Log in
Log in
Log in
Book a Demo
Get Started
668.4K 482K 8.2K
Back to Repositories

Testing WordPress Theme Detection via CSS Analysis in WPScan

This test suite validates the WPScan’s MainTheme finder functionality, specifically focusing on detecting WordPress themes through CSS style analysis in the homepage. It verifies both passive detection methods and various style inclusion scenarios.

Test Coverage Overview

The test suite comprehensively covers the CssStyleInHomepage finder’s capability to detect WordPress themes through CSS analysis.

  • Tests passive detection scenarios for theme identification
  • Validates handling of both in-scope and out-of-scope style elements
  • Covers detection through link href attributes and inline style code
  • Verifies correct theme model creation with proper attributes

Implementation Analysis

The implementation uses RSpec’s describe/context pattern for structured test organization. The tests employ stub_request for HTTP interaction mocking and leverage fixture files for test data.

  • Uses subject/let blocks for efficient test setup
  • Implements before/after hooks for test state management
  • Utilizes context blocks for different test scenarios
  • Employs expect statements for assertion validation

Technical Details

  • RSpec testing framework for behavior-driven development
  • WebMock for HTTP request stubbing
  • Fixture-based test data management
  • Custom model extensions for Apache server simulation
  • Integration with WPScan’s Target and Theme models

Best Practices Demonstrated

The test suite exemplifies several testing best practices in Ruby and RSpec.

  • Clear test organization using nested describe and context blocks
  • Efficient test setup using let blocks for lazy loading
  • Proper isolation of test cases using stub_request
  • Comprehensive coverage of edge cases and error scenarios
  • Consistent assertion patterns and expectations

wpscanteam/wpscan

spec/app/finders/main_theme/css_style_in_homepage_spec.rb

            
# frozen_string_literal: true

describe WPScan::Finders::MainTheme::CssStyleInHomepage do
  subject(:finder) { described_class.new(target) }
  let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
  let(:url)        { 'http://wp.lab/' }
  let(:fixtures)   { FINDERS_FIXTURES.join('main_theme', 'css_style_in_homepage') }

  describe '#passive' do
    after do
      stub_request(:get, url).to_return(body: File.read(fixtures.join(fixture)))
      expect(finder.passive).to eql @expected
    end

    context 'when no in scope style' do
      let(:fixture) { 'no_in_scope_style.html' }

      it 'returns nil' do
        @expected = nil
      end
    end

    context 'when in scope style' do
      before do
        expect(target).to receive(:content_dir).at_least(1).and_return('wp-content')
        stub_request(:get, /.*.css/)
      end

      context 'when in a link href' do
        let(:fixture) { 'link_href.html' }

        it 'returns the expected theme' do
          @expected = WPScan::Model::Theme.new(
            'twentyfifteen',
            target,
            found_by: 'Css Style In Homepage (Passive Detection)',
            confidence: 70,
            style_url: 'http://wp.lab/wp-content/themes/twentyfifteen/style.css?ver=4.1.1'
          )
        end
      end

      context 'when in the style code' do
        let(:fixture) { 'style_code.html' }

        it 'returns the expected theme' do
          @expected = WPScan::Model::Theme.new(
            'custom',
            target,
            found_by: 'Css Style In Homepage (Passive Detection)',
            confidence: 70,
            style_url: 'http://wp.lab/wp-content/themes/custom/style.css'
          )
        end
      end
    end
  end
end