From b919c12d2f2903fa4abfd5cb29b306ac5e40c619 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Thu, 24 Jan 2013 22:00:17 +0100 Subject: [PATCH] spec/ rubocopied --- spec/lib/browser_spec.rb | 225 +++---- spec/lib/cache_file_store_spec.rb | 29 +- spec/lib/common/custom_option_parser_spec.rb | 124 ++-- spec/lib/common/plugins/plugin_spec.rb | 34 +- spec/lib/common/plugins/plugins_spec.rb | 46 +- spec/lib/common_helper_spec.rb | 68 +-- spec/lib/updater/git_updater_spec.rb | 48 +- spec/lib/updater/svn_updater_spec.rb | 30 +- spec/lib/updater/updater_factory_spec.rb | 10 +- spec/lib/updater/updater_spec.rb | 6 +- spec/lib/wpscan/modules/brute_force_spec.rb | 43 +- spec/lib/wpscan/modules/malwares_spec.rb | 35 +- spec/lib/wpscan/modules/web_site_spec.rb | 129 ++-- .../wpscan/modules/wp_config_backup_spec.rb | 21 +- .../modules/wp_full_path_disclosure_spec.rb | 23 +- .../modules/wp_login_protection_spec.rb | 55 +- spec/lib/wpscan/modules/wp_plugins_spec.rb | 139 ++--- spec/lib/wpscan/modules/wp_readme_spec.rb | 21 +- spec/lib/wpscan/modules/wp_themes_spec.rb | 215 ++++--- spec/lib/wpscan/modules/wp_timthumbs_spec.rb | 55 +- spec/lib/wpscan/modules/wp_usernames_spec.rb | 173 +++--- spec/lib/wpscan/wp_detector_spec.rb | 3 +- spec/lib/wpscan/wp_enumerator_spec.rb | 3 +- spec/lib/wpscan/wp_item_spec.rb | 560 +++++++++--------- spec/lib/wpscan/wp_options_spec.rb | 115 ++-- spec/lib/wpscan/wp_plugin_spec.rb | 60 +- spec/lib/wpscan/wp_target_spec.rb | 279 ++++----- spec/lib/wpscan/wp_theme_spec.rb | 211 +++---- spec/lib/wpscan/wp_user_spec.rb | 83 +-- spec/lib/wpscan/wp_version_spec.rb | 241 ++++---- spec/lib/wpscan/wp_vulnerability_spec.rb | 41 +- spec/lib/wpscan/wpscan_helper.rb | 7 +- spec/lib/wpscan/wpscan_options_spec.rb | 263 ++++---- .../list_generator/generate_list_spec.rb | 4 +- .../plugins/list_generator/svn_parser_spec.rb | 4 +- spec/lib/wpstools/wpstools_helper.rb | 1 + spec/spec_helper.rb | 28 +- spec/wpscan_spec.rb | 7 +- spec/xml_checks_spec.rb | 25 +- 39 files changed, 1789 insertions(+), 1675 deletions(-) diff --git a/spec/lib/browser_spec.rb b/spec/lib/browser_spec.rb index 026f4e23..e38ac043 100644 --- a/spec/lib/browser_spec.rb +++ b/spec/lib/browser_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -30,7 +31,7 @@ describe Browser do end before :each do - @browser = Browser.instance(:config_file => CONFIG_FILE_WITHOUT_PROXY) + @browser = Browser.instance(config_file: CONFIG_FILE_WITHOUT_PROXY) end def check_instance_variables(browser, json_expected_vars) @@ -41,7 +42,7 @@ describe Browser do end end - describe "#user_agent_mode setter / getter" do + describe '#user_agent_mode setter / getter' do # Testing all valid modes Browser::USER_AGENT_MODES.each do |user_agent_mode| it "should set / return #{user_agent_mode}" do @@ -52,27 +53,27 @@ describe Browser do it "shoud set the mode to 'static' if nil is given" do @browser.user_agent_mode = nil - @browser.user_agent_mode.should === "static" + @browser.user_agent_mode.should === 'static' end - it "should raise an error if the mode in not valid" do - expect { @browser.user_agent_mode = "invalid-mode" }.to raise_error + it 'should raise an error if the mode in not valid' do + expect { @browser.user_agent_mode = 'invalid-mode' }.to raise_error end end - describe "#max_threads=" do - it "should set max_threads to 1 if nil is given" do + describe '#max_threads=' do + it 'should set max_threads to 1 if nil is given' do @browser.max_threads = nil @browser.max_threads.should === 1 end - it "should set max_threads to 1 if 0 is given" do + it 'should set max_threads to 1 if 0 is given' do @browser.max_threads = 0 @browser.max_threads.should === 1 end end - describe "#proxy_auth=" do + describe '#proxy_auth=' do after :each do if @raise_error expect { @browser.proxy_auth = @proxy_auth }.to raise_error @@ -82,51 +83,51 @@ describe Browser do end end - it "should raise an error if the format is not correct" do - @proxy_auth = "invaludauthformat" + it 'should raise an error if the format is not correct' do + @proxy_auth = 'invaludauthformat' @raise_error = true end - it "should raise an error if the hash does not contain :proxy_username and :proxy_password" do - @proxy_auth = { :proxy_password => "hello" } + it 'should raise an error if the hash does not contain :proxy_username and :proxy_password' do + @proxy_auth = { proxy_password: 'hello' } @raise_error = true end - it "should raise an error if the auth if not a string or a hash" do + it 'should raise an error if the auth if not a string or a hash' do @proxy_auth = 10 @raise_error = true end - it "should set the correct credentials" do - @proxy_auth = {:proxy_username => "user", :proxy_password => "pass" } + it 'should set the correct credentials' do + @proxy_auth = { proxy_username: 'user', proxy_password: 'pass' } @expected = @proxy_auth end - it "should set the correct credentials" do - @proxy_auth = "username:passwd" - @expected = {:proxy_username => "username", :proxy_password => "passwd" } + it 'should set the correct credentials' do + @proxy_auth = 'username:passwd' + @expected = { proxy_username: 'username', proxy_password: 'passwd' } end end - describe "#user_agent" do + describe '#user_agent' do available_user_agents = %w{ ua-1 ua-2 ua-3 ua-4 ua-6 ua-7 ua-8 ua-9 ua-10 ua-11 ua-12 ua-13 ua-14 ua-15 ua-16 ua-17 } - it "should always return the same user agent in static mode" do - @browser.user_agent = "fake UA" - @browser.user_agent_mode = "static" + it 'should always return the same user agent in static mode' do + @browser.user_agent = 'fake UA' + @browser.user_agent_mode = 'static' (1..3).each do - @browser.user_agent.should === "fake UA" + @browser.user_agent.should === 'fake UA' end end - it "should choose a random user_agent in the available_user_agents array an always return it" do + it 'should choose a random user_agent in the available_user_agents array an always return it' do @browser.available_user_agents = available_user_agents - @browser.user_agent = "Firefox 11.0" - @browser.user_agent_mode = "semi-static" + @browser.user_agent = 'Firefox 11.0' + @browser.user_agent_mode = 'semi-static' user_agent = @browser.user_agent - user_agent.should_not === "Firefox 11.0" + user_agent.should_not === 'Firefox 11.0' available_user_agents.include?(user_agent).should be_true (1..3).each do @@ -134,9 +135,9 @@ describe Browser do end end - it "should return a random user agent each time" do + it 'should return a random user agent each time' do @browser.available_user_agents = available_user_agents - @browser.user_agent_mode = "random" + @browser.user_agent_mode = 'random' ua_1 = @browser.user_agent ua_2 = @browser.user_agent @@ -146,51 +147,51 @@ describe Browser do end end - describe "Singleton" do - it "should not allow #new" do + describe 'Singleton' do + it 'should not allow #new' do expect { Browser.new }.to raise_error end end describe "#instance with :config_file = #{CONFIG_FILE_WITHOUT_PROXY}" do - it "will check the instance vars" do + it 'will check the instance vars' do Browser.reset check_instance_variables( - Browser.instance(:config_file => CONFIG_FILE_WITHOUT_PROXY), + Browser.instance(config_file: CONFIG_FILE_WITHOUT_PROXY), @json_config_without_proxy ) end end describe "#instance with :config_file = #{CONFIG_FILE_WITH_PROXY}" do - it "will check the instance vars" do + it 'will check the instance vars' do Browser.reset check_instance_variables( - Browser.instance(:config_file => CONFIG_FILE_WITH_PROXY), + Browser.instance(config_file: CONFIG_FILE_WITH_PROXY), @json_config_with_proxy ) end end # TODO Write something to test all possible overriding - describe "override option : user_agent & threads" do - it "will check the instance vars, with an overriden one" do + describe 'override option : user_agent & threads' do + it 'will check the instance vars, with an overriden one' do Browser.reset check_instance_variables( Browser.instance( - :config_file => CONFIG_FILE_WITHOUT_PROXY, - :user_agent => "fake IE" + config_file: CONFIG_FILE_WITHOUT_PROXY, + user_agent: 'fake IE' ), - @json_config_without_proxy.merge("user_agent" => "fake IE") + @json_config_without_proxy.merge('user_agent' => 'fake IE') ) end - it "should not override the max_threads if max_threads = nil" do + it 'should not override the max_threads if max_threads = nil' do Browser.reset check_instance_variables( Browser.instance( - :config_file => CONFIG_FILE_WITHOUT_PROXY, - :max_threads => nil + config_file: CONFIG_FILE_WITHOUT_PROXY, + max_threads: nil ), @json_config_without_proxy ) @@ -198,95 +199,95 @@ describe Browser do end # TODO - describe "#load_config" do + describe '#load_config' do end - describe "#merge_request_params without proxy" do - it "should return the default params" do + describe '#merge_request_params without proxy' do + it 'should return the default params' do expected_params = { - :disable_ssl_host_verification => true, - :disable_ssl_peer_verification => true, - :headers => {'user-agent' => @browser.user_agent}, - :cache_timeout => @json_config_without_proxy['cache_timeout'] + disable_ssl_host_verification: true, + disable_ssl_peer_verification: true, + headers: { 'user-agent' => @browser.user_agent }, + cache_timeout: @json_config_without_proxy['cache_timeout'] } @browser.merge_request_params().should == expected_params end - it "should return the default params with some values overriden" do + it 'should return the default params with some values overriden' do expected_params = { - :disable_ssl_host_verification => false, - :disable_ssl_peer_verification => true, - :headers => {'user-agent' => 'Fake IE'}, - :cache_timeout => 0 + disable_ssl_host_verification: false, + disable_ssl_peer_verification: true, + headers: { 'user-agent' => 'Fake IE' }, + cache_timeout: 0 } @browser.merge_request_params( - :disable_ssl_host_verification => false, - :headers => {'user-agent' => 'Fake IE'}, - :cache_timeout => 0 + disable_ssl_host_verification: false, + headers: { 'user-agent' => 'Fake IE' }, + cache_timeout: 0 ).should == expected_params end - it "should return the defaul params with :headers:accept = 'text/html' (should not override :headers:user-agent)" do + it 'should return the defaul params with :headers:accept = \'text/html\' (should not override :headers:user-agent)' do expected_params = { - :disable_ssl_host_verification => true, - :disable_ssl_peer_verification => true, - :headers => {'user-agent' => @browser.user_agent, 'accept' => 'text/html'}, - :cache_timeout => @json_config_without_proxy['cache_timeout'] + disable_ssl_host_verification: true, + disable_ssl_peer_verification: true, + headers: { 'user-agent' => @browser.user_agent, 'accept' => 'text/html' }, + cache_timeout: @json_config_without_proxy['cache_timeout'] } - @browser.merge_request_params(:headers => {'accept' => 'text/html'}).should == expected_params + @browser.merge_request_params(headers: { 'accept' => 'text/html' }).should == expected_params end - it "should merge the basic-auth" do - @browser.basic_auth = "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" + it 'should merge the basic-auth' do + @browser.basic_auth = 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==' expected_params = { - :disable_ssl_host_verification => true, - :disable_ssl_peer_verification => true, - :headers => { - "Authorization" => "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==", - "user-agent" => @browser.user_agent - }, - :cache_timeout => @json_config_without_proxy['cache_timeout'] + disable_ssl_host_verification: true, + disable_ssl_peer_verification: true, + cache_timeout: @json_config_without_proxy['cache_timeout'], + headers: { + 'Authorization' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==', + 'user-agent' => @browser.user_agent + } } @browser.merge_request_params().should == expected_params - expected_params[:headers].merge!("user-agent" => "Fake FF") - @browser.merge_request_params(:headers => {"user-agent" => "Fake FF"}).should == expected_params + expected_params[:headers].merge!('user-agent' => 'Fake FF') + @browser.merge_request_params(headers: { 'user-agent' => 'Fake FF' }).should == expected_params end end - describe "#merge_request_params with proxy" do - it "should return the default params" do + describe '#merge_request_params with proxy' do + it 'should return the default params' do Browser.reset - browser = Browser.instance(:config_file => CONFIG_FILE_WITH_PROXY) + browser = Browser.instance(config_file: CONFIG_FILE_WITH_PROXY) expected_params = { - :proxy => @json_config_with_proxy['proxy'], - :disable_ssl_host_verification => true, - :disable_ssl_peer_verification => true, - :headers => {'user-agent' => @json_config_with_proxy['user_agent']}, - :cache_timeout => @json_config_with_proxy['cache_timeout'] + proxy: @json_config_with_proxy['proxy'], + disable_ssl_host_verification: true, + disable_ssl_peer_verification: true, + headers: { 'user-agent' => @json_config_with_proxy['user_agent'] }, + cache_timeout: @json_config_with_proxy['cache_timeout'] } browser.merge_request_params().should == expected_params end - it "should return the default params (proxy_auth set)" do + it 'should return the default params (proxy_auth set)' do Browser.reset - browser = Browser.instance(:config_file => CONFIG_FILE_WITH_PROXY_AND_AUTH) + browser = Browser.instance(config_file: CONFIG_FILE_WITH_PROXY_AND_AUTH) expected_params = { - :proxy => @json_config_with_proxy['proxy'], - :proxy_username => "user", - :proxy_password => "pass", - :disable_ssl_host_verification => true, - :disable_ssl_peer_verification => true, - :headers => {'user-agent' => @json_config_with_proxy['user_agent']}, - :cache_timeout => @json_config_with_proxy['cache_timeout'] + proxy: @json_config_with_proxy['proxy'], + proxy_username: 'user', + proxy_password: 'pass', + disable_ssl_host_verification: true, + disable_ssl_peer_verification: true, + headers: { 'user-agent' => @json_config_with_proxy['user_agent'] }, + cache_timeout: @json_config_with_proxy['cache_timeout'] } browser.merge_request_params().should == expected_params @@ -294,21 +295,21 @@ describe Browser do end # TODO - describe "#forge_request" do + describe '#forge_request' do end - describe "#post" do - it "should return a Typhoeus::Response wth body = 'Welcome Master' if login=master&password=it's me !" do + describe '#post' do + it 'should return a Typhoeus::Response wth body = "Welcome Master" if login=master&password=it\'s me !' do url = 'http://example.com/' stub_request(:post, url). - with(:body => "login=master&password=it's me !"). - to_return(:status => 200, :body => "Welcome Master") + with(body: "login=master&password=it's me !"). + to_return(status: 200, body: 'Welcome Master') response = @browser.post( url, - :params => {:login => "master", :password => "it's me !"} + params: { login: 'master', password: 'it\'s me !' } ) response.should be_a Typhoeus::Response @@ -316,12 +317,12 @@ describe Browser do end end - describe "#get" do + describe '#get' do it "should return a Typhoeus::Response with body = 'Hello World !'" do url = 'http://example.com/' stub_request(:get, url). - to_return(:status => 200, :body => "Hello World !") + to_return(status: 200, body: 'Hello World !') response = @browser.get(url) @@ -330,8 +331,8 @@ describe Browser do end end - describe "#Browser.generate_cache_key_from_request" do - it "2 requests with the same url, without params must have the same cache_key" do + describe '#Browser.generate_cache_key_from_request' do + it '2 requests with the same url, without params must have the same cache_key' do url = 'http://example.com' key1 = Browser.generate_cache_key_from_request(@browser.forge_request(url)) @@ -340,23 +341,23 @@ describe Browser do key1.should === key2 end - it "2 requests with the same url, but with different params should have a different cache_key" do + it '2 requests with the same url, but with different params should have a different cache_key' do url = 'http://example.com' - key1 = Browser.generate_cache_key_from_request(@browser.forge_request(url, :params => {:login => "master", :password => "it's me !"})) + key1 = Browser.generate_cache_key_from_request(@browser.forge_request(url, params: { login: 'master', password: 'it\'s me !' })) key2 = Browser.generate_cache_key_from_request(@browser.forge_request(url)) key1.should_not == key2 end end - describe "testing caching" do - it "should only do 1 request, and retrieve the other one from the cache" do + describe 'testing caching' do + it 'should only do 1 request, and retrieve the other one from the cache' do url = 'http://example.localhost' stub_request(:get, url). - to_return(:status => 200, :body => "Hello World !") + to_return(status: 200, body: 'Hello World !') response1 = @browser.get(url) response2 = @browser.get(url) @@ -366,10 +367,10 @@ describe Browser do end end - describe "testing UTF8" do - it "should not throw an encoding exception" do - url = SPEC_FIXTURES_DIR + "/utf8.html" - stub_request(:get, url).to_return(:status => 200, :body => File.read(url)) + describe 'testing UTF8' do + it 'should not throw an encoding exception' do + url = SPEC_FIXTURES_DIR + '/utf8.html' + stub_request(:get, url).to_return(status: 200, body: File.read(url)) response1 = @browser.get(url) expect { response1.body }.to_not raise_error end diff --git a/spec/lib/cache_file_store_spec.rb b/spec/lib/cache_file_store_spec.rb index c1805b47..47724faa 100644 --- a/spec/lib/cache_file_store_spec.rb +++ b/spec/lib/cache_file_store_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -34,20 +35,20 @@ describe CacheFileStore do @cache.clean end - describe "#storage_path" do - it "returns the storage path given in the #new" do + describe '#storage_path' do + it 'returns the storage path given in the #new' do @cache.storage_path.should == @cache_dir end end - describe "#serializer" do - it "should return the default serializer : Marshal" do + describe '#serializer' do + it 'should return the default serializer : Marshal' do @cache.serializer.should == Marshal @cache.serializer.should_not == YAML end end - describe "#clean" do + describe '#clean' do it "should remove all files from the cache dir (#{@cache_dir}" do # let's create some files into the directory first (0..5).each do |i| @@ -60,30 +61,30 @@ describe CacheFileStore do end end - describe "#read_entry (nonexistent entry)" do - it "should return nil" do + describe '#read_entry (nonexistent entry)' do + it 'should return nil' do @cache.read_entry(Digest::SHA1.hexdigest('hello world')).should be_nil end end - describe "#write_entry, #read_entry" do + describe '#write_entry, #read_entry' do after :each do @cache.write_entry(@key, @data, @timeout) @cache.read_entry(@key).should === @expected end - it "should get the correct entry (string)" do + it 'should get the correct entry (string)' do @timeout = 10 - @key = "some_key" - @data = "Hello World !" + @key = 'some_key' + @data = 'Hello World !' @expected = @data end - it "should not write the entry" do + it 'should not write the entry' do @timeout = 0 - @key = "another_key" - @data = "Another Hello World !" + @key = 'another_key' + @data = 'Another Hello World !' @expected = nil end diff --git a/spec/lib/common/custom_option_parser_spec.rb b/spec/lib/common/custom_option_parser_spec.rb index 7f30a720..4cec8d18 100644 --- a/spec/lib/common/custom_option_parser_spec.rb +++ b/spec/lib/common/custom_option_parser_spec.rb @@ -1,14 +1,16 @@ -require "spec_helper" +# encoding: UTF-8 + +require 'spec_helper' describe CustomOptionParser do let(:parser) { CustomOptionParser.new } - describe "#new" do + describe '#new' do end - describe "::option_to_symbol" do + describe '::option_to_symbol' do after :each do if @exception expect { CustomOptionParser::option_to_symbol(@option) }.to raise_error(@exception) @@ -17,135 +19,135 @@ describe CustomOptionParser do end end - context "without REQUIRED or OPTIONAL arguments" do - context "with short option" do - it "should return :test" do - @option = ["-t", "--test", "Testing"] + context 'without REQUIRED or OPTIONAL arguments' do + context 'with short option' do + it 'should return :test' do + @option = ['-t', '--test', 'Testing'] @expected = :test end - it "should :its_a_long_option" do - @option = ["-l", "--its-a-long-option", "Testing '-' replacement"] + it 'should :its_a_long_option' do + @option = ['-l', '--its-a-long-option', "Testing '-' replacement"] @expected = :its_a_long_option end end - context "without short option" do - it "should return :long" do - @option = ["--long", "The method should find the option name ('long')"] + context 'without short option' do + it 'should return :long' do + @option = ['--long', "The method should find the option name ('long')"] @expected = :long end - it "should return :long_option" do - @option = ["--long-option", "No short !"] + it 'should return :long_option' do + @option = ['--long-option', 'No short !'] @expected = :long_option end end - context "without long option" do - it "should raise an arror" do - @option = ["-v", "The long option is missing there"] - @exception = "Could not find the option name for [\"-v\", \"The long option is missing there\"]" + context 'without long option' do + it 'should raise an arror' do + @option = ['-v', 'The long option is missing there'] + @exception = 'Could not find the option name for ["-v", "The long option is missing there"]' end - it "should raise an error" do - @option = ["The long option is missing there"] - @exception = "Could not find the option name for [\"The long option is missing there\"]" + it 'should raise an error' do + @option = ['The long option is missing there'] + @exception = 'Could not find the option name for ["The long option is missing there"]' end end - context "with multiple long option names (like alias)" do - it "should return :check_long and not :cl" do - @option = ["--check-long", "--cl"] + context 'with multiple long option names (like alias)' do + it 'should return :check_long and not :cl' do + @option = ['--check-long', '--cl'] @expected = :check_long end end end - context "with REQUIRED or OPTIONAL arguments" do - it "should removed the OPTIONAL argument" do - @option = ["-p", "--page [PAGE_NUMBER]"] + context 'with REQUIRED or OPTIONAL arguments' do + it 'should removed the OPTIONAL argument' do + @option = ['-p', '--page [PAGE_NUMBER]'] @expected = :page end - it "should removed the REQUIRED argument" do - @option = ["--url TARGET_URL"] + it 'should removed the REQUIRED argument' do + @option = ['--url TARGET_URL'] @expected = :url end end end - describe "#add_option" do - context "exception throwing if" do + describe '#add_option' do + context 'exception throwing if' do after :each do expect { parser.add_option(@option) }.to raise_error(@exception) end - it "argument passed is not an Array" do - @option = "a simple String" + it 'argument passed is not an Array' do + @option = 'a simple String' @exception = "The option must be an array, String supplied : 'a simple String'" end - it "option name is already used" do - @option = ["-v", "--verbose", "Verbose mode"] + it 'option name is already used' do + @option = ['-v', '--verbose', 'Verbose mode'] parser.add_option(@option) - @exception = "The option verbose is already used !" + @exception = 'The option verbose is already used !' end end - it "should have had 2 symbols (:verbose, :url) to @symbols_used" do - parser.add_option(["-v", "--verbose"]) - parser.add_option(["--url TARGET_URL"]) + it 'should have had 2 symbols (:verbose, :url) to @symbols_used' do + parser.add_option(['-v', '--verbose']) + parser.add_option(['--url TARGET_URL']) parser.symbols_used.sort.should === [:url, :verbose] end - context "parsing" do + context 'parsing' do before :each do - parser.add_option(["-u", "--url TARGET_URL", "Set the target url"]) + parser.add_option(['-u', '--url TARGET_URL', 'Set the target url']) end - it "should raise an error if an unknown option is supplied" do - expect { parser.parse!(["--verbose"]) }.to raise_error(OptionParser::InvalidOption) + it 'should raise an error if an unknown option is supplied' do + expect { parser.parse!(['--verbose']) }.to raise_error(OptionParser::InvalidOption) end - it "should raise an error if an option require an argument which is not supplied" do - expect { parser.parse!(["--url"]) }.to raise_error(OptionParser::MissingArgument) + it 'should raise an error if an option require an argument which is not supplied' do + expect { parser.parse!(['--url']) }.to raise_error(OptionParser::MissingArgument) end - it "should retrieve the correct argument" do - parser.parse!(["-u", "iam_the_target"]) - parser.results.should === { :url => "iam_the_target" } + it 'should retrieve the correct argument' do + parser.parse!