From d5122a4109261b99ebe81ae50178c569b650247a Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Tue, 18 Sep 2012 18:08:32 +0200 Subject: [PATCH] More rspec tests fixed --- lib/wpscan/modules/wp_login_protection.rb | 34 ++++++++++++++---- .../modules/wp_login_protection_spec.rb | 36 +++++++++++-------- spec/lib/wpscan/modules/wp_plugins_spec.rb | 35 ++++++++++-------- spec/lib/wpscan/wp_target_spec.rb | 13 ++++--- spec/lib/wpscan/wpscan_helper.rb | 5 +-- spec/spec_helper.rb | 2 +- 6 files changed, 83 insertions(+), 42 deletions(-) diff --git a/lib/wpscan/modules/wp_login_protection.rb b/lib/wpscan/modules/wp_login_protection.rb index 595976f6..a9a70379 100644 --- a/lib/wpscan/modules/wp_login_protection.rb +++ b/lib/wpscan/modules/wp_login_protection.rb @@ -38,7 +38,9 @@ module WpLoginProtection return @login_protection_plugin = WpPlugin.new( :name => plugin_name, - :url => @uri.to_s + :url => @uri, + :path => "/plugins/#{plugin_name}/", + :wp_content_dir => @wp_content_dir ) end end @@ -65,7 +67,11 @@ module WpLoginProtection end def better_wp_security_url - WpPlugin.create_location_url_from_name("better-wp-security", @uri) + WpPlugin.new(:wp_content_dir => @wp_content_dir, + :url => @uri, + :path => "/plugins/better-wp-security/", + :name => "better-wp-security" + ).get_url_without_filename end # http://wordpress.org/extend/plugins/simple-login-lockdown/ @@ -74,7 +80,11 @@ module WpLoginProtection end def simple_login_lockdown_url - WpPlugin.create_location_url_from_name("simple-login-lockdown", @uri) + WpPlugin.new(:wp_content_dir => @wp_content_dir, + :url => @uri, + :path => "/plugins/simple-login-lockdown/", + :name => "simple-login-lockdown" + ).get_url_without_filename end # http://wordpress.org/extend/plugins/login-security-solution/ @@ -83,7 +93,11 @@ module WpLoginProtection end def login_security_solution_url - WpPlugin.create_location_url_from_name("login-security-solution", @uri) + WpPlugin.new(:wp_content_dir => @wp_content_dir, + :url => @uri, + :path => "/plugins/login-security-solution/", + :name => "login-security-solution" + ).get_url_without_filename end # http://wordpress.org/extend/plugins/limit-login-attempts/ @@ -92,7 +106,11 @@ module WpLoginProtection end def limit_login_attempts_url - WpPlugin.create_location_url_from_name("limit-login-attempts", @uri) + WpPlugin.new(:wp_content_dir => @wp_content_dir, + :url => @uri, + :path => "/plugins/limit-login-attempts/", + :name => "limit-login-attempts" + ).get_url_without_filename end # http://wordpress.org/extend/plugins/bluetrait-event-viewer/ @@ -101,6 +119,10 @@ module WpLoginProtection end def bluetrait_event_viewer_url - WpPlugin.create_location_url_from_name("bluetrait-event-viewer", @uri) + WpPlugin.new(:wp_content_dir => @wp_content_dir, + :url => @uri, + :path => "/plugins/bluetrait-event-viewer/", + :name => "bluetrait-event-viewer" + ).get_url_without_filename end end diff --git a/spec/lib/wpscan/modules/wp_login_protection_spec.rb b/spec/lib/wpscan/modules/wp_login_protection_spec.rb index 7db5c542..918592f0 100644 --- a/spec/lib/wpscan/modules/wp_login_protection_spec.rb +++ b/spec/lib/wpscan/modules/wp_login_protection_spec.rb @@ -37,14 +37,14 @@ shared_examples_for "WpLoginProtection" do pattern = WpLoginProtection.class_variable_get(:@@login_protection_method_pattern) fixtures = - [ - "wp-login-clean.php", "wp-login-login_lockdown.php", "wp-login-login_lock.php", - "wp-login-better_wp_security.php", "wp-login-simple_login_lockdown.php", "wp-login-login_security_solution.php", - "wp-login-limit_login_attempts.php", "wp-login-bluetrait_event_viewer.php" - ] + %w{ + wp-login-clean.php wp-login-login_lockdown.php wp-login-login_lock.php + wp-login-better_wp_security.php wp-login-simple_login_lockdown.php