Add specs and .travis.yml

.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - 2.1.0
+  - 2.2.0
+script: bundle exec rspec --color --format=documentation

nexpose.gemspec

@@ -21,4 +21,5 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency('rex', '~> 2.0.5', '>= 2.0.5')
 
   s.add_development_dependency('bundler', '~> 1.3')
+  s.add_development_dependency('rspec', '~> 3.2')
 end

spec/nexpose/connection_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe Nexpose::Connection do
+  describe '.from_uri' do
+    let(:username) { nil }
+    let(:password) { nil }
+    let(:silo_id) { nil }
+    subject(:connection) { Nexpose::Connection.from_uri(uri, username, password, silo_id) }
+
+    context 'with the default port' do
+      let(:uri) { 'https://nexpose.local:3780/' }
+
+      it 'initializes a new Connection' do
+        expect(connection.host).to eq('nexpose.local')
+        expect(connection.password).to eq(password)
+        expect(connection.port).to eq(3780)
+        expect(connection.username).to eq(username)
+      end
+    end
+
+    context 'with a non-default port' do
+      let(:uri) { 'https://nexpose.local:1234/' }
+
+      it 'initializes a new Connection' do
+        expect(connection.host).to eq('nexpose.local')
+        expect(connection.password).to eq(password)
+        expect(connection.port).to eq(1234)
+        expect(connection.username).to eq(username)
+      end
+    end
+  end
+end

spec/nexpose/site_spec.rb

@@ -0,0 +1,61 @@
+require 'spec_helper'
+
+describe Nexpose::Site do
+  let(:scan_template) { 'full-audit-without-webspider' }
+  let(:site_name) { 'joe blow site' }
+  subject { Nexpose::Site.new(site_name, scan_template) }
+
+  describe '#add_asset' do
+    context 'with a hostname' do
+      it 'adds a new HostName to the assets list' do
+        subject.add_asset('nexpose.local')
+
+        expect(subject.assets).to include(Nexpose::HostName.new('nexpose.local'))
+      end
+    end
+
+    context 'with a single IP address' do
+      it 'adds a new IPRange to the assets list' do
+        subject.add_asset('192.168.1.1')
+
+        expect(subject.assets).to include(Nexpose::IPRange.new('192.168.1.1'))
+      end
+    end
+
+    context 'with a multiple IP address' do
+      # TODO: The IPRange class apparently doesn't handle CIDR notation on the client side
+      xit 'adds a new IPRange to the assets list' do
+        subject.add_asset('192.168.1.0/24')
+
+        expect(subject.assets).to include(Nexpose::IPRange.new('192.168.1.0', '192.168.1.255'))
+      end
+    end
+  end
+
+  describe '#add_host' do
+    it 'adds a new HostName to the assets list' do
+      subject.add_asset('nexpose.local')
+
+      expect(subject.assets).to include(Nexpose::HostName.new('nexpose.local'))
+    end
+  end
+
+  describe '#add_ip' do
+    context 'with a single IP address' do
+      it 'adds a new IPRange to the assets list' do
+        subject.add_asset('192.168.1.1')
+
+        expect(subject.assets).to include(Nexpose::IPRange.new('192.168.1.1'))
+      end
+    end
+
+    context 'with a multiple IP address' do
+      # TODO: The IPRange class apparently doesn't handle CIDR notation on the client side
+      xit 'adds a new IPRange to the assets list' do
+        subject.add_asset('192.168.1.0/24')
+
+        expect(subject.assets).to include(Nexpose::IPRange.new('192.168.1.0', '192.168.1.255'))
+      end
+    end
+  end
+end

spec/nexpose/util/attributes_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+describe Nexpose::Attributes do
+  subject { Nexpose::Attributes }
+
+  describe '.to_hash' do
+    it 'converts an array into a XML compatible format' do
+      attributes = [
+        { awesome: true },
+        { boring: false }
+      ]
+      observed = subject.to_hash(attributes)
+
+      expect(observed).to include(a_hash_including('key' => 'awesome', 'value' => 'true'))
+        .and include(a_hash_including('key' => 'boring', 'value' => 'false'))
+    end
+  end
+end

