garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

common libs go into the lib/common directory

Browse Source
This commit is contained in:
erwanlr
2013-02-20 15:54:10 +01:00
parent 12d4e38ab1
commit fb5e6307e0
13 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

402
spec/lib/common/browser_spec.rb Normal file
View File

@@ -0,0 +1,402 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
require 'spec_helper'
describe Browser do
CONFIG_FILE_WITHOUT_PROXY = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json'
CONFIG_FILE_WITH_PROXY = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf_proxy.json'
CONFIG_FILE_WITH_PROXY_AND_AUTH = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf_proxy_auth.json'
INSTANCE_VARS_TO_CHECK = ['user_agent', 'user_agent_mode', 'available_user_agents', 'proxy', 'max_threads', 'request_timeout', 'cache_timeout']
before :all do
@json_config_without_proxy = JSON.parse(File.read(CONFIG_FILE_WITHOUT_PROXY))
@json_config_with_proxy = JSON.parse(File.read(CONFIG_FILE_WITH_PROXY))
end
before :each do
@browser = Browser.instance(config_file: CONFIG_FILE_WITHOUT_PROXY)
end
def check_instance_variables(browser, json_expected_vars)
json_expected_vars['max_threads'] ||= 1 # max_thread can not be nil
INSTANCE_VARS_TO_CHECK.each do |instance_variable_name|
browser.send(:"#{instance_variable_name}").should === json_expected_vars[instance_variable_name]
end
end
describe '#user_agent_mode setter / getter' do
# Testing all valid modes
Browser::USER_AGENT_MODES.each do |user_agent_mode|
it "should set / return #{user_agent_mode}" do
@browser.user_agent_mode = user_agent_mode
@browser.user_agent_mode.should === user_agent_mode
end
end
it "shoud set the mode to 'static' if nil is given" do
@browser.user_agent_mode = nil
@browser.user_agent_mode.should === 'static'
end
it 'should raise an error if the mode in not valid' do
expect { @browser.user_agent_mode = 'invalid-mode' }.to raise_error
end
end
describe '#max_threads=' do
it 'should set max_threads to 1 if nil is given' do
@browser.max_threads = nil
@browser.max_threads.should === 1
end
it 'should set max_threads to 1 if 0 is given' do
@browser.max_threads = 0
@browser.max_threads.should === 1
end
end
describe '#proxy_auth=' do
after :each do
if @raise_error
expect { @browser.proxy_auth = @proxy_auth }.to raise_error
else
@browser.proxy_auth = @proxy_auth
@browser.proxy_auth.should === @expected
end
end
it 'should raise an error if the format is not correct' do
@proxy_auth = 'invaludauthformat'
@raise_error = true
end
it 'should raise an error if the hash does not contain :proxy_username and :proxy_password' do
@proxy_auth = { proxy_password: 'hello' }
@raise_error = true
end
it 'should raise an error if the auth if not a string or a hash' do
@proxy_auth = 10
@raise_error = true
end
it 'should set the correct credentials' do
@proxy_auth = { proxy_username: 'user', proxy_password: 'pass' }
@expected = @proxy_auth
end
it 'should set the correct credentials' do
@proxy_auth = 'username:passwd'
@expected = { proxy_username: 'username', proxy_password: 'passwd' }
end
end
describe '#user_agent' do
available_user_agents = %w{ ua-1 ua-2 ua-3 ua-4 ua-6 ua-7 ua-8 ua-9 ua-10 ua-11 ua-12 ua-13 ua-14 ua-15 ua-16 ua-17 }
it 'should always return the same user agent in static mode' do
@browser.user_agent = 'fake UA'
@browser.user_agent_mode = 'static'
(1..3).each do
@browser.user_agent.should === 'fake UA'
end
end
it 'should choose a random user_agent in the available_user_agents array an always return it' do
@browser.available_user_agents = available_user_agents
@browser.user_agent = 'Firefox 11.0'
@browser.user_agent_mode = 'semi-static'
user_agent = @browser.user_agent
user_agent.should_not === 'Firefox 11.0'
available_user_agents.include?(user_agent).should be_true
(1..3).each do
@browser.user_agent.should === user_agent
end
end
it 'should return a random user agent each time' do
@browser.available_user_agents = available_user_agents
@browser.user_agent_mode = 'random'
ua_1 = @browser.user_agent
ua_2 = @browser.user_agent
ua_3 = @browser.user_agent
fail if ua_1 === ua_2 and ua_2 === ua_3
end
end
describe 'Singleton' do
it 'should not allow #new' do
expect { Browser.new }.to raise_error
end
end
describe "#instance with :config_file = #{CONFIG_FILE_WITHOUT_PROXY}" do
it 'will check the instance vars' do
Browser.reset
check_instance_variables(
Browser.instance(config_file: CONFIG_FILE_WITHOUT_PROXY),
@json_config_without_proxy
)
end
end
describe "#instance with :config_file = #{CONFIG_FILE_WITH_PROXY}" do
it 'will check the instance vars' do
Browser.reset
check_instance_variables(
Browser.instance(config_file: CONFIG_FILE_WITH_PROXY),
@json_config_with_proxy
)
end
end
# TODO Write something to test all possible overriding
describe 'override option : user_agent & threads' do
it 'will check the instance vars, with an overriden one' do
Browser.reset
check_instance_variables(
Browser.instance(
config_file: CONFIG_FILE_WITHOUT_PROXY,
user_agent: 'fake IE'
),
@json_config_without_proxy.merge('user_agent' => 'fake IE')
)
end
it 'should not override the max_threads if max_threads = nil' do
Browser.reset
check_instance_variables(
Browser.instance(
config_file: CONFIG_FILE_WITHOUT_PROXY,
max_threads: nil
),
@json_config_without_proxy
)
end
end
# TODO
describe '#load_config' do
end
describe '#merge_request_params without proxy' do
it 'should return the default params' do
expected_params = {
disable_ssl_host_verification: true,
disable_ssl_peer_verification: true,
headers: { 'user-agent' => @browser.user_agent },
