feroxbuster/tests/test_main.rs

mod utils;
use assert_cmd::Command;
use httpmock::Method::GET;
use httpmock::{MockServer, Regex};
use predicates::prelude::*;
use std::fs::{read_dir, read_to_string};
use utils::{setup_tmp_directory, teardown_tmp_directory};

#[test]
/// send the function a file to which we dont have permission in order to execute error branch
fn main_use_root_owned_file_as_wordlist() {
    let srv = MockServer::start();

    let mock = srv.mock(|when, then| {
        when.method(GET).path("/");
        then.status(200).body("this is a test");
    });

    Command::cargo_bin("feroxbuster")
        .unwrap()
        .arg("--url")
        .arg(srv.url("/"))
        .arg("--wordlist")
        .arg("/etc/shadow")
        .arg("-vvvv")
        .assert()
        .success()
        .stderr(predicate::str::contains("Could not open /etc/shadow"));

    assert_eq!(mock.hits(), 0);
}

#[test]
/// send the function an empty file
fn main_use_empty_wordlist() -> Result<(), Box<dyn std::error::Error>> {
    let srv = MockServer::start();
    let (tmp_dir, file) = setup_tmp_directory(&[], "wordlist")?;

    let mock = srv.mock(|when, then| {
        when.method(GET).path("/");
        then.status(200).body("this is a test");
    });

    Command::cargo_bin("feroxbuster")
        .unwrap()
        .arg("--url")
        .arg(srv.url("/"))
        .arg("--wordlist")
        .arg(file.as_os_str())
        .arg("-vvvv")
        .assert()
        .success()
        .stderr(predicate::str::contains("Did not find any words in"));

    assert_eq!(mock.hits(), 0);

    teardown_tmp_directory(tmp_dir);
    Ok(())
}

#[test]
/// send nothing over stdin, expect heuristics to be upset during connectivity test
fn main_use_empty_stdin_targets() -> Result<(), Box<dyn std::error::Error>> {
    let (tmp_dir, file) = setup_tmp_directory(&[], "wordlist")?;

    // get_targets is called before scan, so the empty wordlist shouldn't trigger
    // the 'Did not find any words' error
    Command::cargo_bin("feroxbuster")
        .unwrap()
        .arg("--stdin")
        .arg("--wordlist")
        .arg(file.as_os_str())
        .arg("-vvv")
        .pipe_stdin(file)
        .unwrap()
        .assert()
        .success()
        .stderr(
            predicate::str::contains("Could not connect to any target provided")
                .and(predicate::str::contains("Target Url"))
                .not(), // no target url found
        );

    teardown_tmp_directory(tmp_dir);

    Ok(())
}

#[test]
/// send three targets over stdin, expect parallel to spawn children and each child config to show
/// up in the output file
fn main_parallel_spawns_children() -> Result<(), Box<dyn std::error::Error>> {
    let t1 = MockServer::start();
    let t2 = MockServer::start();
    let t3 = MockServer::start();

    let words = [
        String::from("LICENSE"),
        String::from("stuff"),
        String::from("things"),
        String::from("mostuff"),
        String::from("mothings"),
    ];
    let (word_tmp_dir, wordlist) = setup_tmp_directory(&words, "wordlist")?;
    let (output_dir, outfile) = setup_tmp_directory(&[], "output-file")?;
    let (tgt_tmp_dir, targets) =
        setup_tmp_directory(&[t1.url("/"), t2.url("/"), t3.url("/")], "targets")?;

    Command::cargo_bin("feroxbuster")
        .unwrap()
        .env("RUST_LOG", "trace")
        .arg("--stdin")
        .arg("--parallel")
        .arg("2")
        .arg("--quiet")
        .arg("--debug-log")
        .arg(outfile.as_os_str())
        .arg("--wordlist")
        .arg(wordlist.as_os_str())
        .pipe_stdin(targets)
        .unwrap()
        .assert()
        .success()
        .stderr(
            predicate::str::contains("Could not connect to any target provided")
                .and(predicate::str::contains("Target Url"))
                .not(), // no target url found
        );

    let contents = read_to_string(outfile).unwrap();
    println!("contents: {contents}");

    assert!(contents.contains("parallel branch && wrapped main")); // exits parallel branch

