Back to Repositories

Testing Backup Database Detection Workflows in WPScan

This test suite validates the BackupDB finder functionality in WPScan, focusing on detecting and analyzing backup database directories. The tests ensure proper handling of different HTTP responses and directory listing scenarios for potential security vulnerabilities.

Test Coverage Overview

The test suite provides comprehensive coverage of the BackupDB finder component.

Key areas tested include:

HTTP response handling (200, 403, 404 status codes)
Directory listing detection
Homepage verification checks
Backup file identification

Edge cases cover both accessible and inaccessible backup directories, along with various server responses.

Implementation Analysis

The implementation uses RSpec’s behavior-driven development approach with detailed context blocks and expectations. The testing pattern leverages stub_request for HTTP interaction mocking and implements thorough request/response simulation.

Framework-specific features include:

RSpec shared contexts and before hooks
Webmock request stubbing
Dynamic fixture loading

Technical Details

Testing tools and configuration:

RSpec for test structure and assertions
Webmock for HTTP request mocking
Fixture-based test data
Custom target extension for Apache server simulation
Dynamic URL and directory path handling

Best Practices Demonstrated

The test suite exemplifies high-quality testing practices through organized, modular test structures and comprehensive coverage patterns.

Notable practices include:

Consistent use of context blocks for different scenarios
Proper test isolation and setup
Clear expectation definition
Effective mock object usage
Structured assertion patterns

wpscanteam/wpscan

spec/app/finders/interesting_findings/backup_db_spec.rb

            
# frozen_string_literal: true

describe WPScan::Finders::InterestingFindings::BackupDB do
  subject(:finder) { described_class.new(target) }
  let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
  let(:url)        { 'http://ex.lo/' }
  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'backup_db') }
  let(:wp_content) { 'wp-content' }
  let(:dir_url)    { target.url("#{wp_content}/backup-db/") }

  before do
    expect(target).to receive(:content_dir).at_least(1).and_return(wp_content)
    expect(target).to receive(:head_or_get_params).and_return(method: :head)
  end

  describe '#aggressive' do
    context 'when not a 200 or 403' do
      it 'returns nil' do
        stub_request(:head, dir_url).to_return(status: 404)

        expect(finder.aggressive).to eql nil
      end
    end

    context 'when 200 and matching the homepage' do
      it 'returns nil' do
        stub_request(:head, dir_url)
        stub_request(:get, dir_url)

        expect(target).to receive(:homepage_or_404?).and_return(true)

        expect(finder.aggressive).to eql nil
      end
    end

    context 'when 200 or 403' do
      before do
        stub_request(:head, dir_url)
        stub_request(:get, dir_url).and_return(body: body)

        expect(target).to receive(:homepage_or_404?).and_return(false)
      end

      after do
        found = finder.aggressive

        expect(found).to eql WPScan::Model::BackupDB.new(
          dir_url,
          confidence: 70,
          found_by: described_class::DIRECT_ACCESS
        )

        expect(found.interesting_entries).to eq @expected_entries
      end

      context 'when no directory listing' do
        let(:body) { '' }

        it 'returns an empty interesting_findings attribute' do
          @expected_entries = []
        end
      end

      context 'when directory listing enabled' do
        let(:body) { File.read(fixtures.join('dir_listing.html')) }

        it 'returns the expected interesting_findings attribute' do
          @expected_entries = %w[sqldump.sql test.txt]
        end
      end
    end
  end
end