diff --git a/lib/wpscan/wp_enumerator.rb b/lib/wpscan/wp_enumerator.rb index 92397b9a..0d6bfc3f 100644 --- a/lib/wpscan/wp_enumerator.rb +++ b/lib/wpscan/wp_enumerator.rb @@ -83,7 +83,7 @@ class WpEnumerator found end - private + protected def self.generate_items(options = {}) only_vulnerable = options[:only_vulnerable_ones] diff --git a/spec/lib/wpscan/modules/wp_plugins_spec.rb b/spec/lib/wpscan/modules/wp_plugins_spec.rb index 59845d4f..da23287b 100644 --- a/spec/lib/wpscan/modules/wp_plugins_spec.rb +++ b/spec/lib/wpscan/modules/wp_plugins_spec.rb @@ -29,6 +29,13 @@ shared_examples_for "WpPlugins" do @module = WpScanModuleSpec.new(@wp_url) @module.error_404_hash = Digest::MD5.hexdigest("Error 404!") @module.extend(WpPlugins) + + @options = { :url => @wp_url, + :only_vulnerable_ones => true, + :wp_content_dir => "wp-content", + :show_progress_bar => false, + :error_404_hash => @module.error_404_hash + } end describe "#plugins_from_passive_detection" do @@ -37,7 +44,7 @@ shared_examples_for "WpPlugins" do it "should return an empty array" do stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_plugins.htm')) - plugins = @module.plugins_from_passive_detection + plugins = @module.plugins_from_passive_detection(@options) plugins.should be_empty end @@ -61,58 +68,31 @@ shared_examples_for "WpPlugins" do :name => plugin_name) end - plugins = @module.plugins_from_passive_detection + plugins = @module.plugins_from_passive_detection(@options) plugins.should_not be_empty plugins.sort.should === expected_plugins.sort end end - describe "#plugins_targets_url" do - let(:expected_for_only_vulnerable) { - [WpPlugin.new(:wp_content_dir => "wp-content", - :url => @module.url, - :path => "/plugins/media-library/", - :name => plugin_name).get_url.to_s, - WpPlugin.new(:wp_content_dir => "wp-content", - :url => @module.url, - :path => "/plugins/deans/", - :name => plugin_name).get_url.to_s] - } - let(:expected_for_all) { - expected_for_only_vulnerable + File.open(@plugins_file, 'r') {|file| file.readlines.collect{|line| WpPlugin.create_url_from_raw(line.chomp, @module.uri)}}.uniq! - } - - it "should only return url from plugin_vulns_file if :only_vulnerable_ones is true" do - targets_url = @module.plugins_targets_url( - :only_vulnerable_ones => true, - :plugin_vulns_file => @plugin_vulns_file - ) - - targets_url.should_not be_empty - targets_url.sort.should === expected_for_only_vulnerable.sort - end - - it "should return both url from plugins_file and plugin_vulns_file" do - targets_url = @module.plugins_targets_url( - :plugin_vulns_file => @plugin_vulns_file, - :plugins_file => @plugins_file - ) - - targets_url.should_not be_empty - targets_url.sort.should === expected_for_all.sort - end - end - describe "#plugins_from_aggressive_detection" do before :each do - @targets_url = @module.plugins_targets_url( - :plugin_vulns_file => @plugin_vulns_file, - :plugins_file => @plugins_file - ) + @wp_url = "http://example.localhost" + @module = WpScanModuleSpec.new(@wp_url) + @module.error_404_hash = Digest::MD5.hexdigest("Error 404!") + @module.extend(WpPlugins) + @options = { :url => @wp_url, + :only_vulnerable_ones => true, + :wp_content_dir => "wp-content", + :show_progress_bar => false, + :error_404_hash => @module.error_404_hash, + :vulns_file => @plugin_vulns_file, + :file => @plugins_file + } + @targets_url = WpEnumerator.generate_items(@options) # Point all targets to a 404 - @targets_url.each do |target_url| - stub_request(:get, target_url).to_return(:status => 404) + @targets_url.each do |target| + stub_request(:get, "#{target[:url]}#{target[:wp_content_dir]}/#{target[:path]}").to_return(:status => 404) end end diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb index 6d977624..7ef6d8a5 100644 --- a/spec/lib/wpscan/wp_target_spec.rb +++ b/spec/lib/wpscan/wp_target_spec.rb @@ -28,7 +28,7 @@ describe WpTarget do :config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', :cache_timeout => 0, :wp_content_dir => @wp_content_dir, - :wp_plugins_dir => "wp-content/plugins/" + :wp_plugins_dir => "wp-content/plugins" } @wp_target = WpTarget.new("http://example.localhost/", @options) end diff --git a/spec/lib/wpscan/wp_version_spec.rb b/spec/lib/wpscan/wp_version_spec.rb index 86744960..1d987c16 100644 --- a/spec/lib/wpscan/wp_version_spec.rb +++ b/spec/lib/wpscan/wp_version_spec.rb @@ -31,7 +31,7 @@ describe WpVersion do after :each do stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture) - WpVersion.find_from_meta_generator(@target_uri.to_s).should === @expected + WpVersion.find_from_meta_generator(:url => @target_uri.to_s).should === @expected end it "should return nil if the meta-generator is not found" do @@ -57,7 +57,7 @@ describe WpVersion do @status_code ||= 200 stub_request_to_fixture(:url => @target_uri.merge("feed/").to_s, :status => @status_code, :fixture => @fixture) - WpVersion.find_from_rss_generator(@target_uri).should === @expected + WpVersion.find_from_rss_generator(:url => @target_uri).should === @expected end it "should return nil on a 404" do @@ -92,7 +92,7 @@ describe WpVersion do stub_request(:get, @target_uri.merge("sitemap.xml").to_s). to_return(:status => 200, :body => @body) - WpVersion.find_from_sitemap_generator(@target_uri).should === @expected + WpVersion.find_from_sitemap_generator(:url => @target_uri).should === @expected end it "should return nil if the generator is not found" do @@ -118,7 +118,7 @@ describe WpVersion do @status_code ||= 200 stub_request_to_fixture(:url => @target_uri.merge("readme.html").to_s, :status => @status_code, :fixture => @fixture) - WpVersion.find_from_readme(@target_uri).should === @expected + WpVersion.find_from_readme(:url => @target_uri).should === @expected end it "should return nil on a 404" do diff --git a/spec/lib/wpscan/wp_vulnerability_spec.rb b/spec/lib/wpscan/wp_vulnerability_spec.rb index 5d0c7ab2..494a562e 100644 --- a/spec/lib/wpscan/wp_vulnerability_spec.rb +++ b/spec/lib/wpscan/wp_vulnerability_spec.rb @@ -1,17 +1,23 @@ # TODO describe "#vulnerabilities" do - let(:location_url) { 'http://example.localhost/wp-content/plugins/spec-plugin/' } + let(:location_url) { 'http://example.localhost/' } let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' } let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' } - let(:wp_plugin) { WpPlugin.new(location_url, :vulns_xml => vulns_xml) } + let(:wp_plugin) { WpPlugin.new(:url => location_url, + :wp_content_dir => "wp-content", + :name => "spec-plugin", + :path => "plugins/spec-plugin/", + :vulns_xml => vulns_xml) + } it "should return an empty array when no vulnerabilities are found" do - WpPlugin.new( - 'http://example.localhost/wp-content/plugins/no-vulns/', - :vulns_xml => vulns_xml - ).vulnerabilities.should be_empty + WpPlugin.new(:url => "http://example.localhost/", + :wp_content_dir => "wp-content", + :name => "no-vulns", + :path => "plugins/no-vulns/", + :vulns_xml => vulns_xml).vulnerabilities.should be_empty end it "should return an arry with 2 vulnerabilities" do