garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

spec/ rubocopied

Browse Source
This commit is contained in:
erwanlr
2013-01-24 22:00:17 +01:00
parent 3094d31633
commit b919c12d2f
39 changed files with 1789 additions and 1675 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
spec/lib/wpscan/modules/brute_force_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,56 +17,56 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "BruteForce" do
shared_examples_for 'BruteForce' do
before :each do
@module = WpScanModuleSpec.new("http://example.localhost")
@module = WpScanModuleSpec.new('http://example.localhost')
@target_url = @module.uri.to_s
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/bruteforce"
@wordlist = @fixtures_dir + "/wordlist.txt"
@username = "admin"
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/bruteforce'
@wordlist = @fixtures_dir + '/wordlist.txt'
@username = 'admin'
@module.extend(BruteForce)
Browser.instance.max_threads = 1
end
describe "#lines_in_file" do
it "should return 6" do
describe '#lines_in_file' do
it 'should return 6' do
lines = BruteForce.lines_in_file(@wordlist)
lines.should == 6
end
end
describe "#brute_force" do
describe '#brute_force' do
before :each do
end
it "should get the correct password" do
it 'should get the correct password' do
passwords = []
File.open(@wordlist, "r").each do |password|
File.open(@wordlist, 'r').each do |password|
# ignore comments
passwords << password.strip unless password.strip[0,1] == "#"
passwords << password.strip unless password.strip[0, 1] == '#'
end
# Last status must be 302 to get full code coverage
passwords.each do ||
passwords.each do |_|
stub_request(:any, @module.login_url).to_return(
{ :status => 200, :body => "login_error" },
{ :status => 0, :body => "no reponse" },
{ :status => 50, :body => "server error" },
{ :status => 999, :body => "invalid" },
{ :status => 302, :body => "FOUND!" }
{ status: 200, body: 'login_error' },
{ status: 0, body: 'no reponse' },
{ status: 50, body: 'server error' },
{ status: 999, body: 'invalid' },
{ status: 302, body: 'FOUND!' }
)
end
user = WpUser.new("admin", 1, nil)
user = WpUser.new('admin', 1, nil)
result = @module.brute_force([user], @wordlist)
result.length.should == 1
result.should === [{ :name => "admin", :password => "root" }]
result.should === [{ name: 'admin', password: 'root' }]
end
it "should cover the timeout branch and return an empty array" do
it 'should cover the timeout branch and return an empty array' do
stub_request(:any, @module.login_url).to_timeout
user = WpUser.new("admin", 1, nil)
user = WpUser.new('admin', 1, nil)
result = @module.brute_force([user], @wordlist)
result.should == []
end

35
spec/lib/wpscan/modules/malwares_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,7 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "Malwares" do
shared_examples_for 'Malwares' do
before :each do
@module = WpScanModuleSpec.new('http://example.localhost')
@@ -27,16 +28,16 @@ shared_examples_for "Malwares" do
@module.extend(Malwares)
end
describe "#malwares_file" do
describe '#malwares_file' do
it "should return #{SPEC_FIXTURES_WPSCAN_MODULES_DIR}/wp_malwares.txt" do
Malwares.malwares_file(@malwares_file_path).should === @malwares_file_path
end
end
describe "#malwares & #has_malwares" do
describe '#malwares & #has_malwares' do
after :each do
if @fixture
stub_request_to_fixture(:url => @target_url, :fixture => File.new(@fixture))
stub_request_to_fixture(url: @target_url, fixture: File.new(@fixture))
end
malwares = @module.malwares(@malwares_file_path)
@@ -44,30 +45,30 @@ shared_examples_for "Malwares" do
malwares.sort.should === @expected_malwares.sort
@module.has_malwares?.should === (@expected_malwares.empty? ? false : true)
end
it "should return an empty array on a 404" do
stub_request(:get, @target_url).to_return(:status => 404)
it 'should return an empty array on a 404' do
stub_request(:get, @target_url).to_return(status: 404)
@expected_malwares = []
end
it "should return an array empty array if no infection found" do
@fixture = @fixtures_dir + "/clean.html"
it 'should return an array empty array if no infection found' do
@fixture = @fixtures_dir + '/clean.html'
@expected_malwares = []
end
it "should return an array with 1 malware url (.rr.nu check)" do
@fixture = @fixtures_dir + "/single-infection.html"
@expected_malwares = ["http://irstde24clined.rr.nu/mm.php?d=1"]
it 'should return an array with 1 malware url (.rr.nu check)' do
@fixture = @fixtures_dir + '/single-infection.html'
@expected_malwares = ['http://irstde24clined.rr.nu/mm.php?d=1']
end
it "should return an array with 1 malware url (iframe check)" do
@fixture = @fixtures_dir + "/single-iframe-infection.html"
@expected_malwares = ["http://www.thesea.org/media.php"]
it 'should return an array with 1 malware url (iframe check)' do
@fixture = @fixtures_dir + '/single-iframe-infection.html'
@expected_malwares = ['http://www.thesea.org/media.php']
end
it "should return an array with 3 malwares url" do
@fixture = @fixtures_dir + "/multiple-infections.html"
@expected_malwares = ["http://irstde24clined.rr.nu/mm.php?d=1", "http://atio79srem.rr.nu/pmg.php?dr=1", "http://www.thesea.org/media.php"]
it 'should return an array with 3 malwares url' do
@fixture = @fixtures_dir + '/multiple-infections.html'
@expected_malwares = ['http://irstde24clined.rr.nu/mm.php?d=1', 'http://atio79srem.rr.nu/pmg.php?dr=1', 'http://www.thesea.org/media.php']
end
end

129
spec/lib/wpscan/modules/web_site_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,165 +17,165 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "WebSite" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/web_site" }
subject(:web_site) { WpScanModuleSpec.new("http://example.localhost/").extend(WebSite) }
shared_examples_for 'WebSite' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/web_site' }
subject(:web_site) { WpScanModuleSpec.new('http://example.localhost/').extend(WebSite) }
describe "#online?" do
it "should not be considered online if the status code is 0" do
stub_request(:get, web_site.url).to_return(:status => 0)
describe '#online?' do
it 'should not be considered online if the status code is 0' do
stub_request(:get, web_site.url).to_return(status: 0)
web_site.should_not be_online
end
it "should be considered online if the status code is != 0" do
stub_request(:get, web_site.url).to_return(:status => 200)
it 'should be considered online if the status code is != 0' do
stub_request(:get, web_site.url).to_return(status: 200)
web_site.should be_online
end
end
describe "#has_basic_auth?" do
it "should detect that the wpsite is basic auth protected" do
stub_request(:get, web_site.url).to_return(:status => 401)
describe '#has_basic_auth?' do
it 'should detect that the wpsite is basic auth protected' do
stub_request(:get, web_site.url).to_return(status: 401)
web_site.should have_basic_auth
end
it "should not have a basic auth for a 200" do
stub_request(:get, web_site.url).to_return(:status => 200)
it 'should not have a basic auth for a 200' do
stub_request(:get, web_site.url).to_return(status: 200)
web_site.should_not have_basic_auth
end
end
describe "#xml_rpc_url" do
it "should return the correct url : http://example.localhost/xmlrpc.php" do
xmlrpc = "http://example.localhost/xmlrpc.php"
describe '#xml_rpc_url' do
it 'should return the correct url : http://example.localhost/xmlrpc.php' do
xmlrpc = 'http://example.localhost/xmlrpc.php'
stub_request(:get, web_site.url).
to_return(:status => 200, :body => "", :headers => { "X-Pingback" => xmlrpc})
to_return(status: 200, body: '', headers: { 'X-Pingback' => xmlrpc})
web_site.xml_rpc_url.should === xmlrpc
end
it "should return nil" do
stub_request(:get, web_site.url).to_return(:status => 200)
it 'should return nil' do
stub_request(:get, web_site.url).to_return(status: 200)
web_site.xml_rpc_url.should be_nil
end
end
describe "#has_xml_rpc?" do
it "should return true" do
describe '#has_xml_rpc?' do
it 'should return true' do
stub_request(:get, web_site.url).
to_return(:status => 200, :body => "", :headers => { "X-Pingback" => "xmlrpc"})
to_return(status: 200, body: '', headers: { 'X-Pingback' => 'xmlrpc'})
web_site.should have_xml_rpc
end
it "should return false" do
stub_request(:get, web_site.url).to_return(:status => 200)
it 'should return false' do
stub_request(:get, web_site.url).to_return(status: 200)
web_site.should_not have_xml_rpc
end
end
describe "#wordpress?" do
describe '#wordpress?' do
# each url (wp-login and xmlrpc) pointed to a 404
before :each do
stub_request(:get, web_site.url).
to_return(:status => 200, :body => "", :headers => { "X-Pingback" => web_site.uri.merge("xmlrpc.php")})
to_return(status: 200, body: '', headers: { 'X-Pingback' => web_site.uri.merge('xmlrpc.php')})
[web_site.login_url, web_site.xml_rpc_url].each do |url|
stub_request(:get, url).to_return(:status => 404, :body => "")
stub_request(:get, url).to_return(status: 404, body: '')
end
end
it "should return false if both files are not found (404)" do
it 'should return false if both files are not found (404)' do
web_site.should_not be_wordpress
end
it "should return true if the wp-login is found and is a valid wordpress one" do
it 'should return true if the wp-login is found and is a valid wordpress one' do
stub_request(:get, web_site.login_url).
to_return(:status => 200, :body => File.new(fixtures_dir + "/wp-login.php"))
to_return(status: 200, body: File.new(fixtures_dir + '/wp-login.php'))
web_site.should be_wordpress
end
it "should return true if the xmlrpc is found" do
it 'should return true if the xmlrpc is found' do
stub_request(:get, web_site.xml_rpc_url).
to_return(:status => 200, :body => File.new(fixtures_dir + "/xmlrpc.php"))
to_return(status: 200, body: File.new(fixtures_dir + '/xmlrpc.php'))
web_site.should be_wordpress
end
end
describe "#redirection" do
it "should return nil if no redirection detected" do
stub_request(:get, web_site.url).to_return(:status => 200, :body => "")
describe '#redirection' do
it 'should return nil if no redirection detected' do
stub_request(:get, web_site.url).to_return(status: 200, body: '')
web_site.redirection.should be_nil
end
[301, 302].each do |status_code|
it "should return http://new-location.com if the status code is #{status_code}" do
new_location = "http://new-location.com"
new_location = 'http://new-location.com'
stub_request(:get, web_site.url).
to_return(:status => status_code, :headers => { :location => new_location })
to_return(status: status_code, headers: { location: new_location })
stub_request(:get, new_location).to_return(:status => 200)
stub_request(:get, new_location).to_return(status: 200)
web_site.redirection.should === "http://new-location.com"
web_site.redirection.should === 'http://new-location.com'
end
end
context "when multiple redirections" do
it "should return the last redirection" do
first_redirection = "www.redirection.com"
last_redirection = "redirection.com"
context 'when multiple redirections' do
it 'should return the last redirection' do
first_redirection = 'www.redirection.com'
last_redirection = 'redirection.com'
stub_request(:get, web_site.url).to_return(:status => 301, :headers => { :location => first_redirection })
stub_request(:get, first_redirection).to_return(:status => 302, :headers => { :location => last_redirection })
stub_request(:get, last_redirection).to_return(:status => 200)
stub_request(:get, web_site.url).to_return(status: 301, headers: { location: first_redirection })
stub_request(:get, first_redirection).to_return(status: 302, headers: { location: last_redirection })
stub_request(:get, last_redirection).to_return(status: 200)
web_site.redirection.should === last_redirection
end
end
end
describe "#page_hash" do
it "should return the MD5 hash of the page" do
url = "http://e.localhost/somepage.php"
body = "Hello World !"
describe '#page_hash' do
it 'should return the MD5 hash of the page' do
url = 'http://e.localhost/somepage.php'
body = 'Hello World !'
stub_request(:get, url).to_return(:body => body)
stub_request(:get, url).to_return(body: body)
WebSite.page_hash(url).should === Digest::MD5.hexdigest(body)
end
end
describe "#homepage_hash" do
it "should return the MD5 hash of the homepage" do
body = "Hello World"
describe '#homepage_hash' do
it 'should return the MD5 hash of the homepage' do
body = 'Hello World'
stub_request(:get, web_site.url).to_return(:body => body)
stub_request(:get, web_site.url).to_return(body: body)
web_site.homepage_hash.should === Digest::MD5.hexdigest(body)
end
end
describe "#error_404_hash" do
it "should return the md5sum of the 404 page" do
describe '#error_404_hash' do
it 'should return the md5sum of the 404 page' do
stub_request(:any, /.*/).
to_return(:status => 404, :body => "404 page !")
to_return(status: 404, body: '404 page !')
web_site.error_404_hash.should === Digest::MD5.hexdigest("404 page !")
web_site.error_404_hash.should === Digest::MD5.hexdigest('404 page !')
end
end
describe "#rss_url" do
it "should return nil if the url is not found" do
stub_request(:get, web_site.url).to_return(:body => "No RSS link in this body !")
describe '#rss_url' do
it 'should return nil if the url is not found' do
stub_request(:get, web_site.url).to_return(body: 'No RSS link in this body !')
web_site.rss_url.should be_nil
end
it "should return 'http://lamp-wp/wordpress-3.5/?feed=rss2'" do
stub_request_to_fixture(:url => web_site.url, :fixture => fixtures_dir + "/rss_url/wordpress-3.5.htm")
web_site.rss_url.should === "http://lamp-wp/wordpress-3.5/?feed=rss2"
stub_request_to_fixture(url: web_site.url, fixture: fixtures_dir + '/rss_url/wordpress-3.5.htm')
web_site.rss_url.should === 'http://lamp-wp/wordpress-3.5/?feed=rss2'
end
end
end

21
spec/lib/wpscan/modules/wp_config_backup_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,7 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "WpConfigBackup" do
shared_examples_for 'WpConfigBackup' do
before :all do
@module = WpScanModuleSpec.new('http://example.localhost')
@@ -26,7 +27,7 @@ shared_examples_for "WpConfigBackup" do
@module.extend(WpConfigBackup)
end
describe "#config_backup" do
describe '#config_backup' do
# set all @config_backup_files to point to a 404
before :each do
@@ -34,15 +35,15 @@ shared_examples_for "WpConfigBackup" do
file_url = @module.uri.merge(URI.escape(backup_file)).to_s
stub_request(:get, file_url).
to_return(:status => 404, :body => "")
to_return(status: 404, body: '')
end
end
it "shoud return an empty array if no config backup is present" do
it 'shoud return an empty array if no config backup is present' do
@module.config_backup.should be_empty
end
it "should return an array with 1 backup file" do
it 'should return an array with 1 backup file' do
expected = []
@config_backup_files.sample(1).each do |backup_file|
@@ -50,7 +51,7 @@ shared_examples_for "WpConfigBackup" do
expected << file_url
stub_request(:get, file_url).
to_return(:status => 200, :body => File.new(@fixtures_dir + '/wp-config.php'))
to_return(status: 200, body: File.new(@fixtures_dir + '/wp-config.php'))
end
wp_config_backup = @module.config_backup
@@ -59,7 +60,7 @@ shared_examples_for "WpConfigBackup" do
end
# Is there a way to factorise that one with the previous test ?
it "should return an array with 2 backup file" do
it 'should return an array with 2 backup file' do
expected = []
@config_backup_files.sample(2).each do |backup_file|
@@ -67,7 +68,7 @@ shared_examples_for "WpConfigBackup" do
expected << file_url
stub_request(:get, file_url).
to_return(:status => 200, :body => File.new(@fixtures_dir + '/wp-config.php'))
to_return(status: 200, body: File.new(@fixtures_dir + '/wp-config.php'))
end
wp_config_backup = @module.config_backup
@@ -76,8 +77,8 @@ shared_examples_for "WpConfigBackup" do
end
end
describe "#config_backup_files" do
it "should not contain duplicates" do
describe '#config_backup_files' do
it 'should not contain duplicates' do
WpConfigBackup.config_backup_files.flatten.uniq.length.should == WpConfigBackup.config_backup_files.length
end
end

23
spec/lib/wpscan/modules/wp_full_path_disclosure_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,7 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "WpFullPathDisclosure" do
shared_examples_for 'WpFullPathDisclosure' do
before :all do
@module = WpScanModuleSpec.new('http://example.localhost')
@@ -25,31 +26,31 @@ shared_examples_for "WpFullPathDisclosure" do
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_full_path_disclosure'
end
describe "#full_path_disclosure_url" do
it "should return http://example.localhost/wp-includes/rss-functions.php" do
@module.full_path_disclosure_url.should === "http://example.localhost/wp-includes/rss-functions.php"
describe '#full_path_disclosure_url' do
it 'should return http://example.localhost/wp-includes/rss-functions.php' do
@module.full_path_disclosure_url.should === 'http://example.localhost/wp-includes/rss-functions.php'
end
end
describe "#has_full_path_disclosure?" do
describe '#has_full_path_disclosure?' do
it "should return false on a 404" do
it 'should return false on a 404' do
stub_request(:get, @module.full_path_disclosure_url).
to_return(:status => 404)
to_return(status: 404)
@module.has_full_path_disclosure?.should be_false
end
it "should return false if no fpd found (blank page for example)" do
it 'should return false if no fpd found (blank page for example)' do
stub_request(:get, @module.full_path_disclosure_url).
to_return(:status => 200, :body => "")
to_return(status: 200, body: '')
@module.has_full_path_disclosure?.should be_false
end
it "should return true" do
it 'should return true' do
stub_request(:get, @module.full_path_disclosure_url).
to_return(:status => 200, :body => File.new(@fixtures_dir + '/rss-functions-disclosure.php'))
to_return(status: 200, body: File.new(@fixtures_dir + '/rss-functions-disclosure.php'))
@module.has_full_path_disclosure?.should be_true
end

