cms_scanner 0.0.2

data/spec/fixtures/target/server/generic/server/apache/basic.txt

@@ -0,0 +1,5 @@
+Date: Sun, 12 Oct 2014 19:44:42 GMT
+Server: Apache/2.2.16 (Debian)
+X-Powered-By: PHP/5.3.3-7+squeeze19
+Vary: Accept-Encoding
+Content-Type: text/html

data/spec/fixtures/target/server/generic/server/iis/basic.txt

@@ -0,0 +1,6 @@
+Content-Length: 1027
+Content-Type: text/html; charset=UTF-8
+Server: Microsoft-IIS/7.5
+X-Powered-By: ASP.NET
+X-UA-Compatible: IE=EmulateIE7
+Date: Sun, 12 Oct 2014 20:15:14 GMT

data/spec/fixtures/target/server/generic/server/not_detected.txt

@@ -0,0 +1,3 @@
+Date: Sun, 12 Oct 2014 19:44:42 GMT
+Vary: Accept-Encoding
+Content-Type: text/html

data/spec/fixtures/target/server/iis/directory_listing/no_parent.html

@@ -0,0 +1,3 @@
+<html><head><title>ex.lo - /dir/</title></head><body><H1>ex.lo - /dir/</H1><hr>
+
+<pre>10/8/2014 11:00 PM        &lt;dir&gt; <A HREF="/sub-dir/">sub-dir</A>10/10/2014 10:00 PM          168 <A HREF="/web.config">web.config</A><br></pre><hr></body></html>

data/spec/fixtures/target/server/iis/directory_listing/with_parent.html

@@ -0,0 +1,3 @@
+<html><head><title>ex.lo - /dir/</title></head><body><H1>ex.lo - /dir/</H1><hr>
+
+<pre><A HREF="/">[To Parent Directory]</A><br><br> 10/8/2014 11:00 PM        &lt;dir&gt; <A HREF="/sub-dir/">sub-dir</A>10/10/2014 10:00 PM          168 <A HREF="/web.config">web.config</A><br></pre><hr></body></html>

data/spec/fixtures/views/base/ctrl/local.erb

@@ -0,0 +1 @@
+Local View

data/spec/fixtures/views/base/ctrl/test.erb

@@ -0,0 +1,3 @@
+Test: <%= @var %>
+<%= render('local') %>
+<%= render('@global') %>

data/spec/fixtures/views/base/global.erb

@@ -0,0 +1 @@
+Global View

data/spec/fixtures/views/base/test.erb

@@ -0,0 +1,2 @@
+It <%= @test %>
+Views Dirs: <%= @views_directories %>

data/spec/fixtures/views/based_format/test.erb

@@ -0,0 +1 @@
+Override the base/test.erb

data/spec/fixtures/views/json/render_me.erb

@@ -0,0 +1,4 @@
+"test": <%= @test.to_json %>,
+<% if @var %>
+"var": <%= @var.to_json %>
+<% end %>

