Moves Models into their own namespace - Ref #1315
This commit is contained in:
erwanlr
@@ -29,13 +29,13 @@ describe WPScan::Controller::Core do
|
||||
expect(core.target).to receive(:server).and_return(@stubbed_server)
|
||||
expect(core.load_server_module).to eql @expected
|
||||
|
||||
[core.target, WPScan::WpItem.new(target_url, core.target)].each do |instance|
|
||||
[core.target, WPScan::Model::WpItem.new(target_url, core.target)].each do |instance|
|
||||
expect(instance).to respond_to(:directory_listing?)
|
||||
expect(instance).to respond_to(:directory_listing_entries)
|
||||
|
||||
# The below doesn't work, the module would have to be removed from the class
|
||||
# TODO: find a way to test this
|
||||
# expect(instance.server).to eql @expected if instance.is_a? WPScan::WpItem
|
||||
# expect(instance.server).to eql @expected if instance.is_a? WPScan::Model::WpItem
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ describe WPScan::Controller::PasswordAttack do
|
||||
|
||||
it 'returns an array with the users' do
|
||||
expected = %w[admin editor].reduce([]) do |a, e|
|
||||
a << CMSScanner::User.new(e)
|
||||
a << WPScan::Model::User.new(e)
|
||||
end
|
||||
|
||||
expect(controller.users).to eql expected
|
||||
@@ -90,7 +90,9 @@ describe WPScan::Controller::PasswordAttack do
|
||||
|
||||
context 'when xmlrpc detected on target' do
|
||||
before do
|
||||
expect(controller.target).to receive(:xmlrpc).and_return(WPScan::XMLRPC.new("#{target_url}/xmlrpc.php"))
|
||||
expect(controller.target)
|
||||
.to receive(:xmlrpc)
|
||||
.and_return(WPScan::Model::XMLRPC.new("#{target_url}/xmlrpc.php"))
|
||||
end
|
||||
|
||||
context 'when single xmlrpc' do
|
||||
@@ -98,7 +100,7 @@ describe WPScan::Controller::PasswordAttack do
|
||||
|
||||
it 'returns the correct object' do
|
||||
expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
|
||||
expect(controller.attacker.target).to be_a WPScan::XMLRPC
|
||||
expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
|
||||
end
|
||||
end
|
||||
|
||||
@@ -107,7 +109,7 @@ describe WPScan::Controller::PasswordAttack do
|
||||
|
||||
it 'returns the correct object' do
|
||||
expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
|
||||
expect(controller.attacker.target).to be_a WPScan::XMLRPC
|
||||
expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -127,7 +129,7 @@ describe WPScan::Controller::PasswordAttack do
|
||||
end
|
||||
|
||||
context 'when xmlrpc not enabled' do
|
||||
let(:xmlrpc) { WPScan::XMLRPC.new("#{target_url}/xmlrpc.php") }
|
||||
let(:xmlrpc) { WPScan::Model::XMLRPC.new("#{target_url}/xmlrpc.php") }
|
||||
|
||||
it 'returns the WpLogin' do
|
||||
expect(xmlrpc).to receive(:enabled?).and_return(false)
|
||||
@@ -138,7 +140,7 @@ describe WPScan::Controller::PasswordAttack do
|
||||
end
|
||||
|
||||
context 'when xmlrpc enabled' do
|
||||
let(:xmlrpc) { WPScan::XMLRPC.new("#{target_url}/xmlrpc.php") }
|
||||
let(:xmlrpc) { WPScan::Model::XMLRPC.new("#{target_url}/xmlrpc.php") }
|
||||
|
||||
before { expect(xmlrpc).to receive(:enabled?).and_return(true) }
|
||||
|
||||
@@ -159,7 +161,7 @@ describe WPScan::Controller::PasswordAttack do
|
||||
expect(controller.target).to receive(:wp_version).and_return(false)
|
||||
|
||||
expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
|
||||
expect(controller.attacker.target).to be_a WPScan::XMLRPC
|
||||
expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
|
||||
end
|
||||
end
|
||||
|
||||
@@ -167,20 +169,20 @@ describe WPScan::Controller::PasswordAttack do
|
||||
before { expect(controller.target).to receive(:wp_version).and_return(wp_version) }
|
||||
|
||||
context 'when WP < 4.4' do
|
||||
let(:wp_version) { WPScan::WpVersion.new('3.8.1') }
|
||||
let(:wp_version) { WPScan::Model::WpVersion.new('3.8.1') }
|
||||
|
||||
it 'returns the XMLRPCMulticall' do
|
||||
expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
|
||||
expect(controller.attacker.target).to be_a WPScan::XMLRPC
|
||||
expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
|
||||
end
|
||||
end
|
||||
|
||||
context 'when WP >= 4.4' do
|
||||
let(:wp_version) { WPScan::WpVersion.new('4.4') }
|
||||
let(:wp_version) { WPScan::Model::WpVersion.new('4.4') }
|
||||
|
||||