    // DBG      0.007 feroxbuster parallel exec: target/debug/feroxbuster
    //   --debug-log /tmp/.tmpAjRts6/output-file --wordlist /tmp/.tmpS4CKKq/wordlist
    //   --silent -u http://127.0.0.1:41979/
    let r1 = Regex::new(&format!("parallel exec:.*-u {}", t1.url("/"))).unwrap();
    let r2 = Regex::new(&format!("parallel exec:.*-u {}", t2.url("/"))).unwrap();
    let r3 = Regex::new(&format!("parallel exec:.*-u {}", t3.url("/"))).unwrap();

    assert!(r1.is_match(&contents)); // all 3 were spawned
    assert!(r2.is_match(&contents));
    assert!(r3.is_match(&contents));

    teardown_tmp_directory(word_tmp_dir);
    teardown_tmp_directory(tgt_tmp_dir);
    teardown_tmp_directory(output_dir);

    Ok(())
}

#[test]
/// send three targets over stdin with --output enabled, expect parallel to create a new directory
/// and the log files therein
fn main_parallel_creates_output_directory() -> Result<(), Box<dyn std::error::Error>> {
    let t1 = MockServer::start();
    let t2 = MockServer::start();
    let t3 = MockServer::start();

    let words = [
        String::from("LICENSE"),
        String::from("stuff"),
        String::from("things"),
        String::from("mostuff"),
        String::from("mothings"),
    ];
    let (word_tmp_dir, wordlist) = setup_tmp_directory(&words, "wordlist")?;
    let (output_dir, outfile) = setup_tmp_directory(&[], "output-file")?;
    let (tgt_tmp_dir, targets) =
        setup_tmp_directory(&[t1.url("/"), t2.url("/"), t3.url("/")], "targets")?;

    Command::cargo_bin("feroxbuster")
        .unwrap()
        .arg("--stdin")
        .arg("--quiet")
        .arg("--parallel")
        .arg("2")
        .arg("--output")
        .arg(outfile.as_os_str())
        .arg("--wordlist")
        .arg(wordlist.as_os_str())
        .pipe_stdin(targets)
        .unwrap()
        .assert()
        .success()
        .stderr(
            predicate::str::contains("Could not connect to any target provided")
                .and(predicate::str::contains("Target Url"))
                .not(), // no target url found
        );

    // output_dir should return something similar to output-file-1627845244.logs with the
    // line below. if it ever fails, can use the regex below to filter out the right directory
    let sub_dir = read_dir(&output_dir)?.next().unwrap()?.file_name();

    let mut num_logs = 0;
    let file_regex = Regex::new("ferox-[a-zA-Z_:0-9]+-[0-9]+.log").unwrap();
    let dir_regex = Regex::new("output-file-[0-9]+.logs").unwrap();

    let sub_dir = output_dir.as_ref().join(sub_dir);

    // created directory like output-file-1627845741.logs/
    assert!(dir_regex.is_match(&sub_dir.to_string_lossy()));

    for entry in sub_dir.read_dir()? {
        let entry = entry?;
        // created each file like ferox-https_localhost-1627845741.log
        println!("name: {:?}", entry.file_name().to_string_lossy());
        assert!(file_regex.is_match(&entry.file_name().to_string_lossy()));
        num_logs += 1;
    }

    // should be 3 log files total
    assert_eq!(num_logs, 3);

    teardown_tmp_directory(word_tmp_dir);
    teardown_tmp_directory(tgt_tmp_dir);
    teardown_tmp_directory(output_dir);

