cms_scanner 0.0.18 → 0.0.19

data/spec/lib/finders/same_type_finder_spec.rb

@@ -1,24 +0,0 @@
-require 'spec_helper'
-
-module CMSScanner
-  module Finders
-    # Dummy Class to test the module
-    class PluginsFinderSpec
-      include SameTypeFinder
-
-      def initialize(_target)
-      end
-    end
-  end
-end
-
-describe CMSScanner::Finders::PluginsFinderSpec do
-  it_behaves_like CMSScanner::Finders::IndependentFinder do
-    let(:expected_finders) { [] }
-    let(:expected_finders_class) { CMSScanner::Finders::SameTypeFinders }
-  end
-
-  subject(:plugins) { described_class.new(target) }
-  let(:target)      { CMSScanner::Target.new(url) }
-  let(:url)         { 'http://example.com/' }
-end

data/spec/lib/finders/same_type_finders_spec.rb

@@ -1,126 +0,0 @@
-require 'spec_helper'
-require 'dummy_independent_finders' # will use those for convenience
-
-describe CMSScanner::Finders::SameTypeFinders do
-  subject(:finders) { described_class.new }
-  let(:independent_finders) { CMSScanner::Finders::Independent }
-
-  describe '#run' do
-    let(:target)  { 'target' }
-    let(:finding) { CMSScanner::DummyFinding }
-    let(:opts)    { {} }
-
-    before do
-      finders <<
-        independent_finders::DummyFinder.new(target) <<
-        independent_finders::NoAggressiveResult.new(target)
-    end
-
-    after do
-      result = finders.run(opts)
-
-      expect(result).to be_a CMSScanner::Finders::Findings
-      expect(result).to eql @expected
-    end
-
-    # Used to be able to test the calls order and returned result at the same time
-    let(:dummy_passive)     { independent_finders::DummyFinder.new(target).passive(opts) }
-    let(:dummy_aggresssive) { independent_finders::DummyFinder.new(target).aggressive(opts) }
-    let(:noaggressive)      { independent_finders::NoAggressiveResult.new(target).passive(opts) }
-
-    context 'when :mixed mode' do
-      let(:opts) { super().merge(mode: :mixed) }
-
-      it 'calls all #passive then #aggressive on finders and returns the results' do
-        expect(finders[0]).to receive(:passive)
-          .with(hash_including(found: [])).ordered
-          .and_return(dummy_passive)
-
-        expect(finders[1]).to receive(:passive)
-          .with(hash_including(found: [dummy_passive.first])).ordered
-          .and_return(noaggressive)
-
-        expect(finders[0]).to receive(:aggressive)
-          .with(hash_including(found: [dummy_passive.first, noaggressive])).ordered
-          .and_return(dummy_aggresssive)
-
-        expect(finders[1]).to receive(:aggressive)
-          .with(hash_including(:found))
-          .ordered
-
-        @expected = []
-
-        @expected << finding.new('test', confidence: 100,
-                                         found_by: 'Dummy Finder (Passive Detection)')
-
-        @expected.first.confirmed_by << finding.new('test', confidence: 100, found_by: 'override')
-
-        @expected << finding.new('spotted', confidence: 10,
-                                            found_by: 'No Aggressive Result (Passive Detection)')
-      end
-    end
-
-    context 'when :passive mode' do
-      let(:opts) { super().merge(mode: :passive) }
-
-      before do
-        expect(finders[0]).to receive(:passive)
-          .with(hash_including(found: [])).ordered
-          .and_return(dummy_passive)
-
-        expect(finders[1]).to receive(:passive)
-          .with(hash_including(found: [dummy_passive.first])).ordered
-          .and_return(noaggressive)
-
-        finders.each { |f| expect(f).to_not receive(:aggressive) }
-      end
-
-      it 'calls #passive on all finders and returns the results' do
-        @expected = []
-        @expected << finding.new('test', found_by: 'Dummy Finder (Passive Detection)')
-        @expected << finding.new('spotted', confidence: 10,
-                                            found_by: 'No Aggressive Result (Passive Detection)')
-      end
-
-      context 'when :sort used' do
-        let(:opts) { super().merge(sort: true) }
-
-        it 'returns the sorted results' do
-          @expected = []
-          @expected << finding.new('spotted', confidence: 10,
-                                              found_by: 'No Aggressive Result (Passive Detection)')
-          @expected << finding.new('test', found_by: 'Dummy Finder (Passive Detection)')
-        end
-      end
-
-      # TODO: make this work
-      # context 'when :vulnerable used' do
-      # let(:opts) { super().merge(vulnerable: true) }
-
-      # it 'returns the vulnerable results' do
-      # expect(dummy_passive).to receive(:vulnerable?).and_return(true)
-      # expect(noaggressive).to receive(:vulnerable?)
-
-      # @expected = [finding.new('test', found_by: 'Dummy Finder (Passive Detection)')]
-      #  end
-      # end
-    end
-
-    context 'when :aggressive mode' do
-      let(:opts) { super().merge(mode: :aggressive) }
-
-      it 'calls #aggressive on all finders and returns the results' do
-        finders.each { |f| expect(f).to_not receive(:passive) }
-
-        expect(finders[0]).to receive(:aggressive)
-          .with(hash_including(found: [])).ordered
-          .and_return(dummy_aggresssive)
-
-        expect(finders[1]).to receive(:aggressive)
-          .with(hash_including(found: [dummy_aggresssive])).ordered
-
-        @expected = [finding.new('test', confidence: 100, found_by: 'override')]
-      end
-    end
-  end
-end

