garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rspec 3.0 support

Browse Source
This commit is contained in:
erwanlr
2014-06-02 22:06:49 +02:00
parent c12b1d0670
commit c8c126d444
55 changed files with 338 additions and 336 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
spec/lib/wpscan/web_site_spec.rb
View File

@@ -18,13 +18,13 @@ describe 'WebSite' do
end
describe "#new" do
its(:url) { should === 'http://example.localhost/' }
its(:url) { is_expected.to be === 'http://example.localhost/' }
end
describe '#url=' do
after :each do
web_site.url = @uri
web_site.url.should === @expected
expect(web_site.url).to be === @expected
end
context 'when protocol or trailing slash is missing' do
@@ -45,30 +45,30 @@ describe 'WebSite' do
describe '#online?' do
it 'should not be considered online if the status code is 0' do
stub_request(:get, web_site.url).to_return(status: 0)
web_site.should_not be_online
expect(web_site).not_to be_online
end
it 'should be considered online if the status code is != 0' do
stub_request(:get, web_site.url).to_return(status: 200)
web_site.should be_online
expect(web_site).to be_online
end
end
describe '#has_basic_auth?' do
it 'should detect that the wpsite is basic auth protected' do
stub_request(:get, web_site.url).to_return(status: 401)
web_site.should have_basic_auth
expect(web_site).to have_basic_auth
end
it 'should not have a basic auth for a 200' do
stub_request(:get, web_site.url).to_return(status: 200)
web_site.should_not have_basic_auth
expect(web_site).not_to have_basic_auth
end
end
describe '#xml_rpc_url' do
it 'returns the xmlrpc url' do
web_site.xml_rpc_url.should === "http://example.localhost/xmlrpc.php"
expect(web_site.xml_rpc_url).to be === "http://example.localhost/xmlrpc.php"
end
end
@@ -77,17 +77,17 @@ describe 'WebSite' do
stub_request(:get, web_site.xml_rpc_url).
to_return(status: 200, body: "XML-RPC server accepts POST requests only")
web_site.should have_xml_rpc
expect(web_site).to have_xml_rpc
end
it 'returns false' do
stub_request(:get, web_site.xml_rpc_url).to_return(status: 200)
web_site.should_not have_xml_rpc
expect(web_site).not_to have_xml_rpc
end
end
describe '#page_hash' do
after { WebSite.page_hash(page).should == Digest::MD5.hexdigest(@expected) }
after { expect(WebSite.page_hash(page)).to eq Digest::MD5.hexdigest(@expected) }
context 'when the page is an url' do
let(:page) { 'http://e.localhost/somepage.php' }
@@ -125,7 +125,7 @@ describe 'WebSite' do
body = 'Hello World'
stub_request(:get, web_site.url).to_return(body: body)
web_site.homepage_hash.should === Digest::MD5.hexdigest(body)
expect(web_site.homepage_hash).to be === Digest::MD5.hexdigest(body)
end
end
@@ -134,19 +134,19 @@ describe 'WebSite' do
stub_request(:any, /.*/).
to_return(status: 404, body: '404 page !')
web_site.error_404_hash.should === Digest::MD5.hexdigest('404 page !')
expect(web_site.error_404_hash).to be === Digest::MD5.hexdigest('404 page !')
end
end
describe '#rss_url' do
it 'returns nil if the url is not found' do
stub_request(:get, web_site.url).to_return(body: 'No RSS link in this body !')
web_site.rss_url.should be_nil
expect(web_site.rss_url).to be_nil
end
it "returns 'http://lamp-wp/wordpress-3.5/?feed=rss2'" do
stub_request_to_fixture(url: web_site.url, fixture: fixtures_dir + '/rss_url/wordpress-3.5.htm')
web_site.rss_url.should === 'http://lamp-wp/wordpress-3.5/?feed=rss2'
expect(web_site.rss_url).to be === 'http://lamp-wp/wordpress-3.5/?feed=rss2'
end
end
@@ -156,7 +156,7 @@ describe 'WebSite' do
after do
stub_request_to_fixture(url: log_url, fixture: fixtures_dir + "/has_log/#{@file}")
WebSite.has_log?(log_url, pattern).should == @expected
expect(WebSite.has_log?(log_url, pattern)).to eq @expected
end
context 'when the pattern does not match' do

44
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -37,7 +37,7 @@ describe WpTarget do
it 'returns the login url of the target' do
stub_request(:get, login_url).to_return(status: 200, body: '')
wp_target.login_url.should === login_url
expect(wp_target.login_url).to be === login_url
end
it 'returns the redirection url if there is one (ie: for https)' do
@@ -46,7 +46,7 @@ describe WpTarget do
stub_request(:get, login_url).to_return(status: 302, headers: { location: https_login_url })
stub_request(:get, https_login_url).to_return(status: 200)
wp_target.login_url.should === https_login_url
expect(wp_target.login_url).to be === https_login_url
end
end
@@ -57,7 +57,7 @@ describe WpTarget do
to_return(status: 200, body: '', headers: { 'X-Pingback' => wp_target.uri.merge('xmlrpc.php')})
# Preventing redirection check from login_url()
wp_target.stub(redirection: nil)
allow(wp_target).to receive_messages(redirection: nil)
[wp_target.login_url, wp_target.xml_rpc_url].each do |url|
stub_request(:get, url).to_return(status: 404, body: '')
@@ -67,25 +67,25 @@ describe WpTarget do
it 'returns true if there is a /wp-content/ detected in the index page source' do
stub_request_to_fixture(url: wp_target.url, fixture: fixtures_dir + '/wp_content_dir/wordpress-3.4.1.htm')
wp_target.should be_wordpress
expect(wp_target).to be_wordpress
end
it 'returns true if the xmlrpc is found' do
stub_request(:get, wp_target.xml_rpc_url).
