dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor empty test on CredentialCollection

This commit is contained in:
Jeffrey Martin 2017-01-31 12:10:17 -06:00
parent 2ff170a1fa
commit 0dcf0002ae
No known key found for this signature in database
GPG Key ID: 0CD9BBC2AF15F171
12 changed files with 80 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/metasploit/framework/credential_collection.rb
View File

@ -205,6 +205,13 @@ class Metasploit::Framework::CredentialCollection
pass_fd.close if pass_fd && !pass_fd.closed?
end
# Returns true when #each will have no results to iterate
def empty?
hasUser = username.present? || user_file.present? || !additional_publics.empty?
hasPass = password.present? || pass_file.present? || !additional_privates.empty? || blank_passwords
prepended_creds.empty? && !hasUser || (hasUser && !hasPass)
end
private
def private_type(private)

6
lib/metasploit/framework/login_scanner/base.rb
View File

@ -305,11 +305,7 @@ module Metasploit
errors.add(:cred_details, "must respond to :each")
end
if cred_details.prepended_creds.empty? &&
cred_details.additional_publics.empty? &&
cred_details.additional_privates.empty? &&
!cred_details.username.present? &&
!cred_details.password.present?
if cred_details.empty?
errors.add(:cred_details, "can't be blank")
end
end

61
spec/lib/metasploit/framework/credential_collection_spec.rb
View File

@ -12,6 +12,9 @@ RSpec.describe Metasploit::Framework::CredentialCollection do
user_file: user_file,
username: username,
userpass_file: userpass_file,
prepended_creds: prepended_creds,
additional_privates: additional_privates,
additional_publics: additional_publics
)
end
@ -22,6 +25,9 @@ RSpec.describe Metasploit::Framework::CredentialCollection do
let(:pass_file) { nil }
let(:user_as_pass) { nil }
let(:userpass_file) { nil }
let(:prepended_creds) { [] }
let(:additional_privates) { [] }
let(:additional_publics) { [] }
describe "#each" do
specify do
@ -134,6 +140,61 @@ RSpec.describe Metasploit::Framework::CredentialCollection do
end
describe "#empty?" do
context "when :username is set" do
context "and :password is set" do
specify do
expect(collection.empty?).to eq false
end
end
context "and :password is not set" do
let(:password) { nil }
specify do
expect(collection.empty?).to eq true
end
context "and :blank_passwords is true" do
let(:blank_passwords) { true }
specify do
expect(collection.empty?).to eq false
end
end
end
end
context "when :username is not set" do
context "and :password is not set" do
let(:username) { nil }
let(:password) { nil }
specify do
expect(collection.empty?).to eq true
end
context "and :prepended_creds is not empty" do
let(:prepended_creds) { [ "test" ] }
specify do
expect(collection.empty?).to eq false
end
end
context "and :additional_privates is not empty" do
let(:additional_privates) { [ "test_private" ] }
specify do
expect(collection.empty?).to eq true
end
end
context "and :additional_publics is not empty" do
let(:additional_publics) { [ "test_public" ] }
specify do
expect(collection.empty?).to eq true
end
end
end
end
end
describe "#prepend_cred" do
specify do
prep = Metasploit::Framework::Credential.new(public: "foo", private: "bar")

1
spec/lib/metasploit/framework/login_scanner/base_spec.rb
View File

@ -24,6 +24,7 @@ RSpec.describe Metasploit::Framework::LoginScanner::Base do
allow(creds).to receive(:additional_publics).and_return(['user'])
allow(creds).to receive(:each).and_return(['user', 'pass'])
allow(creds).to receive(:additional_publics).and_return([])
allow(creds).to receive(:empty?).and_return(false)
creds
}

1
spec/lib/metasploit/framework/login_scanner/ftp_spec.rb
View File

@ -59,6 +59,7 @@ RSpec.describe Metasploit::Framework::LoginScanner::FTP do
allow(creds).to receive(:prepended_creds).and_return([])
allow(creds).to receive(:additional_privates).and_return([])
allow(creds).to receive(:additional_publics).and_return([])
allow(creds).to receive(:empty?).and_return(true)
ftp_scanner.cred_details = creds
end