55
spec/lib/wpscan/modules/wp_login_protection_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,7 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "WpLoginProtection" do
shared_examples_for 'WpLoginProtection' do
before :each do
@module = WpScanModuleSpec.new('http://example.localhost')
@@ -25,15 +26,15 @@ shared_examples_for "WpLoginProtection" do
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_login_protection'
end
describe "#login_url" do
it "should return the login page url : http://example.localhost/wp-login.php" do
@module.login_url.should === "http://example.localhost/wp-login.php"
describe '#login_url' do
it 'should return the login page url : http://example.localhost/wp-login.php' do
@module.login_url.should === 'http://example.localhost/wp-login.php'
end
end
# It will test all protected methods has_.*_protection with each fixtures to be sure that
# there is not false positive : for example the login-lock must not be detected as login-lockdown
describe "#has_.*_protection?" do
describe '#has_.*_protection?' do
pattern = WpLoginProtection::LOGIN_PROTECTION_METHOD_PATTERN
fixtures =
@@ -47,7 +48,7 @@ shared_examples_for "WpLoginProtection" do
special_plugins = %w{better_wp_security simple_login_lockdown login_security_solution limit_login_attempts bluetrait_event_viewer}
after :each do
stub_request_to_fixture(:url => @module.login_url, :fixture => @fixture)
stub_request_to_fixture(url: @module.login_url, fixture: @fixture)
# Stub all special plugins urls to a 404 except if it's the one we want
special_plugins.each do |special_plugin|
@@ -55,7 +56,7 @@ shared_examples_for "WpLoginProtection" do
special_plugin_call_url_symbol = :"#{special_plugin}_url"
status_code = (@symbol_to_call === special_plugin_call_detection_symbol and @expected === true) ? 200 : 404
stub_request(:get, @module.send(special_plugin_call_url_symbol).to_s).to_return(:status => status_code)
stub_request(:get, @module.send(special_plugin_call_url_symbol).to_s).to_return(status: status_code)
end
@module.send(@symbol_to_call).should === @expected
@@ -79,39 +80,41 @@ shared_examples_for "WpLoginProtection" do
end
# Factorise this with the code above ? :D
describe "#login_protection_plugin" do
describe '#login_protection_plugin' do
after :each do
stub_request_to_fixture(:url => @module.login_url, :fixture => @fixture)
stub_request(:get, @module.send(:better_wp_security_url).to_s).to_return(:status => 404)
stub_request(:get, @module.send(:simple_login_lockdown_url).to_s).to_return(:status => 404)
stub_request(:get, @module.send(:login_security_solution_url).to_s).to_return(:status => 404)
stub_request(:get, @module.send(:limit_login_attempts_url).to_s).to_return(:status => 404)
stub_request(:get, @module.send(:bluetrait_event_viewer_url).to_s).to_return(:status => 404)
stub_request_to_fixture(url: @module.login_url, fixture: @fixture)
stub_request(:get, @module.send(:better_wp_security_url).to_s).to_return(status: 404)
stub_request(:get, @module.send(:simple_login_lockdown_url).to_s).to_return(status: 404)
stub_request(:get, @module.send(:login_security_solution_url).to_s).to_return(status: 404)
stub_request(:get, @module.send(:limit_login_attempts_url).to_s).to_return(status: 404)
stub_request(:get, @module.send(:bluetrait_event_viewer_url).to_s).to_return(status: 404)
@module.login_protection_plugin().should === @plugin_expected
@module.has_login_protection?.should === @has_protection_expected
end
it "should return nil if no protection is present" do
@fixture = @fixtures_dir + "/wp-login-clean.php"
it 'should return nil if no protection is present' do
@fixture = @fixtures_dir + '/wp-login-clean.php'
@plugin_expected = nil
@has_protection_expected = false
end
it "should return a login-lockdown WpPlugin object" do
@fixture = @fixtures_dir + "/wp-login-login_lockdown.php"
@plugin_expected = WpPlugin.new(:base_url => @module.url,
:path => "/plugins/login-lockdown/",
:name => "login-lockdown"
it 'should return a login-lockdown WpPlugin object' do
@fixture = @fixtures_dir + '/wp-login-login_lockdown.php'
@plugin_expected = WpPlugin.new(
base_url: @module.url,
path: '/plugins/login-lockdown/',
name: 'login-lockdown'
)
@has_protection_expected = true
end
it "should return a login-lock WpPlugin object" do
@fixture = @fixtures_dir + "/wp-login-login_lock.php"
@plugin_expected = WpPlugin.new(:base_url => @module.url,
:path => "/plugins/login-lock/",
:name => "login-lock"
it 'should return a login-lock WpPlugin object' do
@fixture = @fixtures_dir + '/wp-login-login_lock.php'
@plugin_expected = WpPlugin.new(
base_url: @module.url,
path: '/plugins/login-lock/',
name: 'login-lock'
)
@has_protection_expected = true
end

139
spec/lib/wpscan/modules/wp_plugins_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,96 +17,96 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "WpPlugins" do
shared_examples_for 'WpPlugins' do
before :all do
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_plugins'
@plugins_file = @fixtures_dir + "/plugins.txt"
@plugin_vulns_file = @fixtures_dir + "/plugin_vulns.xml"
@plugins_file = @fixtures_dir + '/plugins.txt'
@plugin_vulns_file = @fixtures_dir + '/plugin_vulns.xml'
@wp_url = "http://example.localhost/"
@wp_url = 'http://example.localhost/'
end
before :each do
@module = WpScanModuleSpec.new(@wp_url)
@module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
@module.homepage_hash = Digest::MD5.hexdigest("Homepage!")
@module.error_404_hash = Digest::MD5.hexdigest('Error 404!')
@module.homepage_hash = Digest::MD5.hexdigest('Homepage!')
@module.extend(WpPlugins)
@options = {
:base_url => @wp_url,
:only_vulnerable_ones => false,
:show_progression => false,
:error_404_hash => @module.error_404_hash,
:homepage_hash => @module.homepage_hash,
:vulns_file => @plugin_vulns_file,
:file => @plugins_file,
:type => "plugins",
:wp_content_dir => "wp-content",
:vulns_xpath_2 => "//plugin"
base_url: @wp_url,
only_vulnerable_ones: false,
show_progression: false,
error_404_hash: @module.error_404_hash,
homepage_hash: @module.homepage_hash,
vulns_file: @plugin_vulns_file,
file: @plugins_file,
type: 'plugins',
wp_content_dir: 'wp-content',
vulns_xpath_2: '//plugin'
}
File.exist?(@plugin_vulns_file).should == true
File.exist?(@plugins_file).should == true
# These targets are listed in @fixtures_dir + "/plugins.txt"
# These targets are listed in @fixtures_dir + '/plugins.txt'
# TODO : load them directly from the fixture file
@targets = [
WpPlugin.new(
{
:base_url => "http://example.localhost/",
:path => "exclude-pages/exclude_pages.php",
:wp_content_dir => "wp-content",
:name => "exclude-pages"
base_url: 'http://example.localhost/',
path: 'exclude-pages/exclude_pages.php',
wp_content_dir: 'wp-content',
name: 'exclude-pages'
}),
WpPlugin.new(
{
:base_url => "http://example.localhost/",
:path => "display-widgets/display-widgets.php",
:wp_content_dir => "wp-content",
:name => "display-widgets"
base_url: 'http://example.localhost/',
path: 'display-widgets/display-widgets.php',
wp_content_dir: 'wp-content',
name: 'display-widgets'
}),
WpPlugin.new(
{
:base_url => "http://example.localhost/",
:path => "media-library",
:wp_content_dir => "wp-content",
:name => "media-library"
base_url: 'http://example.localhost/',
path: 'media-library',
wp_content_dir: 'wp-content',
name: 'media-library'
}),
WpPlugin.new(
{
:base_url => "http://example.localhost/",
:path => "deans",
:wp_content_dir => "wp-content",
:name => "deans"
base_url: 'http://example.localhost/',
path: 'deans',
wp_content_dir: 'wp-content',
name: 'deans'
}),
WpPlugin.new(
{
:base_url => "http://example.localhost/",
:path => "formidable/formidable.php",
:wp_content_dir => "wp-content",
:name => "formidable"
base_url: 'http://example.localhost/',
path: 'formidable/formidable.php',
wp_content_dir: 'wp-content',
name: 'formidable'
}),
WpPlugin.new(
{
:base_url => "http://example.localhost/",
:path => "regenerate-thumbnails/readme.txt",
:wp_content_dir => "wp-content",
:name => "regenerate-thumbnails"
base_url: 'http://example.localhost/',
path: 'regenerate-thumbnails/readme.txt',
wp_content_dir: 'wp-content',
name: 'regenerate-thumbnails'
})
]
end
describe "#plugins_from_passive_detection" do
describe '#plugins_from_passive_detection' do
let(:passive_detection_fixtures) { @fixtures_dir + '/passive_detection' }
it "should return an empty array" do
stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_plugins.htm'))
plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
it 'should return an empty array' do
stub_request_to_fixture(url: @module.url, fixture: File.new(passive_detection_fixtures + '/no_plugins.htm'))
plugins = @module.plugins_from_passive_detection(base_url: @module.url, wp_content_dir: 'wp-content')
plugins.should be_empty
end
it "should return the expected plugins" do
stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/various_plugins.htm'))
it 'should return the expected plugins' do
stub_request_to_fixture(url: @module.url, fixture: File.new(passive_detection_fixtures + '/various_plugins.htm'))
expected_plugin_names = %w{
wp-minify
@@ -119,55 +120,55 @@ shared_examples_for "WpPlugins" do
expected_plugins = []
expected_plugin_names.each do |plugin_name|
expected_plugins << WpPlugin.new(
:base_url => @module.url,
:path => "/plugins/#{plugin_name}/",
:name => plugin_name
base_url: @module.url,
path: "/plugins/#{plugin_name}/",
name: plugin_name
)
end
plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
plugins = @module.plugins_from_passive_detection(base_url: @module.url, wp_content_dir: 'wp-content')
plugins.should_not be_empty
plugins.length.should == expected_plugins.length
plugins.sort.should == expected_plugins.sort
end
end
describe "#plugins_from_aggressive_detection" do
describe '#plugins_from_aggressive_detection' do
before :each do
stub_request(:get, @module.uri.to_s).to_return(:status => 200)
stub_request(:get, @module.uri.to_s).to_return(status: 200)
# Point all targets to a 404
@targets.each do |target|
stub_request(:get, target.get_full_url.to_s).to_return(:status => 404)
stub_request(:get, target.get_full_url.to_s).to_return(status: 404)
# to_s calls readme_url
stub_request(:get, target.readme_url.to_s).to_return(:status => 404)
stub_request(:get, target.readme_url.to_s).to_return(status: 404)
end
end
after :each do
@passive_detection_fixture = SPEC_FIXTURES_DIR + "/empty-file" unless @passive_detection_fixture
stub_request_to_fixture(:url => "#{@module.uri}/".sub(/\/\/$/, "/"), :fixture => @passive_detection_fixture)
@passive_detection_fixture = SPEC_FIXTURES_DIR + '/empty-file' unless @passive_detection_fixture
stub_request_to_fixture(url: "#{@module.uri}/".sub(/\/\/$/, '/'), fixture: @passive_detection_fixture)
detected = @module.plugins_from_aggressive_detection(@options)
detected.length.should == @expected_plugins.length
detected.sort.should == @expected_plugins.sort
end
it "should return an empty array" do
it 'should return an empty array' do
@expected_plugins = []
end
it "should return an array with 3 WpPlugin (1 detected from passive method)" do
@passive_detection_fixture = @fixtures_dir + "/passive_detection/one_plugin.htm"
it 'should return an array with 3 WpPlugin (1 detected from passive method)' do
@passive_detection_fixture = @fixtures_dir + '/passive_detection/one_plugin.htm'
@expected_plugins = @targets.sample(2)
@expected_plugins.each do |p|
stub_request(:get, p.get_full_url.to_s).to_return(:status => 200)
stub_request(:get, p.get_full_url.to_s).to_return(status: 200)
end
new_plugin = WpPlugin.new(
:base_url => "http://example.localhost/",
:path => "/plugins/comment-info-tip/",
:name => "comment-info-tip"
base_url: 'http://example.localhost/',
path: '/plugins/comment-info-tip/',
name: 'comment-info-tip'
)
stub_request(:get, new_plugin.readme_url.to_s).to_return(:status => 200)
stub_request(:get, new_plugin.readme_url.to_s).to_return(status: 200)
@expected_plugins << new_plugin
end
@@ -179,15 +180,15 @@ shared_examples_for "WpPlugins" do
plugin_url.should_not be_nil
plugin_url.length.should == 1
@expected_plugins = plugin_url
stub_request(:get, plugin_url[0].get_full_url.to_s).to_return(:status => valid_response_code)
stub_request(:get, plugin_url[0].get_full_url.to_s).to_return(status: valid_response_code)
end
end
it "should not detect the plugin if there is a redirection to the homepage" do
it 'should not detect the plugin if there is a redirection to the homepage' do
# Let's pick up 2 plugins (The first one will redirect to the homepage)
plugins = @targets.sample(2)
stub_request(:get, plugins[0].get_full_url.to_s).to_return(:status => 200, :body => "Homepage!")
stub_request(:get, plugins[1].get_full_url.to_s).to_return(:status => 200)
stub_request(:get, plugins[0].get_full_url.to_s).to_return(status: 200, body: 'Homepage!')
stub_request(:get, plugins[1].get_full_url.to_s).to_return(status: 200)
@expected_plugins = [plugins[1]]
end

21
spec/lib/wpscan/modules/wp_readme_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,7 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "WpReadme" do
shared_examples_for 'WpReadme' do
before :all do
@module = WpScanModuleSpec.new('http://example.localhost')
@@ -25,32 +26,32 @@ shared_examples_for "WpReadme" do
@module.extend(WpReadme)
end
describe "#readme_url" do
it "should return http://example.localhost/readme.html" do
describe '#readme_url' do
it 'should return http://example.localhost/readme.html' do
@module.readme_url.should === "#{@module.uri}/readme.html"
end
end
describe "#has_readme?" do
describe '#has_readme?' do
it "should return false on a 404" do
it 'should return false on a 404' do
stub_request(:get, @module.readme_url).
to_return(:status => 404)
to_return(status: 404)
@module.has_readme?.should be_false
end
it "should return true if it exists" do
it 'should return true if it exists' do
stub_request(:get, @module.readme_url).
to_return(:status => 200, :body => File.new(@fixtures_dir + '/readme-3.2.1.html'))
to_return(status: 200, body: File.new(@fixtures_dir + '/readme-3.2.1.html'))
@module.has_readme?.should be_true
end
# http://code.google.com/p/wpscan/issues/detail?id=108
it "should return true even if the readme.html is not in english" do
it 'should return true even if the readme.html is not in english' do
stub_request(:get, @module.readme_url).
to_return(:status => 200, :body => File.new(@fixtures_dir + '/readme-3.3.2-fr.html'))
to_return(status: 200, body: File.new(@fixtures_dir + '/readme-3.3.2-fr.html'))
@module.has_readme?.should be_true
end

