dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Passing report_exploit_success specs 

MSP-13119
This commit is contained in:
Fernando Arias 2015-09-23 11:12:02 -05:00
parent dc84b3b1ba
commit 52e3405192
No known key found for this signature in database
GPG Key ID: 89EC07CE01DF79A1
2 changed files with 219 additions and 246 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/msf/core/db_manager/exploit_attempt.rb
View File

@ -104,9 +104,6 @@ module Msf::DBManager::ExploitAttempt
# @option opts [String] :module (nil)
# @return [void]
def do_report_failure_or_success(opts)
#require 'pry'
#binding.pry
return unless opts[:refs]
::ActiveRecord::Base.connection_pool.with_connection {
mrefs = opts[:refs]
@ -156,9 +153,6 @@ module Msf::DBManager::ExploitAttempt
attempt_info[:vuln_id] = vuln.id
vuln.vuln_attempts.create(attempt_info)
# require 'pry'
# binding.pry
create_match_result_for_vuln(vuln,opts)
# Correct the vuln's associated service if necessary
@ -191,9 +185,6 @@ module Msf::DBManager::ExploitAttempt
def create_match_result_for_vuln(vuln, opts)
run = MetasploitDataModels::AutomaticExploitation::Run.where(id:opts[:run_id]).last
# require 'pry'
# binding.pry
if run.present?
match = MetasploitDataModels::AutomaticExploitation::Match.by_run_and_vuln(run,vuln).last
@ -218,9 +209,6 @@ module Msf::DBManager::ExploitAttempt
state = MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED
end
# require 'pry'
# binding.pry
MetasploitDataModels::AutomaticExploitation::MatchResult.create!(
match: opts[:match],
run: opts[:run],
@ -238,9 +226,6 @@ module Msf::DBManager::ExploitAttempt
run = opts[:run]
module_fullname = opts[:module]
# require 'pry'
# binding.pry
run.match_set.create_match_for_vuln(
vuln,
workspace: wspace,

