From 95041945ff4d11321607a4f2f58b77db87a8a668 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Mon, 25 Mar 2013 16:03:34 +0100 Subject: [PATCH] WpItem::Versionable specs --- lib/common/models/wp_item/versionable.rb | 5 +- spec/lib/common/models/wp_item_spec.rb | 1 + .../versionable/simple-login-lockdown-0.4.txt | 30 +++++++++ .../wp_item/versionable}/trunk-version.txt | 0 .../version/simple-login-lockdown-0.4.txt | 65 ------------------- spec/shared_examples/wp_item_versionable.rb | 60 +++++++++++++++++ 6 files changed, 94 insertions(+), 67 deletions(-) create mode 100755 spec/samples/common/models/wp_item/versionable/simple-login-lockdown-0.4.txt rename spec/samples/{wpscan/wp_plugin/version => common/models/wp_item/versionable}/trunk-version.txt (100%) delete mode 100755 spec/samples/wpscan/wp_plugin/version/simple-login-lockdown-0.4.txt create mode 100644 spec/shared_examples/wp_item_versionable.rb diff --git a/lib/common/models/wp_item/versionable.rb b/lib/common/models/wp_item/versionable.rb index 79a5563f..d1b70595 100755 --- a/lib/common/models/wp_item/versionable.rb +++ b/lib/common/models/wp_item/versionable.rb @@ -3,11 +3,11 @@ class WpItem attr_writer :version - #def allowed_options; super << :version end - module Versionable # Get the version from the readme.txt + # + # @return [ String ] The version number def version unless @version response = Browser.instance.get(readme_url) @@ -16,6 +16,7 @@ class WpItem @version end + # @return [ String ] def to_s item_version = self.version "#@name#{' v' + item_version.strip if item_version}" diff --git a/spec/lib/common/models/wp_item_spec.rb b/spec/lib/common/models/wp_item_spec.rb index 9d1b48d5..6bdf95f4 100644 --- a/spec/lib/common/models/wp_item_spec.rb +++ b/spec/lib/common/models/wp_item_spec.rb @@ -10,6 +10,7 @@ describe WpItem do let(:changelog_url) { uri.merge('changelog.txt').to_s } let(:error_log_url) { uri.merge('error_log').to_s } end + it_behaves_like 'WpItem::Versionable' subject(:wp_item) { WpItem.new(uri, options) } let(:uri) { URI.parse('http://example.com') } diff --git a/spec/samples/common/models/wp_item/versionable/simple-login-lockdown-0.4.txt b/spec/samples/common/models/wp_item/versionable/simple-login-lockdown-0.4.txt new file mode 100755 index 00000000..8021a92f --- /dev/null +++ b/spec/samples/common/models/wp_item/versionable/simple-login-lockdown-0.4.txt @@ -0,0 +1,30 @@ +=== Simple Login Lockdown === +Contributors: chrisguitarguy +Donate link: http://www.pwsausa.org/ +Tags: security, login +Requires at least: 3.2.0 +Tested up to: 3.3 +Stable tag: 0.4 + +Simple Login Lockdown prevents brute force login attacks/attempts on your WordPress installation. + +== Changelog == + += 0.1 = +* Proof of concept +* no options page + += 0.2 = +* New function to get the IP address. +* Added filter to IP for flexibility with proxies, etc. + += 0.3 = +* small bug fix + += 0.4 = +* Added plugin options page + +== Upgrade Notice == + += 04 = +* Dont get attacked! diff --git a/spec/samples/wpscan/wp_plugin/version/trunk-version.txt b/spec/samples/common/models/wp_item/versionable/trunk-version.txt similarity index 100% rename from spec/samples/wpscan/wp_plugin/version/trunk-version.txt rename to spec/samples/common/models/wp_item/versionable/trunk-version.txt diff --git a/spec/samples/wpscan/wp_plugin/version/simple-login-lockdown-0.4.txt b/spec/samples/wpscan/wp_plugin/version/simple-login-lockdown-0.4.txt deleted file mode 100755 index 16b1336e..00000000 --- a/spec/samples/wpscan/wp_plugin/version/simple-login-lockdown-0.4.txt +++ /dev/null @@ -1,65 +0,0 @@ -=== Simple Login Lockdown === -Contributors: chrisguitarguy -Donate link: http://www.pwsausa.org/ -Tags: security, login -Requires at least: 3.2.0 -Tested up to: 3.3 -Stable tag: 0.4 - -Simple Login Lockdown