Adds missing spec files

2018-11-02 16:36:10 +00:00
parent fb751c0a51
commit f3713536b9
4 changed files with 106 additions and 0 deletions
--- a/app/finders/users/yoast_seo_author_sitemap.rb
+++ b/app/finders/users/yoast_seo_author_sitemap.rb
@@ -0,0 +1,34 @@
+module WPScan
+  module Finders
+    module Users
+      # The YOAST SEO plugin has an author-sitemap.xml which can leak usernames
+      # See https://github.com/wpscanteam/wpscan/issues/1228
+      class YoastSeoAuthorSitemap < CMSScanner::Finders::Finder
+        # @param [ Hash ] opts
+        #
+        # @return [ Array<User> ]
+        def aggressive(_opts = {})
+          found = []
+
+          Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
+            username = user_tag.text.to_s[%r{/author/([^\/]+)/}, 1]
+
+            next unless username && !username.strip.empty?
+
+            found << CMSScanner::User.new(username,
+                                          found_by: found_by,
+                                          confidence: 100,
+                                          interesting_entries: [sitemap_url])
+          end
+
+          found
+        end
+
+        # @return [ String ] The URL of the author-sitemap
+        def sitemap_url
+          @sitemap_url ||= target.url('author-sitemap.xml')
+        end
+      end
+    end
+  end
+end
--- a/spec/app/finders/users/yoast_seo_author_sitemap_spec.rb
+++ b/spec/app/finders/users/yoast_seo_author_sitemap_spec.rb
@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe WPScan::Finders::Users::YoastSeoAuthorSitemap do
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { WPScan::Target.new(url) }
+  let(:url)        { 'http://wp.lab/' }
+  let(:fixtures)   { FINDERS_FIXTURES.join('users', 'yoast_seo_author_sitemap') }
+
+  describe '#aggressive' do
+    before do
+      allow(target).to receive(:sub_dir).and_return(false)
+
+      stub_request(:get, finder.sitemap_url).to_return(body: body)
+    end
+
+    context 'when not an XML response' do
+      let(:body) { '' }
+
+      its(:aggressive) { should eql([]) }
+    end
+
+    context 'when an XML response' do
+      context 'when no usernames disclosed' do
+        let(:body) { File.read(fixtures.join('no_usernames.xml')) }
+
+        its(:aggressive) { should eql([]) }
+      end
+
+      context 'when usernames disclosed' do
+        let(:body) { File.read(fixtures.join('usernames.xml')) }
+
+        it 'returns the expected array of users' do
+          users = finder.aggressive
+
+          expect(users.size).to eql 2
+
+          expect(users.first.username).to eql 'editor'
+          expect(users.first.confidence).to eql 100
+          expect(users.first.interesting_entries).to eql ['http://wp.lab/author-sitemap.xml']
+
+          expect(users.last.username).to eql 'admin'
+          expect(users.last.confidence).to eql 100
+          expect(users.last.interesting_entries).to eql ['http://wp.lab/author-sitemap.xml']
+        end
+      end
+    end
+  end
+end
--- a/spec/fixtures/finders/users/yoast_seo_author_sitemap/no_usernames.xml
+++ b/spec/fixtures/finders/users/yoast_seo_author_sitemap/no_usernames.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet type="text/xsl" href="//wp.lab/wp-content/plugins/wordpress-seo/css/main-sitemap.xsl"?>
+<urlset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd http://www.google.com/schemas/sitemap-image/1.1 http://www.google.com/schemas/sitemap-image/1.1/sitemap-image.xsd" xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
+</urlset>
+<!-- XML Sitemap generated by Yoast SEO -->
--- a/spec/fixtures/finders/users/yoast_seo_author_sitemap/usernames.xml
+++ b/spec/fixtures/finders/users/yoast_seo_author_sitemap/usernames.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?><?xml-stylesheet type="text/xsl" href="//wp.lab/wp-content/plugins/wordpress-seo/css/main-sitemap.xsl"?>
+<urlset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1" xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd http://www.google.com/schemas/sitemap-image/1.1 http://www.google.com/schemas/sitemap-image/1.1/sitemap-image.xsd" xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
+  <url>
+    <loc>http://wp.lab/author/editor/</loc>
+    <lastmod>2018-10-22T19:56:51+00:00</lastmod>
+  </url>
+  <url>
+    <loc>http://wp.lab/author/admin/</loc>
+    <lastmod>2018-10-22T19:54:23+00:00</lastmod>
+  </url>
+  <url>
+    <loc>http://wp.lab/author//</loc>
+    <lastmod>2018-10-22T19:54:23+00:00</lastmod>
+  </url>
+  <url>
+    <loc>http://wp.lab/author/ /</loc>
+    <lastmod>2018-10-22T19:54:23+00:00</lastmod>
+  </url>
+</urlset>
+<!-- XML Sitemap generated by Yoast SEO -->