1
# frozen_string_literal: true
2

3
describe WPScan::Finders::InterestingFindings::UploadSQLDump do
4
  subject(:finder) { described_class.new(target) }
5
  let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
6
  let(:url)        { 'http://ex.lo/' }
7
  let(:dump_url)   { "#{url}wp-content/uploads/dump.sql" }
8
  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'upload_sql_dump') }
9
  let(:wp_content) { 'wp-content' }
10

11
  describe '#aggressive' do
12
    before do
13
      expect(target).to receive(:content_dir).at_least(1).and_return(wp_content)
14
      expect(target).to receive(:head_or_get_params).and_return(method: :head)
15
    end
16

17
    after { expect(finder.aggressive).to eql @expected }
18

19
    context 'when not a 200' do
20
      it 'returns nil' do
21
        stub_request(:head, dump_url).to_return(status: 404)
22

23
        @expected = nil
24
      end
25
    end
26

27
    context 'when a 200' do
28
      before do
29
        stub_request(:head, dump_url).to_return(status: 200)
30

31
        stub_request(:get, dump_url)
32
          .with(headers: { 'Range' => 'bytes=0-3000' })
33
          .to_return(body: File.read(fixtures.join(fixture)))
34
      end
35

36
      context 'when the body does not match a SQL dump' do
37
        let(:fixture) { 'not_sql.txt' }
38

39
        it 'returns nil' do
40
          @expected = nil
41
        end
42
      end
43

44
      context 'when the body matches a SQL dump' do
45
        let(:fixture) { 'dump.sql' }
46

47
        it 'returns the interesting findings' do
48
          @expected = WPScan::Model::UploadSQLDump.new(
49
            dump_url,
50
            confidence: 100,
51
            found_by: described_class::DIRECT_ACCESS
52
          )
53
        end
54
      end
55
    end
56
  end
57
end
58

59