spec/nexpose/util/host_or_ip_spec.rb

@@ -0,0 +1,97 @@
+require 'spec_helper'
+
+describe Nexpose::HostOrIP do
+  subject { Nexpose::HostOrIP }
+
+  describe '.convert' do
+    context 'with a fully qualified domain name' do
+      let(:asset) { asset = 'nexpose.local' }
+
+      it 'returns a HostName' do
+        observed = subject.convert(asset)
+        expect(observed).to be_a(Nexpose::HostName)
+      end
+    end
+
+    context 'with a hostname' do
+      let(:asset) { asset = 'target-host' }
+
+      it 'returns a HostName' do
+        observed = subject.convert(asset)
+        expect(observed).to be_a(Nexpose::HostName)
+      end
+    end
+
+    context 'with an IP address' do
+      let(:asset) { asset = '192.168.1.1' }
+
+
+      it 'returns an IPRange' do
+        observed = subject.convert(asset)
+        expect(observed).to be_a(Nexpose::IPRange)
+      end
+    end
+
+    context 'with an IP address range' do
+      let(:asset) { asset = '192.168.1.0/24' }
+
+
+      it 'returns an IPRange' do
+        observed = subject.convert(asset)
+        expect(observed).to be_a(Nexpose::IPRange)
+      end
+    end
+  end
+
+  # TODO: Since HostOrIP.parse deals with API responses consider adding
+  #   integration tests for the parse method.
+  describe '.parse' do
+    let(:multiple_address_range_xml) { '<range from="192.168.1.1" to="192.168.1.254"/>' }
+    let(:single_address_range_xml) { '<range from="192.168.2.1"/>' }
+    let(:host_xml) { '<host>nexpose.local</host>' }
+    let(:xml_format) { '<GlobalSettings><ExcludedHosts>%{nested_xml}</ExcludedHosts></GlobalSettings>' }
+
+    context 'with a host element' do
+      let(:xml) { REXML::Document.new(format(xml_format, nested_xml: host_xml)) }
+
+      it 'returns a valid HostName object' do
+        observed = subject.parse(xml)
+        expect(observed).to include(Nexpose::HostName.new('nexpose.local'))
+      end
+    end
+
+    context 'with a single IP range element' do
+      let(:xml) { REXML::Document.new(format(xml_format, nested_xml: single_address_range_xml)) }
+
+      it 'returns a valid IPRange object' do
+        observed = subject.parse(xml)
+        expect(observed).to include(Nexpose::IPRange.new('192.168.2.1'))
+      end
+    end
+
+    context 'with a multiple IP range element' do
+      let(:xml) { REXML::Document.new(format(xml_format, nested_xml: multiple_address_range_xml)) }
+
+      it 'returns a valid IPRange object' do
+        observed = subject.parse(xml)
+        expect(observed).to include(Nexpose::IPRange.new('192.168.1.1', '192.168.1.254'))
+      end
+    end
+
+    context 'with host, IP address, and range elements' do
+      let(:xml) do
+        nodes = [host_xml, single_address_range_xml, multiple_address_range_xml]
+        REXML::Document.new(format(xml_format, nested_xml: nodes.join))
+      end
+
+      it 'returns valid HostName and IPRange objects' do
+        observed = subject.parse(xml)
+        expect(observed).to include(
+          Nexpose::IPRange.new('192.168.2.1'),
+          Nexpose::HostName.new('nexpose.local'),
+          Nexpose::IPRange.new('192.168.1.1', '192.168.1.254')
+        )
+      end
+    end
+  end
+end

spec/nexpose/util/iso_8601_spec.rb

@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+describe Nexpose::ISO8601 do
+  subject { Nexpose::ISO8601 }
+  let(:time_iso8601_string) { '20141210T165822.412Z' }
+  let(:time) {
+    # 412,000 (10^3 * 412) microseconds is equivalent to 412
+    # nanoseconds which is used in "time_iso8601_string".
+    microseconds = 412_000
+    seconds = Time.new(2014, 12, 10, 16, 58, 22, 0).to_i
+    Time.at(seconds, microseconds)
+  }
+
+  describe '.to_string' do
+    it 'converts a Time object into an ISO 8601 string' do
+      observed = subject.to_string(time)
+      expect(observed).to eq(time_iso8601_string)
+    end
+  end
+
+  describe '.to_time' do
+    it 'converts an ISO 8601 string into a Time object' do
+      observed = subject.to_time(time_iso8601_string)
+      expect(observed).to eq(time)
+    end
+  end
+end

spec/nexpose/util/sanititze_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+
+describe Nexpose::Sanitize do
+  subject do
+    # Create a dummy class which has included the Sanitize module
+    dummy_class = Class.new { include Nexpose::Sanitize }
+    dummy_class.new
+  end
+
+  describe '#replace_entities' do
+    it 'replaces all instances of the ampersand character with &' do
+      observed = subject.replace_entities('one & two & three')
+      expect(observed).to eq('one & two & three')
+    end
+
+    it 'replaces all instances of the double quote character with "' do
+      observed = subject.replace_entities('Lorem "ipsum"')
+      expect(observed).to eq('Lorem "ipsum"')
+    end
+
+    it 'replaces all instances of the single quote character with '' do
+      observed = subject.replace_entities("Lorem 'ipsum'")
+      expect(observed).to eq('Lorem 'ipsum'')
+    end
+
+    it 'replaces all instances of the "greater than" character' do
+      observed = subject.replace_entities("n_bits >> m_bits")
+      expect(observed).to eq('n_bits >> m_bits')
+    end
+
+    it 'replaces all instances of the "less than" character' do
+      observed = subject.replace_entities("array << Time.now")
+      expect(observed).to eq('array &lt;&lt; Time.now')
+    end
+  end
+end

spec/nexpose/util/xml_utils_spec.rb

@@ -0,0 +1,34 @@
+require 'spec_helper'
+
+describe Nexpose::XMLUtils do
+  describe '.success?' do
+    subject { Nexpose::XMLUtils }
+
+    context 'with a successful response' do
+      let(:response_string) { '<status success="1"/>' }
+
+      it 'returns true' do
+        observed = subject.success?(response_string)
+        expect(observed).to be(true)
+      end
+    end
+
+    context 'with a failed response' do
+      let(:response_string) { '<status success="0"/>' }
+
+      it 'returns false' do
+        observed = subject.success?(response_string)
+        expect(observed).to be(false)
+      end
+    end
+
+    context 'with a response that did not define "success"' do
+      let(:response_string) { '<status other-attr="ignored"/>' }
+
+      it 'returns false' do
+        observed = subject.success?(response_string)
+        expect(observed).to be(false)
+      end
+    end
+  end
+end

spec/spec_helper.rb

@@ -0,0 +1 @@
+require 'nexpose'