    Ok(())
}

#[test]
/// download a wordlist from a url
fn main_download_wordlist_from_url() -> Result<(), Box<dyn std::error::Error>> {
    let srv = MockServer::start();

    let (tmp_dir, _) = setup_tmp_directory(&["a".to_string()], "wordlist")?;

    let mock1 = srv.mock(|when, then| {
        when.method(GET).path("/derp");
        then.status(200).body("stuff\nthings");
    });

    // serve endpoints stuff and things
    let mock2 = srv.mock(|when, then| {
        when.method(GET).path("/stuff");
        then.status(200);
    });

    let mock3 = srv.mock(|when, then| {
        when.method(GET).path("/things");
        then.status(200);
    });

    Command::cargo_bin("feroxbuster")
        .unwrap()
        .current_dir(&tmp_dir)
        .arg("--url")
        .arg(srv.url("/"))
        .arg("--wordlist")
        .arg(srv.url("/derp"))
        .assert()
        .success()
        .stderr(predicate::str::contains(srv.url("/derp")));

    teardown_tmp_directory(tmp_dir);

    assert_eq!(mock1.hits(), 1); // downloaded wordlist
    assert_eq!(mock2.hits(), 1); // found stuff from wordlist
    assert_eq!(mock3.hits(), 1); // found things from wordlist

    Ok(())
}
increased test coverage for main 2020-10-04 12:04:46 +00:00			`mod utils;`
began integration tests on main 2020-10-04 02:09:37 +00:00			`use assert_cmd::Command;`
added codecov to CI pipeline 2020-10-04 11:14:25 +00:00			`use httpmock::Method::GET;`
improved parallel testing 2021-02-18 17:01:11 +00:00			`use httpmock::{MockServer, Regex};`
began integration tests on main 2020-10-04 02:09:37 +00:00			`use predicates::prelude::*;`
added test for --parallel with -o 2021-08-01 19:32:14 +00:00			`use std::fs::{read_dir, read_to_string};`
increased test coverage for main 2020-10-04 12:04:46 +00:00			`use utils::{setup_tmp_directory, teardown_tmp_directory};`
began integration tests on main 2020-10-04 02:09:37 +00:00
			`#[test]`
added codecov to CI pipeline 2020-10-04 11:14:25 +00:00			`/// send the function a file to which we dont have permission in order to execute error branch`
fixed clippy errors; bumped version to 2.0.2 2021-02-17 13:33:27 +00:00			`fn main_use_root_owned_file_as_wordlist() {`
began integration tests on main 2020-10-04 02:09:37 +00:00			`let srv = MockServer::start();`

added emoji fallback when terminals dont support; updated httpmock 2020-12-12 23:20:24 +00:00			`let mock = srv.mock(\|when, then\| {`
			`when.method(GET).path("/");`
			`then.status(200).body("this is a test");`
			`});`
began integration tests on main 2020-10-04 02:09:37 +00:00
			`Command::cargo_bin("feroxbuster")`
			`.unwrap()`
			`.arg("--url")`
			`.arg(srv.url("/"))`
			`.arg("--wordlist")`
			`.arg("/etc/shadow")`
			`.arg("-vvvv")`
			`.assert()`
many todo items complete, many more to go 2021-01-24 15:19:32 +00:00			`.success()`
tests passing 2022-02-14 12:29:25 +00:00			`.stderr(predicate::str::contains("Could not open /etc/shadow"));`
began integration tests on main 2020-10-04 02:09:37 +00:00
tests passing 2022-02-14 12:29:25 +00:00			`assert_eq!(mock.hits(), 0);`
added codecov to CI pipeline 2020-10-04 11:14:25 +00:00			`}`
increased test coverage for main 2020-10-04 12:04:46 +00:00
			`#[test]`
			`/// send the function an empty file`
			`fn main_use_empty_wordlist() -> Result<(), Box<dyn std::error::Error>> {`
			`let srv = MockServer::start();`
added client test; setup_tmp_directory accepts a filename now 2020-10-07 10:30:58 +00:00			`let (tmp_dir, file) = setup_tmp_directory(&[], "wordlist")?;`
increased test coverage for main 2020-10-04 12:04:46 +00:00
added emoji fallback when terminals dont support; updated httpmock 2020-12-12 23:20:24 +00:00			`let mock = srv.mock(\|when, then\| {`
			`when.method(GET).path("/");`
			`then.status(200).body("this is a test");`
			`});`
increased test coverage for main 2020-10-04 12:04:46 +00:00
			`Command::cargo_bin("feroxbuster")`
			`.unwrap()`
			`.arg("--url")`
			`.arg(srv.url("/"))`
			`.arg("--wordlist")`
			`.arg(file.as_os_str())`
			`.arg("-vvvv")`
			`.assert()`
many todo items complete, many more to go 2021-01-24 15:19:32 +00:00			`.success()`
tests passing 2022-02-14 12:29:25 +00:00			`.stderr(predicate::str::contains("Did not find any words in"));`
increased test coverage for main 2020-10-04 12:04:46 +00:00
tests passing 2022-02-14 12:29:25 +00:00			`assert_eq!(mock.hits(), 0);`
increased test coverage for main 2020-10-04 12:04:46 +00:00
			`teardown_tmp_directory(tmp_dir);`
			`Ok(())`
			`}`