it 'returns the XMLRPC' do
|
||||
expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
|
||||
expect(controller.attacker.target).to be_a WPScan::XMLRPC
|
||||
expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -56,7 +56,7 @@ describe WPScan::Controller::WpVersion do
|
||||
context "when --detection-mode #{mode}" do
|
||||
let(:cli_args) { "#{super()} --detection-mode #{mode}" }
|
||||
|
||||
[WPScan::WpVersion.new('4.0')].each do |version|
|
||||
[WPScan::Model::WpVersion.new('4.0')].each do |version|
|
||||
context "when version = #{version}" do
|
||||
let(:stubbed) { version }
|
||||
|
||||
@@ -68,16 +68,16 @@ describe WPScan::Controller::WpVersion do
|
||||
|
||||
context 'when --wp-version-all supplied' do
|
||||
let(:cli_args) { "#{super()} --wp-version-all" }
|
||||
let(:stubbed) { WPScan::WpVersion.new('3.9.1') }
|
||||
let(:stubbed) { WPScan::Model::WpVersion.new('3.9.1') }
|
||||
|
||||
it_calls_the_formatter_with_the_correct_parameter(WPScan::WpVersion.new('3.9.1'))
|
||||
it_calls_the_formatter_with_the_correct_parameter(WPScan::Model::WpVersion.new('3.9.1'))
|
||||
end
|
||||
|
||||
context 'when --wp-version-detection mode supplied' do
|
||||
let(:cli_args) { "#{super()} --detection-mode mixed --wp-version-detection passive" }
|
||||
let(:stubbed) { WPScan::WpVersion.new('4.4') }
|
||||
let(:stubbed) { WPScan::Model::WpVersion.new('4.4') }
|
||||
|
||||
it_calls_the_formatter_with_the_correct_parameter(WPScan::WpVersion.new('4.4'))
|
||||
it_calls_the_formatter_with_the_correct_parameter(WPScan::Model::WpVersion.new('4.4'))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -36,7 +36,7 @@ describe WPScan::Finders::ConfigBackups::KnownFilenames do
|
||||
|
||||
files.each do |file|
|
||||
url = "#{target.url}#{file}"
|
||||
expected << WPScan::ConfigBackup.new(
|
||||
expected << WPScan::Model::ConfigBackup.new(
|
||||
url,
|
||||
confidence: 100,
|
||||
found_by: described_class::DIRECT_ACCESS
|
||||
|
||||
@@ -53,7 +53,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
|
||||
|
||||
files.each do |file|
|
||||
url = "#{target.url}#{file}"
|
||||
expected << WPScan::DbExport.new(
|
||||
expected << WPScan::Model::DbExport.new(
|
||||
url,
|
||||
confidence: 100,
|
||||
found_by: described_class::DIRECT_ACCESS
|
||||
|
||||
@@ -35,7 +35,7 @@ describe WPScan::Finders::InterestingFindings::BackupDB do
|
||||
after do
|
||||
found = finder.aggressive
|
||||
|
||||
expect(found).to eql WPScan::BackupDB.new(
|
||||
expect(found).to eql WPScan::Model::BackupDB.new(
|
||||
dir_url,
|
||||
confidence: 70,
|
||||
found_by: described_class::DIRECT_ACCESS
|
||||
|
||||
@@ -21,7 +21,7 @@ describe WPScan::Finders::InterestingFindings::DebugLog do
|
||||
let(:body) { File.read(fixtures.join('debug.log')) }
|
||||
|
||||
it 'returns the InterestingFinding' do
|
||||
expect(finder.aggressive).to eql WPScan::DebugLog.new(
|
||||
expect(finder.aggressive).to eql WPScan::Model::DebugLog.new(
|
||||
log_url,
|
||||
confidence: 100,
|
||||
found_by: described_class::DIRECT_ACCESS
|
||||
|
||||
@@ -22,7 +22,7 @@ describe WPScan::Finders::InterestingFindings::DuplicatorInstallerLog do
|
||||
let(:body) { File.read(fixtures.join(filename)) }
|
||||
|
||||
it 'returns the InterestingFinding' do
|
||||
expect(finder.aggressive).to eql WPScan::DuplicatorInstallerLog.new(
|
||||
expect(finder.aggressive).to eql WPScan::Model::DuplicatorInstallerLog.new(
|
||||
log_url,
|
||||
confidence: 100,
|
||||
found_by: described_class::DIRECT_ACCESS
|
||||
|
||||
@@ -23,7 +23,7 @@ describe WPScan::Finders::InterestingFindings::FullPathDisclosure do
|
||||
it 'returns the InterestingFinding' do
|
||||
found = finder.aggressive
|
||||
|
||||
expect(found).to eql WPScan::FullPathDisclosure.new(
|
||||
expect(found).to eql WPScan::Model::FullPathDisclosure.new(
|
||||
file_url,
|
||||
confidence: 100,
|
||||
found_by: described_class::DIRECT_ACCESS
|
||||
|
||||
@@ -25,7 +25,7 @@ describe WPScan::Finders::InterestingFindings::Readme do
|
||||
before { stub_request(:get, target.url(file)).to_return(body: readme) }
|
||||
|
||||
it 'returns the expected InterestingFinding' do
|
||||
expected = WPScan::Readme.new(
|
||||
expected = WPScan::Model::Readme.new(
|
||||
target.url(file),
|
||||
confidence: 100,
|
||||