215
spec/lib/wpscan/modules/wp_themes_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,149 +17,181 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "WpThemes" do
shared_examples_for 'WpThemes' do
before :all do
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_themes'
@themes_file = @fixtures_dir + "/themes.txt"
@theme_vulns_file = @fixtures_dir + "/theme_vulns.xml"
@themes_file = @fixtures_dir + '/themes.txt'
@theme_vulns_file = @fixtures_dir + '/theme_vulns.xml'
@wp_url = "http://example.localhost/"
@wp_url = 'http://example.localhost/'
end
before :each do
@module = WpScanModuleSpec.new(@wp_url)
@module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
@module.error_404_hash = Digest::MD5.hexdigest('Error 404!')
@module.extend(WpThemes)
@options = {
:base_url => @wp_url,
:only_vulnerable_ones => false,
:show_progression => false,
:error_404_hash => Digest::MD5.hexdigest("Error 404!"),
:vulns_file => @theme_vulns_file,
:file => @themes_file,
:type => "themes",
:wp_content_dir => "wp-content",
:vulns_xpath_2 => "//theme"
base_url: @wp_url,
only_vulnerable_ones: false,
show_progression: false,
error_404_hash: Digest::MD5.hexdigest('Error 404!'),
vulns_file: @theme_vulns_file,
file: @themes_file,
type: 'themes',
wp_content_dir: 'wp-content',
vulns_xpath_2: '//theme'
}
File.exist?(@theme_vulns_file).should == true
File.exist?(@themes_file).should == true
@targets = [WpTheme.new({:base_url => "http://example.localhost/",
:path => "zenpro/404.php",
:wp_content_dir => "wp-content",
:name => "zenpro"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zeta-zip/404.php",
:wp_content_dir => "wp-content",
:name => "zeta-zip"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zfirst/404.php",
:wp_content_dir => "wp-content",
:name => "zfirst"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zgrey/404.php",
:wp_content_dir => "wp-content",
:name => "zgrey"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zindi-ii/404.php",
:wp_content_dir => "wp-content",
:name => "zindi-ii"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zindi/404.php",
:wp_content_dir => "wp-content",
:name => "zindi"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zombie-apocalypse/404.php",
:wp_content_dir => "wp-content",
:name => "zombie-apocalypse"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zsofa/404.php",
:wp_content_dir => "wp-content",
:name => "zsofa"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zwei-seiten/404.php",
:wp_content_dir => "wp-content",
:name => "zwei-seiten"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "twentyten/404.php",
:wp_content_dir => "wp-content",
:name => "twentyten"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "shopperpress",
:wp_content_dir => "wp-content",
:name => "shopperpress"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "wise",
:wp_content_dir => "wp-content",
:name => "wise"}),
WpTheme.new({:base_url => "http://example.localhost/",
:path => "webfolio",
:wp_content_dir => "wp-content",
:name => "webfolio"})]
@targets = [
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'zenpro/404.php',
wp_content_dir: 'wp-content',
name: 'zenpro'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'zeta-zip/404.php',
wp_content_dir: 'wp-content',
name: 'zeta-zip'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'zfirst/404.php',
wp_content_dir: 'wp-content',
name: 'zfirst'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'zgrey/404.php',
wp_content_dir: 'wp-content',
name: 'zgrey'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'zindi-ii/404.php',
wp_content_dir: 'wp-content',
name: 'zindi-ii'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'zindi/404.php',
wp_content_dir: 'wp-content',
name: 'zindi'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'zombie-apocalypse/404.php',
wp_content_dir: 'wp-content',
name: 'zombie-apocalypse'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'zsofa/404.php',
wp_content_dir: 'wp-content',
name: 'zsofa'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'zwei-seiten/404.php',
wp_content_dir: 'wp-content',
name: 'zwei-seiten'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'twentyten/404.php',
wp_content_dir: 'wp-content',
name: 'twentyten'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'shopperpress',
wp_content_dir: 'wp-content',
name: 'shopperpress'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'wise',
wp_content_dir: 'wp-content',
name: 'wise'
}),
WpTheme.new({
base_url: 'http://example.localhost/',
path: 'webfolio',
wp_content_dir: 'wp-content',
name: 'webfolio'
})
]
end
describe "#themes_from_passive_detection" do
describe '#themes_from_passive_detection' do
let(:passive_detection_fixtures) { @fixtures_dir + '/passive_detection' }
it "should return an empty array" do
stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_theme.htm'))
themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
it 'should return an empty array' do
stub_request_to_fixture(url: @module.url, fixture: File.new(passive_detection_fixtures + '/no_theme.htm'))
themes = @module.themes_from_passive_detection(base_url: @module.url, wp_content_dir: 'wp-content')
themes.should be_empty
end
it "should return the expected themes" do
stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/various_themes.htm'))
it 'should return the expected themes' do
stub_request_to_fixture(url: @module.url, fixture: File.new(passive_detection_fixtures + '/various_themes.htm'))
expected_theme_names = %w{ theme1 theme2 theme3 }
expected_themes = []
expected_theme_names.each do |theme_name|
expected_themes << WpTheme.new(:base_url => @module.url,
:path => "/themes/#{theme_name}/",
:name => theme_name)
expected_themes << WpTheme.new(
base_url: @module.url,
path: "/themes/#{theme_name}/",
name: theme_name
)
end
themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
themes = @module.themes_from_passive_detection(base_url: @module.url, wp_content_dir: 'wp-content')
themes.should_not be_empty
themes.length.should == expected_themes.length
themes.sort.should == expected_themes.sort
end
end
describe "#themes_from_aggressive_detection" do
describe '#themes_from_aggressive_detection' do
before :each do
stub_request(:get, @module.uri.to_s).to_return(:status => 200)
stub_request(:get, @module.uri.to_s).to_return(status: 200)
# Point all targets to a 404
@targets.each do |target|
stub_request(:get, target.get_full_url.to_s).to_return(:status => 404)
stub_request(:get, target.get_full_url.to_s).to_return(status: 404)
# to_s calls readme_url
stub_request(:get, target.readme_url.to_s).to_return(:status => 404)
stub_request(:get, target.readme_url.to_s).to_return(status: 404)
end
end
after :each do
@passive_detection_fixture = SPEC_FIXTURES_DIR + "/empty-file" unless @passive_detection_fixture
stub_request_to_fixture(:url => "#{@module.uri}/".sub(/\/\/$/, "/"), :fixture => @passive_detection_fixture)
@passive_detection_fixture = SPEC_FIXTURES_DIR + '/empty-file' unless @passive_detection_fixture
stub_request_to_fixture(url: "#{@module.uri}/".sub(/\/\/$/, '/'), fixture: @passive_detection_fixture)
detected = @module.themes_from_aggressive_detection(@options)
detected.length.should == @expected_themes.length
detected.sort.should == @expected_themes.sort
end
it "should return an empty array" do
it 'should return an empty array' do
@expected_themes = []
end
it "should return an array with 3 WpTheme (1 detected from passive method)" do
@passive_detection_fixture = @fixtures_dir + "/passive_detection/one_theme.htm"
it 'should return an array with 3 WpTheme (1 detected from passive method)' do
@passive_detection_fixture = @fixtures_dir + '/passive_detection/one_theme.htm'
@expected_themes = @targets.sample(2)
@expected_themes.each do |p|
stub_request(:get, p.get_full_url.to_s).to_return(:status => 200)
stub_request(:get, p.get_full_url.to_s).to_return(status: 200)
end
new_theme = WpTheme.new(:base_url => "http://example.localhost/",
:path => "/themes/custom-twentyten/",
:name => "custom-twentyten")
stub_request(:get, new_theme.readme_url.to_s).to_return(:status => 200)
new_theme = WpTheme.new(
base_url: 'http://example.localhost/',
path: '/themes/custom-twentyten/',
name: 'custom-twentyten'
)
stub_request(:get, new_theme.readme_url.to_s).to_return(status: 200)
@expected_themes << new_theme
end
@@ -170,7 +203,7 @@ shared_examples_for "WpThemes" do
theme_url.should_not be_nil
theme_url.length.should == 1
@expected_themes = theme_url
stub_request(:get, theme_url[0].get_full_url.to_s).to_return(:status => valid_response_code)
stub_request(:get, theme_url[0].get_full_url.to_s).to_return(status: valid_response_code)
end
end
end

55
spec/lib/wpscan/modules/wp_timthumbs_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,43 +17,43 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "WpTimthumbs" do
shared_examples_for 'WpTimthumbs' do
before :each do
@options = {}
@url = "http://example.localhost/"
@theme_name = "bueno"
@url = 'http://example.localhost/'
@theme_name = 'bueno'
@options[:base_url] = @url
@options[:wp_content_dir] = "wp-content"
@options[:wp_content_dir] = 'wp-content'
@options[:name] = @theme_name
@options[:error_404_hash] = "xx"
@options[:error_404_hash] = 'xx'
@options[:show_progression] = false
@options[:only_vulnerable_ones] = false
@options[:vulns_file] = "xx"
@options[:type] = "timthumbs"
@options[:vulns_file] = 'xx'
@options[:type] = 'timthumbs'
@module = WpScanModuleSpec.new(@url)
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/wp_timthumbs"
@timthumbs_file = @fixtures_dir + "/timthumbs.txt"
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_timthumbs'
@timthumbs_file = @fixtures_dir + '/timthumbs.txt'
@targets_from_file = %w{
http://example.localhost/wp-content/plugins/fotoslide/timthumb.php
http://example.localhost/wp-content/plugins/feature-slideshow/timthumb.php
}
@targets_from_theme =
[
"http://example.localhost/wp-content/themes/" + @theme_name + "/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/lib/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/inc/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/includes/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/scripts/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/tools/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/functions/timthumb.php"
'http://example.localhost/wp-content/themes/' + @theme_name + '/timthumb.php',
'http://example.localhost/wp-content/themes/' + @theme_name + '/lib/timthumb.php',
'http://example.localhost/wp-content/themes/' + @theme_name + '/inc/timthumb.php',
'http://example.localhost/wp-content/themes/' + @theme_name + '/includes/timthumb.php',
'http://example.localhost/wp-content/themes/' + @theme_name + '/scripts/timthumb.php',
'http://example.localhost/wp-content/themes/' + @theme_name + '/tools/timthumb.php',
'http://example.localhost/wp-content/themes/' + @theme_name + '/functions/timthumb.php'
]
@module.extend(WpTimthumbs)
end
describe "#targets_url_from_theme" do
it "should return the targets for the theme" do
describe '#targets_url_from_theme' do
it 'should return the targets for the theme' do
targets = @module.send(:targets_url_from_theme, @theme_name, @options)
targets.should_not be_empty
@@ -65,39 +66,39 @@ shared_examples_for "WpTimthumbs" do
end
end
describe "#timthumbs and #has_timthumbs?" do
describe '#timthumbs and #has_timthumbs?' do
before :each do
@options[:file] = @timthumbs_file
@targets_from_file.each do |url|
stub_request(:get, url).to_return(:status => 404)
stub_request(:get, url).to_return(status: 404)
end
end
it "should return an empty array" do
it 'should return an empty array' do
timthumbs = @module.timthumbs(nil, @options)
timthumbs.should be_empty
@module.has_timthumbs?(nil, @options).should be_false
end
it "should return an array with 7 elements (from passive detection)" do
stub_request(:get, %r{http://example\.localhost/wp-content/themes/my-theme/.*}).to_return(:status => 200)
timthumbs = @module.timthumbs("my-theme", @options)
it 'should return an array with 7 elements (from passive detection)' do
stub_request(:get, %r{http://example\.localhost/wp-content/themes/my-theme/.*}).to_return(status: 200)
timthumbs = @module.timthumbs('my-theme', @options)
timthumbs.length.should == 7
end
it "should return an array with 2 timthumbs url" do
it 'should return an array with 2 timthumbs url' do
expected = []
urls = []
urls_hash = WpEnumerator.generate_items(@options)
urls_hash.each do |u|
url = u.get_full_url.to_s
urls << url
stub_request(:get, url).to_return(:status => 404)
stub_request(:get, url).to_return(status: 404)
end
urls.sample(2).each do |target_url|
expected << target_url
stub_request(:get, target_url).
to_return(:status => 200, :body => File.new(@fixtures_dir + "/timthumb.php"))
to_return(status: 200, body: File.new(@fixtures_dir + '/timthumb.php'))
end
timthumbs = @module.timthumbs(nil, @options)

173
spec/lib/wpscan/modules/wp_usernames_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,7 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "WpUsernames" do
shared_examples_for 'WpUsernames' do
before :each do
@target_url = 'http://example.localhost/'
@@ -26,230 +27,230 @@ shared_examples_for "WpUsernames" do
@module.extend(WpUsernames)
end
describe "#author_url" do
it "should return the auhor url according to his id" do
describe '#author_url' do
it 'should return the auhor url according to his id' do
@module.author_url(1).should === "#@target_url?author=1"
end
end
describe "#usernames" do
describe '#usernames' do
before :each do
(1..10).each do |index|
stub_request(:get, @module.author_url(index)).to_return(:status => 404)
stub_request(:get, @module.author_url(index)).to_return(status: 404)
end
end
it "should return an empty array" do
it 'should return an empty array' do
@module.usernames.should be_empty
end
it "should return an array with 1 username (from header location)" do
it 'should return an array with 1 username (from header location)' do
stub_request(:get, @module.author_url(3)).
to_return(:status => 301, :headers => {'location' => '/author/Youhou'})
to_return(status: 301, headers: {'location' => '/author/Youhou'})
usernames = @module.usernames
usernames.should_not be_empty
usernames.length.should == 1
usernames[0].id.should == 3
usernames[0].name.should == "Youhou"
usernames[0].nickname.should == "empty"
usernames[0].name.should == 'Youhou'
usernames[0].nickname.should == 'empty'
end
it "should return an array with 1 username (from in the body response)" do
it 'should return an array with 1 username (from in the body response)' do
stub_request(:get, @module.author_url(2)).
to_return(:status => 200, :body => File.new(@fixtures_dir + '/admin.htm'))
to_return(status: 200, body: File.new(@fixtures_dir + '/admin.htm'))
usernames = @module.usernames(:range => (1..2))
usernames = @module.usernames(range: (1..2))
usernames.should_not be_empty
usernames.eql?([WpUser.new("admin", 2, "admin | Wordpress 3.3.2")]).should be_true
usernames.eql?([WpUser.new('admin', 2, 'admin | Wordpress 3.3.2')]).should be_true
end
it "should return an array with 2 usernames (one is a duplicate and should not be present twice)" do
it 'should return an array with 2 usernames (one is a duplicate and should not be present twice)' do
stub_request(:get, @module.author_url(4)).
to_return(:status => 301, :headers => {'location' => '/author/Youhou/'})
to_return(status: 301, headers: {'location' => '/author/Youhou/'})
stub_request(:get, @module.author_url(2)).
to_return(:status => 200, :body => File.new(@fixtures_dir + '/admin.htm'))
to_return(status: 200, body: File.new(@fixtures_dir + '/admin.htm'))
usernames = @module.usernames(:range => (1..5))
usernames = @module.usernames(range: (1..5))
usernames.should_not be_empty
expected = [
WpUser.new("admin", 2, "admin | Wordpress 3.3.2"),
WpUser.new("Youhou", 4, "empty")
WpUser.new('admin', 2, 'admin | Wordpress 3.3.2'),
WpUser.new('Youhou', 4, 'empty')
]
usernames.sort_by { |u| u.name }.eql?(expected.sort_by { |u| u.name }).should be_true
end
end
describe "#get_nickname_from_url" do
describe '#get_nickname_from_url' do
after :each do
url = "http://example.localhost/"
stub_request(:get, url).to_return(:status => @status, :body => @content)
url = 'http://example.localhost/'
stub_request(:get, url).to_return(status: @status, body: @content)
username = @module.get_nickname_from_url(url)
username.should === @expected
end
it "should return nil" do
it 'should return nil' do
@status = 200
@content = ""
@content = ''
@expected = nil
end
it "should return nil" do
it 'should return nil' do
@status = 400
@content = ""
@content = ''
@expected = nil
end
it "should return admin" do
it 'should return admin' do
@status = 200
@content = "<title>admin</title>"
@expected = "admin"
@content = '<title>admin</title>'
@expected = 'admin'
end
it "should return nil" do
it 'should return nil' do
@status = 201
@content = "<title>admin</title>"
@content = '<title>admin</title>'
@expected = nil
end
end
describe "#get_nickname_from_response" do
describe '#get_nickname_from_response' do
after :each do
url = "http://example.localhost/"
stub_request(:get, url).to_return(:status => @status, :body => @content)
url = 'http://example.localhost/'
stub_request(:get, url).to_return(status: @status, body: @content)
resp = Browser.instance.get(url)
username = @module.get_nickname_from_response(resp)
username.should === @expected
end
it "should return nil" do
it 'should return nil' do
@status = 200
@content = ""
@content = ''
@expected = nil
end
it "should return nil" do
it 'should return nil' do
@status = 400
@content = ""
@content = ''
@expected = nil
end
it "should return admin" do
it 'should return admin' do
@status = 200
@content = "<title>admin</title>"
@expected = "admin"
@content = '<title>admin</title>'
@expected = 'admin'
end
it "should return nil" do
it 'should return nil' do
@status = 201
@content = "<title>admin</title>"
@content = '<title>admin</title>'
@expected = nil
end
end
describe "#extract_nickname_from_body" do
describe '#extract_nickname_from_body' do
after :each do
result = @module.extract_nickname_from_body(@body)
result.should === @expected
end
it "should return admin" do
@body = "<title>admin</title>"
@expected = "admin"
it 'should return admin' do
@body = '<title>admin</title>'
@expected = 'admin'
end
it "should return nil" do
@body = "<title>adm<in</title>"
it 'should return nil' do
@body = '<title>adm<in</title>'
@expected = nil
end
it "should return nil" do
@body = "<titler>admin</titler>"
it 'should return nil' do
@body = '<titler>admin</titler>'
@expected = nil
end
it "should return admin | " do
@body = "<title>admin | </title>"
@expected = "admin | "
it 'should return admin | ' do
@body = '<title>admin | </title>'
@expected = 'admin | '
end
it "should return an empty string" do
@body = "<title></title>"
@expected = ""
it 'should return an empty string' do
@body = '<title></title>'
@expected = ''
end
end
describe "#remove_junk_from_nickname" do
it "should throw an exception" do
describe '#remove_junk_from_nickname' do
it 'should throw an exception' do
@input = nil
expect { @module.remove_junk_from_nickname(@input) }.to raise_error(RuntimeError, "Need an array as input")
expect { @module.remove_junk_from_nickname(@input) }.to raise_error(RuntimeError, 'Need an array as input')
end
it "should not throw an exception" do
it 'should not throw an exception' do
@input = []
expect { @module.remove_junk_from_nickname(@input) }.to_not raise_error
end
it "should throw an exception" do
it 'should throw an exception' do
@input = [WpOptions.new]
expect { @module.remove_junk_from_nickname(@input) }.to raise_error(RuntimeError, "Items must be of type WpUser")
expect { @module.remove_junk_from_nickname(@input) }.to raise_error(RuntimeError, 'Items must be of type WpUser')
end
end
describe "#remove_junk_from_nickname" do
describe '#remove_junk_from_nickname' do
after :each do
result = @module.remove_junk_from_nickname(@input)
result.eql?(@expected).should === true
end
it "should return an empty array" do
it 'should return an empty array' do
@input = []
@expected = @input
end
it "should return input object" do
it 'should return input object' do
@input = [WpUser.new(nil, nil, nil)]
@expected = @input
end
it "should return input object" do
@input = [WpUser.new("", "", "")]
it 'should return input object' do
@input = [WpUser.new('', '', '')]
@expected = @input
end
it "should remove asdf" do
@input = [WpUser.new(nil, nil, "lkjh asdf"), WpUser.new(nil, nil, "ijrjd asdf")]
@expected = [WpUser.new(nil, nil, "lkjh"), WpUser.new(nil, nil, "ijrjd")]
it 'should remove asdf' do
@input = [WpUser.new(nil, nil, 'lkjh asdf'), WpUser.new(nil, nil, 'ijrjd asdf')]
@expected = [WpUser.new(nil, nil, 'lkjh'), WpUser.new(nil, nil, 'ijrjd')]
end
it "should return unmodified input object" do
@input = [WpUser.new(nil, nil, "lkjh asdfa"), WpUser.new(nil, nil, "ijrjd asdf")]
it 'should return unmodified input object' do
@input = [WpUser.new(nil, nil, 'lkjh asdfa'), WpUser.new(nil, nil, 'ijrjd asdf')]
@expected = @input
end
it "should return input object" do
@input = [WpUser.new(nil, nil, "lkjh asdf")]
it 'should return input object' do
@input = [WpUser.new(nil, nil, 'lkjh asdf')]
@expected = @input
end
it "should return lkhj asdf" do
@input = [WpUser.new(nil, nil, "lkhj asdf"), WpUser.new(nil, nil, "lkhj asdf")]
@expected = [WpUser.new(nil, nil, ""), WpUser.new(nil, nil, "")]
it 'should return lkhj asdf' do
@input = [WpUser.new(nil, nil, 'lkhj asdf'), WpUser.new(nil, nil, 'lkhj asdf')]
@expected = [WpUser.new(nil, nil, ''), WpUser.new(nil, nil, '')]
end
end
# Issue 66
describe "#remove_junk_from_nickname" do
it "should contain the string empty" do
input = [WpUser.new("admin", 1, "admin | Wordpress 3.4.2"), WpUser.new("", 2, "Wordpress 3.4.2")]
describe '#remove_junk_from_nickname' do
it 'should contain the string empty' do
input = [WpUser.new('admin', 1, 'admin | Wordpress 3.4.2'), WpUser.new('', 2, 'Wordpress 3.4.2')]
result = @module.remove_junk_from_nickname(input)
result[0].nickname.should === "admin | "
result[0].name.should === "admin"
result[0].nickname.should === 'admin | '
result[0].name.should === 'admin'
result[0].id.should === 1
result[1].nickname.should === "empty"
result[1].name.should === "empty"
result[1].nickname.should === 'empty'
result[1].name.should === 'empty'
result[1].id.should === 2
end
end

