Fixes a bug where -e vp was displaying non vulnerable plugins - Ref #853

2015-09-06 15:25:29 +01:00
parent 3c92712a6e
commit aa464b476c
2 changed files with 8 additions and 72 deletions
--- a/lib/common/collections/wp_items/detectable.rb
+++ b/lib/common/collections/wp_items/detectable.rb
@@ -32,11 +32,7 @@ class WpItems < Array
          progress_bar.progress += 1 if options[:show_progression]

          if target_item.exists?(exist_options, response)
-            unless results.include?(target_item)
-              if !options[:only_vulnerable] || options[:only_vulnerable] && target_item.vulnerable?
-                results << target_item
-              end
-            end
+            results << target_item unless results.include?(target_item)
          end
        end

@@ -53,7 +49,7 @@ class WpItems < Array
      # run the remaining requests
      hydra.run

-      results.select!(&:vulnerable?) if options[:only_vulnerable]
+      results.select!(&:vulnerable?) if options[:type] == :vulnerable
      results.sort!

      results  # can't just return results.sort as it would return an array, and we want a WpItems
@@ -155,7 +151,7 @@ class WpItems < Array
      item_class = self.item_class
      vulns_file = self.vulns_file

-      targets = target_items(wp_target, item_class, vulns_file, options[:type])
+      targets = target_items_from_type(wp_target, item_class, vulns_file, options[:type])

      targets.uniq! { |t| t.name }
      targets.sort_by { rand }
@@ -166,7 +162,7 @@ class WpItems < Array
    # @param [ String ] vulns_file
    #
    # @return [ Array<WpItem> ]
-    def target_items(wp_target, item_class, vulns_file, type)
+    def target_items_from_type(wp_target, item_class, vulns_file, type)
      targets = []
      json    = json(vulns_file)

--- a/spec/shared_examples/wp_items_detectable.rb
+++ b/spec/shared_examples/wp_items_detectable.rb
@@ -39,66 +39,6 @@ shared_examples 'WpItems::Detectable' do
    end
  end

-  describe '::targets_items_from_file' do
-    after do
-      results = subject.send(:targets_items_from_file, file, wp_target, item_class, vulns_file)
-
-      expect(results.map { |i| i.name }).to eq @expected.map { |i| i.name }
-
-      unless results.empty?
-        results.each do |item|
-          expect(item).to be_a item_class
-        end
-      end
-    end
-
-    # should raise error.
-    # context 'when an empty file' do
-    #   let(:file) { empty_file }
-
-    #   it 'returns an empty Array' do
-    #     @expected = []
-    #   end
-    # end
-
-    context 'when a file' do
-      let(:file) { targets_items_file }
-
-      it 'returns the expected Array of WpItem' do
-        @expected = expected[:targets_items_from_file]
-      end
-    end
-  end
-
-  describe '::target_items' do
-    after do
-      results = subject.send(:target_items, wp_target, item_class, vulns_file, :all)
-
-      expect(results.map { |i| i.name }).to eq @expected.map { |i| i.name }
-
-      unless results.empty?
-        results.each do |item|
-          expect(item).to be_a item_class
-        end
-      end
-    end
-
-    # should raise error.
-    # context 'when an empty file' do
-    #   let(:file) { empty_file }
-
-    #   it 'returns an empty Array' do
-    #     @expected = []
-    #   end
-    # end
-
-    context 'when a file' do
-      it 'returns the expected Array of WpItem' do
-        @expected = expected[:vulnerable_targets_items]
-      end
-    end
-  end
-
  describe '::targets_items' do
    let(:options) { { type: :all } }

@@ -110,7 +50,7 @@ shared_examples 'WpItems::Detectable' do
      end
    end

-    context 'when :only_vulnerable' do
+    context 'when :type = :vulnerable' do
      let(:options) { { type: :vulnerable } }

      it 'returns the expected Array of WpItem' do
@@ -160,8 +100,8 @@ shared_examples 'WpItems::Detectable' do
      expect(result.sort.map { |i| i.name }).to eq @expected.sort.map { |i| i.name }
    end

-    context 'when :only_vulnerable' do
-      let(:options) { { only_vulnerable: true } }
+    context 'when :type = :vulnerable' do
+      let(:options) { { type: :vulnerable } }
      let(:targets) { expected[:vulnerable_targets_items] }

      it 'only checks and return vulnerable targets' do
@@ -191,7 +131,7 @@ shared_examples 'WpItems::Detectable' do
      end
    end

-    context 'when no :only_vulnerable' do
+    context 'when no :type = :vulnerable' do
      let(:targets) { (expected[:vulnerable_targets_items] + expected[:targets_items_from_file]).uniq { |t| t.name } }

      it 'checks all targets, and merge the results with passive_detection' do