(['-u', 'iam_the_target']) + parser.results.should === { url: 'iam_the_target' } end end end - describe "#add" do - it "should raise an error if the argument is not an Array or Array(Array)" do - expect { parser.add("Hello") }.to raise_error("Options must be at least an Array, or an Array(Array). String supplied") + describe '#add' do + it 'should raise an error if the argument is not an Array or Array(Array)' do + expect { parser.add('Hello') }.to raise_error('Options must be at least an Array, or an Array(Array). String supplied') end before :each do - parser.add(["-u", "--url TARGET_URL"]) + parser.add(['-u', '--url TARGET_URL']) end - context "single option" do - it "should add the :url option, and retrieve the correct argument" do - parser.symbols_used.should === [ :url ] - parser.results(["-u", "target.com"]).should === { :url => "target.com" } + context 'single option' do + it 'should add the :url option, and retrieve the correct argument' do + parser.symbols_used.should === [:url] + parser.results(['-u', 'target.com']).should === { url: 'target.com' } end end - context "multiple options" do - it "should add 2 options, and retrieve the correct arguments" do + context 'multiple options' do + it 'should add 2 options, and retrieve the correct arguments' do parser.add([ - ["-v", "--verbose"], - ["--test [TEST_NUMBER]"] + ['-v', '--verbose'], + ['--test [TEST_NUMBER]'] ]) parser.symbols_used.sort.should === [:test, :url, :verbose] - parser.results(["-u", "wp.com", "-v", "--test"]).should === { :test => nil, :url => "wp.com", :verbose => true } + parser.results(['-u', 'wp.com', '-v', '--test']).should === { test: nil, url: 'wp.com', verbose: true } end end end diff --git a/spec/lib/common/plugins/plugin_spec.rb b/spec/lib/common/plugins/plugin_spec.rb index afd43bd5..d3c3faf9 100644 --- a/spec/lib/common/plugins/plugin_spec.rb +++ b/spec/lib/common/plugins/plugin_spec.rb @@ -1,24 +1,26 @@ +# encoding: UTF-8 + require 'spec_helper' describe Plugin do subject(:plugin) { Plugin.new } - describe "#new" do - context "with some infos" do + describe '#new' do + context 'with some infos' do subject(:plugin) { Plugin.new(infos) } - let(:infos) { {:author => "John"} } + let(:infos) { { author: 'John' } } its(:author) { should === infos[:author] } end end - describe "#run" do - it "should raise a NotImplementedError" do + describe '#run' do + it 'should raise a NotImplementedError' do expect { plugin.run }.to raise_error(NotImplementedError) end end - describe "#register_options" do + describe '#register_options' do after :each do if @exception expect { plugin.register_options(*@options) }.to raise_error(@exception) @@ -28,16 +30,22 @@ describe Plugin do end end - context "when an option is not an Array" do - it "should raise an error" do - @options = [["-v", "--verbose", "It's a valid option"], "Not a valid one"] - @exception = "Each option must be an array, String supplied" + context 'when an option is not an Array' do + it 'should raise an error' do + @options = [ + ['-v', '--verbose', 'It\'s a valid option'], + 'Not a valid one' + ] + @exception = 'Each option must be an array, String supplied' end end - context "when options are Arrays" do - it "should register the options" do - @options = [["-v", "--verbose", "Verbose mode"], ["-u", "--url TARGET_URL"]] + context 'when options are Arrays' do + it 'should register the options' do + @options = [ + ['-v', '--verbose', 'Verbose mode'], + ['-u', '--url TARGET_URL'] + ] @expected = *@options end end diff --git a/spec/lib/common/plugins/plugins_spec.rb b/spec/lib/common/plugins/plugins_spec.rb index 2c3b71a7..d18f979e 100644 --- a/spec/lib/common/plugins/plugins_spec.rb +++ b/spec/lib/common/plugins/plugins_spec.rb @@ -1,14 +1,16 @@ -require "spec_helper" +# encoding: UTF-8 + +require 'spec_helper' class TestPlugin < Plugin def initialize - register_options(["-u", "--url"]) + register_options(['-u', '--url']) end end class AnotherPlugin < Plugin def initialize - super(:author => "John") + super(author: 'John') # No Options end end @@ -19,28 +21,28 @@ describe Plugins do let(:test_plugin) { TestPlugin.new } let(:another_plugin) { AnotherPlugin.new } - describe "#new" do - context "without argument" do + describe '#new' do + context 'without argument' do its(:option_parser) { should be_a CustomOptionParser } - it "should be an Array" do + it 'should be an Array' do plugins.should be_an Array end end - context "with an option_parser argument" do - subject(:plugin) { Plugins.new(CustomOptionParser.new("the banner")) } + context 'with an option_parser argument' do + subject(:plugin) { Plugins.new(CustomOptionParser.new('the banner')) } its(:option_parser) { should be_a CustomOptionParser } - its("option_parser.banner") { should === "the banner" } + its('option_parser.banner') { should === 'the banner' } - it "should raise an eror if the parser is not an instance of CustomOptionParser" do - expect { Plugins.new(OptionParser.new) }.to raise_error("The parser must be an instance of CustomOptionParser, OptionParser supplied") + it 'should raise an eror if the parser is not an instance of CustomOptionParser' do + expect { Plugins.new(OptionParser.new) }.to raise_error('The parser must be an instance of CustomOptionParser, OptionParser supplied') end end end - describe "#register_plugin" do + describe '#register_plugin' do after :each do if @exception expect { plugins.register_plugin(@plugin) }.to raise_error(@exception) @@ -51,27 +53,27 @@ describe Plugins do end end - context "when the argument supplied is not an instance of Plugin" do - it "should raise an error" do - @plugin = "I'am a String" - @exception = "The argument must be an instance of Plugin, String supplied" + context 'when the argument supplied is not an instance of Plugin' do + it 'should raise an error' do + @plugin = "I'am a String" + @exception = 'The argument must be an instance of Plugin, String supplied' end end - it "should register the plugin" do + it 'should register the plugin' do @plugin = TestPlugin.new @expected = [@plugin] end - it "should register 2 plugins (the order is important)" do + it 'should register 2 plugins (the order is important)' do plugins.register_plugin(test_plugin) - @plugin = another_plugin + @plugin = another_plugin @expected = [test_plugin, @plugin] end end - describe "#register" do + describe '#register' do after :each do plugins.register(*@plugins_to_register) @@ -83,11 +85,11 @@ describe Plugins do plugins.should === @plugins_to_register end - it "should register 1 plugin" do + it 'should register 1 plugin' do @plugins_to_register = [test_plugin] end - it "should register 2 plugins" do + it 'should register 2 plugins' do @plugins_to_register = [another_plugin, test_plugin] end end diff --git a/spec/lib/common_helper_spec.rb b/spec/lib/common_helper_spec.rb index ea3fd012..f044f0b6 100644 --- a/spec/lib/common_helper_spec.rb +++ b/spec/lib/common_helper_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -18,57 +19,58 @@ require File.expand_path(File.dirname(__FILE__) + '../../../lib/wpscan/wpscan_helper') -describe "common_helper" do - describe "#get_equal_string" do +describe 'common_helper' do + describe '#get_equal_string' do after :each do output = get_equal_string_end(@input) + output.should == @expected end - it "sould return an empty string" do - @input = [""] - @expected = "" + it 'sould return an empty string' do + @input = [''] + @expected = '' end - it "sould return an empty string" do - @input = [] - @expected = "" + it 'sould return an empty string' do + @input = [] + @expected = '' end - it "sould return asdf" do - @input = ["kjh asdf", "oijr asdf"] - @expected = " asdf" + it 'sould return asdf' do + @input = ['kjh asdf', 'oijr asdf'] + @expected = ' asdf' end - it "sould return « BlogName" do - @input = ["user1 « BlogName", - "user2 « BlogName", - "user3 « BlogName", - "user4 « BlogName"] - @expected = " « BlogName" + it 'sould return « BlogName' do + @input = ['user1 « BlogName', + 'user2 « BlogName', + 'user3 « BlogName', + 'user4 « BlogName'] + @expected = ' « BlogName' end - it "sould return an empty string" do - @input = %w{user1 user2 user3 user4} - @expected = "" + it 'sould return an empty string' do + @input = %w{user1 user2 user3 user4} + @expected = '' end - it "sould return an empty string" do - @input = ["user1 « BlogName", - "user2 « BlogName", - "user3 « BlogName", - "user4 « BlogNamea"] - @expected = "" + it 'sould return an empty string' do + @input = ['user1 « BlogName', + 'user2 « BlogName', + 'user3 « BlogName', + 'user4 « BlogNamea'] + @expected = '' end - it "sould return an empty string" do - @input = %w{ user1 } - @expected = "" + it 'sould return an empty string' do + @input = %w{ user1 } + @expected = '' end - it "sould return | test" do - @input = ["admin | test", "test | test"] - @expected = " | test" + it 'sould return | test' do + @input = ['admin | test', 'test | test'] + @expected = ' | test' end end -end \ No newline at end of file +end diff --git a/spec/lib/updater/git_updater_spec.rb b/spec/lib/updater/git_updater_spec.rb index 153cd0cc..607cbcb1 100644 --- a/spec/lib/updater/git_updater_spec.rb +++ b/spec/lib/updater/git_updater_spec.rb @@ -1,3 +1,5 @@ +# encoding: UTF-8 + require 'spec_helper' describe GitUpdater do @@ -6,65 +8,65 @@ describe GitUpdater do @git_updater = GitUpdater.new end - describe "#is_installed?" do + describe '#is_installed?' do after :each do stub_system_command(@git_updater, /^git .* status/, @stub_value) @git_updater.is_installed?.should === @expected end - it "should return false if the command is not found" do - @stub_value = "git: command not found" - @expected = false + it 'should return false if the command is not found' do + @stub_value = 'git: command not found' + @expected = false end - it "should return true if the repo is a git one" do + it 'should return true if the repo is a git one' do @stub_value = "# On branch master\n# Changed but not updated:" - @expected = true + @expected = true end end - describe "#local_revision_number" do + describe '#local_revision_number' do after :each do stub_system_command(@git_updater, /^git .* log/, @stub_value) @git_updater.local_revision_number.should === @expected end - it "should return 79c01f3" do - @stub_value = " + it 'should return 79c01f3' do + @stub_value = ' commit 79c01f3ed535a8e33876ea091d8217cae7df4028 Author: Moi - Date: Wed Jul 11 23:22:16 2012 +0100" - @expected = "79c01f3" + Date: Wed Jul 11 23:22:16 2012 +0100' + @expected = '79c01f3' end end - describe "#update" do - it "should do nothing xD" do - stub_system_command(@git_updater, /^git .* pull/, "Already up-to-date.") - @git_updater.update().should === "Already up-to-date." + describe '#update' do + it 'should do nothing xD' do + stub_system_command(@git_updater, /^git .* pull/, 'Already up-to-date.') + @git_updater.update().should === 'Already up-to-date.' end end - describe "#has_local_changes?" do + describe '#has_local_changes?' do after :each do stub_system_command(@git_updater, /^git .* diff --exit-code 2>&1/, @stub_value) @git_updater.has_local_changes?.should === @expected end - it "should return true if there are local changes" do + it 'should return true if there are local changes' do @stub_value = 'diff' - @expected = true + @expected = true end - it "should return false if there are no local changes" do + it 'should return false if there are no local changes' do @stub_value = '' - @expected = false + @expected = false end end - describe "#reset_head" do - it "should reset the local repo" do - stub_system_command(@git_updater, /^git .* reset --hard HEAD/, "HEAD is now at") + describe '#reset_head' do + it 'should reset the local repo' do + stub_system_command(@git_updater, /^git .* reset --hard HEAD/, 'HEAD is now at') @git_updater.reset_head.should match(/^HEAD is now at/) end end diff --git a/spec/lib/updater/svn_updater_spec.rb b/spec/lib/updater/svn_updater_spec.rb index 13dc03bd..24c2c69a 100644 --- a/spec/lib/updater/svn_updater_spec.rb +++ b/spec/lib/updater/svn_updater_spec.rb @@ -1,3 +1,5 @@ +# encoding: UTF-8 + require 'spec_helper' describe SvnUpdater do @@ -6,23 +8,23 @@ describe SvnUpdater do @svn_updater = SvnUpdater.new end - describe "#is_installed?" do + describe '#is_installed?' do after :each do stub_system_command(@svn_updater, /^svn info/, @stub_value) @svn_updater.is_installed?.should === @expected end - it "should return false if the svn command is not found" do - @stub_value = "svn: command not found" - @expected = false + it 'should return false if the svn command is not found' do + @stub_value = 'svn: command not found' + @expected = false end - it "should return false if the repository is not manage by svn" do + it 'should return false if the repository is not manage by svn' do @stub_value = "svn: '.' is not a working copy" - @expected = false + @expected = false end - it "should return true" do + it 'should return true' do @stub_value = ' @@ -45,13 +47,13 @@ describe SvnUpdater do end end - describe "#local_revision_number" do + describe '#local_revision_number' do after :each do stub_system_command(@svn_updater, /^svn info/, @stub_value) @svn_updater.local_revision_number.should === @expected end - it "should return 399" do + it 'should return 399' do @stub_value = ' @@ -70,14 +72,14 @@ describe SvnUpdater do ' - @expected = "362" + @expected = '362' end end - describe "#update" do - it "should do nothing xD" do - stub_system_command(@svn_updater, /^svn up/, "At revision 425.") - @svn_updater.update().should === "At revision 425." + describe '#update' do + it 'should do nothing xD' do + stub_system_command(@svn_updater, /^svn up/, 'At revision 425.') + @svn_updater.update().should === 'At revision 425.' end end diff --git a/spec/lib/updater/updater_factory_spec.rb b/spec/lib/updater/updater_factory_spec.rb index 5b7dffc1..bcedbdf5 100644 --- a/spec/lib/updater/updater_factory_spec.rb +++ b/spec/lib/updater/updater_factory_spec.rb @@ -1,17 +1,19 @@ +# encoding: UTF-8 + require 'spec_helper' describe UpdaterFactory do - describe "#available_updaters_classes" do + describe '#available_updaters_classes' do after :each do UpdaterFactory.available_updaters_classes.sort.should === @expected.sort end - it "should return [:GitUpdater, :SvnUpdater]" do + it 'should return [:GitUpdater, :SvnUpdater]' do @expected = [:GitUpdater, :SvnUpdater] end - it "should return [:TestUpdater, :GitUpdater, :SvnUpdater]" do + it 'should return [:TestUpdater, :GitUpdater, :SvnUpdater]' do class TestUpdater < Updater end @@ -20,7 +22,7 @@ describe UpdaterFactory do end # TODO : Find a way to test that - describe "#get_updater" do + describe '#get_updater' do end diff --git a/spec/lib/updater/updater_spec.rb b/spec/lib/updater/updater_spec.rb index f2e30b93..9b7561ae 100644 --- a/spec/lib/updater/updater_spec.rb +++ b/spec/lib/updater/updater_spec.rb @@ -1,3 +1,5 @@ +# encoding: UTF-8 + require 'spec_helper' describe Updater do @@ -11,8 +13,8 @@ describe Updater do Object.send(:remove_const, :TestUpdater) end - describe "non implementation of #is_installed?, #has_update? and #update" do - it "should raise errors" do + describe 'non implementation of #is_installed?, #has_update? and #update' do + it 'should raise errors' do test_updater = TestUpdater.new methods_to_call = [:is_installed?, :update, :local_revision_number] diff --git a/spec/lib/wpscan/modules/brute_force_spec.rb b/spec/lib/wpscan/modules/brute_force_spec.rb index 42de6c31..1f2b5a55 100644 --- a/spec/lib/wpscan/modules/brute_force_spec.rb +++ b/spec/lib/wpscan/modules/brute_force_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,56 +17,56 @@ # along with this program. If not, see . #++ -shared_examples_for "BruteForce" do +shared_examples_for 'BruteForce' do before :each do - @module = WpScanModuleSpec.new("http://example.localhost") + @module = WpScanModuleSpec.new('http://example.localhost') @target_url = @module.uri.to_s - @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/bruteforce" - @wordlist = @fixtures_dir + "/wordlist.txt" - @username = "admin" + @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/bruteforce' + @wordlist = @fixtures_dir + '/wordlist.txt' + @username = 'admin' @module.extend(BruteForce) Browser.instance.max_threads = 1 end - describe "#lines_in_file" do - it "should return 6" do + describe '#lines_in_file' do + it 'should return 6' do lines = BruteForce.lines_in_file(@wordlist) lines.should == 6 end end - describe "#brute_force" do + describe '#brute_force' do before :each do end - it "should get the correct password" do + it 'should get the correct password' do passwords = [] - File.open(@wordlist, "r").each do |password| + File.open(@wordlist, 'r').each do |password| # ignore comments - passwords << password.strip unless password.strip[0,1] == "#" + passwords << password.strip unless password.strip[0, 1] == '#' end # Last status must be 302 to get full code coverage - passwords.each do || + passwords.each do |_| stub_request(:any, @module.login_url).to_return( - { :status => 200, :body => "login_error" }, - { :status => 0, :body => "no reponse" }, - { :status => 50, :body => "server error" }, - { :status => 999, :body => "invalid" }, - { :status => 302, :body => "FOUND!" } + { status: 200, body: 'login_error' }, + { status: 0, body: 'no reponse' }, + { status: 50, body: 'server error' }, + { status: 999, body: 'invalid' }, + { status: 302, body: 'FOUND!' } ) end - user = WpUser.new("admin", 1, nil) + user = WpUser.new('admin', 1, nil) result = @module.brute_force([user], @wordlist) result.length.should == 1 - result.should === [{ :name => "admin", :password => "root" }] + result.should === [{ name: 'admin', password: 'root' }] end - it "should cover the timeout branch and return an empty array" do + it 'should cover the timeout branch and return an empty array' do stub_request(:any, @module.login_url).to_timeout - user = WpUser.new("admin", 1, nil) + user = WpUser.new('admin', 1, nil) result = @module.brute_force([user], @wordlist) result.should == [] end diff --git a/spec/lib/wpscan/modules/malwares_spec.rb b/spec/lib/wpscan/modules/malwares_spec.rb index c7c9f590..44eaf148 100644 --- a/spec/lib/wpscan/modules/malwares_spec.rb +++ b/spec/lib/wpscan/modules/malwares_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,7 +17,7 @@ # along with this program. If not, see . #++ -shared_examples_for "Malwares" do +shared_examples_for 'Malwares' do before :each do @module = WpScanModuleSpec.new('http://example.localhost') @@ -27,16 +28,16 @@ shared_examples_for "Malwares" do @module.extend(Malwares) end - describe "#malwares_file" do + describe '#malwares_file' do it "should return #{SPEC_FIXTURES_WPSCAN_MODULES_DIR}/wp_malwares.txt" do Malwares.malwares_file(@malwares_file_path).should === @malwares_file_path end end - describe "#malwares & #has_malwares" do + describe '#malwares & #has_malwares' do after :each do if @fixture - stub_request_to_fixture(:url => @target_url, :fixture => File.new(@fixture)) + stub_request_to_fixture(url: @target_url, fixture: File.new(@fixture)) end malwares = @module.malwares(@malwares_file_path) @@ -44,30 +45,30 @@ shared_examples_for "Malwares" do malwares.sort.should === @expected_malwares.sort @module.has_malwares?.should === (@expected_malwares.empty? ? false : true) end - it "should return an empty array on a 404" do - stub_request(:get, @target_url).to_return(:status => 404) + it 'should return an empty array on a 404' do + stub_request(:get, @target_url).to_return(status: 404) @expected_malwares = [] end - it "should return an array empty array if no infection found" do - @fixture = @fixtures_dir + "/clean.html" + it 'should return an array empty array if no infection found' do + @fixture = @fixtures_dir + '/clean.html' @expected_malwares = [] end - it "should return an array with 1 malware url (.rr.nu check)" do - @fixture = @fixtures_dir + "/single-infection.html" - @expected_malwares = ["http://irstde24clined.rr.nu/mm.php?d=1"] + it 'should return an array with 1 malware url (.rr.nu check)' do + @fixture = @fixtures_dir + '/single-infection.html' + @expected_malwares = ['http://irstde24clined.rr.nu/mm.php?d=1'] end - it "should return an array with 1 malware url (iframe check)" do - @fixture = @fixtures_dir + "/single-iframe-infection.html" - @expected_malwares = ["http://www.thesea.org/media.php"] + it 'should return an array with 1 malware url (iframe check)' do + @fixture = @fixtures_dir + '/single-iframe-infection.html' + @expected_malwares = ['http://www.thesea.org/media.php'] end - it "should return an array with 3 malwares url" do - @fixture = @fixtures_dir + "/multiple-infections.html" - @expected_malwares = ["http://irstde24clined.rr.nu/mm.php?d=1", "http://atio79srem.rr.nu/pmg.php?dr=1", "http://www.thesea.org/media.php"] + it 'should return an array with 3 malwares url' do + @fixture = @fixtures_dir + '/multiple-infections.html' + @expected_malwares = ['http://irstde24clined.rr.nu/mm.php?d=1', 'http://atio79srem.rr.nu/pmg.php?dr=1', 'http://www.thesea.org/media.php'] end end diff --git a/spec/lib/wpscan/modules/web_site_spec.rb b/spec/lib/wpscan/modules/web_site_spec.rb index 7593c28a..492207a3 100644 --- a/spec/lib/wpscan/modules/web_site_spec.rb +++ b/spec/lib/wpscan/modules/web_site_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,165 +17,165 @@ # along with this program. If not, see . #++ -shared_examples_for "WebSite" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/web_site" } - subject(:web_site) { WpScanModuleSpec.new("http://example.localhost/").extend(WebSite) } +shared_examples_for 'WebSite' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/web_site' } + subject(:web_site) { WpScanModuleSpec.new('http://example.localhost/').extend(WebSite) } - describe "#online?" do - it "should not be considered online if the status code is 0" do - stub_request(:get, web_site.url).to_return(:status => 0) + describe '#online?' do + it 'should not be considered online if the status code is 0' do + stub_request(:get, web_site.url).to_return(status: 0) web_site.should_not be_online end - it "should be considered online if the status code is != 0" do - stub_request(:get, web_site.url).to_return(:status => 200) + it 'should be considered online if the status code is != 0' do + stub_request(:get, web_site.url).to_return(status: 200) web_site.should be_online end end - describe "#has_basic_auth?" do - it "should detect that the wpsite is basic auth protected" do - stub_request(:get, web_site.url).to_return(:status => 401) + describe '#has_basic_auth?' do + it 'should detect that the wpsite is basic auth protected' do + stub_request(:get, web_site.url).to_return(status: 401) web_site.should have_basic_auth end - it "should not have a basic auth for a 200" do - stub_request(:get, web_site.url).to_return(:status => 200) + it 'should not have a basic auth for a 200' do + stub_request(:get, web_site.url).to_return(status: 200) web_site.should_not have_basic_auth end end - describe "#xml_rpc_url" do - it "should return the correct url : http://example.localhost/xmlrpc.php" do - xmlrpc = "http://example.localhost/xmlrpc.php" + describe '#xml_rpc_url' do + it 'should return the correct url : http://example.localhost/xmlrpc.php' do + xmlrpc = 'http://example.localhost/xmlrpc.php' stub_request(:get, web_site.url). - to_return(:status => 200, :body => "", :headers => { "X-Pingback" => xmlrpc}) + to_return(status: 200, body: '', headers: { 'X-Pingback' => xmlrpc}) web_site.xml_rpc_url.should === xmlrpc end - it "should return nil" do - stub_request(:get, web_site.url).to_return(:status => 200) + it 'should return nil' do + stub_request(:get, web_site.url).to_return(status: 200) web_site.xml_rpc_url.should be_nil end end - describe "#has_xml_rpc?" do - it "should return true" do + describe '#has_xml_rpc?' do + it 'should return true' do stub_request(:get, web_site.url). - to_return(:status => 200, :body => "", :headers => { "X-Pingback" => "xmlrpc"}) + to_return(status: 200, body: '', headers: { 'X-Pingback' => 'xmlrpc'}) web_site.should have_xml_rpc end - it "should return false" do - stub_request(:get, web_site.url).to_return(:status => 200) + it 'should return false' do + stub_request(:get, web_site.url).to_return(status: 200) web_site.should_not have_xml_rpc end end - describe "#wordpress?" do + describe '#wordpress?' do # each url (wp-login and xmlrpc) pointed to a 404 before :each do stub_request(:get, web_site.url). - to_return(:status => 200, :body => "", :headers => { "X-Pingback" => web_site.uri.merge("xmlrpc.php")}) + to_return(status: 200, body: '', headers: { 'X-Pingback' => web_site.uri.merge('xmlrpc.php')}) [web_site.login_url, web_site.xml_rpc_url].each do |url| - stub_request(:get, url).to_return(:status => 404, :body => "") + stub_request(:get, url).to_return(status: 404, body: '') end end - it "should return false if both files are not found (404)" do + it 'should return false if both files are not found (404)' do