wp-content/plugins/simple-login-lockdown/error_log' }
-    let(:wp_plugin) { WpPlugin.new(location_url) }
-
-    it "should return the url of the error log" do
-      wp_plugin.error_log_url.should === error_log_url
-    end
-
-    it "should return false on a 404" do
-      stub_request(:get, error_log_url).
-        to_return(:status => 404)
-
-      wp_plugin.error_log?.should be_false
     end
 
     it "should return true" do
-      stub_request(:get, error_log_url).
+      stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 200, :body => "PHP Fatal error")
-        to_return(:status => 200, :body => File.new(fixtures_dir + '/error_log'))
+      @temp.error_log?.should be true
-
-      wp_plugin.error_log?.should be_true
-    end
-  end
-
-  describe "#directory_listing?" do
-    let(:wp_plugin) { WpPlugin.new('http://example.localhost/wp-content/plugins/simple-login-lockdown/readme.txt') }
-
-    it "should return false on a 404" do
-      stub_request(:get, wp_plugin.location_url).to_return(:status => 404)
-
-      wp_plugin.directory_listing?.should be_false
     end
 
-    it "should return false on a blank page" do
+    it "should return false" do
-      stub_request(:get, wp_plugin.location_url).to_return(:status => 200, :body => '')
+      stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 500, :body => "Access denied")
-
+      @temp.error_log?.should be false
-      wp_plugin.directory_listing?.should be_false
     end
 
     it "should return true" do
-      stub_request(:get, wp_plugin.location_url).
+      fixtures_dir = SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/error_log"
-        to_return(:status => 200, :body => "<title>Index of simple-login-lockdown</title>")
+      stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 200,
+                                                             :body => File.new(fixtures_dir + '/error_log'))
 
-      wp_plugin.directory_listing?.should be_true
+      @temp.error_log?.should be true
     end
   end
 end

spec/lib/wpscan/wp_theme_spec.rb

@@ -19,7 +19,6 @@
 require File.expand_path(File.dirname(__FILE__) + "/wpscan_helper")
 
 describe WpTheme do
-
   before :all do
     @target_uri = URI.parse("http://example.localhost/")
 
@@ -29,21 +28,25 @@ describe WpTheme do
     )
   end
 
-  describe "#to_s" do
+  describe "#initialize" do
-    it "should return the theme name and the version if there is one" do
+    it "should not raise an exception" do
-      wp_theme = WpTheme.new(:name => "bueno", :version => "1.2.3", :url => "", :path => "", :wp_content_dir => "")
+      expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
-
-      wp_theme.to_s.should === "bueno v1.2.3"
     end
 
-    it "should not add the version if there is not" do
+    it "should raise an exception (url not set)" do
-      style_url = @target_uri.merge("wp-content/themes/hello-world/style.css").to_s
+      expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
+    end
 
-      stub_request(:get, style_url).to_return(:status => 200, :body => "")
+    it "should raise an exception (path not set)" do
+      expect { WpTheme.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
+    end
 
-      wp_theme = WpTheme.new(:name => "hello-world", :style_url => style_url, :url => "", :path => "", :wp_content_dir => "")
+    it "should raise an exception (wp_content_dir not set)" do
+      expect { WpTheme.new(:url => "url", :path => "path", :name => "name") }.to raise_error
+    end
 
-      wp_theme.to_s.should === "hello-world"
+    it "should raise an exception (name not set)" do
+      expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
     end
   end
 
@@ -174,4 +177,69 @@ describe WpTheme do
     end
   end
 
+  describe "#===" do
+    it "should return false (name not equal)" do
+      instance = WpTheme.new(:wp_content_dir  => "wp-content",
+                             :url             => "http://sub.example.com/path/to/wordpress/",
+                             :path            => "themes/name/asdf.php",
+                             :vulns_xml       => "XXX.xml",
+                             :version         => "1.0"
+      )
+      instance2 = WpTheme.new(:wp_content_dir  => "wp-content",
+                              :url             => "http://sub.example.com/path/to/wordpress/",
+                              :path            => "themes/newname/asdf.php",
+                              :vulns_xml       => "XXX.xml",
+                              :version         => "1.0"
+      )
+      (instance===instance2).should == false
+    end
+
+    it "should return false (version not equal)" do
+      instance = WpTheme.new(:wp_content_dir  => "wp-content",
+                             :url             => "http://sub.example.com/path/to/wordpress/",
+                             :path            => "themes/name/asdf.php",
+                             :vulns_xml       => "XXX.xml",
+                             :version         => "1.0"
+      )
+      instance2 = WpTheme.new(:wp_content_dir  => "wp-content",
+                              :url             => "http://sub.example.com/path/to/wordpress/",
+                              :path            => "themes/name/asdf.php",
+                              :vulns_xml       => "XXX.xml",
+                              :version         => "2.0"
+      )
+      (instance===instance2).should == false
+    end
+
+    it "should return false (version and name not equal)" do
+      instance = WpTheme.new(:wp_content_dir  => "wp-content",
+                             :url             => "http://sub.example.com/path/to/wordpress/",
+                             :path            => "themes/name/asdf.php",
+                             :vulns_xml       => "XXX.xml",
+                             :version         => "1.0"
+      )
+      instance2 = WpTheme.new(:wp_content_dir  => "wp-content",
+                              :url             => "http://sub.example.com/path/to/wordpress/",
+                              :path            => "themes/newname/asdf.php",
+                              :vulns_xml       => "XXX.xml",
+                              :version         => "2.0"
+      )
+      (instance===instance2).should == false
+    end
+
+    it "should return true" do
+      instance = WpTheme.new(:wp_content_dir  => "wp-content",
+                             :url             => "http://sub.example.com/path/to/wordpress/",
+                             :path            => "themes/test/asdf.php",
+                             :vulns_xml       => "XXX.xml",
+                             :version         => "1.0"
+      )
+      instance2 = WpTheme.new(:wp_content_dir  => "wp-content",
+                              :url             => "http://sub.example.com/path/to/wordpress/",
+                              :path            => "themes/test/asdf.php",
+                              :vulns_xml       => "XXX.xml",
+                              :version         => "1.0"
+      )
+      (instance===instance2).should == true
+    end
+  end
 end

spec/lib/wpscan/wp_vulnerability_spec.rb

@@ -0,0 +1,26 @@
+# TODO
+
+describe "#vulnerabilities" do
+  let(:location_url) { 'http://example.localhost/wp-content/plugins/spec-plugin/' }
+  let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' }
+  let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' }
+  let(:wp_plugin) { WpPlugin.new(location_url, :vulns_xml => vulns_xml) }
+
+
+  it "should return an empty array when no vulnerabilities are found" do
+    WpPlugin.new(
+        'http://example.localhost/wp-content/plugins/no-vulns/',
+        :vulns_xml => vulns_xml
+    ).vulnerabilities.should be_empty
+  end
+
+  it "should return an arry with 2 vulnerabilities" do
+    vulnerabilities = wp_plugin.vulnerabilities
+
+    vulnerabilities.should_not be_empty
+    vulnerabilities.length.should == 2
+    vulnerabilities.each { |vulnerability| vulnerability.should be_a WpVulnerability }
+    vulnerabilities[0].title.should === 'WPScan Spec'
+    vulnerabilities[1].title.should === 'Spec SQL Injection'
+  end
+end