|
36 | 36 | Ronin::DB::WebVuln.destroy_all |
37 | 37 | end |
38 | 38 |
|
| 39 | + describe "options" do |
| 40 | + before { subject.parse_options(argv) } |
| 41 | + |
| 42 | + describe "--with-type TYPE" do |
| 43 | + let(:type) { 'open_redirect' } |
| 44 | + let(:argv) { ['--with-type', 'open-redirect'] } |
| 45 | + |
| 46 | + it "must append :with_type and TYPE to #query_method_calls" do |
| 47 | + expect(subject.query_method_calls[-1]).to eq( |
| 48 | + [:with_type, type] |
| 49 | + ) |
| 50 | + end |
| 51 | + |
| 52 | + it "and .with_type must be a class method on Ronin::DB::WebVuln" do |
| 53 | + expect(Ronin::DB::WebVuln).to respond_to(:with_type) |
| 54 | + end |
| 55 | + end |
| 56 | + |
| 57 | + describe "--for-host HOST" do |
| 58 | + let(:host) { 'example.com' } |
| 59 | + let(:argv) { ['--for-host', host] } |
| 60 | + |
| 61 | + it "must append :for_host and the HOST to #query_method_calls" do |
| 62 | + expect(subject.query_method_calls[-1]).to eq( |
| 63 | + [:for_host, host] |
| 64 | + ) |
| 65 | + end |
| 66 | + |
| 67 | + it "and .for_host must be a class method on Ronin::DB::WebVuln" do |
| 68 | + expect(Ronin::DB::WebVuln).to respond_to(:for_host) |
| 69 | + end |
| 70 | + end |
| 71 | + |
| 72 | + describe "--for-domain DOMAIN" do |
| 73 | + let(:domain) { 'example.com' } |
| 74 | + let(:argv) { ['--for-domain', domain] } |
| 75 | + |
| 76 | + it "must append :for_domain and the DOMAIN to #query_method_calls" do |
| 77 | + expect(subject.query_method_calls[-1]).to eq( |
| 78 | + [:for_domain, domain] |
| 79 | + ) |
| 80 | + end |
| 81 | + |
| 82 | + it "and .for_domain must be a class method on Ronin::DB::WebVuln" do |
| 83 | + expect(Ronin::DB::WebVuln).to respond_to(:for_domain) |
| 84 | + end |
| 85 | + end |
| 86 | + |
| 87 | + describe "--for-path PATH" do |
| 88 | + let(:path) { '/admin' } |
| 89 | + let(:argv) { ['--for-path', path] } |
| 90 | + |
| 91 | + it "must append :for_path and the PATH to #query_method_calls" do |
| 92 | + expect(subject.query_method_calls[-1]).to eq( |
| 93 | + [:for_path, path] |
| 94 | + ) |
| 95 | + end |
| 96 | + |
| 97 | + it "and .for_path must be a class method on Ronin::DB::WebVuln" do |
| 98 | + expect(Ronin::DB::WebVuln).to respond_to(:for_path) |
| 99 | + end |
| 100 | + end |
| 101 | + |
| 102 | + describe "--with-query-param NAME" do |
| 103 | + let(:name) { 'id' } |
| 104 | + let(:argv) { ['--with-query-param', name] } |
| 105 | + |
| 106 | + it "must append :with_query_param and the NAME to #query_method_calls" do |
| 107 | + expect(subject.query_method_calls[-1]).to eq( |
| 108 | + [:with_query_param, name] |
| 109 | + ) |
| 110 | + end |
| 111 | + |
| 112 | + it "and .with_query_param must be a class method on Ronin::DB::WebVuln" do |
| 113 | + expect(Ronin::DB::WebVuln).to respond_to(:with_query_param) |
| 114 | + end |
| 115 | + end |
| 116 | + |
| 117 | + describe "--with-header-name NAME" do |
| 118 | + let(:name) { 'X-Forwarded-For' } |
| 119 | + let(:argv) { ['--with-header-name', name] } |
| 120 | + |
| 121 | + it "must append :with_header_name and the NAME to #query_method_calls" do |
| 122 | + expect(subject.query_method_calls[-1]).to eq( |
| 123 | + [:with_header_name, name] |
| 124 | + ) |
| 125 | + end |
| 126 | + |
| 127 | + it "and .with_header_name must be a class method on Ronin::DB::WebVuln" do |
| 128 | + expect(Ronin::DB::WebVuln).to respond_to(:with_header_name) |
| 129 | + end |
| 130 | + end |
| 131 | + |
| 132 | + describe "--with-cookie-param NAME" do |
| 133 | + let(:name) { 'session_id' } |
| 134 | + let(:argv) { ['--with-cookie-param', name] } |
| 135 | + |
| 136 | + it "must append :with_cookie_param and the NAME to #query_method_calls" do |
| 137 | + expect(subject.query_method_calls[-1]).to eq( |
| 138 | + [:with_cookie_param, name] |
| 139 | + ) |
| 140 | + end |
| 141 | + |
| 142 | + it "and .with_cookie_param must be a class method on Ronin::DB::WebVuln" do |
| 143 | + expect(Ronin::DB::WebVuln).to respond_to(:with_cookie_param) |
| 144 | + end |
| 145 | + end |
| 146 | + |
| 147 | + describe "--with-form-param NAME" do |
| 148 | + let(:name) { 'username' } |
| 149 | + let(:argv) { ['--with-form-param', name] } |
| 150 | + |
| 151 | + it "must append :with_form_param and the NAME to #query_method_calls" do |
| 152 | + expect(subject.query_method_calls[-1]).to eq( |
| 153 | + [:with_form_param, name] |
| 154 | + ) |
| 155 | + end |
| 156 | + |
| 157 | + it "and .with_form_param must be a class method on Ronin::DB::WebVuln" do |
| 158 | + expect(Ronin::DB::WebVuln).to respond_to(:with_form_param) |
| 159 | + end |
| 160 | + end |
| 161 | + |
| 162 | + describe "--with-request-method HTTP_METHOD" do |
| 163 | + let(:http_method) { :get } |
| 164 | + let(:argv) { ['--with-request-method', 'GET'] } |
| 165 | + |
| 166 | + it "must append :with_request_method and :get to #query_method_calls" do |
| 167 | + expect(subject.query_method_calls[-1]).to eq( |
| 168 | + [:with_request_method, http_method] |
| 169 | + ) |
| 170 | + end |
| 171 | + |
| 172 | + it "and .with_request_method must be a class method on Ronin::DB::WebVuln" do |
| 173 | + expect(Ronin::DB::WebVuln).to respond_to(:with_request_method) |
| 174 | + end |
| 175 | + end |
| 176 | + end |
| 177 | + |
39 | 178 | describe "#web_vuln_type" do |
40 | 179 | context "when given a Ronin::Vulns::LFI object" do |
41 | 180 | let(:type) { 'lfi' } |
|
0 commit comments