Log in
Log in
Log in
Book a Demo
Get Started
668.4K 482K 8.2K
Back to Repositories

Testing WordPress Version Detection through Readme Analysis in WPScan

This test suite validates WordPress version detection through readme.html file analysis in WPScan. It focuses on aggressive detection methods and version extraction accuracy across different scenarios.

Test Coverage Overview

The test suite comprehensively covers WordPress version detection through readme.html parsing.

  • Tests version extraction from valid readme files
  • Handles cases with missing version information
  • Validates against invalid version numbers
  • Verifies confidence scoring and detection methods

Implementation Analysis

The testing approach uses RSpec’s describe/context pattern for structured test organization. It implements stubbed HTTP requests to test readme.html parsing without live dependencies.

  • Uses subject/let blocks for test setup
  • Implements before/after hooks for request stubbing
  • Leverages shared examples for common scenarios

Technical Details

  • RSpec testing framework
  • WebMock for HTTP request stubbing
  • Fixture-based test data
  • CMSScanner integration for target handling
  • Apache server context simulation

Best Practices Demonstrated

The test suite exemplifies robust testing practices through isolation of dependencies and comprehensive scenario coverage.

  • Clear test case organization
  • Proper stub/mock usage
  • Consistent assertion patterns
  • Effective fixture management

wpscanteam/wpscan

spec/app/finders/wp_version/readme_spec.rb

            
# frozen_string_literal: true

describe WPScan::Finders::WpVersion::Readme do
  subject(:finder) { described_class.new(target) }
  let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
  let(:url)        { 'http://ex.lo/' }
  let(:fixtures)   { FINDERS_FIXTURES.join('wp_version', 'readme') }
  let(:readme_url) { "#{url}readme.html" }

  describe '#aggressive' do
    before { stub_request(:get, readme_url).to_return(body: File.read(fixtures.join(file))) }

    after do
      expect(target).to receive(:sub_dir).and_return(false)
      expect(finder.aggressive).to eql @expected
    end

    context 'when no version' do
      let(:file) { 'no_version.html' }

      it 'returns nil' do
        @expected = nil
      end
    end

    context 'when invalid version number' do
      let(:file) { 'invalid.html' }

      it 'returns nil' do
        @expected = nil
      end
    end

    context 'when present and valid' do
      let(:file) { '4.0.html' }

      it 'returns the expected version' do
        @expected = WPScan::Model::WpVersion.new(
          '4.0',
          confidence: 90,
          found_by: 'Readme (Aggressive Detection)',
          interesting_entries: [
            "#{readme_url}, Match: 'Version 4.0'"
          ]
        )
      end
    end
  end
end