From 7b0cb294668cda8e372c5aa20bc35b8ee2eb096b Mon Sep 17 00:00:00 2001
From: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri, 9 May 2014 17:58:04 +0200
Subject: [PATCH] XML check rspecs

Example output:
  1) XML content each plugin vuln needs a type node
     Failure/Error: @result.should have(0).items, "Items:\n#{@result.join("\n")}"
       Items:
       ReFlex Gallery 1.4 - reflex-gallery.php Direct Request Path Disclosure
       Gallery Plugin 3.8.3 - gallery-plugin.php filename_1 Parameter Arbitrary File Access
       EZPZ One Click Backup <= 12.03.10 - OS Command Injection
       BulletProof Security - Security Log Script Insertion Vulnerability
       Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure
       HMS Testimonials 2.0.10 - CSRF
       HMS Testimonials 2.0.10 - XSS
       platinum_seo_pack.php - s Parameter Reflected XSS
       Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability
---
 .travis.yml             |  2 +-
 spec/xml_checks_spec.rb | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 826385e0..ff4c15e6 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,7 +5,7 @@ rvm:
   - 2.0.0
   - 2.1.0
   - 2.1.1
-script: bundle exec rspec --format documentation
+script: bundle exec rspec
 notifications:
   email:
     - wpscanteam@gmail.com
diff --git a/spec/xml_checks_spec.rb b/spec/xml_checks_spec.rb
index ba158b37..9b1bd8a2 100644
--- a/spec/xml_checks_spec.rb
+++ b/spec/xml_checks_spec.rb
@@ -77,3 +77,38 @@ describe 'Well formed XML checks' do
     @file = LOCAL_FILES_FILE
   end
 end
+
+describe 'XML content' do
+  before :all do
+    @vuln_plugins = xml(PLUGINS_VULNS_FILE)
+    @vuln_themes = xml(THEMES_VULNS_FILE)
+  end
+
+  after :each do
+    @result.should have(0).items, "Items:\n#{@result.join("\n")}"
+  end
+
+  it 'each plugin vuln needs a type node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
+  end
+
+  it 'each theme vuln needs a type node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
+  end
+
+  it 'each plugin vuln needs a title node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(title)]/../@name').map(&:text)
+  end
+
+  it 'each theme vuln needs a title node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(title)]/../@name').map(&:text)
+  end
+
+  it 'each plugin vuln needs a references node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
+  end
+
+  it 'each theme vuln needs a references node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
+  end
+end