1
# frozen_string_literal: true
2

3
describe WPScan::Controller::Enumeration do
4
  subject(:controller) { described_class.new }
5
  let(:target_url)     { 'http://wp.lab/' }
6
  let(:cli_args)       { "--url #{target_url}" }
7

8
  before do
9
    ## For the --passwords options
10
    allow_any_instance_of(OptParseValidator::OptPath).to receive(:check_file)
11

12
    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
13
  end
14

15
  describe '#enum_message' do
16
    after { expect(controller.enum_message(type, detection_mode)).to eql @expected }
17

18
    context 'when type argument is incorrect' do
19
      let(:type)           { 'spec' }
20
      let(:detection_mode) { :mixed }
21

22
      it 'returns nil' do
23
        @expected = nil
24
      end
25
    end
26

27
    %w[plugins themes].each do |t|
28
      context "type = #{t}" do
29
        let(:type)           { t }
30
        let(:detection_mode) { :mixed }
31

32
        context 'when vulnerable' do
33
          let(:cli_args) { "#{super()} -e v#{type[0]}" }
34

35
          it 'returns the expected string' do
36
            @expected = "Enumerating Vulnerable #{type.capitalize} (via Passive and Aggressive Methods)"
37
          end
38
        end
39

40
        context 'when all' do
41
          let(:cli_args)       { "#{super()} -e a#{type[0]}" }
42
          let(:detection_mode) { :passive }
43

44
          it 'returns the expected string' do
45
            @expected = "Enumerating All #{type.capitalize} (via Passive Methods)"
46
          end
47
        end
48

49
        context 'when most popular' do
50
          let(:cli_args)       { "#{super()} -e #{type[0]}" }
51
          let(:detection_mode) { :aggressive }
52

53
          it 'returns the expected string' do
54
            @expected = "Enumerating Most Popular #{type.capitalize} (via Aggressive Methods)"
55
          end
56
        end
57
      end
58
    end
59
  end
60

61
  describe '#default_opts' do
62
    context 'when no --enumerate' do
63
      it 'contains the correct version_detection' do
64
        expect(controller.default_opts('plugins')[:version_detection]).to include(mode: :mixed)
65
      end
66
    end
67
  end
68

69
  describe '#cli_options' do
70
    it 'contains the correct options' do
71
      expect(controller.cli_options.map(&:to_sym)).to eql(
72
        %i[enumerate exclude_content_based
73
           plugins_list plugins_detection plugins_version_all plugins_version_detection plugins_threshold
74
           themes_list themes_detection themes_version_all themes_version_detection themes_threshold
75
           timthumbs_list timthumbs_detection
76
           config_backups_list config_backups_detection
77
           db_exports_list db_exports_detection
78
           medias_detection
79
           users_list users_detection exclude_usernames]
80
      )
81
    end
82
  end
83

84
  describe '#enum_users' do
85
    before { expect(controller.formatter).to receive(:output).twice }
86
    after { controller.enum_users }
87

88
    context 'when --enumerate has been supplied' do
89
      let(:cli_args) { "#{super()} -e u1-10" }
90

91
      it 'calls the target.users with the correct range' do
92
        expect(controller.target).to receive(:users).with(hash_including(range: (1..10)))
93
      end
94
    end
95

96
    context 'when --passwords supplied but no --username or --usernames' do
97
      let(:cli_args) { "#{super()} --passwords some-file.txt" }
98

99
      it 'calls the target.users with the default range' do
100
        expect(controller.target).to receive(:users).with(hash_including(range: (1..10)))
101
      end
102
    end
103
  end
104

105
  describe '#run' do
106
    context 'when no :enumerate' do
107
      before do
108
        expect(controller).to receive(:enum_plugins)
109
        expect(controller).to receive(:enum_config_backups)
110

111
        expect(WPScan::ParsedCli.plugins_detection).to eql :passive
112
      end
113

114
      it 'calls enum_plugins and enum_config_backups' do
115
        controller.run
116
      end
117

118
      context 'when --passwords supplied but no --username or --usernames' do
119
        let(:cli_args) { "#{super()} --passwords some-file.txt" }
120

121
        it 'calls the enum_users' do
122
          expect(controller).to receive(:enum_users)
123
          controller.run
124
        end
125
      end
126
    end
127

128
    context 'when :enumerate' do
129
      after { controller.run }
130

131
      context 'when no option supplied' do
132
        let(:cli_args) { "#{super()} -e" }
133

134
        it 'calls the correct enum methods' do
135
          %i[plugins themes timthumbs config_backups db_exports users medias].each do |option|
136
            expect(controller).to receive("enum_#{option}".to_sym)
137
          end
138
        end
139
      end
140

141
      %i[p ap vp].each do |option|
142
        context "when #{option}" do
143
          let(:cli_args) { "#{super()} -e #{option}" }
144

145
          it 'calls the #enum_plugins' do
146
            expect(controller).to receive(:enum_plugins)
147
          end
148
        end
149
      end
150

151
      %i[t at vt].each do |option|
152
        context option.to_s do
153
          let(:cli_args) { "#{super()} -e #{option}" }
154

155
          it 'calls the #enum_themes' do
156
            expect(controller).to receive(:enum_themes)
157
          end
158
        end
159
      end
160

161
      { timthumbs: 'tt', config_backups: 'cb', db_exports: 'dbe', medias: 'm', users: 'u' }.each do |option, shortname|
162
        context "when #{option}" do
163
          let(:cli_args) { "#{super()} -e #{shortname}" }
164

165
          it "calls the ##{option}" do
166
            expect(controller).to receive("enum_#{option}".to_sym)
167
          end
168
        end
169
      end
170
    end
171
  end
172
end
173

174