garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

More rspec tests fixed

Browse Source
This commit is contained in:
Christian Mehlmauer
2012-09-18 18:08:32 +02:00
parent 1e113f7fc5
commit d5122a4109
6 changed files with 83 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
spec/lib/wpscan/modules/wp_login_protection_spec.rb
View File

@@ -37,14 +37,14 @@ shared_examples_for "WpLoginProtection" do
pattern = WpLoginProtection.class_variable_get(:@@login_protection_method_pattern)
fixtures =
[
"wp-login-clean.php", "wp-login-login_lockdown.php", "wp-login-login_lock.php",
"wp-login-better_wp_security.php", "wp-login-simple_login_lockdown.php", "wp-login-login_security_solution.php",
"wp-login-limit_login_attempts.php", "wp-login-bluetrait_event_viewer.php"
]
%w{
wp-login-clean.php wp-login-login_lockdown.php wp-login-login_lock.php
wp-login-better_wp_security.php wp-login-simple_login_lockdown.php wp-login-login_security_solution.php
wp-login-limit_login_attempts.php wp-login-bluetrait_event_viewer.php
}
# For plugins which are detected from the existence of their directory into wp-content/plugins/ (or one of their file)
# and not from a regex into the login page
special_plugins = ["better_wp_security", "simple_login_lockdown", "login_security_solution", "limit_login_attempts", "bluetrait_event_viewer"]
special_plugins = %w{better_wp_security simple_login_lockdown login_security_solution limit_login_attempts bluetrait_event_viewer}
after :each do
stub_request_to_fixture(:url => @module.login_url, :fixture => @fixture)
@@ -55,7 +55,7 @@ shared_examples_for "WpLoginProtection" do
special_plugin_call_url_symbol = :"#{special_plugin}_url"
status_code = (@symbol_to_call === special_plugin_call_detection_symbol and @expected === true) ? 200 : 404
stub_request(:get, @module.send(special_plugin_call_url_symbol)).to_return(:status => status_code)
stub_request(:get, @module.send(special_plugin_call_url_symbol).to_s).to_return(:status => status_code)
end
@module.send(@symbol_to_call).should === @expected
@@ -82,11 +82,11 @@ shared_examples_for "WpLoginProtection" do
describe "#login_protection_plugin" do
after :each do
stub_request_to_fixture(:url => @module.login_url, :fixture => @fixture)
stub_request(:get, @module.send(:better_wp_security_url)).to_return(:status => 404)
stub_request(:get, @module.send(:simple_login_lockdown_url)).to_return(:status => 404)
stub_request(:get, @module.send(:login_security_solution_url)).to_return(:status => 404)
stub_request(:get, @module.send(:limit_login_attempts_url)).to_return(:status => 404)
stub_request(:get, @module.send(:bluetrait_event_viewer_url)).to_return(:status => 404)
stub_request(:get, @module.send(:better_wp_security_url).to_s).to_return(:status => 404)
stub_request(:get, @module.send(:simple_login_lockdown_url).to_s).to_return(:status => 404)
stub_request(:get, @module.send(:login_security_solution_url).to_s).to_return(:status => 404)
stub_request(:get, @module.send(:limit_login_attempts_url).to_s).to_return(:status => 404)
stub_request(:get, @module.send(:bluetrait_event_viewer_url).to_s).to_return(:status => 404)
@module.login_protection_plugin().should === @plugin_expected
@module.has_login_protection?.should === @has_protection_expected
@@ -100,13 +100,21 @@ shared_examples_for "WpLoginProtection" do
it "should return a login-lockdown WpPlugin object" do
@fixture = @fixtures_dir + "/wp-login-login_lockdown.php"
@plugin_expected = WpPlugin.new(WpPlugin.create_location_url_from_name("login-lockdown", @module.url))
@plugin_expected = WpPlugin.new(:wp_content_dir => "wp-content",
:url => @module.url,
:path => "/plugins/login-lockdown/",
:name => "login-lockdown"
)
@has_protection_expected = true
end
it "should return a login-lock WpPlugin object" do
@fixture = @fixtures_dir + "/wp-login-login_lock.php"
@plugin_expected = WpPlugin.new(WpPlugin.create_location_url_from_name("login-lock", @module.url))
@plugin_expected = WpPlugin.new(:wp_content_dir => "wp-content",
:url => @module.url,
:path => "/plugins/login-lock/",
:name => "login-lock"
)
@has_protection_expected = true
end
end

