WpItem::Vulnerable specs

2013-03-25 20:30:26 +01:00
parent 95041945ff
commit d946ef55a8
12 changed files with 112 additions and 49 deletions
--- a/spec/lib/common/models/wp_item_spec.rb
+++ b/spec/lib/common/models/wp_item_spec.rb
@@ -11,6 +11,11 @@ describe WpItem do
    let(:error_log_url) { uri.merge('error_log').to_s }
  end
  it_behaves_like 'WpItem::Versionable'
+  it_behaves_like 'WpItem::Vulnerable' do
+    let(:vulns_file)     { MODELS_FIXTURES + '/wp_item/vulnerable/vulns_items.xml' }
+    let(:vulns_xpath)    { "//item[@name='neo']/vulnerability" }
+    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', ["http://ref1.com"]) }
+  end

  subject(:wp_item) { WpItem.new(uri, options) }
  let(:uri)         { URI.parse('http://example.com') }
--- a/spec/samples/common/models/wp_item/vulnerable/empty.xml
+++ b/spec/samples/common/models/wp_item/vulnerable/empty.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<vulnerabilities>
+
+</vulnerabilities>
--- a/spec/samples/common/models/wp_item/vulnerable/vulns_items.xml
+++ b/spec/samples/common/models/wp_item/vulnerable/vulns_items.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<vulnerabilities>
+
+  <item name="not-this-one">
+    <vulnerability>
+      <title>I should not appear in the results</title>
+      <reference>http://ref1.com</reference>
+      <type>RFI</type>
+    </vulnerability>
+  </item>
+
+  <item name="neo">
+    <vulnerability>
+      <title>I'm the one</title>
+      <reference>http://ref1.com</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </item>
+
+</vulnerabilities>
--- a/spec/shared_examples/wp_item_vulnerable.rb
+++ b/spec/shared_examples/wp_item_vulnerable.rb
@@ -0,0 +1,35 @@
+# encoding: UTF-8
+
+shared_examples 'WpItem::Vulnerable' do
+
+  # 3 variables have to be set in the described class or subject:
+  #  let(:vulns_file)     { }
+  #  let(:vulns_xpath)    { }
+  #  let(:expected_vulns) { } The expected Vulnerabilities when using vulns_file and vulns_xpath
+
+  describe '#vulnerabilities' do
+    let(:empty_file) { MODELS_FIXTURES + '/wp_item/vulnerable/empty.xml' }
+
+    after do
+      subject.vulns_file  = @vulns_file
+      subject.vulns_xpath = vulns_xpath
+
+      result = subject.vulnerabilities
+      result.should be_a Vulnerabilities
+      result.should == @expected
+    end
+
+    context 'when the vulns_file is empty' do
+      it 'returns an empty Vulnerabilities' do
+        @vulns_file = empty_file
+        @expected   = Vulnerabilities.new
+      end
+    end
+
+    it 'returns the expected vulnerabilities' do
+      @vulns_file = vulns_file
+      @expected   = expected_vulns
+    end
+  end
+
+end