From fe1191a51ed0d226ab313e90e77b43ee6538661d Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Mon, 24 Sep 2012 18:07:22 +0200 Subject: [PATCH] bugfixing and rspec tests --- lib/wpscan/wp_target.rb | 2 +- lib/wpscan/wp_version.rb | 4 ++-- .../opml/wp-links-opml-nogenerator.xml | 9 ++++++++ .../wpscan/wp_version/opml/wp-links-opml.xml | 10 ++++++++ spec/lib/wpscan/wp_target_spec.rb | 23 +++++++++++++++++++ spec/lib/wpscan/wp_version_spec.rb | 22 +++++++++++++++++- 6 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 spec/fixtures/wpscan/wp_version/opml/wp-links-opml-nogenerator.xml create mode 100644 spec/fixtures/wpscan/wp_version/opml/wp-links-opml.xml diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb index 0f437b4e..b5c1e474 100644 --- a/lib/wpscan/wp_target.rb +++ b/lib/wpscan/wp_target.rb @@ -132,7 +132,7 @@ class WpTarget def search_replace_db_2_exists? resp = Browser.instance.get(search_replace_db_2_url) - resp.status == 200 && resp.body[%r{by interconnect}i] + resp.code == 200 && resp.body[%r{by interconnect}i] end # Should check wp-login.php if registration is enabled or not diff --git a/lib/wpscan/wp_version.rb b/lib/wpscan/wp_version.rb index 17de70a1..1e81e522 100644 --- a/lib/wpscan/wp_version.rb +++ b/lib/wpscan/wp_version.rb @@ -124,12 +124,12 @@ class WpVersion < Vulnerable # http://code.google.com/p/wpscan/issues/detail?id=109 def self.find_from_sitemap_generator(options) target_uri = options[:base_url] - Browser.instance.get(target_uri.merge("sitemap.xml").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}, 1] + Browser.instance.get(target_uri.merge("sitemap.xml").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}i, 1] end def self.find_from_links_opml(options) target_uri = options[:base_url] - Browser.instance.get(target_uri.merge("wp-links-opml.php").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}, 1] + Browser.instance.get(target_uri.merge("wp-links-opml.php").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}i, 1] end # Used to check if the version is correct : must contain at least one . diff --git a/spec/fixtures/wpscan/wp_version/opml/wp-links-opml-nogenerator.xml b/spec/fixtures/wpscan/wp_version/opml/wp-links-opml-nogenerator.xml new file mode 100644 index 00000000..97c27ad6 --- /dev/null +++ b/spec/fixtures/wpscan/wp_version/opml/wp-links-opml-nogenerator.xml @@ -0,0 +1,9 @@ + + + + Title + Mon, 24 Sep 2012 15:58:41 GMT + + + + \ No newline at end of file diff --git a/spec/fixtures/wpscan/wp_version/opml/wp-links-opml.xml b/spec/fixtures/wpscan/wp_version/opml/wp-links-opml.xml new file mode 100644 index 00000000..c20a5550 --- /dev/null +++ b/spec/fixtures/wpscan/wp_version/opml/wp-links-opml.xml @@ -0,0 +1,10 @@ + + + + Title + Mon, 24 Sep 2012 15:58:41 GMT + + + + + \ No newline at end of file diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb index 0399bd9f..a4a9344c 100644 --- a/spec/lib/wpscan/wp_target_spec.rb +++ b/spec/lib/wpscan/wp_target_spec.rb @@ -221,4 +221,27 @@ describe WpTarget do @expected = true end end + + describe "#search_replace_db_2_url" do + it "should return the correct url" do + @wp_target.search_replace_db_2_url.should == "http://example.localhost/searchreplacedb2.php" + end + end + + describe "#search_replace_db_2_exists?" do + it "should return true" do + stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 200, :body => "asdf by interconnect asdf") + @wp_target.search_replace_db_2_exists?.should be_true + end + + it "should return false" do + stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 500) + @wp_target.search_replace_db_2_exists?.should be_false + end + + it "should return false" do + stub_request(:any, @wp_target.search_replace_db_2_url).to_return(:status => 500, :body => "asdf by interconnect asdf") + @wp_target.search_replace_db_2_exists?.should be_false + end + end end diff --git a/spec/lib/wpscan/wp_version_spec.rb b/spec/lib/wpscan/wp_version_spec.rb index f6cc32d5..a2182761 100644 --- a/spec/lib/wpscan/wp_version_spec.rb +++ b/spec/lib/wpscan/wp_version_spec.rb @@ -139,7 +139,7 @@ describe WpVersion do end describe "#find_from_advanced_fingerprinting" do - let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + '/advanced' } + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/advanced" } it "should return 3.2.1" do stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s, @@ -152,6 +152,26 @@ describe WpVersion do end end + describe "#find_from_links_opml" do + let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/opml" } + + it "should return 3.4.2" do + stub_request_to_fixture(:url => @target_uri.merge("wp-links-opml.php").to_s, + :status => 200, + :fixture => "#{fixtures_dir}/wp-links-opml.xml") + version = WpVersion.find_from_links_opml(:base_url => @target_uri) + version.should == "3.4.2" + end + + it "should return nil" do + stub_request_to_fixture(:url => @target_uri.merge("wp-links-opml.php").to_s, + :status => 200, + :fixture => "#{fixtures_dir}/wp-links-opml-nogenerator.xml") + version = WpVersion.find_from_links_opml(:base_url => @target_uri) + version.should be_nil + end + end + describe "#initialize" do it "should initialize a WpVersion object" do v = WpVersion.new(1, {:discovery_method => "method", :vulns_file => "asdf.xml"})