51 lines
1.5 KiB
Ruby
51 lines
1.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
describe WPScan::Finders::InterestingFindings::PHPDisabled do
|
|
subject(:finder) { described_class.new(target) }
|
|
let(:target) { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
|
|
let(:url) { 'http://ex.lo/' }
|
|
let(:fixtures) { FINDERS_FIXTURES.join('interesting_findings', 'php_disabled') }
|
|
let(:file_path) { 'wp-includes/version.php' }
|
|
let(:file_url) { target.url(file_path) }
|
|
|
|
describe '#aggressive' do
|
|
before do
|
|
expect(target).to receive(:sub_dir).at_least(1).and_return(false)
|
|
expect(target).to receive(:head_or_get_params).and_return(method: :head)
|
|
end
|
|
|
|
context 'when not a 200' do
|
|
it 'return nil' do
|
|
stub_request(:head, file_url).to_return(status: 404)
|
|
|
|
expect(finder.aggressive).to eql nil
|
|
end
|
|
end
|
|
|
|
context 'when a 200' do
|
|
before do
|
|
stub_request(:head, file_url)
|
|
stub_request(:get, file_url).to_return(body: body)
|
|
end
|
|
|
|
context 'when the body does not match' do
|
|
let(:body) { '' }
|
|
|
|
its(:aggressive) { should be_nil }
|
|
end
|
|
|
|
context 'when the body matches' do
|
|
let(:body) { File.read(fixtures.join('version.php')) }
|
|
|
|
it 'returns the PHPDisabled' do
|
|
expect(finder.aggressive).to eql WPScan::Model::PHPDisabled.new(
|
|
file_url,
|
|
confidence: 100,
|
|
found_by: described_class::DIRECT_ACCESS
|
|
)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|