WpVersion::Vulnerable specs

2013-03-28 15:33:35 +01:00
parent ec9eadda8e
commit a7bd5044c4
4 changed files with 56 additions and 2 deletions
--- a/lib/common/models/wp_version/vulnerable.rb
+++ b/lib/common/models/wp_version/vulnerable.rb
@@ -2,6 +2,7 @@

 class WpVersion < WpItem
  module Vulnerable
+
    def vulns_file
      unless @vulns_file
        @vulns_file = WP_VULNS_FILE
@@ -12,5 +13,6 @@ class WpVersion < WpItem
    def vulns_xpath
      "//wordpress[@version='#{@number}']/vulnerability"
    end
+
  end
 end
--- a/spec/lib/common/models/wp_version_spec.rb
+++ b/spec/lib/common/models/wp_version_spec.rb
@@ -3,9 +3,16 @@
 require 'spec_helper'

 describe WpVersion do
+  it_behaves_like 'WpVersion::Vulnerable'
+  it_behaves_like 'WpItem::Vulnerable' do
+    let(:options)        { { number: '3.2' } }
+    let(:vulns_file)     { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.xml' }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', ['http://ref1.com']) }
+  end
+
  subject(:wp_version) { WpVersion.new(uri, options) }
-  let(:uri)            { URI.parse('http://example.com') }
-  let(:options)        { {} }
+  let(:uri)            { URI.parse('http://example.com/') }
+  let(:options)        { { number: '1.2' } }

  describe '#allowed_options' do
    [:number, :found_from].each do |sym|
--- a/spec/samples/common/models/wp_version/vulnerable/versions_vulns.xml
+++ b/spec/samples/common/models/wp_version/vulnerable/versions_vulns.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<vulnerabilities>
+  <wordpress version="3.5">
+    <vulnerability>
+      <title>I should not appear in the results</title>
+      <reference>http://ref2.com</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </wordpress>
+
+  <wordpress version="3.2">
+    <vulnerability>
+      <title>Here I Am</title>
+      <reference>http://ref1.com</reference>
+      <type>SQLI</type>
+    </vulnerability>
+  </wordpress>
+</vulnerabilities>
--- a/spec/shared_examples/wp_version_vulnerable.rb
+++ b/spec/shared_examples/wp_version_vulnerable.rb
@@ -0,0 +1,26 @@
+# encoding: UTF-8
+
+shared_examples 'WpVersion::Vulnerable' do
+
+  describe '#vulns_file' do
+    after { subject.vulns_file.should == @expected }
+
+    context 'when :vulns_file is no set' do
+      it 'returns the default one' do
+        @expected = WP_VULNS_FILE
+      end
+    end
+
+    context 'when the :vulns_file is already set' do
+      it 'returns it' do
+        @expected          = 'test.xml'
+        subject.vulns_file = @expected
+      end
+    end
+  end
+
+  describe '#vulns_xpath' do
+    its(:vulns_xpath) { should == "//wordpress[@version='1.2']/vulnerability" }
+  end
+
+end