found_by: described_class::DIRECT_ACCESS
|
||||
|
||||
@@ -36,7 +36,7 @@ describe WPScan::Finders::InterestingFindings::UploadSQLDump do
|
||||
let(:fixture) { 'dump.sql' }
|
||||
|
||||
it 'returns the interesting findings' do
|
||||
@expected = WPScan::UploadSQLDump.new(
|
||||
@expected = WPScan::Model::UploadSQLDump.new(
|
||||
finder.dump_url,
|
||||
confidence: 100,
|
||||
found_by: described_class::DIRECT_ACCESS
|
||||
|
||||
@@ -13,7 +13,7 @@ describe WPScan::Finders::InterestingFindings::WPCron do
|
||||
let(:status) { 200 }
|
||||
|
||||
it 'returns the InterestingFinding' do
|
||||
expect(finder.aggressive).to eql WPScan::WPCron.new(
|
||||
expect(finder.aggressive).to eql WPScan::Model::WPCron.new(
|
||||
finder.wp_cron_url,
|
||||
confidence: 60,
|
||||
found_by: described_class::DIRECT_ACCESS
|
||||
|
||||
@@ -28,7 +28,7 @@ describe WPScan::Finders::MainTheme::CssStyle do
|
||||
let(:fixture) { 'link_href.html' }
|
||||
|
||||
it 'returns the expected theme' do
|
||||
@expected = WPScan::Theme.new(
|
||||
@expected = WPScan::Model::Theme.new(
|
||||
'twentyfifteen',
|
||||
target,
|
||||
found_by: 'Css Style (Passive Detection)',
|
||||
@@ -42,7 +42,7 @@ describe WPScan::Finders::MainTheme::CssStyle do
|
||||
let(:fixture) { 'style_code.html' }
|
||||
|
||||
it 'returns the expected theme' do
|
||||
@expected = WPScan::Theme.new(
|
||||
@expected = WPScan::Model::Theme.new(
|
||||
'custom',
|
||||
target,
|
||||
found_by: 'Css Style (Passive Detection)',
|
||||
|
||||
@@ -22,7 +22,7 @@ describe WPScan::Finders::MainTheme::UrlsInHomepage do
|
||||
@expected = []
|
||||
|
||||
{ 'twentyfifteen' => 6, 'yolo' => 4, 'test' => 2 }.each do |slug, confidence|
|
||||
@expected << WPScan::Theme.new(
|
||||
@expected << WPScan::Model::Theme.new(
|
||||
slug, target, found_by: 'Urls In Homepage (Passive Detection)', confidence: confidence
|
||||
)
|
||||
end
|
||||
|
||||
@@ -26,7 +26,7 @@ describe WPScan::Finders::MainTheme::WooFrameworkMetaGenerator do
|
||||
|
||||
it 'returns the expected theme' do
|
||||
@file = 'woo_generator.html'
|
||||
@expected = WPScan::Theme.new(
|
||||
@expected = WPScan::Model::Theme.new(
|
||||
'Merchant', target,
|
||||
found_by: 'Woo Framework Meta Generator (Passive Detection)',
|
||||
confidence: 80
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
describe WPScan::Finders::PluginVersion::Readme do
|
||||
subject(:finder) { described_class.new(plugin) }
|
||||
let(:plugin) { WPScan::Plugin.new('spec', target) }
|
||||
let(:plugin) { WPScan::Model::Plugin.new('spec', target) }
|
||||
let(:target) { WPScan::Target.new('http://wp.lab/') }
|
||||
let(:fixtures) { FINDERS_FIXTURES.join('plugin_version', 'readme') }
|
||||
|
||||
def version(number, found_by, confidence)
|
||||
WPScan::Version.new(
|
||||
WPScan::Model::Version.new(
|
||||
number,
|
||||
found_by: format('Readme - %s (Aggressive Detection)', found_by),
|
||||
confidence: confidence,
|
||||
@@ -31,7 +31,7 @@ describe WPScan::Finders::PluginVersion::Readme do
|
||||
expect(finder.aggressive).to eql @expected
|
||||
end
|
||||
|
||||
let(:readme_url) { plugin.url(WPScan::WpItem::READMES.sample) }
|
||||
let(:readme_url) { plugin.url(WPScan::Model::WpItem::READMES.sample) }
|
||||
|
||||
context 'when no version' do
|
||||
it 'returns nil' do
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
|
||||
describe WPScan::Finders::PluginVersion::Base do
|
||||
subject(:plugin_version) { described_class.new(plugin) }
|
||||
let(:plugin) { WPScan::Plugin.new(slug, target) }
|
||||
let(:plugin) { WPScan::Model::Plugin.new(slug, target) }
|
||||
let(:target) { WPScan::Target.new('http://wp.lab/') }
|
||||
let(:default_finders) { %w[Readme] }
|
||||
|
||||
|
||||
@@ -6,6 +6,6 @@ describe WPScan::Finders::Plugins::BodyPattern do
|
||||
let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
|
||||
|
||||
let(:expected_all) { df_expected_all['plugins'] }
|
||||
let(:item_class) { WPScan::Plugin }
|
||||
let(:item_class) { WPScan::Model::Plugin }
|
||||
end
|
||||
end
|
||||
|
||||
@@ -6,6 +6,6 @@ describe WPScan::Finders::Plugins::Comment do
|
||||
let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
|
||||
|
||||
let(:expected_all) { df_expected_all['plugins'] }
|
||||
let(:item_class) { WPScan::Plugin }
