Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
wpscanteam
GitHub Repository: wpscanteam/wpscan
 Path: blob/master/spec/app/finders/db_exports/known_locations_spec.rb
1483 views
1
# frozen_string_literal: true

2


3
describe WPScan::Finders::DbExports::KnownLocations do

4
  subject(:finder) { described_class.new(target) }

5
  let(:target)     { WPScan::Target.new(url) }

6
  let(:url)        { 'http://ex.lo/aa/' }

7
  let(:fixtures)   { FINDERS_FIXTURES.join('db_exports') }

8
  let(:opts)       { { list: WPScan::DB_DIR.join('db_exports.txt').to_s } }

9


10
  describe '#potential_urls' do

11
    before do

12
      allow(target).to receive(:sub_dir).and_return(false)

13
    end

14


15
    it 'replaces {domain_name} by its values' do

16
      expect(finder.potential_urls(opts).keys).to eql %w[

17
        http://ex.lo/aa/ex.sql

18
        http://ex.lo/aa/wordpress.sql

19
        http://ex.lo/aa/backup/ex.zip

20
        http://ex.lo/aa/backup/mysql.sql

21
        http://ex.lo/aa/backups/ex.sql.gz

22
        http://ex.lo/aa/backups/db_backup.sql

23
      ]

24
    end

25


26
    %w[dev poc www].each do |sub_domain|

27
      context "when #{sub_domain} sub-domain" do

28
        let(:url) { "https://#{sub_domain}.domain.tld" }

29


30
        it 'replaces {domain_name} by its correct values' do

31
          expect(finder.potential_urls(opts).keys).to include "#{url}/domain.sql", "#{url}/#{sub_domain}.domain.sql"

32
        end

33
      end

34
    end

35


36
    context 'when multi-level tlds' do

37
      let(:url) { 'https://something.com.tr' }

38


39
      it 'replaces {domain_name} by its correct value' do

40
        expect(finder.potential_urls(opts).keys).to include 'https://something.com.tr/something.sql'

41
      end

42
    end

43


44
    context 'when multi-level tlds and sub-domain' do

45
      let(:url) { 'https://dev.something.com.tr' }

46


47
      it 'replaces {domain_name} by its correct values' do

48
        expect(finder.potential_urls(opts).keys).to include(

49
          'https://dev.something.com.tr/something.sql',

50
          'https://dev.something.com.tr/dev.something.sql'

51
        )

52
      end

53
    end

54


55
    context 'when some weird stuff' do

56
      let(:url) { 'https://098f6bcd4621d373cade4e832627b4f6.aa-bb-ccc-dd.domain-test.com' }

57


58
      it 'replaces {domain_name} by its correct values' do

59
        expect(finder.potential_urls(opts).keys).to include(

60
          "#{url}/domain-test.sql",

61
          "#{url}/098f6bcd4621d373cade4e832627b4f6.aa-bb-ccc-dd.domain-test.sql"

62
        )

63
      end

64
    end

65


66
    context 'when a non standard URL' do

67
      let(:url) { 'http://dc-2' }

68


69
      it 'replaces {domain_name} by its correct value' do

70
        expect(finder.potential_urls(opts).keys).to include "#{url}/dc-2.sql"

71
      end

72
    end

73


74
    context 'when an IP address' do

75
      let(:url) { 'http://192.168.1.12' }

76


77
      it 'replaces {domain_name} by the IP address' do

78
        expect(finder.potential_urls(opts).keys).to include "#{url}/192.168.1.12.sql"

79
      end

80
    end

81
  end

82


83
  describe '#aggressive' do

84
    before do

85
      allow(target).to receive(:sub_dir).and_return(false)

86
      expect(target).to receive(:head_or_get_params).and_return(method: :head)

87


88
      finder.potential_urls(opts).each_key do |url|

89
        stub_request(:head, url).to_return(status: 404)

90
      end

91
    end

92


93
    context 'when all files are 404s' do

94
      it 'returns an empty array' do

95
        expect(finder.aggressive(opts)).to eql []

96
      end

97
    end

98


99
    context 'when a zip returns a 200' do

100
      xit

101
    end

102


103
    context 'when some files exist' do

104
      let(:found_files) { %w[ex.sql backups/db_backup.sql] }

105
      let(:db_export) { File.read(fixtures.join('dump.sql')) }

106


107
      before do

108
        found_files.each do |file|

109
          stub_request(:head, "#{url}#{file}").to_return(status: 200)

110


111
          stub_request(:get, "#{url}#{file}")

112
            .with(headers: { 'Range' => 'bytes=0-3000' })

113
            .to_return(body: db_export)

114
        end

115


116
        expect(target).to receive(:homepage_or_404?).twice.and_return(false)

117
      end

118


119
      context 'when matching the pattern' do

120
        it 'returns the expected Array<DbExport>' do

121
          expected = []

122


123
          found_files.each do |file|

124
            url = "#{target.url}#{file}"

125
            expected << WPScan::Model::DbExport.new(

126
              url,

127
              confidence: 100,

128
              found_by: described_class::DIRECT_ACCESS

129
            )

130
          end

131


132
          expect(finder.aggressive(opts)).to eql expected

133
        end

134
      end

135


136
      context 'when not matching the pattern' do

137
        let(:db_export) { '' }

138


139
        it 'returns an empty array' do

140
          expect(finder.aggressive(opts)).to eql []

141
        end

142
      end

143
    end

144
  end

145
end

146


147