data/spec/lib/finders/unique_finder_spec.rb

@@ -1,24 +0,0 @@
-require 'spec_helper'
-
-module CMSScanner
-  module Finders
-    # Dummy Class to test the module
-    class VersionFinderSpec
-      include UniqueFinder
-
-      def initialize(_target)
-      end
-    end
-  end
-end
-
-describe CMSScanner::Finders::VersionFinderSpec do
-  it_behaves_like CMSScanner::Finders::IndependentFinder do
-    let(:expected_finders) { [] }
-    let(:expected_finders_class) { CMSScanner::Finders::UniqueFinders }
-  end
-
-  subject(:version) { described_class.new(target) }
-  let(:target)      { CMSScanner::Target.new(url) }
-  let(:url)         { 'http://example.com/' }
-end

data/spec/lib/finders/unique_finders_spec.rb

@@ -1,222 +0,0 @@
-require 'spec_helper'
-require 'dummy_unique_finders'
-
-describe CMSScanner::Finders::UniqueFinders do
-  subject(:finders)    { described_class.new }
-  let(:unique_finders) { CMSScanner::Finders::Unique }
-
-  describe '#best_finding' do
-    let(:findings) { [] }
-
-    after { expect(finders.best_finding(findings)).to eql @expected }
-
-    context 'when no findings' do
-      it 'returns nil' do
-        @expected = false
-      end
-    end
-
-    context 'when one finding' do
-      let(:findings) { [CMSScanner::DummyFinding.new('one', confidence: 40)] }
-
-      it 'returns it' do
-        @expected = findings[0]
-      end
-    end
-
-    context 'when multiple findings' do
-      let(:findings) do
-        (1..5).reduce([]) { |a, e| a << CMSScanner::DummyFinding.new(e, confidence: 20) }
-      end
-
-      context 'when they have the same confidence' do
-        it 'returns nil' do
-          @expected = false
-        end
-      end
-
-      context 'when there is a best confidence' do
-        (0..4).each do |position|
-          context "when at [#{position}]" do
-            it 'returns it' do
-              findings[position].confidence = 100
-
-              @expected = findings[position]
-            end
-          end
-        end
-      end
-    end
-  end
-
-  describe '#run' do
-    let(:target)  { 'target' }
-    let(:finding) { CMSScanner::DummyFinding }
-    let(:opts)    { {} }
-
-    before do
-      finders <<
-        unique_finders::Dummy.new(target) <<
-        unique_finders::NoAggressive.new(target) <<
-        unique_finders::Dummy2.new(target)
-    end
-
-    after do
-      result = finders.run(opts)
-
-      expect(result).to be_a finding if @expected
-      expect(result).to eql @expected
-    end
-
-    # Used to be able to test the calls order and returned result at the same time
-    let(:dummy_passive)     { unique_finders::Dummy.new(target).passive(opts) }
-    let(:dummy_aggresssive) { unique_finders::Dummy.new(target).aggressive(opts) }
-    let(:noaggressive)      { unique_finders::NoAggressive.new(target).passive(opts) }
-    let(:dummy2_aggressive) { unique_finders::Dummy2.new(target).aggressive }
-
-    context 'when :confidence_threshold <= 0' do
-      let(:opts) { super().merge(confidence_threshold: 0) }
-
-      context 'when :mixed mode' do
-        let(:opts) { super().merge(mode: :mixed) }
-
-        it 'calls all #passive then #aggressive on finders and returns the best result' do
-          # Maybe there is a way to factorise this
-          expect(finders[0]).to receive(:passive)
-            .with(hash_including(found: [])).ordered
-            .and_return(dummy_passive)
-
-          expect(finders[1]).to receive(:passive)
-            .with(hash_including(found: [dummy_passive.first])).ordered
-            .and_return(noaggressive)
-
-          expect(finders[2]).to receive(:passive)
-            .with(hash_including(found: [dummy_passive.first, noaggressive])).ordered
-
-          expect(finders[0]).to receive(:aggressive).with(hash_including(:found)).ordered
-            .and_return(dummy_aggresssive)
-
-          expect(finders[1]).to receive(:aggressive).with(hash_including(:found)).ordered
-          expect(finders[2]).to receive(:aggressive).with(hash_including(:found)).ordered
-            .and_return(dummy2_aggressive)
-
-          @expected = finding.new('v1', confidence: 100, found_by: 'Dummy (Passive Detection)')
-          @expected.confirmed_by << finding.new('v1', confidence: 100, found_by: 'override')
-          @expected.confirmed_by << finding.new('v1', confidence: 90)
-        end
-      end
-
-      context 'when :passive mode' do
