cms_scanner 0.0.2

data/spec/lib/finders/findings_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+require 'dummy_finders'
+
+describe CMSScanner::Finders::Findings do
+
+  subject(:findings) { described_class.new }
+  let(:dummy)        { CMSScanner::DummyFinding }
+
+  describe '#<<' do
+    after { expect(findings).to eq @expected }
+
+    context 'when empty array' do
+      it 'adds it' do
+        findings << 'empty-test'
+        @expected = %w(empty-test)
+      end
+    end
+
+    context 'when not empty' do
+      let(:confirmed) { dummy.new('confirmed') }
+
+      before { findings << dummy.new('test') << confirmed }
+
+      it 'adds a confirmed result correctly' do
+        confirmed_dup = confirmed.dup
+        confirmed_dup.confidence = 100
+
+        findings << dummy.new('test2')
+        findings << confirmed_dup
+
+        confirmed.confirmed_by = confirmed_dup
+
+        @expected = [] << dummy.new('test') << confirmed << dummy.new('test2')
+      end
+    end
+  end
+
+  describe '#+' do
+    after { expect(findings).to eq @expected }
+
+    it 'adds it/them' do
+      # Dummy assignement to avoid the 'Operator used in void context'
+      _ = findings + %w(test1 test2)
+
+      @expected = %w(test1 test2)
+    end
+  end
+
+end

data/spec/lib/finders/independent_finders_spec.rb

@@ -0,0 +1,98 @@
+require 'spec_helper'
+require 'dummy_finders'
+
+describe CMSScanner::Finders::IndependentFinders do
+
+  subject(:finders) { described_class.new }
+
+  describe '#run' do
+    let(:target)              { 'target' }
+    let(:finding)             { CMSScanner::DummyFinding }
+    let(:expected_aggressive) { finding.new('test', found_by: 'override', confidence: 100) }
+    let(:expected_passive) do
+      [
+        finding.new('test', found_by: 'DummyFinder (passive detection)'),
+        finding.new('spotted', found_by: 'NoAggressiveResult (passive detection)', confidence: 10)
+      ]
+    end
+
+    before do
+      finders << CMSScanner::Finders::DummyFinder.new(target) <<
+                 CMSScanner::Finders::NoAggressiveResult.new(target)
+
+      @found = finders.run(mode: mode)
+
+      expect(@found).to be_a(CMSScanner::Finders::Findings)
+
+      @found.each { |f| expect(f).to be_a finding }
+    end
+
+    context 'when :passive mode' do
+      let(:mode) { :passive }
+
+      it 'returns 2 results' do
+        expect(@found.size).to eq 2
+        expect(@found.first).to eql expected_passive.first
+        expect(@found.last).to eql expected_passive.last
+      end
+    end
+
+    context 'when :aggressive mode' do
+      let(:mode) { :aggressive }
+
+      it 'returns 1 result' do
+        expect(@found.size).to eq 1
+        expect(@found.first).to eql expected_aggressive
+      end
+    end
+
+    context 'when :mixed mode' do
+      let(:mode) { :mixed }
+
+      it 'returns 2 results' do
+        expect(@found.size).to eq 2
+        expect(@found.first).to eql expected_passive.first
+        expect(@found.first.confirmed_by).to eql [expected_aggressive]
+        expect(@found.last).to eql expected_passive.last
+      end
+    end
+
+    context 'when multiple results returned' do
+
+    end
+  end
+
+  describe '#symbols_from_mode' do
+    after { expect(finders.symbols_from_mode(@mode)).to eq @expected }
+
+    context 'when :mixed' do
+      it 'returns [:passive, :aggressive]' do
+        @mode     = :mixed
+        @expected = [:passive, :aggressive]
+      end
+    end
+
+    context 'when :passive or :aggresssive' do
+      [:passive, :aggressive].each do |symbol|
+        it 'returns it in an array' do
+          @mode     = symbol
+          @expected = [*symbol]
+        end
+      end
+    end
+
+    context 'otherwise' do
+      it 'returns []' do
+        @mode     = :unallowed
+        @expected = []
+      end
+    end
+  end
+
+  describe '#findings' do
+    it 'returns a Findings object' do
+      expect(finders.findings).to be_a CMSScanner::Finders::Findings
+    end
+  end
+
+end