			`#[test]`
			`/// send nothing over stdin, expect heuristics to be upset during connectivity test`
			`fn main_use_empty_stdin_targets() -> Result<(), Box<dyn std::error::Error>> {`
added client test; setup_tmp_directory accepts a filename now 2020-10-07 10:30:58 +00:00			`let (tmp_dir, file) = setup_tmp_directory(&[], "wordlist")?;`
increased test coverage for main 2020-10-04 12:04:46 +00:00
			`// get_targets is called before scan, so the empty wordlist shouldn't trigger`
			`// the 'Did not find any words' error`
			`Command::cargo_bin("feroxbuster")`
			`.unwrap()`
			`.arg("--stdin")`
			`.arg("--wordlist")`
			`.arg(file.as_os_str())`
			`.arg("-vvv")`
			`.pipe_stdin(file)`
			`.unwrap()`
			`.assert()`
logging initialized early enough to display all intended log messages 2020-11-03 16:44:55 +00:00			`.success()`
increased test coverage for main 2020-10-04 12:04:46 +00:00			`.stderr(`
			`predicate::str::contains("Could not connect to any target provided")`
			`.and(predicate::str::contains("Target Url"))`
			`.not(), // no target url found`
			`);`

			`teardown_tmp_directory(tmp_dir);`

			`Ok(())`
			`}`
added test for --parallel 2021-02-08 12:44:00 +00:00
			`#[test]`
improved parallel testing 2021-02-18 17:01:11 +00:00			`/// send three targets over stdin, expect parallel to spawn children and each child config to show`
			`/// up in the output file`
added test for --parallel 2021-02-08 12:44:00 +00:00			`fn main_parallel_spawns_children() -> Result<(), Box<dyn std::error::Error>> {`
			`let t1 = MockServer::start();`
			`let t2 = MockServer::start();`
			`let t3 = MockServer::start();`

			`let words = [`
			`String::from("LICENSE"),`
			`String::from("stuff"),`
			`String::from("things"),`
			`String::from("mostuff"),`
			`String::from("mothings"),`
			`];`
			`let (word_tmp_dir, wordlist) = setup_tmp_directory(&words, "wordlist")?;`
improved parallel testing 2021-02-18 17:01:11 +00:00			`let (output_dir, outfile) = setup_tmp_directory(&[], "output-file")?;`
added test for --parallel 2021-02-08 12:44:00 +00:00			`let (tgt_tmp_dir, targets) =`
			`setup_tmp_directory(&[t1.url("/"), t2.url("/"), t3.url("/")], "targets")?;`