35
spec/lib/wpscan/modules/wp_plugins_spec.rb
View File

@@ -44,21 +44,21 @@ shared_examples_for "WpPlugins" do
it "should return the expected plugins" do
stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/various_plugins.htm'))
expected_plugin_names = [
'wp-minify',
'comment-info-tip',
'tweet-blender',
'optinpop',
's2member',
'wp-polls',
'commentluv'
]
expected_plugin_names = %w{
wp-minify
comment-info-tip
tweet-blender
optinpop
s2member
wp-polls
commentluv
}
expected_plugins = []
expected_plugin_names.each do |plugin_name|
expected_plugins << WpPlugin.new(
WpPlugin.create_location_url_from_name(plugin_name, @module.url),
:name => plugin_name
)
expected_plugins << WpPlugin.new(:wp_content_dir => "wp-content",
:url => @module.url,
:path => "/plugins/#{plugin_name}/",
:name => plugin_name)
end
plugins = @module.plugins_from_passive_detection
@@ -69,7 +69,14 @@ shared_examples_for "WpPlugins" do
describe "#plugins_targets_url" do
let(:expected_for_only_vulnerable) {
[WpPlugin.create_location_url_from_name("media-library", @module.url), WpPlugin.create_location_url_from_name("deans", @module.url)]
[WpPlugin.new(:wp_content_dir => "wp-content",
:url => @module.url,
:path => "/plugins/media-library/",
:name => plugin_name).get_url.to_s,
WpPlugin.new(:wp_content_dir => "wp-content",
:url => @module.url,
:path => "/plugins/deans/",
:name => plugin_name).get_url.to_s]
}
let(:expected_for_all) {
expected_for_only_vulnerable + File.open(@plugins_file, 'r') {|file| file.readlines.collect{|line| WpPlugin.create_url_from_raw(line.chomp, @module.uri)}}.uniq!

13
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -22,12 +22,15 @@ describe WpTarget do
before :each do
Browser.reset
@browser_options =
@wp_content_dir = "wp-content"
@options =
{
:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
:cache_timeout => 0
:cache_timeout => 0,
:wp_content_dir => @wp_content_dir,
:wp_plugins_dir => "wp-content/plugins/"
}
@wp_target = WpTarget.new("http://example.localhost/", @browser_options)
@wp_target = WpTarget.new("http://example.localhost/", @options)
end
it_should_behave_like "WebSite"
@@ -47,11 +50,11 @@ describe WpTarget do
end
it "should add the http protocol if missing" do
WpTarget.new("example.localhost/", @browser_options).url.should === "http://example.localhost/"
WpTarget.new("example.localhost/", @options).url.should === "http://example.localhost/"
end
it "should add the trailing slash to the url if missing" do
WpTarget.new("lamp/wordpress", @browser_options).url.should === "http://lamp/wordpress/"
WpTarget.new("lamp/wordpress", @options).url.should === "http://lamp/wordpress/"
end
end

5
spec/lib/wpscan/wpscan_helper.rb
View File

@@ -30,10 +30,11 @@ SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR = SPEC_FIXTURES_WPSCAN_DIR + '/wp_version'
class WpScanModuleSpec
attr_reader :uri
attr_accessor :error_404_hash
attr_accessor :error_404_hash, :wp_content_dir
def initialize(target_url)
def initialize(target_url, wp_content_dir = "wp-content")
@uri = URI.parse(add_http_protocol(target_url))
@wp_content_dir = wp_content_dir
Browser.instance(
:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
:cache_timeout => 0

2
spec/spec_helper.rb
View File

@@ -70,7 +70,7 @@ def stub_request_to_fixture(arguments = {})
raise "No arguments[:url] supplied" if arguments[:url].nil?
raise "No arguments[:fixture] supplied" if arguments[:fixture].nil?
stub_request(arguments[:method], arguments[:url]).
stub_request(arguments[:method], arguments[:url].to_s).
to_return(:status => arguments[:status], :body => File.new(arguments[:fixture]))
end