data/spec/lib/formatter_spec.rb

@@ -0,0 +1,136 @@
+require 'spec_helper'
+
+# Test Module to check the correct inclusion of
+# the class methods
+module OtherFormatter
+  include CMSScanner::Formatter
+end
+
+[CMSScanner::Formatter, OtherFormatter].each do |f|
+  describe "#{f}" do
+    subject(:formatter) { f }
+    it_behaves_like CMSScanner::Formatter::ClassMethods
+  end
+end
+
+module CMSScanner
+  module Formatter
+    module Spec
+      # Base Format Test Class
+      class BasedFormat < Base
+        def base_format
+          'base'
+        end
+      end
+    end
+  end
+end
+
+describe CMSScanner::Formatter::Base do
+
+  subject(:formatter) { described_class.new }
+
+  describe '#format' do
+    its(:format) { should eq 'base' }
+  end
+
+  describe '#render, output' do
+    before { formatter.views_directories << FIXTURES_VIEWS }
+
+    it 'renders the global template and does not override the @views_directories' do
+      expect($stdout).to receive(:puts)
+        .with("It Works!\nViews Dirs: #{formatter.views_directories}")
+
+      formatter.output('@test', test: 'Works!', views_directories: 'owned')
+    end
+
+    context 'when global and local rendering are used inside a template' do
+      it 'renders them correcly' do
+        rendered = formatter.render('test', { var: 'Works' }, 'ctrl')
+
+        expect(rendered).to eq "Test: Works\nLocal View\nGlobal View"
+      end
+    end
+
+    it 'raises an error if the controller_name is nil and tpl is not a global one' do
+      expect { formatter.output('test') }.to raise_error('The controller_name can not be nil')
+    end
+  end
+
+  describe '#view_path' do
+    before do
+      formatter.views_directories << FIXTURES_VIEWS
+      formatter.render('local', {}, 'ctrl') # Used to set the @controller_name
+    end
+
+    context 'when the tpl format is invalid' do
+      let(:tpl) { '../try-this' }
+
+      it 'raises an error' do
+        expect { formatter.view_path(tpl) }.to raise_error("Wrong tpl format: 'ctrl/#{tpl}'")
+      end
+    end
+
+    context 'when the tpl is not found' do
+      let(:tpl) { 'not_there' }
+
+      it 'raises an error' do
+        expect { formatter.view_path(tpl) }.to raise_error("View not found for base/ctrl/#{tpl}")
+      end
+    end
+
+    context 'when the tpl is found' do
+      after { expect(formatter.view_path(@tpl)).to eq @expected }
+
+      context 'if it\'s a global tpl' do
+        it 'returns its path' do
+          @expected = File.join(FIXTURES_VIEWS, 'base', 'test.erb')
+          @tpl      = '@test'
+        end
+      end
+
+      context 'if it\s a local tpl' do
+        it 'retuns its path' do
+          @expected = File.join(FIXTURES_VIEWS, 'base', 'ctrl', 'local.erb')
+          @tpl      = 'local'
+        end
+      end
+    end
+
+    context 'when base_format' do
+      subject(:formatter) { CMSScanner::Formatter::Spec::BasedFormat.new }
+
+      after { expect(formatter.view_path(@tpl)).to eq @expected }
+
+      context 'when the ovverided view exists' do
+        it 'returns it' do
+          @expected = File.join(FIXTURES_VIEWS, 'based_format', 'test.erb')
+          @tpl      = '@test'
+        end
+      end
+
+      it 'returns the base views otherwise' do
+        @expected = File.join(FIXTURES_VIEWS, 'base', 'ctrl', 'local.erb')
+        @tpl      = 'local'
+      end
+    end
+
+  end
+
+  describe '#views_directories' do
+    let(:default_directories) { [APP_VIEWS] }
+
+    context 'when default directories' do
+      its(:views_directories) { should eq(default_directories) }
+    end
+
+    context 'when adding directories' do
+      it 'adds them' do
+        formatter.views_directories << 'testing'
+
+        expect(formatter.views_directories).to eq(default_directories << 'testing')
+      end
+    end
+  end
+
+end

data/spec/lib/sub_scanner_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+# Module included the CMSScanner to test its correct inclusion
+module SubScanner
+  include CMSScanner
+
+  # This Target class should be called in the CMSScanner::Controller::Base
+  # instead of the CMSScanner::Target
+  class Target < CMSScanner::Target
+    def new_method
+      'working'
+    end
+  end
+end
+
+describe SubScanner::Scan do
+  subject(:scanner) { described_class.new }
+  let(:controller)  { SubScanner::Controller }
+
+  it 'loads the overrided Target class' do
+    target = scanner.controllers.first.target
+
+    expect(target).to be_a SubScanner::Target
+    expect(target.respond_to?(:new_method)).to eq true
+    expect(target.new_method).to eq 'working'
+  end
+end

data/spec/lib/target/platforms_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+[:WordPress, :PHP].each do |platform|
+  describe CMSScanner::Target do
+    subject(:target) do
+      described_class.new(url).extend(described_class::Platform.const_get(platform))
+    end
+    let(:url)      { 'http://ex.lo' }
+    let(:fixtures) { File.join(FIXTURES, 'target', 'platform', platform.to_s.downcase) }
+
+    it_behaves_like described_class::Platform.const_get(platform)
+  end
+end

data/spec/lib/target/servers_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+[:Generic, :Apache, :IIS].each do |server|
+  describe CMSScanner::Target do
+    subject(:target) do
+      described_class.new(url).extend(described_class::Server.const_get(server))
+    end
+    let(:url)      { 'http://ex.lo' }
+    let(:fixtures) { File.join(FIXTURES, 'target', 'server', server.to_s.downcase) }
+
+    it_behaves_like described_class::Server.const_get(server)
+  end
+end

