Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
wpscanteam
GitHub Repository: wpscanteam/wpscan
 Path: blob/master/spec/app/finders/users/wp_json_api_spec.rb
1483 views
1
# frozen_string_literal: true

2


3
describe WPScan::Finders::Users::WpJsonApi do

4
  subject(:finder) { described_class.new(target) }

5
  let(:target)     { WPScan::Target.new(url) }

6
  let(:url)        { 'http://wp.lab/' }

7
  let(:fixtures)   { FINDERS_FIXTURES.join('users', 'wp_json_api') }

8


9
  describe '#aggressive' do

10
    before do

11
      allow(target).to receive(:sub_dir).and_return(false)

12
      allow(finder).to receive(:api_url).and_return(target.url('wp-json/wp/v2/users/'))

13
    end

14


15
    context 'when only one page of results' do

16
      before do

17
        stub_request(:get, finder.api_url)

18
          .with(query: { page: 1, per_page: 100 })

19
          .to_return(body: body, headers: {})

20
      end

21


22
      context 'when not a JSON response' do

23
        let(:body) { '' }

24


25
        its(:aggressive) { should eql([]) }

26
      end

27


28
      context 'when a JSON response' do

29
        context 'when unauthorised' do

30
          let(:body) { File.read(fixtures.join('401.json')) }

31


32
          its(:aggressive) { should eql([]) }

33
        end

34


35
        context 'when limited exposure (WP >= 4.7.1)' do

36
          let(:body) { File.read(fixtures.join('4.7.2.json')) }

37


38
          it 'returns the expected array of users' do

39
            users = finder.aggressive

40


41
            expect(users.size).to eql 1

42


43
            user = users.first

44


45
            expect(user.id).to eql 1

46
            expect(user.username).to eql 'admin'

47
            expect(user.confidence).to eql 100

48
            expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/wp/v2/users/?page=1&per_page=100']

49
          end

50
        end

51
      end

52
    end

53


54
    context 'when multiple pages of results' do

55
      before do

56
        stub_request(:get, finder.api_url)

57
          .with(query: { page: 1, per_page: 100 })

58
          .to_return(body: File.read(fixtures.join('4.7.2.json')), headers: { 'X-WP-TotalPages' => 2 })

59


60
        stub_request(:get, finder.api_url)

61
          .with(query: { page: 2, per_page: 100 })

62
          .to_return(body: File.read(fixtures.join('4.7.2-2.json')), headers: { 'X-WP-TotalPages' => 2 })

63
      end

64


65
      it 'returns the expected array of users' do

66
        users = finder.aggressive

67


68
        expect(users.size).to eql 2

69


70
        user = users.first

71


72
        expect(user.id).to eql 1

73
        expect(user.username).to eql 'admin'

74
        expect(user.confidence).to eql 100

75
        expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/wp/v2/users/?page=1&per_page=100']

76


77
        user = users.second

78


79
        expect(user.id).to eql 20

80
        expect(user.username).to eql 'user'

81
        expect(user.confidence).to eql 100

82
        expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/wp/v2/users/?page=2&per_page=100']

83
      end

84
    end

85
  end

86


87
  describe '#api_url' do

88
    let(:fixtures) { super().join('api_url') }

89


90
    before { allow(target).to receive(:sub_dir).and_return(false) }

91


92
    context 'when url in the homepage' do

93
      {

94
        in_scope: 'https://wp.lab/wp-json/wp/v2/users/',

95
        out_of_scope: 'http://wp.lab/wp-json/wp/v2/users/'

96
      }.each do |fixture, expected|

97
        it "returns #{expected} for #{fixture}.html" do

98
          stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{fixture}.html")))

99


100
          expect(finder.api_url).to eql expected

101
        end

102
      end

103


104
      context 'when subdir' do

105
        before { allow(target).to receive(:sub_dir).and_return('cms') }

106


107
        {

108
          in_scope_subdir: 'https://wp.lab/cms/wp-json/wp/v2/users/',

109
          in_scope_subdir_ignored: 'https://wp.lab/wp-json/wp/v2/users/'

110
        }.each do |fixture, expected|

111
          it "returns #{expected} for #{fixture}.html" do

112
            stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{fixture}.html")))

113


114
            expect(finder.api_url).to eql expected

115
          end

116
        end

117
      end

118
    end

119


120
    context 'when not in the homepage' do

121
      before { stub_request(:get, target.url) }

122


123
      its(:api_url) { should eql target.url('wp-json/wp/v2/users/') }

124
    end

125


126
    context 'when api_url already found' do

127
      before { allow(target).to receive(:sub_dir).and_return(false) }

128


129
      it 'does not check the homepage again' do

130
        url = target.url('wp-json/wp/v2/users/')

131


132
        finder.instance_variable_set(:@api_url, url)

133


134
        expect(finder.api_url).to eql url

135
      end

136
    end

137
  end

138
end

139


140