wp-login-login_security_solution.php + wp-login-limit_login_attempts.php wp-login-bluetrait_event_viewer.php + } # For plugins which are detected from the existence of their directory into wp-content/plugins/ (or one of their file) # and not from a regex into the login page - special_plugins = ["better_wp_security", "simple_login_lockdown", "login_security_solution", "limit_login_attempts", "bluetrait_event_viewer"] + special_plugins = %w{better_wp_security simple_login_lockdown login_security_solution limit_login_attempts bluetrait_event_viewer} after :each do stub_request_to_fixture(:url => @module.login_url, :fixture => @fixture) @@ -55,7 +55,7 @@ shared_examples_for "WpLoginProtection" do special_plugin_call_url_symbol = :"#{special_plugin}_url" status_code = (@symbol_to_call === special_plugin_call_detection_symbol and @expected === true) ? 200 : 404 - stub_request(:get, @module.send(special_plugin_call_url_symbol)).to_return(:status => status_code) + stub_request(:get, @module.send(special_plugin_call_url_symbol).to_s).to_return(:status => status_code) end @module.send(@symbol_to_call).should === @expected @@ -82,11 +82,11 @@ shared_examples_for "WpLoginProtection" do describe "#login_protection_plugin" do after :each do stub_request_to_fixture(:url => @module.login_url, :fixture => @fixture) - stub_request(:get, @module.send(:better_wp_security_url)).to_return(:status => 404) - stub_request(:get, @module.send(:simple_login_lockdown_url)).to_return(:status => 404) - stub_request(:get, @module.send(:login_security_solution_url)).to_return(:status => 404) - stub_request(:get, @module.send(:limit_login_attempts_url)).to_return(:status => 404) - stub_request(:get, @module.send(:bluetrait_event_viewer_url)).to_return(:status => 404) + stub_request(:get, @module.send(:better_wp_security_url).to_s).to_return(:status => 404) + stub_request(:get, @module.send(:simple_login_lockdown_url).to_s).to_return(:status => 404) + stub_request(:get, @module.send(:login_security_solution_url).to_s).to_return(:status => 404) + stub_request(:get, @module.send(:limit_login_attempts_url).to_s).to_return(:status => 404) + stub_request(:get, @module.send(:bluetrait_event_viewer_url).to_s).to_return(:status => 404) @module.login_protection_plugin().should === @plugin_expected @module.has_login_protection?.should === @has_protection_expected @@ -100,13 +100,21 @@ shared_examples_for "WpLoginProtection" do it "should return a login-lockdown WpPlugin object" do @fixture = @fixtures_dir + "/wp-login-login_lockdown.php" - @plugin_expected = WpPlugin.new(WpPlugin.create_location_url_from_name("login-lockdown", @module.url)) + @plugin_expected = WpPlugin.new(:wp_content_dir => "wp-content", + :url => @module.url, + :path => "/plugins/login-lockdown/", + :name => "login-lockdown" + ) @has_protection_expected = true end it "should return a login-lock WpPlugin object" do @fixture = @fixtures_dir + "/wp-login-login_lock.php" - @plugin_expected = WpPlugin.new(WpPlugin.create_location_url_from_name("login-lock", @module.url)) + @plugin_expected = WpPlugin.new(:wp_content_dir => "wp-content", + :url => @module.url, + :path => "/plugins/login-lock/", + :name => "login-lock" + ) @has_protection_expected = true end end diff --git a/spec/lib/wpscan/modules/wp_plugins_spec.rb b/spec/lib/wpscan/modules/wp_plugins_spec.rb index 612d097f..59845d4f 100644 --- a/spec/lib/wpscan/modules/wp_plugins_spec.rb +++ b/spec/lib/wpscan/modules/wp_plugins_spec.rb @@ -44,21 +44,21 @@ shared_examples_for "WpPlugins" do it "should return the expected plugins" do stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/various_plugins.htm')) - expected_plugin_names = [ - 'wp-minify', - 'comment-info-tip', - 'tweet-blender', - 