			`Command::cargo_bin("feroxbuster")`
			`.unwrap()`
parallel time limit enforced individually instead of main thread (#1072) * parallel time limit enforced individually instead of main thread * added ability to select silent/quiet when using --parallel * fixed robots.txt error -> hang * build pipeline back to main * fixed up tests * removed retries from nextest * clippy 2024-02-28 11:59:43 +00:00			`.env("RUST_LOG", "trace")`
added test for --parallel 2021-02-08 12:44:00 +00:00			`.arg("--stdin")`
			`.arg("--parallel")`
			`.arg("2")`
parallel time limit enforced individually instead of main thread (#1072) * parallel time limit enforced individually instead of main thread * added ability to select silent/quiet when using --parallel * fixed robots.txt error -> hang * build pipeline back to main * fixed up tests * removed retries from nextest * clippy 2024-02-28 11:59:43 +00:00			`.arg("--quiet")`
improved parallel testing 2021-02-18 17:01:11 +00:00			`.arg("--debug-log")`
			`.arg(outfile.as_os_str())`
added test for --parallel 2021-02-08 12:44:00 +00:00			`.arg("--wordlist")`
			`.arg(wordlist.as_os_str())`
			`.pipe_stdin(targets)`
			`.unwrap()`
			`.assert()`
			`.success()`
			`.stderr(`
			`predicate::str::contains("Could not connect to any target provided")`
			`.and(predicate::str::contains("Target Url"))`
			`.not(), // no target url found`
			`);`

improved parallel testing 2021-02-18 17:01:11 +00:00			`let contents = read_to_string(outfile).unwrap();`
clippy 2023-02-16 01:39:27 +00:00			`println!("contents: {contents}");`
improved parallel testing 2021-02-18 17:01:11 +00:00
			`assert!(contents.contains("parallel branch && wrapped main")); // exits parallel branch`

			`// DBG 0.007 feroxbuster parallel exec: target/debug/feroxbuster`
			`// --debug-log /tmp/.tmpAjRts6/output-file --wordlist /tmp/.tmpS4CKKq/wordlist`
			`// --silent -u http://127.0.0.1:41979/`
			`let r1 = Regex::new(&format!("parallel exec:.*-u {}", t1.url("/"))).unwrap();`
			`let r2 = Regex::new(&format!("parallel exec:.*-u {}", t2.url("/"))).unwrap();`
			`let r3 = Regex::new(&format!("parallel exec:.*-u {}", t3.url("/"))).unwrap();`

			`assert!(r1.is_match(&contents)); // all 3 were spawned`
			`assert!(r2.is_match(&contents));`
			`assert!(r3.is_match(&contents));`

added test for --parallel 2021-02-08 12:44:00 +00:00			`teardown_tmp_directory(word_tmp_dir);`
			`teardown_tmp_directory(tgt_tmp_dir);`
improved parallel testing 2021-02-18 17:01:11 +00:00			`teardown_tmp_directory(output_dir);`
added test for --parallel 2021-02-08 12:44:00 +00:00
			`Ok(())`
			`}`
added test for --parallel with -o 2021-08-01 19:32:14 +00:00
			`#[test]`
			`/// send three targets over stdin with --output enabled, expect parallel to create a new directory`
			`/// and the log files therein`
			`fn main_parallel_creates_output_directory() -> Result<(), Box<dyn std::error::Error>> {`
			`let t1 = MockServer::start();`
			`let t2 = MockServer::start();`
			`let t3 = MockServer::start();`

			`let words = [`
			`String::from("LICENSE"),`
			`String::from("stuff"),`
			`String::from("things"),`
			`String::from("mostuff"),`
			`String::from("mothings"),`
			`];`
			`let (word_tmp_dir, wordlist) = setup_tmp_directory(&words, "wordlist")?;`
			`let (output_dir, outfile) = setup_tmp_directory(&[], "output-file")?;`
			`let (tgt_tmp_dir, targets) =`
			`setup_tmp_directory(&[t1.url("/"), t2.url("/"), t3.url("/")], "targets")?;`