|
||||
let(:item_class) { WPScan::Model::Plugin }
|
||||
end
|
||||
end
|
||||
|
||||
@@ -8,6 +8,6 @@ describe WPScan::Finders::Plugins::ConfigParser do
|
||||
# let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
|
||||
#
|
||||
# let(:expected_all) { df_expected_all['plugins'] }
|
||||
# let(:item_class) { WPScan::Plugin }
|
||||
# let(:item_class) { WPScan::Model::Plugin }
|
||||
# end
|
||||
end
|
||||
|
||||
@@ -5,7 +5,7 @@ describe WPScan::Finders::Plugins::HeaderPattern do
|
||||
let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
|
||||
|
||||
def plugin(slug)
|
||||
WPScan::Plugin.new(slug, target)
|
||||
WPScan::Model::Plugin.new(slug, target)
|
||||
end
|
||||
|
||||
describe '#passive' do
|
||||
|
||||
@@ -6,6 +6,6 @@ describe WPScan::Finders::Plugins::JavascriptVar do
|
||||
let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
|
||||
|
||||
let(:expected_all) { df_expected_all['plugins'] }
|
||||
let(:item_class) { WPScan::Plugin }
|
||||
let(:item_class) { WPScan::Model::Plugin }
|
||||
end
|
||||
end
|
||||
|
||||
@@ -6,6 +6,6 @@ describe WPScan::Finders::Plugins::Xpath do
|
||||
let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
|
||||
|
||||
let(:expected_all) { df_expected_all['plugins'] }
|
||||
let(:item_class) { WPScan::Plugin }
|
||||
let(:item_class) { WPScan::Model::Plugin }
|
||||
end
|
||||
end
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
describe WPScan::Finders::ThemeVersion::Style do
|
||||
subject(:finder) { described_class.new(theme) }
|
||||
let(:theme) { WPScan::Theme.new('spec', target) }
|
||||
let(:theme) { WPScan::Model::Theme.new('spec', target) }
|
||||
let(:target) { WPScan::Target.new('http://wp.lab/') }
|
||||
let(:fixtures) { FINDERS_FIXTURES.join('theme_version', 'style') }
|
||||
|
||||
@@ -81,7 +81,7 @@ describe WPScan::Finders::ThemeVersion::Style do
|
||||
|
||||
it 'returns the expected version' do
|
||||
expected = if expected_version
|
||||
WPScan::Version.new(
|
||||
WPScan::Model::Version.new(
|
||||
expected_version,
|
||||
confidence: 80,
|
||||
interesting_entries: ["#{theme.style_url}, Version: #{expected_version}"]
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
describe WPScan::Finders::ThemeVersion::WooFrameworkMetaGenerator do
|
||||
subject(:finder) { described_class.new(theme) }
|
||||
let(:theme) { WPScan::Theme.new(slug, target) }
|
||||
let(:theme) { WPScan::Model::Theme.new(slug, target) }
|
||||
let(:target) { WPScan::Target.new('http://wp.lab/') }
|
||||
let(:fixtures) { FINDERS_FIXTURES.join('theme_version', 'woo_framework_meta_generator') }
|
||||
|
||||
@@ -28,7 +28,7 @@ describe WPScan::Finders::ThemeVersion::WooFrameworkMetaGenerator do
|
||||
let(:slug) { 'Editorial' }
|
||||
|
||||
it 'return the expected version' do
|
||||
@expected = WPScan::Version.new(
|
||||
@expected = WPScan::Model::Version.new(
|
||||
'1.3.5',
|
||||
found_by: 'Woo Framework Meta Generator (Passive Detection)',
|
||||
confidence: 80
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
describe WPScan::Finders::ThemeVersion::Base do
|
||||
subject(:theme_version) { described_class.new(theme) }
|
||||
let(:theme) { WPScan::Plugin.new(slug, target) }
|
||||
let(:theme) { WPScan::Model::Plugin.new(slug, target) }
|
||||
let(:target) { WPScan::Target.new('http://wp.lab/') }
|
||||
let(:slug) { 'spec' }
|
||||
let(:default_finders) { %w[Style WooFrameworkMetaGenerator] }
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
describe WPScan::Finders::TimthumbVersion::BadRequest do
|
||||
subject(:finder) { described_class.new(target) }
|
||||
let(:target) { WPScan::Timthumb.new(url) }
|
||||
let(:target) { WPScan::Model::Timthumb.new(url) }
|
||||
let(:url) { 'http://ex.lo/timthumb.php' }
|
||||
let(:fixtures) { FINDERS_FIXTURES.join('timthumb_version', 'bad_request') }
|
||||
|
||||
@@ -20,7 +20,7 @@ describe WPScan::Finders::TimthumbVersion::BadRequest do
|
||||
let(:file) { '2.8.14.php' }
|
||||
|
||||
it 'returns the expected version' do
|
||||
@expected = WPScan::Version.new(
|
||||
@expected = WPScan::Model::Version.new(
|
||||
'2.8.14',
|
||||
confidence: 90,
|
||||
found_by: 'Bad Request (Aggressive Detection)',
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