prevents brute force login attacks/attempts on your WordPress installation. - -== Description == - -imple login lock down is a way to protect your WordPress blog from brute force login attacks. - -How it works: -1. An attacker attempts to login and fails -2. Simple Login Lockdown record that failed login -3. After a certain number of failed attemps (defaults to five), further attemps to access the wp-login.php page are blocked for a time (defaults to one hour). - -If you happen to forget your password and make a failed login attemp yourself, the plugin will clear out the lockdown count data on successful login. - -Note: This uses $_SERVER['REMOTE_ADDR'] directly. If you're behind a proxy (load balancer, etc), it's not going to work as expected. Eg. Several folks could be attempting logins at once, and all fail. As such, the plugin would pick up on all those requests coming from the same IP -- the load balancer -- and lock the login down. No good. If you're using a load balancer or in some other situation where you're behind a proxy, use this as an example and write your own. Or filter the IP as your desire using `cd_sll_pre_ip`. - -== Installation == - -Install via the WordPress admin or... - -1. Click on the big orange button that says download -2. Unzip the file, and upload the `simple-login-lockdown` folder to your wp-content/plugins directory -3. Login into your website and activate the plugin! - -== Frequently Asked Questions == - -= I got locked out, what do I do? = - -Simple answer: wait. The lockdown will clear in the time you specified, just visit the site again later. - -If you absolutely need to get into your site right now, you can can do one of two things... -1. Fire up your FTP client and rename the `simple-login-lockdown` plugin folder -2. Login into your favorite database administration tool (probably PHPMyAdmin) and search for `locked_down_` in the `option_name` column of the `wp_options` table. Delete the records you find -- they should be "transients". - -== Screenshots == - -1. The plugin options on the Privacy Settings page - -== Changelog == - -= 0.1 = -* Proof of concept -* no options page - -= 0.2 = -* New function to get the IP address. -* Added filter to IP for flexibility with proxies, etc. - -= 0.3 = -* small bug fix - -= 0.4 = -* Added plugin options page - -== Upgrade Notice == - -= 04 = -* Dont get attacked! diff --git a/spec/shared_examples/wp_item_versionable.rb b/spec/shared_examples/wp_item_versionable.rb new file mode 100644 index 00000000..23b6d0e4 --- /dev/null +++ b/spec/shared_examples/wp_item_versionable.rb @@ -0,0 +1,60 @@ +# encoding: UTF-8 + +shared_examples 'WpItem::Versionable' do + + describe '#version' do + let(:fixtures_dir) { MODELS_FIXTURES + '/wp_item/versionable' } + + context 'when the version is already set' do + it 'returns it' do + subject.version = '1.2' + subject.version.should == '1.2' + end + end + + context 'otherwise' do + after do + stub_request_to_fixture(url: subject.readme_url, fixture: fixtures_dir + @file) + subject.version.should == @expected + end + + context 'when version is "trunk"' do + it 'returns nil' do + @file = '/trunk-version.txt' + @expected = nil + end + end + + context 'when the version is valid' do + it 'returns it' do + @file = '/simple-login-lockdown-0.4.txt' + @expected = '0.4' + end + end + end + end + + describe '#to_s' do + after do + subject.stub(:version).and_return(@version) + subject.name = 'some-name' + + subject.to_s.should == @expected + end + + context 'when the version does not exist' do + it 'returns only the name' do + @version = nil + @expected = 'some-name' + end + end + + context 'when the version exists' do + it 'returns the name and the version' do + @version = '1.3' + @expected = 'some-name v1.3' + end + end + end + +end