CoCalc -- wp_version

GitHub Repository: wpscanteam/wpscan
Path: blob/master/spec/app/models/wp_version_spec.rb
⁴⁸⁶ views
1
# frozen_string_literal: true
2

3
describe WPScan::Model::WpVersion do
4
  describe '#new' do
5
    context 'when invalid number' do
6
      it 'raises an error' do
7
        expect { described_class.new('aa') }.to raise_error WPScan::Error::InvalidWordPressVersion
8
      end
9
    end
10

11
    context 'when valid number' do
12
      it 'create the instance' do
13
        version = described_class.new(4.0)
14

15
        expect(version).to be_a described_class
16
        expect(version.number).to eql '4.0'
17
      end
18
    end
19
  end
20

21
  describe '.all' do
22
    it 'returns the correct values' do
23
      expect(described_class.all).to eql %w[4.4 4.0 3.9.1 3.8.2 3.8.1 3.8]
24
    end
25
  end
26

27
  describe '.valid?' do
28
    after { expect(described_class.valid?(@number)).to eq @expected }
29

30
    it 'returns false' do
31
      @number   = 'aaa'
32
      @expected = false
33
    end
34

35
    it 'returns true' do
36
      @number   = '4.0'
37
      @expected = true
38
    end
39
  end
40

41
  describe '#vulnerabilities' do
42
    subject(:version) { described_class.new(number) }
43
    before { allow(version).to receive(:db_data).and_return(db_data) }
44

45
    context 'when no vulns' do
46
      let(:number) { '4.4' }
47
      let(:db_data) { { 'vulnerabilities' => [] } }
48

49
      its(:vulnerabilities) { should be_empty }
50
    end
51

52
    context 'when vulnerable' do
53
      after do
54
        expect(version.vulnerabilities).to eq @expected
55
        expect(version).to be_vulnerable
56
      end
57

58
      context 'when a signle vuln' do
59
        let(:number) { '3.8' }
60
        let(:db_data) { vuln_api_data_for('wordpresses/38') }
61

62
        it 'returns the expected result' do
63
          @expected = [WPScan::Vulnerability.new(
64
            'WP 3.8 - Vuln 1',
65
            references: { url: %w[url-4], wpvulndb: '3' },
66
            type: 'AUTHBYPASS'
67
          )]
68
        end
69
      end
70

71
      context 'when multiple vulns' do
72
        let(:number) { '3.8.1' }
73
        let(:db_data) { vuln_api_data_for('wordpresses/381') }
74

75
        it 'returns the expected results' do
76
          @expected = [
77
            WPScan::Vulnerability.new(
78
              'WP 3.8.1 - Vuln 1',
79
              references: { wpvulndb: '1' },
80
              type: 'SQLI',
81
              cvss: { score: '5.4', vector: 'VECTOR' }
82
            ),
83
            WPScan::Vulnerability.new(
84
              'WP 3.8.1 - Vuln 2',
85
              references: { url: %w[url-2 url-3], cve: %w[2014-0166], wpvulndb: '2' },
86
              fixed_in: '3.8.2'
87
            )
88
          ]
89
        end
90
      end
91
    end
92
  end
93

94
  describe '#metadata, #release_date, #status' do
95
    subject(:version) { described_class.new('3.8.1') }
96

97
    before { allow(version).to receive(:db_data).and_return(db_data) }
98

99
    context 'when no db_data' do
100
      let(:db_data) { {} }
101

102
      its(:release_date) { should eql '2014-01-23' }
103
      its(:status) { should eql 'outdated' }
104

105
      context 'when the version is not in the metadata' do
106
        subject(:version) { described_class.new('3.8.2') }
107

108
        its(:release_date) { should eql 'Unknown' }
109
        its(:status) { should eql 'Unknown' }
110
      end
111
    end
112

113
    context 'when db_data' do
114
      let(:db_data) { vuln_api_data_for('wordpresses/381') }
115

116
      its(:release_date) { should eql '2014-01-23-via-api' }
117
      its(:status) { should eql 'outdated-via-api' }
118
    end
119
  end
120
end
121

122
Product

Resources

Company