describe WPScan::Finders::TimthumbVersion::Base do
|
||||
subject(:timthumb_version) { described_class.new(target) }
|
||||
let(:target) { WPScan::Timthumb.new(url) }
|
||||
let(:target) { WPScan::Model::Timthumb.new(url) }
|
||||
let(:url) { 'http://ex.lo/timthumb.php' }
|
||||
|
||||
describe '#finders' do
|
||||
|
||||
@@ -24,12 +24,12 @@ describe WPScan::Finders::Users::RSSGenerator do
|
||||
stub_request(:get, target.url('feed/rss2/'))
|
||||
|
||||
expect(finder.aggressive).to eql [
|
||||
CMSScanner::User.new(
|
||||
WPScan::Model::User.new(
|
||||
'admin',
|
||||
confidence: 50,
|
||||
found_by: 'Rss Generator (Aggressive Detection)'
|
||||
),
|
||||
CMSScanner::User.new(
|
||||
WPScan::Model::User.new(
|
||||
'Aa Dias-Gildes',
|
||||
confidence: 50,
|
||||
found_by: 'Rss Generator (Aggressive Detection)'
|
||||
@@ -45,12 +45,12 @@ describe WPScan::Finders::Users::RSSGenerator do
|
||||
stub_request(:get, target.url('feed/')).to_return(body: rss_fixture)
|
||||
|
||||
expect(finder.passive).to eql [
|
||||
CMSScanner::User.new(
|
||||
WPScan::Model::User.new(
|
||||
'admin',
|
||||
confidence: 50,
|
||||
found_by: 'Rss Generator (Passive Detection)'
|
||||
),
|
||||
CMSScanner::User.new(
|
||||
WPScan::Model::User.new(
|
||||
'Aa Dias-Gildes',
|
||||
confidence: 50,
|
||||
found_by: 'Rss Generator (Passive Detection)'
|
||||
@@ -63,12 +63,12 @@ describe WPScan::Finders::Users::RSSGenerator do
|
||||
stub_request(:get, target.url('comments/feed/')).to_return(body: rss_fixture)
|
||||
|
||||
expect(finder.aggressive(mode: :mixed)).to eql [
|
||||
CMSScanner::User.new(
|
||||
WPScan::Model::User.new(
|
||||
'admin',
|
||||
confidence: 50,
|
||||
found_by: 'Rss Generator (Aggressive Detection)'
|
||||
),
|
||||
CMSScanner::User.new(
|
||||
WPScan::Model::User.new(
|
||||
'Aa Dias-Gildes',
|
||||
confidence: 50,
|
||||
found_by: 'Rss Generator (Aggressive Detection)'
|
||||
@@ -82,12 +82,12 @@ describe WPScan::Finders::Users::RSSGenerator do
|
||||
stub_request(:get, target.url('feed/')).to_return(body: rss_fixture)
|
||||
|
||||
expect(finder.aggressive).to eql [
|
||||
CMSScanner::User.new(
|
||||
WPScan::Model::User.new(
|
||||
'admin',
|
||||
confidence: 50,
|
||||
found_by: 'Rss Generator (Aggressive Detection)'
|
||||
),
|
||||
CMSScanner::User.new(
|
||||
WPScan::Model::User.new(
|
||||
'Aa Dias-Gildes',
|
||||
confidence: 50,
|
||||
found_by: 'Rss Generator (Aggressive Detection)'
|
||||
|
||||
@@ -22,7 +22,7 @@ describe WPScan::Finders::WpVersion::AtomGenerator do
|
||||
stub_request(:get, target.url('?feed=atom'))
|
||||
|
||||
expect(finder.aggressive).to eql [
|
||||
WPScan::WpVersion.new(
|
||||
WPScan::Model::WpVersion.new(
|
||||
'4.0',
|
||||
confidence: 80,
|
||||
found_by: 'Atom Generator (Aggressive Detection)',
|
||||
@@ -42,7 +42,7 @@ describe WPScan::Finders::WpVersion::AtomGenerator do
|
||||
stub_request(:get, target.url('?feed=atom')).to_return(body: atom_fixture)
|
||||
|
||||
expect(finder.passive).to eql [
|
||||
WPScan::WpVersion.new(
|
||||
WPScan::Model::WpVersion.new(
|
||||
'4.0',
|
||||
confidence: 80,
|
||||
found_by: 'Atom Generator (Passive Detection)',
|
||||
@@ -59,7 +59,7 @@ describe WPScan::Finders::WpVersion::AtomGenerator do
|
||||
stub_request(:get, target.url('feed/atom/')).to_return(body: atom_fixture)
|
||||
|
||||
expect(finder.aggressive(mode: :mixed)).to eql [
|
||||
WPScan::WpVersion.new(
|
||||
WPScan::Model::WpVersion.new(
|
||||
'4.0',
|
||||
confidence: 80,
|
||||
found_by: 'Atom Generator (Aggressive Detection)',
|
||||
@@ -78,7 +78,7 @@ describe WPScan::Finders::WpVersion::AtomGenerator do
|
||||
stub_request(:get, target.url('?feed=atom'))
|
||||
|
||||
expect(finder.aggressive).to eql [
|
||||
WPScan::WpVersion.new(
|
||||
WPScan::Model::WpVersion.new(
|
||||
'4.0',
|
||||
confidence: 80,
|
||||
found_by: 'Atom Generator (Aggressive Detection)',
|
||||
|
||||
@@ -33,7 +33,7 @@ describe WPScan::Finders::WpVersion::Readme do
|
||||
let(:file) { '4.0.html' }
|
||||
|
||||
it 'returns the expected version' do
|
||||
@expected = WPScan::WpVersion.new(
|
||||
@expected = WPScan::Model::WpVersion.new(
|
||||
'4.0',
|
||||
confidence: 90,
|
||||
found_by: 'Readme (Aggressive Detection)',
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