web_site.should_not be_wordpress end - it "should return true if the wp-login is found and is a valid wordpress one" do + it 'should return true if the wp-login is found and is a valid wordpress one' do stub_request(:get, web_site.login_url). - to_return(:status => 200, :body => File.new(fixtures_dir + "/wp-login.php")) + to_return(status: 200, body: File.new(fixtures_dir + '/wp-login.php')) web_site.should be_wordpress end - it "should return true if the xmlrpc is found" do + it 'should return true if the xmlrpc is found' do stub_request(:get, web_site.xml_rpc_url). - to_return(:status => 200, :body => File.new(fixtures_dir + "/xmlrpc.php")) + to_return(status: 200, body: File.new(fixtures_dir + '/xmlrpc.php')) web_site.should be_wordpress end end - describe "#redirection" do - it "should return nil if no redirection detected" do - stub_request(:get, web_site.url).to_return(:status => 200, :body => "") + describe '#redirection' do + it 'should return nil if no redirection detected' do + stub_request(:get, web_site.url).to_return(status: 200, body: '') web_site.redirection.should be_nil end [301, 302].each do |status_code| it "should return http://new-location.com if the status code is #{status_code}" do - new_location = "http://new-location.com" + new_location = 'http://new-location.com' stub_request(:get, web_site.url). - to_return(:status => status_code, :headers => { :location => new_location }) + to_return(status: status_code, headers: { location: new_location }) - stub_request(:get, new_location).to_return(:status => 200) + stub_request(:get, new_location).to_return(status: 200) - web_site.redirection.should === "http://new-location.com" + web_site.redirection.should === 'http://new-location.com' end end - context "when multiple redirections" do - it "should return the last redirection" do - first_redirection = "www.redirection.com" - last_redirection = "redirection.com" + context 'when multiple redirections' do + it 'should return the last redirection' do + first_redirection = 'www.redirection.com' + last_redirection = 'redirection.com' - stub_request(:get, web_site.url).to_return(:status => 301, :headers => { :location => first_redirection }) - stub_request(:get, first_redirection).to_return(:status => 302, :headers => { :location => last_redirection }) - stub_request(:get, last_redirection).to_return(:status => 200) + stub_request(:get, web_site.url).to_return(status: 301, headers: { location: first_redirection }) + stub_request(:get, first_redirection).to_return(status: 302, headers: { location: last_redirection }) + stub_request(:get, last_redirection).to_return(status: 200) web_site.redirection.should === last_redirection end end end - describe "#page_hash" do - it "should return the MD5 hash of the page" do - url = "http://e.localhost/somepage.php" - body = "Hello World !" + describe '#page_hash' do + it 'should return the MD5 hash of the page' do + url = 'http://e.localhost/somepage.php' + body = 'Hello World !' - stub_request(:get, url).to_return(:body => body) + stub_request(:get, url).to_return(body: body) WebSite.page_hash(url).should === Digest::MD5.hexdigest(body) end end - describe "#homepage_hash" do - it "should return the MD5 hash of the homepage" do - body = "Hello World" + describe '#homepage_hash' do + it 'should return the MD5 hash of the homepage' do + body = 'Hello World' - stub_request(:get, web_site.url).to_return(:body => body) + stub_request(:get, web_site.url).to_return(body: body) web_site.homepage_hash.should === Digest::MD5.hexdigest(body) end end - describe "#error_404_hash" do - it "should return the md5sum of the 404 page" do + describe '#error_404_hash' do + it 'should return the md5sum of the 404 page' do stub_request(:any, /.*/). - to_return(:status => 404, :body => "404 page !") + to_return(status: 404, body: '404 page !') - web_site.error_404_hash.should === Digest::MD5.hexdigest("404 page !") + web_site.error_404_hash.should === Digest::MD5.hexdigest('404 page !') end end - describe "#rss_url" do - it "should return nil if the url is not found" do - stub_request(:get, web_site.url).to_return(:body => "No RSS link in this body !") + describe '#rss_url' do + it 'should return nil if the url is not found' do + stub_request(:get, web_site.url).to_return(body: 'No RSS link in this body !') web_site.rss_url.should be_nil end it "should return 'http://lamp-wp/wordpress-3.5/?feed=rss2'" do - stub_request_to_fixture(:url => web_site.url, :fixture => fixtures_dir + "/rss_url/wordpress-3.5.htm") - web_site.rss_url.should === "http://lamp-wp/wordpress-3.5/?feed=rss2" + stub_request_to_fixture(url: web_site.url, fixture: fixtures_dir + '/rss_url/wordpress-3.5.htm') + web_site.rss_url.should === 'http://lamp-wp/wordpress-3.5/?feed=rss2' end end end diff --git a/spec/lib/wpscan/modules/wp_config_backup_spec.rb b/spec/lib/wpscan/modules/wp_config_backup_spec.rb index eec689f6..672e79a6 100644 --- a/spec/lib/wpscan/modules/wp_config_backup_spec.rb +++ b/spec/lib/wpscan/modules/wp_config_backup_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,7 +17,7 @@ # along with this program. If not, see . #++ -shared_examples_for "WpConfigBackup" do +shared_examples_for 'WpConfigBackup' do before :all do @module = WpScanModuleSpec.new('http://example.localhost') @@ -26,7 +27,7 @@ shared_examples_for "WpConfigBackup" do @module.extend(WpConfigBackup) end - describe "#config_backup" do + describe '#config_backup' do # set all @config_backup_files to point to a 404 before :each do @@ -34,15 +35,15 @@ shared_examples_for "WpConfigBackup" do file_url = @module.uri.merge(URI.escape(backup_file)).to_s stub_request(:get, file_url). - to_return(:status => 404, :body => "") + to_return(status: 404, body: '') end end - it "shoud return an empty array if no config backup is present" do + it 'shoud return an empty array if no config backup is present' do @module.config_backup.should be_empty end - it "should return an array with 1 backup file" do + it 'should return an array with 1 backup file' do expected = [] @config_backup_files.sample(1).each do |backup_file| @@ -50,7 +51,7 @@ shared_examples_for "WpConfigBackup" do expected << file_url stub_request(:get, file_url). - to_return(:status => 200, :body => File.new(@fixtures_dir + '/wp-config.php')) + to_return(status: 200, body: File.new(@fixtures_dir + '/wp-config.php')) end wp_config_backup = @module.config_backup @@ -59,7 +60,7 @@ shared_examples_for "WpConfigBackup" do end # Is there a way to factorise that one with the previous test ? - it "should return an array with 2 backup file" do + it 'should return an array with 2 backup file' do expected = [] @config_backup_files.sample(2).each do |backup_file| @@ -67,7 +68,7 @@ shared_examples_for "WpConfigBackup" do expected << file_url stub_request(:get, file_url). - to_return(:status => 200, :body => File.new(@fixtures_dir + '/wp-config.php')) + to_return(status: 200, body: File.new(@fixtures_dir + '/wp-config.php')) end wp_config_backup = @module.config_backup @@ -76,8 +77,8 @@ shared_examples_for "WpConfigBackup" do end end - describe "#config_backup_files" do - it "should not contain duplicates" do + describe '#config_backup_files' do + it 'should not contain duplicates' do WpConfigBackup.config_backup_files.flatten.uniq.length.should == WpConfigBackup.config_backup_files.length end end diff --git a/spec/lib/wpscan/modules/wp_full_path_disclosure_spec.rb b/spec/lib/wpscan/modules/wp_full_path_disclosure_spec.rb index 7eda8130..f99f27b8 100644 --- a/spec/lib/wpscan/modules/wp_full_path_disclosure_spec.rb +++ b/spec/lib/wpscan/modules/wp_full_path_disclosure_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,7 +17,7 @@ # along with this program. If not, see . #++ -shared_examples_for "WpFullPathDisclosure" do +shared_examples_for 'WpFullPathDisclosure' do before :all do @module = WpScanModuleSpec.new('http://example.localhost') @@ -25,31 +26,31 @@ shared_examples_for "WpFullPathDisclosure" do @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_full_path_disclosure' end - describe "#full_path_disclosure_url" do - it "should return http://example.localhost/wp-includes/rss-functions.php" do - @module.full_path_disclosure_url.should === "http://example.localhost/wp-includes/rss-functions.php" + describe '#full_path_disclosure_url' do + it 'should return http://example.localhost/wp-includes/rss-functions.php' do + @module.full_path_disclosure_url.should === 'http://example.localhost/wp-includes/rss-functions.php' end end - describe "#has_full_path_disclosure?" do + describe '#has_full_path_disclosure?' do - it "should return false on a 404" do + it 'should return false on a 404' do stub_request(:get, @module.full_path_disclosure_url). - to_return(:status => 404) + to_return(status: 404) @module.has_full_path_disclosure?.should be_false end - it "should return false if no fpd found (blank page for example)" do + it 'should return false if no fpd found (blank page for example)' do stub_request(:get, @module.full_path_disclosure_url). - to_return(:status => 200, :body => "") + to_return(status: 200, body: '') @module.has_full_path_disclosure?.should be_false end - it "should return true" do + it 'should return true' do stub_request(:get, @module.full_path_disclosure_url). - to_return(:status => 200, :body => File.new(@fixtures_dir + '/rss-functions-disclosure.php')) + to_return(status: 200, body: File.new(@fixtures_dir + '/rss-functions-disclosure.php')) @module.has_full_path_disclosure?.should be_true end diff --git a/spec/lib/wpscan/modules/wp_login_protection_spec.rb b/spec/lib/wpscan/modules/wp_login_protection_spec.rb index 01c029a8..dc0059aa 100644 --- a/spec/lib/wpscan/modules/wp_login_protection_spec.rb +++ b/spec/lib/wpscan/modules/wp_login_protection_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,7 +17,7 @@ # along with this program. If not, see . #++ -shared_examples_for "WpLoginProtection" do +shared_examples_for 'WpLoginProtection' do before :each do @module = WpScanModuleSpec.new('http://example.localhost') @@ -25,15 +26,15 @@ shared_examples_for "WpLoginProtection" do @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_login_protection' end - describe "#login_url" do - it "should return the login page url : http://example.localhost/wp-login.php" do - @module.login_url.should === "http://example.localhost/wp-login.php" + describe '#login_url' do + it 'should return the login page url : http://example.localhost/wp-login.php' do + @module.login_url.should === 'http://example.localhost/wp-login.php' end end # It will test all protected methods has_.*_protection with each fixtures to be sure that # there is not false positive : for example the login-lock must not be detected as login-lockdown - describe "#has_.*_protection?" do + describe '#has_.*_protection?' do pattern = WpLoginProtection::LOGIN_PROTECTION_METHOD_PATTERN fixtures = @@ -47,7 +48,7 @@ shared_examples_for "WpLoginProtection" do special_plugins = %w{better_wp_security simple_login_lockdown login_security_solution limit_login_attempts bluetrait_event_viewer} after :each do - stub_request_to_fixture(:url => @module.login_url, :fixture => @fixture) + stub_request_to_fixture(url: @module.login_url, fixture: @fixture) # Stub all special plugins urls to a 404 except if it's the one we want special_plugins.each do |special_plugin| @@ -55,7 +56,7 @@ shared_examples_for "WpLoginProtection" do special_plugin_call_url_symbol = :"#{special_plugin}_url" status_code = (@symbol_to_call === special_plugin_call_detection_symbol and @expected === true) ? 200 : 404 - stub_request(:get, @module.send(special_plugin_call_url_symbol).to_s).to_return(:status => status_code) + stub_request(:get, @module.send(special_plugin_call_url_symbol).to_s).to_return(status: status_code) end @module.send(@symbol_to_call).should === @expected @@ -79,39 +80,41 @@ shared_examples_for "WpLoginProtection" do end # Factorise this with the code above ? :D - describe "#login_protection_plugin" do + describe '#login_protection_plugin' do after :each do - stub_request_to_fixture(:url => @module.login_url, :fixture => @fixture) - stub_request(:get, @module.send(:better_wp_security_url).to_s).to_return(:status => 404) - stub_request(:get, @module.send(:simple_login_lockdown_url).to_s).to_return(:status => 404) - stub_request(:get, @module.send(:login_security_solution_url).to_s).to_return(:status => 404) - stub_request(:get, @module.send(:limit_login_attempts_url).to_s).to_return(:status => 404) - stub_request(:get, @module.send(:bluetrait_event_viewer_url).to_s).to_return(:status => 404) + stub_request_to_fixture(url: @module.login_url, fixture: @fixture) + stub_request(:get, @module.send(:better_wp_security_url).to_s).to_return(status: 404) + stub_request(:get, @module.send(:simple_login_lockdown_url).to_s).to_return(status: 404) + stub_request(:get, @module.send(:login_security_solution_url).to_s).to_return(status: 404) + stub_request(:get, @module.send(:limit_login_attempts_url).to_s).to_return(status: 404) + stub_request(:get, @module.send(:bluetrait_event_viewer_url).to_s).to_return(status: 404) @module.login_protection_plugin().should === @plugin_expected @module.has_login_protection?.should === @has_protection_expected end - it "should return nil if no protection is present" do - @fixture = @fixtures_dir + "/wp-login-clean.php" + it 'should return nil if no protection is present' do + @fixture = @fixtures_dir + '/wp-login-clean.php' @plugin_expected = nil @has_protection_expected = false end - it "should return a login-lockdown WpPlugin object" do - @fixture = @fixtures_dir + "/wp-login-login_lockdown.php" - @plugin_expected = WpPlugin.new(:base_url => @module.url, - :path => "/plugins/login-lockdown/", - :name => "login-lockdown" + it 'should return a login-lockdown WpPlugin object' do + @fixture = @fixtures_dir + '/wp-login-login_lockdown.php' + @plugin_expected = WpPlugin.new( + base_url: @module.url, + path: '/plugins/login-lockdown/', + name: 'login-lockdown' ) @has_protection_expected = true end - it "should return a login-lock WpPlugin object" do - @fixture = @fixtures_dir + "/wp-login-login_lock.php" - @plugin_expected = WpPlugin.new(:base_url => @module.url, - :path => "/plugins/login-lock/", - :name => "login-lock" + it 'should return a login-lock WpPlugin object' do + @fixture = @fixtures_dir + '/wp-login-login_lock.php' + @plugin_expected = WpPlugin.new( + base_url: @module.url, + path: '/plugins/login-lock/', + name: 'login-lock' ) @has_protection_expected = true end diff --git a/spec/lib/wpscan/modules/wp_plugins_spec.rb b/spec/lib/wpscan/modules/wp_plugins_spec.rb index 0d6c80ae..eaa6cb9b 100644 --- a/spec/lib/wpscan/modules/wp_plugins_spec.rb +++ b/spec/lib/wpscan/modules/wp_plugins_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,96 +17,96 @@ # along with this program. If not, see . #++ -shared_examples_for "WpPlugins" do +shared_examples_for 'WpPlugins' do before :all do @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_plugins' - @plugins_file = @fixtures_dir + "/plugins.txt" - @plugin_vulns_file = @fixtures_dir + "/plugin_vulns.xml" + @plugins_file = @fixtures_dir + '/plugins.txt' + @plugin_vulns_file = @fixtures_dir + '/plugin_vulns.xml' - @wp_url = "http://example.localhost/" + @wp_url = 'http://example.localhost/' end before :each do @module = WpScanModuleSpec.new(@wp_url) - @module.error_404_hash = Digest::MD5.hexdigest("Error 404!") - @module.homepage_hash = Digest::MD5.hexdigest("Homepage!") + @module.error_404_hash = Digest::MD5.hexdigest('Error 404!') + @module.homepage_hash = Digest::MD5.hexdigest('Homepage!') @module.extend(WpPlugins) @options = { - :base_url => @wp_url, - :only_vulnerable_ones => false, - :show_progression => false, - :error_404_hash => @module.error_404_hash, - :homepage_hash => @module.homepage_hash, - :vulns_file => @plugin_vulns_file, - :file => @plugins_file, - :type => "plugins", - :wp_content_dir => "wp-content", - :vulns_xpath_2 => "//plugin" + base_url: @wp_url, + only_vulnerable_ones: false, + show_progression: false, + error_404_hash: @module.error_404_hash, + homepage_hash: @module.homepage_hash, + vulns_file: @plugin_vulns_file, + file: @plugins_file, + type: 'plugins', + wp_content_dir: 'wp-content', + vulns_xpath_2: '//plugin' } File.exist?(@plugin_vulns_file).should == true File.exist?(@plugins_file).should == true - # These targets are listed in @fixtures_dir + "/plugins.txt" + # These targets are listed in @fixtures_dir + '/plugins.txt' # TODO : load them directly from the fixture file @targets = [ WpPlugin.new( { - :base_url => "http://example.localhost/", - :path => "exclude-pages/exclude_pages.php", - :wp_content_dir => "wp-content", - :name => "exclude-pages" + base_url: 'http://example.localhost/', + path: 'exclude-pages/exclude_pages.php', + wp_content_dir: 'wp-content', + name: 'exclude-pages' }), WpPlugin.new( { - :base_url => "http://example.localhost/", - :path => "display-widgets/display-widgets.php", - :wp_content_dir => "wp-content", - :name => "display-widgets" + base_url: 'http://example.localhost/', + path: 'display-widgets/display-widgets.php', + wp_content_dir: 'wp-content', + name: 'display-widgets' }), WpPlugin.new( { - :base_url => "http://example.localhost/", - :path => "media-library", - :wp_content_dir => "wp-content", - :name => "media-library" + base_url: 'http://example.localhost/', + path: 'media-library', + wp_content_dir: 'wp-content', + name: 'media-library' }), WpPlugin.new( { - :base_url => "http://example.localhost/", - :path => "deans", - :wp_content_dir => "wp-content", - :name => "deans" + base_url: 'http://example.localhost/', + path: 'deans', + wp_content_dir: 'wp-content', + name: 'deans' }), WpPlugin.new( { - :base_url => "http://example.localhost/", - :path => "formidable/formidable.php", - :wp_content_dir => "wp-content", - :name => "formidable" + base_url: 'http://example.localhost/', + path: 'formidable/formidable.php', + wp_content_dir: 'wp-content', + name: 'formidable' }), WpPlugin.new( { - :base_url => "http://example.localhost/", - :path => "regenerate-thumbnails/readme.txt", - :wp_content_dir => "wp-content", - :name => "regenerate-thumbnails" + base_url: 'http://example.localhost/', + path: 'regenerate-thumbnails/readme.txt', + wp_content_dir: 'wp-content', + name: 'regenerate-thumbnails' }) ] end - describe "#plugins_from_passive_detection" do + describe '#plugins_from_passive_detection' do let(:passive_detection_fixtures) { @fixtures_dir + '/passive_detection' } - it "should return an empty array" do - stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_plugins.htm')) - plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content") + it 'should return an empty array' do + stub_request_to_fixture(url: @module.url, fixture: File.new(passive_detection_fixtures + '/no_plugins.htm')) + plugins = @module.plugins_from_passive_detection(base_url: @module.url, wp_content_dir: 'wp-content') plugins.should be_empty end - it "should return the expected plugins" do - stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/various_plugins.htm')) + it 'should return the expected plugins' do + stub_request_to_fixture(url: @module.url, fixture: File.new(passive_detection_fixtures + '/various_plugins.htm')) expected_plugin_names = %w{ wp-minify @@ -119,55 +120,55 @@ shared_examples_for "WpPlugins" do expected_plugins = [] expected_plugin_names.each do |plugin_name| expected_plugins << WpPlugin.new( - :base_url => @module.url, - :path => "/plugins/#{plugin_name}/", - :name => plugin_name + base_url: @module.url, + path: "/plugins/#{plugin_name}/", + name: plugin_name ) end - plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content") + plugins = @module.plugins_from_passive_detection(base_url: @module.url, wp_content_dir: 'wp-content') plugins.should_not be_empty plugins.length.should == expected_plugins.length plugins.sort.should == expected_plugins.sort end end - describe "#plugins_from_aggressive_detection" do + describe '#plugins_from_aggressive_detection' do before :each do - stub_request(:get, @module.uri.to_s).to_return(:status => 200) + stub_request(:get, @module.uri.to_s).to_return(status: 200) # Point all targets to a 404 @targets.each do |target| - stub_request(:get, target.get_full_url.to_s).to_return(:status => 404) + stub_request(:get, target.get_full_url.to_s).to_return(status: 404) # to_s calls readme_url - stub_request(:get, target.readme_url.to_s).to_return(:status => 404) + stub_request(:get, target.readme_url.to_s).to_return(status: 404) end end after :each do - @passive_detection_fixture = SPEC_FIXTURES_DIR + "/empty-file" unless @passive_detection_fixture - stub_request_to_fixture(:url => "#{@module.uri}/".sub(/\/\/$/, "/"), :fixture => @passive_detection_fixture) + @passive_detection_fixture = SPEC_FIXTURES_DIR + '/empty-file' unless @passive_detection_fixture + stub_request_to_fixture(url: "#{@module.uri}/".sub(/\/\/$/, '/'), fixture: @passive_detection_fixture) detected = @module.plugins_from_aggressive_detection(@options) detected.length.should == @expected_plugins.length detected.sort.should == @expected_plugins.sort end - it "should return an empty array" do + it 'should return an empty array' do @expected_plugins = [] end - it "should return an array with 3 WpPlugin (1 detected from passive method)" do - @passive_detection_fixture = @fixtures_dir + "/passive_detection/one_plugin.htm" + it 'should return an array with 3 WpPlugin (1 detected from passive method)' do + @passive_detection_fixture = @fixtures_dir + '/passive_detection/one_plugin.htm' @expected_plugins = @targets.sample(2) @expected_plugins.each do |p| - stub_request(:get, p.get_full_url.to_s).to_return(:status => 200) + stub_request(:get, p.get_full_url.to_s).to_return(status: 200) end new_plugin = WpPlugin.new( - :base_url => "http://example.localhost/", - :path => "/plugins/comment-info-tip/", - :name => "comment-info-tip" + base_url: 'http://example.localhost/', + path: '/plugins/comment-info-tip/', + name: 'comment-info-tip' ) - stub_request(:get, new_plugin.readme_url.to_s).to_return(:status => 200) + stub_request(:get, new_plugin.readme_url.to_s).to_return(status: 200) @expected_plugins << new_plugin end @@ -179,15 +180,15 @@ shared_examples_for "WpPlugins" do plugin_url.should_not be_nil plugin_url.length.should == 1 @expected_plugins = plugin_url - stub_request(:get, plugin_url[0].get_full_url.to_s).to_return(:status => valid_response_code) + stub_request(:get, plugin_url[0].get_full_url.to_s).to_return(status: valid_response_code) end end - it "should not detect the plugin if there is a redirection to the homepage" do + it 'should not detect the plugin if there is a redirection to the homepage' do # Let's pick up 2 plugins (The first one will redirect to the homepage) plugins = @targets.sample(2) - stub_request(:get, plugins[0].get_full_url.to_s).to_return(:status => 200, :body => "Homepage!") - stub_request(:get, plugins[1].get_full_url.to_s).to_return(:status => 200) + stub_request(:get, plugins[0].get_full_url.to_s).to_return(status: 200, body: 'Homepage!') + stub_request(:get, plugins[1].get_full_url.to_s).to_return(status: 200) @expected_plugins = [plugins[1]] end diff --git a/spec/lib/wpscan/modules/wp_readme_spec.rb b/spec/lib/wpscan/modules/wp_readme_spec.rb index cdc60c58..6a8ce7b9 100644 --- a/spec/lib/wpscan/modules/wp_readme_spec.rb +++ b/spec/lib/wpscan/modules/wp_readme_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,7 +17,7 @@ # along with this program. If not, see . #++ -shared_examples_for "WpReadme" do +shared_examples_for 'WpReadme' do before :all do @module = WpScanModuleSpec.new('http://example.localhost') @@ -25,32 +26,32 @@ shared_examples_for "WpReadme" do @module.extend(WpReadme) end - describe "#readme_url" do - it "should return http://example.localhost/readme.html" do + describe '#readme_url' do + it 'should return http://example.localhost/readme.html' do @module.readme_url.should === "#{@module.uri}/readme.html" end end - describe "#has_readme?" do + describe '#has_readme?' do - it "should return false on a 404" do + it 'should return false on a 404' do stub_request(:get, @module.readme_url). - to_return(:status => 404) + to_return(status: 404) @module.has_readme?.should be_false end - it "should return true if it exists" do + it 'should return true if it exists' do stub_request(:get, @module.readme_url). - to_return(:status => 200, :body => File.new(@fixtures_dir + '/readme-3.2.1.html')) + to_return(status: 200, body: File.new(@fixtures_dir + '/readme-3.2.1.html')) @module.has_readme?.should be_true end # http://code.google.com/p/wpscan/issues/detail?id=108 - it "should return true even if the readme.html is not in english" do + it 'should return true even if the readme.html is not in english' do stub_request(:get, @module.readme_url). - to_return(:status => 200, :body => File.new(@fixtures_dir + '/readme-3.3.2-fr.html')) + to_return(status: 200, body: File.new(@fixtures_dir + '/readme-3.3.2-fr.html')) @module.has_readme?.should be_true end diff --git a/spec/lib/wpscan/modules/wp_themes_spec.rb b/spec/lib/wpscan/modules/wp_themes_spec.rb index 33cbc171..2bed6891 100644 --- a/spec/lib/wpscan/modules/wp_themes_spec.rb +++ b/spec/lib/wpscan/modules/wp_themes_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,149 +17,181 @@ # along with this program. If not, see . #++ -shared_examples_for "WpThemes" do +shared_examples_for 'WpThemes' do before :all do @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_themes' - @themes_file = @fixtures_dir + "/themes.txt" - @theme_vulns_file = @fixtures_dir + "/theme_vulns.xml" + @themes_file = @fixtures_dir + '/themes.txt' + @theme_vulns_file = @fixtures_dir + '/theme_vulns.xml' - @wp_url = "http://example.localhost/" + @wp_url = 'http://example.localhost/' end before :each do @module = WpScanModuleSpec.new(@wp_url) - @module.error_404_hash = Digest::MD5.hexdigest("Error 404!") + @module.error_404_hash = Digest::MD5.hexdigest('Error 404!') @module.extend(WpThemes) @options = { - :base_url => @wp_url, - :only_vulnerable_ones => false, - :show_progression => false, - :error_404_hash => Digest::MD5.hexdigest("Error 404!"), - :vulns_file => @theme_vulns_file, - :file => @themes_file, - :type => "themes", - :wp_content_dir => "wp-content", - :vulns_xpath_2 => "//theme" + base_url: @wp_url, + only_vulnerable_ones: false, + show_progression: false, + error_404_hash: Digest::MD5.hexdigest('Error 404!'), + vulns_file: @theme_vulns_file, + file: @themes_file, + type: 'themes', + wp_content_dir: 'wp-content', + vulns_xpath_2: '//theme' } File.exist?