1
# frozen_string_literal: true
2

3
describe WPScan::Controller::VulnApi do
4
  subject(:controller) { described_class.new }
5
  let(:target_url)     { 'http://ex.lo/' }
6
  let(:cli_args)       { "--url #{target_url}" }
7

8
  before do
9
    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
10
    WPScan::DB::VulnApi.instance_variable_set(:@default_request_params, nil)
11
  end
12

13
  describe '#cli_options' do
14
    its(:cli_options) { should_not be_empty }
15
    its(:cli_options) { should be_a Array }
16

17
    it 'contains to correct options' do
18
      expect(controller.cli_options.map(&:to_sym)).to eq %i[api_token]
19
    end
20
  end
21

22
  describe '#before_scan' do
23
    context 'when no --api-token provided' do
24
      its(:before_scan) { should be nil }
25
    end
26

27
    context 'when --api-token given' do
28
      let(:cli_args) { "#{super()} --api-token token" }
29

30
      context 'when the token is invalid' do
31
        before { expect(WPScan::DB::VulnApi).to receive(:status).and_return('status' => 'forbidden') }
32

33
        it 'raise an InvalidApiToken error' do
34
          expect { controller.before_scan }.to raise_error(WPScan::Error::InvalidApiToken)
35
        end
36
      end
37

38
      context 'when the token is valid' do
39
        context 'when the limit has been reached' do
40
          before do
41
            expect(WPScan::DB::VulnApi)
42
              .to receive(:status)
43
              .and_return('success' => true, 'plan' => 'free', 'requests_remaining' => 0)
44
          end
45

46
          it 'raises an ApiLimitReached error' do
47
            expect { controller.before_scan }.to raise_error(WPScan::Error::ApiLimitReached)
48
          end
49
        end
50

51
        context 'when a HTTP error, like a timeout' do
52
          before do
53
            expect(WPScan::DB::VulnApi)
54
              .to receive(:status)
55
              .and_return(
56
                'http_error' => WPScan::Error::HTTP.new(
57
                  Typhoeus::Response.new(effective_url: 'mock-url', return_code: 28)
58
                )
59
              )
60
          end
61

62
          it 'raises an HTTP error' do
63
            expect { controller.before_scan }
64
              .to raise_error(WPScan::Error::HTTP, 'HTTP Error: mock-url (Timeout was reached)')
65
          end
66
        end
67

68
        context 'when the token is valid and no HTTP error' do
69
          before do
70
            expect(WPScan::DB::VulnApi)
71
              .to receive(:status)
72
              .and_return('success' => true, 'plan' => 'free', 'requests_remaining' => requests)
73
          end
74

75
          context 'when limited requests' do
76
            let(:requests) { 100 }
77

78
            it 'sets the token and does not raise an error' do
79
              expect { controller.before_scan }.to_not raise_error
80

81
              expect(WPScan::DB::VulnApi.token).to eql 'token'
82
            end
83

84
            context 'when unlimited requests' do
85
              let(:requests) { 'Unlimited' }
86

87
              it 'sets the token and does not raise an error' do
88
                expect { controller.before_scan }.to_not raise_error
89

90
                expect(WPScan::DB::VulnApi.token).to eql 'token'
91
              end
92
            end
93
          end
94
        end
95
      end
96
    end
97

98
    context 'when token in ENV' do
99
      before do
100
        ENV[described_class::ENV_KEY] = 'token-from-env'
101

102
        expect(WPScan::DB::VulnApi)
103
          .to receive(:status)
104
          .and_return('success' => true, 'plan' => 'free', 'requests_remaining' => 'Unlimited')
105
      end
106

107
      it 'sets the token and does not raise an error' do
108
        expect { controller.before_scan }.to_not raise_error
109

110
        expect(WPScan::DB::VulnApi.token).to eql 'token-from-env'
111
      end
112
    end
113
  end
114
end
115

116