1
spec/lib/metasploit/framework/login_scanner/mssql_spec.rb
View File

@ -49,6 +49,7 @@ RSpec.describe Metasploit::Framework::LoginScanner::MSSQL do
allow(creds).to receive(:prepended_creds).and_return([])
allow(creds).to receive(:additional_privates).and_return([])
allow(creds).to receive(:additional_publics).and_return([])
allow(creds).to receive(:empty?).and_return(true)
login_scanner.cred_details = creds
end

1
spec/lib/metasploit/framework/login_scanner/smb_spec.rb
View File

@ -57,6 +57,7 @@ RSpec.describe Metasploit::Framework::LoginScanner::SMB do
allow(creds).to receive(:prepended_creds).and_return([])
allow(creds).to receive(:additional_privates).and_return([])
allow(creds).to receive(:additional_publics).and_return([])
allow(creds).to receive(:empty?).and_return(true)
login_scanner.cred_details = creds
end

1
spec/lib/metasploit/framework/login_scanner/ssh_spec.rb
View File

@ -70,6 +70,7 @@ RSpec.describe Metasploit::Framework::LoginScanner::SSH do
allow(creds).to receive(:prepended_creds).and_return([])
allow(creds).to receive(:additional_privates).and_return([])
allow(creds).to receive(:additional_publics).and_return([])
allow(creds).to receive(:empty?).and_return(true)
ssh_scanner.cred_details = creds
end

1
spec/lib/metasploit/framework/login_scanner/telnet_spec.rb
View File

@ -22,6 +22,7 @@ RSpec.describe Metasploit::Framework::LoginScanner::Telnet do
allow(creds).to receive(:prepended_creds).and_return([])
allow(creds).to receive(:additional_privates).and_return([])
allow(creds).to receive(:additional_publics).and_return([])
allow(creds).to receive(:empty?).and_return(true)
login_scanner.cred_details = creds
end

3
spec/support/shared/examples/metasploit/framework/login_scanner/login_scanner_base.rb
View File

@ -75,6 +75,7 @@ RSpec.shared_examples_for 'Metasploit::Framework::LoginScanner::Base' do | opts
allow(creds).to receive(:prepended_creds).and_return([])
allow(creds).to receive(:additional_privates).and_return([])
allow(creds).to receive(:additional_publics).and_return(['user'])
allow(creds).to receive(:empty?).and_return(true)
login_scanner.cred_details = creds
end
@ -182,6 +183,7 @@ RSpec.shared_examples_for 'Metasploit::Framework::LoginScanner::Base' do | opts
allow(creds).to receive(:prepended_creds).and_return([])
allow(creds).to receive(:additional_privates).and_return([])
allow(creds).to receive(:additional_publics).and_return([])
allow(creds).to receive(:empty?).and_return(true)
login_scanner.cred_details = creds
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:cred_details]).to include "can't be blank"
@ -198,6 +200,7 @@ RSpec.shared_examples_for 'Metasploit::Framework::LoginScanner::Base' do | opts
allow(creds).to receive(:prepended_creds).and_return([])
allow(creds).to receive(:additional_privates).and_return([])
allow(creds).to receive(:additional_publics).and_return(['user'])
allow(creds).to receive(:empty?).and_return(true)
login_scanner.cred_details = creds
expect(login_scanner).to_not be_valid
expect(login_scanner.errors[:cred_details]).to include "must respond to :each"

1
spec/support/shared/examples/metasploit/framework/login_scanner/ntlm.rb
View File

@ -21,6 +21,7 @@ RSpec.shared_examples_for 'Metasploit::Framework::LoginScanner::NTLM' do
allow(creds).to receive(:prepended_creds).and_return([])
allow(creds).to receive(:additional_privates).and_return([])
allow(creds).to receive(:additional_publics).and_return([])
allow(creds).to receive(:empty?).and_return(true)
login_scanner.cred_details = creds
end

1
spec/support/shared/examples/metasploit/framework/tcp/client.rb
View File

@ -15,6 +15,7 @@ RSpec.shared_examples_for 'Metasploit::Framework::Tcp::Client' do
allow(creds).to receive(:prepended_creds).and_return([])
allow(creds).to receive(:additional_privates).and_return([])
allow(creds).to receive(:additional_publics).and_return(['user'])
allow(creds).to receive(:empty?).and_return(true)
login_scanner.cred_details = creds
end