to_return(status: 200, body: File.new(fixtures_dir + '/xmlrpc.php'))
wp_target.should be_wordpress
expect(wp_target).to be_wordpress
end
it 'returns true if the wp-login is found and is a valid wordpress one' do
stub_request(:get, wp_target.login_url).
to_return(status: 200, body: File.new(fixtures_dir + '/wp-login.php'))
wp_target.should be_wordpress
expect(wp_target).to be_wordpress
end
it 'returns false if both files are not found (404)' do
wp_target.should_not be_wordpress
expect(wp_target).not_to be_wordpress
end
context 'when the url contains "wordpress" and is a 404' do
@@ -94,7 +94,7 @@ describe WpTarget do
it 'returns false' do
stub_request(:get, wp_target.login_url).to_return(status: 404, body: 'The requested URL /wordpress-3.5. was not found on this server.')
wp_target.should_not be_wordpress
expect(wp_target).not_to be_wordpress
end
end
@@ -110,17 +110,17 @@ describe WpTarget do
describe '#wordpress_hosted?' do
it 'returns true if target url is a wordpress.com subdomain' do
target = WpTarget.new('http://test.wordpress.com/')
target.wordpress_hosted?.should be_true
expect(target.wordpress_hosted?).to be_truthy
end
it 'returns true if target url is a wordpress.com subdomain and has querystring' do
target = WpTarget.new('http://test.wordpress.com/path/file.php?a=b')
target.wordpress_hosted?.should be_true
expect(target.wordpress_hosted?).to be_truthy
end
it 'returns false if target url is not a wordpress.com subdomain' do
target = WpTarget.new('http://test.example.com/')
target.wordpress_hosted?.should be_false
expect(target.wordpress_hosted?).to be_falsey
end
end
@@ -128,7 +128,7 @@ describe WpTarget do
it 'returns nil if no redirection detected' do
stub_request(:get, wp_target.url).to_return(status: 200, body: '')
wp_target.redirection.should be_nil
expect(wp_target.redirection).to be_nil
end
[301, 302].each do |status_code|
@@ -140,7 +140,7 @@ describe WpTarget do
stub_request(:get, new_location).to_return(status: 200)
wp_target.redirection.should === 'http://new-location.com'
expect(wp_target.redirection).to be === 'http://new-location.com'
end
end
@@ -153,15 +153,15 @@ describe WpTarget do
stub_request(:get, first_redirection).to_return(status: 302, headers: { location: last_redirection })
stub_request(:get, last_redirection).to_return(status: 200)
wp_target.redirection.should === last_redirection
expect(wp_target.redirection).to be === last_redirection
end
end
end
describe '#debug_log_url' do
it "returns 'http://example.localhost/wp-content/debug.log" do
wp_target.stub(wp_content_dir: 'wp-content')
wp_target.debug_log_url.should === 'http://example.localhost/wp-content/debug.log'
allow(wp_target).to receive_messages(wp_content_dir: 'wp-content')
expect(wp_target.debug_log_url).to be === 'http://example.localhost/wp-content/debug.log'
end
end
@@ -169,9 +169,9 @@ describe WpTarget do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR + '/debug_log' }
after :each do
wp_target.stub(wp_content_dir: 'wp-content')
allow(wp_target).to receive_messages(wp_content_dir: 'wp-content')
stub_request_to_fixture(url: wp_target.debug_log_url(), fixture: @fixture)
wp_target.has_debug_log?.should === @expected
expect(wp_target.has_debug_log?).to be === @expected
end
it 'returns false' do
@@ -192,24 +192,24 @@ describe WpTarget do
describe '#search_replace_db_2_url' do
it 'returns the correct url' do
wp_target.search_replace_db_2_url.should == 'http://example.localhost/searchreplacedb2.php'
expect(wp_target.search_replace_db_2_url).to eq 'http://example.localhost/searchreplacedb2.php'
end
end
describe '#search_replace_db_2_exists?' do
it 'returns true' do
stub_request(:any, wp_target.search_replace_db_2_url).to_return(status: 200, body: 'asdf by interconnect asdf')
wp_target.search_replace_db_2_exists?.should be_true
expect(wp_target.search_replace_db_2_exists?).to be_truthy
end
it 'returns false' do
stub_request(:any, wp_target.search_replace_db_2_url).to_return(status: 500)
