1
# frozen_string_literal: true
2

3
describe WPScan::Finders::InterestingFindings::FullPathDisclosure do
4
  subject(:finder) { described_class.new(target) }
5
  let(:target)     { WPScan::Target.new(url) }
6
  let(:url)        { 'http://ex.lo/' }
7
  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'fpd') }
8
  let(:file_url)   { target.url('wp-includes/rss-functions.php') }
9

10
  describe '#aggressive' do
11
    before do
12
      expect(target).to receive(:sub_dir).at_least(1).and_return(false)
13
      stub_request(:get, file_url).to_return(body: body)
14
    end
15

16
    context 'when empty file' do
17
      let(:body) { '' }
18

19
      its(:aggressive) { should be_nil }
20
    end
21

22
    context 'when a log file' do
23
      let(:body) { File.read(fixtures.join('rss_functions.php')) }
24

25
      it 'returns the InterestingFinding' do
26
        found = finder.aggressive
27

28
        expect(found).to eql WPScan::Model::FullPathDisclosure.new(
29
          file_url,
30
          confidence: 100,
31
          found_by: described_class::DIRECT_ACCESS
32
        )
33
        expect(found.interesting_entries).to eql %w[/blog/wp-includes/rss-functions.php]
34
      end
35
    end
36
  end
37
end
38

39