describe WPScan::InterestingFinding do
|
||||
describe WPScan::Model::InterestingFinding do
|
||||
it_behaves_like WPScan::References do
|
||||
subject(:finding) { described_class.new('http://e.org/file.php', opts) }
|
||||
let(:opts) { { references: references } }
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
describe WPScan::Media do
|
||||
describe WPScan::Model::Media do
|
||||
subject(:media) { described_class.new(url) }
|
||||
let(:url) { 'http://e.oeg/?attachment_id=2' }
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
describe WPScan::Plugin do
|
||||
describe WPScan::Model::Plugin do
|
||||
subject(:plugin) { described_class.new(slug, blog, opts) }
|
||||
let(:slug) { 'spec' }
|
||||
let(:blog) { WPScan::Target.new('http://wp.lab/') }
|
||||
@@ -70,7 +70,7 @@ describe WPScan::Plugin do
|
||||
context 'when values' do
|
||||
let(:slug) { 'no-vulns-popular' }
|
||||
|
||||
its(:latest_version) { should eql WPScan::Version.new('2.0') }
|
||||
its(:latest_version) { should eql WPScan::Model::Version.new('2.0') }
|
||||
its(:last_updated) { should eql '2015-05-16T00:00:00.000Z' }
|
||||
its(:popular?) { should be true }
|
||||
end
|
||||
@@ -87,7 +87,12 @@ describe WPScan::Plugin do
|
||||
end
|
||||
|
||||
context 'when version' do
|
||||
before { expect(plugin).to receive(:version).at_least(1).and_return(WPScan::Version.new(version_number)) }
|
||||
before do
|
||||
expect(plugin)
|
||||
.to receive(:version)
|
||||
.at_least(1)
|
||||
.and_return(WPScan::Model::Version.new(version_number))
|
||||
end
|
||||
|
||||
context 'when version < last_version' do
|
||||
let(:version_number) { '1.2' }
|
||||
@@ -113,7 +118,12 @@ describe WPScan::Plugin do
|
||||
end
|
||||
|
||||
context 'when version' do
|
||||
before { expect(plugin).to receive(:version).at_least(1).and_return(WPScan::Version.new('1.0')) }
|
||||
before do
|
||||
expect(plugin)
|
||||
.to receive(:version)
|
||||
.at_least(1)
|
||||
.and_return(WPScan::Model::Version.new('1.0'))
|
||||
end
|
||||
|
||||
its(:outdated?) { should eql false }
|
||||
end
|
||||
@@ -166,7 +176,12 @@ describe WPScan::Plugin do
|
||||
end
|
||||
|
||||
context 'when plugin version' do
|
||||
before { expect(plugin).to receive(:version).at_least(1).and_return(WPScan::Version.new(number)) }
|
||||
before do
|
||||
expect(plugin)
|
||||
.to receive(:version)
|
||||
.at_least(1)
|
||||
.and_return(WPScan::Model::Version.new(number))
|
||||
end
|
||||
|
||||
context 'when < to a fixed_in' do
|
||||
let(:number) { '5.0' }
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
describe WPScan::Theme do
|
||||
describe WPScan::Model::Theme do
|
||||
subject(:theme) { described_class.new(slug, blog, opts) }
|
||||
let(:slug) { 'spec' }
|
||||
let(:blog) { WPScan::Target.new('http://wp.lab/') }
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
describe WPScan::Timthumb do
|
||||
describe WPScan::Model::Timthumb do
|
||||
subject(:timthumb) { described_class.new(url, opts) }
|
||||
let(:url) { 'http://wp.lab/wp-content/timthumb.php' }
|
||||
let(:fixtures) { FIXTURES.join('models', 'timthumb') }
|
||||
@@ -86,7 +86,7 @@ describe WPScan::Timthumb do
|
||||
end
|
||||
|
||||
context 'when version' do
|
||||
let(:version) { WPScan::Version.new(version_number) }
|
||||
let(:version) { WPScan::Model::Version.new(version_number) }
|
||||
|
||||
context 'when version >= 2.8.14' do
|
||||
let(:version_number) { '2.8.14' }
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
describe WPScan::WpItem do
|
||||
describe WPScan::Model::WpItem do
|
||||
subject(:wp_item) { described_class.new(slug, blog, opts) }
|
||||
let(:slug) { 'test_item' }
|
||||
let(:blog) { WPScan::Target.new(url) }
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
describe WPScan::WpVersion do
|
||||
describe WPScan::Model::WpVersion do
|
||||
describe '#new' do
|
||||
context 'when invalid number' do
|
||||
it 'raises an error' do
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
describe WPScan::XMLRPC do
|
||||
describe WPScan::Model::XMLRPC do
|
||||
subject(:xml_rpc) { described_class.new('http//e.org/xmlrpc.php') }
|
||||
|
||||
describe '#references' do
|
||||
|
||||
@@ -30,7 +30,7 @@ WPScan::DB::DynamicFinders::Plugin.versions_finders_configs.each do |slug, confi
