garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rspecs #179

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-05-07 20:46:08 +02:00
parent b635168fb3
commit cdd74b535b
3 changed files with 33 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
lib/common/models/wp_item/vulnerable.rb
View File

@@ -14,18 +14,28 @@ class WpItem
xml.xpath(vulns_xpath).each do |node| xml.xpath(vulns_xpath).each do |node|
vuln = Vulnerability.load_from_xml_node(node) vuln = Vulnerability.load_from_xml_node(node)
if vuln if vulnerable_to?(vuln)
if version && vuln.fixed_in && !vuln.fixed_in.empty? vulnerabilities << vuln
unless VersionCompare::is_newer_or_same?(vuln.fixed_in, version)
vulnerabilities << vuln
end
else
vulnerabilities << vuln
end
end end
end end
vulnerabilities vulnerabilities
end end
# Checks if a item is vulnerable to a specific vulnerability
#
# @param [ Vulnerability ] vuln Vulnerability to check the item against
#
# @return [ Boolean ]
def vulnerable_to?(vuln)
if version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
unless VersionCompare::is_newer_or_same?(vuln.fixed_in, version)
return true
end
else
return true
end
return false
end
end end
end end

16
spec/lib/common/models/vulnerability_spec.rb
View File

@@ -5,24 +5,35 @@ require 'spec_helper'
describe Vulnerability do describe Vulnerability do
describe '#new' do describe '#new' do
subject(:vulnerability) { Vulnerability.new(title, type, references, modules) } subject(:vulnerability) { Vulnerability.new(title, type, references, modules, fixed_version) }
let(:title) { 'A vulnerability title' } let(:title) { 'A vulnerability title' }
let(:type) { 'XSS' } let(:type) { 'XSS' }
let(:references) { %w{http://ref1.com http://ref2.com} } let(:references) { %w{http://ref1.com http://ref2.com} }
context 'w/o metasploit modules argument' do context 'w/o metasploit and fixed version modules argument' do
subject(:vulnerability) { Vulnerability.new(title, type, references) } subject(:vulnerability) { Vulnerability.new(title, type, references) }
its(:title) { should be title } its(:title) { should be title }
its(:references) { should be references } its(:references) { should be references }
its(:type) { should be type } its(:type) { should be type }
its(:metasploit_modules) { should be_empty } its(:metasploit_modules) { should be_empty }
its(:fixed_in) { should be_empty }
end end
context 'with metasploit modules argument' do context 'with metasploit modules argument' do
subject(:vulnerability) { Vulnerability.new(title, type, references, modules) }
let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } } let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
its(:metasploit_modules) { should be modules } its(:metasploit_modules) { should be modules }
its(:fixed_in) { should be_empty }
end
context 'with metasploit modules and fixed version argument' do
let(:modules) { %w{exploit/some_exploit exploit/unix/anotherone } }
let(:fixed_version) { '1.0' }
its(:metasploit_modules) { should be modules }
its(:fixed_in) { should == '1.0' }
end end
end end
@@ -36,6 +47,7 @@ describe Vulnerability do
its(:type) { should == 'CSRF' } its(:type) { should == 'CSRF' }
its(:references) { should == ['Ref 1', 'Ref 2'] } its(:references) { should == ['Ref 1', 'Ref 2'] }
its(:metasploit_modules) { should == %w{exploit/ex1} } its(:metasploit_modules) { should == %w{exploit/ex1} }
its(:fixed_in) { should == '1.0'}
end end
end end

1
spec/samples/common/models/vulnerability/xml_node.xml
View File

@@ -4,4 +4,5 @@
<reference>Ref 2</reference> <reference>Ref 2</reference>
<type>CSRF</type> <type>CSRF</type>
<metasploit>exploit/ex1</metasploit> <metasploit>exploit/ex1</metasploit>
<fixed_in>1.0</fixed_in>
</vulnerability> </vulnerability>