garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more reference tags, fixes issue #268

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-08-24 11:16:39 +02:00
parent 115241f16c
commit a032b7c134
17 changed files with 3731 additions and 1418 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
spec/lib/common/models/vulnerability_spec.rb
View File

@@ -5,10 +5,10 @@ require 'spec_helper'
describe Vulnerability do
describe '#new' do
subject(:vulnerability) { Vulnerability.new(title, type, references, modules, fixed_version) }
subject(:vulnerability) { Vulnerability.new(title, type, references, fixed_version) }
let(:title) { 'A vulnerability title' }
let(:type) { 'XSS' }
let(:references) { %w{http://ref1.com http://ref2.com} }
let(:references) { {:url => 'example.com', :metasploit => 'm', :exploitdb => 'e'} }
context 'w/o metasploit and fixed version modules argument' do
subject(:vulnerability) { Vulnerability.new(title, type, references) }
@@ -16,36 +16,15 @@ describe Vulnerability do
its(:title) { should be title }
its(:references) { should be references }
its(:type) { should be type }
its(:metasploit_modules) { should be_empty }
its(:fixed_in) { should be_empty }
its(:cve) { should be_empty }
end
context 'with metasploit modules argument' do
subject(:vulnerability) { Vulnerability.new(title, type, references, modules) }
let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
its(:metasploit_modules) { should be modules }
its(:fixed_in) { should be_empty }
its(:cve) { should be_empty }
end
context 'with metasploit modules and fixed version argument' do
let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
context 'with fixed version argument' do
let(:fixed_version) { '1.0' }
its(:metasploit_modules) { should be modules }
its(:fixed_in) { should == '1.0' }
its(:cve) { should be_empty }
end
context 'with cve argument' do
subject(:vulnerability) { Vulnerability.new(title, type, references, [], '', cve) }
let(:cve) { %w{2011-001 2011-002} }
its(:metasploit_modules) { should be_empty }
its(:fixed_in) { should be_empty }
its(:cve) { should be cve }
its(:title) { should be title }
its(:references) { should be references }
its(:type) { should be type }
its(:fixed_in) { should be fixed_version }
end
end
@@ -56,11 +35,18 @@ describe Vulnerability do
xml(MODELS_FIXTURES + '/vulnerability/xml_node.xml').xpath('//vulnerability')
}
expected_refs = {
:url=>['Ref 1', 'Ref 2'],
:cve=>['2011-001'],
:secunia=>['secunia'],
:osvdb=>['osvdb'],
:metasploit=>['exploit/ex1'],
:exploitdb=>['exploitdb']
}
its(:title) { should == 'Vuln Title' }
its(:type) { should == 'CSRF' }
its(:references) { should == ['Ref 1', 'Ref 2'] }
its(:metasploit_modules) { should == %w{exploit/ex1} }
its(:cve) { should == %w{2011-001} }
its(:references) { should == expected_refs}
its(:fixed_in) { should == '1.0'}
end

10
spec/lib/common/models/wp_item_spec.rb
View File

@@ -13,7 +13,15 @@ describe WpItem do
it_behaves_like 'WpItem::Vulnerable' do
let(:vulns_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.xml' }
let(:vulns_xpath) { "//item[@name='neo']/vulnerability" }
let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', ['http://ref1.com']) }
let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'],
:secunia => ['secunia'],
:osvdb => ['osvdb'],
:metasploit => ['exploit/ex1'],
:exploitdb => ['exploitdb']
} }
let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', expected_refs) }
end
subject(:wp_item) { WpItem.new(uri, options) }

10
spec/lib/common/models/wp_plugin_spec.rb
View File

@@ -7,7 +7,15 @@ describe WpPlugin do
it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { name: 'white-rabbit' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.xml' }
let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Follow me!', 'REDIRECT', ['http://ref2.com']) }
let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'],
:secunia => ['secunia'],
:osvdb => ['osvdb'],
:metasploit => ['exploit/ex1'],
:exploitdb => ['exploitdb']
} }
let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Follow me!', 'REDIRECT', expected_refs) }
end
subject(:wp_plugin) { WpPlugin.new(uri, options) }

10
spec/lib/common/models/wp_theme_spec.rb
View File

@@ -8,7 +8,15 @@ describe WpTheme do
it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { name: 'the-oracle' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.xml' }
let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('I see you', 'FPD', ['http://ref.com']) }
let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'],
:secunia => ['secunia'],
:osvdb => ['osvdb'],
:metasploit => ['exploit/ex1'],
:exploitdb => ['exploitdb']
} }
let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('I see you', 'FPD', expected_refs) }
end
subject(:wp_theme) { WpTheme.new(uri, options) }

10
spec/lib/common/models/wp_version_spec.rb
View File

@@ -7,7 +7,15 @@ describe WpVersion do
it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { number: '3.2' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.xml' }
let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', ['http://ref1.com']) }
let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'],
:secunia => ['secunia'],
:osvdb => ['osvdb'],
:metasploit => ['exploit/ex1'],
:exploitdb => ['exploitdb']
} }
let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', expected_refs) }
end
subject(:wp_version) { WpVersion.new(uri, options) }