1
# frozen_string_literal: true
2

3
describe WPScan::Target do
4
  subject(:target) { described_class.new(url, opts) }
5
  let(:url)        { 'http://ex.lo' }
6
  let(:opts)       { {} }
7

8
  it_behaves_like WPScan::Target::Platform::WordPress
9

10
  describe 'xmlrpc' do
11
    before do
12
      allow(target).to receive(:sub_dir)
13

14
      expect(target).to receive(:interesting_findings).and_return(interesting_findings)
15
    end
16

17
    context 'when no interesting_findings' do
18
      let(:interesting_findings) { [] }
19

20
      its(:xmlrpc) { should be_nil }
21
    end
22

23
    context 'when interesting_findings' do
24
      let(:interesting_findings) { ['aa', CMSScanner::Model::RobotsTxt.new(target.url)] }
25

26
      context 'when no XMLRPC' do
27
        its(:xmlrpc) { should be_nil }
28
      end
29

30
      context 'when XMLRPC' do
31
        let(:xmlrpc) { WPScan::Model::XMLRPC.new(target.url('xmlrpc.php')) }
32
        let(:interesting_findings) { super() << xmlrpc }
33

34
        its(:xmlrpc) { should eq xmlrpc }
35
      end
36
    end
37
  end
38

39
  %i[wp_version main_theme plugins themes timthumbs config_backups db_exports medias users].each do |method|
40
    describe "##{method}" do
41
      let(:methods) { %i[wp_version main_theme] }
42

43
      before do
44
        return_value = methods.include?(method) ? false : []
45

46
        expect(WPScan::Finders.const_get("#{method.to_s.camelize}::Base"))
47
          .to receive(:find).with(target, opts).and_return(return_value)
48
      end
49

50
      after { target.send(method, opts) }
51

52
      let(:opts) { {} }
53

54
      context 'when no options' do
55
        it 'calls the finder with the correct arguments' do
56
          # handled by before hook
57
        end
58
      end
59

60
      context 'when options' do
61
        let(:opts) { { mode: :passive, somthing: 'k' } }
62

63
        it 'calls the finder with the corect arguments' do
64
          # handled by before hook
65
        end
66
      end
67

68
      context 'when called multiple times' do
69
        it 'calls the finder only once' do
70
          target.send(method, opts)
71
        end
72
      end
73
    end
74
  end
75

76
  describe '#vulnerable?' do
77
    context 'when all attributes are nil' do
78
      it { should_not be_vulnerable }
79
    end
80

81
    context 'when wp_version is not found' do
82
      before { target.instance_variable_set(:@wp_version, false) }
83

84
      it { should_not be_vulnerable }
85
    end
86

87
    context 'when wp_version found' do
88
      before do
89
        expect(wp_version)
90
          .to receive(:db_data)
91
          .and_return(vuln_api_data_for("wordpresses/#{wp_version.number.tr('.', '')}"))
92

93
        target.instance_variable_set(:@wp_version, wp_version)
94
      end
95

96
      context 'when not vulnerable' do
97
        let(:wp_version) { WPScan::Model::WpVersion.new('4.0') }
98

99
        it { should_not be_vulnerable }
100
      end
101

102
      context 'when vulnerable' do
103
        let(:wp_version) { WPScan::Model::WpVersion.new('3.8.1') }
104

105
        it { should be_vulnerable }
106
      end
107
    end
108

109
    context 'when config_backups' do
110
      before do
111
        target.instance_variable_set(:@config_backups, [WPScan::Model::ConfigBackup.new(target.url('/a-file-url'))])
112
      end
113

114
      it { should be_vulnerable }
115
    end
116

117
    context 'when db_exports' do
118
      before do
119
        target.instance_variable_set(:@db_exports, [WPScan::Model::DbExport.new(target.url('/wordpress.sql'))])
120
      end
121

122
      it { should be_vulnerable }
123
    end
124

125
    context 'when users' do
126
      before do
127
        target.instance_variable_set(:@users,
128
                                     [WPScan::Model::User.new('u1'),
129
                                      WPScan::Model::User.new('u2')])
130
      end
131

132
      context 'when no passwords' do
133
        it { should_not be_vulnerable }
134
      end
135

136
      context 'when at least one password has been found' do
137
        before { target.users[1].password = 'owned' }
138

139
        it { should be_vulnerable }
140
      end
141
    end
142
  end
143
end
144

145