garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

default wp_content_dir

Browse Source
This commit is contained in:
Christian Mehlmauer
2012-09-18 19:56:14 +02:00
parent 96ff20a70a
commit 9e5aa05859
9 changed files with 26 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/wpscan/wp_item.rb
View File

@@ -23,7 +23,7 @@ class WpItem < Vulnerable
@version = nil @version = nil
def initialize(options = {}) def initialize(options = {})
@wp_content_dir = options[:wp_content_dir] @wp_content_dir = options[:wp_content_dir] || "wp-content"
@url = options[:url] @url = options[:url]
@path = options[:path] @path = options[:path]
@name = options[:name] || extract_name_from_url @name = options[:name] || extract_name_from_url

6
spec/lib/wpscan/modules/wp_login_protection_spec.rb
View File

@@ -100,8 +100,7 @@ shared_examples_for "WpLoginProtection" do
it "should return a login-lockdown WpPlugin object" do it "should return a login-lockdown WpPlugin object" do
@fixture = @fixtures_dir + "/wp-login-login_lockdown.php" @fixture = @fixtures_dir + "/wp-login-login_lockdown.php"
@plugin_expected = WpPlugin.new(:wp_content_dir => "wp-content", @plugin_expected = WpPlugin.new(:url => @module.url,
:url => @module.url,
:path => "/plugins/login-lockdown/", :path => "/plugins/login-lockdown/",
:name => "login-lockdown" :name => "login-lockdown"
) )
@@ -110,8 +109,7 @@ shared_examples_for "WpLoginProtection" do
it "should return a login-lock WpPlugin object" do it "should return a login-lock WpPlugin object" do
@fixture = @fixtures_dir + "/wp-login-login_lock.php" @fixture = @fixtures_dir + "/wp-login-login_lock.php"
@plugin_expected = WpPlugin.new(:wp_content_dir => "wp-content", @plugin_expected = WpPlugin.new(:url => @module.url,
:url => @module.url,
:path => "/plugins/login-lock/", :path => "/plugins/login-lock/",
:name => "login-lock" :name => "login-lock"
) )

5
spec/lib/wpscan/modules/wp_plugins_spec.rb
View File

@@ -32,7 +32,6 @@ shared_examples_for "WpPlugins" do
@options = { :url => @wp_url, @options = { :url => @wp_url,
:only_vulnerable_ones => true, :only_vulnerable_ones => true,
:wp_content_dir => "wp-content",
:show_progress_bar => false, :show_progress_bar => false,
:error_404_hash => @module.error_404_hash :error_404_hash => @module.error_404_hash
} }
@@ -62,8 +61,7 @@ shared_examples_for "WpPlugins" do
} }
expected_plugins = [] expected_plugins = []
expected_plugin_names.each do |plugin_name| expected_plugin_names.each do |plugin_name|
expected_plugins << WpPlugin.new(:wp_content_dir => "wp-content", expected_plugins << WpPlugin.new(:url => @module.url,
:url => @module.url,
:path => "/plugins/#{plugin_name}/", :path => "/plugins/#{plugin_name}/",
:name => plugin_name) :name => plugin_name)
end end
@@ -83,7 +81,6 @@ shared_examples_for "WpPlugins" do
@module.extend(WpPlugins) @module.extend(WpPlugins)
@options = { :url => @wp_url, @options = { :url => @wp_url,
:only_vulnerable_ones => true, :only_vulnerable_ones => true,
:wp_content_dir => "wp-content",
:show_progress_bar => false, :show_progress_bar => false,
:error_404_hash => @module.error_404_hash, :error_404_hash => @module.error_404_hash,
:vulns_file => @plugin_vulns_file, :vulns_file => @plugin_vulns_file,

