PageRenderTime 56ms CodeModel.GetById 23ms app.highlight 31ms RepoModel.GetById 1ms app.codeStats 0ms

/spec/lib/msf/http/wordpress/version_spec.rb

https://github.com/debbiemezyene/metasploit-framework
Ruby | 134 lines | 110 code | 23 blank | 1 comment | 0 complexity | 0fd27c876582f2b1ecc61d743fec8359 MD5 | raw file
  1# -*- coding:binary -*-
  2require 'spec_helper'
  3
  4require 'msf/core'
  5require 'msf/core/exploit'
  6require 'rex/proto/http/response'
  7require 'msf/http/wordpress'
  8
  9describe Msf::HTTP::Wordpress::Version do
 10  subject do
 11    mod = ::Msf::Exploit.new
 12    mod.extend ::Msf::HTTP::Wordpress
 13    mod.send(:initialize)
 14    mod
 15  end
 16
 17  describe '#wordpress_version' do
 18    before :each do
 19      allow(subject).to receive(:send_request_cgi) do |opts|
 20        res = Rex::Proto::Http::Response.new
 21        res.code = 200
 22        res.body = wp_body
 23        res
 24      end
 25    end
 26
 27    let(:wp_version) {
 28      r = Random.new
 29      "#{r.rand(10)}.#{r.rand(10)}.#{r.rand(10)}"
 30    }
 31
 32    context 'when version from generator' do
 33      let(:wp_body) { '<meta name="generator" content="WordPress ' << wp_version << '" />' }
 34      it { expect(subject.wordpress_version).to eq(wp_version) }
 35    end
 36
 37    context 'when version from readme' do
 38      let(:wp_body) { " <br /> Version #{wp_version}" }
 39      it { expect(subject.wordpress_version).to eq(wp_version) }
 40    end
 41
 42    context 'when version from rss' do
 43      let(:wp_body) { "<generator>http://wordpress.org/?v=#{wp_version}</generator>" }
 44      it { expect(subject.wordpress_version).to eq(wp_version) }
 45    end
 46
 47    context 'when version from rdf' do
 48      let(:wp_body) { '<admin:generatorAgent rdf:resource="http://wordpress.org/?v=' << wp_version << '" />' }
 49      it { expect(subject.wordpress_version).to eq(wp_version) }
 50    end
 51
 52    context 'when version from atom' do
 53      let(:wp_body) { '<generator uri="http://wordpress.org/" version="' << wp_version << '">WordPress</generator>' }
 54      it { expect(subject.wordpress_version).to eq(wp_version) }
 55    end
 56
 57    context 'when version from sitemap' do
 58      let(:wp_body) { '<!--  generator="WordPress/' << wp_version << '"  -->' }
 59      it { expect(subject.wordpress_version).to eq(wp_version) }
 60    end
 61
 62    context 'when version from opml' do
 63      let(:wp_body) { '<!--  generator="WordPress/' << wp_version << '"  -->' }
 64      it { expect(subject.wordpress_version).to eq(wp_version) }
 65    end
 66
 67  end
 68
 69  describe '#check_version_from_readme' do
 70    before :each do
 71      allow(subject).to receive(:send_request_cgi) do |opts|
 72        res = Rex::Proto::Http::Response.new
 73        res.code = wp_code
 74        res.body = wp_body
 75        res
 76      end
 77    end
 78
 79    let(:wp_code) { 200 }
 80    let(:wp_body) { nil }
 81    let(:wp_fixed_version) { nil }
 82
 83    context 'when no readme is found' do
 84      let(:wp_code) { 404 }
 85      it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version)).to be(Msf::Exploit::CheckCode::Unknown) }
 86    end
 87
 88    context 'when no version can be extracted from readme' do
 89      let(:wp_code) { 200 }
 90      let(:wp_body) { 'invalid content' }
 91      it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version)).to be(Msf::Exploit::CheckCode::Detected) }
 92    end
 93
 94    context 'when installed version is vulnerable' do
 95      let(:wp_code) { 200 }
 96      let(:wp_fixed_version) { '1.0.1' }
 97      let(:wp_body) { 'stable tag: 1.0.0' }
 98      it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version)).to be(Msf::Exploit::CheckCode::Appears) }
 99    end
100
101    context 'when installed version is not vulnerable' do
102      let(:wp_code) { 200 }
103      let(:wp_fixed_version) { '1.0.1' }
104      let(:wp_body) { 'stable tag: 1.0.2' }
105      it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version)).to be(Msf::Exploit::CheckCode::Safe) }
106    end
107
108    context 'when installed version is vulnerable (version range)' do
109      let(:wp_code) { 200 }
110      let(:wp_fixed_version) { '1.0.2' }
111      let(:wp_introd_version) { '1.0.0' }
112      let(:wp_body) { 'stable tag: 1.0.1' }
113      it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Appears) }
114    end
115
116    context 'when installed version is older (version range)' do
117      let(:wp_code) { 200 }
118      let(:wp_fixed_version) { '1.0.1' }
119      let(:wp_introd_version) { '1.0.0' }
120      let(:wp_body) { 'stable tag: 0.0.9' }
121      it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Safe) }
122    end
123
124    context 'when installed version is newer (version range)' do
125      let(:wp_code) { 200 }
126      let(:wp_fixed_version) { '1.0.1' }
127      let(:wp_introd_version) { '1.0.0' }
128      let(:wp_body) { 'stable tag: 1.0.2' }
129      it { expect(subject.send(:check_version_from_readme, :plugin, 'name', wp_fixed_version, wp_introd_version)).to be(Msf::Exploit::CheckCode::Safe) }
130    end
131
132  end
133
134end