data/spec/lib/browser_spec.rb

@@ -0,0 +1,141 @@
+require 'spec_helper'
+
+describe CMSScanner::Browser do
+
+  it_behaves_like described_class::Actions
+
+  subject(:browser) { described_class.instance(options) }
+  before            { described_class.reset }
+  let(:options)     { {} }
+  let(:default) do
+    {
+      ssl_verifypeer: false, ssl_verifyhost: 2,
+      headers: { 'User-Agent' => "CMSScanner v#{CMSScanner::VERSION}" }
+    }
+  end
+
+  describe '#forge_request' do
+    it 'returns a Typhoeus::Request' do
+      expect(browser.forge_request('http://example.com')).to be_a Typhoeus::Request
+    end
+  end
+
+  describe '#default_request_params' do
+    its(:default_request_params) { should eq default }
+
+    context 'when some attributes are set' do
+      let(:options)  do
+        {
+          cache_ttl: 200, connect_timeout: 10,
+          http_auth: { username: 'log', password: 'pwd' },
+          cookie_jar: '/tmp/cookie_jar.txt'
+        }
+      end
+
+      let(:expected) do
+        default.merge(
+          cache_ttl: 200, connecttimeout: 10, userpwd: 'log:pwd',
+          cookiejar: options[:cookie_jar], cookiefile: options[:cookie_jar]
+        )
+      end
+
+      its(:default_request_params) { should eq expected }
+    end
+  end
+
+  describe '#request_params' do
+    context 'when no param is given' do
+      its(:request_params) { should eq default }
+    end
+
+    context 'when params are supplied' do
+      let(:params) { { another_param: true, headers: { 'Accept' => 'None' } } }
+
+      it 'merges them (headers should be correctly merged)' do
+        expect(browser.request_params(params)).to eq default
+          .merge(params) { |key, oldval, newval| key == :headers ? oldval.merge(newval) : newval }
+      end
+
+      context 'when browser options' do
+        let(:options) { { proxy: 'http://127.0.0.1:8080' } }
+
+        it 'returns the correct hash' do
+          expect(browser.request_params(params)).to eq default
+            .merge(options)
+            .merge(params) { |key, oldval, newval| key == :headers ? oldval.merge(newval) : newval }
+        end
+      end
+    end
+  end
+
+  describe '#load_options' do
+    context 'when no options' do
+      it 'does not load anything' do
+        described_class::OPTIONS.each do |sym|
+          expected = sym == :user_agent ? "CMSScanner v#{CMSScanner::VERSION}" : nil
+
+          expect(browser.send(sym)).to eq expected
+        end
+      end
+    end
+
+    context 'when options are supplied' do
+      module CMSScanner
+        # Test accessor
+        class Browser
+          attr_accessor :test
+        end
+      end
+
+      let(:options) do
+        { cache_ttl: 200, max_threads: 10, test: 'should not be set',
+          user_agent: 'UA', proxy: false }
+      end
+
+      it 'merges the browser options only' do
+        described_class::OPTIONS.each do |sym|
+          expected = options.key?(sym) ? options[sym] : nil
+
+          expect(browser.send(sym)).to eq expected
+        end
+
+        expect(browser.test).to be nil
+      end
+    end
+  end
+
+  describe '#hydra' do
+    context 'when #max_threads is nil' do
+      its('hydra.max_concurrency') { should eq 1 }
+    end
+
+    context 'when #max_threads' do
+      let(:options) { { max_threads: 20 } }
+
+      its('hydra.max_concurrency') { should eq options[:max_threads] }
+    end
+  end
+
+  describe '#max_threads=' do
+    after do
+      browser.max_threads = @threads
+
+      expect(browser.max_threads).to eq @expected
+      expect(browser.hydra.max_concurrency).to eq @expected
+    end
+
+    context 'when <= 0' do
+      it 'sets the @threads to 1' do
+        @threads  = -2
+        @expected = 1
+      end
+    end
+
+    context 'when > 0' do
+      it 'sets the @threads' do
+        @threads  = 20
+        @expected = @threads
+      end
+    end
+  end
+end

data/spec/lib/cache/file_store_spec.rb

@@ -0,0 +1,101 @@
+require 'spec_helper'
+
+describe CMSScanner::Cache::FileStore do
+
+  let(:cache_dir) { File.join(CACHE, 'cache_file_store') }
+  subject(:cache) { described_class.new(cache_dir) }
+
+  before { FileUtils.rm_r(cache_dir, secure: true) if Dir.exist?(cache_dir) }
+  after  { cache.clean }
+
+  describe '#new, #storage_path, #serializer' do
+    its(:serializer)   { should be Marshal }
+    its(:storage_path) { should eq cache_dir }
+  end
+
+  describe '#clean' do
+    it 'removes all files from the cache dir' do
+      # let's create some files into the directory first
+      (0..5).each do |i|
+        File.new(File.join(cache.storage_path, "file_#{i}.txt"), File::CREAT)
+      end
+
+      expect(count_files_in_dir(cache.storage_path, 'file_*.txt')).to eq 6
+      cache.clean
+      expect(count_files_in_dir(cache.storage_path)).to eq 0
+    end
+  end
+
+  describe '#read_entry?' do
+    let(:key) { 'key1' }
+
+    after do
+      File.write(cache.entry_expiration_path(key), @expiration) if @expiration
+
+      expect(cache.read_entry(key)).to eq @expected
+    end
+
+    context 'when the entry does not exists' do
+      it 'returns nil' do
+        @expected = nil
+      end
+    end
+
+    context 'when the file is empty (marshal data too short error)' do
+      it 'returns nil' do
+        File.new(cache.entry_path(key), File::CREAT)
+
+        @expiration = Time.now.to_i + 200
+        @expected   = nil
+      end
+    end
+
+    context 'when the entry has expired' do
+      it 'returns nil' do
+        @expiration = Time.now.to_i - 200
+        @expected   = nil
+      end
+    end
+
+    context 'when the entry has not expired' do
+      it 'returns the entry' do
+        File.write(cache.entry_path(key), cache.serializer.dump('testing data'))
+
+        @expiration = Time.now.to_i + 600
+        @expected   = 'testing data'
+      end
+    end
+  end
+
+  describe '#write_entry' do
+    after do
+      cache.write_entry(@key, @data, @ttl)
+      expect(cache.read_entry(@key)).to eq @expected
+    end
+
+    it 'should get the correct entry (string)' do
+      @ttl      = 10
+      @key      = 'some_key'
+      @data     = 'Hello World !'
+      @expected = @data
+    end
+
+    context 'when cache_ttl <= 0' do
+      it 'does not write the entry' do
+        @ttl      = 0
+        @key      = 'another_key'
+        @data     = 'Another Hello World !'
+        @expected = nil
+      end
+    end
+
+    context 'when cache_ttl is nil' do
+      it 'does not write the entry' do
+        @ttl      = nil
+        @key      = 'test'
+        @data     = 'test'
+        @expected = nil
+      end
+    end
+  end
+end