3
spec/lib/wpscan/wp_detector_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -20,4 +21,4 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpDetector do
# TODO
end
end

3
spec/lib/wpscan/wp_enumerator_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -20,4 +21,4 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpEnumerator do
# TODO
end
end

560
spec/lib/wpscan/wp_item_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -19,278 +20,279 @@
require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpPlugin do
describe "#initialize" do
it "should create a correct instance" do
describe '#initialize' do
it 'should create a correct instance' do
instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'plugins'
)
instance.wp_content_dir.should == "wp-content"
instance.base_url.should == "http://sub.example.com/path/to/wordpress/"
instance.path.should == "test/asdf.php"
instance.wp_content_dir.should == 'wp-content'
instance.base_url.should == 'http://sub.example.com/path/to/wordpress/'
instance.path.should == 'test/asdf.php'
end
end
describe "#get_full_url" do
describe '#get_full_url' do
after :each do
arguments = {
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins",
:wp_content_dir => @wp_content_dir
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'plugins',
wp_content_dir: @wp_content_dir
}
instance = WpItem.new(arguments)
instance.get_full_url.to_s.should === @expected
end
it "should return the correct url" do
@expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php"
it 'should return the correct url' do
@expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php'
end
it "should return the correct url (custom wp_content_dir)" do
@wp_content_dir = "custom"
@expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
it 'should return the correct url (custom wp_content_dir)' do
@wp_content_dir = 'custom'
@expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php'
end
it "should trim / and add missing / before concatenating url" do
@wp_content_dir = "/custom/"
@expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
it 'should trim / and add missing / before concatenating url' do
@wp_content_dir = '/custom/'
@expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php'
end
end
describe "#get_url_without_filename" do
describe '#get_url_without_filename' do
after :each do
arguments = {
:base_url => @base_url || "http://sub.example.com/path/to/wordpress/",
:path => @path || "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins",
:wp_content_dir => @wp_content_dir
base_url: @base_url || 'http://sub.example.com/path/to/wordpress/',
path: @path || 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'plugins',
wp_content_dir: @wp_content_dir
}
instance = WpItem.new(arguments)
instance.get_url_without_filename.to_s.should === @expected
end
it "should return the correct url" do
@expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
it 'should return the correct url' do
@expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test/'
end
it "should return the correct url (custom wp_content_dir)" do
@wp_content_dir = "custom"
@expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
it 'should return the correct url (custom wp_content_dir)' do
@wp_content_dir = 'custom'
@expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/'
end
it "should trim / and add missing / before concatenating url" do
@wp_content_dir = "/custom/"
@expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
it 'should trim / and add missing / before concatenating url' do
@wp_content_dir = '/custom/'
@expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/'
end
it "should not remove the last foldername" do
@path = "test/"
@expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
it 'should not remove the last foldername' do
@path = 'test/'
@expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test/'
end
it "should return the correct url (https)" do
@base_url = "https://sub.example.com/path/to/wordpress/"
@expected = "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
it 'should return the correct url (https)' do
@base_url = 'https://sub.example.com/path/to/wordpress/'
@expected = 'https://sub.example.com/path/to/wordpress/wp-content/plugins/test/'
end
it "should add the last slash if it's not present" do
@path = "test-one"
@expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/"
@path = 'test-one'
@expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/'
end
end
describe "#version" do
describe '#version' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' }
before :each do
@instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'plugins'
)
end
it "should return a version number" do
stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1")
@instance.version.should == "1.2.4.3.2.1"
it 'should return a version number' do
stub_request(:get, @instance.readme_url.to_s).to_return(status: 200, body: 'Stable tag: 1.2.4.3.2.1')
@instance.version.should == '1.2.4.3.2.1'
end
it "should not return a version number" do
stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: trunk")
it 'should not return a version number' do
stub_request(:get, @instance.readme_url.to_s).to_return(status: 200, body: 'Stable tag: trunk')
@instance.version.should be nil
end
it "should return nil if the version is invalid (IE : trunk etc)" do
stub_request_to_fixture(:url => @instance.readme_url.to_s, :fixture => fixtures_dir + '/trunk-version.txt')
it 'should return nil if the version is invalid (IE : trunk etc)' do
stub_request_to_fixture(url: @instance.readme_url.to_s, fixture: fixtures_dir + '/trunk-version.txt')
@instance.version.should be_nil
end
it "should return the version 0.4" do
stub_request_to_fixture(:url => @instance.readme_url.to_s, :fixture => fixtures_dir + '/simple-login-lockdown-0.4.txt')
@instance.version.should === "0.4"
it 'should return the version 0.4' do
stub_request_to_fixture(url: @instance.readme_url.to_s, fixture: fixtures_dir + '/simple-login-lockdown-0.4.txt')
@instance.version.should === '0.4'
end
end
describe "#directory_listing?" do
describe '#directory_listing?' do
before :each do
@instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'plugins'
)
end
it "should return true" do
it 'should return true' do
stub_request(:get, @instance.get_url_without_filename.to_s)
.to_return(:status => 200, :body => "<html><head><title>Index of asdf</title></head></html>")
.to_return(status: 200, body: '<html><head><title>Index of asdf</title></head></html>')
@instance.directory_listing?.should == true
end
it "should return false" do
it 'should return false' do
stub_request(:get, @instance.get_url_without_filename.to_s)
.to_return(:status => 200, :body => "<html><head><title>My Wordpress Site</title></head></html>")
.to_return(status: 200, body: '<html><head><title>My Wordpress Site</title></head></html>')
@instance.directory_listing?.should == false
end
it "should return false on a 404" do
stub_request(:get, @instance.get_url_without_filename.to_s.to_s).to_return(:status => 404)
it 'should return false on a 404' do
stub_request(:get, @instance.get_url_without_filename.to_s.to_s).to_return(status: 404)
@instance.directory_listing?.should be_false
end
end
describe "#extract_name_from_url" do
describe '#extract_name_from_url' do
after :each do
arguments = {
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => @path || "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => @type || "plugins",
:wp_content_dir => @wp_content_dir
base_url: 'http://sub.example.com/path/to/wordpress/',
path: @path || 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: @type || 'plugins',
wp_content_dir: @wp_content_dir
}
instance = WpItem.new(arguments)
instance.extract_name_from_url.should === @expected
end
it "should extract the correct name" do
@expected = "test"
it 'should extract the correct name' do
@expected = 'test'
end
it "should extract the correct name (custom wp_content_dir)" do
@wp_content_dir = "custom"
@expected = "test"
it 'should extract the correct name (custom wp_content_dir)' do
@wp_content_dir = 'custom'
@expected = 'test'
end
it "should extract the correct name" do
@path = "test2/asdf.php"
@wp_content_dir = "/custom/"
@expected = "test2"
it 'should extract the correct name' do
@path = 'test2/asdf.php'
@wp_content_dir = '/custom/'
@expected = 'test2'
end
it "should extract the correct plugin name" do
@path = "testplugin/"
@expected = "testplugin"
it 'should extract the correct plugin name' do
@path = 'testplugin/'
@expected = 'testplugin'
end
it "should extract the correct theme name" do
@path = "testtheme/"
@type = "themes"
@expected = "testtheme"
it 'should extract the correct theme name' do
@path = 'testtheme/'
@type = 'themes'
@expected = 'testtheme'
end
end
describe "#to_s" do
describe '#to_s' do
before :each do
@instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'plugins'
)
end
it "should return the name including a version number" do
stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1")
@instance.to_s.should == "test v1.2.4.3.2.1"
it 'should return the name including a version number' do
stub_request(:get, @instance.readme_url.to_s).to_return(status: 200, body: 'Stable tag: 1.2.4.3.2.1')
@instance.to_s.should == 'test v1.2.4.3.2.1'
end
it "should not return the name without a version number" do
stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: trunk")
@instance.to_s.should == "test"
it 'should not return the name without a version number' do
stub_request(:get, @instance.readme_url.to_s).to_return(status: 200, body: 'Stable tag: trunk')
@instance.to_s.should == 'test'
end
end
describe "#==" do
describe '#==' do
before :each do
@instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'plugins'
)
end
it "should return false" do
it 'should return false' do
instance2 = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "newname/asdf.php",
:type => "plugins",
:vulns_file => "XXX.xml",
:vulns_xpath => "XX"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'newname/asdf.php',
type: 'plugins',
vulns_file: 'XXX.xml',
vulns_xpath: 'XX'
)
(@instance==instance2).should == false
(@instance == instance2).should == false
end
it "should return true" do
it 'should return true' do
instance2 = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:type => "plugins",
:vulns_file => "XXX.xml",
:vulns_xpath => "XX"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
type: 'plugins',
vulns_file: 'XXX.xml',
vulns_xpath: 'XX'
)
(@instance==instance2).should == true
(@instance == instance2).should == true
end
end
describe "#get_sub_folder" do
describe '#get_sub_folder' do
after :each do
arguments = {
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:wp_content_dir => "wp-content",
:wp_plugins_dir => "wp-content/plugins",
:name => "test",
:vulns_xpath => "XX",
:type => @type || "themes"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
wp_content_dir: 'wp-content',
wp_plugins_dir: 'wp-content/plugins',
name: 'test',
vulns_xpath: 'XX',
type: @type || 'themes'
}
instance = WpItem.new(arguments)
@@ -302,238 +304,238 @@ describe WpPlugin do
end
end
it "should return themes" do
@expected = "themes"
it 'should return themes' do
@expected = 'themes'
end
it "should return nil" do
@type = "timthumbs"
it 'should return nil' do
@type = 'timthumbs'
@expected = nil
end
it "should raise an exception" do
@type = "type"
@raise_error = raise_error(RuntimeError, "unknown type type")
it 'should raise an exception' do
@type = 'type'
@raise_error = raise_error(RuntimeError, 'unknown type type')
end
end
describe "#readme_url" do
describe '#readme_url' do
after :each do
arguments = {
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => @type || "plugins",
:wp_content_dir => @wp_content_dir
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: @type || 'plugins',
wp_content_dir: @wp_content_dir
}
instance = WpItem.new(arguments)
instance.readme_url.to_s.should === @expected
end
it "should return the corrent plugin readme url" do
@expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt"
it 'should return the corrent plugin readme url' do
@expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt'
end
it "should return the corrent plugin readme url (custom wp_content)" do
@wp_content_dir = "custom"
@expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt"
it 'should return the corrent plugin readme url (custom wp_content)' do
@wp_content_dir = 'custom'
@expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt'
end
it "should return the corrent theme readme url" do
@type = "themes"
@expected = "http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt"
it 'should return the corrent theme readme url' do
@type = 'themes'
@expected = 'http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt'
end
it "should return the corrent theme readme url (custom wp_content)" do
@type = "themes"
@wp_content_dir = "custom"
@expected = "http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt"
it 'should return the corrent theme readme url (custom wp_content)' do
@type = 'themes'
@wp_content_dir = 'custom'
@expected = 'http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt'
end
end
describe "#changelog_url" do
describe '#changelog_url' do
after :each do
arguments = {
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => @type || "plugins",
:wp_content_dir => @wp_content_dir
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: @type || 'plugins',
wp_content_dir: @wp_content_dir
}
instance = WpItem.new(arguments)
instance.changelog_url.to_s.should === @expected
end
it "should return the corrent plugin changelog url" do
@expected = "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt"
it 'should return the corrent plugin changelog url' do
@expected = 'http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt'
end
it "should return the corrent plugin changelog url (custom wp_content)" do
@wp_content_dir = "custom"
@expected = "http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt"
it 'should return the corrent plugin changelog url (custom wp_content)' do
@wp_content_dir = 'custom'
@expected = 'http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt'
end
it "should return the corrent theme changelog url" do
@type = "themes"
@expected = "http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt"
it 'should return the corrent theme changelog url' do
@type = 'themes'
@expected = 'http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt'
end
it "should return the corrent theme changelog url (custom wp_content)" do
@type = "themes"
@wp_content_dir = "custom"
@expected = "http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt"
it 'should return the corrent theme changelog url (custom wp_content)' do
@type = 'themes'
@wp_content_dir = 'custom'
@expected = 'http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt'
end
end
describe "#has_readme?" do
describe '#has_readme?' do
before :each do
@instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'plugins'
)
end
it "should return true" do
stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200)
it 'should return true' do
stub_request(:get, @instance.readme_url.to_s).to_return(status: 200)
@instance.has_readme?.should == true
end
it "should return false" do
stub_request(:get, @instance.readme_url.to_s).to_return(:status => 403)
it 'should return false' do
stub_request(:get, @instance.readme_url.to_s).to_return(status: 403)
@instance.has_readme?.should == false
end
end
describe "#has_changelog?" do
describe '#has_changelog?' do
before :each do
@instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'plugins'
)
end
it "should return true" do
stub_request(:get, @instance.changelog_url.to_s).to_return(:status => 200)
it 'should return true' do
stub_request(:get, @instance.changelog_url.to_s).to_return(status: 200)
@instance.has_changelog?.should == true
end
it "should return false" do
stub_request(:get, @instance.changelog_url.to_s).to_return(:status => 403)
it 'should return false' do
stub_request(:get, @instance.changelog_url.to_s).to_return(status: 403)
@instance.has_changelog?.should == false
end
end
describe "#wp_org_url" do
it "sould return a themes url" do
describe '#wp_org_url' do
it 'sould return a themes url' do
instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "themes"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'themes'
)
instance.wp_org_url.to_s.should == "http://wordpress.org/extend/themes/test/"
instance.wp_org_url.to_s.should == 'http://wordpress.org/extend/themes/test/'
end
it "sould return a plugins url" do
it 'sould return a plugins url' do
instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'plugins'
)
instance.wp_org_url.to_s.should == "http://wordpress.org/extend/plugins/test/"
instance.wp_org_url.to_s.should == 'http://wordpress.org/extend/plugins/test/'
end
it "sould raise an exception" do
it 'sould raise an exception' do
instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "invalid"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'invalid'
)
expect { instance.wp_org_url }.to raise_error(RuntimeError, "No Wordpress URL for invalid")
expect { instance.wp_org_url }.to raise_error(RuntimeError, 'No Wordpress URL for invalid')
end
end
describe "#wp_org_item?" do
it "sould return true" do
describe '#wp_org_item?' do
it 'sould return true' do
instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "w3-total-cache",
:vulns_xpath => "XX",
:type => "plugins"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'w3-total-cache',
vulns_xpath: 'XX',
type: 'plugins'
)
instance.wp_org_item?.should be_true
end
it "sould return true" do
it 'sould return true' do
instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "twentyten",
:vulns_xpath => "XX",
:type => "themes"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'twentyten',
vulns_xpath: 'XX',
type: 'themes'
)
instance.wp_org_item?.should be_true
end
it "sould return false" do
it 'sould return false' do
instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "can_not_be_in_repository",
:vulns_xpath => "XX",
:type => "plugins"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'can_not_be_in_repository',
vulns_xpath: 'XX',
type: 'plugins'
)
instance.wp_org_item?.should be_false
end
it "sould return false" do
it 'sould return false' do
instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "can_not_be_in_repository",
:vulns_xpath => "XX",
:type => "themes"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'can_not_be_in_repository',
vulns_xpath: 'XX',
type: 'themes'
)
instance.wp_org_item?.should be_false
end
it "sould raise an exception" do
it 'sould raise an exception' do
instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "invalid"
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'test/asdf.php',
vulns_file: 'XXX.xml',
name: 'test',
vulns_xpath: 'XX',
type: 'invalid'
)
expect { instance.wp_org_item? }.to raise_error(RuntimeError, "Unknown type invalid")
expect { instance.wp_org_item? }.to raise_error(RuntimeError, 'Unknown type invalid')
end
end

