bugfixing and rspec tests
This commit is contained in:
Christian Mehlmauer
@@ -30,9 +30,9 @@ class Vulnerable
|
|||||||
|
|
||||||
xml.xpath(@vulns_xpath).each do |node|
|
xml.xpath(@vulns_xpath).each do |node|
|
||||||
vulnerabilities << WpVulnerability.new(
|
vulnerabilities << WpVulnerability.new(
|
||||||
node.search('title').text,
|
node.search("title").text,
|
||||||
node.search('reference').text,
|
node.search("reference").text,
|
||||||
node.search('type').text
|
node.search("type").text
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
vulnerabilities
|
vulnerabilities
|
||||||
|
|||||||
@@ -28,7 +28,7 @@ class WpItem < Vulnerable
|
|||||||
@path = options[:path]
|
@path = options[:path]
|
||||||
@name = options[:name] || extract_name_from_url
|
@name = options[:name] || extract_name_from_url
|
||||||
@vulns_xml = options[:vulns_xml]
|
@vulns_xml = options[:vulns_xml]
|
||||||
@vulns_xpath = options[:vulns_xpath]
|
@vulns_xpath = options[:vulns_xpath].sub(/\$name\$/, @name)
|
||||||
|
|
||||||
raise("url not set") unless @url
|
raise("url not set") unless @url
|
||||||
raise("path not set") unless @path
|
raise("path not set") unless @path
|
||||||
|
|||||||
@@ -19,7 +19,7 @@
|
|||||||
class WpPlugin < WpItem
|
class WpPlugin < WpItem
|
||||||
def initialize(options = {})
|
def initialize(options = {})
|
||||||
options[:vulns_xml] = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml'
|
options[:vulns_xml] = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml'
|
||||||
options[:vulns_xpath] = "//plugin[@name='#@name']/vulnerability"
|
options[:vulns_xpath] = "//plugin[@name='$name$']/vulnerability"
|
||||||
options[:vulns_xpath_2] = "//plugin"
|
options[:vulns_xpath_2] = "//plugin"
|
||||||
options[:type] = "plugins"
|
options[:type] = "plugins"
|
||||||
super(options)
|
super(options)
|
||||||
|
|||||||
@@ -24,7 +24,7 @@ class WpTheme < WpItem
|
|||||||
|
|
||||||
def initialize(options = {})
|
def initialize(options = {})
|
||||||
options[:vulns_xml] = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml'
|
options[:vulns_xml] = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml'
|
||||||
options[:vulns_xpath] = "//theme[@name='#@name']/vulnerability"
|
options[:vulns_xpath] = "//theme[@name='$name$']/vulnerability"
|
||||||
@version = options[:version]
|
@version = options[:version]
|
||||||
@style_url = options[:style_url]
|
@style_url = options[:style_url]
|
||||||
super(options)
|
super(options)
|
||||||
|
|||||||
@@ -22,7 +22,9 @@ describe WpPlugin do
|
|||||||
before :each do
|
before :each do
|
||||||
@instance = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
|
@instance = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
|
||||||
:path => "plugins/test/asdf.php",
|
:path => "plugins/test/asdf.php",
|
||||||
:vulns_xml => "XXX.xml"
|
:vulns_xml => "XXX.xml",
|
||||||
|
:name => "test",
|
||||||
|
:vulns_xpath => "XX"
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
@@ -174,7 +176,8 @@ describe WpPlugin do
|
|||||||
it "should return false" do
|
it "should return false" do
|
||||||
instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
|
instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
|
||||||
:path => "plugins/newname/asdf.php",
|
:path => "plugins/newname/asdf.php",
|
||||||
:vulns_xml => "XXX.xml"
|
:vulns_xml => "XXX.xml",
|
||||||
|
:vulns_xpath => "XX"
|
||||||
)
|
)
|
||||||
(@instance==instance2).should == false
|
(@instance==instance2).should == false
|
||||||
end
|
end
|
||||||
@@ -182,7 +185,8 @@ describe WpPlugin do
|
|||||||
it "should return true" do
|
it "should return true" do
|
||||||
instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
|
instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
|
||||||
:path => "plugins/test/asdf.php",
|
:path => "plugins/test/asdf.php",
|
||||||
:vulns_xml => "XXX.xml"
|
:vulns_xml => "XXX.xml",
|
||||||
|
:vulns_xpath => "XX"
|
||||||
)
|
)
|
||||||
(@instance==instance2).should == true
|
(@instance==instance2).should == true
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -1,9 +1,9 @@
|
|||||||
# TODO
|
# TODO
|
||||||
|
|
||||||
describe "#vulnerabilities" do
|
describe "#vulnerabilities" do
|
||||||
let(:location_url) { 'http://example.localhost/' }
|
let(:location_url) { "http://example.localhost/" }
|
||||||
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' }
|
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/vulnerabilities" }
|
||||||
let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' }
|
let(:vulns_xml) { fixtures_dir + "/plugin_vulns.xml" }
|
||||||
let(:wp_plugin) { WpPlugin.new(:url => location_url,
|
let(:wp_plugin) { WpPlugin.new(:url => location_url,
|
||||||
:name => "spec-plugin",
|
:name => "spec-plugin",
|
||||||
:path => "plugins/spec-plugin/",
|
:path => "plugins/spec-plugin/",
|
||||||
@@ -24,7 +24,7 @@ describe "#vulnerabilities" do
|
|||||||
vulnerabilities.should_not be_empty
|
vulnerabilities.should_not be_empty
|
||||||
vulnerabilities.length.should == 2
|
vulnerabilities.length.should == 2
|
||||||
vulnerabilities.each { |vulnerability| vulnerability.should be_a WpVulnerability }
|
vulnerabilities.each { |vulnerability| vulnerability.should be_a WpVulnerability }
|
||||||
vulnerabilities[0].title.should === 'WPScan Spec'
|
vulnerabilities[0].title.should === "WPScan Spec"
|
||||||
vulnerabilities[1].title.should === 'Spec SQL Injection'
|
vulnerabilities[1].title.should === "Spec SQL Injection"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
Reference in New Issue
Block a user