1
# frozen_string_literal: true
2

3
describe WPScan::Finders::InterestingFindings::PHPDisabled do
4
  subject(:finder) { described_class.new(target) }
5
  let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
6
  let(:url)        { 'http://ex.lo/' }
7
  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'php_disabled') }
8
  let(:file_path)  { 'wp-includes/version.php' }
9
  let(:file_url)   { target.url(file_path) }
10

11
  describe '#aggressive' do
12
    before do
13
      expect(target).to receive(:sub_dir).at_least(1).and_return(false)
14
      expect(target).to receive(:head_or_get_params).and_return(method: :head)
15
    end
16

17
    context 'when not a 200' do
18
      it 'return nil' do
19
        stub_request(:head, file_url).to_return(status: 404)
20

21
        expect(finder.aggressive).to eql nil
22
      end
23
    end
24

25
    context 'when a 200' do
26
      before do
27
        stub_request(:head, file_url)
28
        stub_request(:get, file_url).to_return(body: body)
29
      end
30

31
      context 'when the body does not match' do
32
        let(:body) { '' }
33

34
        its(:aggressive) { should be_nil }
35
      end
36

37
      context 'when the body matches' do
38
        let(:body) { File.read(fixtures.join('version.php')) }
39

40
        it 'returns the PHPDisabled' do
41
          expect(finder.aggressive).to eql WPScan::Model::PHPDisabled.new(
42
            file_url,
43
            confidence: 100,
44
            found_by: described_class::DIRECT_ACCESS
45
          )
46
        end
47
      end
48
    end
49
  end
50
end
51

52