-        let(:opts) { super().merge(mode: :passive) }
-
-        it 'calls #passive on all finders and returns the best result' do
-          expect(finders[0]).to receive(:passive)
-            .with(hash_including(found: [])).ordered
-            .and_return(dummy_passive)
-
-          expect(finders[1]).to receive(:passive)
-            .with(hash_including(found: [dummy_passive.first])).ordered
-            .and_return(noaggressive)
-
-          expect(finders[2]).to receive(:passive)
-            .with(hash_including(found: [dummy_passive.first, noaggressive])).ordered
-
-          finders.each { |f| expect(f).to_not receive(:aggressive) }
-
-          @expected = finding.new('v2', confidence: 10,
-                                        found_by: 'No Aggressive (Passive Detection)')
-        end
-      end
-
-      context 'when :aggressive mode' do
-        let(:opts) { super().merge(mode: :aggressive) }
-
-        it 'calls #aggressive on all finders and returns the best result' do
-          finders.each { |f| expect(f).to_not receive(:passive) }
-
-          expect(finders[0]).to receive(:aggressive)
-            .with(hash_including(found: [])).ordered
-            .and_return(dummy_aggresssive)
-
-          expect(finders[1]).to receive(:aggressive)
-            .with(hash_including(found: [dummy_aggresssive])).ordered
-
-          expect(finders[2]).to receive(:aggressive)
-            .with(hash_including(:found)).ordered
-            .and_return(dummy2_aggressive)
-
-          @expected = finding.new('v1', confidence: 100, found_by: 'override')
-          @expected.confirmed_by << finding.new('v1', confidence: 90)
-        end
-      end
-    end
-
-    context 'when :confidence_threshold = 100 (default)' do
-      context 'when :mixed mode' do
-        let(:opts) { super().merge(mode: :mixed) }
-
-        it 'calls all #passive then #aggressive methods on finders and returns the '\
-           'result which reaches 100% confidence during the process' do
-          expect(finders[0]).to receive(:passive)
-            .with(hash_including(found: [])).ordered
-            .and_return(dummy_passive)
-
-          expect(finders[1]).to receive(:passive)
-            .with(hash_including(found: [dummy_passive.first])).ordered
-            .and_return(noaggressive)
-
-          expect(finders[2]).to receive(:passive)
-            .with(hash_including(found: [dummy_passive.first, noaggressive])).ordered
-
-          expect(finders[0]).to receive(:aggressive).with(hash_including(:found)).ordered
-            .and_return(dummy_aggresssive)
-
-          expect(finders[1]).to_not receive(:aggressive)
-          expect(finders[2]).to_not receive(:aggressive)
-
-          @expected = finding.new('v1', confidence: 100, found_by: 'Dummy (Passive Detection)')
-          @expected.confirmed_by << finding.new('v1', confidence: 100, found_by: 'override')
-        end
-      end
-
-      context 'when :passive mode' do
-        let(:opts) { super().merge(mode: :passive) }
-
-        it 'calls all #passive and returns the best result' do
-          expect(finders[0]).to receive(:passive)
-            .with(hash_including(found: [])).ordered
-            .and_return(dummy_passive)
-
-          expect(finders[1]).to receive(:passive)
-            .with(hash_including(found: [dummy_passive.first])).ordered
-            .and_return(noaggressive)
-
-          expect(finders[2]).to receive(:passive)
-            .with(hash_including(found: [dummy_passive.first, noaggressive])).ordered
-
-          finders.each { |f| expect(f).to_not receive(:aggressive) }
-
-          @expected = finding.new('v2', confidence: 10,
-                                        found_by: 'No Aggressive (Passive Detection)')
-        end
-      end
-
-      context 'when :aggressive mode' do
-        let(:opts) { super().merge(mode: :aggressive) }
-
-        it 'calls all #aggressive and returns the result which reaches 100% confidence' do
-          finders.each { |f| expect(f).to_not receive(:passive) }
-
-          expect(finders[0]).to receive(:aggressive)
-            .with(hash_including(found: [])).ordered
-            .and_return(dummy_aggresssive)
-
-          expect(finders[1]).to_not receive(:aggressive)
-          expect(finders[2]).to_not receive(:aggressive)
-
-          @expected = finding.new('v1', confidence: 100, found_by: 'override')
-        end
-      end
-    end
-  end
-end

