More rspec tests fixed

lib/wpscan/modules/wp_login_protection.rb

@@ -38,7 +38,9 @@ module WpLoginProtection
 
           return @login_protection_plugin = WpPlugin.new(
               :name => plugin_name,
-              :url => @uri.to_s
+              :url => @uri,
+              :path => "/plugins/#{plugin_name}/",
+              :wp_content_dir => @wp_content_dir
           )
         end
       end
@@ -65,7 +67,11 @@ module WpLoginProtection
   end
 
   def better_wp_security_url
-    WpPlugin.create_location_url_from_name("better-wp-security", @uri)
+    WpPlugin.new(:wp_content_dir => @wp_content_dir,
+                 :url => @uri,
+                 :path => "/plugins/better-wp-security/",
+                 :name => "better-wp-security"
+    ).get_url_without_filename
   end
 
   # http://wordpress.org/extend/plugins/simple-login-lockdown/
@@ -74,7 +80,11 @@ module WpLoginProtection
   end
 
   def simple_login_lockdown_url
-    WpPlugin.create_location_url_from_name("simple-login-lockdown", @uri)
+    WpPlugin.new(:wp_content_dir => @wp_content_dir,
+                 :url => @uri,
+                 :path => "/plugins/simple-login-lockdown/",
+                 :name => "simple-login-lockdown"
+    ).get_url_without_filename
   end
 
   # http://wordpress.org/extend/plugins/login-security-solution/
@@ -83,7 +93,11 @@ module WpLoginProtection
   end
 
   def login_security_solution_url
-    WpPlugin.create_location_url_from_name("login-security-solution", @uri)
+    WpPlugin.new(:wp_content_dir => @wp_content_dir,
+                 :url => @uri,
+                 :path => "/plugins/login-security-solution/",
+                 :name => "login-security-solution"
+    ).get_url_without_filename
   end
 
   # http://wordpress.org/extend/plugins/limit-login-attempts/
@@ -92,7 +106,11 @@ module WpLoginProtection
   end
 
   def limit_login_attempts_url
-    WpPlugin.create_location_url_from_name("limit-login-attempts", @uri)
+    WpPlugin.new(:wp_content_dir => @wp_content_dir,
+                 :url => @uri,
+                 :path => "/plugins/limit-login-attempts/",
+                 :name => "limit-login-attempts"
+    ).get_url_without_filename
   end
 
   # http://wordpress.org/extend/plugins/bluetrait-event-viewer/
@@ -101,6 +119,10 @@ module WpLoginProtection
   end
 
   def bluetrait_event_viewer_url
-    WpPlugin.create_location_url_from_name("bluetrait-event-viewer", @uri)
+    WpPlugin.new(:wp_content_dir => @wp_content_dir,
+                 :url => @uri,
+                 :path => "/plugins/bluetrait-event-viewer/",
+                 :name => "bluetrait-event-viewer"
+    ).get_url_without_filename
   end
 end

spec/lib/wpscan/modules/wp_login_protection_spec.rb

@@ -37,14 +37,14 @@ shared_examples_for "WpLoginProtection" do
 
     pattern         = WpLoginProtection.class_variable_get(:@@login_protection_method_pattern)
     fixtures        =
-        [
+        %w{
-            "wp-login-clean.php", "wp-login-login_lockdown.php", "wp-login-login_lock.php",
+            wp-login-clean.php wp-login-login_lockdown.php wp-login-login_lock.php
-            "wp-login-better_wp_security.php", "wp-login-simple_login_lockdown.php", "wp-login-login_security_solution.php",
+            wp-login-better_wp_security.php wp-login-simple_login_lockdown.php wp-login-login_security_solution.php
-            "wp-login-limit_login_attempts.php", "wp-login-bluetrait_event_viewer.php"
+            wp-login-limit_login_attempts.php wp-login-bluetrait_event_viewer.php
-        ]
+        }
     # For plugins which are detected from the existence of their directory into wp-content/plugins/ (or one of their file)
     # and not from a regex into the login page
-    special_plugins = ["better_wp_security", "simple_login_lockdown", "login_security_solution", "limit_login_attempts", "bluetrait_event_viewer"]
+    special_plugins = %w{better_wp_security simple_login_lockdown login_security_solution limit_login_attempts bluetrait_event_viewer}
 