115
spec/lib/wpscan/wp_options_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -19,120 +20,120 @@
require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpOptions do
describe "#check_options" do
describe '#check_options' do
before :each do
@options = {}
@options[:base_url] = "url"
@options[:base_url] = 'url'
@options[:only_vulnerable_ones] = false
@options[:file] = "file"
@options[:vulns_file] = "vulns_file"
@options[:vulns_xpath] = "vulns_xpath"
@options[:vulns_xpath_2] = "vulns_xpath_2"
@options[:wp_content_dir] = "wp_content_dir"
@options[:file] = 'file'
@options[:vulns_file] = 'vulns_file'
@options[:vulns_xpath] = 'vulns_xpath'
@options[:vulns_xpath_2] = 'vulns_xpath_2'
@options[:wp_content_dir] = 'wp_content_dir'
@options[:show_progression] = true
@options[:error_404_hash] = "error_404_hash"
@options[:type] = "type"
@options[:error_404_hash] = 'error_404_hash'
@options[:type] = 'type'
@message = ""
@message = ''
end
after :each do
expect { WpOptions.check_options(@options) }.to raise_error(RuntimeError, @message)
end
it "should raise an exception (base_url empty)" do
@options[:base_url] = ""
@message = "base_url must be set"
it 'should raise an exception (base_url empty)' do
@options[:base_url] = ''
@message = 'base_url must be set'
end
it "should raise an exception (base_url nil)" do
it 'should raise an exception (base_url nil)' do
@options[:base_url] = nil
@message = "base_url must be set"
@message = 'base_url must be set'
end
it "should raise an exception (only_vulnerable_ones nil)" do
it 'should raise an exception (only_vulnerable_ones nil)' do
@options[:only_vulnerable_ones] = nil
@message = "only_vulnerable_ones must be set"
@message = 'only_vulnerable_ones must be set'
end
it "should raise an exception (file empty)" do
@options[:file] = ""
@message = "file must be set"
it 'should raise an exception (file empty)' do
@options[:file] = ''
@message = 'file must be set'
end
it "should raise an exception (file nil)" do
it 'should raise an exception (file nil)' do
@options[:file] = nil
@message = "file must be set"
@message = 'file must be set'
end
it "should raise an exception (vulns_file empty)" do
@options[:vulns_file] = ""
@message = "vulns_file must be set"
it 'should raise an exception (vulns_file empty)' do
@options[:vulns_file] = ''
@message = 'vulns_file must be set'
end
it "should raise an exception (vulns_file nil)" do
it 'should raise an exception (vulns_file nil)' do
@options[:vulns_file] = nil
@message = "vulns_file must be set"
@message = 'vulns_file must be set'
end
it "should raise an exception (vulns_xpath empty)" do
@options[:vulns_xpath] = ""
@message = "vulns_xpath must be set"
it 'should raise an exception (vulns_xpath empty)' do
@options[:vulns_xpath] = ''
@message = 'vulns_xpath must be set'
end
it "should raise an exception (vulns_xpath nil)" do
it 'should raise an exception (vulns_xpath nil)' do
@options[:vulns_xpath] = nil
@message = "vulns_xpath must be set"
@message = 'vulns_xpath must be set'
end
it "should raise an exception (vulns_xpath_2 empty)" do
@options[:vulns_xpath_2] = ""
@message = "vulns_xpath_2 must be set"
it 'should raise an exception (vulns_xpath_2 empty)' do
@options[:vulns_xpath_2] = ''
@message = 'vulns_xpath_2 must be set'
end
it "should raise an exception (vulns_xpath_2 nil)" do
it 'should raise an exception (vulns_xpath_2 nil)' do
@options[:vulns_xpath_2] = nil
@message = "vulns_xpath_2 must be set"
@message = 'vulns_xpath_2 must be set'
end
it "should raise an exception (wp_content_dir empty)" do
@options[:wp_content_dir] = ""
@message = "wp_content_dir must be set"
it 'should raise an exception (wp_content_dir empty)' do
@options[:wp_content_dir] = ''
@message = 'wp_content_dir must be set'
end
it "should raise an exception (wp_content_dir nil)" do
it 'should raise an exception (wp_content_dir nil)' do
@options[:wp_content_dir] = nil
@message = "wp_content_dir must be set"
@message = 'wp_content_dir must be set'
end
it "should raise an exception (show_progression nil)" do
it 'should raise an exception (show_progression nil)' do
@options[:show_progression] = nil
@message = "show_progression must be set"
@message = 'show_progression must be set'
end
it "should raise an exception (error_404_hash empty)" do
@options[:error_404_hash] = ""
@message = "error_404_hash must be set"
it 'should raise an exception (error_404_hash empty)' do
@options[:error_404_hash] = ''
@message = 'error_404_hash must be set'
end
it "should raise an exception (error_404_hash nil)" do
it 'should raise an exception (error_404_hash nil)' do
@options[:error_404_hash] = nil
@message = "error_404_hash must be set"
@message = 'error_404_hash must be set'
end
it "should raise an exception (type empty)" do
@options[:type] = ""
@message = "type must be set"
it 'should raise an exception (type empty)' do
@options[:type] = ''
@message = 'type must be set'
end
it "should raise an exception (type nil)" do
it 'should raise an exception (type nil)' do
@options[:type] = nil
@message = "type must be set"
@message = 'type must be set'
end
it "should raise an exception (type unknown)" do
@options[:type] = "unknown"
@message = "Unknown type unknown"
it 'should raise an exception (type unknown)' do
@options[:type] = 'unknown'
@message = 'Unknown type unknown'
end
end
end

60
spec/lib/wpscan/wp_plugin_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -19,56 +20,61 @@
require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpPlugin do
describe "#initialize" do
it "should not raise an exception" do
expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
describe '#initialize' do
it 'should not raise an exception' do
expect { WpPlugin.new(base_url: 'url', path: 'path', wp_content_dir: 'dir', name: 'name') }.to_not raise_error
end
it "should not raise an exception (wp_content_dir not set)" do
expect { WpPlugin.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error
it 'should not raise an exception (wp_content_dir not set)' do
expect { WpPlugin.new(base_url: 'url', path: 'path', name: 'name') }.to_not raise_error
end
it "should raise an exception (base_url not set)" do
expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
it 'should raise an exception (base_url not set)' do
expect { WpPlugin.new(path: 'path', wp_content_dir: 'dir', name: 'name') }.to raise_error
end
it "should raise an exception (path not set)" do
expect { WpPlugin.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
it 'should raise an exception (path not set)' do
expect { WpPlugin.new(base_url: 'url', wp_content_dir: 'dir', name: 'name') }.to raise_error
end
it "should raise an exception (name not set)" do
expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
it 'should raise an exception (name not set)' do
expect { WpPlugin.new(base_url: 'url', path: 'path', wp_content_dir: 'dir') }.to raise_error
end
end
describe "#error_log_url" do
it "should return a correct url" do
temp = WpPlugin.new(:base_url => "http://wordpress.com",
:path => "test/asdf.php")
temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log"
describe '#error_log_url' do
it 'should return a correct url' do
temp = WpPlugin.new(
base_url: 'http://wordpress.com',
path: 'test/asdf.php'
)
temp.error_log_url.to_s.should == 'http://wordpress.com/wp-content/plugins/test/error_log'
end
end
describe "#error_log?" do
describe '#error_log?' do
before :each do
@temp = WpPlugin.new(:base_url => "http://wordpress.com",
:path => "test/asdf.php")
@temp = WpPlugin.new(
base_url: 'http://wordpress.com',
path: 'test/asdf.php')
end
it "should return true" do
stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 200, :body => "PHP Fatal error")
it 'should return true' do
stub_request(:get, @temp.error_log_url.to_s).to_return(status: 200, body: 'PHP Fatal error')
@temp.error_log?.should be true
end
it "should return false" do
stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 500, :body => "Access denied")
it 'should return false' do
stub_request(:get, @temp.error_log_url.to_s).to_return(status: 500, body: 'Access denied')
@temp.error_log?.should be false
end
it "should return true" do
fixtures_dir = SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/error_log"
stub_request(:get, @temp.error_log_url.to_s).to_return(:status => 200,
:body => File.new(fixtures_dir + '/error_log'))
it 'should return true' do
fixtures_dir = SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/error_log'
stub_request(:get, @temp.error_log_url.to_s).to_return(
status: 200,
body: File.new(fixtures_dir + '/error_log')
)
@temp.error_log?.should be true
end

279
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -24,304 +25,304 @@ describe WpTarget do
Browser.reset
@options =
{
:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
:cache_timeout => 0,
:wp_content_dir => "wp-content",
:wp_plugins_dir => "wp-content/plugins"
config_file: SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
cache_timeout: 0,
wp_content_dir: 'wp-content',
wp_plugins_dir: 'wp-content/plugins'
}
@wp_target = WpTarget.new("http://example.localhost/", @options)
@wp_target = WpTarget.new('http://example.localhost/', @options)
end
it_should_behave_like "WebSite"
it_should_behave_like "WpReadme"
it_should_behave_like "WpConfigBackup"
it_should_behave_like "WpFullPathDisclosure"
it_should_behave_like "WpLoginProtection"
it_should_behave_like "Malwares"
it_should_behave_like "BruteForce"
it_should_behave_like "WpUsernames"
it_should_behave_like "WpTimthumbs"
it_should_behave_like "WpPlugins"
it_should_behave_like "WpThemes"
it_should_behave_like 'WebSite'
it_should_behave_like 'WpReadme'
it_should_behave_like 'WpConfigBackup'
it_should_behave_like 'WpFullPathDisclosure'
it_should_behave_like 'WpLoginProtection'
it_should_behave_like 'Malwares'
it_should_behave_like 'BruteForce'
it_should_behave_like 'WpUsernames'
it_should_behave_like 'WpTimthumbs'
it_should_behave_like 'WpPlugins'
it_should_behave_like 'WpThemes'
describe "#initialize" do
it "should raise an error if the target_url is nil or empty" do
describe '#initialize' do
it 'should raise an error if the target_url is nil or empty' do
expect { WpTarget.new(nil) }.to raise_error
expect { Wptarget.new('') }.to raise_error
end
it "should add the http protocol if missing" do
WpTarget.new("example.localhost/", @options).url.should === "http://example.localhost/"
it 'should add the http protocol if missing' do
WpTarget.new('example.localhost/', @options).url.should === 'http://example.localhost/'
end
it "should add the trailing slash to the url if missing" do
WpTarget.new("lamp/wordpress", @options).url.should === "http://lamp/wordpress/"
it 'should add the trailing slash to the url if missing' do
WpTarget.new('lamp/wordpress', @options).url.should === 'http://lamp/wordpress/'
end
end
describe "#url" do
it "should return the url of the target" do
describe '#url' do
it 'should return the url of the target' do
@wp_target.url.should === @wp_target.uri.to_s
end
end
describe "#login_url" do
let(:login_url) { @wp_target.uri.merge("wp-login.php").to_s }
describe '#login_url' do
let(:login_url) { @wp_target.uri.merge('wp-login.php').to_s }
it "should return the login url of the target" do
stub_request(:get, login_url).to_return(:status => 200, :body => '')
it 'should return the login url of the target' do
stub_request(:get, login_url).to_return(status: 200, body: '')
@wp_target.login_url.should === login_url
end
it "should return the redirection url if there is one (ie: for https)" do
https_login_url = login_url.gsub(/^http:/, "https:")
it 'should return the redirection url if there is one (ie: for https)' do
https_login_url = login_url.gsub(/^http:/, 'https:')
stub_request(:get, login_url).to_return(:status => 302, :headers => { :location => https_login_url })
stub_request(:get, https_login_url).to_return(:status => 200)
stub_request(:get, login_url).to_return(status: 302, headers: { location: https_login_url })
stub_request(:get, https_login_url).to_return(status: 200)
@wp_target.login_url.should === https_login_url
end
end
describe "#wp_content_dir" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + "/wp_content_dir" }
describe '#wp_content_dir' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + '/wp_content_dir' }
after :each do
@wp_target = WpTarget.new(@target_url) if @target_url
stub_request_to_fixture(:url => @wp_target.url, :fixture => @fixture) if @fixture
stub_request_to_fixture(url: @wp_target.url, fixture: @fixture) if @fixture
@wp_target.wp_content_dir.should === @expected
end
it "should return the string set in the initialize method" do
@wp_target = WpTarget.new("http://example.localhost/", @options.merge(:wp_content_dir => "hello-world"))
@expected = "hello-world"
it 'should return the string set in the initialize method' do
@wp_target = WpTarget.new('http://example.localhost/', @options.merge(wp_content_dir: 'hello-world'))
@expected = 'hello-world'
end
it "should return 'wp-content'" do
@target_url = "http://lamp/wordpress-3.4.1"
@fixture = fixtures_dir + "/wordpress-3.4.1.htm"
@expected = "wp-content"
@target_url = 'http://lamp/wordpress-3.4.1'
@fixture = fixtures_dir + '/wordpress-3.4.1.htm'
@expected = 'wp-content'
end
it "should return 'wp-content' if url has trailing slash" do
@target_url = "http://lamp/wordpress-3.4.1/"
@fixture = fixtures_dir + "/wordpress-3.4.1.htm"
@expected = "wp-content"
@target_url = 'http://lamp/wordpress-3.4.1/'
@fixture = fixtures_dir + '/wordpress-3.4.1.htm'
@expected = 'wp-content'
end
it "should find the default 'wp-content' dir even if the target_url is not the same (ie : the user supply an IP address and the url used in the code is a domain)" do
@target_url = "http://192.168.1.103/wordpress-3.4.1/"
@fixture = fixtures_dir + "/wordpress-3.4.1.htm"
@expected = "wp-content"
@target_url = 'http://192.168.1.103/wordpress-3.4.1/'
@fixture = fixtures_dir + '/wordpress-3.4.1.htm'
@expected = 'wp-content'
end
it "should return 'custom-content'" do
@target_url = "http://lamp/wordpress-3.4.1-custom"
@fixture = fixtures_dir + "/wordpress-3.4.1-custom.htm"
@expected = "custom-content"
@target_url = 'http://lamp/wordpress-3.4.1-custom'
@fixture = fixtures_dir + '/wordpress-3.4.1-custom.htm'
@expected = 'custom-content'
end
it "should return 'custom content spaces'" do
@target_url = "http://lamp/wordpress-3.4.1-custom"
@fixture = fixtures_dir + "/wordpress-3.4.1-custom-with-spaces.htm"
@expected = "custom content spaces"
@target_url = 'http://lamp/wordpress-3.4.1-custom'
@fixture = fixtures_dir + '/wordpress-3.4.1-custom-with-spaces.htm'
@expected = 'custom content spaces'
end
it "should return 'custom-dir/subdir/content'" do
@target_url = "http://lamp/wordpress-3.4.1-custom"
@fixture = fixtures_dir + "/wordpress-3.4.1-custom-subdirectories.htm"
@expected = "custom-dir/subdir/content"
@target_url = 'http://lamp/wordpress-3.4.1-custom'
@fixture = fixtures_dir + '/wordpress-3.4.1-custom-subdirectories.htm'
@expected = 'custom-dir/subdir/content'
end
it "should also check in src attributes" do
@target_url = "http://lamp/wordpress-3.4.1"
@fixture = fixtures_dir + "/wordpress-3.4.1-in-src.htm"
@expected = "wp-content"
it 'should also check in src attributes' do
@target_url = 'http://lamp/wordpress-3.4.1'
@fixture = fixtures_dir + '/wordpress-3.4.1-in-src.htm'
@expected = 'wp-content'
end
it "should find the location even if the src or href goes in the plugins dir" do
@target_url = "http://wordpress-3.4.1-in-plugins.htm"
@fixture = fixtures_dir + "/wordpress-3.4.1-in-plugins.htm"
@expected = "wp-content"
it 'should find the location even if the src or href goes in the plugins dir' do
@target_url = 'http://wordpress-3.4.1-in-plugins.htm'
@fixture = fixtures_dir + '/wordpress-3.4.1-in-plugins.htm'
@expected = 'wp-content'
end
it "should not detect facebook.com as a custom wp-content directory" do
@target_url = "http://lamp.localhost/"
@fixture = fixtures_dir + "/facebook-detection.htm"
it 'should not detect facebook.com as a custom wp-content directory' do
@target_url = 'http://lamp.localhost/'
@fixture = fixtures_dir + '/facebook-detection.htm'
@expected = nil
end
end
describe "#wp_plugins_dir" do
describe '#wp_plugins_dir' do
after :each do
@wp_target.stub(:wp_plugins_dir => @stub_value) if @stub_value
@wp_target.stub(wp_plugins_dir: @stub_value) if @stub_value
@wp_target.wp_plugins_dir.should === @expected
end
it "should return the string set in the initialize method" do
@wp_target = WpTarget.new("http://example.localhost/", @options.merge(:wp_content_dir => "asdf", :wp_plugins_dir => "custom-plugins"))
@expected = "custom-plugins"
it 'should return the string set in the initialize method' do
@wp_target = WpTarget.new('http://example.localhost/', @options.merge(wp_content_dir: 'asdf', wp_plugins_dir: 'custom-plugins'))
@expected = 'custom-plugins'
end
it "should return 'plugins'" do
@stub_value = "plugins"
@expected = "plugins"
@stub_value = 'plugins'
@expected = 'plugins'
end
it "should return 'wp-content/plugins'" do
@wp_target = WpTarget.new("http://example.localhost/", @options.merge(:wp_content_dir => "wp-content", :wp_plugins_dir => nil))
@expected = "wp-content/plugins"
@wp_target = WpTarget.new('http://example.localhost/', @options.merge(wp_content_dir: 'wp-content', wp_plugins_dir: nil))
@expected = 'wp-content/plugins'
end
end
describe "#wp_plugins_dir_exists?" do
it "should return true" do
target = WpTarget.new("http://example.localhost/", @options.merge(:wp_content_dir => "asdf", :wp_plugins_dir => "custom-plugins"))
describe '#wp_plugins_dir_exists?' do
it 'should return true' do
target = WpTarget.new('http://example.localhost/', @options.merge(wp_content_dir: 'asdf', wp_plugins_dir: 'custom-plugins'))
url = target.uri.merge(target.wp_plugins_dir).to_s
stub_request(:any, url).to_return(:status => 200)
stub_request(:any, url).to_return(status: 200)
target.wp_plugins_dir_exists?.should == true
end
it "should return false" do
target = WpTarget.new("http://example.localhost/", @options.merge(:wp_content_dir => "asdf", :wp_plugins_dir => "custom-plugins"))
it 'should return false' do
target = WpTarget.new('http://example.localhost/', @options.merge(wp_content_dir: 'asdf', wp_plugins_dir: 'custom-plugins'))
url = target.uri.merge(target.wp_plugins_dir).to_s
stub_request(:any, url).to_return(:status => 404)
stub_request(:any, url).to_return(status: 404)
target.wp_plugins_dir_exists?.should == false
end
end
describe "#debug_log_url" do
describe '#debug_log_url' do
it "should return 'http://example.localhost/wp-content/debug.log" do
@wp_target.stub(:wp_content_dir => "wp-content")
@wp_target.debug_log_url.should === "http://example.localhost/wp-content/debug.log"
@wp_target.stub(wp_content_dir: 'wp-content')
@wp_target.debug_log_url.should === 'http://example.localhost/wp-content/debug.log'
end
end
describe "#has_debug_log?" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + "/debug_log" }
describe '#has_debug_log?' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + '/debug_log' }
after :each do
@wp_target.stub(:wp_content_dir => "wp-content")
stub_request_to_fixture(:url => @wp_target.debug_log_url(), :fixture => @fixture)
@wp_target.stub(wp_content_dir: 'wp-content')
stub_request_to_fixture(url: @wp_target.debug_log_url(), fixture: @fixture)
@wp_target.has_debug_log?.should === @expected
end
it "should return false" do
@fixture = SPEC_FIXTURES_DIR + "/empty-file"
it 'should return false' do
@fixture = SPEC_FIXTURES_DIR + '/empty-file'
@expected = false
end
it "should return true" do
@fixture = fixtures_dir + "/debug.log"
it 'should return true' do
@fixture = fixtures_dir + '/debug.log'
@expected = true
end
it "should also detect it if there are PHP notice" do
@fixture = fixtures_dir + "/debug-notice.log"
it 'should also detect it if there are PHP notice' do
@fixture = fixtures_dir + '/debug-notice.log'
@expected = true
end
end
describe "#search_replace_db_2_url" do
it "should return the correct url" do
@wp_target.search_replace_db_2_url.should == "http://example.localhost/searchreplacedb2.php"
describe '#search_replace_db_2_url' do
it 'should return the correct url' do
@wp_target.search_replace_db_2_url.should == 'http://example.localhost/searchreplacedb2.php'
end
end
describe "#search_replace_db_2_exists?" do
it "should return true" do
stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 200, :body => "asdf by interconnect asdf")
describe '#search_replace_db_2_exists?' do
it 'should return true' do
stub_request(:any, @wp_target.search_replace_db_2_url).to_return(status: 200, body: 'asdf by interconnect asdf')
@wp_target.search_replace_db_2_exists?.should be_true
end
it "should return false" do
stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 500)
it 'should return false' do
stub_request(:any, @wp_target.search_replace_db_2_url).to_return(status: 500)
@wp_target.search_replace_db_2_exists?.should be_false
end
it "should return false" do
stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 500, :body => "asdf by interconnect asdf")
it 'should return false' do
stub_request(:any, @wp_target.search_replace_db_2_url).to_return(status: 500, body: 'asdf by interconnect asdf')
@wp_target.search_replace_db_2_exists?.should be_false
end
end
describe "#registration_url" do
it "should return the correct url (multisite)" do
describe '#registration_url' do
it 'should return the correct url (multisite)' do
# set to multi site
stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 200)
@wp_target.registration_url.to_s.should == "http://example.localhost/wp-signup.php"
stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 200)
@wp_target.registration_url.to_s.should == 'http://example.localhost/wp-signup.php'
end
it "should return the correct url (not multisite)" do
it 'should return the correct url (not multisite)' do
# set to single site
stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 302, :headers => { "Location" => "wp-login.php?action=register" })
@wp_target.registration_url.to_s.should == "http://example.localhost/wp-login.php?action=register"
stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 302, headers: { 'Location' => 'wp-login.php?action=register' })
@wp_target.registration_url.to_s.should == 'http://example.localhost/wp-login.php?action=register'
end
end
describe "#registration_enabled?" do
it "should return false (multisite)" do
describe '#registration_enabled?' do
it 'should return false (multisite)' do
# set to multi site
stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 200)
stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 302, :headers => { "Location" => "wp-login.php?registration=disabled" })
stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 200)
stub_request(:any, @wp_target.registration_url.to_s).to_return(status: 302, headers: { 'Location' => 'wp-login.php?registration=disabled' })
@wp_target.registration_enabled?.should be_false
end
it "should return true (multisite)" do
it 'should return true (multisite)' do
# set to multi site
stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 200)
stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 200, :body => %{<form id="setupform" method="post" action="wp-signup.php">})
stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 200)
stub_request(:any, @wp_target.registration_url.to_s).to_return(status: 200, body: %{<form id="setupform" method="post" action="wp-signup.php">})
@wp_target.registration_enabled?.should be_true
end
it "should return false (not multisite)" do
it 'should return false (not multisite)' do
# set to single site
stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 302, :headers => { "Location" => "wp-login.php?action=register" })
stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 302, :headers => { "Location" => "wp-login.php?registration=disabled" })
stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 302, headers: { 'Location' => 'wp-login.php?action=register' })
stub_request(:any, @wp_target.registration_url.to_s).to_return(status: 302, headers: { 'Location' => 'wp-login.php?registration=disabled' })
@wp_target.registration_enabled?.should be_false
end
it "should return true (not multisite)" do
it 'should return true (not multisite)' do
# set to single site
stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 302, :headers => { "Location" => "wp-login.php?action=register" })
stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 200, :body => %{<form name="registerform" id="registerform" action="wp-login.php"})
stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 302, headers: { 'Location' => 'wp-login.php?action=register' })
stub_request(:any, @wp_target.registration_url.to_s).to_return(status: 200, body: %{<form name="registerform" id="registerform" action="wp-login.php"})
@wp_target.registration_enabled?.should be_true
end
it "should return false" do
it 'should return false' do
# set to single site
stub_request(:any, "http://example.localhost/wp-signup.php").to_return(:status => 302, :headers => { "Location" => "wp-login.php?action=register" })
stub_request(:any, @wp_target.registration_url.to_s).to_return(:status => 500)
stub_request(:any, 'http://example.localhost/wp-signup.php').to_return(status: 302, headers: { 'Location' => 'wp-login.php?action=register' })
stub_request(:any, @wp_target.registration_url.to_s).to_return(status: 500)
@wp_target.registration_enabled?.should be_false
end
end
describe "#is_multisite?" do
describe '#is_multisite?' do
before :each do
@url = @wp_target.uri.merge("wp-signup.php").to_s
@url = @wp_target.uri.merge('wp-signup.php').to_s
end
it "should return false" do
stub_request(:any, @url).to_return(:status => 302, :headers => { "Location" => "wp-login.php?action=register" })
it 'should return false' do
stub_request(:any, @url).to_return(status: 302, headers: { 'Location' => 'wp-login.php?action=register' })
@wp_target.is_multisite?.should be_false
end
it "should return true" do
stub_request(:any, @url).to_return(:status => 302, :headers => { "Location" => "http://example.localhost/wp-signup.php" })
it 'should return true' do
stub_request(:any, @url).to_return(status: 302, headers: { 'Location' => 'http://example.localhost/wp-signup.php' })
@wp_target.is_multisite?.should be_true
end
it "should return true" do
stub_request(:any, @url).to_return(:status => 200)
it 'should return true' do
stub_request(:any, @url).to_return(status: 200)
@wp_target.is_multisite?.should be_true
end
it "should return false" do
stub_request(:any, @url).to_return(:status => 500)
it 'should return false' do
stub_request(:any, @url).to_return(status: 500)
@wp_target.is_multisite?.should be_false
end
end