cache_timeout: @json_config_without_proxy['cache_timeout']
}
@browser.merge_request_params().should == expected_params
end
it 'should return the default params with some values overriden' do
expected_params = {
disable_ssl_host_verification: false,
disable_ssl_peer_verification: true,
headers: { 'user-agent' => 'Fake IE' },
cache_timeout: 0
}
@browser.merge_request_params(
disable_ssl_host_verification: false,
headers: { 'user-agent' => 'Fake IE' },
cache_timeout: 0
).should == expected_params
end
it 'should return the defaul params with :headers:accept = \'text/html\' (should not override :headers:user-agent)' do
expected_params = {
disable_ssl_host_verification: true,
disable_ssl_peer_verification: true,
headers: { 'user-agent' => @browser.user_agent, 'accept' => 'text/html' },
cache_timeout: @json_config_without_proxy['cache_timeout']
}
@browser.merge_request_params(headers: { 'accept' => 'text/html' }).should == expected_params
end
it 'should merge the basic-auth' do
@browser.basic_auth = 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
expected_params = {
disable_ssl_host_verification: true,
disable_ssl_peer_verification: true,
cache_timeout: @json_config_without_proxy['cache_timeout'],
headers: {
'Authorization' => 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==',
'user-agent' => @browser.user_agent
}
}
@browser.merge_request_params().should == expected_params
expected_params[:headers].merge!('user-agent' => 'Fake FF')
@browser.merge_request_params(headers: { 'user-agent' => 'Fake FF' }).should == expected_params
end
end
describe '#merge_request_params with proxy' do
it 'should return the default params' do
Browser.reset
browser = Browser.instance(config_file: CONFIG_FILE_WITH_PROXY)
expected_params = {
proxy: @json_config_with_proxy['proxy'],
disable_ssl_host_verification: true,
disable_ssl_peer_verification: true,
headers: { 'user-agent' => @json_config_with_proxy['user_agent'] },
cache_timeout: @json_config_with_proxy['cache_timeout']
}
browser.merge_request_params().should == expected_params
end
it 'should return the default params (proxy_auth set)' do
Browser.reset
browser = Browser.instance(config_file: CONFIG_FILE_WITH_PROXY_AND_AUTH)
expected_params = {
proxy: @json_config_with_proxy['proxy'],
proxy_username: 'user',
proxy_password: 'pass',
disable_ssl_host_verification: true,
disable_ssl_peer_verification: true,
headers: { 'user-agent' => @json_config_with_proxy['user_agent'] },
cache_timeout: @json_config_with_proxy['cache_timeout']
}
browser.merge_request_params().should == expected_params
end
end
# TODO
describe '#forge_request' do
end
describe '#post' do
it 'should return a Typhoeus::Response wth body = "Welcome Master" if login=master&password=it\'s me !' do
url = 'http://example.com/'
stub_request(:post, url).
with(body: "login=master&password=it's me !").
to_return(status: 200, body: 'Welcome Master')
response = @browser.post(
url,
params: { login: 'master', password: 'it\'s me !' }
)
response.should be_a Typhoeus::Response
response.body.should == 'Welcome Master'
end
end
describe '#get' do
it "should return a Typhoeus::Response with body = 'Hello World !'" do
url = 'http://example.com/'
stub_request(:get, url).
to_return(status: 200, body: 'Hello World !')
response = @browser.get(url)
response.should be_a Typhoeus::Response
response.body.should == 'Hello World !'
end
end
describe '#get_and_follow_location' do
# Typhoeus does not follow the location (maybe it's fixed in > 0.4.2)
# Or, something else is wrong
#context 'whitout max_redirects params' do
# context 'when multiples redirection' do
# it 'returns the last redirection response' do
# url = 'http://target.com'
# first_redirection = 'www.first-redirection.com'
# last_redirection = 'last-redirection.com'
# stub_request(:get, url).to_return(status: 301, headers: { location: first_redirection })
# stub_request(:get, first_redirection).to_return(status: 301, headers: { location: last_redirection })
# stub_request(:get, last_redirection).to_return(status: 200, body: 'Hello World!')
# response = @browser.get_and_follow_location(url)
# response.body.should === 'Hellow World!'
# end
# end
#end
end
describe '#Browser.generate_cache_key_from_request' do
it '2 requests with the same url, without params must have the same cache_key' do
url = 'http://example.com'
key1 = Browser.generate_cache_key_from_request(@browser.forge_request(url))
key2 = Browser.generate_cache_key_from_request(@browser.forge_request(url))
key1.should === key2
end
it '2 requests with the same url, but with different params should have a different cache_key' do
url = 'http://example.com'
key1 = Browser.generate_cache_key_from_request(@browser.forge_request(url, params: { login: 'master', password: 'it\'s me !' }))
key2 = Browser.generate_cache_key_from_request(@browser.forge_request(url))
key1.should_not == key2
end
end
describe 'testing caching' do
it 'should only do 1 request, and retrieve the other one from the cache' do
url = 'http://example.localhost'
stub_request(:get, url).
to_return(status: 200, body: 'Hello World !')
response1 = @browser.get(url)
response2 = @browser.get(url)
response1.body.should == response2.body
#WebMock.should have_requested(:get, url).times(1) # This one fail, dunno why :s (but it works without mock)
end
end
describe 'testing UTF8' do
it 'should not throw an encoding exception' do
url = SPEC_FIXTURES_DIR + '/utf8.html'
stub_request(:get, url).to_return(status: 200, body: File.read(url))
response1 = @browser.get(url)
expect { response1.body }.to_not raise_error
end
end
end