|
||||
# If someone find a fix for that, please share!
|
||||
describe df_tested_class_constant('PluginVersion', finder_class, slug), slow: true do
|
||||
subject(:finder) { described_class.new(plugin) }
|
||||
let(:plugin) { WPScan::Plugin.new(slug, target) }
|
||||
let(:plugin) { WPScan::Model::Plugin.new(slug, target) }
|
||||
let(:target) { WPScan::Target.new('http://wp.lab/') }
|
||||
let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
|
||||
|
||||
@@ -75,7 +75,7 @@ WPScan::DB::DynamicFinders::Plugin.versions_finders_configs.each do |slug, confi
|
||||
found.each_with_index do |version, index|
|
||||
expected_version = expected.at(index)
|
||||
|
||||
expect(version).to be_a WPScan::Version
|
||||
expect(version).to be_a WPScan::Model::Version
|
||||
expect(version.number).to eql expected_version['number'].to_s
|
||||
expect(version.found_by).to eql expected_version['found_by']
|
||||
expect(version.interesting_entries).to match_array expected_version['interesting_entries']
|
||||
@@ -117,7 +117,7 @@ WPScan::DB::DynamicFinders::Plugin.versions_finders_configs.each do |slug, confi
|
||||
found.each_with_index do |version, index|
|
||||
expected_version = expected.at(index)
|
||||
|
||||
expect(version).to be_a WPScan::Version
|
||||
expect(version).to be_a WPScan::Model::Version
|
||||
expect(version.number).to eql expected_version['number'].to_s
|
||||
expect(version.found_by).to eql expected_version['found_by']
|
||||
expect(version.interesting_entries).to match_array expected_version['interesting_entries']
|
||||
|
||||
@@ -48,7 +48,7 @@ WPScan::DB::DynamicFinders::Wordpress.versions_finders_configs.each do |finder_c
|
||||
found.each_with_index do |version, index|
|
||||
expected_version = expected.at(index)
|
||||
|
||||
expect(version).to be_a WPScan::WpVersion
|
||||
expect(version).to be_a WPScan::Model::WpVersion
|
||||
expect(version.number).to eql expected_version['number'].to_s
|
||||
expect(version.found_by).to eql expected_version['found_by']
|
||||
expect(version.interesting_entries).to match_array expected_version['interesting_entries']
|
||||
@@ -83,7 +83,7 @@ WPScan::DB::DynamicFinders::Wordpress.versions_finders_configs.each do |finder_c
|
||||
found.each_with_index do |version, index|
|
||||
expected_version = expected.at(index)
|
||||
|
||||
expect(version).to be_a WPScan::WpVersion
|
||||
expect(version).to be_a WPScan::Model::WpVersion
|
||||
expect(version.number).to eql expected_version['number'].to_s
|
||||
expect(version.found_by).to eql expected_version['found_by']
|
||||
expect(version.interesting_entries).to match_array expected_version['interesting_entries']
|
||||
|
||||
@@ -18,14 +18,14 @@ describe WPScan::Target do
|
||||
end
|
||||
|
||||
context 'when interesting_findings' do
|
||||
let(:interesting_findings) { ['aa', CMSScanner::RobotsTxt.new(target.url)] }
|
||||
let(:interesting_findings) { ['aa', CMSScanner::Model::RobotsTxt.new(target.url)] }
|
||||
|
||||
context 'when no XMLRPC' do
|
||||
its(:xmlrpc) { should be_nil }
|
||||
end
|
||||
|
||||
context 'when XMLRPC' do
|
||||
let(:xmlrpc) { WPScan::XMLRPC.new(target.url('xmlrpc.php')) }
|
||||
let(:xmlrpc) { WPScan::Model::XMLRPC.new(target.url('xmlrpc.php')) }
|
||||
let(:interesting_findings) { super() << xmlrpc }
|
||||
|
||||
its(:xmlrpc) { should eq xmlrpc }
|
||||
@@ -81,13 +81,13 @@ describe WPScan::Target do
|
||||
|
||||
context 'when wp_version found' do
|
||||
context 'when not vulnerable' do
|
||||
before { target.instance_variable_set(:@wp_version, WPScan::WpVersion.new('4.4')) }
|
||||
before { target.instance_variable_set(:@wp_version, WPScan::Model::WpVersion.new('4.4')) }
|
||||
|
||||
it { should_not be_vulnerable }
|
||||
end
|
||||
|
||||
context 'when vulnerable' do
|
||||
before { target.instance_variable_set(:@wp_version, WPScan::WpVersion.new('3.8.1')) }
|
||||
before { target.instance_variable_set(:@wp_version, WPScan::Model::WpVersion.new('3.8.1')) }
|
||||
|
||||
it { should be_vulnerable }
|
||||
end
|
||||
@@ -95,7 +95,7 @@ describe WPScan::Target do
|
||||
|
||||
context 'when config_backups' do
|
||||
before do
|
||||
target.instance_variable_set(:@config_backups, [WPScan::ConfigBackup.new(target.url('/a-file-url'))])
|
||||
target.instance_variable_set(:@config_backups, [WPScan::Model::ConfigBackup.new(target.url('/a-file-url'))])
|
||||
end
|
||||
|
||||
it { should be_vulnerable }
|
||||
@@ -103,7 +103,7 @@ describe WPScan::Target do
|
||||
|
||||
context 'when db_exports' do
|
||||
before do
|
||||
target.instance_variable_set(:@db_exports, [WPScan::DbExport.new(target.url('/wordpress.sql'))])
|
||||