450
spec/support/shared/examples/msf/db_manager/exploit_attempt.rb
View File

@ -43,7 +43,6 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do
end
context "with a run" do
let(:opts) do
{
workspace: workspace,
@ -137,7 +136,6 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do
end
context "without a run" do
let(:vuln) do
FactoryGirl.create(:mdm_vuln)
end
@ -222,233 +220,223 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do
end
# describe '#report_exploit_success' do
# context "with a match" do
# subject(:report_exploit_success) do
# db_manager.report_exploit_success(opts)
# end
#
# let(:opts) do
# {
# workspace: workspace,
# refs: refs,
# host: host,
# vuln: vuln_with_match,
# session_id: session_id
# }
# end
#
# let(:session_id) do
# FactoryGirl.create(:session, host: host).id
# end
#
# let(:match_set) do
# FactoryGirl.create(:automatic_exploitation_match_set, user: workspace.owner,workspace:workspace)
# end
#
#
# let(:match) do
# FactoryGirl.create(:automatic_exploitation_match, match_set_id: match_set.id)
# end
#
# let(:vuln_with_match) do
# match.matchable
# end
#
# let(:host) do
# FactoryGirl.create(:mdm_host, workspace:workspace,vulns:[vuln_with_match])
# end
#
# let(:workspace) do
# FactoryGirl.create(:mdm_workspace)
# end
#
# let(:refs) do
# [ FactoryGirl.create(:mdm_ref) ]
# end
#
# context 'with a vuln' do
# specify do
# expect {
# report_exploit_success
# }.to change(Mdm::VulnAttempt,:count).by(1)
# end
#
# it "should create a match result" do
# expect {
# report_exploit_success
# }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1)
# end
#
# it "should create a match result with state SUCCEEDED" do
# report_exploit_success
# expect(
# MetasploitDataModels::AutomaticExploitation::MatchResult.where(
# match_id: match.id,
# state: MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED
# )
# ).to exist
# end
#
# context "calling report_exploit_success" do
# after(:each) do
# report_exploit_success
# end
#
# it "should call create_match_result_for_vuln" do
# db_manager.should_receive(:create_match_result_for_vuln)
# end
#
# it "should call create_match_result" do
# db_manager.should_receive(:create_match_result)
# end
#
# it "should call create_run_for_vuln" do
# db_manager.should_receive(:create_run_for_vuln)
# end
# end
#
# end
#
# context 'without a vuln' do
# let(:vuln_with_match) { nil }
#
# let(:host) do
# FactoryGirl.create(:mdm_host, workspace:workspace)
# end
#
# specify do
# expect {
# report_exploit_success
# }.not_to change(Mdm::VulnAttempt, :count)
# end
#
# it "should not create a match result" do
# expect {
# report_exploit_success
# }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
# end
#
# context "calling report_exploit_success" do
# after(:each) do
# report_exploit_success
# end
#
# it "should not call create_match_result_for_vuln" do
# db_manager.should_not_receive(:create_match_result_for_vuln)
# end
#
# it "should not call create_match_result" do
# db_manager.should_not_receive(:create_match_result)
# end
#
# it "should not call create_run_for_vuln" do
# db_manager.should_not_receive(:create_run_for_vuln)
# end
# end
#
# end
# end
#
#
# context "without a match" do
# subject(:report_exploit_success) do
# db_manager.report_exploit_success(opts)
# end
#
# let(:workspace) do
# FactoryGirl.create(:mdm_workspace)
# end
#
# let(:host) do
# FactoryGirl.create(:mdm_host, workspace: workspace)
# end
#
# let(:refs) do
# [ FactoryGirl.create(:mdm_ref) ]
# end
#
# let(:vuln) do
# FactoryGirl.create(:mdm_vuln)
# end
#
# let(:opts) do
# {
# workspace: workspace,
# refs: refs,
# host: host,
# vuln: vuln,
# }
# end
#
# context 'with a vuln' do
# specify do
# expect {
# report_exploit_success
# }.to change(Mdm::VulnAttempt,:count).by(1)
# end
#
# it "should not create a match result" do
# expect {
# report_exploit_success
# }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
# end
#
# context "calling report_exploit_success" do
# after(:each) do
# report_exploit_success
# end
#
# it "should call create_match_result_for_vuln" do
# db_manager.should_receive(:create_match_result_for_vuln)
# end
#
# it "should not call create_match_result" do
# db_manager.should_not_receive(:create_match_result)
# end
#
# it "should call create_run_for_vuln" do
# db_manager.should_receive(:create_run_for_vuln)
# end
# end
#
# end
#
# context 'without a vuln' do
# let(:vuln) { nil }
#
# specify do
# expect {
# report_exploit_success
# }.not_to change(Mdm::VulnAttempt, :count)
# end
#
# it "should not create a match result" do
# expect {
# report_exploit_success
# }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
# end
#
# context "calling report_exploit_success" do
# after(:each) do
# report_exploit_success
# end
#
# it "should not call create_match_result_for_vuln" do
# db_manager.should_not_receive(:create_match_result_for_vuln)
# end
#
# it "should not call create_match_result" do
# db_manager.should_not_receive(:create_match_result)
# end
#
# it "should not call create_run_for_vuln" do
# db_manager.should_not_receive(:create_run_for_vuln)
# end
# end
#
# end
# end
#
# end
describe '#report_exploit_success' do
subject(:report_exploit_success) do
db_manager.report_exploit_success(opts)
end
let(:session_id) do
FactoryGirl.create(:session, host: host).id
end
let(:run) do
match
FactoryGirl.create(:automatic_exploitation_run, user: workspace.owner,workspace:workspace, match_set_id: match_set.id)
end
let(:match_set) do
FactoryGirl.create(:automatic_exploitation_match_set, user: workspace.owner,workspace:workspace)
end
let(:match) do
FactoryGirl.create(:automatic_exploitation_match,
match_set_id: match_set.id,
matchable_id:vuln_with_match.id,
matchable_type: "Mdm::Vuln"
)
end
let(:vuln_with_match) do
FactoryGirl.create(:mdm_vuln)
end
let(:host) do
FactoryGirl.create(:mdm_host, workspace:workspace)
end
let(:workspace) do
FactoryGirl.create(:mdm_workspace)
end
let(:refs) do
[ FactoryGirl.create(:mdm_ref) ]
end
context "with a run" do
let(:opts) do
{
workspace: workspace,
refs: refs,
host: host,
vuln: vuln_with_match,
run_id: run.id,
session_id: session_id
}
end
context 'with a vuln' do
specify do
expect {
report_exploit_success
}.to change(Mdm::VulnAttempt,:count).by(1)
end
it "should create a match result" do
expect {
report_exploit_success
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1)
end
it "should create a match result with state SUCCEEDED" do
report_exploit_success
expect(
MetasploitDataModels::AutomaticExploitation::MatchResult.where(
match_id: match.id,
state: MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED
)
).to exist
end
context "calling report_exploit_success" do
after(:each) do
report_exploit_success
end
it "should call create_match_result_for_vuln" do
db_manager.should_receive(:create_match_result_for_vuln)
end
it "should call create_match_result" do
db_manager.should_receive(:create_match_result)
end
it "should not call create_match_for_vuln" do
db_manager.should_not_receive(:create_match_for_vuln)
end
end
end
context 'without a run' do
let(:vuln_with_match) { nil }
let(:match) {nil}
specify do
expect {
report_exploit_success
}.not_to change(Mdm::VulnAttempt, :count)
end
it "should not create a match result" do
expect {
report_exploit_success
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
end
context "calling report_exploit_success" do
after(:each) do
report_exploit_success
end
it "should not call create_match_result_for_vuln" do
db_manager.should_not_receive(:create_match_result_for_vuln)
end
it "should not call create_match_result" do
db_manager.should_not_receive(:create_match_result)
end
it "should not call create_match_for_vuln" do
db_manager.should_not_receive(:create_match_for_vuln)
end
end
end
end
context "without a run" do
let(:vuln) do
FactoryGirl.create(:mdm_vuln)
end
let(:opts) do
{
workspace: workspace,
refs: refs,
host: host,
vuln: vuln,
}
end
context 'with a vuln' do
specify do
expect {
report_exploit_success
}.to change(Mdm::VulnAttempt,:count).by(1)
end
it "should not create a match result" do
expect {
report_exploit_success
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
end
context "calling report_exploit_success" do
after(:each) do
report_exploit_success
end
it "should call create_match_result_for_vuln" do
db_manager.should_receive(:create_match_result_for_vuln)
end
it "should not call create_match_result" do
db_manager.should_not_receive(:create_match_result)
end
it "should not call create_match_for_vuln" do
db_manager.should_not_receive(:create_match_for_vuln)
end
end
end
context 'without a vuln' do
let(:vuln) { nil }
specify do
expect {
report_exploit_success
}.not_to change(Mdm::VulnAttempt, :count)
end
it "should not create a match result" do
expect {
report_exploit_success
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
end
context "calling report_exploit_success" do
after(:each) do
report_exploit_success
end
it "should not call create_match_result_for_vuln" do
db_manager.should_not_receive(:create_match_result_for_vuln)
end
it "should not call create_match_result" do
db_manager.should_not_receive(:create_match_result)
end
it "should not call create_match_for_vuln" do
db_manager.should_not_receive(:create_match_for_vuln)
end
end
end
end
end
end