data/spec/lib/cache/typhoeus_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper'
+
+describe CMSScanner::Cache::Typhoeus do
+
+  subject(:cache) { described_class.new(cache_dir) }
+
+  let(:cache_dir) { File.join(CACHE, 'typhoeus_cache') }
+  let(:url)       { 'http://example.com' }
+  let(:request)   { Typhoeus::Request.new(url, cache_ttl: 20) }
+  let(:key)       { request.hash.to_s }
+
+  describe '#get' do
+    it 'calls #read_entry' do
+      expect(cache).to receive(:read_entry).with(key)
+
+      cache.get(request)
+    end
+  end
+
+  describe '#set' do
+    let(:response) { Typhoeus::Response.new }
+
+    it 'calls #write_entry' do
+      expect(cache).to receive(:write_entry).with(key, response, request.cache_ttl)
+
+      cache.set(request, response)
+    end
+  end
+
+end

data/spec/lib/cms_scanner_spec.rb

@@ -0,0 +1,45 @@
+require 'spec_helper'
+
+module CMSScanner
+  module Controller
+    # Failure class for testing
+    class SpecFailure < Base
+      def before_scan
+        fail 'error spotted'
+      end
+    end
+  end
+end
+
+describe CMSScanner::Scan do
+
+  subject(:scanner) { described_class.new }
+  let(:controller)  { CMSScanner::Controller }
+
+  describe '#new, #controllers' do
+    its(:controllers) { should eq([controller::Core.new]) }
+  end
+
+  describe '#run' do
+    it 'runs the controlllers and calls the formatter#beautify' do
+      expect(scanner.controllers).to receive(:run)
+      expect(scanner.formatter).to receive(:beautify)
+      scanner.run
+    end
+
+    context 'when an error is raised during the #run' do
+      it 'aborts the scan with the associated output' do
+        scanner.controllers[0] = controller::SpecFailure.new
+
+        expect(scanner.formatter).to receive(:output)
+          .with('@scan_aborted', hash_including(:reason, :trace, :verbose))
+
+        scanner.run
+      end
+    end
+  end
+
+  describe '#datastore' do
+    its(:datastore) { should eq({}) }
+  end
+end

data/spec/lib/controller_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe CMSScanner::Controller do
+
+  subject(:controller) { described_class::Base.new }
+
+  context 'when parsed_options' do
+    before               { described_class::Base.parsed_options = parsed_options }
+    let(:parsed_options) { { url: 'http://example.com/' } }
+
+    its(:parsed_options) { should eq(parsed_options) }
+    its(:formatter)      { should be_a CMSScanner::Formatter::Cli }
+    its(:target)         { should be_a CMSScanner::Target }
+
+    describe '#render' do
+      it 'calls the formatter#render' do
+        expect(controller.formatter).to receive(:render).with('test', { verbose: nil }, 'base')
+        controller.render('test')
+      end
+    end
+  end
+
+end

data/spec/lib/controllers_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+module CMSScanner
+  module Controller
+    class Spec < Base
+    end
+  end
+end
+
+describe CMSScanner::Controllers do
+
+  subject(:controllers)  { described_class.new }
+  let(:controller_mod) { CMSScanner::Controller }
+
+  describe '#<<' do
+    its(:size) { should be 0 }
+
+    context 'when controllers are added' do
+      before { controllers << controller_mod::Spec.new << controller_mod::Base.new }
+
+      its(:size) { should be 2 }
+    end
+
+    context 'when a controller is added twice' do
+      before { 2.times { controllers << controller_mod::Spec.new } }
+
+      its(:size) { should be 1 }
+    end
+
+    it 'returns self' do
+      expect(controllers << controller_mod::Spec.new).to be_a described_class
+    end
+  end
+
+  describe '#run' do
+    it 'runs the before_scan, run and after_scan methods of each controller' do
+      spec = controller_mod::Spec.new
+      base = controller_mod::Base.new
+
+      controllers << spec << base
+
+      # TODO: Any way to test the orders ? (after_scan should reverse the order)
+      [base, spec].each do |c|
+        expect(c).to receive(:before_scan)
+        expect(c).to receive(:run)
+        expect(c).to receive(:after_scan)
+      end
+      controllers.run
+    end
+  end
+
+end