data/spec/lib/formatter_spec.rb

@@ -1,145 +0,0 @@
-require 'spec_helper'
-
-# Test Module to check the correct inclusion of
-# the class methods
-module OtherFormatter
-  include CMSScanner::Formatter
-end
-
-[CMSScanner::Formatter, OtherFormatter].each do |f|
-  describe "#{f}" do
-    subject(:formatter) { f }
-    it_behaves_like CMSScanner::Formatter::ClassMethods
-  end
-end
-
-module CMSScanner
-  module Formatter
-    module Spec
-      # Base Format Test Class
-      class BasedFormat < Base
-        def base_format
-          'base'
-        end
-      end
-    end
-  end
-end
-
-describe CMSScanner::Formatter::Base do
-  subject(:formatter) { described_class.new }
-
-  describe '#format' do
-    its(:format) { should eq 'base' }
-  end
-
-  describe '#user_interaction?' do
-    context 'when not a cli format' do
-      its(:user_interaction?) { should be false }
-    end
-
-    context 'when a cli format' do
-      before { expect(formatter).to receive(:format).and_return('cli') }
-
-      its(:user_interaction?) { should be true }
-    end
-  end
-
-  describe '#render, output' do
-    before { formatter.views_directories << FIXTURES_VIEWS }
-
-    it 'renders the global template and does not override the @views_directories' do
-      expect($stdout).to receive(:puts)
-        .with("It Works!\nViews Dirs: #{formatter.views_directories}")
-
-      formatter.output('@test', test: 'Works!', views_directories: 'owned')
-    end
-
-    context 'when global and local rendering are used inside a template' do
-      it 'renders them correcly' do
-        rendered = formatter.render('test', { var: 'Works' }, 'ctrl')
-
-        expect(rendered).to eq "Test: Works\nLocal View\nGlobal View"
-      end
-    end
-
-    it 'raises an error if the controller_name is nil and tpl is not a global one' do
-      expect { formatter.output('test') }.to raise_error('The controller_name can not be nil')
-    end
-  end
-
-  describe '#view_path' do
-    before do
-      formatter.views_directories << FIXTURES_VIEWS
-      formatter.render('local', {}, 'ctrl') # Used to set the @controller_name
-    end
-
-    context 'when the tpl format is invalid' do
-      let(:tpl) { '../try-this' }
-
-      it 'raises an error' do
-        expect { formatter.view_path(tpl) }.to raise_error("Wrong tpl format: 'ctrl/#{tpl}'")
-      end
-    end
-
-    context 'when the tpl is not found' do
-      let(:tpl) { 'not_there' }
-
-      it 'raises an error' do
-        expect { formatter.view_path(tpl) }.to raise_error("View not found for base/ctrl/#{tpl}")
-      end
-    end
-
-    context 'when the tpl is found' do
-      after { expect(formatter.view_path(@tpl)).to eq @expected }
-
-      context 'if it\'s a global tpl' do
-        it 'returns its path' do
-          @expected = File.join(FIXTURES_VIEWS, 'base', 'test.erb')
-          @tpl      = '@test'
-        end
-      end
-
-      context 'if it\s a local tpl' do
-        it 'retuns its path' do
-          @expected = File.join(FIXTURES_VIEWS, 'base', 'ctrl', 'local.erb')
-          @tpl      = 'local'
-        end
-      end
-    end
-
-    context 'when base_format' do
-      subject(:formatter) { CMSScanner::Formatter::Spec::BasedFormat.new }
-
-      after { expect(formatter.view_path(@tpl)).to eq @expected }
-
-      context 'when the ovverided view exists' do
-        it 'returns it' do
-          @expected = File.join(FIXTURES_VIEWS, 'based_format', 'test.erb')
-          @tpl      = '@test'
-        end
-      end
-
-      it 'returns the base views otherwise' do
-        @expected = File.join(FIXTURES_VIEWS, 'base', 'ctrl', 'local.erb')
-        @tpl      = 'local'
-      end
-    end
-  end
-
-  describe '#views_directories' do
-    let(:default_directories) { [APP_VIEWS] }
-
-    context 'when default directories' do
-      its(:views_directories) { should eq(default_directories) }
-    end
-
-    context 'when adding directories' do
-      it 'adds them' do
-        formatter.views_directories << 'testing'
-
-        expect(formatter.views_directories).to eq(default_directories << 'testing')
-      end
-    end
-  end
-end