1
# frozen_string_literal: true
2

3
describe WPScan::Finders::PluginVersion::Readme do
4
  subject(:finder) { described_class.new(plugin) }
5
  let(:plugin)     { WPScan::Model::Plugin.new('spec', target) }
6
  let(:target)     { WPScan::Target.new('http://wp.lab/') }
7
  let(:fixtures)   { FINDERS_FIXTURES.join('plugin_version', 'readme') }
8

9
  def version(number, found_by, confidence)
10
    WPScan::Model::Version.new(
11
      number,
12
      found_by: format('Readme - %s (Aggressive Detection)', found_by),
13
      confidence: confidence,
14
      interesting_entries: [readme_url]
15
    )
16
  end
17

18
  def stable_tag(number)
19
    version(number, 'Stable Tag', 80)
20
  end
21

22
  def changelog_section(number)
23
    version(number, 'ChangeLog Section', 50)
24
  end
25

26
  describe '#aggressive' do
27
    before do
28
      expect(target).to receive(:content_dir).and_return('wp-content')
29

30
      allow(target).to receive(:head_or_get_params).and_return(method: :head)
31

32
      stub_request(:head, /.*/).to_return(status: 404)
33
      stub_request(:head, readme_url).to_return(status: 200)
34
    end
35

36
    let(:readme_url) { plugin.url(WPScan::Model::WpItem::READMES.sample) }
37

38
    after do
39
      stub_request(:get, readme_url).to_return(body: File.read(fixtures.join(@file)))
40

41
      expect(finder.aggressive).to eql @expected
42
    end
43

44
    context 'when no version' do
45
      it 'returns nil' do
46
        @file     = 'no_version.txt'
47
        @expected = nil
48
      end
49
    end
50

51
    context 'when the stable tag does not contain numbers' do
52
      it 'returns nil' do
53
        @file     = 'aa-health-calculator.txt'
54
        @expected = nil
55
      end
56
    end
57

58
    context 'when empty changelog section' do
59
      it 'returns nil' do
60
        @file     = 'all-in-one-facebook.txt'
61
        @expected = nil
62
      end
63
    end
64

65
    context 'when no changelog section' do
66
      it 'returns nil' do
67
        @file     = 'blog-reordering.txt'
68
        @expected = nil
69
      end
70
    end
71

72
    context 'when leaked from the stable tag' do
73
      it 'returns the expected versions' do
74
        @file     = 'simple-login-lockdown-0.4.txt'
75
        @expected = [stable_tag('0.4'), changelog_section('04')]
76
      end
77
    end
78

79
    context 'when leaked from the version' do
80
      it 'returns it' do
81
        @file     = 'wp-photo-plus-5.1.15.txt'
82
        @expected = [stable_tag('5.1.15')]
83
      end
84
    end
85

86
    context 'when version is in a release date format' do
87
      it 'detects and returns it' do
88
        @file     = 's2member.txt'
89
        @expected = [stable_tag('141007')]
90
      end
91
    end
92

93
    context 'when version contains letters' do
94
      it 'returns it' do
95
        @file     = 'beta1.txt'
96
        @expected = [stable_tag('2.0.0-beta1')]
97
      end
98
    end
99

100
    context 'when parsing the changelog for version numbers' do
101
      {
102
        'changelog_version' => '1.3',
103
        'wp_polls' => '2.64',
104
        'nextgen_gallery' => '2.0.66.33',
105
        'wp_user_frontend' => '1.2.3',
106
        'my_calendar' => '2.1.5',
107
        'nextgen_gallery_2' => '1.9.13',
108
        'advanced-most-recent-posts-mod' => '1.6.5.2',
109
        'a-lead-capture-contact-form-and-tab-button-by-awebvoicecom' => '3.1',
110
        'backup-scheduler' => '1.5.9',
111
        'release_date_slash' => '1.0.4',
112
        'cool_tag_cloud' => '2.27'
113
      }.each do |file, version_number|
114
        context "whith #{file}.txt" do
115
          it 'returns the expected version' do
116
            @file = "#{file}.txt"
117
            @expected = [changelog_section(version_number)]
118
          end
119
        end
120
      end
121
    end
122
  end
123
end
124

125