211
spec/lib/wpscan/wp_theme_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,46 +17,46 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
require File.expand_path(File.dirname(__FILE__) + "/wpscan_helper")
require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpTheme do
before :all do
@target_uri = URI.parse("http://example.localhost/")
@target_uri = URI.parse('http://example.localhost/')
Browser.instance(
:config_file => SPEC_FIXTURES_CONF_DIR + "/browser/browser.conf.json",
:cache_timeout => 0
config_file: SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
cache_timeout: 0
)
end
describe "#initialize" do
it "should not raise an exception" do
expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
describe '#initialize' do
it 'should not raise an exception' do
expect { WpTheme.new(base_url: 'url', path: 'path', wp_content_dir: 'dir', name: 'name') }.to_not raise_error
end
it "should not raise an exception (wp_content_dir not set)" do
expect { WpTheme.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error
it 'should not raise an exception (wp_content_dir not set)' do
expect { WpTheme.new(base_url: 'url', path: 'path', name: 'name') }.to_not raise_error
end
it "should raise an exception (base_url not set)" do
expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
it 'should raise an exception (base_url not set)' do
expect { WpTheme.new(path: 'path', wp_content_dir: 'dir', name: 'name') }.to raise_error
end
it "should raise an exception (path not set)" do
expect { WpTheme.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
it 'should raise an exception (path not set)' do
expect { WpTheme.new(base_url: 'url', wp_content_dir: 'dir', name: 'name') }.to raise_error
end
it "should raise an exception (name not set)" do
expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
it 'should raise an exception (name not set)' do
expect { WpTheme.new(base_url: 'url', path: 'path', wp_content_dir: 'dir') }.to raise_error
end
end
describe "#find_from_css_link" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + "/find/css_link" }
describe '#find_from_css_link' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + '/find/css_link' }
after :each do
if @expected_name
stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture)
stub_request_to_fixture(url: @target_uri.to_s, fixture: @fixture)
wp_theme = WpTheme.find_from_css_link(@target_uri)
wp_theme.should be_a WpTheme
@@ -63,36 +64,36 @@ describe WpTheme do
end
end
it "should return nil if no theme is present" do
stub_request(:get, @target_uri.to_s).to_return(:status => 200, :body => "")
it 'should return nil if no theme is present' do
stub_request(:get, @target_uri.to_s).to_return(status: 200, body: '')
WpTheme.find_from_css_link(@target_uri).should be_nil
end
it "should return a WpTheme object with .name = twentyeleven" do
@fixture = fixtures_dir + "/wordpress-twentyeleven.htm"
@expected_name = "twentyeleven"
it 'should return a WpTheme object with .name = twentyeleven' do
@fixture = fixtures_dir + '/wordpress-twentyeleven.htm'
@expected_name = 'twentyeleven'
end
# http://code.google.com/p/wpscan/issues/detail?id=131
# Theme name with spaces raises bad URI(is not URI?)
it "should not raise an error if the theme name has spaces or special chars" do
@fixture = fixtures_dir + "/theme-name-with-spaces.html"
@expected_name = "Copia di simplefolio"
it 'should not raise an error if the theme name has spaces or special chars' do
@fixture = fixtures_dir + '/theme-name-with-spaces.html'
@expected_name = 'Copia di simplefolio'
end
# https://github.com/wpscanteam/wpscan/issues/18
it "should get the theme if the <link> is inline with some other tags" do
@fixture = fixtures_dir + "/inline_link_tag.html"
@expected_name = "inline"
it 'should get the theme if the <link> is inline with some other tags' do
@fixture = fixtures_dir + '/inline_link_tag.html'
@expected_name = 'inline'
end
end
describe "#find_from_wooframework" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + "/find/wooframework" }
describe '#find_from_wooframework' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + '/find/wooframework' }
after :each do
stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture)
stub_request_to_fixture(url: @target_uri.to_s, fixture: @fixture)
wp_theme = WpTheme.find_from_wooframework(@target_uri)
@@ -101,21 +102,21 @@ describe WpTheme do
end
it "should return a WpTheme object with .name 'Editorial' and .version '1.3.5'" do
@fixture = fixtures_dir + "/editorial-1.3.5.html"
@expected_theme = WpTheme.new(:name => "Editorial", :version => "1.3.5", :base_url => "", :path => "", :wp_content_dir => "")
@fixture = fixtures_dir + '/editorial-1.3.5.html'
@expected_theme = WpTheme.new(name: 'Editorial', version: '1.3.5', base_url: '', path: '', wp_content_dir: '')
end
it "should return a WpTheme object with .name 'Merchant'" do
@fixture = fixtures_dir + "/merchant-no-version.html"
@expected_theme = WpTheme.new(:name => "Merchant", :base_url => "", :path => "", :wp_content_dir => "")
@fixture = fixtures_dir + '/merchant-no-version.html'
@expected_theme = WpTheme.new(name: 'Merchant', base_url: '', path: '', wp_content_dir: '')
end
end
describe "#find" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + "/find" }
describe '#find' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + '/find' }
after :each do
stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture)
stub_request_to_fixture(url: @target_uri.to_s, fixture: @fixture)
wp_theme = WpTheme.find(@target_uri)
@@ -127,111 +128,119 @@ describe WpTheme do
end
end
it "should return nil if no theme is found" do
@fixture = SPEC_FIXTURES_DIR + "/empty-file"
it 'should return nil if no theme is found' do
@fixture = SPEC_FIXTURES_DIR + '/empty-file'
@expected_name = nil
end
it "should return a WpTheme object with .name 'twentyeleven'" do
@fixture = fixtures_dir + "/css_link/wordpress-twentyeleven.htm"
@expected_name = "twentyeleven"
@fixture = fixtures_dir + '/css_link/wordpress-twentyeleven.htm'
@expected_name = 'twentyeleven'
end
it "should a WpTheme object with .name 'Merchant'" do
@fixture = fixtures_dir + "/wooframework/merchant-no-version.html"
@expected_name = "Merchant"
@fixture = fixtures_dir + '/wooframework/merchant-no-version.html'
@expected_name = 'Merchant'
end
end
describe "#version" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + "/version" }
let(:theme_style_url) { @target_uri.merge("wp-content/themes/spec-theme/style.css").to_s }
describe '#version' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_THEME_DIR + '/version' }
let(:theme_style_url) { @target_uri.merge('wp-content/themes/spec-theme/style.css').to_s }
after :each do
if @fixture
stub_request_to_fixture(:url => theme_style_url, :fixture => @fixture)
stub_request_to_fixture(url: theme_style_url, fixture: @fixture)
wp_theme = WpTheme.new(:name => "spec-theme", :style_url => theme_style_url, :base_url => "", :path => "", :wp_content_dir => "")
wp_theme = WpTheme.new(name: 'spec-theme', style_url: theme_style_url, base_url: '', path: '', wp_content_dir: '')
wp_theme.version.should === @expected
end
end
it "should return nil if the version is not found" do
@fixture = fixtures_dir + "/twentyeleven-unknow.css"
it 'should return nil if the version is not found' do
@fixture = fixtures_dir + '/twentyeleven-unknow.css'
@expected = nil
end
it "should return nil if the style_url is nil" do
WpTheme.new(:name => "hello-world", :base_url => "", :path => "", :wp_content_dir => "").version.should be_nil
it 'should return nil if the style_url is nil' do
WpTheme.new(name: 'hello-world', base_url: '', path: '', wp_content_dir: '').version.should be_nil
end
it "should return 1.3" do
@fixture = fixtures_dir + "/twentyeleven-1.3.css"
@expected = "1.3"
it 'should return 1.3' do
@fixture = fixtures_dir + '/twentyeleven-1.3.css'
@expected = '1.3'
end
it "should return 1.5.1" do
@fixture = fixtures_dir + "/bueno-1.5.1.css"
@expected = "1.5.1"
it 'should return 1.5.1' do
@fixture = fixtures_dir + '/bueno-1.5.1.css'
@expected = '1.5.1'
end
end
describe "#===" do
it "should return false (name not equal)" do
instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"
describe '#===' do
it 'should return false (name not equal)' do
instance = WpTheme.new(
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'themes/name/asdf.php',
vulns_file: 'XXX.xml',
version: '1.0'
)
instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/newname/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"
instance2 = WpTheme.new(
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'themes/newname/asdf.php',
vulns_file: 'XXX.xml',
version: '1.0'
)
(instance===instance2).should == false
(instance === instance2).should == false
end
it "should return false (version not equal)" do
instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"
it 'should return false (version not equal)' do
instance = WpTheme.new(
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'themes/name/asdf.php',
vulns_file: 'XXX.xml',
version: '1.0'
)
instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php",
:vulns_file => "XXX.xml",
:version => "2.0"
instance2 = WpTheme.new(
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'themes/name/asdf.php',
vulns_file: 'XXX.xml',
version: '2.0'
)
(instance===instance2).should == false
(instance === instance2).should == false
end
it "should return false (version and name not equal)" do
instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"
it 'should return false (version and name not equal)' do
instance = WpTheme.new(
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'themes/name/asdf.php',
vulns_file: 'XXX.xml',
version: '1.0'
)
instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/newname/asdf.php",
:vulns_file => "XXX.xml",
:version => "2.0"
instance2 = WpTheme.new(
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'themes/newname/asdf.php',
vulns_file: 'XXX.xml',
version: '2.0'
)
(instance===instance2).should == false
(instance === instance2).should == false
end
it "should return true" do
instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/test/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"
it 'should return true' do
instance = WpTheme.new(
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'themes/test/asdf.php',
vulns_file: 'XXX.xml',
version: '1.0'
)
instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/test/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"
instance2 = WpTheme.new(
base_url: 'http://sub.example.com/path/to/wordpress/',
path: 'themes/test/asdf.php',
vulns_file: 'XXX.xml',
version: '1.0'
)
(instance===instance2).should == true
(instance === instance2).should == true
end
end
end

