rspec

lib/wpscan/wp_enumerator.rb

@@ -83,7 +83,7 @@ class WpEnumerator
     found
   end
 
-  private
+  protected
 
   def self.generate_items(options = {})
     only_vulnerable   = options[:only_vulnerable_ones]

spec/lib/wpscan/modules/wp_plugins_spec.rb

@@ -29,6 +29,13 @@ shared_examples_for "WpPlugins" do
     @module = WpScanModuleSpec.new(@wp_url)
     @module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
     @module.extend(WpPlugins)
+
+    @options = { :url => @wp_url,
+                 :only_vulnerable_ones => true,
+                 :wp_content_dir => "wp-content",
+                 :show_progress_bar => false,
+                 :error_404_hash => @module.error_404_hash
+    }
   end
 
   describe "#plugins_from_passive_detection" do
@@ -37,7 +44,7 @@ shared_examples_for "WpPlugins" do
     it "should return an empty array" do
       stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_plugins.htm'))
 
-      plugins = @module.plugins_from_passive_detection
+      plugins = @module.plugins_from_passive_detection(@options)
       plugins.should be_empty
     end
 
@@ -61,58 +68,31 @@ shared_examples_for "WpPlugins" do
                                          :name => plugin_name)
       end
 
-      plugins = @module.plugins_from_passive_detection
+      plugins = @module.plugins_from_passive_detection(@options)
       plugins.should_not be_empty
       plugins.sort.should === expected_plugins.sort
     end
   end
 
-  describe "#plugins_targets_url" do
-    let(:expected_for_only_vulnerable) {
-      [WpPlugin.new(:wp_content_dir => "wp-content",
-                   :url => @module.url,
-                   :path => "/plugins/media-library/",
-                   :name => plugin_name).get_url.to_s,
-      WpPlugin.new(:wp_content_dir => "wp-content",
-                   :url => @module.url,
-                   :path => "/plugins/deans/",
-                   :name => plugin_name).get_url.to_s]
-    }
-    let(:expected_for_all) {
-      expected_for_only_vulnerable + File.open(@plugins_file, 'r') {|file| file.readlines.collect{|line| WpPlugin.create_url_from_raw(line.chomp, @module.uri)}}.uniq!
-    }
-
-    it "should only return url from plugin_vulns_file if :only_vulnerable_ones is true" do
-      targets_url = @module.plugins_targets_url(
-        :only_vulnerable_ones => true,
-        :plugin_vulns_file => @plugin_vulns_file
-      )
-
-      targets_url.should_not be_empty
-      targets_url.sort.should === expected_for_only_vulnerable.sort
-    end
-
-    it "should return both url from plugins_file and plugin_vulns_file" do
-      targets_url = @module.plugins_targets_url(
-        :plugin_vulns_file => @plugin_vulns_file,
-        :plugins_file => @plugins_file
-      )
-
-      targets_url.should_not be_empty
-      targets_url.sort.should === expected_for_all.sort
-    end
-  end
-
   describe "#plugins_from_aggressive_detection" do
 
     before :each do
-      @targets_url = @module.plugins_targets_url(
+      @wp_url = "http://example.localhost"
-        :plugin_vulns_file => @plugin_vulns_file,
+      @module = WpScanModuleSpec.new(@wp_url)
-        :plugins_file => @plugins_file
+      @module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
-      )
+      @module.extend(WpPlugins)
+      @options = { :url => @wp_url,
+                 :only_vulnerable_ones => true,
+                 :wp_content_dir => "wp-content",
+                 :show_progress_bar => false,
+                 :error_404_hash => @module.error_404_hash,
+                 :vulns_file => @plugin_vulns_file,
+                 :file => @plugins_file
+      }
+      @targets_url = WpEnumerator.generate_items(@options)
       # Point all targets to a 404
-      @targets_url.each do |target_url|
+      @targets_url.each do |target|
-        stub_request(:get, target_url).to_return(:status => 404)
+        stub_request(:get, "#{target[:url]}#{target[:wp_content_dir]}/#{target[:path]}").to_return(:status => 404)
       end
     end
 

spec/lib/wpscan/wp_target_spec.rb

@@ -28,7 +28,7 @@ describe WpTarget do
       :config_file   => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
       :cache_timeout => 0,
       :wp_content_dir => @wp_content_dir,
-      :wp_plugins_dir => "wp-content/plugins/"
+      :wp_plugins_dir => "wp-content/plugins"
     }
     @wp_target = WpTarget.new("http://example.localhost/", @options)
   end

spec/lib/wpscan/wp_version_spec.rb

@@ -31,7 +31,7 @@ describe WpVersion do
     after :each do
       stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture)
 
-      WpVersion.find_from_meta_generator(@target_uri.to_s).should === @expected
+      WpVersion.find_from_meta_generator(:url => @target_uri.to_s).should === @expected
     end
 
     it "should return nil if the meta-generator is not found" do
@@ -57,7 +57,7 @@ describe WpVersion do
       @status_code ||= 200
       stub_request_to_fixture(:url => @target_uri.merge("feed/").to_s, :status => @status_code, :fixture => @fixture)
 
-      WpVersion.find_from_rss_generator(@target_uri).should === @expected
+      WpVersion.find_from_rss_generator(:url => @target_uri).should === @expected
     end
 
     it "should return nil on a 404" do
@@ -92,7 +92,7 @@ describe WpVersion do
       stub_request(:get, @target_uri.merge("sitemap.xml").to_s).
         to_return(:status => 200, :body => @body)
 
-        WpVersion.find_from_sitemap_generator(@target_uri).should === @expected
+        WpVersion.find_from_sitemap_generator(:url => @target_uri).should === @expected
       end
 
     it "should return nil if the generator is not found" do
@@ -118,7 +118,7 @@ describe WpVersion do
       @status_code ||= 200
       stub_request_to_fixture(:url => @target_uri.merge("readme.html").to_s, :status => @status_code, :fixture => @fixture)
 
-      WpVersion.find_from_readme(@target_uri).should === @expected
+      WpVersion.find_from_readme(:url => @target_uri).should === @expected
     end
 
     it "should return nil on a 404" do

spec/lib/wpscan/wp_vulnerability_spec.rb

@@ -1,17 +1,23 @@
 # TODO
 
 describe "#vulnerabilities" do
-  let(:location_url) { 'http://example.localhost/wp-content/plugins/spec-plugin/' }
+  let(:location_url) { 'http://example.localhost/' }
   let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' }
   let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' }
-  let(:wp_plugin) { WpPlugin.new(location_url, :vulns_xml => vulns_xml) }
+  let(:wp_plugin) { WpPlugin.new(:url => location_url,
+                                 :wp_content_dir => "wp-content",
+                                 :name => "spec-plugin",
+                                 :path => "plugins/spec-plugin/",
+                                 :vulns_xml => vulns_xml)
+  }
 
 
   it "should return an empty array when no vulnerabilities are found" do
-    WpPlugin.new(
+    WpPlugin.new(:url => "http://example.localhost/",
-        'http://example.localhost/wp-content/plugins/no-vulns/',
+                 :wp_content_dir => "wp-content",
-        :vulns_xml => vulns_xml
+                 :name => "no-vulns",
-    ).vulnerabilities.should be_empty
+                 :path => "plugins/no-vulns/",
+                 :vulns_xml => vulns_xml).vulnerabilities.should be_empty
   end
 
   it "should return an arry with 2 vulnerabilities" do