1
# frozen_string_literal: true
2

3
describe WPScan::Model::Timthumb do
4
  subject(:timthumb) { described_class.new(url, opts) }
5
  let(:url)          { 'http://wp.lab/wp-content/timthumb.php' }
6
  let(:fixtures)     { FIXTURES.join('models', 'timthumb') }
7
  let(:opts)         { {} }
8

9
  describe '#new' do
10
    its(:url) { should eql url }
11
  end
12

13
  # The fact that the finders should only be called once is handled by the
14
  # vulnerabilities, vulnerable? specs below
15
  describe '#version' do
16
    after do
17
      expect(WPScan::Finders::TimthumbVersion::Base).to receive(:find).with(timthumb, @expected_opts)
18

19
      timthumb.version(version_opts)
20
    end
21

22
    context 'when no :version_detection' do
23
      context 'when no :mode opt supplied' do
24
        let(:version_opts) { { something: 'k' } }
25

26
        it 'calls the finder with the correct parameters' do
27
          @expected_opts = version_opts
28
        end
29
      end
30

31
      context 'when :mode supplied' do
32
        let(:version_opts) { { mode: :passive } }
33

34
        it 'calls the finder with the correct parameters' do
35
          @expected_opts = { mode: :passive }
36
        end
37
      end
38
    end
39

40
    context 'when :version_detection' do
41
      let(:opts) { super().merge(mode: :passive) }
42

43
      context 'when no :mode' do
44
        let(:version_opts) { {} }
45

46
        it 'calls the finder with the :passive mode' do
47
          @expected_opts = version_opts
48
        end
49
      end
50

51
      context 'when :mode' do
52
        let(:version_opts) { { mode: :mixed } }
53

54
        it 'calls the finder with the :mixed mode' do
55
          @expected_opts = { mode: :mixed }
56
        end
57
      end
58
    end
59
  end
60

61
  describe '#webshot_enabled?' do
62
    before do
63
      stub_request(:get, /#{timthumb.url}\?src=.*&webshot=1/i)
64
        .to_return(body: File.read(fixtures.join(fixture)))
65
    end
66

67
    context 'when enabled' do
68
      let(:fixture) { '2.8.13_webshot_enabled.html' }
69

70
      its(:webshot_enabled?) { should eql true }
71
    end
72

73
    context 'when disabled' do
74
      let(:fixture) { '2.8.13_webshot_disabled.html' }
75

76
      its(:webshot_enabled?) { should eql false }
77
    end
78
  end
79

80
  describe '#vulnerabilities, #vulnerable?' do
81
    before { expect(WPScan::Finders::TimthumbVersion::Base).to receive(:find).and_return(version) }
82

83
    context 'when no version' do
84
      let(:version) { false }
85

86
      its(:vulnerabilities) { should eq([timthumb.rce_webshot_vuln, timthumb.rce_132_vuln]) }
87
      it { should be_vulnerable }
88
    end
89

90
    context 'when version' do
91
      let(:version) { WPScan::Model::Version.new(version_number) }
92

93
      context 'when version >= 2.8.14' do
94
        let(:version_number) { '2.8.14' }
95

96
        its(:vulnerabilities) { should eq([]) }
97
        it { should_not be_vulnerable }
98
      end
99

100
      context 'when version < 1.33' do
101
        let(:version_number) { '1.20' }
102

103
        its(:vulnerabilities) { should eq([timthumb.rce_132_vuln]) }
104
        it { should be_vulnerable }
105
      end
106

107
      context 'when version > 1.35 and < 2.8.13' do
108
        let(:version_number) { '2.8.10' }
109

110
        context 'when webshot enabled' do
111
          before { expect(timthumb).to receive(:webshot_enabled?).and_return(true) }
112

113
          its(:vulnerabilities) { should eq([timthumb.rce_webshot_vuln]) }
114
          it { should be_vulnerable }
115
        end
116

117
        context 'when webshot disabled' do
118
          before { expect(timthumb).to receive(:webshot_enabled?).and_return(false) }
119

120
          its(:vulnerabilities) { should eq([]) }
121
          it { should_not be_vulnerable }
122
        end
123
      end
124
    end
125
  end
126
end
127

128