Sha256: 6bb5d35a5b2fb59d3665ea74b7cdd687f5406a8b6ea675488dd7ea05efe5b6d7

Contents?: true

Size: 1.97 KB

Versions: 3

Compression:

Stored size: 1.97 KB

Contents

require File.dirname(__FILE__) + '/../lib/yawast'
require File.dirname(__FILE__) + '/base'

class TestScannerApache < Minitest::Test
  include TestBase

  def test_check_tomcat_put_rce
    override_stdout

    port = rand(60000) + 1024 # pick a random port number
    server = start_web_server File.dirname(__FILE__) + '/data/apache_server_info.txt', '', port
    uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])

    error = nil
    begin
      Yawast::Scanner::Plugins::Servers::Apache.check_tomcat_put_rce uri
    rescue => e
      error = e.message
    end

    assert !stdout_value.include?('[V]'), "Unexpected finding: #{stdout_value}"
    assert error == nil, "Unexpected error: #{error}"

    restore_stdout

    server.exit
  end

  def test_check_tomcat_2019_0232
    override_stdout

    port = rand(60000) + 1024 # pick a random port number
    server = start_web_server File.dirname(__FILE__) + '/data/apache_server_info.txt', '/cgi-bin/test.bat', port
    uri = URI.parse "http://localhost:#{port}/cgi-bin/test.bat"
    links = [uri.to_s]

    error = nil
    begin
      Yawast::Scanner::Plugins::Servers::Apache.check_cve_2019_0232 links
    rescue => e
      error = e.message
    end

    assert !stdout_value.include?('[V]'), "Unexpected finding: #{stdout_value}"
    assert error == nil, "Unexpected error: #{error}"

    restore_stdout

    server.exit
  end

  def test_check_struts2_samples
    override_stdout

    port = rand(60000) + 1024 # pick a random port number
    server = start_web_server File.dirname(__FILE__) + '/data/apache_server_info.txt', '', port
    uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])

    error = nil
    begin
      Yawast::Scanner::Plugins::Servers::Apache.check_struts2_samples uri
    rescue => e
      error = e.message
    end

    assert !stdout_value.include?('[W]'), "Unexpected finding: #{stdout_value}"
    assert error == nil, "Unexpected error: #{error}"

    restore_stdout

    server.exit
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
yawast-0.7.1 test/test_scan_apache.rb
yawast-0.7.0 test/test_scan_apache.rb
yawast-0.7.0.beta3 test/test_scan_apache.rb