     after :each do
       stub_request_to_fixture(:url => @module.login_url, :fixture => @fixture)
@@ -55,7 +55,7 @@ shared_examples_for "WpLoginProtection" do
         special_plugin_call_url_symbol = :"#{special_plugin}_url"
 
         status_code = (@symbol_to_call === special_plugin_call_detection_symbol and @expected === true) ? 200 : 404
-        stub_request(:get, @module.send(special_plugin_call_url_symbol)).to_return(:status => status_code)
+        stub_request(:get, @module.send(special_plugin_call_url_symbol).to_s).to_return(:status => status_code)
       end
 
       @module.send(@symbol_to_call).should === @expected
@@ -82,11 +82,11 @@ shared_examples_for "WpLoginProtection" do
   describe "#login_protection_plugin" do
     after :each do
       stub_request_to_fixture(:url => @module.login_url, :fixture => @fixture)
-      stub_request(:get, @module.send(:better_wp_security_url)).to_return(:status => 404)
+      stub_request(:get, @module.send(:better_wp_security_url).to_s).to_return(:status => 404)
-      stub_request(:get, @module.send(:simple_login_lockdown_url)).to_return(:status => 404)
+      stub_request(:get, @module.send(:simple_login_lockdown_url).to_s).to_return(:status => 404)
-      stub_request(:get, @module.send(:login_security_solution_url)).to_return(:status => 404)
+      stub_request(:get, @module.send(:login_security_solution_url).to_s).to_return(:status => 404)
-      stub_request(:get, @module.send(:limit_login_attempts_url)).to_return(:status => 404)
+      stub_request(:get, @module.send(:limit_login_attempts_url).to_s).to_return(:status => 404)
-      stub_request(:get, @module.send(:bluetrait_event_viewer_url)).to_return(:status => 404)
+      stub_request(:get, @module.send(:bluetrait_event_viewer_url).to_s).to_return(:status => 404)
 
       @module.login_protection_plugin().should === @plugin_expected
       @module.has_login_protection?.should === @has_protection_expected
@@ -100,13 +100,21 @@ shared_examples_for "WpLoginProtection" do
 
     it "should return a login-lockdown WpPlugin object" do
       @fixture = @fixtures_dir + "/wp-login-login_lockdown.php"
-      @plugin_expected = WpPlugin.new(WpPlugin.create_location_url_from_name("login-lockdown", @module.url))
+      @plugin_expected = WpPlugin.new(:wp_content_dir => "wp-content",
+                                      :url => @module.url,
+                                      :path => "/plugins/login-lockdown/",
+                                      :name => "login-lockdown"
+      )
       @has_protection_expected = true
     end
 
     it "should return a login-lock WpPlugin object" do
       @fixture = @fixtures_dir + "/wp-login-login_lock.php"
-      @plugin_expected = WpPlugin.new(WpPlugin.create_location_url_from_name("login-lock", @module.url))
+      @plugin_expected = WpPlugin.new(:wp_content_dir => "wp-content",
+                                      :url => @module.url,
+                                      :path => "/plugins/login-lock/",
+                                      :name => "login-lock"
+      )
       @has_protection_expected = true
     end
   end

spec/lib/wpscan/modules/wp_plugins_spec.rb

@@ -44,21 +44,21 @@ shared_examples_for "WpPlugins" do
     it "should return the expected plugins" do
       stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/various_plugins.htm'))
 
