Log in
Log in
Log in
Book a Demo
Get Started
633.3K 458.7K 7.8K
Back to Repositories

Testing README File Detection Implementation in WPScan

This test suite validates the README file detection functionality in WPScan, focusing on the InterestingFindings module. It ensures accurate identification and handling of WordPress readme files through both aggressive scanning and potential file detection.

Test Coverage Overview

The test suite thoroughly examines the README finder functionality with comprehensive coverage of file detection scenarios.

  • Tests aggressive scanning methodology for readme file detection
  • Validates handling of missing files and 404 responses
  • Verifies correct behavior when readme files are present
  • Tests duplicate file handling prevention

Implementation Analysis

The testing approach utilizes RSpec’s behavior-driven development patterns with mocked HTTP requests and response handling.

  • Implements context-based test organization for different scenarios
  • Uses RSpec subject and let blocks for clean test setup
  • Employs stub_request for HTTP interaction mocking
  • Leverages shared examples and before blocks for test setup

Technical Details

  • RSpec testing framework with behavior-driven syntax
  • WebMock for HTTP request stubbing
  • Fixture-based test data management
  • Module-based test organization
  • Custom matcher implementations

Best Practices Demonstrated

The test suite exemplifies high-quality testing practices with clear organization and thorough coverage.

  • Isolated test contexts for different scenarios
  • Proper use of RSpec’s expectation syntax
  • Effective HTTP request mocking
  • Structured fixture management
  • Clear test case separation and organization

wpscanteam/wpscan

spec/app/finders/interesting_findings/readme_spec.rb

            
# frozen_string_literal: true

describe WPScan::Finders::InterestingFindings::Readme do
  subject(:finder) { described_class.new(target) }
  let(:target)     { WPScan::Target.new(url) }
  let(:url)        { 'http://ex.lo/' }
  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'readme') }

  describe '#aggressive' do
    before do
      expect(target).to receive(:sub_dir).at_least(1).and_return(false)
      expect(target).to receive(:head_or_get_params).at_least(1).and_return(method: :head)

      finder.potential_files.each do |file|
        stub_request(:head, target.url(file)).to_return(status: 404)
      end
    end

    context 'when no file present' do
      its(:aggressive) { should be_nil }
    end

    # TODO: case when multiple files are present ? (should return only the first one found)
    context 'when a file exists' do
      let(:file)   { finder.potential_files.sample }
      let(:readme) { File.read(fixtures.join('readme-3.9.2.html')) }

      before do
        stub_request(:head, target.url(file))
        stub_request(:get, target.url(file)).to_return(body: readme)
      end

      it 'returns the expected InterestingFinding' do
        expected = WPScan::Model::Readme.new(
          target.url(file),
          confidence: 100,
          found_by: described_class::DIRECT_ACCESS
        )

        expect(finder.aggressive).to eql expected
      end
    end
  end

  describe '#potential_files' do
    it 'does not contain duplicates' do
      expect(finder.potential_files.flatten.uniq.length).to eql finder.potential_files.length
    end
  end
end