Log in
Log in
Log in
Book a Demo
Get Started
630.5K 456.9K 7.8K
Back to Repositories

Testing View Output Formatters and Component Rendering in WPScan

This test suite validates the view rendering functionality in WPScan, focusing on different output formatters and their behavior. It ensures correct output generation for JSON and CLI formats while testing various WordPress components like version detection, theme identification, and vulnerability scanning.

Test Coverage Overview

The test suite provides comprehensive coverage of WPScan’s view rendering system, particularly focusing on output formatting functionality.

  • Tests multiple output formatters (JSON and CLI without colors)
  • Validates view rendering for WordPress version detection
  • Covers theme identification and enumeration features
  • Includes vulnerability API integration testing

Implementation Analysis

The testing approach utilizes RSpec’s shared examples pattern to maintain DRY principles across different formatter contexts. It implements before/after hooks for setup and verification, while using string manipulation methods for formatter identification and output comparison.

  • Uses shared example groups for reusable test scenarios
  • Implements dynamic formatter loading and configuration
  • Employs output capture and comparison techniques

Technical Details

  • RSpec testing framework
  • Custom formatter implementations (JSON and CLI)
  • File-based fixture comparisons
  • Dynamic class variable management
  • Standard output capture and verification
  • Modular test organization with shared examples

Best Practices Demonstrated

The test suite exemplifies several testing best practices, including proper test isolation and setup/teardown management. It demonstrates effective use of RSpec’s shared examples, fixture management, and output verification techniques.

  • Proper test isolation and state management
  • Consistent fixture usage and organization
  • Modular test structure with shared behaviors
  • Clear separation of setup and verification logic

wpscanteam/wpscan

spec/app/views_spec.rb

            
# frozen_string_literal: true

describe 'App::Views' do
  let(:target_url) { 'http://ex.lo/' }
  let(:target)     { WPScan::Target.new(target_url) }
  let(:fixtures)   { SPECS.join('output') }

  # CliNoColour is used to test the CLI output to avoid the painful colours
  # in the expected output.
  %i[JSON CliNoColour].each do |formatter|
    context "when #{formatter}" do
      it_behaves_like 'App::Views::VulnApi'
      it_behaves_like 'App::Views::WpVersion'
      it_behaves_like 'App::Views::MainTheme'
      it_behaves_like 'App::Views::Enumeration'

      let(:parsed_options) { { url: target_url, format: formatter.to_s.underscore.dasherize } }

      before do
        WPScan::ParsedCli.options = parsed_options
        # Resets the formatter to ensure the correct one is loaded
        controller.class.class_variable_set(:@@formatter, nil)
      end

      after do
        view_filename   = defined?(expected_view) ? expected_view : view
        view_filename   = "#{view_filename}.#{formatter.to_s.underscore.downcase}"
        controller_dir  = controller.class.to_s.demodulize.underscore.downcase
        expected_output = File.read(fixtures.join(controller_dir, view_filename))

        expect($stdout).to receive(:puts).with(expected_output)

        controller.output(view, @tpl_vars)
        controller.formatter.beautify # Mandatory to be able to test formatter such as JSON
      end
    end
  end
end