Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Review rspec
require File.expand_path(File.dirname(__FILE__) + "/spec_helper")
require 'word_press_security_hardening'
describe WordPressSecurityHardening do
# when method is an instance method use "#"
# when is a class method use "."
describe '#harden' do
let(:db) { double(WordPressDatabase) }
let(:config) { double(WordPressConfigFile) }
subject { WordPressSecurityHardening.new(db, config) }
context 'when database table names are easy to guess' do
# Return more tables, with perhaps random names...
let(:db_tables) { many_tables_here_with_same_prefix }
before { db.stub(:tables).and_return(db_tables) }
it 'changes table prefix' do
config.should_receive(:table_prefix=) do |prefix|
# verify prefix is hard to guess
prefix.should.be hard_to_guess
# setup expectations for the db
# set expected to the expected table name
db_tables.each { |t| db.should_receive(:rename_table).with(t, expected) }
end
subject.harden
end
end
context 'when database table names are already hard to guess' do
let(:prefix) { "wp#{random_chars_for_table_prefix}_" }
let(:random_chars_for_table_prefix) { 'C6G52F' }
let(:db_tables) { many_tables_here_with_same_prefix }
before do
# Why not stub the prefix? Isn't that enough to check?
config.stub(....).and_return(....)
# it should be an array of names
db.stub(:tables).and_return(db_tables)
end
it 'does not change table prefix' do
db.should_not_receive(:rename_table)
config.should_not_receive(:table_prefix=)
subject.harden
end
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment