rpsec tests

data/wp_versions.xml

@@ -18,7 +18,7 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 ryandewhurst at gmail
-
+-->
 <!--
   This file contains identification data to identify WordPress verions.
   http://wordpress.org/download/release-archive/

lib/wpscan/wp_version.rb

@@ -93,7 +93,9 @@ class WpVersion < Vulnerable
   #
   def self.find_from_advanced_fingerprinting(options)
     target_uri = options[:url]
-    xml = Nokogiri::XML(File.open(DATA_DIR + '/wp_versions.xml')) do |config|
+    # needed for rpsec tests
+    version_xml = options[:version_xml] || DATA_DIR + "/wp_versions.xml"
+    xml = Nokogiri::XML(File.open(version_xml)) do |config|
       config.noblanks
     end
 

spec/fixtures/wpscan/wp_version/advanced/wp_versions.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0"?>
+
+<!--
+WPScan - WordPress Security Scanner
+Copyright (C) 2011  Ryan Dewhurst AKA ethicalhack3r
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+ryandewhurst at gmail
+-->
+<!--
+  This file contains identification data to identify WordPress verions.
+  http://wordpress.org/download/release-archive/
+
+  Position is important, DO NOT change anything unless you know what you are doing :p
+-->
+
+<wp-versions>
+  <file src="wp-admin/js/wp-fullscreen.js">
+    <hash md5="5675f7793f171b6424bf72f9d7bf4d9a">
+      <score>1</score>
+      <versions>3.2.1</versions>
+    </hash>
+
+    <hash md5="7b423e0b7c9221092737ad5271d09863">
+      <score>1</score>
+      <versions>3.2</versions>
+    </hash>
+  </file>
+</wp-versions>

spec/lib/wpscan/wp_version_spec.rb

@@ -138,4 +138,42 @@ describe WpVersion do
     end
   end
 
+  describe "#find_from_advanced_fingerprinting" do
+    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/advanced' }
+
+    it "should return 3.2.1" do
+      stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
+                              :status => 200,
+                              :fixture => "#{fixtures_dir}/3.2.1.js")
+      version = WpVersion.find_from_advanced_fingerprinting(:url => @target_uri,
+                                                            :wp_content_dir => "wp-content",
+                                                            :version_xml => "#{fixtures_dir}/wp_versions.xml")
+      version.should == "3.2.1"
+    end
+  end
+
+  describe "#initialize" do
+    it "should initialize a WpVersion object" do
+      v = WpVersion.new(1, { :discovery_method => "method", :vulns_xml => "asdf.xml" })
+      v.number.should == 1
+      v.discovery_method.should == "method"
+    end
+  end
+
+  describe "#find" do
+    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/advanced' }
+
+    it "should find all versions" do
+      # All requests get a HTTP 404
+      stub_request(:any, /.*/).to_return(:status => 404)
+      # Wordpress Version 3.2.1
+      stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
+                              :status => 200,
+                              :fixture => "#{fixtures_dir}/3.2.1.js")
+      version = WpVersion.find(@target_uri, "wp-content")
+      version.number.should == "3.2.1"
+      version.discovery_method.should == "advanced fingerprinting"
+    end
+  end
+
 end