data/spec/lib/target_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+describe CMSScanner::Target do
+
+  subject(:target) { described_class.new(url) }
+  let(:url)        { 'http://ex.lo' }
+
+  describe '#in_scope?' do
+    after { expect(target.in_scope?(@url)).to eq @expected }
+
+    [nil, '', 'http://out-of-scope.com', '//jquery.com/j.js'].each do |url|
+      it "returns false for #{url}" do
+        @url      = url
+        @expected = false
+      end
+    end
+
+    %w(https://ex.lo/file.txt http://ex.lo/ /relative).each do |url|
+      it "returns true for #{url}" do
+        @url      = url
+        @expected = true
+      end
+    end
+  end
+
+  describe '#interesting_files' do
+    before do
+      expect(CMSScanner::Finders::InterestingFiles).to receive(:find).and_return(stubbed)
+    end
+
+    context 'when no findings' do
+      let(:stubbed) { [] }
+
+      its(:interesting_files) { should eq stubbed }
+    end
+
+    context 'when findings' do
+      let(:stubbed) { ['yolo'] }
+
+      it 'allows findings to be added with <<' do
+        expect(target.interesting_files).to eq stubbed
+
+        target.interesting_files << 'other-finding'
+
+        expect(target.interesting_files).to eq(stubbed << 'other-finding')
+      end
+    end
+  end
+
+end

data/spec/lib/web_site_spec.rb

@@ -0,0 +1,124 @@
+require 'spec_helper'
+
+describe CMSScanner::WebSite do
+
+  subject(:web_site) { described_class.new(url) }
+  let(:url)          { 'http://ex.lo' }
+
+  describe '#url=' do
+    context 'when the url is incorrect' do
+
+      after do
+        expect { web_site.url = @url }.to raise_error Addressable::URI::InvalidURIError
+      end
+
+      it 'raises an error if empty' do
+        @url = ''
+      end
+
+      it 'raises an error if wrong format' do
+        @url = 'jj'
+      end
+    end
+
+    context 'when valid' do
+      it 'creates an Addressable object and adds a traling slash' do
+        web_site.url = 'http://site.com'
+
+        expect(web_site.url).to eq('http://site.com/')
+        expect(web_site.uri).to be_a Addressable::URI
+      end
+    end
+  end
+
+  describe '#url' do
+    context 'when no path argument' do
+      its(:url) { should eql 'http://ex.lo/' }
+    end
+
+    context 'when a path argument' do
+      it 'appends the path' do
+        expect(web_site.url('file.txt')).to eql "#{url}/file.txt"
+      end
+
+      context 'when relative path' do
+        let(:url) { 'http://ex.lo/dir/' }
+
+        it 'appends it from the host/domain' do
+          expect(web_site.url('/sub/file.txt')).to eql 'http://ex.lo/sub/file.txt'
+        end
+      end
+    end
+  end
+
+  describe '#online?' do
+    context 'when online' do
+      before { stub_request(:get, url).to_return(status: 200) }
+
+      it { should be_online }
+    end
+
+    context 'when offline' do
+      before { stub_request(:get, url).to_return(status: 0) }
+
+      it { should_not be_online }
+    end
+  end
+
+  describe '#http_auth?' do
+    context 'when http auth' do
+      before { stub_request(:get, url).to_return(status: 401) }
+
+      it { should be_http_auth }
+    end
+
+    context 'when no http auth' do
+      before { stub_request(:get, url).to_return(status: 200) }
+
+      it { should_not be_http_auth }
+    end
+  end
+
+  describe '#proxy_auth?' do
+    # Handled in app/controllers/core_spec
+  end
+
+  describe '#redirection' do
+    it 'returns nil if no redirection detected' do
+      stub_request(:get, web_site.url).to_return(status: 200, body: '')
+
+      expect(web_site.redirection).to be_nil
+    end
+
+    [301, 302].each do |status_code|
+      it "returns http://new-location.com if the status code is #{status_code}" do
+        new_location = 'http://new-location.com'
+
+        stub_request(:get, web_site.url)
+          .to_return(status: status_code, headers: { location: new_location })
+
+        stub_request(:get, new_location).to_return(status: 200)
+
+        expect(web_site.redirection).to eq new_location
+      end
+    end
+
+    context 'when multiple redirections' do
+      it 'returns the last redirection' do
+        first_redirection = 'www.redirection.com'
+        last_redirection  = 'redirection.com'
+
+        stub_request(:get, web_site.url)
+          .to_return(status: 301, headers: { location: first_redirection })
+
+        stub_request(:get, first_redirection)
+          .to_return(status: 302, headers: { location: last_redirection })
+
+        stub_request(:get, last_redirection).to_return(status: 200)
+
+        expect(web_site.redirection).to eq last_redirection
+      end
+    end
+  end
+
+end