93
spec/lib/common/cache_file_store_spec.rb Normal file
View File

@@ -0,0 +1,93 @@
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
require 'spec_helper'
describe CacheFileStore do
before :all do
@cache_dir = SPEC_CACHE_DIR + '/cache_file_store'
end
before :each do
Dir.delete(@cache_dir) rescue nil
@cache = CacheFileStore.new(@cache_dir)
end
after :each do
@cache.clean
end
describe '#storage_path' do
it 'returns the storage path given in the #new' do
@cache.storage_path.should == @cache_dir
end
end
describe '#serializer' do
it 'should return the default serializer : Marshal' do
@cache.serializer.should == Marshal
@cache.serializer.should_not == YAML
end
end
describe '#clean' do
it "should remove all files from the cache dir (#{@cache_dir}" do
# let's create some files into the directory first
(0..5).each do |i|
File.new(@cache_dir + "/file_#{i}.txt", File::CREAT)
end
count_files_in_dir(@cache_dir, 'file_*.txt').should == 6
@cache.clean
count_files_in_dir(@cache_dir).should == 0
end
end
describe '#read_entry (nonexistent entry)' do
it 'should return nil' do
@cache.read_entry(Digest::SHA1.hexdigest('hello world')).should be_nil
end
end
describe '#write_entry, #read_entry' do
after :each do
@cache.write_entry(@key, @data, @timeout)
@cache.read_entry(@key).should === @expected
end
it 'should get the correct entry (string)' do
@timeout = 10
@key = 'some_key'
@data = 'Hello World !'
@expected = @data
end
it 'should not write the entry' do
@timeout = 0
@key = 'another_key'
@data = 'Another Hello World !'
@expected = nil
end
## TODO write / read for an object
end
end

