diff --git a/lib/wpscan/wp_item.rb b/lib/wpscan/wp_item.rb index ac870141..4bff995a 100644 --- a/lib/wpscan/wp_item.rb +++ b/lib/wpscan/wp_item.rb @@ -23,7 +23,7 @@ class WpItem < Vulnerable @version = nil def initialize(options = {}) - @wp_content_dir = options[:wp_content_dir] + @wp_content_dir = options[:wp_content_dir] || "wp-content" @url = options[:url] @path = options[:path] @name = options[:name] || extract_name_from_url diff --git a/spec/lib/wpscan/modules/wp_login_protection_spec.rb b/spec/lib/wpscan/modules/wp_login_protection_spec.rb index 918592f0..7ee4c9cd 100644 --- a/spec/lib/wpscan/modules/wp_login_protection_spec.rb +++ b/spec/lib/wpscan/modules/wp_login_protection_spec.rb @@ -100,8 +100,7 @@ shared_examples_for "WpLoginProtection" do it "should return a login-lockdown WpPlugin object" do @fixture = @fixtures_dir + "/wp-login-login_lockdown.php" - @plugin_expected = WpPlugin.new(:wp_content_dir => "wp-content", - :url => @module.url, + @plugin_expected = WpPlugin.new(:url => @module.url, :path => "/plugins/login-lockdown/", :name => "login-lockdown" ) @@ -110,8 +109,7 @@ shared_examples_for "WpLoginProtection" do it "should return a login-lock WpPlugin object" do @fixture = @fixtures_dir + "/wp-login-login_lock.php" - @plugin_expected = WpPlugin.new(:wp_content_dir => "wp-content", - :url => @module.url, + @plugin_expected = WpPlugin.new(:url => @module.url, :path => "/plugins/login-lock/", :name => "login-lock" ) diff --git a/spec/lib/wpscan/modules/wp_plugins_spec.rb b/spec/lib/wpscan/modules/wp_plugins_spec.rb index da23287b..8d17efc2 100644 --- a/spec/lib/wpscan/modules/wp_plugins_spec.rb +++ b/spec/lib/wpscan/modules/wp_plugins_spec.rb @@ -32,7 +32,6 @@ shared_examples_for "WpPlugins" do @options = { :url => @wp_url, :only_vulnerable_ones => true, - :wp_content_dir => "wp-content", :show_progress_bar => false, :error_404_hash => @module.error_404_hash } @@ -62,8 +61,7 @@ shared_examples_for "WpPlugins" do } expected_plugins = [] expected_plugin_names.each do |plugin_name| - expected_plugins << WpPlugin.new(:wp_content_dir => "wp-content", - :url => @module.url, + expected_plugins << WpPlugin.new(:url => @module.url, :path => "/plugins/#{plugin_name}/", :name => plugin_name) end @@ -83,7 +81,6 @@ shared_examples_for "WpPlugins" do @module.extend(WpPlugins) @options = { :url => @wp_url, :only_vulnerable_ones => true, - :wp_content_dir => "wp-content", :show_progress_bar => false, :error_404_hash => @module.error_404_hash, :vulns_file => @plugin_vulns_file, diff --git a/spec/lib/wpscan/wp_item_spec.rb b/spec/lib/wpscan/wp_item_spec.rb index 8cc2b0a5..59b47bdc 100644 --- a/spec/lib/wpscan/wp_item_spec.rb +++ b/spec/lib/wpscan/wp_item_spec.rb @@ -20,8 +20,7 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpPlugin do before :each do - @instance = WpItem.new(:wp_content_dir => "wp-content", - :url => "http://sub.example.com/path/to/wordpress/", + @instance = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/", :path => "plugins/test/asdf.php", :vulns_xml => "XXX.xml" ) @@ -173,8 +172,7 @@ describe WpPlugin do describe "#==" do it "should return false" do - instance2 = WpItem.new(:wp_content_dir => "wp-content", - :url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/", :path => "plugins/newname/asdf.php", :vulns_xml => "XXX.xml" ) @@ -182,8 +180,7 @@ describe WpPlugin do end it "should return true" do - instance2 = WpItem.new(:wp_content_dir => "wp-content", - :url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/", :path => "plugins/test/asdf.php", :vulns_xml => "XXX.xml" ) diff --git a/spec/lib/wpscan/wp_plugin_spec.rb b/spec/lib/wpscan/wp_plugin_spec.rb index 565fe93a..a2e34e10 100644 --- a/spec/lib/wpscan/wp_plugin_spec.rb +++ b/spec/lib/wpscan/wp_plugin_spec.rb @@ -24,6 +24,10 @@ describe WpPlugin do expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error end + it "should not raise an exception (wp_content_dir not set)" do + expect { WpPlugin.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error + end + it "should raise an exception (url not set)" do expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error end @@ -32,10 +36,6 @@ describe WpPlugin do expect { WpPlugin.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error end - it "should raise an exception (wp_content_dir not set)" do - expect { WpPlugin.new(:url => "url", :path => "path", :name => "name") }.to raise_error - end - it "should raise an exception (name not set)" do expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error end @@ -44,8 +44,7 @@ describe WpPlugin do describe "#error_log_url" do it "should return a correct url" do temp = WpPlugin.new(:url => "http://wordpress.com", - :path => "plugins/test/asdf.php", - :wp_content_dir => "wp-content") + :path => "plugins/test/asdf.php") temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log" end end @@ -53,8 +52,7 @@ describe WpPlugin do describe "#error_log?" do before :each do @temp = WpPlugin.new(:url => "http://wordpress.com", - :path => "plugins/test/asdf.php", - :wp_content_dir => "wp-content") + :path => "plugins/test/asdf.php") end it "should return true" do diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb index 7ef6d8a5..c58a432f 100644 --- a/spec/lib/wpscan/wp_target_spec.rb +++ b/spec/lib/wpscan/wp_target_spec.rb @@ -22,12 +22,10 @@ describe WpTarget do before :each do Browser.reset - @wp_content_dir = "wp-content" @options = { :config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', :cache_timeout => 0, - :wp_content_dir => @wp_content_dir, :wp_plugins_dir => "wp-content/plugins" } @wp_target = WpTarget.new("http://example.localhost/", @options) diff --git a/spec/lib/wpscan/wp_theme_spec.rb b/spec/lib/wpscan/wp_theme_spec.rb index 989d0609..f12085de 100644 --- a/spec/lib/wpscan/wp_theme_spec.rb +++ b/spec/lib/wpscan/wp_theme_spec.rb @@ -33,6 +33,10 @@ describe WpTheme do expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error end + it "should not raise an exception (wp_content_dir not set)" do + expect { WpTheme.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error + end + it "should raise an exception (url not set)" do expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error end @@ -41,10 +45,6 @@ describe WpTheme do expect { WpTheme.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error end - it "should raise an exception (wp_content_dir not set)" do - expect { WpTheme.new(:url => "url", :path => "path", :name => "name") }.to raise_error - end - it "should raise an exception (name not set)" do expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error end @@ -179,14 +179,12 @@ describe WpTheme do describe "#===" do it "should return false (name not equal)" do - instance = WpTheme.new(:wp_content_dir => "wp-content", - :url => "http://sub.example.com/path/to/wordpress/", + instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", :path => "themes/name/asdf.php", :vulns_xml => "XXX.xml", :version => "1.0" ) - instance2 = WpTheme.new(:wp_content_dir => "wp-content", - :url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", :path => "themes/newname/asdf.php", :vulns_xml => "XXX.xml", :version => "1.0" @@ -195,14 +193,12 @@ describe WpTheme do end it "should return false (version not equal)" do - instance = WpTheme.new(:wp_content_dir => "wp-content", - :url => "http://sub.example.com/path/to/wordpress/", + instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", :path => "themes/name/asdf.php", :vulns_xml => "XXX.xml", :version => "1.0" ) - instance2 = WpTheme.new(:wp_content_dir => "wp-content", - :url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", :path => "themes/name/asdf.php", :vulns_xml => "XXX.xml", :version => "2.0" @@ -211,14 +207,12 @@ describe WpTheme do end it "should return false (version and name not equal)" do - instance = WpTheme.new(:wp_content_dir => "wp-content", - :url => "http://sub.example.com/path/to/wordpress/", + instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", :path => "themes/name/asdf.php", :vulns_xml => "XXX.xml", :version => "1.0" ) - instance2 = WpTheme.new(:wp_content_dir => "wp-content", - :url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", :path => "themes/newname/asdf.php", :vulns_xml => "XXX.xml", :version => "2.0" @@ -227,14 +221,12 @@ describe WpTheme do end it "should return true" do - instance = WpTheme.new(:wp_content_dir => "wp-content", - :url => "http://sub.example.com/path/to/wordpress/", + instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", :path => "themes/test/asdf.php", :vulns_xml => "XXX.xml", :version => "1.0" ) - instance2 = WpTheme.new(:wp_content_dir => "wp-content", - :url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", :path => "themes/test/asdf.php", :vulns_xml => "XXX.xml", :version => "1.0" diff --git a/spec/lib/wpscan/wp_vulnerability_spec.rb b/spec/lib/wpscan/wp_vulnerability_spec.rb index 494a562e..536dfbe6 100644 --- a/spec/lib/wpscan/wp_vulnerability_spec.rb +++ b/spec/lib/wpscan/wp_vulnerability_spec.rb @@ -5,7 +5,6 @@ describe "#vulnerabilities" do let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' } let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' } let(:wp_plugin) { WpPlugin.new(:url => location_url, - :wp_content_dir => "wp-content", :name => "spec-plugin", :path => "plugins/spec-plugin/", :vulns_xml => vulns_xml) @@ -14,7 +13,6 @@ describe "#vulnerabilities" do it "should return an empty array when no vulnerabilities are found" do WpPlugin.new(:url => "http://example.localhost/", - :wp_content_dir => "wp-content", :name => "no-vulns", :path => "plugins/no-vulns/", :vulns_xml => vulns_xml).vulnerabilities.should be_empty diff --git a/spec/lib/wpscan/wpscan_helper.rb b/spec/lib/wpscan/wpscan_helper.rb index d1ab16d5..c5bcb661 100644 --- a/spec/lib/wpscan/wpscan_helper.rb +++ b/spec/lib/wpscan/wpscan_helper.rb @@ -32,9 +32,8 @@ class WpScanModuleSpec attr_reader :uri attr_accessor :error_404_hash, :wp_content_dir - def initialize(target_url, wp_content_dir = "wp-content") + def initialize(target_url) @uri = URI.parse(add_http_protocol(target_url)) - @wp_content_dir = wp_content_dir Browser.instance( :config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', :cache_timeout => 0