cms_scanner 0.0.2

data/spec/app/finders/interesting_files/search_replace_db_2_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe CMSScanner::Finders::InterestingFile::SearchReplaceDB2 do
+
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { CMSScanner::Target.new(url) }
+  let(:url)        { 'http://example.com/' }
+  let(:file)       { url + 'searchreplacedb2.php' }
+  let(:fixtures)   { File.join(FIXTURES, 'interesting_files', 'search_replace_db_2') }
+
+  describe '#url' do
+    its(:url) { should eq file }
+  end
+
+  describe '#aggressive' do
+    after do
+      stub_request(:get, file).to_return(status: status, body: body)
+
+      expect(finder.aggressive).to eql @expected
+    end
+
+    let(:body) { '' }
+
+    context 'when 404' do
+      let(:status) { 404 }
+
+      it 'returns nil' do
+        @expected = nil
+      end
+    end
+
+    context 'when 200' do
+      let(:status) { 200 }
+
+      context 'when the body is empty' do
+        it 'returns nil' do
+          @expected = nil
+        end
+      end
+
+      context 'when the body matches' do
+        let(:body) { File.new(File.join(fixtures, 'searchreplacedb2.php')).read }
+
+        it 'returns the InterestingFile result' do
+          @expected = CMSScanner::InterestingFile.new(
+            file,
+            confidence: 100,
+            found_by: 'SearchReplaceDB2 (aggressive detection)'
+          )
+        end
+      end
+    end
+  end
+
+end

data/spec/app/finders/interesting_files/xml_rpc_spec.rb

@@ -0,0 +1,138 @@
+require 'spec_helper'
+
+describe CMSScanner::Finders::InterestingFile::XMLRPC do
+
+  subject(:finder)  { described_class.new(target) }
+  let(:target)      { CMSScanner::Target.new(url) }
+  let(:url)         { 'http://ex.lo/' }
+  let(:xml_rpc_url) { url + 'xmlrpc.php' }
+  let(:fixtures)    { File.join(FIXTURES, 'interesting_files', 'xml_rpc') }
+
+  describe '#potential_urls' do
+    its(:potential_urls) { should be_empty }
+  end
+
+  describe '#passive' do
+    before do
+      expect(finder).to receive(:passive_headers).and_return(headers_stub)
+      expect(finder).to receive(:passive_body).and_return(body_stub)
+    end
+
+    context 'when both passives return nil' do
+      let(:headers_stub) { nil }
+      let(:body_stub)    { nil }
+
+      its(:passive) { should be_empty }
+    end
+
+    context 'when one passive is not nil' do
+      let(:headers_stub) { nil }
+      let(:body_stub)    { 'test' }
+
+      its(:passive) { should eq %w(test) }
+    end
+  end
+
+  describe '#passive_headers' do
+    before { stub_request(:get, url).to_return(headers: headers) }
+
+    let(:headers) { {} }
+
+    context 'when no headers' do
+      its(:passive_headers) { should be_nil }
+    end
+
+    context 'when headers' do
+      context 'when URL is out of scope' do
+        let(:headers) { { 'X-Pingback' => 'http://ex.org/yolo' } }
+
+        its(:passive_headers) { should be_nil }
+      end
+
+      context 'when URL is in scope' do
+        let(:headers) { { 'X-Pingback' => xml_rpc_url } }
+
+        it 'adds the url to #potential_urls and returns the XMLRPC' do
+          result = finder.passive_headers
+
+          expect(finder.potential_urls).to eq [xml_rpc_url]
+
+          expect(result).to be_a CMSScanner::XMLRPC
+          expect(result).to eql CMSScanner::XMLRPC.new(
+            xml_rpc_url,
+            confidence: 30,
+            found_by: 'Headers (passive detection)'
+          )
+        end
+      end
+    end
+  end
+
+  describe '#passive_body' do
+    before { stub_request(:get, url).to_return(body: body) }
+
+    context 'when no link rel="pingback" tag' do
+      let(:body) { '' }
+
+      its(:passive_body) { should be_nil }
+    end
+
+    context 'when the tag is present' do
+      context 'when the URL is out of scope' do
+        let(:body) { File.new(File.join(fixtures, 'homepage_out_of_scope_pingback.html')).read }
+
+        its(:passive_body) { should be_nil }
+      end
+
+      context 'when URL is in scope' do
+        let(:body)         { File.new(File.join(fixtures, 'homepage_in_scope_pingback.html')).read }
+        let(:expected_url) { 'http://ex.lo/wp/xmlrpc.php' }
+
+        it 'adds the URL to the #potential_urls and returns the XMLRPC' do
+          result = finder.passive_body
+
+          expect(finder.potential_urls).to eq [expected_url]
+
+          expect(result).to be_a CMSScanner::XMLRPC
+          expect(result).to eql CMSScanner::XMLRPC.new(
+            expected_url,
+            confidence: 30,
+            found_by: 'Link Tag (passive detection)'
+          )
+        end
+      end
+    end
+  end
+
+  describe '#aggressive' do
+    # Adds an out of scope URL which should be ignored
+    before { finder.potential_urls << 'htpp://ex.org' }
+
+    after do
+      stub_request(:get, xml_rpc_url).to_return(body: body)
+
+      expect(finder.aggressive).to eql @expected
+    end
+
+    context 'when the body does not match' do
+      let(:body) { '' }
+
+      it 'returns nil' do
+        @expected = nil
+      end
+    end
+
+    context 'when the body matches' do
+      let(:body) { File.new(File.join(fixtures, 'xmlrpc.php')).read }
+
+      it 'returns the InterestingFile result' do
+        @expected = CMSScanner::XMLRPC.new(
+          xml_rpc_url,
+          confidence: 100,
+          found_by: described_class::DIRECT_FILE_ACCESS
+        )
+      end
+    end
+  end
+
+end

