Fixes a bug where -e vp was displaying non vulnerable plugins - Ref #853

2015-09-06 15:25:29 +01:00
parent 3c92712a6e
commit aa464b476c
2 changed files with 8 additions and 72 deletions
--- a/lib/common/collections/wp_items/detectable.rb
+++ b/lib/common/collections/wp_items/detectable.rb
@@ -32,11 +32,7 @@ class WpItems < Array
          progress_bar.progress += 1 if options[:show_progression]
          if target_item.exists?(exist_options, response)
-            unless results.include?(target_item)
+            results << target_item unless results.include?(target_item)
              if !options[:only_vulnerable] || options[:only_vulnerable] && target_item.vulnerable?
                results << target_item
              end
            end
          end
        end
@@ -53,7 +49,7 @@ class WpItems < Array
      # run the remaining requests
      hydra.run
-      results.select!(&:vulnerable?) if options[:only_vulnerable]
+      results.select!(&:vulnerable?) if options[:type] == :vulnerable
      results.sort!
      results  # can't just return results.sort as it would return an array, and we want a WpItems
@@ -155,7 +151,7 @@ class WpItems < Array
      item_class = self.item_class
      vulns_file = self.vulns_file
-      targets = target_items(wp_target, item_class, vulns_file, options[:type])
+      targets = target_items_from_type(wp_target, item_class, vulns_file, options[:type])
      targets.uniq! { |t| t.name }
      targets.sort_by { rand }
@@ -166,7 +162,7 @@ class WpItems < Array
    # @param [ String ] vulns_file
    #
    # @return [ Array<WpItem> ]
-    def target_items(wp_target, item_class, vulns_file, type)
+    def target_items_from_type(wp_target, item_class, vulns_file, type)
      targets = []
      json    = json(vulns_file)
--- a/spec/shared_examples/wp_items_detectable.rb
+++ b/spec/shared_examples/wp_items_detectable.rb
@@ -39,66 +39,6 @@ shared_examples 'WpItems::Detectable' do
    end
  end
  describe '::targets_items_from_file' do
    after do
      results = subject.send(:targets_items_from_file, file, wp_target, item_class, vulns_file)
      expect(results.map { |i| i.name }).to eq @expected.map { |i| i.name }
      unless results.empty?
        results.each do |item|
          expect(item).to be_a item_class
        end
      end
    end
    # should raise error.
    # context 'when an empty file' do
    #   let(:file) { empty_file }
    #   it 'returns an empty Array' do
    #     @expected = []
    #   end
    # end
    context 'when a file' do
      let(:file) { targets_items_file }
      it 'returns the expected Array of WpItem' do
        @expected = expected[:targets_items_from_file]
      end
    end
  end
  describe '::target_items' do
    after do
      results = subject.send(:target_items, wp_target, item_class, vulns_file, :all)
      expect(results.map { |i| i.name }).to eq @expected.map { |i| i.name }
      unless results.empty?
        results.each do |item|
          expect(item).to be_a item_class
        end
      end
    end
    # should raise error.
    # context 'when an empty file' do
    #   let(:file) { empty_file }
    #   it 'returns an empty Array' do
    #     @expected = []
    #   end
    # end
    context 'when a file' do
      it 'returns the expected Array of WpItem' do
        @expected = expected[:vulnerable_targets_items]
      end
    end
  end
  describe '::targets_items' do
    let(:options) { { type: :all } }
@@ -110,7 +50,7 @@ shared_examples 'WpItems::Detectable' do
      end
    end
-    context 'when :only_vulnerable' do
+    context 'when :type = :vulnerable' do
      let(:options) { { type: :vulnerable } }
      it 'returns the expected Array of WpItem' do
@@ -160,8 +100,8 @@ shared_examples 'WpItems::Detectable' do
      expect(result.sort.map { |i| i.name }).to eq @expected.sort.map { |i| i.name }
    end
-    context 'when :only_vulnerable' do
+    context 'when :type = :vulnerable' do
-      let(:options) { { only_vulnerable: true } }
+      let(:options) { { type: :vulnerable } }
      let(:targets) { expected[:vulnerable_targets_items] }
      it 'only checks and return vulnerable targets' do
@@ -191,7 +131,7 @@ shared_examples 'WpItems::Detectable' do
      end
    end
-    context 'when no :only_vulnerable' do
+    context 'when no :type = :vulnerable' do
      let(:targets) { (expected[:vulnerable_targets_items] + expected[:targets_items_from_file]).uniq { |t| t.name } }
      it 'checks all targets, and merge the results with passive_detection' do