83
spec/lib/wpscan/wp_user_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -16,70 +17,70 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
require File.expand_path(File.dirname(__FILE__) + "/wpscan_helper")
require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpUser do
describe "#initialize" do
it "should replace nil with empty" do
describe '#initialize' do
it 'should replace nil with empty' do
user = WpUser.new(nil, nil, nil)
user.name.should == "empty"
user.id.should == "empty"
user.nickname == "empty"
user.name.should == 'empty'
user.id.should == 'empty'
user.nickname == 'empty'
end
it "should initialize a user object" do
user = WpUser.new("name", "id", "nickname")
user.name.should == "name"
user.id.should == "id"
user.nickname == "nickname"
it 'should initialize a user object' do
user = WpUser.new('name', 'id', 'nickname')
user.name.should == 'name'
user.id.should == 'id'
user.nickname == 'nickname'
end
end
describe "#<=>" do
it "should return -1" do
user1 = WpUser.new("b", nil, nil)
user2 = WpUser.new("a", nil, nil)
(user1<=>user2).should === -1
describe '#<=>' do
it 'should return -1' do
user1 = WpUser.new('b', nil, nil)
user2 = WpUser.new('a', nil, nil)
(user1 <=> user2).should === -1
end
it "should return 0" do
user1 = WpUser.new("a", nil, nil)
user2 = WpUser.new("a", nil, nil)
(user1<=>user2).should === 0
it 'should return 0' do
user1 = WpUser.new('a', nil, nil)
user2 = WpUser.new('a', nil, nil)
(user1 <=> user2).should === 0
end
it "should return 1" do
user1 = WpUser.new("a", nil, nil)
user2 = WpUser.new("b", nil, nil)
(user1<=>user2).should === 1
it 'should return 1' do
user1 = WpUser.new('a', nil, nil)
user2 = WpUser.new('b', nil, nil)
(user1 <=> user2).should === 1
end
end
describe "#===" do
it "should return true" do
user1 = WpUser.new("a", "id", "nick")
user2 = WpUser.new("a", "id", "nick")
(user1===user2).should be_true
describe '#===' do
it 'should return true' do
user1 = WpUser.new('a', 'id', 'nick')
user2 = WpUser.new('a', 'id', 'nick')
(user1 === user2).should be_true
end
it "should return false" do
user1 = WpUser.new("a", "id", "nick")
user2 = WpUser.new("b", "id", "nick")
(user1===user2).should be_false
it 'should return false' do
user1 = WpUser.new('a', 'id', 'nick')
user2 = WpUser.new('b', 'id', 'nick')
(user1 === user2).should be_false
end
end
describe "#eql?" do
it "should return true" do
user1 = WpUser.new("a", "id", "nick")
user2 = WpUser.new("a", "id", "nick")
describe '#eql?' do
it 'should return true' do
user1 = WpUser.new('a', 'id', 'nick')
user2 = WpUser.new('a', 'id', 'nick')
(user1.eql? user2).should be_true
end
it "should return false" do
user1 = WpUser.new("a", "id", "nick")
user2 = WpUser.new("b", "id", "nick")
it 'should return false' do
user1 = WpUser.new('a', 'id', 'nick')
user2 = WpUser.new('b', 'id', 'nick')
(user1.eql? user2).should be_false
end
end
end
end

241
spec/lib/wpscan/wp_version_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -22,283 +23,283 @@ describe WpVersion do
before :all do
@target_uri = URI.parse('http://example.localhost/')
@browser = Browser.instance(:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json')
@browser = Browser.instance(config_file: SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json')
end
describe "#find_from_meta_generator" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/meta-generator" }
describe '#find_from_meta_generator' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/meta-generator' }
after :each do
stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture)
WpVersion.find_from_meta_generator(:base_url => @target_uri.to_s).should === @expected
stub_request_to_fixture(url: @target_uri.to_s, fixture: @fixture)
WpVersion.find_from_meta_generator(base_url: @target_uri.to_s).should === @expected
end
it "should return nil if the meta-generator is not found" do
@fixture = fixtures_dir + "/no-meta-generator.htm"
it 'should return nil if the meta-generator is not found' do
@fixture = fixtures_dir + '/no-meta-generator.htm'
@expected = nil
end
it "should return 3.3.2" do
@fixture = fixtures_dir + "/3.3.2.htm"
@expected = "3.3.2"
it 'should return 3.3.2' do
@fixture = fixtures_dir + '/3.3.2.htm'
@expected = '3.3.2'
end
it "should return 3.4-beta4" do
@fixture = fixtures_dir + "/3.4-beta4.htm"
@expected = "3.4-beta4"
it 'should return 3.4-beta4' do
@fixture = fixtures_dir + '/3.4-beta4.htm'
@expected = '3.4-beta4'
end
it "should return nil if it's not a valid version, must contains at least one '.'" do
@fixture = fixtures_dir + "/invalid_version.htm"
@fixture = fixtures_dir + '/invalid_version.htm'
@expected = nil
end
it "should return 3.5" do
@fixture = fixtures_dir + "/3.5_minified.htm"
@expected = "3.5"
it 'should return 3.5' do
@fixture = fixtures_dir + '/3.5_minified.htm'
@expected = '3.5'
end
end
describe "#find_from_rss_generator" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/rss-generator" }
describe '#find_from_rss_generator' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/rss-generator' }
after :each do
@status_code ||= 200
stub_request_to_fixture(:url => @target_uri.merge("feed/").to_s, :status => @status_code, :fixture => @fixture)
WpVersion.find_from_rss_generator(:base_url => @target_uri).should === @expected
stub_request_to_fixture(url: @target_uri.merge('feed/').to_s, status: @status_code, fixture: @fixture)
WpVersion.find_from_rss_generator(base_url: @target_uri).should === @expected
end
it "should return nil on a 404" do
it 'should return nil on a 404' do
@status_code = 404
@fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/404.htm"
@fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/404.htm'
@expected = nil
end
it "should return nil if the rss-generator is not found" do
@fixture = fixtures_dir + "/no-rss-generator.htm"
it 'should return nil if the rss-generator is not found' do
@fixture = fixtures_dir + '/no-rss-generator.htm'
@expected = nil
end
it "should return nil if the version is not found (but the rss-generator is present)" do
@fixture = fixtures_dir + "/no-version.htm"
it 'should return nil if the version is not found (but the rss-generator is present)' do
@fixture = fixtures_dir + '/no-version.htm'
@expected = nil
end
it "shuld return 3.3.2" do
@fixture = fixtures_dir + "/3.3.2.htm"
@expected = "3.3.2"
it 'shuld return 3.3.2' do
@fixture = fixtures_dir + '/3.3.2.htm'
@expected = '3.3.2'
end
it "should return 3.4-beta4" do
@fixture = fixtures_dir + "/3.4-beta4.htm"
@expected = "3.4-beta4"
it 'should return 3.4-beta4' do
@fixture = fixtures_dir + '/3.4-beta4.htm'
@expected = '3.4-beta4'
end
it "should return nil if it's not a valid version, must contains at least one '.'" do
@fixture = fixtures_dir + "/invalid_version.htm"
@fixture = fixtures_dir + '/invalid_version.htm'
@expected = nil
end
end
describe "#find_from_rdf_generator" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/rdf-generator" }
describe '#find_from_rdf_generator' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/rdf-generator' }
after :each do
@status_code ||= 200
stub_request_to_fixture(:url => @target_uri.merge("feed/rdf/").to_s, :status => @status_code, :fixture => @fixture)
WpVersion.find_from_rdf_generator(:base_url => @target_uri).should === @expected
stub_request_to_fixture(url: @target_uri.merge('feed/rdf/').to_s, status: @status_code, fixture: @fixture)
WpVersion.find_from_rdf_generator(base_url: @target_uri).should === @expected
end
it "should return nil on a 404" do
it 'should return nil on a 404' do
@status_code = 404
@fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/404.htm"
@fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/404.htm'
@expected = nil
end
it "should return nil if the rdf-generator is not found" do
@fixture = fixtures_dir + "/no-rdf-generator.htm"
it 'should return nil if the rdf-generator is not found' do
@fixture = fixtures_dir + '/no-rdf-generator.htm'
@expected = nil
end
it "should return nil if the version is not found (but the rdf-generator is present)" do
@fixture = fixtures_dir + "/no-version.htm"
it 'should return nil if the version is not found (but the rdf-generator is present)' do
@fixture = fixtures_dir + '/no-version.htm'
@expected = nil
end
it "shuld return 3.3.2" do
@fixture = fixtures_dir + "/3.3.2.htm"
@expected = "3.3.2"
it 'shuld return 3.3.2' do
@fixture = fixtures_dir + '/3.3.2.htm'
@expected = '3.3.2'
end
it "should return 3.4-beta4" do
@fixture = fixtures_dir + "/3.4-beta4.htm"
@expected = "3.4-beta4"
it 'should return 3.4-beta4' do
@fixture = fixtures_dir + '/3.4-beta4.htm'
@expected = '3.4-beta4'
end
it "should return nil if it's not a valid version, must contains at least one '.'" do
@fixture = fixtures_dir + "/invalid_version.htm"
@fixture = fixtures_dir + '/invalid_version.htm'
@expected = nil
end
end
describe "#find_from_atom_generator" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/atom-generator" }
describe '#find_from_atom_generator' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/atom-generator' }
after :each do
@status_code ||= 200
stub_request_to_fixture(:url => @target_uri.merge("feed/atom/").to_s, :status => @status_code, :fixture => @fixture)
WpVersion.find_from_atom_generator(:base_url => @target_uri).should === @expected
stub_request_to_fixture(url: @target_uri.merge('feed/atom/').to_s, status: @status_code, fixture: @fixture)
WpVersion.find_from_atom_generator(base_url: @target_uri).should === @expected
end
it "should return nil on a 404" do
it 'should return nil on a 404' do
@status_code = 404
@fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/404.htm"
@fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/404.htm'
@expected = nil
end
it "should return nil if the atom-generator is not found" do
@fixture = fixtures_dir + "/no-atom-generator.htm"
it 'should return nil if the atom-generator is not found' do
@fixture = fixtures_dir + '/no-atom-generator.htm'
@expected = nil
end
it "should return nil if the version is not found (but the atom-generator is present)" do
@fixture = fixtures_dir + "/no-version.htm"
it 'should return nil if the version is not found (but the atom-generator is present)' do
@fixture = fixtures_dir + '/no-version.htm'
@expected = nil
end
it "shuld return 3.3.2" do
@fixture = fixtures_dir + "/3.3.2.htm"
@expected = "3.3.2"
it 'shuld return 3.3.2' do
@fixture = fixtures_dir + '/3.3.2.htm'
@expected = '3.3.2'
end
it "should return 3.4-beta4" do
@fixture = fixtures_dir + "/3.4-beta4.htm"
@expected = "3.4-beta4"
it 'should return 3.4-beta4' do
@fixture = fixtures_dir + '/3.4-beta4.htm'
@expected = '3.4-beta4'
end
it "should return nil if it's not a valid version, must contains at least one '.'" do
@fixture = fixtures_dir + "/invalid_version.htm"
@fixture = fixtures_dir + '/invalid_version.htm'
@expected = nil
end
end
describe "#find_from_sitemap_generator" do
describe '#find_from_sitemap_generator' do
after :each do
stub_request(:get, @target_uri.merge("sitemap.xml").to_s).
to_return(:status => 200, :body => @body)
stub_request(:get, @target_uri.merge('sitemap.xml').to_s).
to_return(status: 200, body: @body)
WpVersion.find_from_sitemap_generator(:base_url => @target_uri).should === @expected
WpVersion.find_from_sitemap_generator(base_url: @target_uri).should === @expected
end
it "should return nil if the generator is not found" do
it 'should return nil if the generator is not found' do
@body = ''
@expected = nil
end
it "should return the version : 3.3.2" do
@body = "<!-- generator=\"wordpress/3.3.2\" -->"
@expected = "3.3.2"
it 'should return the version : 3.3.2' do
@body = '<!-- generator="wordpress/3.3.2" -->'
@expected = '3.3.2'
end
it "should return nil if it's not a valid version, must contains at least one '.'" do
@body = "<!-- generator=\"wordpress/5065\" -->"
@body = '<!-- generator="wordpress/5065" -->'
@expected = nil
end
end
describe "#find_from_readme" do
describe '#find_from_readme' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/readme' }
after :each do
@status_code ||= 200
stub_request_to_fixture(:url => @target_uri.merge("readme.html").to_s, :status => @status_code, :fixture => @fixture)
stub_request_to_fixture(url: @target_uri.merge('readme.html').to_s, status: @status_code, fixture: @fixture)
WpVersion.find_from_readme(:base_url => @target_uri).should === @expected
WpVersion.find_from_readme(base_url: @target_uri).should === @expected
end
it "should return nil on a 404" do
it 'should return nil on a 404' do
@status_code = 404
@fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/404.htm"
@fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/404.htm'
@expected = nil
end
it "should return nil if the version number is not present" do
@fixture = fixtures_dir + "/empty-version.html"
it 'should return nil if the version number is not present' do
@fixture = fixtures_dir + '/empty-version.html'
@expected = nil
end
it "should return 3.3.2" do
@fixture = fixtures_dir + "/readme-3.3.2.html"
@expected = "3.3.2"
it 'should return 3.3.2' do
@fixture = fixtures_dir + '/readme-3.3.2.html'
@expected = '3.3.2'
end
it "should return nil if it's not a valid version, must contains at least one '.'" do
@fixture = fixtures_dir + "/invalid_version.html"
@fixture = fixtures_dir + '/invalid_version.html'
@expected = nil
end
end
describe "#find_from_advanced_fingerprinting" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/advanced" }
describe '#find_from_advanced_fingerprinting' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/advanced' }
it "should return 3.2.1" do
it 'should return 3.2.1' do
stub_request_to_fixture(
:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
:fixture => "#{fixtures_dir}/3.2.1.js"
url: @target_uri.merge('wp-admin/js/wp-fullscreen.js').to_s,
fixture: "#{fixtures_dir}/3.2.1.js"
)
version = WpVersion.find_from_advanced_fingerprinting(
:base_url => @target_uri,
:wp_content_dir => "wp-content",
:version_xml => "#{fixtures_dir}/wp_versions.xml"
base_url: @target_uri,
wp_content_dir: 'wp-content',
version_xml: "#{fixtures_dir}/wp_versions.xml"
)
version.should == "3.2.1"
version.should == '3.2.1'
end
end
describe "#find_from_links_opml" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/opml" }
describe '#find_from_links_opml' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/opml' }
it "should return 3.4.2" do
it 'should return 3.4.2' do
stub_request_to_fixture(
:url => @target_uri.merge("wp-links-opml.php").to_s,
:fixture => "#{fixtures_dir}/wp-links-opml.xml"
url: @target_uri.merge('wp-links-opml.php').to_s,
fixture: "#{fixtures_dir}/wp-links-opml.xml"
)
version = WpVersion.find_from_links_opml(:base_url => @target_uri)
version.should == "3.4.2"
version = WpVersion.find_from_links_opml(base_url: @target_uri)
version.should == '3.4.2'
end
it "should return nil" do
it 'should return nil' do
stub_request_to_fixture(
:url => @target_uri.merge("wp-links-opml.php").to_s,
:fixture => "#{fixtures_dir}/wp-links-opml-nogenerator.xml"
url: @target_uri.merge('wp-links-opml.php').to_s,
fixture: "#{fixtures_dir}/wp-links-opml-nogenerator.xml"
)
version = WpVersion.find_from_links_opml(:base_url => @target_uri)
version = WpVersion.find_from_links_opml(base_url: @target_uri)
version.should be_nil
end
end
describe "#initialize" do
it "should initialize a WpVersion object" do
v = WpVersion.new(1, {:discovery_method => "method", :vulns_file => "asdf.xml"})
describe '#initialize' do
it 'should initialize a WpVersion object' do
v = WpVersion.new(1, {discovery_method: 'method', vulns_file: 'asdf.xml'})
v.number.should == 1
v.discovery_method.should == "method"
v.discovery_method.should == 'method'
end
end
describe "#find" do
describe '#find' do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/advanced' }
it "should find all versions" do
it 'should find all versions' do
# All requests get a HTTP 404
stub_request(:any, /.*/).to_return(:status => 404)
stub_request(:any, /.*/).to_return(status: 404)
# Wordpress Version 3.2.1
stub_request_to_fixture(
:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
:fixture => "#{fixtures_dir}/3.2.1.js"
url: @target_uri.merge('wp-admin/js/wp-fullscreen.js').to_s,
fixture: "#{fixtures_dir}/3.2.1.js"
)
version = WpVersion.find(@target_uri, "wp-content")
version.number.should == "3.2.1"
version.discovery_method.should == "advanced fingerprinting"
version = WpVersion.find(@target_uri, 'wp-content')
version.number.should == '3.2.1'
version.discovery_method.should == 'advanced fingerprinting'
end
end

41
spec/lib/wpscan/wp_vulnerability_spec.rb
View File

@@ -1,30 +1,37 @@
# encoding: UTF-8
# TODO
describe "#vulnerabilities" do
let(:location_url) { "http://example.localhost/" }
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/vulnerabilities" }
let(:vulns_file) { fixtures_dir + "/plugin_vulns.xml" }
let(:wp_plugin) { WpPlugin.new(:base_url => location_url,
:name => "spec-plugin",
:path => "plugins/spec-plugin/",
:vulns_file => vulns_file)
describe '#vulnerabilities' do
let(:location_url) { 'http://example.localhost/' }
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' }
let(:vulns_file) { fixtures_dir + '/plugin_vulns.xml' }
let(:wp_plugin) {
WpPlugin.new(
base_url: location_url,
name: 'spec-plugin',
path: 'plugins/spec-plugin/',
vulns_file: vulns_file
)
}
it "should return an empty array when no vulnerabilities are found" do
WpPlugin.new(:base_url => "http://example.localhost/",
:name => "no-vulns",
:path => "plugins/no-vulns/",
:vulns_file => vulns_file).vulnerabilities.should be_empty
it 'should return an empty array when no vulnerabilities are found' do
WpPlugin.new(
base_url: 'http://example.localhost/',
name: 'no-vulns',
path: 'plugins/no-vulns/',
vulns_file: vulns_file
).vulnerabilities.should be_empty
end
it "should return an arry with 2 vulnerabilities" do
it 'should return an arry with 2 vulnerabilities' do
vulnerabilities = wp_plugin.vulnerabilities
vulnerabilities.should_not be_empty
vulnerabilities.length.should == 2
vulnerabilities.each { |vulnerability| vulnerability.should be_a WpVulnerability }
vulnerabilities[0].title.should === "WPScan Spec"
vulnerabilities[1].title.should === "Spec SQL Injection"
vulnerabilities[0].title.should === 'WPScan Spec'
vulnerabilities[1].title.should === 'Spec SQL Injection'
end
end
end

