Improve test coverage

Author: rastating

spec/lib/wpxf/modules/auxiliary/file_download/mail_masta_unauthenticated_local_file_inclusion_spec.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require_relative '../../../../../spec_helper'
+require 'wpxf/modules'
+
+describe Wpxf::Auxiliary::MailMastaUnauthenticatedLocalFileInclusion do
+  let(:subject) { described_class.new }
+
+  before :each, 'setup subject' do
+    allow(subject).to receive(:check_plugin_version_from_readme)
+    allow(subject).to receive(:emit_error)
+  end
+
+  it 'should return a {Wpxf::Module}' do
+    expect(subject).to be_a Wpxf::Module
+  end
+
+  it 'should check the plugin is installed' do
+    subject.check
+    expect(subject).to have_received(:check_plugin_version_from_readme)
+      .with('mail-masta')
+      .exactly(1).times
+  end
+
+  it 'should not require authentication' do
+    expect(subject.requires_authentication).to be false
+  end
+
+  it 'should configure a default remote file path' do
+    expected = '/etc/passwd'
+    expect(subject.default_remote_file_path).to eql expected
+  end
+
+  it 'should configure the working directory' do
+    expected = 'wp-content/plugins/mail-masta/inc/campaign'
+    expect(subject.working_directory).to eql expected
+  end
+
+  it 'should configure the downloader url' do
+    url_pattern = %r{plugins/mail-masta/inc/campaign/count_of_send\.php$}
+    expect(subject.downloader_url).to match(url_pattern)
+  end
+
+  it 'should configure the request params' do
+    subject.set_option_value('remote_file', 'test.php')
+    expect(subject.download_request_params).to eql(pl: 'test.php')
+  end
+
+  it 'should GET the download request' do
+    expect(subject.download_request_method).to eql :get
+  end
+end

spec/lib/wpxf/modules/auxiliary/file_download/membership_simplified_arbitrary_file_download_spec.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require_relative '../../../../../spec_helper'
+require 'wpxf/modules'
+
+describe Wpxf::Auxiliary::MembershipSimplifiedArbitraryFileDownload do
+  let(:subject) { described_class.new }
+
+  before :each, 'setup subject' do
+    allow(subject).to receive(:check_plugin_version_from_readme)
+    allow(subject).to receive(:emit_error)
+  end
+
+  it 'should return a {Wpxf::Module}' do
+    expect(subject).to be_a Wpxf::Module
+  end
+
+  it 'should check the change log to verify the version is < 1.59' do
+    res_mock = Wpxf::Net::HttpResponse.new(nil)
+    res_mock.code = 200
+    res_mock.body = %(
+      = Beta 1.58 =
+      Release notes
+
+      = Beta 1.57 =
+      Release Notes
+    )
+
+    allow(subject).to receive(:execute_get_request).and_return(res_mock)
+    expect(subject.check).to eql :vulnerable
+  end
+
+  it 'should not require authentication' do
+    expect(subject.requires_authentication).to be false
+  end
+
+  it 'should configure a default remote file path' do
+    expected = '..././..././..././wp-config.php'
+    expect(subject.default_remote_file_path).to eql expected
+  end
+
+  it 'should configure the working directory' do
+    expected = 'wp-content/plugins/membership-simplified-for-oap-members-only'
+    expect(subject.working_directory).to eql expected
+  end
+
+  it 'should configure the downloader url' do
+    url_pattern = %r{plugins/membership-simplified-for-oap-members-only/download\.php$}
+    expect(subject.downloader_url).to match(url_pattern)
+  end
+
+  it 'should configure the request params' do
+    subject.set_option_value('remote_file', 'test.php')
+    expect(subject.download_request_params).to eql('download_file' => 'test.php')
+  end
+
+  it 'should GET the download request' do
+    expect(subject.download_request_method).to eql :get
+  end
+end

spec/lib/wpxf/modules/auxiliary/file_download/memphis_documents_library_arbitrary_file_download_spec.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require_relative '../../../../../spec_helper'
+require 'wpxf/modules'
+
+describe Wpxf::Auxiliary::MemphisDocumentsLibraryArbitraryFileDownload do
+  let(:subject) { described_class.new }
+
+  before :each, 'setup subject' do
+    allow(subject).to receive(:check_plugin_version_from_readme)
+    allow(subject).to receive(:emit_error)
+  end
+
+  it 'should return a {Wpxf::Module}' do
+    expect(subject).to be_a Wpxf::Module
+  end
+
+  it 'should check the plugin is < 3.1.6' do
+    subject.check
+    expect(subject).to have_received(:check_plugin_version_from_readme)
+      .with('memphis-documents-library', '3.1.6')
+      .exactly(1).times
+  end
+
+  it 'should not require authentication' do
+    expect(subject.requires_authentication).to be false
+  end
+
+  it 'should configure a default remote file path' do
+    expected = '../../../wp-config.php'
+    expect(subject.default_remote_file_path).to eql expected
+  end
+
+  it 'should configure the working directory' do
+    expected = 'wp-content/plugins/memphis-documents-library/'
+    expect(subject.working_directory).to eql expected
+  end
+
+  it 'should configure the downloader url' do
+    expect(subject.downloader_url).to eql subject.full_uri
+  end
+
+  it 'should configure the request params' do
+    subject.set_option_value('remote_file', 'test.php')
+    expect(subject.download_request_params).to eql('mdocs-img-preview' => 'test.php')
+  end
+
+  it 'should GET the download request' do
+    expect(subject.download_request_method).to eql :get
+  end
+end

