rspecs #179

lib/common/models/wp_item/vulnerable.rb

@@ -14,18 +14,28 @@ class WpItem
 
       xml.xpath(vulns_xpath).each do |node|
         vuln = Vulnerability.load_from_xml_node(node)
-        if vuln
-          if version && vuln.fixed_in && !vuln.fixed_in.empty?
-            unless VersionCompare::is_newer_or_same?(vuln.fixed_in, version)
-              vulnerabilities << vuln
-            end
-          else
-            vulnerabilities << vuln
-          end
+        if vulnerable_to?(vuln)
+          vulnerabilities << vuln
         end
       end
       vulnerabilities
     end
+
+    # Checks if a item is vulnerable to a specific vulnerability
+    #
+    # @param [ Vulnerability ] vuln Vulnerability to check the item against
+    #
+    # @return [ Boolean ]
+    def vulnerable_to?(vuln)
+      if version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
+        unless VersionCompare::is_newer_or_same?(vuln.fixed_in, version)
+          return true
+        end
+      else
+        return true
+      end
+      return false
+    end
   end
 
 end

spec/lib/common/models/vulnerability_spec.rb

@@ -5,24 +5,35 @@ require 'spec_helper'
 describe Vulnerability do
 
   describe '#new' do
-    subject(:vulnerability) { Vulnerability.new(title, type, references, modules) }
+    subject(:vulnerability) { Vulnerability.new(title, type, references, modules, fixed_version) }
     let(:title)             { 'A vulnerability title' }
     let(:type)              { 'XSS' }
     let(:references)        { %w{http://ref1.com http://ref2.com} }
 
-    context 'w/o metasploit modules argument' do
+    context 'w/o metasploit and fixed version modules argument' do
       subject(:vulnerability) { Vulnerability.new(title, type, references) }
 
       its(:title)              { should be title }
       its(:references)         { should be references }
       its(:type)               { should be type }
       its(:metasploit_modules) { should be_empty }
+      its(:fixed_in)           { should be_empty }
     end
 
     context 'with metasploit modules argument' do
+      subject(:vulnerability) { Vulnerability.new(title, type, references, modules) }
       let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
 
       its(:metasploit_modules) { should be modules }
+      its(:fixed_in)           { should be_empty }
+    end
+
+    context 'with metasploit modules and fixed version argument' do
+      let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
+      let(:fixed_version)  { '1.0' }
+
+      its(:metasploit_modules) { should be modules }
+      its(:fixed_in) { should == '1.0' }
     end
   end
 
@@ -36,6 +47,7 @@ describe Vulnerability do
     its(:type)               { should == 'CSRF' }
     its(:references)         { should == ['Ref 1', 'Ref 2'] }
     its(:metasploit_modules) { should == %w{exploit/ex1} }
+    its(:fixed_in)           { should == '1.0'}
   end
 
 end

spec/samples/common/models/vulnerability/xml_node.xml

@@ -4,4 +4,5 @@
   <reference>Ref 2</reference>
   <type>CSRF</type>
   <metasploit>exploit/ex1</metasploit>
+  <fixed_in>1.0</fixed_in>
 </vulnerability>