WpPlugin::Vulnerable specs

spec/lib/common/models/wp_item_spec.rb

@@ -12,9 +12,9 @@ describe WpItem do
   end
   it_behaves_like 'WpItem::Versionable'
   it_behaves_like 'WpItem::Vulnerable' do
-    let(:vulns_file)     { MODELS_FIXTURES + '/wp_item/vulnerable/vulns_items.xml' }
+    let(:vulns_file)     { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.xml' }
     let(:vulns_xpath)    { "//item[@name='neo']/vulnerability" }
-    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', ["http://ref1.com"]) }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', ['http://ref1.com']) }
   end
 
   subject(:wp_item) { WpItem.new(uri, options) }

spec/lib/common/models/wp_plugin_spec.rb

@@ -3,6 +3,13 @@
 require 'spec_helper'
 
 describe WpPlugin do
+  it_behaves_like 'WpPlugin::Vulnerable'
+  it_behaves_like 'WpItem::Vulnerable' do
+    let(:options)        { { name: 'white-rabbit' } }
+    let(:vulns_file)     { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.xml' }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Follow me!', 'REDIRECT', ['http://ref2.com']) }
+  end
+
   subject(:wp_plugin) { WpPlugin.new(uri, options) }
   let(:uri)           { URI.parse('http://example.com') }
   let(:options)       { { name: 'plugin-name' } }

spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<vulnerabilities>
+  <plugin name="mr-smith">
+    <vulnerability>
+      <title>I should not appear in the results</title>
+      <reference>http://ref1.com</reference>
+      <type>RCE</type>
+    </vulnerability>
+  </plugin>
+
+  <plugin name="white-rabbit">
+    <vulnerability>
+      <title>Follow me!</title>
+      <reference>http://ref2.com</reference>
+      <type>REDIRECT</type>
+    </vulnerability>
+  </plugin>
+</vulnerabilities>

spec/shared_examples/wp_item_vulnerable.rb

@@ -2,17 +2,19 @@
 
 shared_examples 'WpItem::Vulnerable' do
 
-  # 3 variables have to be set in the described class or subject:
-  #  let(:vulns_file)     { }
-  #  let(:vulns_xpath)    { }
-  #  let(:expected_vulns) { } The expected Vulnerabilities when using vulns_file and vulns_xpath
+  # 2 variables have to be set in the described class or subject:
+  #   let(:vulns_file)     { }
+  #   let(:expected_vulns) { } The expected Vulnerabilities when using vulns_file and vulns_xpath
+  #
+  # 1 variable is optional, used if supplied, otherwise subject.vulns_xpath is used
+  #   let(:vulns_xpath)    { }
 
   describe '#vulnerabilities' do
     let(:empty_file) { MODELS_FIXTURES + '/wp_item/vulnerable/empty.xml' }
 
     after do
       subject.vulns_file  = @vulns_file
-      subject.vulns_xpath = vulns_xpath
+      subject.vulns_xpath = vulns_xpath if defined?(vulns_xpath)
 
       result = subject.vulnerabilities
       result.should be_a Vulnerabilities

spec/shared_examples/wp_plugin_vulnerable.rb

@@ -0,0 +1,26 @@
+# encoding: UTF-8
+
+shared_examples 'WpPlugin::Vulnerable' do
+
+  describe '#vulns_file' do
+    after { subject.vulns_file.should == @expected }
+
+    context 'when :vulns_file is no set' do
+      it 'returns the default one' do
+        @expected = PLUGINS_VULNS_FILE
+      end
+    end
+
+    context 'when the :vulns_file is already set' do
+      it 'returns it' do
+        @expected          = 'test.xml'
+        subject.vulns_file = @expected
+      end
+    end
+  end
+
+  describe '#vulns_xpath' do
+    its(:vulns_xpath) { should == "//plugin[@name='plugin-name']/vulnerability" }
+  end
+
+end