data/spec/app/finders/interesting_files_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+describe CMSScanner::Finders::InterestingFiles do
+
+  it_behaves_like CMSScanner::Finders::IndependentFinder do
+    let(:expected_finders) { %w(Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC) }
+  end
+
+  subject(:files) { described_class.new(target) }
+  let(:target)    { CMSScanner::Target.new(url) }
+  let(:url)       { 'http://example.com/' }
+
+end

data/spec/app/formatters/cli_no_colour_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe CMSScanner::Formatter::CliNoColour do
+
+  subject(:formatter) { described_class.new }
+
+  describe '#format' do
+    its(:format) { should eq 'cli' }
+  end
+
+  describe '#colorize' do
+    it 'returns the text w/o any colour' do
+      expect(formatter.red('Text')).to eq 'Text'
+    end
+  end
+
+end

data/spec/app/formatters/cli_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+describe CMSScanner::Formatter::Cli do
+
+  subject(:formatter) { described_class.new }
+
+  describe '#format' do
+    its(:format) { should eq 'cli' }
+  end
+
+  describe '#green, #red, #colorize' do
+    it 'returns the correct red string' do
+      expect(formatter.red('Text')).to eq "\e[31mText\e[0m"
+    end
+
+    it 'returns the correct green string' do
+      expect(formatter.green('Another Text')).to eq "\e[32mAnother Text\e[0m"
+    end
+  end
+
+end

data/spec/app/formatters/json_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe CMSScanner::Formatter::Json do
+
+  it_behaves_like CMSScanner::Formatter::Buffer
+
+  subject(:formatter) { described_class.new }
+  let(:output_file)   { File.join(FIXTURES, 'output.txt') }
+
+  before { formatter.views_directories << FIXTURES_VIEWS }
+
+  describe '#format' do
+    its(:format) { should eq 'json' }
+  end
+
+  describe '#output' do
+    it 'puts the rendered text in the buffer' do
+      2.times { formatter.output('@render_me', test: 'Working') }
+
+      expect(formatter.buffer).to eq "\"test\": \"Working\",\n" * 2
+    end
+  end
+
+  describe '#beautify' do
+    it 'writes the buffer in the file' do
+      2.times { formatter.output('@render_me', test: 'yolo') }
+
+      expect($stdout).to receive(:puts).with(JSON.pretty_generate(JSON.parse('{"test": "yolo"}')))
+      formatter.beautify
+    end
+  end
+
+end

data/spec/app/models/fantastico_fileslist_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe CMSScanner::FantasticoFileslist do
+
+  subject(:file) { described_class.new(url) }
+  let(:url)      { 'http://example.com/robots.txt' }
+  let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'fantastico_fileslist') }
+
+  describe '#interesting_entries' do
+    let(:headers) { { 'Content-Type' => 'text/plain; charset=utf-8' } }
+
+    after do
+      body = File.new(File.join(fixtures, fixture)).read
+
+      stub_request(:get, file.url).to_return(headers: headers, body: body)
+
+      expect(file.interesting_entries).to eq @expected
+    end
+
+    context 'when empty or / entries' do
+      let(:fixture) { 'fantastico_fileslist.txt' }
+
+      it 'ignores them and only returns the others' do
+        @expected = %w(data.sql admin.txt)
+      end
+    end
+  end
+
+  describe '#references' do
+    its(:references) { should_not be_nil }
+  end
+end