7
spec/lib/wpscan/wpscan_helper.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -35,8 +36,8 @@ class WpScanModuleSpec
def initialize(target_url)
@uri = URI.parse(add_http_protocol(target_url))
Browser.instance(
:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
:cache_timeout => 0
config_file: SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
cache_timeout: 0
)
end
@@ -45,7 +46,7 @@ class WpScanModuleSpec
end
def login_url
@uri.merge("wp-login.php").to_s
@uri.merge('wp-login.php').to_s
end
end

263
spec/lib/wpscan/wpscan_options_spec.rb
View File

@@ -1,3 +1,4 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -18,58 +19,58 @@
require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe "WpscanOptions" do
describe 'WpscanOptions' do
before :each do
@wpscan_options = WpscanOptions.new
end
describe "#initialize" do
it "should set all options to nil" do
describe '#initialize' do
it 'should set all options to nil' do
WpscanOptions::ACCESSOR_OPTIONS.each do |option|
@wpscan_options.send(option).should === nil
end
end
end
describe "#url=" do
it "should raise an error if en empty or nil url is supplied" do
describe '#url=' do
it 'should raise an error if en empty or nil url is supplied' do
expect { @wpscan_options.url = '' }.to raise_error
expect { @wpscan_options.url = nil }.to raise_error
end
it "should add the http protocol if not present" do
@wpscan_options.url = "example.com"
@wpscan_options.url.should === "http://example.com"
it 'should add the http protocol if not present' do
@wpscan_options.url = 'example.com'
@wpscan_options.url.should === 'http://example.com'
end
it "should not add the http protocol if it's already present" do
url = "http://example.com"
url = 'http://example.com'
@wpscan_options.url = url
@wpscan_options.url.should === url
end
end
describe "#threads=" do
it "should convert an integer in a string into an integr" do
@wpscan_options.threads = "10"
describe '#threads=' do
it 'should convert an integer in a string into an integr' do
@wpscan_options.threads = '10'
@wpscan_options.threads.should be_an Integer
@wpscan_options.threads.should === 10
end
it "should set to correct number of threads" do
it 'should set to correct number of threads' do
@wpscan_options.threads = 15
@wpscan_options.threads.should be_an Integer
@wpscan_options.threads.should === 15
end
end
describe "#wordlist=" do
it "should raise an error if the wordlist file does not exist" do
expect { @wpscan_options.wordlist = "/i/do/not/exist.txt" }.to raise_error
describe '#wordlist=' do
it 'should raise an error if the wordlist file does not exist' do
expect { @wpscan_options.wordlist = '/i/do/not/exist.txt' }.to raise_error
end
it "should not raise an error" do
it 'should not raise an error' do
wordlist_file = "#{SPEC_FIXTURES_WPSCAN_WPSCAN_OPTIONS_DIR}/wordlist.txt"
@wpscan_options.wordlist = wordlist_file
@@ -77,39 +78,39 @@ describe "WpscanOptions" do
end
end
describe "#proxy=" do
it "should raise an error" do
describe '#proxy=' do
it 'should raise an error' do
expect { @wpscan_options.proxy = 'invalidproxy' }.to raise_error
end
it "should not raise an error" do
proxy = "127.0.0.1:3038"
it 'should not raise an error' do
proxy = '127.0.0.1:3038'
@wpscan_options.proxy = proxy
@wpscan_options.proxy.should === proxy
end
end
describe "#proxy_auth=" do
it "should raise an error if the format is not correct" do
expect { @wpscan_options.proxy_auth = "invalidauth" }.to raise_error
describe '#proxy_auth=' do
it 'should raise an error if the format is not correct' do
expect { @wpscan_options.proxy_auth = 'invalidauth' }.to raise_error
end
it "should not raise en error" do
proxy_auth = "user:pass"
it 'should not raise en error' do
proxy_auth = 'user:pass'
@wpscan_options.proxy_auth = proxy_auth
@wpscan_options.proxy_auth.should === proxy_auth
end
end
describe "#enumerate_plugins=" do
it "should raise an error" do
describe '#enumerate_plugins=' do
it 'should raise an error' do
@wpscan_options.enumerate_only_vulnerable_plugins = true
expect { @wpscan_options.enumerate_plugins = true }.to raise_error(
RuntimeError, "Please choose only one plugin enumeration option"
RuntimeError, 'Please choose only one plugin enumeration option'
)
end
it "should not raise an error" do
it 'should not raise an error' do
@wpscan_options.enumerate_only_vulnerable_plugins = false
@wpscan_options.enumerate_plugins = true
@@ -117,15 +118,15 @@ describe "WpscanOptions" do
end
end
describe "#enumerate_themes=" do
it "should raise an error" do
describe '#enumerate_themes=' do
it 'should raise an error' do
@wpscan_options.enumerate_only_vulnerable_themes = true
expect { @wpscan_options.enumerate_themes = true }.to raise_error(
RuntimeError, "Please choose only one theme enumeration option"
RuntimeError, 'Please choose only one theme enumeration option'
)
end
it "should not raise an error" do
it 'should not raise an error' do
@wpscan_options.enumerate_only_vulnerable_themes = false
@wpscan_options.enumerate_themes = true
@@ -133,15 +134,15 @@ describe "WpscanOptions" do
end
end
describe "#enumerate_only_vulnerable_plugins=" do
it "should raise an error" do
describe '#enumerate_only_vulnerable_plugins=' do
it 'should raise an error' do
@wpscan_options.enumerate_plugins = true
expect { @wpscan_options.enumerate_only_vulnerable_plugins = true }.to raise_error(
RuntimeError, "Please choose only one plugin enumeration option"
RuntimeError, 'Please choose only one plugin enumeration option'
)
end
it "should not raise an error" do
it 'should not raise an error' do
@wpscan_options.enumerate_plugins = false
@wpscan_options.enumerate_only_vulnerable_plugins = true
@@ -149,15 +150,15 @@ describe "WpscanOptions" do
end
end
describe "#enumerate_only_vulnerable_themes=" do
it "should raise an error" do
describe '#enumerate_only_vulnerable_themes=' do
it 'should raise an error' do
@wpscan_options.enumerate_themes = true
expect { @wpscan_options.enumerate_only_vulnerable_themes = true }.to raise_error(
RuntimeError, "Please choose only one theme enumeration option"
RuntimeError, 'Please choose only one theme enumeration option'
)
end
it "should not raise an error" do
it 'should not raise an error' do
@wpscan_options.enumerate_themes = false
@wpscan_options.enumerate_only_vulnerable_themes = true
@@ -165,15 +166,15 @@ describe "WpscanOptions" do
end
end
describe "#enumerate_all_themes=" do
it "should raise an error" do
describe '#enumerate_all_themes=' do
it 'should raise an error' do
@wpscan_options.enumerate_themes = true
expect { @wpscan_options.enumerate_all_themes = true }.to raise_error(
RuntimeError, "Please choose only one theme enumeration option"
RuntimeError, 'Please choose only one theme enumeration option'
)
end
it "should not raise an error" do
it 'should not raise an error' do
@wpscan_options.enumerate_themes = false
@wpscan_options.enumerate_all_themes = true
@@ -181,15 +182,15 @@ describe "WpscanOptions" do
end
end
describe "#enumerate_all_plugins=" do
it "should raise an error" do
describe '#enumerate_all_plugins=' do
it 'should raise an error' do
@wpscan_options.enumerate_plugins = true
expect { @wpscan_options.enumerate_all_plugins = true }.to raise_error(
RuntimeError, "Please choose only one plugin enumeration option"
RuntimeError, 'Please choose only one plugin enumeration option'
)
end
it "should not raise an error" do
it 'should not raise an error' do
@wpscan_options.enumerate_plugins = false
@wpscan_options.enumerate_all_plugins = true
@@ -197,112 +198,112 @@ describe "WpscanOptions" do
end
end
describe "#basic_auth=" do
context "invalid format" do
it "should raise an error if the : is missing" do
expect { @wpscan_options.basic_auth = "helloworld" }.to raise_error(
RuntimeError, "Invalid basic authentication format, login:password expected"
describe '#basic_auth=' do
context 'invalid format' do
it 'should raise an error if the : is missing' do
expect { @wpscan_options.basic_auth = 'helloworld' }.to raise_error(
RuntimeError, 'Invalid basic authentication format, login:password expected'
)
end
end
context "valid format" do
context 'valid format' do
it "should add the 'Basic' word and do the encode64. See RFC 2617" do
@wpscan_options.basic_auth = "Aladdin:open sesame"
@wpscan_options.basic_auth.should == "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
@wpscan_options.basic_auth = 'Aladdin:open sesame'
@wpscan_options.basic_auth.should == 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
end
end
end
describe "#has_options?" do
it "should return false" do
describe '#has_options?' do
it 'should return false' do
@wpscan_options.has_options?.should be_false
end
it "should return true" do
it 'should return true' do
@wpscan_options.verbose = false
@wpscan_options.has_options?.should be_true
end
end
describe "#to_h" do
it "should return an empty hash" do
describe '#to_h' do
it 'should return an empty hash' do
@wpscan_options.to_h.should be_a Hash
@wpscan_options.to_h.should be_empty
end
it "should return a hash with :verbose = true" do
expected = {:verbose => true}
it 'should return a hash with :verbose = true' do
expected = {verbose: true}
@wpscan_options.verbose = true
@wpscan_options.to_h.should === expected
end
end
describe "#clean_option" do
describe '#clean_option' do
after :each do
WpscanOptions.clean_option(@option).should === @expected
end
it "should return 'url'" do
@option = "--url"
@expected = "url"
@option = '--url'
@expected = 'url'
end
it "should return 'u'" do
@option = "-u"
@option = '-u'
@expected = 'u'
end
it "should return 'follow_redirection'" do
@option = "--follow-redirection"
@expected = "follow_redirection"
@option = '--follow-redirection'
@expected = 'follow_redirection'
end
end
describe "#option_to_instance_variable_setter" do
describe '#option_to_instance_variable_setter' do
after :each do
WpscanOptions.option_to_instance_variable_setter(@argument).should === @expected
end
it "should return :url=" do
@argument = "--url"
it 'should return :url=' do
@argument = '--url'
@expected = :url=
end
it "should return :verbose=" do
@argument = "--verbose"
it 'should return :verbose=' do
@argument = '--verbose'
@expected = :verbose=
end
it "should return :proxy= for --proxy" do
@argument = "--proxy"
it 'should return :proxy= for --proxy' do
@argument = '--proxy'
@expected = :proxy=
end
it "should return nil for --enumerate" do
@argument = "--enumerate"
it 'should return nil for --enumerate' do
@argument = '--enumerate'
@expected = nil
end
it "should return :proxy_auth= for --proxy_auth" do
@argument = "--proxy_auth"
it 'should return :proxy_auth= for --proxy_auth' do
@argument = '--proxy_auth'
@expected = :proxy_auth=
end
end
describe "#is_long_option?" do
it "should return true" do
WpscanOptions.is_long_option?("--url").should be_true
describe '#is_long_option?' do
it 'should return true' do
WpscanOptions.is_long_option?('--url').should be_true
end
it "should return false" do
WpscanOptions.is_long_option?("hello").should be_false
WpscanOptions.is_long_option?("--enumerate").should be_false
it 'should return false' do
WpscanOptions.is_long_option?('hello').should be_false
WpscanOptions.is_long_option?('--enumerate').should be_false
end
end
describe "#enumerate_options_from_string" do
describe '#enumerate_options_from_string' do
after :each do
if @argument
wpscan_options = WpscanOptions.new
@@ -311,109 +312,109 @@ describe "WpscanOptions" do
end
end
it "should raise an error if p and p! are " do
expect { @wpscan_options.enumerate_options_from_string("p,vp") }.to raise_error
it 'should raise an error if p and p! are ' do
expect { @wpscan_options.enumerate_options_from_string('p,vp') }.to raise_error
end
it "should set enumerate_plugins to true" do
it 'should set enumerate_plugins to true' do
@argument = 'p'
@expected_hash = {:enumerate_plugins => true}
@expected_hash = {enumerate_plugins: true}
end
it "should set enumerate_only_vulnerable_plugins to tue" do
@argument = "vp"
@expected_hash = {:enumerate_only_vulnerable_plugins => true}
it 'should set enumerate_only_vulnerable_plugins to tue' do
@argument = 'vp'
@expected_hash = {enumerate_only_vulnerable_plugins: true}
end
it "should set enumerate_timthumbs to true" do
it 'should set enumerate_timthumbs to true' do
@argument = 'tt'
@expected_hash = {:enumerate_timthumbs => true}
@expected_hash = {enumerate_timthumbs: true}
end
it "should set enumerate_usernames to true" do
it 'should set enumerate_usernames to true' do
@argument = 'u'
@expected_hash = {:enumerate_usernames => true}
@expected_hash = {enumerate_usernames: true}
end
it "should set enumerate_usernames to true and enumerate_usernames_range to (1..20)" do
@argument = "u[1-20]"
@expected_hash = {:enumerate_usernames => true, :enumerate_usernames_range => (1..20)}
it 'should set enumerate_usernames to true and enumerate_usernames_range to (1..20)' do
@argument = 'u[1-20]'
@expected_hash = {enumerate_usernames: true, enumerate_usernames_range: (1..20)}
end
# Let's try some multiple choices
it "should set enumerate_timthumbs to true, enumerate_usernames to true, enumerate_usernames_range to (1..2)" do
@argument = "u[1-2],tt"
it 'should set enumerate_timthumbs to true, enumerate_usernames to true, enumerate_usernames_range to (1..2)' do
@argument = 'u[1-2],tt'
@expected_hash = {
:enumerate_usernames => true, :enumerate_usernames_range => (1..2),
:enumerate_timthumbs => true
enumerate_usernames: true, enumerate_usernames_range: (1..2),
enumerate_timthumbs: true
}
end
end
describe "#set_option_from_cli" do
it "should raise an error with unknow option" do
expect { @wpscan_options.set_option_from_cli("hello", "") }.to raise_error
describe '#set_option_from_cli' do
it 'should raise an error with unknow option' do
expect { @wpscan_options.set_option_from_cli('hello', '') }.to raise_error
end
it "should set @url to example.com" do
@wpscan_options.set_option_from_cli("--url", "example.com")
@wpscan_options.url.should === "http://example.com"
it 'should set @url to example.com' do
@wpscan_options.set_option_from_cli('--url', 'example.com')
@wpscan_options.url.should === 'http://example.com'
end
it "should set @enumerate_plugins to true" do
@wpscan_options.set_option_from_cli("--enumerate", "p")
it 'should set @enumerate_plugins to true' do
@wpscan_options.set_option_from_cli('--enumerate', 'p')
@wpscan_options.enumerate_plugins.should be_true
@wpscan_options.enumerate_only_vulnerable_plugins.should be_nil
end
it "should set @enumerate_only_vulnerable_plugins, @enumerate_timthumbs and @enumerate_usernames to true if no argument is given" do
@wpscan_options.set_option_from_cli("--enumerate", '')
it 'should set @enumerate_only_vulnerable_plugins, @enumerate_timthumbs and @enumerate_usernames to true if no argument is given' do
@wpscan_options.set_option_from_cli('--enumerate', '')
@wpscan_options.enumerate_only_vulnerable_plugins.should be_true
@wpscan_options.enumerate_timthumbs.should be_true
@wpscan_options.enumerate_usernames.should be_true
end
end
describe "#load_from_arguments" do
describe '#load_from_arguments' do
after :each do
set_argv(@argv)
wpscan_options = WpscanOptions.load_from_arguments
wpscan_options.to_h.should === @expected_hash
end
it "should return {}" do
it 'should return {}' do
@argv = ''
@expected_hash = {}
end
it "should return {:url => 'example.com'}" do
@argv = "--url example.com"
@expected_hash = {:url => "http://example.com"}
@argv = '--url example.com'
@expected_hash = { url: 'http://example.com' }
end
it "should return {:url => 'example.com'}" do
@argv = "-u example.com"
@expected_hash = {:url => "http://example.com"}
@argv = '-u example.com'
@expected_hash = { url: 'http://example.com' }
end
it "should return {:username => 'admin'}" do
@argv = "--username admin"
@expected_hash = {:username => "admin"}
@argv = '--username admin'
@expected_hash = { username: 'admin' }
end
it "should return {:username => 'Youhou'}" do
@argv = "-U Youhou"
@expected_hash = {:username => "Youhou"}
@argv = '-U Youhou'
@expected_hash = { username: 'Youhou' }
end
it "should return {:url => 'example.com', :threads => 5, :force => ''}" do
@argv = "-u example.com --force -t 5"
@expected_hash = {:url => "http://example.com", :threads => 5, :force => ""}
@argv = '-u example.com --force -t 5'
@expected_hash = { url: 'http://example.com', threads: 5, force: '' }
end
it "should return {:url => 'example.com', :enumerate_plugins => true, :enumerate_timthumbs => true}" do
@argv = "-u example.com -e p,tt"
@expected_hash = {:url => 'http://example.com', :enumerate_plugins => true, :enumerate_timthumbs => true}
@argv = '-u example.com -e p,tt'
@expected_hash = { url: 'http://example.com', enumerate_plugins: true, enumerate_timthumbs: true }
end
end