require 'spec_helper'
require 'ronin/exploits/client_side_web_vuln'
require 'ronin/vulns/web_vuln'

describe Ronin::Exploits::ClientSideWebVuln do
  module TestClientSideWebVuln
    class TestExploit < Ronin::Exploits::ClientSideWebVuln
      base_path   '/Templatize.asp'
      query_param 'item'

      def vuln
        @vuln ||= Ronin::Vulns::WebVuln.new(url, **web_vuln_kwargs)
      end
    end
  end

  let(:exploit_class) { TestClientSideWebVuln::TestExploit }
  let(:base_url)      { 'http://testasp.vulnweb.com/' }
  let(:query)         { 'item=html/about.html' }
  let(:query_param)   { 'item' }
  let(:payload)       { 'test payload' }

  subject do
    exploit_class.new(
      payload: payload,
      params: {
        base_url: base_url
      }
    )
  end

  it "must define a 'format' param" do
    expect(described_class.params[:format]).to_not be(nil)
    expect(described_class.params[:format].type).to be_kind_of(Ronin::Core::Params::Types::Enum)
    expect(described_class.params[:format].type.values).to eq([:http, :curl])
    expect(described_class.params[:format].desc).to eq('Output format')
  end

  describe "#format_exploit" do
    context "when the 'format' param is :http" do
      subject do
        exploit_class.new(
          payload: payload,
          params: {
            base_url: base_url,
            format:   :http
          }
        )
      end

      it "must call #to_http on the #vuln object" do
        expect(subject.format_exploit).to eq(subject.vuln.to_http(payload))
      end
    end

    context "when the 'format' param is :curl" do
      subject do
        exploit_class.new(
          payload: payload,
          params: {
            base_url: base_url,
            format:   :curl
          }
        )
      end

      it "must call #to_curl on the #vuln object" do
        expect(subject.format_exploit).to eq(subject.vuln.to_curl(payload))
      end
    end
  end

  describe "#launch" do
    context "when the 'format' param is :http" do
      subject do
        exploit_class.new(
          payload: payload,
          params: {
            base_url: base_url,
            format:   :http
          }
        )
      end

      it "must print out a message and the exploit formatted as an HTTP request" do
        expect(subject).to receive(:print_info).with("Copy and paste the following exploit:")
        expect(subject).to receive(:puts)
        expect(subject).to receive(:puts).with(subject.vuln.to_http(payload))
        expect(subject).to receive(:puts)

        subject.launch
      end
    end

    context "when the 'format' param is :curl" do
      subject do
        exploit_class.new(
          payload: payload,
          params: {
            base_url: base_url,
            format:   :curl
          }
        )
      end


      it "must print out a message and the exploit formatted as an HTTP request" do
        expect(subject).to receive(:print_info).with("Copy and paste the following exploit:")
        expect(subject).to receive(:puts)
        expect(subject).to receive(:puts).with(subject.vuln.to_curl(payload))
        expect(subject).to receive(:puts)

        subject.launch
      end
    end
  end
end