(@theme_vulns_file).should == true File.exist?(@themes_file).should == true - @targets = [WpTheme.new({:base_url => "http://example.localhost/", - :path => "zenpro/404.php", - :wp_content_dir => "wp-content", - :name => "zenpro"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "zeta-zip/404.php", - :wp_content_dir => "wp-content", - :name => "zeta-zip"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "zfirst/404.php", - :wp_content_dir => "wp-content", - :name => "zfirst"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "zgrey/404.php", - :wp_content_dir => "wp-content", - :name => "zgrey"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "zindi-ii/404.php", - :wp_content_dir => "wp-content", - :name => "zindi-ii"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "zindi/404.php", - :wp_content_dir => "wp-content", - :name => "zindi"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "zombie-apocalypse/404.php", - :wp_content_dir => "wp-content", - :name => "zombie-apocalypse"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "zsofa/404.php", - :wp_content_dir => "wp-content", - :name => "zsofa"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "zwei-seiten/404.php", - :wp_content_dir => "wp-content", - :name => "zwei-seiten"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "twentyten/404.php", - :wp_content_dir => "wp-content", - :name => "twentyten"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "shopperpress", - :wp_content_dir => "wp-content", - :name => "shopperpress"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "wise", - :wp_content_dir => "wp-content", - :name => "wise"}), - WpTheme.new({:base_url => "http://example.localhost/", - :path => "webfolio", - :wp_content_dir => "wp-content", - :name => "webfolio"})] + @targets = [ + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'zenpro/404.php', + wp_content_dir: 'wp-content', + name: 'zenpro' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'zeta-zip/404.php', + wp_content_dir: 'wp-content', + name: 'zeta-zip' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'zfirst/404.php', + wp_content_dir: 'wp-content', + name: 'zfirst' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'zgrey/404.php', + wp_content_dir: 'wp-content', + name: 'zgrey' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'zindi-ii/404.php', + wp_content_dir: 'wp-content', + name: 'zindi-ii' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'zindi/404.php', + wp_content_dir: 'wp-content', + name: 'zindi' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'zombie-apocalypse/404.php', + wp_content_dir: 'wp-content', + name: 'zombie-apocalypse' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'zsofa/404.php', + wp_content_dir: 'wp-content', + name: 'zsofa' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'zwei-seiten/404.php', + wp_content_dir: 'wp-content', + name: 'zwei-seiten' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'twentyten/404.php', + wp_content_dir: 'wp-content', + name: 'twentyten' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'shopperpress', + wp_content_dir: 'wp-content', + name: 'shopperpress' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'wise', + wp_content_dir: 'wp-content', + name: 'wise' + }), + WpTheme.new({ + base_url: 'http://example.localhost/', + path: 'webfolio', + wp_content_dir: 'wp-content', + name: 'webfolio' + }) + ] end - describe "#themes_from_passive_detection" do + describe '#themes_from_passive_detection' do let(:passive_detection_fixtures) { @fixtures_dir + '/passive_detection' } - it "should return an empty array" do - stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_theme.htm')) - themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content") + it 'should return an empty array' do + stub_request_to_fixture(url: @module.url, fixture: File.new(passive_detection_fixtures + '/no_theme.htm')) + themes = @module.themes_from_passive_detection(base_url: @module.url, wp_content_dir: 'wp-content') themes.should be_empty end - it "should return the expected themes" do - stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/various_themes.htm')) + it 'should return the expected themes' do + stub_request_to_fixture(url: @module.url, fixture: File.new(passive_detection_fixtures + '/various_themes.htm')) expected_theme_names = %w{ theme1 theme2 theme3 } expected_themes = [] expected_theme_names.each do |theme_name| - expected_themes << WpTheme.new(:base_url => @module.url, - :path => "/themes/#{theme_name}/", - :name => theme_name) + expected_themes << WpTheme.new( + base_url: @module.url, + path: "/themes/#{theme_name}/", + name: theme_name + ) end - themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content") + themes = @module.themes_from_passive_detection(base_url: @module.url, wp_content_dir: 'wp-content') themes.should_not be_empty themes.length.should == expected_themes.length themes.sort.should == expected_themes.sort end end - describe "#themes_from_aggressive_detection" do + describe '#themes_from_aggressive_detection' do before :each do - stub_request(:get, @module.uri.to_s).to_return(:status => 200) + stub_request(:get, @module.uri.to_s).to_return(status: 200) # Point all targets to a 404 @targets.each do |target| - stub_request(:get, target.get_full_url.to_s).to_return(:status => 404) + stub_request(:get, target.get_full_url.to_s).to_return(status: 404) # to_s calls readme_url - stub_request(:get, target.readme_url.to_s).to_return(:status => 404) + stub_request(:get, target.readme_url.to_s).to_return(status: 404) end end after :each do - @passive_detection_fixture = SPEC_FIXTURES_DIR + "/empty-file" unless @passive_detection_fixture - stub_request_to_fixture(:url => "#{@module.uri}/".sub(/\/\/$/, "/"), :fixture => @passive_detection_fixture) + @passive_detection_fixture = SPEC_FIXTURES_DIR + '/empty-file' unless @passive_detection_fixture + stub_request_to_fixture(url: "#{@module.uri}/".sub(/\/\/$/, '/'), fixture: @passive_detection_fixture) detected = @module.themes_from_aggressive_detection(@options) detected.length.should == @expected_themes.length detected.sort.should == @expected_themes.sort end - it "should return an empty array" do + it 'should return an empty array' do @expected_themes = [] end - it "should return an array with 3 WpTheme (1 detected from passive method)" do - @passive_detection_fixture = @fixtures_dir + "/passive_detection/one_theme.htm" + it 'should return an array with 3 WpTheme (1 detected from passive method)' do + @passive_detection_fixture = @fixtures_dir + '/passive_detection/one_theme.htm' @expected_themes = @targets.sample(2) @expected_themes.each do |p| - stub_request(:get, p.get_full_url.to_s).to_return(:status => 200) + stub_request(:get, p.get_full_url.to_s).to_return(status: 200) end - new_theme = WpTheme.new(:base_url => "http://example.localhost/", - :path => "/themes/custom-twentyten/", - :name => "custom-twentyten") - stub_request(:get, new_theme.readme_url.to_s).to_return(:status => 200) + new_theme = WpTheme.new( + base_url: 'http://example.localhost/', + path: '/themes/custom-twentyten/', + name: 'custom-twentyten' + ) + stub_request(:get, new_theme.readme_url.to_s).to_return(status: 200) @expected_themes << new_theme end @@ -170,7 +203,7 @@ shared_examples_for "WpThemes" do theme_url.should_not be_nil theme_url.length.should == 1 @expected_themes = theme_url - stub_request(:get, theme_url[0].get_full_url.to_s).to_return(:status => valid_response_code) + stub_request(:get, theme_url[0].get_full_url.to_s).to_return(status: valid_response_code) end end end diff --git a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb index 0871ae4e..1623e3c7 100644 --- a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb +++ b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,43 +17,43 @@ # along with this program. If not, see . #++ -shared_examples_for "WpTimthumbs" do +shared_examples_for 'WpTimthumbs' do before :each do @options = {} - @url = "http://example.localhost/" - @theme_name = "bueno" + @url = 'http://example.localhost/' + @theme_name = 'bueno' @options[:base_url] = @url - @options[:wp_content_dir] = "wp-content" + @options[:wp_content_dir] = 'wp-content' @options[:name] = @theme_name - @options[:error_404_hash] = "xx" + @options[:error_404_hash] = 'xx' @options[:show_progression] = false @options[:only_vulnerable_ones] = false - @options[:vulns_file] = "xx" - @options[:type] = "timthumbs" + @options[:vulns_file] = 'xx' + @options[:type] = 'timthumbs' @module = WpScanModuleSpec.new(@url) - @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/wp_timthumbs" - @timthumbs_file = @fixtures_dir + "/timthumbs.txt" + @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_timthumbs' + @timthumbs_file = @fixtures_dir + '/timthumbs.txt' @targets_from_file = %w{ http://example.localhost/wp-content/plugins/fotoslide/timthumb.php http://example.localhost/wp-content/plugins/feature-slideshow/timthumb.php } @targets_from_theme = [ - "http://example.localhost/wp-content/themes/" + @theme_name + "/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/lib/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/inc/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/includes/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/scripts/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/tools/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/functions/timthumb.php" + 'http://example.localhost/wp-content/themes/' + @theme_name + '/timthumb.php', + 'http://example.localhost/wp-content/themes/' + @theme_name + '/lib/timthumb.php', + 'http://example.localhost/wp-content/themes/' + @theme_name + '/inc/timthumb.php', + 'http://example.localhost/wp-content/themes/' + @theme_name + '/includes/timthumb.php', + 'http://example.localhost/wp-content/themes/' + @theme_name + '/scripts/timthumb.php', + 'http://example.localhost/wp-content/themes/' + @theme_name + '/tools/timthumb.php', + 'http://example.localhost/wp-content/themes/' + @theme_name + '/functions/timthumb.php' ] @module.extend(WpTimthumbs) end - describe "#targets_url_from_theme" do - it "should return the targets for the theme" do + describe '#targets_url_from_theme' do + it 'should return the targets for the theme' do targets = @module.send(:targets_url_from_theme, @theme_name, @options) targets.should_not be_empty @@ -65,39 +66,39 @@ shared_examples_for "WpTimthumbs" do end end - describe "#timthumbs and #has_timthumbs?" do + describe '#timthumbs and #has_timthumbs?' do before :each do @options[:file] = @timthumbs_file @targets_from_file.each do |url| - stub_request(:get, url).to_return(:status => 404) + stub_request(:get, url).to_return(status: 404) end end - it "should return an empty array" do + it 'should return an empty array' do timthumbs = @module.timthumbs(nil, @options) timthumbs.should be_empty @module.has_timthumbs?(nil, @options).should be_false end - it "should return an array with 7 elements (from passive detection)" do - stub_request(:get, %r{http://example\.localhost/wp-content/themes/my-theme/.*}).to_return(:status => 200) - timthumbs = @module.timthumbs("my-theme", @options) + it 'should return an array with 7 elements (from passive detection)' do + stub_request(:get, %r{http://example\.localhost/wp-content/themes/my-theme/.*}).to_return(status: 200) + timthumbs = @module.timthumbs('my-theme', @options) timthumbs.length.should == 7 end - it "should return an array with 2 timthumbs url" do + it 'should return an array with 2 timthumbs url' do expected = [] urls = [] urls_hash = WpEnumerator.generate_items(@options) urls_hash.each do |u| url = u.get_full_url.to_s urls << url - stub_request(:get, url).to_return(:status => 404) + stub_request(:get, url).to_return(status: 404) end urls.sample(2).each do |target_url| expected << target_url stub_request(:get, target_url). - to_return(:status => 200, :body => File.new(@fixtures_dir + "/timthumb.php")) + to_return(status: 200, body: File.new(@fixtures_dir + '/timthumb.php')) end timthumbs = @module.timthumbs(nil, @options) diff --git a/spec/lib/wpscan/modules/wp_usernames_spec.rb b/spec/lib/wpscan/modules/wp_usernames_spec.rb index 713f30b4..0d05f60a 100644 --- a/spec/lib/wpscan/modules/wp_usernames_spec.rb +++ b/spec/lib/wpscan/modules/wp_usernames_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,7 +17,7 @@ # along with this program. If not, see . #++ -shared_examples_for "WpUsernames" do +shared_examples_for 'WpUsernames' do before :each do @target_url = 'http://example.localhost/' @@ -26,230 +27,230 @@ shared_examples_for "WpUsernames" do @module.extend(WpUsernames) end - describe "#author_url" do - it "should return the auhor url according to his id" do + describe '#author_url' do + it 'should return the auhor url according to his id' do @module.author_url(1).should === "#@target_url?author=1" end end - describe "#usernames" do + describe '#usernames' do before :each do (1..10).each do |index| - stub_request(:get, @module.author_url(index)).to_return(:status => 404) + stub_request(:get, @module.author_url(index)).to_return(status: 404) end end - it "should return an empty array" do + it 'should return an empty array' do @module.usernames.should be_empty end - it "should return an array with 1 username (from header location)" do + it 'should return an array with 1 username (from header location)' do stub_request(:get, @module.author_url(3)). - to_return(:status => 301, :headers => {'location' => '/author/Youhou'}) + to_return(status: 301, headers: {'location' => '/author/Youhou'}) usernames = @module.usernames usernames.should_not be_empty usernames.length.should == 1 usernames[0].id.should == 3 - usernames[0].name.should == "Youhou" - usernames[0].nickname.should == "empty" + usernames[0].name.should == 'Youhou' + usernames[0].nickname.should == 'empty' end - it "should return an array with 1 username (from in the body response)" do + it 'should return an array with 1 username (from in the body response)' do stub_request(:get, @module.author_url(2)). - to_return(:status => 200, :body => File.new(@fixtures_dir + '/admin.htm')) + to_return(status: 200, body: File.new(@fixtures_dir + '/admin.htm')) - usernames = @module.usernames(:range => (1..2)) + usernames = @module.usernames(range: (1..2)) usernames.should_not be_empty - usernames.eql?([WpUser.new("admin", 2, "admin | Wordpress 3.3.2")]).should be_true + usernames.eql?([WpUser.new('admin', 2, 'admin | Wordpress 3.3.2')]).should be_true end - it "should return an array with 2 usernames (one is a duplicate and should not be present twice)" do + it 'should return an array with 2 usernames (one is a duplicate and should not be present twice)' do stub_request(:get, @module.author_url(4)). - to_return(:status => 301, :headers => {'location' => '/author/Youhou/'}) + to_return(status: 301, headers: {'location' => '/author/Youhou/'}) stub_request(:get, @module.author_url(2)). - to_return(:status => 200, :body => File.new(@fixtures_dir + '/admin.htm')) + to_return(status: 200, body: File.new(@fixtures_dir + '/admin.htm')) - usernames = @module.usernames(:range => (1..5)) + usernames = @module.usernames(range: (1..5)) usernames.should_not be_empty expected = [ - WpUser.new("admin", 2, "admin | Wordpress 3.3.2"), - WpUser.new("Youhou", 4, "empty") + WpUser.new('admin', 2, 'admin | Wordpress 3.3.2'), + WpUser.new('Youhou', 4, 'empty') ] usernames.sort_by { |u| u.name }.eql?(expected.sort_by { |u| u.name }).should be_true end end - describe "#get_nickname_from_url" do + describe '#get_nickname_from_url' do after :each do - url = "http://example.localhost/" - stub_request(:get, url).to_return(:status => @status, :body => @content) + url = 'http://example.localhost/' + stub_request(:get, url).to_return(status: @status, body: @content) username = @module.get_nickname_from_url(url) username.should === @expected end - it "should return nil" do + it 'should return nil' do @status = 200 - @content = "" + @content = '' @expected = nil end - it "should return nil" do + it 'should return nil' do @status = 400 - @content = "" + @content = '' @expected = nil end - it "should return admin" do + it 'should return admin' do @status = 200 - @content = "admin" - @expected = "admin" + @content = 'admin' + @expected = 'admin' end - it "should return nil" do + it 'should return nil' do @status = 201 - @content = "admin" + @content = 'admin' @expected = nil end end - describe "#get_nickname_from_response" do + describe '#get_nickname_from_response' do after :each do - url = "http://example.localhost/" - stub_request(:get, url).to_return(:status => @status, :body => @content) + url = 'http://example.localhost/' + stub_request(:get, url).to_return(status: @status, body: @content) resp = Browser.instance.get(url) username = @module.get_nickname_from_response(resp) username.should === @expected end - it "should return nil" do + it 'should return nil' do @status = 200 - @content = "" + @content = '' @expected = nil end - it "should return nil" do + it 'should return nil' do @status = 400 - @content = "" + @content = '' @expected = nil end - it "should return admin" do + it 'should return admin' do @status = 200 - @content = "admin" - @expected = "admin" + @content = 'admin' + @expected = 'admin' end - it "should return nil" do + it 'should return nil' do @status = 201 - @content = "admin" + @content = 'admin' @expected = nil end end - describe "#extract_nickname_from_body" do + describe '#extract_nickname_from_body' do after :each do result = @module.extract_nickname_from_body(@body) result.should === @expected end - it "should return admin" do - @body = "admin" - @expected = "admin" + it 'should return admin' do + @body = 'admin' + @expected = 'admin' end - it "should return nil" do - @body = "adm<in" + it 'should return nil' do + @body = 'adm<in' @expected = nil end - it "should return nil" do - @body = "admin" + it 'should return nil' do + @body = 'admin' @expected = nil end - it "should return admin | " do - @body = "admin | " - @expected = "admin | " + it 'should return admin | ' do + @body = 'admin | ' + @expected = 'admin | ' end - it "should return an empty string" do - @body = "" - @expected = "" + it 'should return an empty string' do + @body = '' + @expected = '' end end - describe "#remove_junk_from_nickname" do - it "should throw an exception" do + describe '#remove_junk_from_nickname' do + it 'should throw an exception' do @input = nil - expect { @module.remove_junk_from_nickname(@input) }.to raise_error(RuntimeError, "Need an array as input") + expect { @module.remove_junk_from_nickname(@input) }.to raise_error(RuntimeError, 'Need an array as input') end - it "should not throw an exception" do + it 'should not throw an exception' do @input = [] expect { @module.remove_junk_from_nickname(@input) }.to_not raise_error end - it "should throw an exception" do + it 'should throw an exception' do @input = [WpOptions.new] - expect { @module.remove_junk_from_nickname(@input) }.to raise_error(RuntimeError, "Items must be of type WpUser") + expect { @module.remove_junk_from_nickname(@input) }.to raise_error(RuntimeError, 'Items must be of type WpUser') end end - describe "#remove_junk_from_nickname" do + describe '#remove_junk_from_nickname' do after :each do result = @module.remove_junk_from_nickname(@input) result.eql?(@expected).should === true end - it "should return an empty array" do + it 'should return an empty array' do @input = [] @expected = @input end - it "should return input object" do + it 'should return input object' do @input = [WpUser.new(nil, nil, nil)] @expected = @input end - it "should return input object" do - @input = [WpUser.new("", "", "")] + it 'should return input object' do + @input = [WpUser.new('', '', '')] @expected = @input end - it "should remove asdf" do - @input = [WpUser.new(nil, nil, "lkjh asdf"), WpUser.new(nil, nil, "ijrjd asdf")] - @expected = [WpUser.new(nil, nil, "lkjh"), WpUser.new(nil, nil, "ijrjd")] + it 'should remove asdf' do + @input = [WpUser.new(nil, nil, 'lkjh asdf'), WpUser.new(nil, nil, 'ijrjd asdf')] + @expected = [WpUser.new(nil, nil, 'lkjh'), WpUser.new(nil, nil, 'ijrjd')] end - it "should return unmodified input object" do - @input = [WpUser.new(nil, nil, "lkjh asdfa"), WpUser.new(nil, nil, "ijrjd asdf")] + it 'should return unmodified input object' do + @input = [WpUser.new(nil, nil, 'lkjh asdfa'), WpUser.new(nil, nil, 'ijrjd asdf')] @expected = @input end - it "should return input object" do - @input = [WpUser.new(nil, nil, "lkjh asdf")] + it 'should return input object' do + @input = [WpUser.new(nil, nil, 'lkjh asdf')] @expected = @input end - it "should return lkhj asdf" do - @input = [WpUser.new(nil, nil, "lkhj asdf"), WpUser.new(nil, nil, "lkhj asdf")] - @expected = [WpUser.new(nil, nil, ""), WpUser.new(nil, nil, "")] + it 'should return lkhj asdf' do + @input = [WpUser.new(nil, nil, 'lkhj asdf'), WpUser.new(nil, nil, 'lkhj asdf')] + @expected = [WpUser.new(nil, nil, ''), WpUser.new(nil, nil, '')] end end # Issue 66 - describe "#remove_junk_from_nickname" do - it "should contain the string empty" do - input = [WpUser.new("admin", 1, "admin | Wordpress 3.4.2"), WpUser.new("", 2, "Wordpress 3.4.2")] + describe '#remove_junk_from_nickname' do + it 'should contain the string empty' do + input = [WpUser.new('admin', 1, 'admin | Wordpress 3.4.2'), WpUser.new('', 2, 'Wordpress 3.4.2')] result = @module.remove_junk_from_nickname(input) - result[0].nickname.should === "admin | " - result[0].name.should === "admin" + result[0].nickname.should === 'admin | ' + result[0].name.should === 'admin' result[0].id.should === 1 - result[1].nickname.should === "empty" - result[1].name.should === "empty" + result[1].nickname.should === 'empty' + result[1].name.should === 'empty' result[1].id.should === 2 end end diff --git a/spec/lib/wpscan/wp_detector_spec.rb b/spec/lib/wpscan/wp_detector_spec.rb index b9f34158..104e553b 100644 --- a/spec/lib/wpscan/wp_detector_spec.rb +++ b/spec/lib/wpscan/wp_detector_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -20,4 +21,4 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpDetector do # TODO -end \ No newline at end of file +end diff --git a/spec/lib/wpscan/wp_enumerator_spec.rb b/spec/lib/wpscan/wp_enumerator_spec.rb index 02d675f9..5bbb9212 100644 --- a/spec/lib/wpscan/wp_enumerator_spec.rb +++ b/spec/lib/wpscan/wp_enumerator_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -20,4 +21,4 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpEnumerator do # TODO -end \ No newline at end of file +end diff --git a/spec/lib/wpscan/wp_item_spec.rb b/spec/lib/wpscan/wp_item_spec.rb index f398914f..d1f78bc9 100644 --- a/spec/lib/wpscan/wp_item_spec.rb +++ b/spec/lib/wpscan/wp_item_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -19,278 +20,279 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpPlugin do - describe "#initialize" do - it "should create a correct instance" do + + describe '#initialize' do + it 'should create a correct instance' do instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'plugins' ) - instance.wp_content_dir.should == "wp-content" - instance.base_url.should == "http://sub.example.com/path/to/wordpress/" - instance.path.should == "test/asdf.php" + instance.wp_content_dir.should == 'wp-content' + instance.base_url.should == 'http://sub.example.com/path/to/wordpress/' + instance.path.should == 'test/asdf.php' end end - describe "#get_full_url" do + describe '#get_full_url' do after :each do arguments = { - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins", - :wp_content_dir => @wp_content_dir + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'plugins', + wp_content_dir: @wp_content_dir } instance = WpItem.new(arguments) instance.get_full_url.to_s.should === @expected end - it "should return the correct url" do - @expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php" + it 'should return the correct url' do + @expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php' end - it "should return the correct url (custom wp_content_dir)" do - @wp_content_dir = "custom" - @expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php" + it 'should return the correct url (custom wp_content_dir)' do + @wp_content_dir = 'custom' + @expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php' end - it "should trim / and add missing / before concatenating url" do - @wp_content_dir = "/custom/" - @expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php" + it 'should trim / and add missing / before concatenating url' do + @wp_content_dir = '/custom/' + @expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php' end end - describe "#get_url_without_filename" do + describe '#get_url_without_filename' do after :each do arguments = { - :base_url => @base_url || "http://sub.example.com/path/to/wordpress/", - :path => @path || "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins", - :wp_content_dir => @wp_content_dir + base_url: @base_url || 'http://sub.example.com/path/to/wordpress/', + path: @path || 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'plugins', + wp_content_dir: @wp_content_dir } instance = WpItem.new(arguments) instance.get_url_without_filename.to_s.should === @expected end - it "should return the correct url" do - @expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/" + it 'should return the correct url' do + @expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test/' end - it "should return the correct url (custom wp_content_dir)" do - @wp_content_dir = "custom" - @expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/" + it 'should return the correct url (custom wp_content_dir)' do + @wp_content_dir = 'custom' + @expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/' end - it "should trim / and add missing / before concatenating url" do - @wp_content_dir = "/custom/" - @expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/" + it 'should trim / and add missing / before concatenating url' do + @wp_content_dir = '/custom/' + @expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/' end - it "should not remove the last foldername" do - @path = "test/" - @expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/" + it 'should not remove the last foldername' do + @path = 'test/' + @expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test/' end - it "should return the correct url (https)" do - @base_url = "https://sub.example.com/path/to/wordpress/" - @expected = "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/" + it 'should return the correct url (https)' do + @base_url = 'https://sub.example.com/path/to/wordpress/' + @expected = 'https://sub.example.com/path/to/wordpress/wp-content/plugins/test/' end it "should add the last slash if it's not present" do - @path = "test-one" - @expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/" + @path = 'test-one' + @expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/' end end - describe "#version" do + describe '#version' do let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' } before :each do @instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'plugins' ) end - it "should return a version number" do - stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1") - @instance.version.should == "1.2.4.3.2.1" + it 'should return a version number' do + stub_request(:get, @instance.readme_url.to_s).to_return(status: 200, body: 'Stable tag: 1.2.4.3.2.1') + @instance.version.should == '1.2.4.3.2.1' end - it "should not return a version number" do - stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: trunk") + it 'should not return a version number' do + stub_request(:get, @instance.readme_url.to_s).to_return(status: 200, body: 'Stable tag: trunk') @instance.version.should be nil end - it "should return nil if the version is invalid (IE : trunk etc)" do - stub_request_to_fixture(:url => @instance.readme_url.to_s, :fixture => fixtures_dir + '/trunk-version.txt') + it 'should return nil if the version is invalid (IE : trunk etc)' do + stub_request_to_fixture(url: @instance.readme_url.to_s, fixture: fixtures_dir + '/trunk-version.txt') @instance.version.should be_nil end - it "should return the version 0.4" do - stub_request_to_fixture(:url => @instance.readme_url.to_s, :fixture => fixtures_dir + '/simple-login-lockdown-0.4.txt') - @instance.version.should === "0.4" + it 'should return the version 0.4' do + stub_request_to_fixture(url: @instance.readme_url.to_s, fixture: fixtures_dir + '/simple-login-lockdown-0.4.txt') + @instance.version.should === '0.4' end end - describe "#directory_listing?" do + describe '#directory_listing?' do before :each do @instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'plugins' ) end - it "should return true" do + it 'should return true' do stub_request(:get, @instance.get_url_without_filename.to_s) - .to_return(:status => 200, :body => "Index of asdf") + .to_return(status: 200, body: 'Index of asdf') @instance.directory_listing?.should == true end - it "should return false" do + it 'should return false' do stub_request(:get, @instance.get_url_without_filename.to_s) - .to_return(:status => 200, :body => "My Wordpress Site") + .to_return(status: 200, body: 'My Wordpress Site') @instance.directory_listing?.should == false end - it "should return false on a 404" do - stub_request(:get, @instance.get_url_without_filename.to_s.to_s).to_return(:status => 404) + it 'should return false on a 404' do + stub_request(:get, @instance.get_url_without_filename.to_s.to_s).to_return(status: 404) @instance.directory_listing?.should be_false end end - describe "#extract_name_from_url" do + describe '#extract_name_from_url' do after :each do arguments = { - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => @path || "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => @type || "plugins", - :wp_content_dir => @wp_content_dir + base_url: 'http://sub.example.com/path/to/wordpress/', + path: @path || 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: @type || 'plugins', + wp_content_dir: @wp_content_dir } instance = WpItem.new(arguments) instance.extract_name_from_url.should === @expected end - it "should extract the correct name" do - @expected = "test" + it 'should extract the correct name' do + @expected = 'test' end - it "should extract the correct name (custom wp_content_dir)" do - @wp_content_dir = "custom" - @expected = "test" + it 'should extract the correct name (custom wp_content_dir)' do + @wp_content_dir = 'custom' + @expected = 'test' end - it "should extract the correct name" do - @path = "test2/asdf.php" - @wp_content_dir = "/custom/" - @expected = "test2" + it 'should extract the correct name' do + @path = 'test2/asdf.php' + @wp_content_dir = '/custom/' + @expected = 'test2' end - it "should extract the correct plugin name" do - @path = "testplugin/" - @expected = "testplugin" + it 'should extract the correct plugin name' do + @path = 'testplugin/' + @expected = 'testplugin' end - it "should extract the correct theme name" do - @path = "testtheme/" - @type = "themes" - @expected = "testtheme" + it 'should extract the correct theme name' do + @path = 'testtheme/' + @type = 'themes' + @expected = 'testtheme' end end - describe "#to_s" do + describe '#to_s' do before :each do @instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'plugins' ) end - it "should return the name including a version number" do - stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1") - @instance.to_s.should == "test v1.2.4.3.2.1" + it 'should return the name including a version number' do + stub_request(:get, @instance.readme_url.to_s).to_return(status: 200, body: 'Stable tag: 1.2.4.3.2.1') + @instance.to_s.should == 'test v1.2.4.3.2.1' end - it "should not return the name without a version number" do - stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: trunk") - @instance.to_s.should == "test" + it 'should not return the name without a version number' do + stub_request(:get, @instance.readme_url.to_s).to_return(status: 200, body: 'Stable tag: trunk') + @instance.to_s.should == 'test' end end - describe "#==" do + describe '#==' do before :each do @instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'plugins' ) end - it "should return false" do + it 'should return false' do instance2 = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "newname/asdf.php", - :type => "plugins", - :vulns_file => "XXX.xml", - :vulns_xpath => "XX" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'newname/asdf.php', + type: 'plugins', + vulns_file: 'XXX.xml', + vulns_xpath: 'XX' ) - (@instance==instance2).should == false + (@instance == instance2).should == false end - it "should return true" do + it 'should return true' do instance2 = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :type => "plugins", - :vulns_file => "XXX.xml", - :vulns_xpath => "XX" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + type: 'plugins', + vulns_file: 'XXX.xml', + vulns_xpath: 'XX' ) - (@instance==instance2).should == true + (@instance == instance2).should == true end end - describe "#get_sub_folder" do + describe '#get_sub_folder' do after :each do arguments = { - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :wp_content_dir => "wp-content", - :wp_plugins_dir => "wp-content/plugins", - :name => "test", - :vulns_xpath => "XX", - :type => @type || "themes" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + wp_content_dir: 'wp-content', + wp_plugins_dir: 'wp-content/plugins', + name: 'test', + vulns_xpath: 'XX', + type: @type || 'themes' } instance = WpItem.new(arguments) @@ -302,238 +304,238 @@ describe WpPlugin do end end - it "should return themes" do - @expected = "themes" + it 'should return themes' do + @expected = 'themes' end - it "should return nil" do - @type = "timthumbs" + it 'should return nil' do + @type = 'timthumbs' @expected = nil end - it "should raise an exception" do - @type = "type" - @raise_error = raise_error(RuntimeError, "unknown type type") + it 'should raise an exception' do + @type = 'type' + @raise_error = raise_error(RuntimeError, 'unknown type type') end end - describe "#readme_url" do + describe '#readme_url' do after :each do arguments = { - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => @type || "plugins", - :wp_content_dir => @wp_content_dir + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: @type || 'plugins', + wp_content_dir: @wp_content_dir } instance = WpItem.new(arguments) instance.readme_url.to_s.should === @expected end - it "should return the corrent plugin readme url" do - @expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt" + it 'should return the corrent plugin readme url' do + @expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt' end - it "should return the corrent plugin readme url (custom wp_content)" do - @wp_content_dir = "custom" - @expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt" + it 'should return the corrent plugin readme url (custom wp_content)' do + @wp_content_dir = 'custom' + @expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt' end - it "should return the corrent theme readme url" do - @type = "themes" - @expected = "http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt" + it 'should return the corrent theme readme url' do + @type = 'themes' + @expected = 'http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt' end - it "should return the corrent theme readme url (custom wp_content)" do - @type = "themes" - @wp_content_dir = "custom" - @expected = "http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt" + it 'should return the corrent theme readme url (custom wp_content)' do + @type = 'themes' + @wp_content_dir = 'custom' + @expected = 'http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt' end end - describe "#changelog_url" do + describe '#changelog_url' do after :each do arguments = { - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => @type || "plugins", - :wp_content_dir => @wp_content_dir + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: @type || 'plugins', + wp_content_dir: @wp_content_dir } instance = WpItem.new(arguments) instance.changelog_url.to_s.should === @expected end - it "should return the corrent plugin changelog url" do - @expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt" + it 'should return the corrent plugin changelog url' do + @expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt' end - it "should return the corrent plugin changelog url (custom wp_content)" do - @wp_content_dir = "custom" - @expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt" + it 'should return the corrent plugin changelog url (custom wp_content)' do + @wp_content_dir = 'custom' + @expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt' end - it "should return the corrent theme changelog url" do - @type = "themes" - @expected = "http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt" + it 'should return the corrent theme changelog url' do + @type = 'themes' + @expected = 'http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt' end - it "should return the corrent theme changelog url (custom wp_content)" do - @type = "themes" - @wp_content_dir = "custom" - @expected = "http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt" + it 'should return the corrent theme changelog url (custom wp_content)' do + @type = 'themes' + @wp_content_dir = 'custom' + @expected = 'http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt' end end - describe "#has_readme?" do + describe '#has_readme?' do before :each do @instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'plugins' ) end - it "should return true" do - stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200) + it 'should return true' do + stub_request(:get, @instance.readme_url.to_s).to_return(status: 200) @instance.has_readme?.should == true end - it "should return false" do - stub_request(:get, @instance.readme_url.to_s).to_return(:status => 403) + it 'should return false' do + stub_request(:get, @instance.readme_url.to_s).to_return(status: 403) @instance.has_readme?.should == false end end - describe "#has_changelog?" do + describe '#has_changelog?' do before :each do @instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'plugins' ) end - it "should return true" do - stub_request(:get, @instance.changelog_url.to_s).to_return(:status => 200) + it 'should return true' do + stub_request(:get, @instance.changelog_url.to_s).to_return(status: 200) @instance.has_changelog?.should == true end - it "should return false" do - stub_request(:get, @instance.changelog_url.to_s).to_return(:status => 403) + it 'should return false' do + stub_request(:get, @instance.changelog_url.to_s).to_return(status: 403) @instance.has_changelog?.should == false end end - describe "#wp_org_url" do - it "sould return a themes url" do + describe '#wp_org_url' do + it 'sould return a themes url' do instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "themes" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'themes' ) - instance.wp_org_url.to_s.should == "http://wordpress.org/extend/themes/test/" + instance.wp_org_url.to_s.should == 'http://wordpress.org/extend/themes/test/' end - it "sould return a plugins url" do + it 'sould return a plugins url' do instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'plugins' ) - instance.wp_org_url.to_s.should == "http://wordpress.org/extend/plugins/test/" + instance.wp_org_url.to_s.should == 'http://wordpress.org/extend/plugins/test/' end - it "sould raise an exception" do + it 'sould raise an exception' do instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "invalid" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'invalid' ) - expect { instance.wp_org_url }.to raise_error(RuntimeError, "No Wordpress URL for invalid") + expect { instance.wp_org_url }.to raise_error(RuntimeError, 'No Wordpress URL for invalid') end end - describe "#wp_org_item?" do - it "sould return true" do + describe '#wp_org_item?' do + it 'sould return true' do instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "w3-total-cache", - :vulns_xpath => "XX", - :type => "plugins" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'w3-total-cache', + vulns_xpath: 'XX', + type: 'plugins' ) instance.wp_org_item?.should be_true end - it "sould return true" do + it 'sould return true' do instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "twentyten", - :vulns_xpath => "XX", - :type => "themes" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'twentyten', + vulns_xpath: 'XX', + type: 'themes' ) instance.wp_org_item?.should be_true end - it "sould return false" do + it 'sould return false' do instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "can_not_be_in_repository", - :vulns_xpath => "XX", - :type => "plugins" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'can_not_be_in_repository', + vulns_xpath: 'XX', + type: 'plugins' ) instance.wp_org_item?.should be_false end - it "sould return false" do + it 'sould return false' do instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "can_not_be_in_repository", - :vulns_xpath => "XX", - :type => "themes" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'can_not_be_in_repository', + vulns_xpath: 'XX', + type: 'themes' ) instance.wp_org_item?.should be_false end - it "sould raise an exception" do + it 'sould raise an exception' do instance = WpItem.new( - :base_url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "invalid" + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'test/asdf.php', + vulns_file: 'XXX.xml', + name: 'test', + vulns_xpath: 'XX', + type: 'invalid' ) - expect { instance.wp_org_item? }.to raise_error(RuntimeError, "Unknown type invalid") + expect { instance.wp_org_item? }.to raise_error(RuntimeError, 'Unknown type invalid') end end diff --git a/spec/lib/wpscan/wp_options_spec.rb b/spec/lib/wpscan/wp_options_spec.rb index 2447360d..8aedaff3 100644 --- a/spec/lib/wpscan/wp_options_spec.rb +++ b/spec/lib/wpscan/wp_options_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -19,120 +20,120 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpOptions do - describe "#check_options" do + describe '#check_options' do before :each do @options = {} - @options[:base_url] = "url" + @options[:base_url] = 'url' @options[:only_vulnerable_ones] = false - @options[:file] = "file" - @options[:vulns_file] = "vulns_file" - @options[:vulns_xpath] = "vulns_xpath" - @options[:vulns_xpath_2] = "vulns_xpath_2" - @options[:wp_content_dir] = "wp_content_dir" + @options[:file] = 'file' + @options[:vulns_file] = 'vulns_file' + @options[:vulns_xpath] = 'vulns_xpath' + @options[:vulns_xpath_2] = 'vulns_xpath_2' + @options[:wp_content_dir] = 'wp_content_dir' @options[:show_progression] = true - @options[:error_404_hash] = "error_404_hash" - @options[:type] = "type" + @options[:error_404_hash] = 'error_404_hash' + @options[:type] = 'type' - @message = "" + @message = '' end after :each do expect { WpOptions.check_options(@options) }.to raise_error(RuntimeError, @message) end - it "should raise an exception (base_url empty)" do - @options[:base_url] = "" - @message = "base_url must be set" + it 'should raise an exception (base_url empty)' do + @options[:base_url] = '' + @message = 'base_url must be set' end - it "should raise an exception (base_url nil)" do + it 'should raise an exception (base_url nil)' do @options[:base_url] = nil - @message = "base_url must be set" + @message = 'base_url must be set' end - it "should raise an exception (only_vulnerable_ones nil)" do + it 'should raise an exception (only_vulnerable_ones nil)' do @options[:only_vulnerable_ones] = nil - @message = "only_vulnerable_ones must be set" + @message = 'only_vulnerable_ones must be set' end - it "should raise an exception (file empty)" do - @options[:file] = "" - @message = "file must be set" + it 'should raise an exception (file empty)' do + @options[:file] = '' + @message = 'file must be set' end - it "should raise an exception (file nil)" do + it 'should raise an exception (file nil)' do @options[:file] = nil - @message = "file must be set" + @message = 'file must be set' end - it "should raise an exception (vulns_file empty)" do - @options[:vulns_file] = "" - @message = "vulns_file must be set" + it 'should raise an exception (vulns_file empty)' do + @options[:vulns_file] = '' + @message = 'vulns_file must be set' end - it "should raise an exception (vulns_file nil)" do + it 'should raise an exception (vulns_file nil)' do @options[:vulns_file] = nil - @message = "vulns_file must be set" + @message = 'vulns_file must be set' end - it "should raise an exception (vulns_xpath empty)" do - @options[:vulns_xpath] = "" - @message = "vulns_xpath must be set" + it 'should raise an exception (vulns_xpath empty)' do + @options[:vulns_xpath] = '' + @message = 'vulns_xpath must be set' end - it "should raise an exception (vulns_xpath nil)" do + it 'should raise an exception (vulns_xpath nil)' do @options[:vulns_xpath] = nil - @message = "vulns_xpath must be set" + @message = 'vulns_xpath must be set' end - it "should raise an exception (vulns_xpath_2 empty)" do - @options[:vulns_xpath_2] = "" - @message = "vulns_xpath_2 must be set" + it 'should raise an exception (vulns_xpath_2 empty)' do + @options[:vulns_xpath_2] = '' + @message = 'vulns_xpath_2 must be set' end - it "should raise an exception (vulns_xpath_2 nil)" do + it 'should raise an exception (vulns_xpath_2 nil)' do @options[:vulns_xpath_2] = nil - @message = "vulns_xpath_2 must be set" + @message = 'vulns_xpath_2 must be set' end - it "should raise an exception (wp_content_dir empty)" do - @options[:wp_content_dir] = "" - @message = "wp_content_dir must be set" + it 'should raise an exception (wp_content_dir empty)' do + @options[:wp_content_dir] = '' + @message = 'wp_content_dir must be set' end - it "should raise an exception (wp_content_dir nil)" do + it 'should raise an exception (wp_content_dir nil)' do @options[:wp_content_dir] = nil - @message = "wp_content_dir must be set" + @message = 'wp_content_dir must be set' end - it "should raise an exception (show_progression nil)" do + it 'should raise an exception (show_progression nil)' do @options[:show_progression] = nil - @message = "show_progression must be set" + @message = 'show_progression must be set' end - it "should raise an exception (error_404_hash empty)" do - @options[:error_404_hash] = "" - @message = "error_404_hash must be set" + it 'should raise an exception (error_404_hash empty)' do + @options[:error_404_hash] = '' + @message = 'error_404_hash must be set' end - it "should raise an exception (error_404_hash nil)" do + it 'should raise an exception (error_404_hash nil)' do @options[:error_404_hash] = nil - @message = "error_404_hash must be set" + @message = 'error_404_hash must be set' end - it "should raise an exception (type empty)" do - @options[:type] = "" - @message = "type must be set" + it 'should raise an exception (type empty)' do + @options[:type] = '' + @message = 'type must be set' end - it "should raise an exception (type nil)" do + it 'should raise an exception (type nil)' do @options[:type] = nil - @message = "type must be set" + @message = 'type must be set' end - it "should raise an exception (type unknown)" do - @options[:type] = "unknown" - @message = "Unknown type unknown" + it 'should raise an exception (type unknown)' do + @options[:type] = 'unknown' + @message = 'Unknown type unknown' end end end diff --git a/spec/lib/wpscan/wp_plugin_spec.rb b/spec/lib/wpscan/wp_plugin_spec.rb index f25813d8..2f78779a 100644 --- a/spec/lib/wpscan/wp_plugin_spec.rb +++ b/spec/lib/wpscan/wp_plugin_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -19,56 +20,61 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpPlugin do - describe "#initialize" do - it "should not raise an exception" do - expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error + describe '#initialize' do + it 'should not raise an exception' do + expect { WpPlugin.new(base_url: 'url', path: 'path', wp_content_dir: 'dir', name: 'name') }.to_not raise_error end - it "should not raise an exception (wp_content_dir not set)" do - expect { WpPlugin.