Path: blob/master/spec/app/finders/users/oembed_api_spec.rb
1483 views
# frozen_string_literal: true12describe WPScan::Finders::Users::OembedApi do3subject(:finder) { described_class.new(target) }4let(:target) { WPScan::Target.new(url) }5let(:url) { 'http://wp.lab/' }6let(:fixtures) { FINDERS_FIXTURES.join('users', 'oembed_api') }78describe '#aggressive' do9before do10allow(target).to receive(:sub_dir).and_return(false)11stub_request(:get, finder.api_url).to_return(body: body)12end1314context 'when not a JSON response' do15let(:body) { '' }1617its(:aggressive) { should eql([]) }18end1920context 'when a JSON response' do21let(:body) { File.read(fixture) }2223context 'when 404' do24let(:fixture) { fixtures.join('404.json') }2526its(:aggressive) { should eql([]) }27end2829context 'when 200' do30context 'when author_url present' do31let(:fixture) { fixtures.join('200_author_url.json') }3233it 'returns the expected array of users' do34users = finder.aggressive3536expect(users.size).to eql 13738user = users.first3940expect(user.username).to eql 'admin'41expect(user.confidence).to eql 9042expect(user.found_by).to eql 'Oembed API - Author URL (Aggressive Detection)'43expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json']44end45end4647context 'when author_url not present but author_name' do48let(:fixture) { fixtures.join('200_author_name.json') }4950it 'returns the expected array of users' do51users = finder.aggressive5253expect(users.size).to eql 15455user = users.first5657expect(user.username).to eql 'admin sa'58expect(user.confidence).to eql 7059expect(user.found_by).to eql 'Oembed API - Author Name (Aggressive Detection)'60expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json']61end62end6364context 'when body is an array' do65let(:fixture) { fixtures.join('array.json') }6667its(:aggressive) { should eql([]) }68end69end70end71end72end737475