1
# frozen_string_literal: true
2

3
describe WPScan::Finders::Users::AuthorSitemap do
4
  subject(:finder) { described_class.new(target) }
5
  let(:target)     { WPScan::Target.new(url) }
6
  let(:url)        { 'http://wp.lab/' }
7
  let(:fixtures)   { FINDERS_FIXTURES.join('users', 'author_sitemap') }
8

9
  describe '#aggressive' do
10
    before do
11
      allow(target).to receive(:sub_dir).and_return(false)
12

13
      stub_request(:get, finder.sitemap_url).to_return(body: body)
14
    end
15

16
    context 'when not an XML response' do
17
      let(:body) { '' }
18

19
      its(:aggressive) { should eql([]) }
20
    end
21

22
    context 'when an XML response' do
23
      context 'when no usernames disclosed' do
24
        let(:body) { File.read(fixtures.join('no_usernames.xml')) }
25

26
        its(:aggressive) { should eql([]) }
27
      end
28

29
      context 'when usernames disclosed' do
30
        let(:body) { File.read(fixtures.join('usernames.xml')) }
31

32
        it 'returns the expected array of users' do
33
          users = finder.aggressive
34

35
          expect(users.size).to eql 2
36

37
          expect(users.first.username).to eql 'admin'
38
          expect(users.first.confidence).to eql 100
39
          expect(users.first.interesting_entries).to eql ['http://wp.lab/wp-sitemap-users-1.xml']
40

41
          expect(users.last.username).to eql 'author'
42
          expect(users.last.confidence).to eql 100
43
          expect(users.last.interesting_entries).to eql ['http://wp.lab/wp-sitemap-users-1.xml']
44
        end
45
      end
46
    end
47
  end
48
end
49

50