CoCalc -- timthumbs.rb

GitHub Repository: wpscanteam/wpscan
Path: blob/master/spec/shared_examples/views/enumeration/timthumbs.rb
⁴⁸⁵ views
1
# frozen_string_literal: true
2

3
shared_examples 'App::Views::Enumeration::Timthumbs' do
4
  let(:view)     { 'timthumbs' }
5
  let(:timthumb) { WPScan::Model::Timthumb }
6
  let(:version)  { WPScan::Model::Version.new('2.8.14', found_by: 'Bad Request') }
7

8
  describe 'timthumbs' do
9
    context 'when no timthumbs found' do
10
      let(:expected_view) { File.join(view, 'none_found') }
11

12
      it 'outputs the expected string' do
13
        @tpl_vars = tpl_vars.merge(timthumbs: [])
14
      end
15
    end
16

17
    context 'when timthumbs found' do
18
      let(:tt)        { timthumb.new("#{target_url}tt.php", found_by: 'Known Locations') }
19
      let(:tt2)       { timthumb.new("#{target_url}tt2.php", found_by: 'Known Locations') }
20
      let(:timthumbs) { [tt, tt2] }
21

22
      context 'when not vulnerable' do
23
        let(:expected_view) { File.join(view, 'no_vulns') }
24

25
        it 'outputs the expected string' do
26
          expect(timthumbs[0]).to receive(:version).at_least(1).and_return(version)
27
          expect(timthumbs[1]).to receive(:version).at_least(1).and_return(version)
28

29
          @tpl_vars = tpl_vars.merge(timthumbs: timthumbs)
30
        end
31
      end
32

33
      context 'when vulnerable' do
34
        let(:expected_view) { File.join(view, 'with_vulns') }
35

36
        it 'outputs the expected string' do
37
          expect(timthumbs[0]).to receive(:version).at_least(1).and_return(false)
38
          expect(timthumbs[1]).to receive(:version).at_least(1).and_return(version)
39

40
          @tpl_vars = tpl_vars.merge(timthumbs: timthumbs)
41
        end
42
      end
43
    end
44
  end
45
end
46

47
Product

Resources

Company