wp_target.search_replace_db_2_exists?.should be_false
expect(wp_target.search_replace_db_2_exists?).to be_falsey
end
it 'returns false' do
stub_request(:any, wp_target.search_replace_db_2_url).to_return(status: 500, body: 'asdf by interconnect asdf')
wp_target.search_replace_db_2_exists?.should be_false
expect(wp_target.search_replace_db_2_exists?).to be_falsey
end
end

70
spec/lib/wpscan/wpscan_options_spec.rb
View File

@@ -11,7 +11,7 @@ describe 'WpscanOptions' do
describe '#initialize' do
it 'should set all options to nil' do
WpscanOptions::ACCESSOR_OPTIONS.each do |option|
@wpscan_options.send(option).should === nil
expect(@wpscan_options.send(option)).to be === nil
end
end
end
@@ -24,27 +24,27 @@ describe 'WpscanOptions' do
it 'should add the http protocol if not present' do
@wpscan_options.url = 'example.com'
@wpscan_options.url.should === 'http://example.com'
expect(@wpscan_options.url).to be === 'http://example.com'
end
it "should not add the http protocol if it's already present" do
url = 'http://example.com'
@wpscan_options.url = url
@wpscan_options.url.should === url
expect(@wpscan_options.url).to be === url
end
end
describe '#threads=' do
it 'should convert an integer in a string into an integr' do
@wpscan_options.threads = '10'
@wpscan_options.threads.should be_an Integer
@wpscan_options.threads.should === 10
expect(@wpscan_options.threads).to be_an Integer
expect(@wpscan_options.threads).to be === 10
end
it 'should set to correct number of threads' do
@wpscan_options.threads = 15
@wpscan_options.threads.should be_an Integer
@wpscan_options.threads.should === 15
expect(@wpscan_options.threads).to be_an Integer
expect(@wpscan_options.threads).to be === 15
end
end
@@ -57,7 +57,7 @@ describe 'WpscanOptions' do
wordlist_file = "#{SPEC_FIXTURES_WPSCAN_WPSCAN_OPTIONS_DIR}/wordlist.txt"
@wpscan_options.wordlist = wordlist_file
@wpscan_options.wordlist.should === wordlist_file
expect(@wpscan_options.wordlist).to be === wordlist_file
end
end
@@ -69,7 +69,7 @@ describe 'WpscanOptions' do
it 'should not raise an error' do
proxy = '127.0.0.1:3038'
@wpscan_options.proxy = proxy
@wpscan_options.proxy.should === proxy
expect(@wpscan_options.proxy).to be === proxy
end
end
@@ -81,7 +81,7 @@ describe 'WpscanOptions' do
it 'should not raise en error' do
proxy_auth = 'user:pass'
@wpscan_options.proxy_auth = proxy_auth
@wpscan_options.proxy_auth.should === proxy_auth
expect(@wpscan_options.proxy_auth).to be === proxy_auth
end
end
@@ -97,7 +97,7 @@ describe 'WpscanOptions' do
@wpscan_options.enumerate_only_vulnerable_plugins = false
@wpscan_options.enumerate_plugins = true
@wpscan_options.enumerate_plugins.should be_true
expect(@wpscan_options.enumerate_plugins).to be_truthy
end
end
@@ -113,7 +113,7 @@ describe 'WpscanOptions' do
@wpscan_options.enumerate_only_vulnerable_themes = false
@wpscan_options.enumerate_themes = true
@wpscan_options.enumerate_themes.should be_true
expect(@wpscan_options.enumerate_themes).to be_truthy
end
end
@@ -129,7 +129,7 @@ describe 'WpscanOptions' do
@wpscan_options.enumerate_plugins = false
@wpscan_options.enumerate_only_vulnerable_plugins = true
@wpscan_options.enumerate_only_vulnerable_plugins.should be_true
expect(@wpscan_options.enumerate_only_vulnerable_plugins).to be_truthy
end
end
@@ -145,7 +145,7 @@ describe 'WpscanOptions' do
@wpscan_options.enumerate_themes = false
@wpscan_options.enumerate_only_vulnerable_themes = true
@wpscan_options.enumerate_only_vulnerable_themes.should be_true
expect(@wpscan_options.enumerate_only_vulnerable_themes).to be_truthy
end
end
@@ -161,7 +161,7 @@ describe 'WpscanOptions' do
@wpscan_options.enumerate_themes = false
@wpscan_options.enumerate_all_themes = true
@wpscan_options.enumerate_all_themes.should be_true
expect(@wpscan_options.enumerate_all_themes).to be_truthy
end
end
@@ -177,7 +177,7 @@ describe 'WpscanOptions' do
@wpscan_options.enumerate_plugins = false
@wpscan_options.enumerate_all_plugins = true