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error + it 'should not raise an exception (wp_content_dir not set)' do + expect { WpPlugin.new(base_url: 'url', path: 'path', name: 'name') }.to_not raise_error end - it "should raise an exception (base_url not set)" do - expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error + it 'should raise an exception (base_url not set)' do + expect { WpPlugin.new(path: 'path', wp_content_dir: 'dir', name: 'name') }.to raise_error end - it "should raise an exception (path not set)" do - expect { WpPlugin.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error + it 'should raise an exception (path not set)' do + expect { WpPlugin.new(base_url: 'url', wp_content_dir: 'dir', name: 'name') }.to raise_error end - it "should raise an exception (name not set)" do - expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error + it 'should raise an exception (name not set)' do + expect { WpPlugin.new(base_url: 'url', path: 'path', wp_content_dir: 'dir') }.to raise_error end end - describe "#error_log_url" do - it "should return a correct url" do - temp = WpPlugin.new(:base_url => "http://wordpress.com", - :path => "test/asdf.php") - temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log" + describe '#error_log_url' do + it 'should return a correct url' do + temp = WpPlugin.new( + base_url: 'http://wordpress.com', + path: 'test/asdf.php' + ) + temp.error_log_url.to_s.should == 'http://wordpress.com/wp-content/plugins/test/error_log' end end - describe "#error_log?" do + describe '#error_log?' do before :each do - @temp = WpPlugin.new(:base_url => "http://wordpress.com", - :path => "test/asdf.php") + @temp = WpPlugin.new( + base_url: 'http://wordpress.com', + path: 'test/asdf.php') end - it "should return true" do - stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 200, :body => "PHP Fatal error") + it 'should return true' do + stub_request(:get, @temp.error_log_url.to_s).to_return(status: 200, body: 'PHP Fatal error') @temp.error_log?.should be true end - it "should return false" do - stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 500, :body => "Access denied") + it 'should return false' do + stub_request(:get, @temp.error_log_url.to_s).to_return(status: 500, body: 'Access denied') @temp.error_log?.should be false end - it "should return true" do - fixtures_dir = SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/error_log" - stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 200, - :body => File.new(fixtures_dir + '/error_log')) + it 'should return true' do + fixtures_dir = SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/error_log' + stub_request(:get, @temp.error_log_url.to_s).to_return( + status: 200, + body: File.new(fixtures_dir + '/error_log') + ) @temp.error_log?.should be true end diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb index d087f5bd..5f69ac9d 100644 --- a/spec/lib/wpscan/wp_target_spec.rb +++ b/spec/lib/wpscan/wp_target_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -24,304 +25,304 @@ describe WpTarget do Browser.reset @options = { - :config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', - :cache_timeout => 0, - :wp_content_dir => "wp-content", - :wp_plugins_dir => "wp-content/plugins" + config_file: SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', + cache_timeout: 0, + wp_content_dir: 'wp-content', + wp_plugins_dir: 'wp-content/plugins' } - @wp_target = WpTarget.new("http://example.localhost/", @options) + @wp_target = WpTarget.new('http://example.localhost/', @options) end - it_should_behave_like "WebSite" - it_should_behave_like "WpReadme" - it_should_behave_like "WpConfigBackup" - it_should_behave_like "WpFullPathDisclosure" - it_should_behave_like "WpLoginProtection" - it_should_behave_like "Malwares" - it_should_behave_like "BruteForce" - it_should_behave_like "WpUsernames" - it_should_behave_like "WpTimthumbs" - it_should_behave_like "WpPlugins" - it_should_behave_like "WpThemes" + it_should_behave_like 'WebSite' + it_should_behave_like 'WpReadme' + it_should_behave_like 'WpConfigBackup' + it_should_behave_like 'WpFullPathDisclosure' + it_should_behave_like 'WpLoginProtection' + it_should_behave_like 'Malwares' + it_should_behave_like 'BruteForce' + it_should_behave_like 'WpUsernames' + it_should_behave_like 'WpTimthumbs' + it_should_behave_like 'WpPlugins' + it_should_behave_like 'WpThemes' - describe "#initialize" do - it "should raise an error if the target_url is nil or empty" do + describe '#initialize' do + it 'should raise an error if the target_url is nil or empty' do expect { WpTarget.new(nil) }.to raise_error expect { Wptarget.new('') }.to raise_error end - it "should add the http protocol if missing" do - WpTarget.new("example.localhost/", @options).url.should === "http://example.localhost/" + it 'should add the http protocol if missing' do + WpTarget.new('example.localhost/', @options).url.should === 'http://example.localhost/' end - it "should add the trailing slash to the url if missing" do - WpTarget.new("lamp/wordpress", @options).url.should === "http://lamp/wordpress/" + it 'should add the trailing slash to the url if missing' do + WpTarget.new('lamp/wordpress', @options).url.should === 'http://lamp/wordpress/' end end - describe "#url" do - it "should return the url of the target" do + describe '#url' do + it 'should return the url of the target' do @wp_target.url.should === @wp_target.uri.to_s end end - describe "#login_url" do - let(:login_url) { @wp_target.uri.merge("wp-login.php").to_s } + describe '#login_url' do + let(:login_url) { @wp_target.uri.merge('wp-login.php').to_s } - it "should return the login url of the target" do - stub_request(:get, login_url).to_return(:status => 200, :body => '') + it 'should return the login url of the target' do + stub_request(:get, login_url).to_return(status: 200, body: '') @wp_target.login_url.should === login_url end - it "should return the redirection url if there is one (ie: for https)" do - https_login_url = login_url.gsub(/^http:/, "https:") + it 'should return the redirection url if there is one (ie: for https)' do + https_login_url = login_url.gsub(/^http:/, 'https:') - stub_request(:get, login_url).to_return(:status => 302, :headers => { :location => https_login_url }) - stub_request(:get, https_login_url).to_return(:status => 200) + stub_request(:get, login_url).to_return(status: 302, headers: { location: https_login_url }) + stub_request(:get, https_login_url).to_return(status: 200) @wp_target.login_url.should === https_login_url end end - describe "#wp_content_dir" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + "/wp_content_dir" } + describe '#wp_content_dir' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + '/wp_content_dir' } after :each do @wp_target = WpTarget.new(@target_url) if @target_url - stub_request_to_fixture(:url => @wp_target.url, :fixture => @fixture) if @fixture + stub_request_to_fixture(url: @wp_target.url, fixture: @fixture) if @fixture @wp_target.wp_content_dir.should === @expected end - it "should return the string set in the initialize method" do - @wp_target = WpTarget.new("http://example.localhost/", @options.merge(:wp_content_dir => "hello-world")) - @expected = "hello-world" + it 'should return the string set in the initialize method' do + @wp_target = WpTarget.new('http://example.localhost/', @options.merge(wp_content_dir: 'hello-world')) + @expected = 'hello-world' end it "should return 'wp-content'" do - @target_url = "http://lamp/wordpress-3.4.1" - @fixture = fixtures_dir + "/wordpress-3.4.1.htm" - @expected = "wp-content" + @target_url = 'http://lamp/wordpress-3.4.1' + @fixture = fixtures_dir + '/wordpress-3.4.1.htm' + @expected = 'wp-content' end it "should return 'wp-content' if url has trailing slash" do - @target_url = "http://lamp/wordpress-3.4.1/" - @fixture = fixtures_dir + "/wordpress-3.4.1.htm" - @expected = "wp-content" + @target_url = 'http://lamp/wordpress-3.4.1/' + @fixture = fixtures_dir + '/wordpress-3.4.1.htm' + @expected = 'wp-content' end it "should find the default 'wp-content' dir even if the target_url is not the same (ie : the user supply an IP address and the url used in the code is a domain)" do - @target_url = "http://192.168.1.103/wordpress-3.4.1/" - @fixture = fixtures_dir + "/wordpress-3.4.1.htm" - @expected = "wp-content" + @target_url = 'http://192.168.1.103/wordpress-3.4.1/' + @fixture = fixtures_dir + '/wordpress-3.4.1.htm' + @expected = 'wp-content' end it "should return 'custom-content'" do - @target_url = "http://lamp/wordpress-3.4.1-custom" - @fixture = fixtures_dir + "/wordpress-3.4.1-custom.htm" - @expected = "custom-content" + @target_url = 'http://lamp/wordpress-3.4.1-custom' + @fixture = fixtures_dir + '/wordpress-3.4.1-custom.htm' + @expected = 'custom-content' end it "should return 'custom content spaces'" do - @target_url = "http://lamp/wordpress-3.4.1-custom" - @fixture = fixtures_dir + "/wordpress-3.4.1-custom-with-spaces.htm" - @expected = "custom content spaces" + @target_url = 'http://lamp/wordpress-3.4.1-custom' + @fixture = fixtures_dir + '/wordpress-3.4.1-custom-with-spaces.htm' + @expected = 'custom content spaces' end it "should return 'custom-dir/subdir/content'" do - @target_url = "http://lamp/wordpress-3.4.1-custom" - @fixture = fixtures_dir + "/wordpress-3.4.1-custom-subdirectories.htm" - @expected = "custom-dir/subdir/content" + @target_url = 'http://lamp/wordpress-3.4.1-custom' + @fixture = fixtures_dir + '/wordpress-3.4.1-custom-subdirectories.htm' + @expected = 'custom-dir/subdir/content' end - it "should also check in src attributes" do - @target_url = "http://lamp/wordpress-3.4.1" - @fixture = fixtures_dir + "/wordpress-3.4.1-in-src.htm" - @expected = "wp-content" + it 'should also check in src attributes' do + @target_url = 'http://lamp/wordpress-3.4.1' + @fixture = fixtures_dir + '/wordpress-3.4.1-in-src.htm' + @expected = 'wp-content' end - it "should find the location even if the src or href goes in the plugins dir" do - @target_url = "http://wordpress-3.4.1-in-plugins.htm" - @fixture = fixtures_dir + "/wordpress-3.4.1-in-plugins.htm" - @expected = "wp-content" + it 'should find the location even if the src or href goes in the plugins dir' do + @target_url = 'http://wordpress-3.4.1-in-plugins.htm' + @fixture = fixtures_dir + '/wordpress-3.4.1-in-plugins.htm' + @expected = 'wp-content' end - it "should not detect facebook.com as a custom wp-content directory" do - @target_url = "http://lamp.localhost/" - @fixture = fixtures_dir + "/facebook-detection.htm" + it 'should not detect facebook.com as a custom wp-content directory' do + @target_url = 'http://lamp.localhost/' + @fixture = fixtures_dir + '/facebook-detection.htm' @expected = nil end end - describe "#wp_plugins_dir" do + describe '#wp_plugins_dir' do after :each do - @wp_target.stub(:wp_plugins_dir => @stub_value) if @stub_value + @wp_target.stub(wp_plugins_dir: @stub_value) if @stub_value @wp_target.wp_plugins_dir.should === @expected end - it "should return the string set in the initialize method" do - @wp_target = WpTarget.new("http://example.localhost/", @options.merge(:wp_content_dir => "asdf", :wp_plugins_dir => "custom-plugins")) - @expected = "custom-plugins" + it 'should return the string set in the initialize method' do + @wp_target = WpTarget.new('http://example.localhost/', @options.merge(wp_content_dir: 'asdf', wp_plugins_dir: 'custom-plugins')) + @expected = 'custom-plugins' end it "should return 'plugins'" do - @stub_value = "plugins" - @expected = "plugins" + @stub_value = 'plugins' + @expected = 'plugins' end it "should return 'wp-content/plugins'" do - @wp_target = WpTarget.new("http://example.localhost/", @options.merge(:wp_content_dir => "wp-content", :wp_plugins_dir => nil)) - @expected = "wp-content/plugins" + @wp_target = WpTarget.new('http://example.localhost/', @options.merge(wp_content_dir: 'wp-content', wp_plugins_dir: nil)) + @expected = 'wp-content/plugins' end end - describe "#wp_plugins_dir_exists?" do - it "should return true" do - target = WpTarget.new("http://example.localhost/", @options.merge(:wp_content_dir => "asdf", :wp_plugins_dir => "custom-plugins")) + describe '#wp_plugins_dir_exists?' do + it 'should return true' do + target = WpTarget.new('http://example.localhost/', @options.merge(wp_content_dir: 'asdf', wp_plugins_dir: 'custom-plugins')) url = target.uri.merge(target.wp_plugins_dir).to_s - stub_request(:any, url).to_return(:status => 200) + stub_request(:any, url).to_return(status: 200) target.wp_plugins_dir_exists?.should == true end - it "should return false" do - target = WpTarget.new("http://example.localhost/", @options.merge(:wp_content_dir => "asdf", :wp_plugins_dir => "custom-plugins")) + it 'should return false' do + target = WpTarget.new('http://example.localhost/', @options.merge(wp_content_dir: 'asdf', wp_plugins_dir: 'custom-plugins')) url = target.uri.merge(target.wp_plugins_dir).to_s - stub_request(:any, url).to_return(:status => 404) + stub_request(:any, url).to_return(status: 404) target.wp_plugins_dir_exists?.should == false end end - describe "#debug_log_url" do + describe '#debug_log_url' do it "should return 'http://example.localhost/wp-content/debug.log" do - @wp_target.stub(:wp_content_dir => "wp-content") - @wp_target.debug_log_url.should === "http://example.localhost/wp-content/debug.log" + @wp_target.stub(wp_content_dir: 'wp-content') + @wp_target.debug_log_url.should === 'http://example.localhost/wp-content/debug.log' end end - describe "#has_debug_log?" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + "/debug_log" } + describe '#has_debug_log?' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + '/debug_log' } after :each do - @wp_target.stub(:wp_content_dir => "wp-content") - stub_request_to_fixture(:url => @wp_target.debug_log_url(), :fixture => @fixture) + @wp_target.stub(wp_content_dir: 'wp-content') + stub_request_to_fixture(url: @wp_target.debug_log_url(), fixture: @fixture) @wp_target.has_debug_log?.should === @expected end - it "should return false" do - @fixture = SPEC_FIXTURES_DIR + "/empty-file" + it 'should return false' do + @fixture = SPEC_FIXTURES_DIR + '/empty-file' @expected = false end - it "should return true" do - @fixture = fixtures_dir + "/debug.log" + it 'should return true' do + @fixture = fixtures_dir + '/debug.log' @expected = true end - it "should also detect it if there are PHP notice" do - @fixture = fixtures_dir + "/debug-notice.log" + it 'should also detect it if there are PHP notice' do + @fixture = fixtures_dir + '/debug-notice.log' @expected = true end end - describe "#search_replace_db_2_url" do - it "should return the correct url" do - @wp_target.search_replace_db_2_url.should == "http://example.localhost/searchreplacedb2.php" + describe '#search_replace_db_2_url' do + it 'should return the correct url' do + @wp_target.search_replace_db_2_url.should == 'http://example.localhost/searchreplacedb2.php' end end - describe "#search_replace_db_2_exists?" do - it "should return true" do - stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 200, :body => "asdf by interconnect asdf") + describe '#search_replace_db_2_exists?' do + it 'should return true' do + stub_request(:any, @wp_target.search_replace_db_2_url).to_return(status: 200, body: 'asdf by interconnect asdf') @wp_target.search_replace_db_2_exists?.should be_true end - it "should return false" do - stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 500) + it 'should return false' do + stub_request(:any, @wp_target.search_replace_db_2_url).to_return(status: 500) @wp_target.search_replace_db_2_exists?.should be_false end - it "should return false" do - stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 500, :body => "asdf by interconnect asdf") + it 'should return false' do + stub_request(:any, @wp_target.search_replace_db_2_url).to_return(status: 500, body: 'asdf by interconnect asdf') @wp_target.search_replace_db_2_exists?.should be_false end end - describe "#registration_url" do - it "should return the correct url (multisite)" do + describe '#registration_url' do + it 'should return the correct url (multisite)' do # set to multi site - stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 200) - @wp_target.registration_url.to_s.should == "http://example.localhost/wp-signup.php" + stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 200) + @wp_target.registration_url.to_s.should == 'http://example.localhost/wp-signup.php' end - it "should return the correct url (not multisite)" do + it 'should return the correct url (not multisite)' do # set to single site - stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 302, :headers => { "Location" => "wp-login.php?action=register" }) - @wp_target.registration_url.to_s.should == "http://example.localhost/wp-login.php?action=register" + stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 302, headers: { 'Location' => 'wp-login.php?action=register' }) + @wp_target.registration_url.to_s.should == 'http://example.localhost/wp-login.php?action=register' end end - describe "#registration_enabled?" do - it "should return false (multisite)" do + describe '#registration_enabled?' do + it 'should return false (multisite)' do # set to multi site - stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 200) - stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 302, :headers => { "Location" => "wp-login.php?registration=disabled" }) + stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 200) + stub_request(:any, @wp_target.registration_url.to_s).to_return(status: 302, headers: { 'Location' => 'wp-login.php?registration=disabled' }) @wp_target.registration_enabled?.should be_false end - it "should return true (multisite)" do + it 'should return true (multisite)' do # set to multi site - stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 200) - stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 200, :body => %{
}) + stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 200) + stub_request(:any, @wp_target.registration_url.to_s).to_return(status: 200, body: %{}) @wp_target.registration_enabled?.should be_true end - it "should return false (not multisite)" do + it 'should return false (not multisite)' do # set to single site - stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 302, :headers => { "Location" => "wp-login.php?action=register" }) - stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 302, :headers => { "Location" => "wp-login.php?registration=disabled" }) + stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 302, headers: { 'Location' => 'wp-login.php?action=register' }) + stub_request(:any, @wp_target.registration_url.to_s).to_return(status: 302, headers: { 'Location' => 'wp-login.php?registration=disabled' }) @wp_target.registration_enabled?.should be_false end - it "should return true (not multisite)" do + it 'should return true (not multisite)' do # set to single site - stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 302, :headers => { "Location" => "wp-login.php?action=register" }) - stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 200, :body => %{ 'wp-login.php?action=register' }) + stub_request(:any, @wp_target.registration_url.to_s).to_return(status: 200, body: %{ 302, :headers => { "Location" => "wp-login.php?action=register" }) - stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 500) + stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 302, headers: { 'Location' => 'wp-login.php?action=register' }) + stub_request(:any, @wp_target.registration_url.to_s).to_return(status: 500) @wp_target.registration_enabled?.should be_false end end - describe "#is_multisite?" do + describe '#is_multisite?' do before :each do - @url = @wp_target.uri.merge("wp-signup.php").to_s + @url = @wp_target.uri.merge('wp-signup.php').to_s end - it "should return false" do - stub_request(:any, @url).to_return(:status => 302, :headers => { "Location" => "wp-login.php?action=register" }) + it 'should return false' do + stub_request(:any, @url).to_return(status: 302, headers: { 'Location' => 'wp-login.php?action=register' }) @wp_target.is_multisite?.should be_false end - it "should return true" do - stub_request(:any, @url).to_return(:status => 302, :headers => { "Location" => "http://example.localhost/wp-signup.php" }) + it 'should return true' do + stub_request(:any, @url).to_return(status: 302, headers: { 'Location' => 'http://example.localhost/wp-signup.php' }) @wp_target.is_multisite?.should be_true end - it "should return true" do - stub_request(:any, @url).to_return(:status => 200) + it 'should return true' do + stub_request(:any, @url).to_return(status: 200) @wp_target.is_multisite?.should be_true end - it "should return false" do - stub_request(:any, @url).to_return(:status => 500) + it 'should return false' do + stub_request(:any, @url).to_return(status: 500) @wp_target.is_multisite?.should be_false end end diff --git a/spec/lib/wpscan/wp_theme_spec.rb b/spec/lib/wpscan/wp_theme_spec.rb index d9a1e343..67ea078b 100644 --- a/spec/lib/wpscan/wp_theme_spec.rb +++ b/spec/lib/wpscan/wp_theme_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,46 +17,46 @@ # along with this program. If not, see . #++ -require File.expand_path(File.dirname(__FILE__) + "/wpscan_helper") +require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpTheme do before :all do - @target_uri = URI.parse("http://example.localhost/") + @target_uri = URI.parse('http://example.localhost/') Browser.instance( - :config_file => SPEC_FIXTURES_CONF_DIR + "/browser/browser.conf.json", - :cache_timeout => 0 + config_file: SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', + cache_timeout: 0 ) end - describe "#initialize" do - it "should not raise an exception" do - expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error + describe '#initialize' do + it 'should not raise an exception' do + expect { WpTheme.new(base_url: 'url', path: 'path', wp_content_dir: 'dir', name: 'name') }.to_not raise_error end - it "should not raise an exception (wp_content_dir not set)" do - expect { WpTheme.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error + it 'should not raise an exception (wp_content_dir not set)' do + expect { WpTheme.new(base_url: 'url', path: 'path', name: 'name') }.to_not raise_error end - it "should raise an exception (base_url not set)" do - expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error + it 'should raise an exception (base_url not set)' do + expect { WpTheme.new(path: 'path', wp_content_dir: 'dir', name: 'name') }.to raise_error end - it "should raise an exception (path not set)" do - expect { WpTheme.