VulnAPI Implementation

2019-07-18 20:32:15 +01:00
parent 84422b10c8
commit 463e77f0a5
60 changed files with 1126 additions and 223 deletions
--- a/spec/shared_examples/views/main_theme.rb
+++ b/spec/shared_examples/views/main_theme.rb
@@ -60,6 +60,8 @@ shared_examples 'App::Views::MainTheme' do

        it 'outputs the expected string' do
          expect(theme).to receive(:version).at_least(1)
+          allow(theme).to receive(:db_data).and_return(vuln_api_data_for('themes/dignitas-themes'))
+
          @tpl_vars = tpl_vars.merge(theme: theme, verbose: true)
        end
      end
--- a/spec/shared_examples/views/vuln_api.rb
+++ b/spec/shared_examples/views/vuln_api.rb
@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+shared_examples 'App::Views::VulnApi' do
+  let(:controller) { WPScan::Controller::VulnApi.new }
+  let(:tpl_vars)   { { url: target_url } }
+
+  describe 'status' do
+    let(:view) { 'status' }
+
+    context 'when no api token is given' do
+      let(:expected_view) { 'no_token' }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(status: {})
+      end
+    end
+
+    context 'when http error' do
+      let(:expected_view) { 'http_error' }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(
+          status: {
+            'http_error' => WPScan::Error::HTTP.new(Typhoeus::Response.new(effective_url: 'url', return_code: 28))
+          }
+        )
+      end
+    end
+
+    context 'when no more remaining requests' do
+      let(:expected_view) { 'no_more_requests' }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(
+          status: { 'success': true, 'plan' => 'free', 'requests_remaining' => 0 },
+          api_requests: 3
+        )
+      end
+    end
+
+    context 'when everything is fine' do
+      let(:expected_view) { 'all_ok' }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(
+          status: { 'success': true, 'plan' => 'paid', 'requests_remaining' => 120 },
+          api_requests: 3
+        )
+      end
+    end
+
+    context 'when unlimited requests' do
+      let(:expected_view) { 'unlimited_requests' }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(
+          status: { 'success': true, 'plan' => 'enterprise', 'requests_remaining' => 'Unlimited' },
+          api_requests: 3
+        )
+      end
+    end
+  end
+end
--- a/spec/shared_examples/views/wp_version.rb
+++ b/spec/shared_examples/views/wp_version.rb
@@ -17,6 +17,7 @@ shared_examples 'App::Views::WpVersion' do

    context 'when the version is not nil' do
      let(:version) { WPScan::Model::WpVersion.new('4.0', found_by: 'rspec') }
+      before { allow(version).to receive(:db_data).and_return(vuln_api_data_for('wordpresses/40')) }

      context 'when confirmed_by is empty' do
        context 'when no interesting_entries' do
@@ -77,9 +78,12 @@ shared_examples 'App::Views::WpVersion' do

    context 'when the version is vulnerable' do
      let(:expected_view) { 'with_vulns' }
+      let(:version) { WPScan::Model::WpVersion.new('3.8.1', found_by: 'rspec') }
+
+      before { allow(version).to receive(:db_data).and_return(vuln_api_data_for('wordpresses/381')) }

      it 'outputs the expected string' do
-        @tpl_vars = tpl_vars.merge(version: WPScan::Model::WpVersion.new('3.8.1', found_by: 'rspec'))
+        @tpl_vars = tpl_vars.merge(version: version)
      end
    end
  end