Path: blob/master/spec/shared_examples/dynamic_finders/wp_items.rb
485 views
# frozen_string_literal: true12shared_examples WPScan::Finders::DynamicFinder::WpItems::Finder do3let(:passive_fixture) do4fixtures.join("#{described_class.to_s.demodulize.underscore}_passive_all.html")5end67describe '#passive_configs' do8# Not sure if it's worth to do it as it's just a call to something tested9# and an exception will be raised if the method called is wrong10end1112describe '#aggressive_configs' do13# Same as above14end1516describe '#passive' do17before do18stub_request(:get, target.url).to_return(body: homepage_body)19stub_request(:get, ERROR_404_URL_PATTERN).to_return(body: error_404_body)2021allow(target).to receive(:content_dir).and_return('wp-content')22end2324context 'when no matches' do25let(:homepage_body) { '' }26let(:error_404_body) { '' }2728it 'returns an empty array' do29expect(finder.passive).to eql([])30end31end3233context 'when matches' do34let(:expected_items) do35expected = []3637finder.passive_configs.each do |slug, configs|38configs.each_key do |finder_class|39expected_finding_opts = expected_all[slug][finder_class]4041expected << item_class.new(42slug,43target,44confidence: expected_finding_opts['confidence'] || described_class::DEFAULT_CONFIDENCE,45found_by: expected_finding_opts['found_by']46)47end48end4950expected51end5253context 'from the homepage' do54let(:homepage_body) { File.read(passive_fixture) }55let(:error_404_body) { '' }5657it 'contains the expected items' do58expect(finder.passive).to match_array(expected_items.map { |item| eql(item) })59end60end6162context 'from the 404' do63let(:homepage_body) { '' }64let(:error_404_body) { File.read(passive_fixture) }6566it 'contains the expected items' do67expect(finder.passive).to match_array(expected_items.map { |item| eql(item) })68end69end7071context 'from both the homepage and 404' do72let(:homepage_body) { File.read(passive_fixture) }73let(:error_404_body) { File.read(passive_fixture) }7475it 'does not contains the same finding twice (but from different page)' do76expect(finder.passive).to match_array(expected_items.map { |item| eql(item) })77end78end79end80end8182describe '#aggressive' do83its(:aggressive) { should be nil }84end8586xdescribe '#aggressive' do87# TODO: Maybe also stub all paths to an empty body and expect an empty array ?8889before do90@expected = []9192allow(target).to receive(:content_dir).and_return('wp-content')9394# Stubbing all requests to the different paths9596finder.aggressive_configs.each do |slug, configs|97configs.each do |finder_class, config|98finder_super_class = config['class'] || finder_class99100fixture = fixtures.join(slug, finder_class.underscore, config['path'])101stubbed_response = df_stubbed_response(fixture, finder_super_class)102path = finder.aggressive_path(slug, config)103104expected_finding_opts = expected_all[slug][finder_class]105106stub_request(:get, target.url(path)).to_return(stubbed_response)107108@expected << item_class.new(109slug,110target,111confidence: expected_finding_opts['confidence'] || described_class::DEFAULT_CONFIDENCE,112found_by: expected_finding_opts['found_by']113)114end115end116end117118it 'returns the expected items' do119expect(finder.aggressive).to match_array(@expected.map { |item| eql(item) })120end121end122end123124125