1
# frozen_string_literal: true
2

3
describe WPScan::Finders::InterestingFindings::MuPlugins do
4
  subject(:finder) { described_class.new(target) }
5
  let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
6
  let(:url)        { 'http://ex.lo/' }
7
  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'mu_plugins') }
8

9
  before do
10
    expect(target).to receive(:content_dir).at_least(1).and_return('wp-content')
11
  end
12

13
  describe '#passive' do
14
    before { stub_request(:get, url).to_return(body: body) }
15

16
    context 'when no uris' do
17
      let(:body) { '' }
18

19
      its(:passive) { should be nil }
20
    end
21

22
    context 'when a large amount of unrelated uris' do
23
      let(:body) do
24
        Array.new(250) { |i| "<a href='#{url}#{i}.html'>Some Link</a><img src='#{url}img-#{i}.png'/>" }.join("\n")
25
      end
26

27
      it 'should not take a while to process the page' do
28
        time_start = Time.now
29
        result = finder.passive
30
        time_end = Time.now
31

32
        expect(result).to be nil
33
        expect(time_end - time_start).to be < 1
34
      end
35
    end
36

37
    context 'when uris' do
38
      let(:body) { File.read(fixtures.join(fixture)) }
39

40
      context 'when none matching' do
41
        let(:fixture) { 'no_match.html' }
42

43
        its(:passive) { should be nil }
44
      end
45

46
      context 'when matching via href' do
47
        let(:fixture) { 'match_href.html' }
48

49
        its(:passive) { should be_a WPScan::Model::MuPlugins }
50
      end
51

52
      context 'when matching from src' do
53
        let(:fixture) { 'match_src.html' }
54

55
        its(:passive) { should be_a WPScan::Model::MuPlugins }
56
      end
57
    end
58
  end
59

60
  describe '#aggressive' do
61
    xit
62
  end
63
end
64

65