1
# frozen_string_literal: true
2

3
describe WPScan::Finders::ConfigBackups::KnownFilenames do
4
  subject(:finder) { described_class.new(target) }
5
  let(:target)     { WPScan::Target.new(url) }
6
  let(:url)        { 'http://ex.lo/' }
7
  let(:fixtures)   { FINDERS_FIXTURES.join('config_backups') }
8
  let(:opts)       { { list: WPScan::DB_DIR.join('config_backups.txt').to_s } }
9

10
  describe '#aggressive' do
11
    before do
12
      expect(target).to receive(:sub_dir).at_least(1).and_return(false)
13
      expect(target).to receive(:head_or_get_params).and_return(method: :head)
14

15
      finder.potential_urls(opts).each_key do |url|
16
        stub_request(:head, url).to_return(status: 404)
17
      end
18
    end
19

20
    context 'when all files are 404s' do
21
      it 'returns an empty array' do
22
        expect(finder.aggressive(opts)).to eql []
23
      end
24
    end
25

26
    context 'when some files exist' do
27
      let(:found_files) { ['%23wp-config.php%23', 'wp-config.bak'] }
28
      let(:config_backup) { File.read(fixtures.join('wp-config.php')) }
29

30
      before do
31
        found_files.each do |file|
32
          stub_request(:head, "#{url}#{file}").to_return(status: 200)
33
          stub_request(:get, "#{url}#{file}").to_return(status: 200, body: config_backup)
34
        end
35

36
        expect(target).to receive(:homepage_or_404?).twice.and_return(false)
37
      end
38

39
      it 'returns the expected Array<ConfigBackup>' do
40
        expected = []
41

42
        found_files.each do |file|
43
          url = "#{target.url}#{file}"
44

45
          expected << WPScan::Model::ConfigBackup.new(
46
            url,
47
            confidence: 100,
48
            found_by: described_class::DIRECT_ACCESS
49
          )
50
        end
51

52
        expect(finder.aggressive(opts)).to eql expected
53
      end
54
    end
55
  end
56
end
57

58