Log in
Log in
Log in
Book a Demo
Get Started
668.4K 482K 8.2K
Back to Repositories

Testing Theme URL Detection Mechanisms in WPScan

This test suite validates the functionality of the MainTheme::UrlsInHomepage finder in WPScan, focusing on detecting WordPress themes through URL analysis in the homepage. The tests ensure accurate theme detection and confidence scoring based on URL patterns.

Test Coverage Overview

The test suite provides comprehensive coverage of theme detection mechanisms through homepage URL analysis. It verifies:
  • Detection of theme URLs in page links and code
  • Handling of duplicate theme references
  • Confidence scoring based on occurrence frequency
  • Integration with WPScan’s target and model components

Implementation Analysis

The testing approach utilizes RSpec’s shared examples pattern for common URL detection behaviors. It implements stub requests for CSS files and homepage content, while mocking the WordPress content directory path. The tests validate both passive detection methods and URL extraction patterns.

Technical Details

Testing tools and configuration include:
  • RSpec for test framework
  • Webmock for HTTP request stubbing
  • Fixture-based test data
  • Shared example patterns for reusable test cases
  • Model-based theme representation

Best Practices Demonstrated

The test suite exemplifies several testing best practices:
  • Isolation of HTTP requests through stubbing
  • Use of fixture data for consistent testing
  • Clear separation of setup and expectations
  • Comprehensive validation of detection confidence levels
  • Modular test organization using shared examples

wpscanteam/wpscan

spec/app/finders/main_theme/urls_in_homepage_spec.rb

            
# frozen_string_literal: true

describe WPScan::Finders::MainTheme::UrlsInHomepage do
  subject(:finder) { described_class.new(target) }
  let(:target)     { WPScan::Target.new(url) }
  let(:url)        { 'http://wp.lab/' }
  let(:fixtures)   { FINDERS_FIXTURES.join('main_theme', 'urls_in_homepage') }

  it_behaves_like 'App::Finders::WpItems::UrlsInPage' do
    let(:page_url)            { url }
    let(:type)                { 'themes' }
    let(:uniq_links)          { false }
    let(:uniq_codes)          { false }
    let(:expected_from_links) { %w[twentyfifteen twentyfifteen twentyfifteen yolo] }
    let(:expected_from_codes) { %w[test yolo] }
  end

  describe '#passive' do
    before do
      stub_request(:get, /.*.css/)
      stub_request(:get, target.url).to_return(body: File.read(fixtures.join('found.html')))

      allow(target).to receive(:content_dir).and_return('wp-content')
    end

    it 'returns the expected Themes' do
      @expected = []

      { 'twentyfifteen' => 6, 'yolo' => 4, 'test' => 2 }.each do |slug, confidence|
        @expected << WPScan::Model::Theme.new(
          slug, target, found_by: 'Urls In Homepage (Passive Detection)', confidence: confidence
        )
      end

      expect(finder.passive).to eql @expected
    end
  end
end