-      expected_plugin_names = [
+      expected_plugin_names = %w{
-        'wp-minify',
+        wp-minify
-        'comment-info-tip',
+        comment-info-tip
-        'tweet-blender',
+        tweet-blender
-        'optinpop',
+        optinpop
-        's2member',
+        s2member
-        'wp-polls',
+        wp-polls
-        'commentluv'
+        commentluv
-      ]
+      }
       expected_plugins = []
       expected_plugin_names.each do |plugin_name|
-        expected_plugins << WpPlugin.new(
+        expected_plugins << WpPlugin.new(:wp_content_dir => "wp-content",
-          WpPlugin.create_location_url_from_name(plugin_name, @module.url),
+                                         :url => @module.url,
-          :name => plugin_name
+                                         :path => "/plugins/#{plugin_name}/",
-        )
+                                         :name => plugin_name)
       end
 
       plugins = @module.plugins_from_passive_detection
@@ -69,7 +69,14 @@ shared_examples_for "WpPlugins" do
 
   describe "#plugins_targets_url" do
     let(:expected_for_only_vulnerable) {
-      [WpPlugin.create_location_url_from_name("media-library", @module.url), WpPlugin.create_location_url_from_name("deans", @module.url)]
+      [WpPlugin.new(:wp_content_dir => "wp-content",
+                   :url => @module.url,
+                   :path => "/plugins/media-library/",
+                   :name => plugin_name).get_url.to_s,
+      WpPlugin.new(:wp_content_dir => "wp-content",
+                   :url => @module.url,
+                   :path => "/plugins/deans/",
+                   :name => plugin_name).get_url.to_s]
     }
     let(:expected_for_all) {
       expected_for_only_vulnerable + File.open(@plugins_file, 'r') {|file| file.readlines.collect{|line| WpPlugin.create_url_from_raw(line.chomp, @module.uri)}}.uniq!

spec/lib/wpscan/wp_target_spec.rb

@@ -22,12 +22,15 @@ describe WpTarget do
 
   before :each do
     Browser.reset
-    @browser_options =
+    @wp_content_dir = "wp-content"
+    @options =
     {
       :config_file   => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
-      :cache_timeout => 0
+      :cache_timeout => 0,
+      :wp_content_dir => @wp_content_dir,
+      :wp_plugins_dir => "wp-content/plugins/"
     }
-    @wp_target = WpTarget.new("http://example.localhost/", @browser_options)
+    @wp_target = WpTarget.new("http://example.localhost/", @options)
   end
 
   it_should_behave_like "WebSite"
@@ -47,11 +50,11 @@ describe WpTarget do
     end
 
     it "should add the http protocol if missing" do
-      WpTarget.new("example.localhost/", @browser_options).url.should === "http://example.localhost/"
+      WpTarget.new("example.localhost/", @options).url.should === "http://example.localhost/"
     end
 
     it "should add the trailing slash to the url if missing" do
-      WpTarget.new("lamp/wordpress", @browser_options).url.should === "http://lamp/wordpress/"
+      WpTarget.new("lamp/wordpress", @options).url.should === "http://lamp/wordpress/"
     end
   end
 

spec/lib/wpscan/wpscan_helper.rb

@@ -30,10 +30,11 @@ SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR = SPEC_FIXTURES_WPSCAN_DIR + '/wp_version'
 
 class WpScanModuleSpec
   attr_reader :uri
-  attr_accessor :error_404_hash
+  attr_accessor :error_404_hash, :wp_content_dir
 
-  def initialize(target_url)
+  def initialize(target_url, wp_content_dir = "wp-content")
     @uri = URI.parse(add_http_protocol(target_url))
+    @wp_content_dir = wp_content_dir
     Browser.instance(
       :config_file   => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
       :cache_timeout => 0

spec/spec_helper.rb

@@ -70,7 +70,7 @@ def stub_request_to_fixture(arguments = {})
   raise "No arguments[:url] supplied" if arguments[:url].nil?
   raise "No arguments[:fixture] supplied" if arguments[:fixture].nil?
 
-  stub_request(arguments[:method], arguments[:url]).
+  stub_request(arguments[:method], arguments[:url].to_s).
     to_return(:status => arguments[:status], :body => File.new(arguments[:fixture]))
 end