rspec tests

2012-09-18 21:19:04 +02:00
parent d4dc813621
commit 2c2d6749ba
3 changed files with 63 additions and 65 deletions
--- a/lib/wpscan/modules/wp_timthumbs.rb
+++ b/lib/wpscan/modules/wp_timthumbs.rb
@@ -29,7 +29,7 @@ module WpTimthumbs
    if @wp_timthumbs.nil?
      options[:type] = "timthumbs"
      options[:only_vulnerable_ones] = false
-      options[:file] = DATA_DIR + "/timthumbs.txt"
+      options[:file] = options[:file] || DATA_DIR + "/timthumbs.txt"
      options[:vulns_file] = "xxx"
      options[:vulns_xpath] = "xxx"
      options[:vulns_xpath_2] = "xxx"
@@ -50,10 +50,10 @@ module WpTimthumbs
    targets    = []
    theme_name = URI.escape(theme_name)

-    [
-      'timthumb.php', 'lib/timthumb.php', 'inc/timthumb.php', 'includes/timthumb.php',
-      'scripts/timthumb.php', 'tools/timthumb.php', 'functions/timthumb.php'
-    ].each do |file|
+    %w{
+      timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
+      scripts/timthumb.php tools/timthumb.php functions/timthumb.php
+    }.each do |file|
      targets << {
          :url            => options[:url],
          :path           => "themes/#{theme_name}/#{file}",
--- a/spec/fixtures/wpscan/modules/wp_timthumbs/timthumbs.txt
+++ b/spec/fixtures/wpscan/modules/wp_timthumbs/timthumbs.txt
@@ -1,3 +1,3 @@
-wp-content/plugins/feature-slideshow/timthumb.php
-wp-content/plugins/fotoslide/timthumb.php
-wp-content/plugins/feature-slideshow/timthumb.php
+plugins/feature-slideshow/timthumb.php
+plugins/fotoslide/timthumb.php
+plugins/feature-slideshow/timthumb.php
--- a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb
+++ b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb
@@ -19,93 +19,91 @@
 shared_examples_for "WpTimthumbs" do

  before :each do
-    @module             = WpScanModuleSpec.new('http://example.localhost/')
-    @fixtures_dir       = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_timthumbs'
+    @options                  = WpOptions.get_empty_options
+    @url                      = "http://example.localhost/"
    @theme_name               = "bueno"
-    @timthumbs_file     = @fixtures_dir + '/timthumbs.txt'
+    @options[:url]            = @url
+    @options[:wp_content_dir] = "wp-content"
+    @options[:name]           = @theme_name
+    @options[:error_404_hash] = "xx"
+    @module                   = WpScanModuleSpec.new(@url)
+    @fixtures_dir             = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/wp_timthumbs"
+    @timthumbs_file           = @fixtures_dir + "/timthumbs.txt"
    @targets_from_file        =
-    [
-      "http://example.localhost/wp-content/plugins/fotoslide/timthumb.php",
-      "http://example.localhost/wp-content/plugins/feature-slideshow/timthumb.php"
-    ]
+    %w{
+      http://example.localhost/wp-content/plugins/fotoslide/timthumb.php
+      http://example.localhost/wp-content/plugins/feature-slideshow/timthumb.php
+    }
    @targets_from_theme =
    [
-      'http://example.localhost/wp-content/themes/' + @theme_name + '/timthumb.php',
-      'http://example.localhost/wp-content/themes/' + @theme_name + '/lib/timthumb.php',
-      'http://example.localhost/wp-content/themes/' + @theme_name + '/inc/timthumb.php',
-      'http://example.localhost/wp-content/themes/' + @theme_name + '/includes/timthumb.php',
-      'http://example.localhost/wp-content/themes/' + @theme_name + '/scripts/timthumb.php',
-      'http://example.localhost/wp-content/themes/' + @theme_name + '/tools/timthumb.php',
-      'http://example.localhost/wp-content/themes/' + @theme_name + '/functions/timthumb.php'
+      "http://example.localhost/wp-content/themes/" + @theme_name + "/timthumb.php",
+      "http://example.localhost/wp-content/themes/" + @theme_name + "/lib/timthumb.php",
+      "http://example.localhost/wp-content/themes/" + @theme_name + "/inc/timthumb.php",
+      "http://example.localhost/wp-content/themes/" + @theme_name + "/includes/timthumb.php",
+      "http://example.localhost/wp-content/themes/" + @theme_name + "/scripts/timthumb.php",
+      "http://example.localhost/wp-content/themes/" + @theme_name + "/tools/timthumb.php",
+      "http://example.localhost/wp-content/themes/" + @theme_name + "/functions/timthumb.php"
    ]

