Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
wpscanteam
GitHub Repository: wpscanteam/wpscan
 Path: blob/master/spec/lib/finders/dynamic_finder/plugin_version_spec.rb
1466 views
1
# frozen_string_literal: true

2


3
# All Plugin Dynamic Finders returning a Version are tested here.

4
# When adding one to the spec/fixtures/db/dynamic_finder.yml, a few files have

5
# to be edited/created

6
#

7
# - spec/fixtures/dynamic_finder/expected.yml with the expected result/s

8
# - Then, depending on the finder class used: spec/fixtures/dynamic_finder/plugin_version/

9
#

10
# Furthermore, the fixtures files _passive_all.html are also used by plugins/themes

11
# finders in spec/app/finders/plugins|themes to check the items existence from the homepage

12
#

13
# In case of a failure, it's recommended to use rspec -e "<Full Description>" while fixing.

14
# e.g: rspec -e "WPScan::Finders::PluginVersion::Cardealerpress::HeaderPattern#passive"

15
# The -e option can also be used to test all HeaderPattern, for example: rspec -e "::HeaderPattern"

16


17
expected_all = df_expected_all['plugins']

18


19
WPScan::DB::DynamicFinders::Plugin.versions_finders_configs.each do |slug, configs|

20
  WPScan::DB::DynamicFinders::Plugin.create_versions_finders(slug)

21


22
  configs.each do |finder_class, config|

23
    finder_super_class = config['class'] || finder_class

24


25
    # The QueryParameter specs are slow given the huge fixture file

26
    # If someone find a fix for that, please share!

27
    describe df_tested_class_constant('PluginVersion', finder_class, slug), slow: true do

28
      subject(:finder) { described_class.new(plugin) }

29
      let(:plugin)     { WPScan::Model::Plugin.new(slug, target) }

30
      let(:target)     { WPScan::Target.new('http://wp.lab/') }

31
      let(:fixtures)   { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }

32


33
      let(:expected) do

34
        if expected_all[slug][finder_class].is_a?(Hash)

35
          [expected_all[slug][finder_class]]

36
        else

37
          expected_all[slug][finder_class]

38
        end

39
      end

40


41
      before { allow(target).to receive(:content_dir).and_return('wp-content') }

42


43
      describe '#passive', slow: true do

44
        before do

45
          if defined?(stubbed_homepage_res)

46
            stub_request(:get, target.url).to_return(stubbed_homepage_res)

47
          else

48
            stub_request(:get, target.url)

49
          end

50


51
          if defined?(stubbed_404_res)

52
            stub_request(:get, ERROR_404_URL_PATTERN).to_return(stubbed_404_res)

53
          else

54
            stub_request(:get, ERROR_404_URL_PATTERN)

55
          end

56
        end

57


58
        if config['path']

59
          context 'when PATH' do

60
            it 'returns nil' do

61
              expect(finder.passive).to eql nil

62
            end

63
          end

64
        else

65
          context 'when no PATH' do

66
            context 'when the version is detected' do

67
              context 'from the homepage' do

68
                let(:ie_url) { target.url }

69
                let(:stubbed_homepage_res) do

70
                  df_stubbed_response(

71
                    fixtures.join("#{finder_super_class.underscore}_passive_all.html"),

72
                    finder_super_class

73
                  )

74
                end

75


76
                it 'returns the expected version/s' do

77
                  found = Array(finder.passive)

78


79
                  expect(found).to_not be_empty

80


81
                  found.each_with_index do |version, index|

82
                    expected_version = expected.at(index)

83
                    expected_ie = expected_version['interesting_entries'].map do |ie|

84
                      ie.gsub("#{target.url},", "#{ie_url},")

85
                    end

86


87
                    expect(version).to be_a WPScan::Model::Version

88
                    expect(version.number).to eql expected_version['number'].to_s

89
                    expect(version.found_by).to eql expected_version['found_by']

90
                    expect(version.interesting_entries).to match_array expected_ie

91


92
                    expect(version.confidence).to eql expected_version['confidence'] if expected_version['confidence']

93
                  end

94
                end

95
              end

96


97
              context 'from the 404' do

98
                let(:ie_url) { target.error_404_url }

99
                let(:stubbed_404_res) do

100
                  df_stubbed_response(

101
                    fixtures.join("#{finder_super_class.underscore}_passive_all.html"),

102
                    finder_super_class

103
                  )

104
                end

105


106
                it 'returns the expected version/s' do

107
                  found = Array(finder.passive)

108


109
                  expect(found).to_not be_empty

110


111
                  found.each_with_index do |version, index|

112
                    expected_version = expected.at(index)

113
                    expected_ie = expected_version['interesting_entries'].map do |ie|

114
                      ie.gsub("#{target.url},", "#{ie_url},")

115
                    end

116


117
                    expect(version).to be_a WPScan::Model::Version

118
                    expect(version.number).to eql expected_version['number'].to_s

119
                    expect(version.found_by).to eql expected_version['found_by']

120
                    expect(version.interesting_entries).to match_array expected_ie

121


122
                    expect(version.confidence).to eql expected_version['confidence'] if expected_version['confidence']

123
                  end

124
                end

125
              end

126
            end

127


128
            context 'when the version is not detected' do

129
              it 'returns nil or an empty array' do

130
                expect(finder.passive).to eql finder_super_class == 'QueryParameter' ? [] : nil

131
              end

132
            end

133
          end

134
        end

135
      end

136


137
      describe '#aggressive' do

138
        let(:fixtures)         { super().join(slug, finder_class.underscore) }

139
        let(:stubbed_response) { { body: 'aa' } }

140


141
        before do

142
          stub_request(:get, plugin.url(config['path'])).to_return(stubbed_response) if config['path']

143
        end

144


145
        if config['path']

146
          context 'when the version is detected' do

147
            let(:stubbed_response) do

148
              df_stubbed_response(fixtures.join(config['path']), finder_super_class)

149
            end

150


151
            it 'returns the expected version' do

152
              found = Array(finder.aggressive)

153


154
              expect(found).to_not be_empty

155


156
              found.each_with_index do |version, index|

157
                expected_version = expected.at(index)

158


159
                expect(version).to be_a WPScan::Model::Version

160
                expect(version.number).to eql expected_version['number'].to_s

161
                expect(version.found_by).to eql expected_version['found_by']

162
                expect(version.interesting_entries).to match_array expected_version['interesting_entries']

163


164
                expect(version.confidence).to eql expected_version['confidence'] if expected_version['confidence']

165
              end

166
            end

167
          end

168


169
          context 'when the version is not detected' do

170
            it 'returns nil or an empty array' do

171
              expect(finder.aggressive).to eql finder_super_class == 'QueryParameter' ? [] : nil

172
            end

173
          end

174
        else

175
          it 'returns nil' do

176
            expect(finder.aggressive).to eql nil

177
          end

178
        end

179
      end

180
    end

181
  end

182
end

183


184