@wpscan_options.enumerate_all_plugins.should be_true
expect(@wpscan_options.enumerate_all_plugins).to be_truthy
end
end
@@ -193,39 +193,39 @@ describe 'WpscanOptions' do
context 'valid format' do
it "should add the 'Basic' word and do the encode64. See RFC 2617" do
@wpscan_options.basic_auth = 'Aladdin:open sesame'
@wpscan_options.basic_auth.should == 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
expect(@wpscan_options.basic_auth).to eq 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
end
end
end
describe '#has_options?' do
it 'should return false' do
@wpscan_options.has_options?.should be_false
expect(@wpscan_options.has_options?).to be_falsey
end
it 'should return true' do
@wpscan_options.verbose = false
@wpscan_options.has_options?.should be_true
expect(@wpscan_options.has_options?).to be_truthy
end
end
describe '#to_h' do
it 'should return an empty hash' do
@wpscan_options.to_h.should be_a Hash
@wpscan_options.to_h.should be_empty
expect(@wpscan_options.to_h).to be_a Hash
expect(@wpscan_options.to_h).to be_empty
end
it 'should return a hash with :verbose = true' do
expected = {verbose: true}
@wpscan_options.verbose = true
@wpscan_options.to_h.should === expected
expect(@wpscan_options.to_h).to be === expected
end
end
describe '#clean_option' do
after :each do
WpscanOptions.clean_option(@option).should === @expected
expect(WpscanOptions.clean_option(@option)).to be === @expected
end
it "should return 'url'" do
@@ -246,7 +246,7 @@ describe 'WpscanOptions' do
describe '#option_to_instance_variable_setter' do
after :each do
WpscanOptions.option_to_instance_variable_setter(@argument).should === @expected
expect(WpscanOptions.option_to_instance_variable_setter(@argument)).to be === @expected
end
it 'should return :url=' do
@@ -277,12 +277,12 @@ describe 'WpscanOptions' do
describe '#is_long_option?' do
it 'should return true' do
WpscanOptions.is_long_option?('--url').should be_true
expect(WpscanOptions.is_long_option?('--url')).to be_truthy
end
it 'should return false' do
WpscanOptions.is_long_option?('hello').should be_false
WpscanOptions.is_long_option?('--enumerate').should be_false
expect(WpscanOptions.is_long_option?('hello')).to be_falsey
expect(WpscanOptions.is_long_option?('--enumerate')).to be_falsey
end
end
@@ -291,7 +291,7 @@ describe 'WpscanOptions' do
if @argument
wpscan_options = WpscanOptions.new
wpscan_options.enumerate_options_from_string(@argument)
wpscan_options.to_h.should === @expected_hash
expect(wpscan_options.to_h).to be === @expected_hash
end
end
@@ -341,20 +341,20 @@ describe 'WpscanOptions' do
it 'should set @url to example.com' do
@wpscan_options.set_option_from_cli('--url', 'example.com')
@wpscan_options.url.should === 'http://example.com'
expect(@wpscan_options.url).to be === 'http://example.com'
end
it 'should set @enumerate_plugins to true' do
@wpscan_options.set_option_from_cli('--enumerate', 'p')
@wpscan_options.enumerate_plugins.should be_true
@wpscan_options.enumerate_only_vulnerable_plugins.should be_nil
expect(@wpscan_options.enumerate_plugins).to be_truthy
expect(@wpscan_options.enumerate_only_vulnerable_plugins).to be_nil
end
it 'should set @enumerate_only_vulnerable_plugins, @enumerate_timthumbs and @enumerate_usernames to true if no argument is given' do
@wpscan_options.set_option_from_cli('--enumerate', '')
@wpscan_options.enumerate_only_vulnerable_plugins.should be_true
@wpscan_options.enumerate_timthumbs.should be_true
@wpscan_options.enumerate_usernames.should be_true
expect(@wpscan_options.enumerate_only_vulnerable_plugins).to be_truthy
expect(@wpscan_options.enumerate_timthumbs).to be_truthy
expect(@wpscan_options.enumerate_usernames).to be_truthy
end
end
@@ -362,7 +362,7 @@ describe 'WpscanOptions' do
after :each do
set_argv(@argv)
wpscan_options = WpscanOptions.load_from_arguments
wpscan_options.to_h.should === @expected_hash
expect(wpscan_options.to_h).to be === @expected_hash
end
it 'should return {}' do