9
spec/lib/wpscan/wp_item_spec.rb
View File

@@ -20,8 +20,7 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpPlugin do describe WpPlugin do
before :each do before :each do
@instance = WpItem.new(:wp_content_dir => "wp-content", @instance = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
:url => "http://sub.example.com/path/to/wordpress/",
:path => "plugins/test/asdf.php", :path => "plugins/test/asdf.php",
:vulns_xml => "XXX.xml" :vulns_xml => "XXX.xml"
) )
@@ -173,8 +172,7 @@ describe WpPlugin do
describe "#==" do describe "#==" do
it "should return false" do it "should return false" do
instance2 = WpItem.new(:wp_content_dir => "wp-content", instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
:url => "http://sub.example.com/path/to/wordpress/",
:path => "plugins/newname/asdf.php", :path => "plugins/newname/asdf.php",
:vulns_xml => "XXX.xml" :vulns_xml => "XXX.xml"
) )
@@ -182,8 +180,7 @@ describe WpPlugin do
end end
it "should return true" do it "should return true" do
instance2 = WpItem.new(:wp_content_dir => "wp-content", instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
:url => "http://sub.example.com/path/to/wordpress/",
:path => "plugins/test/asdf.php", :path => "plugins/test/asdf.php",
:vulns_xml => "XXX.xml" :vulns_xml => "XXX.xml"
) )

14
spec/lib/wpscan/wp_plugin_spec.rb
View File

@@ -24,6 +24,10 @@ describe WpPlugin do
expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
end end
it "should not raise an exception (wp_content_dir not set)" do
expect { WpPlugin.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error
end
it "should raise an exception (url not set)" do it "should raise an exception (url not set)" do
expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
end end
@@ -32,10 +36,6 @@ describe WpPlugin do
expect { WpPlugin.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error expect { WpPlugin.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
end end
it "should raise an exception (wp_content_dir not set)" do
expect { WpPlugin.new(:url => "url", :path => "path", :name => "name") }.to raise_error
end
it "should raise an exception (name not set)" do it "should raise an exception (name not set)" do
expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
end end
@@ -44,8 +44,7 @@ describe WpPlugin do
describe "#error_log_url" do describe "#error_log_url" do
it "should return a correct url" do it "should return a correct url" do
temp = WpPlugin.new(:url => "http://wordpress.com", temp = WpPlugin.new(:url => "http://wordpress.com",
:path => "plugins/test/asdf.php", :path => "plugins/test/asdf.php")
:wp_content_dir => "wp-content")
temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log" temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log"
end end
end end
@@ -53,8 +52,7 @@ describe WpPlugin do
describe "#error_log?" do describe "#error_log?" do
before :each do before :each do
@temp = WpPlugin.new(:url => "http://wordpress.com", @temp = WpPlugin.new(:url => "http://wordpress.com",
:path => "plugins/test/asdf.php", :path => "plugins/test/asdf.php")
:wp_content_dir => "wp-content")
end end
it "should return true" do it "should return true" do

2
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -22,12 +22,10 @@ describe WpTarget do
before :each do before :each do
Browser.reset Browser.reset
@wp_content_dir = "wp-content"
@options = @options =
{ {
:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', :config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
:cache_timeout => 0, :cache_timeout => 0,
:wp_content_dir => @wp_content_dir,
:wp_plugins_dir => "wp-content/plugins" :wp_plugins_dir => "wp-content/plugins"
} }
@wp_target = WpTarget.new("http://example.localhost/", @options) @wp_target = WpTarget.new("http://example.localhost/", @options)