spec/lib/wpxf/modules/auxiliary/file_download/recent_backups_arbitrary_file_download_spec.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require_relative '../../../../../spec_helper'
+require 'wpxf/modules'
+
+describe Wpxf::Auxiliary::RecentBackupsArbitraryFileDownload do
+  let(:subject) { described_class.new }
+
+  before :each, 'setup subject' do
+    allow(subject).to receive(:check_plugin_version_from_readme)
+    allow(subject).to receive(:emit_error)
+  end
+
+  it 'should return a {Wpxf::Module}' do
+    expect(subject).to be_a Wpxf::Module
+  end
+
+  it 'should check the plugin is installed' do
+    subject.check
+    expect(subject).to have_received(:check_plugin_version_from_readme)
+      .with('recent-backups')
+      .exactly(1).times
+  end
+
+  it 'should not require authentication' do
+    expect(subject.requires_authentication).to be false
+  end
+
+  it 'should configure a default remote file path' do
+    expected = '../../../wp-config.php'
+    expect(subject.default_remote_file_path).to eql expected
+  end
+
+  it 'should configure the working directory' do
+    expected = 'wp-content/plugins/recent-backups/'
+    expect(subject.working_directory).to eql expected
+  end
+
+  it 'should configure the downloader url' do
+    expected = %r{wp-content/plugins/recent\-backups/download\-file\.php}
+    expect(subject.downloader_url).to match expected
+  end
+
+  it 'should configure the request params' do
+    subject.set_option_value('remote_file', 'test.php')
+    expect(subject.download_request_params).to eql('file_link' => 'test.php')
+  end
+
+  it 'should GET the download request' do
+    expect(subject.download_request_method).to eql :get
+  end
+end

spec/lib/wpxf/modules/auxiliary/file_download/simple_download_monitor_file_disclosure_spec.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+require_relative '../../../../../spec_helper'
+require 'wpxf/modules'
+
+describe Wpxf::Auxiliary::SimpleDownloadMonitorFileDisclosure do
+  let(:subject) { described_class.new }
+  let(:downloaded_filename) { File.join(Dir.tmpdir, 'wpxf_unit_test') }
+  let(:content_mock) do
+    %(
+      {
+        "test": [
+          { "post_id": 1, "post_title": "test1" },
+          { "post_id": 2, "post_title": "test2" }
+        ]
+      }
+    )
+  end
+
+  before :each, 'setup subject' do
+    allow(subject).to receive(:check_plugin_version_from_readme)
+    allow(subject).to receive(:emit_error)
+    allow(subject).to receive(:emit_table)
+    allow(subject).to receive(:downloaded_filename).and_return(downloaded_filename)
+  end
+
+  after :each, 'delete tmp files' do
+    FileUtils.rm_f downloaded_filename
+  end
+
+  it 'should return a {Wpxf::Module}' do
+    expect(subject).to be_a Wpxf::Module
+  end
+
+  it 'should check the plugin < 3.2.9' do
+    subject.check
+    expect(subject).to have_received(:check_plugin_version_from_readme)
+      .with('simple-download-monitor', '3.2.9')
+      .exactly(1).times
+  end
+
+  it 'should not register the remote file option' do
+    expect(subject.register_remote_file_option?).to be false
+  end
+
+  it 'should not require authentication' do
+    expect(subject.requires_authentication).to be false
+  end
+
+  it 'should configure the downloader url' do
+    expect(subject.downloader_url).to eql subject.wordpress_url_admin_ajax
+  end
+
+  it 'should configure the request params' do
+    expect(subject.download_request_params).to eql('action' => 'sdm_tiny_get_post_ids')
+  end
+
+  it 'should GET the download request' do
+    expect(subject.download_request_method).to eql :get
+  end
+
+  context 'if the response is valid JSON' do
+    it 'should save the export as a CSV' do
+      expect(subject.file_extension).to eql '.csv'
+      subject.validate_content(content_mock)
+      csv = CSV.parse(downloaded_filename)
+      expect(csv).to_not be_nil
+    end
+
+    it 'should emit the post ids and titles as a table' do
+      expected_table = [
+        { post_id: 'Post ID', title: 'Title' },
+        { post_id: 1, title: 'test1' },
+        { post_id: 2, title: 'test2' }
+      ]
+
+      subject.validate_content(content_mock)
+      expect(subject).to have_received(:emit_table)
+        .with(expected_table)
+        .exactly(1).times
+    end
+  end
+
+  context 'if the response is not valid JSON' do
+    it 'should fail the validation process' do
+      res = subject.validate_content('invalid json')
+      expect(res).to be false
+    end
+
+    it 'should emit an error' do
+      subject.validate_content('invalid json')
+      expect(subject).to have_received(:emit_error)
+        .with('Could not parse the response')
+        .exactly(1).times
+    end
+  end
+end