target.instance_variable_set(:@db_exports, [WPScan::Model::DbExport.new(target.url('/wordpress.sql'))])
|
||||
end
|
||||
|
||||
it { should be_vulnerable }
|
||||
@@ -111,7 +111,9 @@ describe WPScan::Target do
|
||||
|
||||
context 'when users' do
|
||||
before do
|
||||
target.instance_variable_set(:@users, [CMSScanner::User.new('u1'), CMSScanner::User.new('u2')])
|
||||
target.instance_variable_set(:@users,
|
||||
[WPScan::Model::User.new('u1'),
|
||||
WPScan::Model::User.new('u2')])
|
||||
end
|
||||
|
||||
context 'when no passwords' do
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
shared_examples 'App::Views::Enumeration::ConfigBackups' do
|
||||
let(:view) { 'config_backups' }
|
||||
let(:config_backup) { WPScan::ConfigBackup }
|
||||
let(:config_backup) { WPScan::Model::ConfigBackup }
|
||||
|
||||
describe 'config_backups' do
|
||||
context 'when no backups found' do
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
shared_examples 'App::Views::Enumeration::DbExports' do
|
||||
let(:view) { 'db_exports' }
|
||||
let(:db_export) { WPScan::DbExport }
|
||||
let(:db_export) { WPScan::Model::DbExport }
|
||||
|
||||
describe 'db_exports' do
|
||||
context 'when no file found' do
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
shared_examples 'App::Views::Enumeration::Medias' do
|
||||
let(:view) { 'medias' }
|
||||
let(:media) { WPScan::Media }
|
||||
let(:media) { WPScan::Model::Media }
|
||||
|
||||
describe 'medias' do
|
||||
context 'when no medias found' do
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
shared_examples 'App::Views::Enumeration::Plugins' do
|
||||
let(:view) { 'plugins' }
|
||||
let(:plugin) { WPScan::Plugin }
|
||||
let(:plugin) { WPScan::Model::Plugin }
|
||||
|
||||
describe 'plugins' do
|
||||
context 'when no plugins found' do
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
shared_examples 'App::Views::Enumeration::Themes' do
|
||||
let(:view) { 'themes' }
|
||||
let(:plugin) { WPScan::Theme }
|
||||
let(:plugin) { WPScan::Model::Theme }
|
||||
|
||||
describe 'themes' do
|
||||
context 'when no themes found' do
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
shared_examples 'App::Views::Enumeration::Timthumbs' do
|
||||
let(:view) { 'timthumbs' }
|
||||
let(:timthumb) { WPScan::Timthumb }
|
||||
let(:version) { WPScan::Version.new('2.8.14', found_by: 'Bad Request') }
|
||||
let(:timthumb) { WPScan::Model::Timthumb }
|
||||
let(:version) { WPScan::Model::Version.new('2.8.14', found_by: 'Bad Request') }
|
||||
|
||||
describe 'timthumbs' do
|
||||
context 'when no timthumbs found' do
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
shared_examples 'App::Views::Enumeration::Users' do
|
||||
let(:view) { 'users' }
|
||||
let(:user) { CMSScanner::User }
|
||||
let(:user) { WPScan::Model::User }
|
||||
|
||||
describe 'users' do
|
||||
context 'when no users found' do
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
shared_examples 'App::Views::MainTheme' do
|
||||
let(:controller) { WPScan::Controller::MainTheme.new }
|
||||
let(:tpl_vars) { { url: target_url } }
|
||||
let(:theme) { WPScan::Theme.new(theme_name, target, found_by: 'rspec') }
|
||||
let(:theme) { WPScan::Model::Theme.new(theme_name, target, found_by: 'rspec') }
|
||||
|
||||
describe 'main_theme' do
|
||||
let(:view) { 'theme' }
|
||||
@@ -38,7 +38,11 @@ shared_examples 'App::Views::MainTheme' do
|
||||
let(:expected_view) { 'verbose' }
|
||||
|
||||
it 'outputs the expected string' do
|
||||
expect(theme).to receive(:version).at_least(1).and_return(WPScan::Version.new('3.2', found_by: 'style'))
|
||||
expect(theme)
|
||||
.to receive(:version)
|
||||
.at_least(1)
|
||||
.and_return(WPScan::Model::Version.new('3.2', found_by: 'style'))
|
||||
|
||||
@tpl_vars = tpl_vars.merge(theme: theme, verbose: true)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -14,7 +14,7 @@ shared_examples 'App::Views::WpVersion' do
|
||||
end
|
||||
|
||||
context 'when the version is not nil' do
|
||||
let(:version) { WPScan::WpVersion.new('4.0', found_by: 'rspec') }
|
||||
let(:version) { WPScan::Model::WpVersion.new('4.0', found_by: 'rspec') }
|
||||
|
||||
context 'when confirmed_by is empty' do
|
||||
context 'when no interesting_entries' do
|
||||
@@ -77,7 +77,7 @@ shared_examples 'App::Views::WpVersion' do
|
||||
let(:expected_view) { 'with_vulns' }
|
||||
|
||||
it 'outputs the expected string' do
|
||||
@tpl_vars = tpl_vars.merge(version: WPScan::WpVersion.new('3.8.1', found_by: 'rspec'))
|
||||
@tpl_vars = tpl_vars.merge(version: WPScan::Model::WpVersion.new('3.8.1', found_by: 'rspec'))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user