cookie cleanup

2021-05-07 12:46:38 +01:00 · 2021-05-07 12:46:38 +01:00 · a22ebdf76d
parent ac8b53a585
commit a22ebdf76d
4 changed files with 73 additions and 28 deletions
--- a/lib/msf/core/exploit/remote/http/http_cookie.rb
+++ b/lib/msf/core/exploit/remote/http/http_cookie.rb
@ -11,13 +11,17 @@ module Msf
          def initialize(name, value = nil, **attr_hash)
            if name.is_a?(::HTTP::Cookie)
              @cookie = name
-            elsif name && value && attr_hash
-              @cookie = ::HTTP::Cookie.new(name, value, **attr_hash)
-            elsif name && value
+            elsif value
              @cookie = ::HTTP::Cookie.new(name, value)
            else
              @cookie = ::HTTP::Cookie.new(name)
            end
+
+            attr_hash.each_pair do |k, v|
+              if respond_to?("#{k}=".to_sym)
+                send("#{k}=".to_sym, v)
+              end
+            end
          end

          def name
@ -65,10 +69,6 @@ module Msf
            end
          end

-          def expired?(time = Time.now)
-            @cookie.expired?(time)
-          end
-
          def path
            @cookie.path
          end
@ -98,11 +98,15 @@ module Msf
          end

          def domain
-            @cookie.domain
+            if @cookie.domain.nil?
+              nil
+            else
+              @cookie.domain.to_s
+            end
          end

          def domain=(domain)
-            if domain.nil? || domain.is_a?(DomainName)
+            if domain.nil?
              @cookie.domain = domain
            else
              @cookie.domain = domain.to_s
@ -133,6 +137,10 @@ module Msf
            end
          end

+          def expired?(time = Time.now)
+            @cookie.expired?(time)
+          end
+
          def session?
            @cookie.session?
          end
--- a/lib/msf/core/exploit/remote/http/http_cookie_jar.rb
+++ b/lib/msf/core/exploit/remote/http/http_cookie_jar.rb
@ -40,7 +40,7 @@ module Msf
            @cookie_jar.clear
          end

-          # Removes expired cookies and returns self.  If `session` is true,
+          # Removes expired cookies and returns self.  If `expire_all` is true,
          # all session cookies are removed as well.
          def cleanup(expire_all = false)
            @cookie_jar.cleanup(expire_all)
--- a/lib/msf/core/exploit/remote/http_client.rb
+++ b/lib/msf/core/exploit/remote/http_client.rb
@ -373,19 +373,19 @@ module Exploit::Remote::HttpClient
  # reads the response
  #
  # If a +Msf::Exploit::Remote::HTTP::HttpCookieJar+ instance is passed in the +opts+ dict under a 'cookie' key, said CookieJar will be used in
-  # the request instead of the module +cookie_jar+
+  # the request instead of the module +cookie_jar+. Any other object passed under the `cookie` key will be converted to a string using +to_s+
+  # and set as the cookie header of the request.
  #
  # Passes `opts` through directly to {Rex::Proto::Http::Client#request_cgi}.
  # Set `opts['keep_cookies']` to keep cookies from responses for reuse in requests.
  # Cookies returned by the server will be stored in +cookie_jar+
  #
-  # +expire_cookies+ will control if +cleanup+ is called on any passed +Msf::Exploit::Remote::HTTP::HttpCookieJar+ or the client cookiejar
+  # Set `opts['expire_cookies']` to false in order to disable automatic removal of expired cookies
  #
  # @return (see Rex::Proto::Http::Client#send_recv))
  def send_request_cgi(opts = {}, timeout = 20, disconnect = true)
    if opts.has_key?('cookie')
      if opts['cookie'].is_a?(Msf::Exploit::Remote::HTTP::HttpCookieJar)
-        cookie_jar.cleanup unless opts['expire_cookies'] == false
        opts.merge({ 'cookie' => opts['cookie'].cookies.join('; ') })
      else
        opts.merge({ 'cookie' => opts['cookie'].to_s })
--- a/spec/lib/msf/core/exploit/remote/remote/http/http_cookie_spec.rb
+++ b/spec/lib/msf/core/exploit/remote/remote/http/http_cookie_spec.rb
@ -256,16 +256,6 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
  end

  describe 'domain' do
-    describe 'DomainName' do
-      it 'assigned to domain when origin is set will result in a domain based on origin.host' do
-        d = DomainName(random_string)
-
-        cookie.domain = d
-
-        expect(cookie.domain).to eql(d.hostname)
-      end
-    end
-
    describe 'nil' do
      it 'assigned to domain when origin is not set will result in a nil domain' do
        n = nil
@ -657,7 +647,7 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
      expect(a).to eq(false)
    end

-    it 'will return false if url without http(s) protocol is passed' do
+    it 'will return false if url without http or https protocol is passed' do
      generic_uri = random_string

      v = cookie.acceptable_from_uri?(generic_uri)
@ -665,7 +655,7 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
      expect(v).to eq(false)
    end

-    it 'will return false if url with http(s) protocol is passed but has no host' do
+    it 'will return false if url with http protocol is passed but has no host' do
      protcol = 'http://'

      v = cookie.acceptable_from_uri?(protcol)
@ -674,7 +664,16 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
      expect(v).to eq(false)
    end

-    it 'will return true if url with http(s) protocol is passed with a domain that matches the url domain' do
+    it 'will return false if url with https protocol is passed but has no host' do
+      protcol = 'https://'
+
+      v = cookie.acceptable_from_uri?(protcol)
+
+      expect(URI(protcol).is_a?(::URI::HTTP)).to eq(true)
+      expect(v).to eq(false)
+    end
+
+    it 'will return true if url with http protocol is passed with a domain that matches the url domain' do
      host = random_string
      uri = "http://#{host}/#{random_string}"
      cookie.domain = host
@ -684,9 +683,47 @@ RSpec.describe Msf::Exploit::Remote::HTTP::HttpCookie do
      expect(v).to eq(true)
    end

-    it "will return domain.nil? if url with http(s) protocol is passed with a domain that doesn't match the url domain" do
+    it 'will return true if url with https protocol is passed with a domain that matches the url domain' do
+      host = random_string
+      uri = "https://#{host}/#{random_string}"
+      cookie.domain = host
+
+      v = cookie.acceptable_from_uri?(uri)
+
+      expect(v).to eq(true)
+    end
+
+    it "will return true if url with http protocol is passed to a nil domain" do
      uri = "http://#{random_string}/#{random_string}"
-      cookie.domain = rand(0..1) == 1 ? nil : random_string
+      cookie.domain = nil
+
+      v = cookie.acceptable_from_uri?(uri)
+
+      expect(v).to eq(cookie.domain.nil?)
+    end
+
+    it "will return false if url with http protocol is passed with a domain that doesn't match the cookie domain" do
+      uri = "http://#{random_string}/#{random_string}"
+      cookie.domain = random_string + 'cookie_domain'
+
+      v = cookie.acceptable_from_uri?(uri)
+
+      expect(v).to eq(cookie.domain.nil?)
+    end
+
+
+    it "will return true if url with https protocol is passed to a nil domain" do
+      uri = "https://#{random_string}/#{random_string}"
+      cookie.domain = nil
+
+      v = cookie.acceptable_from_uri?(uri)
+
+      expect(v).to eq(cookie.domain.nil?)
+    end
+
+    it "will return false if url with https protocol is passed with a domain that doesn't match the cookie domain" do
+      uri = "https://#{random_string}/#{random_string}"
+      cookie.domain = random_string + 'cookie_domain'

      v = cookie.acceptable_from_uri?(uri)