From cdd74b535b1618d4ff0b04081c881b323e64a073 Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Tue, 7 May 2013 20:46:08 +0200 Subject: [PATCH] rspecs #179 --- lib/common/models/wp_item/vulnerable.rb | 26 +++++++++++++------ spec/lib/common/models/vulnerability_spec.rb | 16 ++++++++++-- .../common/models/vulnerability/xml_node.xml | 1 + 3 files changed, 33 insertions(+), 10 deletions(-) diff --git a/lib/common/models/wp_item/vulnerable.rb b/lib/common/models/wp_item/vulnerable.rb index ec100de3..ffe2b1c6 100755 --- a/lib/common/models/wp_item/vulnerable.rb +++ b/lib/common/models/wp_item/vulnerable.rb @@ -14,18 +14,28 @@ class WpItem xml.xpath(vulns_xpath).each do |node| vuln = Vulnerability.load_from_xml_node(node) - if vuln - if version && vuln.fixed_in && !vuln.fixed_in.empty? - unless VersionCompare::is_newer_or_same?(vuln.fixed_in, version) - vulnerabilities << vuln - end - else - vulnerabilities << vuln - end + if vulnerable_to?(vuln) + vulnerabilities << vuln end end vulnerabilities end + + # Checks if a item is vulnerable to a specific vulnerability + # + # @param [ Vulnerability ] vuln Vulnerability to check the item against + # + # @return [ Boolean ] + def vulnerable_to?(vuln) + if version && vuln && vuln.fixed_in && !vuln.fixed_in.empty? + unless VersionCompare::is_newer_or_same?(vuln.fixed_in, version) + return true + end + else + return true + end + return false + end end end diff --git a/spec/lib/common/models/vulnerability_spec.rb b/spec/lib/common/models/vulnerability_spec.rb index 14095341..ca0cf959 100644 --- a/spec/lib/common/models/vulnerability_spec.rb +++ b/spec/lib/common/models/vulnerability_spec.rb @@ -5,24 +5,35 @@ require 'spec_helper' describe Vulnerability do describe '#new' do - subject(:vulnerability) { Vulnerability.new(title, type, references, modules) } + subject(:vulnerability) { Vulnerability.new(title, type, references, modules, fixed_version) } let(:title) { 'A vulnerability title' } let(:type) { 'XSS' } let(:references) { %w{http://ref1.com http://ref2.com} } - context 'w/o metasploit modules argument' do + context 'w/o metasploit and fixed version modules argument' do subject(:vulnerability) { Vulnerability.new(title, type, references) } its(:title) { should be title } its(:references) { should be references } its(:type) { should be type } its(:metasploit_modules) { should be_empty } + its(:fixed_in) { should be_empty } end context 'with metasploit modules argument' do + subject(:vulnerability) { Vulnerability.new(title, type, references, modules) } let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } } its(:metasploit_modules) { should be modules } + its(:fixed_in) { should be_empty } + end + + context 'with metasploit modules and fixed version argument' do + let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } } + let(:fixed_version) { '1.0' } + + its(:metasploit_modules) { should be modules } + its(:fixed_in) { should == '1.0' } end end @@ -36,6 +47,7 @@ describe Vulnerability do its(:type) { should == 'CSRF' } its(:references) { should == ['Ref 1', 'Ref 2'] } its(:metasploit_modules) { should == %w{exploit/ex1} } + its(:fixed_in) { should == '1.0'} end end diff --git a/spec/samples/common/models/vulnerability/xml_node.xml b/spec/samples/common/models/vulnerability/xml_node.xml index 43e2433c..f02ec5d2 100644 --- a/spec/samples/common/models/vulnerability/xml_node.xml +++ b/spec/samples/common/models/vulnerability/xml_node.xml @@ -4,4 +4,5 @@ Ref 2 CSRF exploit/ex1 + 1.0