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error + it 'should raise an exception (path not set)' do + expect { WpTheme.new(base_url: 'url', wp_content_dir: 'dir', name: 'name') }.to raise_error end - it "should raise an exception (name not set)" do - expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error + it 'should raise an exception (name not set)' do + expect { WpTheme.new(base_url: 'url', path: 'path', wp_content_dir: 'dir') }.to raise_error end end - describe "#find_from_css_link" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + "/find/css_link" } + describe '#find_from_css_link' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + '/find/css_link' } after :each do if @expected_name - stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture) + stub_request_to_fixture(url: @target_uri.to_s, fixture: @fixture) wp_theme = WpTheme.find_from_css_link(@target_uri) wp_theme.should be_a WpTheme @@ -63,36 +64,36 @@ describe WpTheme do end end - it "should return nil if no theme is present" do - stub_request(:get, @target_uri.to_s).to_return(:status => 200, :body => "") + it 'should return nil if no theme is present' do + stub_request(:get, @target_uri.to_s).to_return(status: 200, body: '') WpTheme.find_from_css_link(@target_uri).should be_nil end - it "should return a WpTheme object with .name = twentyeleven" do - @fixture = fixtures_dir + "/wordpress-twentyeleven.htm" - @expected_name = "twentyeleven" + it 'should return a WpTheme object with .name = twentyeleven' do + @fixture = fixtures_dir + '/wordpress-twentyeleven.htm' + @expected_name = 'twentyeleven' end # http://code.google.com/p/wpscan/issues/detail?id=131 # Theme name with spaces raises bad URI(is not URI?) - it "should not raise an error if the theme name has spaces or special chars" do - @fixture = fixtures_dir + "/theme-name-with-spaces.html" - @expected_name = "Copia di simplefolio" + it 'should not raise an error if the theme name has spaces or special chars' do + @fixture = fixtures_dir + '/theme-name-with-spaces.html' + @expected_name = 'Copia di simplefolio' end # https://github.com/wpscanteam/wpscan/issues/18 - it "should get the theme if the is inline with some other tags" do - @fixture = fixtures_dir + "/inline_link_tag.html" - @expected_name = "inline" + it 'should get the theme if the is inline with some other tags' do + @fixture = fixtures_dir + '/inline_link_tag.html' + @expected_name = 'inline' end end - describe "#find_from_wooframework" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + "/find/wooframework" } + describe '#find_from_wooframework' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + '/find/wooframework' } after :each do - stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture) + stub_request_to_fixture(url: @target_uri.to_s, fixture: @fixture) wp_theme = WpTheme.find_from_wooframework(@target_uri) @@ -101,21 +102,21 @@ describe WpTheme do end it "should return a WpTheme object with .name 'Editorial' and .version '1.3.5'" do - @fixture = fixtures_dir + "/editorial-1.3.5.html" - @expected_theme = WpTheme.new(:name => "Editorial", :version => "1.3.5", :base_url => "", :path => "", :wp_content_dir => "") + @fixture = fixtures_dir + '/editorial-1.3.5.html' + @expected_theme = WpTheme.new(name: 'Editorial', version: '1.3.5', base_url: '', path: '', wp_content_dir: '') end it "should return a WpTheme object with .name 'Merchant'" do - @fixture = fixtures_dir + "/merchant-no-version.html" - @expected_theme = WpTheme.new(:name => "Merchant", :base_url => "", :path => "", :wp_content_dir => "") + @fixture = fixtures_dir + '/merchant-no-version.html' + @expected_theme = WpTheme.new(name: 'Merchant', base_url: '', path: '', wp_content_dir: '') end end - describe "#find" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + "/find" } + describe '#find' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + '/find' } after :each do - stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture) + stub_request_to_fixture(url: @target_uri.to_s, fixture: @fixture) wp_theme = WpTheme.find(@target_uri) @@ -127,111 +128,119 @@ describe WpTheme do end end - it "should return nil if no theme is found" do - @fixture = SPEC_FIXTURES_DIR + "/empty-file" + it 'should return nil if no theme is found' do + @fixture = SPEC_FIXTURES_DIR + '/empty-file' @expected_name = nil end it "should return a WpTheme object with .name 'twentyeleven'" do - @fixture = fixtures_dir + "/css_link/wordpress-twentyeleven.htm" - @expected_name = "twentyeleven" + @fixture = fixtures_dir + '/css_link/wordpress-twentyeleven.htm' + @expected_name = 'twentyeleven' end it "should a WpTheme object with .name 'Merchant'" do - @fixture = fixtures_dir + "/wooframework/merchant-no-version.html" - @expected_name = "Merchant" + @fixture = fixtures_dir + '/wooframework/merchant-no-version.html' + @expected_name = 'Merchant' end end - describe "#version" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + "/version" } - let(:theme_style_url) { @target_uri.merge("wp-content/themes/spec-theme/style.css").to_s } + describe '#version' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + '/version' } + let(:theme_style_url) { @target_uri.merge('wp-content/themes/spec-theme/style.css').to_s } after :each do if @fixture - stub_request_to_fixture(:url => theme_style_url, :fixture => @fixture) + stub_request_to_fixture(url: theme_style_url, fixture: @fixture) - wp_theme = WpTheme.new(:name => "spec-theme", :style_url => theme_style_url, :base_url => "", :path => "", :wp_content_dir => "") + wp_theme = WpTheme.new(name: 'spec-theme', style_url: theme_style_url, base_url: '', path: '', wp_content_dir: '') wp_theme.version.should === @expected end end - it "should return nil if the version is not found" do - @fixture = fixtures_dir + "/twentyeleven-unknow.css" + it 'should return nil if the version is not found' do + @fixture = fixtures_dir + '/twentyeleven-unknow.css' @expected = nil end - it "should return nil if the style_url is nil" do - WpTheme.new(:name => "hello-world", :base_url => "", :path => "", :wp_content_dir => "").version.should be_nil + it 'should return nil if the style_url is nil' do + WpTheme.new(name: 'hello-world', base_url: '', path: '', wp_content_dir: '').version.should be_nil end - it "should return 1.3" do - @fixture = fixtures_dir + "/twentyeleven-1.3.css" - @expected = "1.3" + it 'should return 1.3' do + @fixture = fixtures_dir + '/twentyeleven-1.3.css' + @expected = '1.3' end - it "should return 1.5.1" do - @fixture = fixtures_dir + "/bueno-1.5.1.css" - @expected = "1.5.1" + it 'should return 1.5.1' do + @fixture = fixtures_dir + '/bueno-1.5.1.css' + @expected = '1.5.1' end end - describe "#===" do - it "should return false (name not equal)" do - instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", - :path => "themes/name/asdf.php", - :vulns_file => "XXX.xml", - :version => "1.0" + describe '#===' do + it 'should return false (name not equal)' do + instance = WpTheme.new( + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'themes/name/asdf.php', + vulns_file: 'XXX.xml', + version: '1.0' ) - instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", - :path => "themes/newname/asdf.php", - :vulns_file => "XXX.xml", - :version => "1.0" + instance2 = WpTheme.new( + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'themes/newname/asdf.php', + vulns_file: 'XXX.xml', + version: '1.0' ) - (instance===instance2).should == false + (instance === instance2).should == false end - it "should return false (version not equal)" do - instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", - :path => "themes/name/asdf.php", - :vulns_file => "XXX.xml", - :version => "1.0" + it 'should return false (version not equal)' do + instance = WpTheme.new( + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'themes/name/asdf.php', + vulns_file: 'XXX.xml', + version: '1.0' ) - instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", - :path => "themes/name/asdf.php", - :vulns_file => "XXX.xml", - :version => "2.0" + instance2 = WpTheme.new( + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'themes/name/asdf.php', + vulns_file: 'XXX.xml', + version: '2.0' ) - (instance===instance2).should == false + (instance === instance2).should == false end - it "should return false (version and name not equal)" do - instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", - :path => "themes/name/asdf.php", - :vulns_file => "XXX.xml", - :version => "1.0" + it 'should return false (version and name not equal)' do + instance = WpTheme.new( + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'themes/name/asdf.php', + vulns_file: 'XXX.xml', + version: '1.0' ) - instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", - :path => "themes/newname/asdf.php", - :vulns_file => "XXX.xml", - :version => "2.0" + instance2 = WpTheme.new( + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'themes/newname/asdf.php', + vulns_file: 'XXX.xml', + version: '2.0' ) - (instance===instance2).should == false + (instance === instance2).should == false end - it "should return true" do - instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", - :path => "themes/test/asdf.php", - :vulns_file => "XXX.xml", - :version => "1.0" + it 'should return true' do + instance = WpTheme.new( + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'themes/test/asdf.php', + vulns_file: 'XXX.xml', + version: '1.0' ) - instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", - :path => "themes/test/asdf.php", - :vulns_file => "XXX.xml", - :version => "1.0" + instance2 = WpTheme.new( + base_url: 'http://sub.example.com/path/to/wordpress/', + path: 'themes/test/asdf.php', + vulns_file: 'XXX.xml', + version: '1.0' ) - (instance===instance2).should == true + (instance === instance2).should == true end end end diff --git a/spec/lib/wpscan/wp_user_spec.rb b/spec/lib/wpscan/wp_user_spec.rb index fa9fc524..4a753f6d 100644 --- a/spec/lib/wpscan/wp_user_spec.rb +++ b/spec/lib/wpscan/wp_user_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -16,70 +17,70 @@ # along with this program. If not, see . #++ -require File.expand_path(File.dirname(__FILE__) + "/wpscan_helper") +require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpUser do - describe "#initialize" do - it "should replace nil with empty" do + describe '#initialize' do + it 'should replace nil with empty' do user = WpUser.new(nil, nil, nil) - user.name.should == "empty" - user.id.should == "empty" - user.nickname == "empty" + user.name.should == 'empty' + user.id.should == 'empty' + user.nickname == 'empty' end - it "should initialize a user object" do - user = WpUser.new("name", "id", "nickname") - user.name.should == "name" - user.id.should == "id" - user.nickname == "nickname" + it 'should initialize a user object' do + user = WpUser.new('name', 'id', 'nickname') + user.name.should == 'name' + user.id.should == 'id' + user.nickname == 'nickname' end end - describe "#<=>" do - it "should return -1" do - user1 = WpUser.new("b", nil, nil) - user2 = WpUser.new("a", nil, nil) - (user1<=>user2).should === -1 + describe '#<=>' do + it 'should return -1' do + user1 = WpUser.new('b', nil, nil) + user2 = WpUser.new('a', nil, nil) + (user1 <=> user2).should === -1 end - it "should return 0" do - user1 = WpUser.new("a", nil, nil) - user2 = WpUser.new("a", nil, nil) - (user1<=>user2).should === 0 + it 'should return 0' do + user1 = WpUser.new('a', nil, nil) + user2 = WpUser.new('a', nil, nil) + (user1 <=> user2).should === 0 end - it "should return 1" do - user1 = WpUser.new("a", nil, nil) - user2 = WpUser.new("b", nil, nil) - (user1<=>user2).should === 1 + it 'should return 1' do + user1 = WpUser.new('a', nil, nil) + user2 = WpUser.new('b', nil, nil) + (user1 <=> user2).should === 1 end end - describe "#===" do - it "should return true" do - user1 = WpUser.new("a", "id", "nick") - user2 = WpUser.new("a", "id", "nick") - (user1===user2).should be_true + describe '#===' do + it 'should return true' do + user1 = WpUser.new('a', 'id', 'nick') + user2 = WpUser.new('a', 'id', 'nick') + (user1 === user2).should be_true end - it "should return false" do - user1 = WpUser.new("a", "id", "nick") - user2 = WpUser.new("b", "id", "nick") - (user1===user2).should be_false + it 'should return false' do + user1 = WpUser.new('a', 'id', 'nick') + user2 = WpUser.new('b', 'id', 'nick') + (user1 === user2).should be_false end end - describe "#eql?" do - it "should return true" do - user1 = WpUser.new("a", "id", "nick") - user2 = WpUser.new("a", "id", "nick") + describe '#eql?' do + it 'should return true' do + user1 = WpUser.new('a', 'id', 'nick') + user2 = WpUser.new('a', 'id', 'nick') (user1.eql? user2).should be_true end - it "should return false" do - user1 = WpUser.new("a", "id", "nick") - user2 = WpUser.new("b", "id", "nick") + it 'should return false' do + user1 = WpUser.new('a', 'id', 'nick') + user2 = WpUser.new('b', 'id', 'nick') (user1.eql? user2).should be_false end end -end \ No newline at end of file +end diff --git a/spec/lib/wpscan/wp_version_spec.rb b/spec/lib/wpscan/wp_version_spec.rb index 956cb16d..2273c706 100644 --- a/spec/lib/wpscan/wp_version_spec.rb +++ b/spec/lib/wpscan/wp_version_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -22,283 +23,283 @@ describe WpVersion do before :all do @target_uri = URI.parse('http://example.localhost/') - @browser = Browser.instance(:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json') + @browser = Browser.instance(config_file: SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json') end - describe "#find_from_meta_generator" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/meta-generator" } + describe '#find_from_meta_generator' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/meta-generator' } after :each do - stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture) - WpVersion.find_from_meta_generator(:base_url => @target_uri.to_s).should === @expected + stub_request_to_fixture(url: @target_uri.to_s, fixture: @fixture) + WpVersion.find_from_meta_generator(base_url: @target_uri.to_s).should === @expected end - it "should return nil if the meta-generator is not found" do - @fixture = fixtures_dir + "/no-meta-generator.htm" + it 'should return nil if the meta-generator is not found' do + @fixture = fixtures_dir + '/no-meta-generator.htm' @expected = nil end - it "should return 3.3.2" do - @fixture = fixtures_dir + "/3.3.2.htm" - @expected = "3.3.2" + it 'should return 3.3.2' do + @fixture = fixtures_dir + '/3.3.2.htm' + @expected = '3.3.2' end - it "should return 3.4-beta4" do - @fixture = fixtures_dir + "/3.4-beta4.htm" - @expected = "3.4-beta4" + it 'should return 3.4-beta4' do + @fixture = fixtures_dir + '/3.4-beta4.htm' + @expected = '3.4-beta4' end it "should return nil if it's not a valid version, must contains at least one '.'" do - @fixture = fixtures_dir + "/invalid_version.htm" + @fixture = fixtures_dir + '/invalid_version.htm' @expected = nil end - it "should return 3.5" do - @fixture = fixtures_dir + "/3.5_minified.htm" - @expected = "3.5" + it 'should return 3.5' do + @fixture = fixtures_dir + '/3.5_minified.htm' + @expected = '3.5' end end - describe "#find_from_rss_generator" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/rss-generator" } + describe '#find_from_rss_generator' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/rss-generator' } after :each do @status_code ||= 200 - stub_request_to_fixture(:url => @target_uri.merge("feed/").to_s, :status => @status_code, :fixture => @fixture) - WpVersion.find_from_rss_generator(:base_url => @target_uri).should === @expected + stub_request_to_fixture(url: @target_uri.merge('feed/').to_s, status: @status_code, fixture: @fixture) + WpVersion.find_from_rss_generator(base_url: @target_uri).should === @expected end - it "should return nil on a 404" do + it 'should return nil on a 404' do @status_code = 404 - @fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/404.htm" + @fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/404.htm' @expected = nil end - it "should return nil if the rss-generator is not found" do - @fixture = fixtures_dir + "/no-rss-generator.htm" + it 'should return nil if the rss-generator is not found' do + @fixture = fixtures_dir + '/no-rss-generator.htm' @expected = nil end - it "should return nil if the version is not found (but the rss-generator is present)" do - @fixture = fixtures_dir + "/no-version.htm" + it 'should return nil if the version is not found (but the rss-generator is present)' do + @fixture = fixtures_dir + '/no-version.htm' @expected = nil end - it "shuld return 3.3.2" do - @fixture = fixtures_dir + "/3.3.2.htm" - @expected = "3.3.2" + it 'shuld return 3.3.2' do + @fixture = fixtures_dir + '/3.3.2.htm' + @expected = '3.3.2' end - it "should return 3.4-beta4" do - @fixture = fixtures_dir + "/3.4-beta4.htm" - @expected = "3.4-beta4" + it 'should return 3.4-beta4' do + @fixture = fixtures_dir + '/3.4-beta4.htm' + @expected = '3.4-beta4' end it "should return nil if it's not a valid version, must contains at least one '.'" do - @fixture = fixtures_dir + "/invalid_version.htm" + @fixture = fixtures_dir + '/invalid_version.htm' @expected = nil end end - describe "#find_from_rdf_generator" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/rdf-generator" } + describe '#find_from_rdf_generator' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/rdf-generator' } after :each do @status_code ||= 200 - stub_request_to_fixture(:url => @target_uri.merge("feed/rdf/").to_s, :status => @status_code, :fixture => @fixture) - WpVersion.find_from_rdf_generator(:base_url => @target_uri).should === @expected + stub_request_to_fixture(url: @target_uri.merge('feed/rdf/').to_s, status: @status_code, fixture: @fixture) + WpVersion.find_from_rdf_generator(base_url: @target_uri).should === @expected end - it "should return nil on a 404" do + it 'should return nil on a 404' do @status_code = 404 - @fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/404.htm" + @fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/404.htm' @expected = nil end - it "should return nil if the rdf-generator is not found" do - @fixture = fixtures_dir + "/no-rdf-generator.htm" + it 'should return nil if the rdf-generator is not found' do + @fixture = fixtures_dir + '/no-rdf-generator.htm' @expected = nil end - it "should return nil if the version is not found (but the rdf-generator is present)" do - @fixture = fixtures_dir + "/no-version.htm" + it 'should return nil if the version is not found (but the rdf-generator is present)' do + @fixture = fixtures_dir + '/no-version.htm' @expected = nil end - it "shuld return 3.3.2" do - @fixture = fixtures_dir + "/3.3.2.htm" - @expected = "3.3.2" + it 'shuld return 3.3.2' do + @fixture = fixtures_dir + '/3.3.2.htm' + @expected = '3.3.2' end - it "should return 3.4-beta4" do - @fixture = fixtures_dir + "/3.4-beta4.htm" - @expected = "3.4-beta4" + it 'should return 3.4-beta4' do + @fixture = fixtures_dir + '/3.4-beta4.htm' + @expected = '3.4-beta4' end it "should return nil if it's not a valid version, must contains at least one '.'" do - @fixture = fixtures_dir + "/invalid_version.htm" + @fixture = fixtures_dir + '/invalid_version.htm' @expected = nil end end - describe "#find_from_atom_generator" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/atom-generator" } + describe '#find_from_atom_generator' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/atom-generator' } after :each do @status_code ||= 200 - stub_request_to_fixture(:url => @target_uri.merge("feed/atom/").to_s, :status => @status_code, :fixture => @fixture) - WpVersion.find_from_atom_generator(:base_url => @target_uri).should === @expected + stub_request_to_fixture(url: @target_uri.merge('feed/atom/').to_s, status: @status_code, fixture: @fixture) + WpVersion.find_from_atom_generator(base_url: @target_uri).should === @expected end - it "should return nil on a 404" do + it 'should return nil on a 404' do @status_code = 404 - @fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/404.htm" + @fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/404.htm' @expected = nil end - it "should return nil if the atom-generator is not found" do - @fixture = fixtures_dir + "/no-atom-generator.htm" + it 'should return nil if the atom-generator is not found' do + @fixture = fixtures_dir + '/no-atom-generator.htm' @expected = nil end - it "should return nil if the version is not found (but the atom-generator is present)" do - @fixture = fixtures_dir + "/no-version.htm" + it 'should return nil if the version is not found (but the atom-generator is present)' do + @fixture = fixtures_dir + '/no-version.htm' @expected = nil end - it "shuld return 3.3.2" do - @fixture = fixtures_dir + "/3.3.2.htm" - @expected = "3.3.2" + it 'shuld return 3.3.2' do + @fixture = fixtures_dir + '/3.3.2.htm' + @expected = '3.3.2' end - it "should return 3.4-beta4" do - @fixture = fixtures_dir + "/3.4-beta4.htm" - @expected = "3.4-beta4" + it 'should return 3.4-beta4' do + @fixture = fixtures_dir + '/3.4-beta4.htm' + @expected = '3.4-beta4' end it "should return nil if it's not a valid version, must contains at least one '.'" do - @fixture = fixtures_dir + "/invalid_version.htm" + @fixture = fixtures_dir + '/invalid_version.htm' @expected = nil end end - describe "#find_from_sitemap_generator" do + describe '#find_from_sitemap_generator' do after :each do - stub_request(:get, @target_uri.merge("sitemap.xml").to_s). - to_return(:status => 200, :body => @body) + stub_request(:get, @target_uri.merge('sitemap.xml').to_s). + to_return(status: 200, body: @body) - WpVersion.find_from_sitemap_generator(:base_url => @target_uri).should === @expected + WpVersion.find_from_sitemap_generator(base_url: @target_uri).should === @expected end - it "should return nil if the generator is not found" do + it 'should return nil if the generator is not found' do @body = '' @expected = nil end - it "should return the version : 3.3.2" do - @body = "" - @expected = "3.3.2" + it 'should return the version : 3.3.2' do + @body = '' + @expected = '3.3.2' end it "should return nil if it's not a valid version, must contains at least one '.'" do - @body = "" + @body = '' @expected = nil end end - describe "#find_from_readme" do + describe '#find_from_readme' do let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/readme' } after :each do @status_code ||= 200 - stub_request_to_fixture(:url => @target_uri.merge("readme.html").to_s, :status => @status_code, :fixture => @fixture) + stub_request_to_fixture(url: @target_uri.merge('readme.html').to_s, status: @status_code, fixture: @fixture) - WpVersion.find_from_readme(:base_url => @target_uri).should === @expected + WpVersion.find_from_readme(base_url: @target_uri).should === @expected end - it "should return nil on a 404" do + it 'should return nil on a 404' do @status_code = 404 - @fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/404.htm" + @fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/404.htm' @expected = nil end - it "should return nil if the version number is not present" do - @fixture = fixtures_dir + "/empty-version.html" + it 'should return nil if the version number is not present' do + @fixture = fixtures_dir + '/empty-version.html' @expected = nil end - it "should return 3.3.2" do - @fixture = fixtures_dir + "/readme-3.3.2.html" - @expected = "3.3.2" + it 'should return 3.3.2' do + @fixture = fixtures_dir + '/readme-3.3.2.html' + @expected = '3.3.2' end it "should return nil if it's not a valid version, must contains at least one '.'" do - @fixture = fixtures_dir + "/invalid_version.html" + @fixture = fixtures_dir + '/invalid_version.html' @expected = nil end end - describe "#find_from_advanced_fingerprinting" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/advanced" } + describe '#find_from_advanced_fingerprinting' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/advanced' } - it "should return 3.2.1" do + it 'should return 3.2.1' do stub_request_to_fixture( - :url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s, - :fixture => "#{fixtures_dir}/3.2.1.js" + url: @target_uri.merge('wp-admin/js/wp-fullscreen.js').to_s, + fixture: "#{fixtures_dir}/3.2.1.js" ) version = WpVersion.find_from_advanced_fingerprinting( - :base_url => @target_uri, - :wp_content_dir => "wp-content", - :version_xml => "#{fixtures_dir}/wp_versions.xml" + base_url: @target_uri, + wp_content_dir: 'wp-content', + version_xml: "#{fixtures_dir}/wp_versions.xml" ) - version.should == "3.2.1" + version.should == '3.2.1' end end - describe "#find_from_links_opml" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/opml" } + describe '#find_from_links_opml' do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/opml' } - it "should return 3.4.2" do + it 'should return 3.4.2' do stub_request_to_fixture( - :url => @target_uri.merge("wp-links-opml.php").to_s, - :fixture => "#{fixtures_dir}/wp-links-opml.xml" + url: @target_uri.merge('wp-links-opml.php').to_s, + fixture: "#{fixtures_dir}/wp-links-opml.xml" ) - version = WpVersion.find_from_links_opml(:base_url => @target_uri) - version.should == "3.4.2" + version = WpVersion.find_from_links_opml(base_url: @target_uri) + version.should == '3.4.2' end - it "should return nil" do + it 'should return nil' do stub_request_to_fixture( - :url => @target_uri.merge("wp-links-opml.php").to_s, - :fixture => "#{fixtures_dir}/wp-links-opml-nogenerator.xml" + url: @target_uri.merge('wp-links-opml.php').to_s, + fixture: "#{fixtures_dir}/wp-links-opml-nogenerator.xml" ) - version = WpVersion.find_from_links_opml(:base_url => @target_uri) + version = WpVersion.find_from_links_opml(base_url: @target_uri) version.should be_nil end end - describe "#initialize" do - it "should initialize a WpVersion object" do - v = WpVersion.new(1, {:discovery_method => "method", :vulns_file => "asdf.xml"}) + describe '#initialize' do + it 'should initialize a WpVersion object' do + v = WpVersion.new(1, {discovery_method: 'method', vulns_file: 'asdf.xml'}) v.number.should == 1 - v.discovery_method.should == "method" + v.discovery_method.should == 'method' end end - describe "#find" do + describe '#find' do let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/advanced' } - it "should find all versions" do + it 'should find all versions' do # All requests get a HTTP 404 - stub_request(:any, /.*/).to_return(:status => 404) + stub_request(:any, /.