'optinpop', - 's2member', - 'wp-polls', - 'commentluv' - ] + expected_plugin_names = %w{ + wp-minify + comment-info-tip + tweet-blender + optinpop + s2member + wp-polls + commentluv + } expected_plugins = [] expected_plugin_names.each do |plugin_name| - expected_plugins << WpPlugin.new( - WpPlugin.create_location_url_from_name(plugin_name, @module.url), - :name => plugin_name - ) + expected_plugins << WpPlugin.new(:wp_content_dir => "wp-content", + :url => @module.url, + :path => "/plugins/#{plugin_name}/", + :name => plugin_name) end plugins = @module.plugins_from_passive_detection @@ -69,7 +69,14 @@ shared_examples_for "WpPlugins" do describe "#plugins_targets_url" do let(:expected_for_only_vulnerable) { - [WpPlugin.create_location_url_from_name("media-library", @module.url), WpPlugin.create_location_url_from_name("deans", @module.url)] + [WpPlugin.new(:wp_content_dir => "wp-content", + :url => @module.url, + :path => "/plugins/media-library/", + :name => plugin_name).get_url.to_s, + WpPlugin.new(:wp_content_dir => "wp-content", + :url => @module.url, + :path => "/plugins/deans/", + :name => plugin_name).get_url.to_s] } let(:expected_for_all) { expected_for_only_vulnerable + File.open(@plugins_file, 'r') {|file| file.readlines.collect{|line| WpPlugin.create_url_from_raw(line.chomp, @module.uri)}}.uniq! diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb index f4713b7d..6d977624 100644 --- a/spec/lib/wpscan/wp_target_spec.rb +++ b/spec/lib/wpscan/wp_target_spec.rb @@ -22,12 +22,15 @@ describe WpTarget do before :each do Browser.reset - @browser_options = + @wp_content_dir = "wp-content" + @options = { :config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', - :cache_timeout => 0 + :cache_timeout => 0, + :wp_content_dir => @wp_content_dir, + :wp_plugins_dir => "wp-content/plugins/" } - @wp_target = WpTarget.new("http://example.localhost/", @browser_options) + @wp_target = WpTarget.new("http://example.localhost/", @options) end it_should_behave_like "WebSite" @@ -47,11 +50,11 @@ describe WpTarget do end it "should add the http protocol if missing" do - WpTarget.new("example.localhost/", @browser_options).url.should === "http://example.localhost/" + WpTarget.new("example.localhost/", @options).url.should === "http://example.localhost/" end it "should add the trailing slash to the url if missing" do - WpTarget.new("lamp/wordpress", @browser_options).url.should === "http://lamp/wordpress/" + WpTarget.new("lamp/wordpress", @options).url.should === "http://lamp/wordpress/" end end diff --git a/spec/lib/wpscan/wpscan_helper.rb b/spec/lib/wpscan/wpscan_helper.rb index aab59309..d1ab16d5 100644 --- a/spec/lib/wpscan/wpscan_helper.rb +++ b/spec/lib/wpscan/wpscan_helper.rb @@ -30,10 +30,11 @@ SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR = SPEC_FIXTURES_WPSCAN_DIR + '/wp_version' class WpScanModuleSpec attr_reader :uri - attr_accessor :error_404_hash + attr_accessor :error_404_hash, :wp_content_dir - def initialize(target_url) + def initialize(target_url, wp_content_dir = "wp-content") @uri = URI.parse(add_http_protocol(target_url)) + @wp_content_dir = wp_content_dir Browser.instance( :config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', :cache_timeout => 0 diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e79610e4..d777ecf7 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -70,7 +70,7 @@ def stub_request_to_fixture(arguments = {}) raise "No arguments[:url] supplied" if arguments[:url].nil? raise "No arguments[:fixture] supplied" if arguments[:fixture].nil? - stub_request(arguments[:method], arguments[:url]). + stub_request(arguments[:method], arguments[:url].to_s). to_return(:status => arguments[:status], :body => File.new(arguments[:fixture])) end