62 lines
1.9 KiB
Ruby
62 lines
1.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
describe WPScan::Finders::Passwords::WpLogin do
|
|
subject(:finder) { described_class.new(target) }
|
|
let(:target) { WPScan::Target.new(url) }
|
|
let(:url) { 'http://ex.lo/' }
|
|
|
|
describe '#valid_credentials?' do
|
|
context 'when a non 302' do
|
|
it 'returns false' do
|
|
expect(finder.valid_credentials?(Typhoeus::Response.new(code: 200, headers: {}))).to be_falsey
|
|
end
|
|
end
|
|
|
|
context 'when a 302' do
|
|
let(:response) { Typhoeus::Response.new(code: 302, headers: headers) }
|
|
|
|
context 'when no cookies set' do
|
|
let(:headers) { {} }
|
|
|
|
it 'returns false' do
|
|
expect(finder.valid_credentials?(response)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context 'when no logged_in cookie set' do
|
|
context 'when only one cookie set' do
|
|
let(:headers) { 'Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/' }
|
|
|
|
it 'returns false' do
|
|
expect(finder.valid_credentials?(response)).to be_falsey
|
|
end
|
|
end
|
|
|
|
context 'when multiple cookies set' do
|
|
let(:headers) do
|
|
"Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/\r\n" \
|
|
'Set-Cookie: something=value; path=/'
|
|
end
|
|
|
|
it 'returns false' do
|
|
expect(finder.valid_credentials?(response)).to be_falsey
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when logged_in cookie set' do
|
|
let(:headers) do
|
|
"Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/\r\r" \
|
|
"Set-Cookie: wordpress_xxx=yyy; path=/wp-content/plugins; httponly\r\n" \
|
|
"Set-Cookie: wordpress_xxx=yyy; path=/wp-admin; httponly\r\n" \
|
|
'Set-Cookie: wordpress_logged_in_xxx=yyy; path=/; httponly'
|
|
end
|
|
|
|
it 'returns false' do
|
|
expect(finder.valid_credentials?(response)).to eql true
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|