32
spec/lib/wpscan/wp_theme_spec.rb
View File

@@ -33,6 +33,10 @@ describe WpTheme do
expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
end end
it "should not raise an exception (wp_content_dir not set)" do
expect { WpTheme.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error
end
it "should raise an exception (url not set)" do it "should raise an exception (url not set)" do
expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
end end
@@ -41,10 +45,6 @@ describe WpTheme do
expect { WpTheme.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error expect { WpTheme.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
end end
it "should raise an exception (wp_content_dir not set)" do
expect { WpTheme.new(:url => "url", :path => "path", :name => "name") }.to raise_error
end
it "should raise an exception (name not set)" do it "should raise an exception (name not set)" do
expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
end end
@@ -179,14 +179,12 @@ describe WpTheme do
describe "#===" do describe "#===" do
it "should return false (name not equal)" do it "should return false (name not equal)" do
instance = WpTheme.new(:wp_content_dir => "wp-content", instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
:url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php", :path => "themes/name/asdf.php",
:vulns_xml => "XXX.xml", :vulns_xml => "XXX.xml",
:version => "1.0" :version => "1.0"
) )
instance2 = WpTheme.new(:wp_content_dir => "wp-content", instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
:url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/newname/asdf.php", :path => "themes/newname/asdf.php",
:vulns_xml => "XXX.xml", :vulns_xml => "XXX.xml",
:version => "1.0" :version => "1.0"
@@ -195,14 +193,12 @@ describe WpTheme do
end end
it "should return false (version not equal)" do it "should return false (version not equal)" do
instance = WpTheme.new(:wp_content_dir => "wp-content", instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
:url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php", :path => "themes/name/asdf.php",
:vulns_xml => "XXX.xml", :vulns_xml => "XXX.xml",
:version => "1.0" :version => "1.0"
) )
instance2 = WpTheme.new(:wp_content_dir => "wp-content", instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
:url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php", :path => "themes/name/asdf.php",
:vulns_xml => "XXX.xml", :vulns_xml => "XXX.xml",
:version => "2.0" :version => "2.0"
@@ -211,14 +207,12 @@ describe WpTheme do
end end
it "should return false (version and name not equal)" do it "should return false (version and name not equal)" do
instance = WpTheme.new(:wp_content_dir => "wp-content", instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
:url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php", :path => "themes/name/asdf.php",
:vulns_xml => "XXX.xml", :vulns_xml => "XXX.xml",
:version => "1.0" :version => "1.0"
) )
instance2 = WpTheme.new(:wp_content_dir => "wp-content", instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
:url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/newname/asdf.php", :path => "themes/newname/asdf.php",
:vulns_xml => "XXX.xml", :vulns_xml => "XXX.xml",
:version => "2.0" :version => "2.0"
@@ -227,14 +221,12 @@ describe WpTheme do
end end
it "should return true" do it "should return true" do
instance = WpTheme.new(:wp_content_dir => "wp-content", instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
:url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/test/asdf.php", :path => "themes/test/asdf.php",
:vulns_xml => "XXX.xml", :vulns_xml => "XXX.xml",
:version => "1.0" :version => "1.0"
) )
instance2 = WpTheme.new(:wp_content_dir => "wp-content", instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
:url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/test/asdf.php", :path => "themes/test/asdf.php",
:vulns_xml => "XXX.xml", :vulns_xml => "XXX.xml",
:version => "1.0" :version => "1.0"

2
spec/lib/wpscan/wp_vulnerability_spec.rb
View File

@@ -5,7 +5,6 @@ describe "#vulnerabilities" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' } let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' }
let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' } let(:vulns_xml) { fixtures_dir + '/plugin_vulns.xml' }
let(:wp_plugin) { WpPlugin.new(:url => location_url, let(:wp_plugin) { WpPlugin.new(:url => location_url,
:wp_content_dir => "wp-content",
:name => "spec-plugin", :name => "spec-plugin",
:path => "plugins/spec-plugin/", :path => "plugins/spec-plugin/",
:vulns_xml => vulns_xml) :vulns_xml => vulns_xml)
@@ -14,7 +13,6 @@ describe "#vulnerabilities" do
it "should return an empty array when no vulnerabilities are found" do it "should return an empty array when no vulnerabilities are found" do
WpPlugin.new(:url => "http://example.localhost/", WpPlugin.new(:url => "http://example.localhost/",
:wp_content_dir => "wp-content",
:name => "no-vulns", :name => "no-vulns",
:path => "plugins/no-vulns/", :path => "plugins/no-vulns/",
:vulns_xml => vulns_xml).vulnerabilities.should be_empty :vulns_xml => vulns_xml).vulnerabilities.should be_empty

3
spec/lib/wpscan/wpscan_helper.rb
View File

@@ -32,9 +32,8 @@ class WpScanModuleSpec
attr_reader :uri attr_reader :uri
attr_accessor :error_404_hash, :wp_content_dir attr_accessor :error_404_hash, :wp_content_dir
def initialize(target_url, wp_content_dir = "wp-content") def initialize(target_url)
@uri = URI.parse(add_http_protocol(target_url)) @uri = URI.parse(add_http_protocol(target_url))
@wp_content_dir = wp_content_dir
Browser.instance( Browser.instance(
:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', :config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
:cache_timeout => 0 :cache_timeout => 0