*/).to_return(status: 404) # Wordpress Version 3.2.1 stub_request_to_fixture( - :url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s, - :fixture => "#{fixtures_dir}/3.2.1.js" + url: @target_uri.merge('wp-admin/js/wp-fullscreen.js').to_s, + fixture: "#{fixtures_dir}/3.2.1.js" ) - version = WpVersion.find(@target_uri, "wp-content") - version.number.should == "3.2.1" - version.discovery_method.should == "advanced fingerprinting" + version = WpVersion.find(@target_uri, 'wp-content') + version.number.should == '3.2.1' + version.discovery_method.should == 'advanced fingerprinting' end end diff --git a/spec/lib/wpscan/wp_vulnerability_spec.rb b/spec/lib/wpscan/wp_vulnerability_spec.rb index 14cd1c49..bb7e5923 100644 --- a/spec/lib/wpscan/wp_vulnerability_spec.rb +++ b/spec/lib/wpscan/wp_vulnerability_spec.rb @@ -1,30 +1,37 @@ +# encoding: UTF-8 + # TODO -describe "#vulnerabilities" do - let(:location_url) { "http://example.localhost/" } - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/vulnerabilities" } - let(:vulns_file) { fixtures_dir + "/plugin_vulns.xml" } - let(:wp_plugin) { WpPlugin.new(:base_url => location_url, - :name => "spec-plugin", - :path => "plugins/spec-plugin/", - :vulns_file => vulns_file) +describe '#vulnerabilities' do + let(:location_url) { 'http://example.localhost/' } + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' } + let(:vulns_file) { fixtures_dir + '/plugin_vulns.xml' } + let(:wp_plugin) { + WpPlugin.new( + base_url: location_url, + name: 'spec-plugin', + path: 'plugins/spec-plugin/', + vulns_file: vulns_file + ) } - it "should return an empty array when no vulnerabilities are found" do - WpPlugin.new(:base_url => "http://example.localhost/", - :name => "no-vulns", - :path => "plugins/no-vulns/", - :vulns_file => vulns_file).vulnerabilities.should be_empty + it 'should return an empty array when no vulnerabilities are found' do + WpPlugin.new( + base_url: 'http://example.localhost/', + name: 'no-vulns', + path: 'plugins/no-vulns/', + vulns_file: vulns_file + ).vulnerabilities.should be_empty end - it "should return an arry with 2 vulnerabilities" do + it 'should return an arry with 2 vulnerabilities' do vulnerabilities = wp_plugin.vulnerabilities vulnerabilities.should_not be_empty vulnerabilities.length.should == 2 vulnerabilities.each { |vulnerability| vulnerability.should be_a WpVulnerability } - vulnerabilities[0].title.should === "WPScan Spec" - vulnerabilities[1].title.should === "Spec SQL Injection" + vulnerabilities[0].title.should === 'WPScan Spec' + vulnerabilities[1].title.should === 'Spec SQL Injection' end -end \ No newline at end of file +end diff --git a/spec/lib/wpscan/wpscan_helper.rb b/spec/lib/wpscan/wpscan_helper.rb index ce106c95..21c526b2 100644 --- a/spec/lib/wpscan/wpscan_helper.rb +++ b/spec/lib/wpscan/wpscan_helper.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -35,8 +36,8 @@ class WpScanModuleSpec def initialize(target_url) @uri = URI.parse(add_http_protocol(target_url)) Browser.instance( - :config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', - :cache_timeout => 0 + config_file: SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', + cache_timeout: 0 ) end @@ -45,7 +46,7 @@ class WpScanModuleSpec end def login_url - @uri.merge("wp-login.php").to_s + @uri.merge('wp-login.php').to_s end end diff --git a/spec/lib/wpscan/wpscan_options_spec.rb b/spec/lib/wpscan/wpscan_options_spec.rb index a13871d8..5c0e58f3 100644 --- a/spec/lib/wpscan/wpscan_options_spec.rb +++ b/spec/lib/wpscan/wpscan_options_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -18,58 +19,58 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') -describe "WpscanOptions" do +describe 'WpscanOptions' do before :each do @wpscan_options = WpscanOptions.new end - describe "#initialize" do - it "should set all options to nil" do + describe '#initialize' do + it 'should set all options to nil' do WpscanOptions::ACCESSOR_OPTIONS.each do |option| @wpscan_options.send(option).should === nil end end end - describe "#url=" do - it "should raise an error if en empty or nil url is supplied" do + describe '#url=' do + it 'should raise an error if en empty or nil url is supplied' do expect { @wpscan_options.url = '' }.to raise_error expect { @wpscan_options.url = nil }.to raise_error end - it "should add the http protocol if not present" do - @wpscan_options.url = "example.com" - @wpscan_options.url.should === "http://example.com" + it 'should add the http protocol if not present' do + @wpscan_options.url = 'example.com' + @wpscan_options.url.should === 'http://example.com' end it "should not add the http protocol if it's already present" do - url = "http://example.com" + url = 'http://example.com' @wpscan_options.url = url @wpscan_options.url.should === url end end - describe "#threads=" do - it "should convert an integer in a string into an integr" do - @wpscan_options.threads = "10" + describe '#threads=' do + it 'should convert an integer in a string into an integr' do + @wpscan_options.threads = '10' @wpscan_options.threads.should be_an Integer @wpscan_options.threads.should === 10 end - it "should set to correct number of threads" do + it 'should set to correct number of threads' do @wpscan_options.threads = 15 @wpscan_options.threads.should be_an Integer @wpscan_options.threads.should === 15 end end - describe "#wordlist=" do - it "should raise an error if the wordlist file does not exist" do - expect { @wpscan_options.wordlist = "/i/do/not/exist.txt" }.to raise_error + describe '#wordlist=' do + it 'should raise an error if the wordlist file does not exist' do + expect { @wpscan_options.wordlist = '/i/do/not/exist.txt' }.to raise_error end - it "should not raise an error" do + it 'should not raise an error' do wordlist_file = "#{SPEC_FIXTURES_WPSCAN_WPSCAN_OPTIONS_DIR}/wordlist.txt" @wpscan_options.wordlist = wordlist_file @@ -77,39 +78,39 @@ describe "WpscanOptions" do end end - describe "#proxy=" do - it "should raise an error" do + describe '#proxy=' do + it 'should raise an error' do expect { @wpscan_options.proxy = 'invalidproxy' }.to raise_error end - it "should not raise an error" do - proxy = "127.0.0.1:3038" + it 'should not raise an error' do + proxy = '127.0.0.1:3038' @wpscan_options.proxy = proxy @wpscan_options.proxy.should === proxy end end - describe "#proxy_auth=" do - it "should raise an error if the format is not correct" do - expect { @wpscan_options.proxy_auth = "invalidauth" }.to raise_error + describe '#proxy_auth=' do + it 'should raise an error if the format is not correct' do + expect { @wpscan_options.proxy_auth = 'invalidauth' }.to raise_error end - it "should not raise en error" do - proxy_auth = "user:pass" + it 'should not raise en error' do + proxy_auth = 'user:pass' @wpscan_options.proxy_auth = proxy_auth @wpscan_options.proxy_auth.should === proxy_auth end end - describe "#enumerate_plugins=" do - it "should raise an error" do + describe '#enumerate_plugins=' do + it 'should raise an error' do @wpscan_options.enumerate_only_vulnerable_plugins = true expect { @wpscan_options.enumerate_plugins = true }.to raise_error( - RuntimeError, "Please choose only one plugin enumeration option" + RuntimeError, 'Please choose only one plugin enumeration option' ) end - it "should not raise an error" do + it 'should not raise an error' do @wpscan_options.enumerate_only_vulnerable_plugins = false @wpscan_options.enumerate_plugins = true @@ -117,15 +118,15 @@ describe "WpscanOptions" do end end - describe "#enumerate_themes=" do - it "should raise an error" do + describe '#enumerate_themes=' do + it 'should raise an error' do @wpscan_options.enumerate_only_vulnerable_themes = true expect { @wpscan_options.enumerate_themes = true }.to raise_error( - RuntimeError, "Please choose only one theme enumeration option" + RuntimeError, 'Please choose only one theme enumeration option' ) end - it "should not raise an error" do + it 'should not raise an error' do @wpscan_options.enumerate_only_vulnerable_themes = false @wpscan_options.enumerate_themes = true @@ -133,15 +134,15 @@ describe "WpscanOptions" do end end - describe "#enumerate_only_vulnerable_plugins=" do - it "should raise an error" do + describe '#enumerate_only_vulnerable_plugins=' do + it 'should raise an error' do @wpscan_options.enumerate_plugins = true expect { @wpscan_options.enumerate_only_vulnerable_plugins = true }.to raise_error( - RuntimeError, "Please choose only one plugin enumeration option" + RuntimeError, 'Please choose only one plugin enumeration option' ) end - it "should not raise an error" do + it 'should not raise an error' do @wpscan_options.enumerate_plugins = false @wpscan_options.enumerate_only_vulnerable_plugins = true @@ -149,15 +150,15 @@ describe "WpscanOptions" do end end - describe "#enumerate_only_vulnerable_themes=" do - it "should raise an error" do + describe '#enumerate_only_vulnerable_themes=' do + it 'should raise an error' do @wpscan_options.enumerate_themes = true expect { @wpscan_options.enumerate_only_vulnerable_themes = true }.to raise_error( - RuntimeError, "Please choose only one theme enumeration option" + RuntimeError, 'Please choose only one theme enumeration option' ) end - it "should not raise an error" do + it 'should not raise an error' do @wpscan_options.enumerate_themes = false @wpscan_options.enumerate_only_vulnerable_themes = true @@ -165,15 +166,15 @@ describe "WpscanOptions" do end end - describe "#enumerate_all_themes=" do - it "should raise an error" do + describe '#enumerate_all_themes=' do + it 'should raise an error' do @wpscan_options.enumerate_themes = true expect { @wpscan_options.enumerate_all_themes = true }.to raise_error( - RuntimeError, "Please choose only one theme enumeration option" + RuntimeError, 'Please choose only one theme enumeration option' ) end - it "should not raise an error" do + it 'should not raise an error' do @wpscan_options.enumerate_themes = false @wpscan_options.enumerate_all_themes = true @@ -181,15 +182,15 @@ describe "WpscanOptions" do end end - describe "#enumerate_all_plugins=" do - it "should raise an error" do + describe '#enumerate_all_plugins=' do + it 'should raise an error' do @wpscan_options.enumerate_plugins = true expect { @wpscan_options.enumerate_all_plugins = true }.to raise_error( - RuntimeError, "Please choose only one plugin enumeration option" + RuntimeError, 'Please choose only one plugin enumeration option' ) end - it "should not raise an error" do + it 'should not raise an error' do @wpscan_options.enumerate_plugins = false @wpscan_options.enumerate_all_plugins = true @@ -197,112 +198,112 @@ describe "WpscanOptions" do end end - describe "#basic_auth=" do - context "invalid format" do - it "should raise an error if the : is missing" do - expect { @wpscan_options.basic_auth = "helloworld" }.to raise_error( - RuntimeError, "Invalid basic authentication format, login:password expected" + describe '#basic_auth=' do + context 'invalid format' do + it 'should raise an error if the : is missing' do + expect { @wpscan_options.basic_auth = 'helloworld' }.to raise_error( + RuntimeError, 'Invalid basic authentication format, login:password expected' ) end end - context "valid format" do + context 'valid format' do it "should add the 'Basic' word and do the encode64. See RFC 2617" do - @wpscan_options.basic_auth = "Aladdin:open sesame" - @wpscan_options.basic_auth.should == "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" + @wpscan_options.basic_auth = 'Aladdin:open sesame' + @wpscan_options.basic_auth.should == 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==' end end end - describe "#has_options?" do - it "should return false" do + describe '#has_options?' do + it 'should return false' do @wpscan_options.has_options?.should be_false end - it "should return true" do + it 'should return true' do @wpscan_options.verbose = false @wpscan_options.has_options?.should be_true end end - describe "#to_h" do - it "should return an empty hash" do + describe '#to_h' do + it 'should return an empty hash' do @wpscan_options.to_h.should be_a Hash @wpscan_options.to_h.should be_empty end - it "should return a hash with :verbose = true" do - expected = {:verbose => true} + it 'should return a hash with :verbose = true' do + expected = {verbose: true} @wpscan_options.verbose = true @wpscan_options.to_h.should === expected end end - describe "#clean_option" do + describe '#clean_option' do after :each do WpscanOptions.clean_option(@option).should === @expected end it "should return 'url'" do - @option = "--url" - @expected = "url" + @option = '--url' + @expected = 'url' end it "should return 'u'" do - @option = "-u" + @option = '-u' @expected = 'u' end it "should return 'follow_redirection'" do - @option = "--follow-redirection" - @expected = "follow_redirection" + @option = '--follow-redirection' + @expected = 'follow_redirection' end end - describe "#option_to_instance_variable_setter" do + describe '#option_to_instance_variable_setter' do after :each do WpscanOptions.option_to_instance_variable_setter(@argument).should === @expected end - it "should return :url=" do - @argument = "--url" + it 'should return :url=' do + @argument = '--url' @expected = :url= end - it "should return :verbose=" do - @argument = "--verbose" + it 'should return :verbose=' do + @argument = '--verbose' @expected = :verbose= end - it "should return :proxy= for --proxy" do - @argument = "--proxy" + it 'should return :proxy= for --proxy' do + @argument = '--proxy' @expected = :proxy= end - it "should return nil for --enumerate" do - @argument = "--enumerate" + it 'should return nil for --enumerate' do + @argument = '--enumerate' @expected = nil end - it "should return :proxy_auth= for --proxy_auth" do - @argument = "--proxy_auth" + it 'should return :proxy_auth= for --proxy_auth' do + @argument = '--proxy_auth' @expected = :proxy_auth= end end - describe "#is_long_option?" do - it "should return true" do - WpscanOptions.is_long_option?("--url").should be_true + describe '#is_long_option?' do + it 'should return true' do + WpscanOptions.is_long_option?('--url').should be_true end - it "should return false" do - WpscanOptions.is_long_option?("hello").should be_false - WpscanOptions.is_long_option?("--enumerate").should be_false + it 'should return false' do + WpscanOptions.is_long_option?('hello').should be_false + WpscanOptions.is_long_option?('--enumerate').should be_false end end - describe "#enumerate_options_from_string" do + describe '#enumerate_options_from_string' do after :each do if @argument wpscan_options = WpscanOptions.new @@ -311,109 +312,109 @@ describe "WpscanOptions" do end end - it "should raise an error if p and p! are " do - expect { @wpscan_options.enumerate_options_from_string("p,vp") }.to raise_error + it 'should raise an error if p and p! are ' do + expect { @wpscan_options.enumerate_options_from_string('p,vp') }.to raise_error end - it "should set enumerate_plugins to true" do + it 'should set enumerate_plugins to true' do @argument = 'p' - @expected_hash = {:enumerate_plugins => true} + @expected_hash = {enumerate_plugins: true} end - it "should set enumerate_only_vulnerable_plugins to tue" do - @argument = "vp" - @expected_hash = {:enumerate_only_vulnerable_plugins => true} + it 'should set enumerate_only_vulnerable_plugins to tue' do + @argument = 'vp' + @expected_hash = {enumerate_only_vulnerable_plugins: true} end - it "should set enumerate_timthumbs to true" do + it 'should set enumerate_timthumbs to true' do @argument = 'tt' - @expected_hash = {:enumerate_timthumbs => true} + @expected_hash = {enumerate_timthumbs: true} end - it "should set enumerate_usernames to true" do + it 'should set enumerate_usernames to true' do @argument = 'u' - @expected_hash = {:enumerate_usernames => true} + @expected_hash = {enumerate_usernames: true} end - it "should set enumerate_usernames to true and enumerate_usernames_range to (1..20)" do - @argument = "u[1-20]" - @expected_hash = {:enumerate_usernames => true, :enumerate_usernames_range => (1..20)} + it 'should set enumerate_usernames to true and enumerate_usernames_range to (1..20)' do + @argument = 'u[1-20]' + @expected_hash = {enumerate_usernames: true, enumerate_usernames_range: (1..20)} end # Let's try some multiple choices - it "should set enumerate_timthumbs to true, enumerate_usernames to true, enumerate_usernames_range to (1..2)" do - @argument = "u[1-2],tt" + it 'should set enumerate_timthumbs to true, enumerate_usernames to true, enumerate_usernames_range to (1..2)' do + @argument = 'u[1-2],tt' @expected_hash = { - :enumerate_usernames => true, :enumerate_usernames_range => (1..2), - :enumerate_timthumbs => true + enumerate_usernames: true, enumerate_usernames_range: (1..2), + enumerate_timthumbs: true } end end - describe "#set_option_from_cli" do - it "should raise an error with unknow option" do - expect { @wpscan_options.set_option_from_cli("hello", "") }.to raise_error + describe '#set_option_from_cli' do + it 'should raise an error with unknow option' do + expect { @wpscan_options.set_option_from_cli('hello', '') }.to raise_error end - it "should set @url to example.com" do - @wpscan_options.set_option_from_cli("--url", "example.com") - @wpscan_options.url.should === "http://example.com" + it 'should set @url to example.com' do + @wpscan_options.set_option_from_cli('--url', 'example.com') + @wpscan_options.url.should === 'http://example.com' end - it "should set @enumerate_plugins to true" do - @wpscan_options.set_option_from_cli("--enumerate", "p") + it 'should set @enumerate_plugins to true' do + @wpscan_options.set_option_from_cli('--enumerate', 'p') @wpscan_options.enumerate_plugins.should be_true @wpscan_options.enumerate_only_vulnerable_plugins.should be_nil end - it "should set @enumerate_only_vulnerable_plugins, @enumerate_timthumbs and @enumerate_usernames to true if no argument is given" do - @wpscan_options.set_option_from_cli("--enumerate", '') + it 'should set @enumerate_only_vulnerable_plugins, @enumerate_timthumbs and @enumerate_usernames to true if no argument is given' do + @wpscan_options.set_option_from_cli('--enumerate', '') @wpscan_options.enumerate_only_vulnerable_plugins.should be_true @wpscan_options.enumerate_timthumbs.should be_true @wpscan_options.enumerate_usernames.should be_true end end - describe "#load_from_arguments" do + describe '#load_from_arguments' do after :each do set_argv(@argv) wpscan_options = WpscanOptions.load_from_arguments wpscan_options.to_h.should === @expected_hash end - it "should return {}" do + it 'should return {}' do @argv = '' @expected_hash = {} end it "should return {:url => 'example.com'}" do - @argv = "--url example.com" - @expected_hash = {:url => "http://example.com"} + @argv = '--url example.com' + @expected_hash = { url: 'http://example.com' } end it "should return {:url => 'example.com'}" do - @argv = "-u example.com" - @expected_hash = {:url => "http://example.com"} + @argv = '-u example.com' + @expected_hash = { url: 'http://example.com' } end it "should return {:username => 'admin'}" do - @argv = "--username admin" - @expected_hash = {:username => "admin"} + @argv = '--username admin' + @expected_hash = { username: 'admin' } end it "should return {:username => 'Youhou'}" do - @argv = "-U Youhou" - @expected_hash = {:username => "Youhou"} + @argv = '-U Youhou' + @expected_hash = { username: 'Youhou' } end it "should return {:url => 'example.com', :threads => 5, :force => ''}" do - @argv = "-u example.com --force -t 5" - @expected_hash = {:url => "http://example.com", :threads => 5, :force => ""} + @argv = '-u example.com --force -t 5' + @expected_hash = { url: 'http://example.com', threads: 5, force: '' } end it "should return {:url => 'example.com', :enumerate_plugins => true, :enumerate_timthumbs => true}" do - @argv = "-u example.com -e p,tt" - @expected_hash = {:url => 'http://example.com', :enumerate_plugins => true, :enumerate_timthumbs => true} + @argv = '-u example.com -e p,tt' + @expected_hash = { url: 'http://example.com', enumerate_plugins: true, enumerate_timthumbs: true } end end diff --git a/spec/lib/wpstools/plugins/list_generator/generate_list_spec.rb b/spec/lib/wpstools/plugins/list_generator/generate_list_spec.rb index 79d0ea42..5f5fe3f9 100644 --- a/spec/lib/wpstools/plugins/list_generator/generate_list_spec.rb +++ b/spec/lib/wpstools/plugins/list_generator/generate_list_spec.rb @@ -1,3 +1,5 @@ -require File.expand_path(File.dirname(__FILE__) + "/../../wpstools_helper") +# encoding: UTF-8 + +require File.expand_path(File.dirname(__FILE__) + '/../../wpstools_helper') # TODO diff --git a/spec/lib/wpstools/plugins/list_generator/svn_parser_spec.rb b/spec/lib/wpstools/plugins/list_generator/svn_parser_spec.rb index 79d0ea42..5f5fe3f9 100644 --- a/spec/lib/wpstools/plugins/list_generator/svn_parser_spec.rb +++ b/spec/lib/wpstools/plugins/list_generator/svn_parser_spec.rb @@ -1,3 +1,5 @@ -require File.expand_path(File.dirname(__FILE__) + "/../../wpstools_helper") +# encoding: UTF-8 + +require File.expand_path(File.dirname(__FILE__) + '/../../wpstools_helper') # TODO diff --git a/spec/lib/wpstools/wpstools_helper.rb b/spec/lib/wpstools/wpstools_helper.rb index 842946ff..a908b1fc 100644 --- a/spec/lib/wpstools/wpstools_helper.rb +++ b/spec/lib/wpstools/wpstools_helper.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 5f8d5560..9c19a6be 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -20,7 +21,7 @@ # https://github.com/colszowka/simplecov # Code Coverage (only works with ruby >= 1.9) -if RUBY_VERSION >= "1.9" +if RUBY_VERSION >= '1.9' require 'simplecov' end @@ -29,11 +30,11 @@ require File.expand_path(File.dirname(__FILE__) + '/../lib/common_helper') gem 'webmock', '=1.8.11' require 'webmock/rspec' -SPEC_DIR = ROOT_DIR + '/spec' -SPEC_LIB_DIR = SPEC_DIR + '/lib' -SPEC_CACHE_DIR = SPEC_DIR + '/cache' -SPEC_FIXTURES_DIR = SPEC_DIR + '/samples' -SPEC_FIXTURES_CONF_DIR = SPEC_FIXTURES_DIR + '/conf' +SPEC_DIR = ROOT_DIR + '/spec' +SPEC_LIB_DIR = SPEC_DIR + '/lib' +SPEC_CACHE_DIR = SPEC_DIR + '/cache' +SPEC_FIXTURES_DIR = SPEC_DIR + '/samples' +SPEC_FIXTURES_CONF_DIR = SPEC_FIXTURES_DIR + '/conf' SPEC_FIXTURES_WP_VERSIONS_DIR = SPEC_FIXTURES_DIR + '/wp_versions' def count_files_in_dir(absolute_dir_path, files_pattern = '*') @@ -59,15 +60,20 @@ end def stub_request_to_fixture(arguments = {}) arguments[:method] ||= :get arguments[:status] ||= 200 - raise "No arguments[:url] supplied" if arguments[:url].nil? - raise "No arguments[:fixture] supplied" if arguments[:fixture].nil? + raise 'No arguments[:url] supplied' if arguments[:url].nil? + raise 'No arguments[:fixture] supplied' if arguments[:fixture].nil? stub_request(arguments[:method], arguments[:url].to_s). - to_return(:status => arguments[:status], :body => File.new(arguments[:fixture])) + to_return( + status: arguments[:status], + body: File.new(arguments[:fixture]) + ) end -# The object must be given as we will mock the Kernel#` or Kernel#system (Kernel is a module) -# system_method : +# The object must be given as we will mock the Kernel#` or +# Kernel#system (Kernel is a module) +# +# system_method : # :` for `` or %x # :system for system() def stub_system_command(object, command, return_value, system_method = :`) diff --git a/spec/wpscan_spec.rb b/spec/wpscan_spec.rb index 91ba8ca6..115a55bf 100644 --- a/spec/wpscan_spec.rb +++ b/spec/wpscan_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -18,11 +19,11 @@ require 'spec_helper' -describe "wpscan main checks" do +describe 'wpscan main checks' do - it "check for errors on running the mainscript" do + it 'check for errors on running the mainscript' do a = %x[ruby #{ROOT_DIR}/wpscan.rb] a.should =~ /\[ERROR\] No argument supplied/ end -end \ No newline at end of file +end diff --git a/spec/xml_checks_spec.rb b/spec/xml_checks_spec.rb index b5db794e..348ceabf 100644 --- a/spec/xml_checks_spec.rb +++ b/spec/xml_checks_spec.rb @@ -1,3 +1,4 @@ +# encoding: UTF-8 #-- # WPScan - WordPress Security Scanner # Copyright (C) 2012-2013 @@ -18,7 +19,7 @@ require 'spec_helper' -describe "XML checks" do +describe 'XML checks' do after :each do FileTest.exists?(@file).should be_true @@ -34,28 +35,28 @@ describe "XML checks" do errors.should === [] end - it "check plugin_vulns.xml for syntax errors" do + it 'check plugin_vulns.xml for syntax errors' do @file = PLUGINS_VULNS_FILE - @xsd = VULNS_XSD + @xsd = VULNS_XSD end - it "check theme_vulns.xml for syntax errors" do + it 'check theme_vulns.xml for syntax errors' do @file = THEMES_VULNS_FILE - @xsd = VULNS_XSD + @xsd = VULNS_XSD end - it "check wp_versions.xml for syntax errors" do + it 'check wp_versions.xml for syntax errors' do @file = WP_VERSIONS_FILE - @xsd = WP_VERSIONS_XSD + @xsd = WP_VERSIONS_XSD end - it "check wp_vulns.xml for syntax errors" do + it 'check wp_vulns.xml for syntax errors' do @file = WP_VULNS_FILE - @xsd = VULNS_XSD + @xsd = VULNS_XSD end - it "check local_vulnerable_files.xml for syntax errors" do + it 'check local_vulnerable_files.xml for syntax errors' do @file = LOCAL_FILES_FILE - @xsd = LOCAL_FILES_XSD + @xsd = LOCAL_FILES_XSD end -end \ No newline at end of file +end