			`Command::cargo_bin("feroxbuster")`
			`.unwrap()`
			`.arg("--stdin")`
parallel time limit enforced individually instead of main thread (#1072) * parallel time limit enforced individually instead of main thread * added ability to select silent/quiet when using --parallel * fixed robots.txt error -> hang * build pipeline back to main * fixed up tests * removed retries from nextest * clippy 2024-02-28 11:59:43 +00:00			`.arg("--quiet")`
added test for --parallel with -o 2021-08-01 19:32:14 +00:00			`.arg("--parallel")`
			`.arg("2")`
			`.arg("--output")`
			`.arg(outfile.as_os_str())`
			`.arg("--wordlist")`
			`.arg(wordlist.as_os_str())`
			`.pipe_stdin(targets)`
			`.unwrap()`
			`.assert()`
			`.success()`
			`.stderr(`
			`predicate::str::contains("Could not connect to any target provided")`
			`.and(predicate::str::contains("Target Url"))`
			`.not(), // no target url found`
			`);`

			`// output_dir should return something similar to output-file-1627845244.logs with the`
			`// line below. if it ever fails, can use the regex below to filter out the right directory`
			`let sub_dir = read_dir(&output_dir)?.next().unwrap()?.file_name();`

			`let mut num_logs = 0;`
			`let file_regex = Regex::new("ferox-[a-zA-Z_:0-9]+-[0-9]+.log").unwrap();`
			`let dir_regex = Regex::new("output-file-[0-9]+.logs").unwrap();`

clippy 2022-12-29 21:32:22 +00:00			`let sub_dir = output_dir.as_ref().join(sub_dir);`
added test for --parallel with -o 2021-08-01 19:32:14 +00:00
			`// created directory like output-file-1627845741.logs/`
clippy 2022-09-18 10:51:13 +00:00			`assert!(dir_regex.is_match(&sub_dir.to_string_lossy()));`
added test for --parallel with -o 2021-08-01 19:32:14 +00:00
			`for entry in sub_dir.read_dir()? {`
			`let entry = entry?;`
			`// created each file like ferox-https_localhost-1627845741.log`
			`println!("name: {:?}", entry.file_name().to_string_lossy());`
			`assert!(file_regex.is_match(&entry.file_name().to_string_lossy()));`
			`num_logs += 1;`
			`}`

			`// should be 3 log files total`
			`assert_eq!(num_logs, 3);`

			`teardown_tmp_directory(word_tmp_dir);`
			`teardown_tmp_directory(tgt_tmp_dir);`
			`teardown_tmp_directory(output_dir);`

			`Ok(())`
			`}`
added test 2023-03-18 16:44:45 +00:00
			`#[test]`
			`/// download a wordlist from a url`
			`fn main_download_wordlist_from_url() -> Result<(), Box<dyn std::error::Error>> {`
			`let srv = MockServer::start();`

			`let (tmp_dir, _) = setup_tmp_directory(&["a".to_string()], "wordlist")?;`

			`let mock1 = srv.mock(\|when, then\| {`
			`when.method(GET).path("/derp");`
			`then.status(200).body("stuff\nthings");`
			`});`

			`// serve endpoints stuff and things`
			`let mock2 = srv.mock(\|when, then\| {`
			`when.method(GET).path("/stuff");`
			`then.status(200);`
			`});`

			`let mock3 = srv.mock(\|when, then\| {`
			`when.method(GET).path("/things");`
			`then.status(200);`
			`});`

			`Command::cargo_bin("feroxbuster")`
			`.unwrap()`
			`.current_dir(&tmp_dir)`
			`.arg("--url")`
			`.arg(srv.url("/"))`
			`.arg("--wordlist")`
			`.arg(srv.url("/derp"))`
			`.assert()`
			`.success()`
			`.stderr(predicate::str::contains(srv.url("/derp")));`

			`teardown_tmp_directory(tmp_dir);`

			`assert_eq!(mock1.hits(), 1); // downloaded wordlist`
			`assert_eq!(mock2.hits(), 1); // found stuff from wordlist`
			`assert_eq!(mock3.hits(), 1); // found things from wordlist`

			`Ok(())`
			`}`