74
spec/lib/common/updater/git_updater_spec.rb Normal file
View File

@@ -0,0 +1,74 @@
# encoding: UTF-8
require 'spec_helper'
describe GitUpdater do
before :each do
@git_updater = GitUpdater.new
end
describe '#is_installed?' do
after :each do
stub_system_command(@git_updater, /^git .* status/, @stub_value)
@git_updater.is_installed?.should === @expected
end
it 'should return false if the command is not found' do
@stub_value = 'git: command not found'
@expected = false
end
it 'should return true if the repo is a git one' do
@stub_value = "# On branch master\n# Changed but not updated:"
@expected = true
end
end
describe '#local_revision_number' do
after :each do
stub_system_command(@git_updater, /^git .* log/, @stub_value)
@git_updater.local_revision_number.should === @expected
end
it 'should return 79c01f3' do
@stub_value = '
commit 79c01f3ed535a8e33876ea091d8217cae7df4028
Author: Moi <tadimm>
Date: Wed Jul 11 23:22:16 2012 +0100'
@expected = '79c01f3'
end
end
describe '#update' do
it 'should do nothing xD' do
stub_system_command(@git_updater, /^git .* pull/, 'Already up-to-date.')
@git_updater.update().should === 'Already up-to-date.'
end
end
describe '#has_local_changes?' do
after :each do
stub_system_command(@git_updater, /^git .* diff --exit-code 2>&1/, @stub_value)
@git_updater.has_local_changes?.should === @expected
end
it 'should return true if there are local changes' do
@stub_value = 'diff'
@expected = true
end
it 'should return false if there are no local changes' do
@stub_value = ''
@expected = false
end
end
describe '#reset_head' do
it 'should reset the local repo' do
stub_system_command(@git_updater, /^git .* reset --hard HEAD/, 'HEAD is now at')
@git_updater.reset_head.should match(/^HEAD is now at/)
end
end
end

86
spec/lib/common/updater/svn_updater_spec.rb Normal file
View File

@@ -0,0 +1,86 @@
# encoding: UTF-8
require 'spec_helper'
describe SvnUpdater do
before :each do
@svn_updater = SvnUpdater.new
end
describe '#is_installed?' do
after :each do
stub_system_command(@svn_updater, /^svn info/, @stub_value)
@svn_updater.is_installed?.should === @expected
end
it 'should return false if the svn command is not found' do
@stub_value = 'svn: command not found'
@expected = false
end
it 'should return false if the repository is not manage by svn' do
@stub_value = "svn: '.' is not a working copy"
@expected = false
end
it 'should return true' do
@stub_value = '<?xml version="1.0"?>
<info>
<entry kind="dir" path="." revision="362">
<url>https://wpscan.googlecode.com/svn/trunk</url>
<repository>
<root>https://wpscan.googlecode.com/svn</root>
<uuid>0b0242d5-46e6-2201-410d-bc09fd35266c</uuid>
</repository>
<wc-info>
<schedule>normal</schedule>
<depth>infinity</depth>
</wc-info>
<commit revision="362">
<author>author@mail.tld</author>
<date>2012-06-02T06:26:25.309806Z</date>
</commit>
</entry>
</info>'
@expected = true
end
end
describe '#local_revision_number' do
after :each do
stub_system_command(@svn_updater, /^svn info/, @stub_value)
@svn_updater.local_revision_number.should === @expected
end
it 'should return 399' do
@stub_value = '<?xml version="1.0"?>
<info>
<entry kind="dir" path="." revision="362">
<url>https://wpscan.googlecode.com/svn/trunk</url>
<repository>
<root>https://wpscan.googlecode.com/svn</root>
<uuid>0b0242d5-46e6-2201-410d-bc09fd35266c</uuid>
</repository>
<wc-info>
<schedule>normal</schedule>
<depth>infinity</depth>
</wc-info>
<commit revision="362">
<author>author@mail.tld</author>
<date>2012-06-02T06:26:25.309806Z</date>
</commit>
</entry>
</info>'
@expected = '362'
end
end
describe '#update' do
it 'should do nothing xD' do
stub_system_command(@svn_updater, /^svn up/, 'At revision 425.')
@svn_updater.update().should === 'At revision 425.'
end
end
end

29
spec/lib/common/updater/updater_factory_spec.rb Normal file
View File

@@ -0,0 +1,29 @@
# encoding: UTF-8
require 'spec_helper'
describe UpdaterFactory do
describe '#available_updaters_classes' do
after :each do
UpdaterFactory.available_updaters_classes.sort.should === @expected.sort
end
it 'should return [:GitUpdater, :SvnUpdater]' do
@expected = [:GitUpdater, :SvnUpdater]
end
it 'should return [:TestUpdater, :GitUpdater, :SvnUpdater]' do
class TestUpdater < Updater
end
@expected = [:GitUpdater, :SvnUpdater, :TestUpdater]
end
end
# TODO : Find a way to test that
describe '#get_updater' do
end
end

27
spec/lib/common/updater/updater_spec.rb Normal file
View File

@@ -0,0 +1,27 @@
# encoding: UTF-8
require 'spec_helper'
describe Updater do
before :all do
class TestUpdater < Updater
end
end
after :all do
Object.send(:remove_const, :TestUpdater)
end
describe 'non implementation of #is_installed?, #has_update? and #update' do
it 'should raise errors' do
test_updater = TestUpdater.new
methods_to_call = [:is_installed?, :update, :local_revision_number]
methods_to_call.each do |method_to_call|
expect { test_updater.send(method_to_call) }.to raise_error(NotImplementedError)
end
end
end
end