CoCalc -- backup_db

GitHub Repository: wpscanteam/wpscan
Path: blob/master/spec/app/finders/interesting_findings/backup_db_spec.rb
¹⁴⁸³ views
1
# frozen_string_literal: true
2

3
describe WPScan::Finders::InterestingFindings::BackupDB do
4
  subject(:finder) { described_class.new(target) }
5
  let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
6
  let(:url)        { 'http://ex.lo/' }
7
  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'backup_db') }
8
  let(:wp_content) { 'wp-content' }
9
  let(:dir_url)    { target.url("#{wp_content}/backup-db/") }
10

11
  before do
12
    expect(target).to receive(:content_dir).at_least(1).and_return(wp_content)
13
    expect(target).to receive(:head_or_get_params).and_return(method: :head)
14
  end
15

16
  describe '#aggressive' do
17
    context 'when not a 200 or 403' do
18
      it 'returns nil' do
19
        stub_request(:head, dir_url).to_return(status: 404)
20

21
        expect(finder.aggressive).to eql nil
22
      end
23
    end
24

25
    context 'when 200 and matching the homepage' do
26
      it 'returns nil' do
27
        stub_request(:head, dir_url)
28
        stub_request(:get, dir_url)
29

30
        expect(target).to receive(:homepage_or_404?).and_return(true)
31

32
        expect(finder.aggressive).to eql nil
33
      end
34
    end
35

36
    context 'when 200 or 403' do
37
      before do
38
        stub_request(:head, dir_url)
39
        stub_request(:get, dir_url).and_return(body: body)
40

41
        expect(target).to receive(:homepage_or_404?).and_return(false)
42
      end
43

44
      after do
45
        found = finder.aggressive
46

47
        expect(found).to eql WPScan::Model::BackupDB.new(
48
          dir_url,
49
          confidence: 70,
50
          found_by: described_class::DIRECT_ACCESS
51
        )
52

53
        expect(found.interesting_entries).to eq @expected_entries
54
      end
55

56
      context 'when no directory listing' do
57
        let(:body) { '' }
58

59
        it 'returns an empty interesting_findings attribute' do
60
          @expected_entries = []
61
        end
62
      end
63

64
      context 'when directory listing enabled' do
65
        let(:body) { File.read(fixtures.join('dir_listing.html')) }
66

67
        it 'returns the expected interesting_findings attribute' do
68
          @expected_entries = %w[sqldump.sql test.txt]
69
        end
70
      end
71
    end
72
  end
73
end
74

75
Product

Resources

Company