data/spec/app/models/headers_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+describe CMSScanner::Headers do
+
+  subject(:file) { described_class.new(url) }
+  let(:url)      { 'http://example.com/' }
+  let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'headers') }
+  let(:fixture)  { File.join(fixtures, 'interesting.txt') }
+  let(:headers)  { {} }
+
+  before { stub_request(:get, file.url).to_return(headers: headers) }
+
+  describe '#known_headers' do
+    it 'does not contains dupliactes' do
+      expect(file.known_headers).to eql file.known_headers.uniq
+    end
+  end
+
+  describe '#entries' do
+    after { expect(file.entries).to eq @expected if @expected }
+
+    context 'when no headers' do
+      its(:entries) { should eq({}) }
+    end
+
+    context 'when headers' do
+      let(:headers) { parse_headers_file(fixture) }
+
+      it 'returns the headers' do
+        @expected = headers
+      end
+    end
+  end
+
+  describe '#interesting_entries' do
+    after { expect(file.interesting_entries).to eq @expected if @expected }
+
+    context 'when interesting headers' do
+      let(:headers) { parse_headers_file(fixture) }
+
+      it 'returns an array with the headers' do
+        @expected = ['Server: nginx/1.1.19', 'X-Article-Id: 12']
+      end
+    end
+
+    context 'when no interesting headers' do
+      let(:headers) { parse_headers_file(File.join(fixtures, 'no_interesting.txt')) }
+
+      its(:interesting_entries) { should eq [] }
+    end
+  end
+end

data/spec/app/models/interesting_file_spec.rb

@@ -0,0 +1,51 @@
+require 'spec_helper'
+
+describe CMSScanner::InterestingFile do
+
+  it_behaves_like CMSScanner::Finders::Finding
+
+  subject(:file) { described_class.new(url, opts) }
+  let(:opts)     { {} }
+  let(:url)      { 'http://example.com/' }
+  let(:fixtures) { File.join(FIXTURES, 'interesting_files') }
+
+  describe '#entries' do
+    after do
+      stub_request(:get, file.url).to_return(headers: headers, body: @body)
+
+      expect(file.entries).to eq @expected
+    end
+
+    context 'when content-type matches text/plain' do
+      let(:headers) { { 'Content-Type' => 'text/plain; charset=utf-8' } }
+
+      it 'returns the file content as an array w/o empty strings' do
+        @body     = File.new(File.join(fixtures, 'file.txt')).read
+        @expected = ['This is', 'a test file', 'with some content']
+      end
+    end
+
+    context 'when other content-type' do
+      let(:headers) { { 'Content-Type' => 'text.html; charset=utf-8' } }
+
+      it 'returns an empty array' do
+        @expected = []
+      end
+    end
+  end
+
+  describe '#==' do
+    context 'when same URL' do
+      it 'returns true' do
+        expect(file == described_class.new(url)).to be true
+      end
+    end
+
+    context 'when not the same URL' do
+      it 'returns false' do
+        expect(file == described_class.new('http://ex.lo')).to be false
+      end
+    end
+  end
+
+end

data/spec/app/models/robots_txt_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+
+describe CMSScanner::RobotsTxt do
+
+  subject(:file) { described_class.new(url) }
+  let(:url)      { 'http://example.com/robots.txt' }
+  let(:fixtures) { File.join(FIXTURES, 'interesting_files', 'robots_txt') }
+
+  describe '#interesting_entries' do
+    let(:headers) { { 'Content-Type' => 'text/plain; charset=utf-8' } }
+
+    after do
+      body = File.new(File.join(fixtures, fixture)).read
+
+      stub_request(:get, file.url).to_return(headers: headers, body: body)
+
+      expect(file.interesting_entries).to eq @expected
+    end
+
+    context 'when empty or / entries' do
+      let(:fixture) { 'robots.txt' }
+
+      it 'ignores them and only returns the others' do
+        @expected = %w(/admin /public/home)
+      end
+    end
+  end
+end