    @module.extend(WpTimthumbs)
  end

-  describe "#timthumbs_file" do
-    it "should return #{DATA_DIR}/timthumb.txt" do
-      WpTimthumbs.timthumbs_file.should === "#{DATA_DIR}/timthumbs.txt"
-    end
-
-    it "should return hello/file.txt" do
-      WpTimthumbs.timthumbs_file("hello/file.txt").should === "hello/file.txt"
-    end
-  end
-
  describe "#targets_url_from_theme" do
    it "should return the targets for the theme" do
-      targets = @module.send(:targets_url_from_theme, @theme_name)
+      targets = @module.send(:targets_url_from_theme, @theme_name, @options)

      targets.should_not be_empty
-      targets.sort.should === @targets_from_theme.sort
+      targets.length.should > 0
+      temp = []
+      targets.each do |t|
+        url = "#{t[:url]}#{t[:wp_content_dir]}/#{t[:path]}"
+        temp << url
+      end
+      temp.sort.should === @targets_from_theme.sort
    end
  end

-  describe "#timthumbs_targets_url" do
-    it "should return only the targets from the timthumbs file" do
-      targets = @module.timthumbs_targets_url(:timthumbs_file => @timthumbs_file)
-
-      targets.should_not be_empty
-      targets.sort.should === @targets_from_file.sort
-    end
-
-    it "should return targets from timthumbs file and theme" do
-      targets = @module.timthumbs_targets_url(:theme_name => @theme_name, :timthumbs_file => @timthumbs_file)
-
-      targets.should_not be_empty
-      targets.sort.should === (@targets_from_file + @targets_from_theme).sort
-    end
-  end
-
-  describe "#timthumbs" do
-
+  describe "#timthumbs and #has_timthumbs?" do
    before :each do
-      @module.timthumbs_targets_url(:theme_name => @theme_name, :timthumbs_file => @timthumbs_file).each do |target_url|
-        stub_request(:get, target_url).to_return(:status => 404)
+      @options[:file] = @timthumbs_file
+      @options[:vulns_file] = "xxx"
+      @options[:type] = "timthumbs"
+      @targets_from_file.each do |url|
+        stub_request(:get, url).to_return(:status => 404)
      end
    end

    it "should return an empty array" do
-      timthumbs = @module.timthumbs(:theme_name => @theme_name, :timthumbs_file => @timthumbs_file)
-
+      timthumbs = @module.timthumbs(nil, @options)
      timthumbs.should be_empty
-      @module.has_timthumbs?.should be_false
+      @module.has_timthumbs?(nil, @options).should be_false
    end

    it "should return an array with 2 timthumbs url" do
      expected = []
-      @module.timthumbs_targets_url(:theme_name => @theme_name, :timthumbs_file => @timthumbs_file).sample(2).each do |target_url|
+      urls = []
+      urls_hash = WpEnumerator.generate_items(@options)
+      urls_hash.each do |u|
+        url = "#{u[:url]}#{u[:wp_content_dir]}/#{u[:path]}"
+        urls << url
+        stub_request(:get, url).to_return(:status => 404)
+      end
+      urls.sample(2).each do |target_url|
        expected << target_url
-
        stub_request(:get, target_url).
          to_return(:status => 200, :body => File.new(@fixtures_dir + "/timthumb.php"))
      end

-      timthumbs = @module.timthumbs(:theme_name => @theme_name, :timthumbs_file => @timthumbs_file)
+      timthumbs = @module.timthumbs(nil, @options)
      timthumbs.should_not be_empty
-      timthumbs.sort.should === expected.sort
-      @module.has_timthumbs?.should be_true
-    end
-  end

+      temp = []
+      timthumbs.each do |t|
+        url = "#{t[:url]}#{t[:wp_content_dir]}/#{t[:path]}"
+        temp << url
+      end
+      temp.sort.should === expected.sort
+      @module.has_timthumbs?(nil).should be_true
+    end
+  end
 end