Squash commit for blank creds search and test

This should fix up #4642 with respect to #4504. Squashed commit of the following: commit 124d53ccb00cd200bede092e893dda7e033d3e17 Merge: cb2bef8 ccad159 Author: Tod Beardsley <tod_beardsley@rapid7.com> Date: Mon Jan 26 16:23:03 2015 -0600 Merge branch 'feature/creds-blank-finders' into temp commit ccad159222eaa949d76e22b588d1ac7709fb2f27 Author: Tod Beardsley <tod_beardsley@rapid7.com> Date: Mon Jan 26 15:58:02 2015 -0600 Clean out whitespace, make vars more meaningful commit 266b45dff26e2778e43d8e4750d212b5aee5a009 Author: Tod Beardsley <tod_beardsley@rapid7.com> Date: Mon Jan 26 15:54:32 2015 -0600 Add some specs for regular users and blank users commit 2e51503f76e9a2f6921c57e86a2f98527f80c874 Author: Tod Beardsley <tod_beardsley@rapid7.com> Date: Mon Jan 26 15:04:03 2015 -0600 Users should be able to find blank user/pass
2015-01-26 16:26:30 -06:00 · 2015-01-26 16:26:30 -06:00 · 2294ea0e93
parent cb2bef878b
commit 2294ea0e93
2 changed files with 77 additions and 0 deletions
--- a/lib/msf/ui/console/command_dispatcher/db.rb
+++ b/lib/msf/ui/console/command_dispatcher/db.rb
@ -868,6 +868,16 @@ class Db
        # Exclude creds that don't match the given type
        next if type.present? && !core.private.kind_of?(type)

+        # Exclude non-blank username creds if that's what we're after
+        if user_regex.present? && user_regex == // && !core.public.username.blank?
+          next
+        end
+
+        # Exclude non-blank password creds if that's what we're after
+        if pass_regex.present? && pass_regex == // && !core.private.data.blank?
+          next
+        end
+
        # Exclude creds that don't match the given user
        if user_regex.present? && !core.public.username.match(user_regex)
          next
--- a/spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
+++ b/spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
@ -65,6 +65,73 @@ describe Msf::Ui::Console::CommandDispatcher::Db do
  it { is_expected.to respond_to :set_rhosts_from_addrs }

  describe "#cmd_creds" do
+
+    describe "-u" do
+      let(:username)            { "thisuser" }
+      let(:password)            { "thispass" }
+      let(:nomatch_username)    { "thatuser" }
+      let(:nomatch_password)    { "thatpass" }
+      let(:blank_username)      { "" }
+      let(:blank_password)      { "" }
+      let(:nonblank_username)   { "nonblank_user" }
+      let(:nonblank_password)   { "nonblank_pass" }
+      before(:each) do
+        priv = FactoryGirl.create(:metasploit_credential_password, data: password)
+        pub = FactoryGirl.create(:metasploit_credential_username, username: username)
+        core = FactoryGirl.create(:metasploit_credential_core,
+                                  origin: FactoryGirl.create(:metasploit_credential_origin_import),
+                                  private: priv,
+                                  public: pub,
+                                  realm: nil,
+                                  workspace: framework.db.workspace)
+        nonblank_priv = FactoryGirl.create(:metasploit_credential_password, data: nonblank_password)
+        blank_pub = FactoryGirl.create(:metasploit_credential_blank_username)
+        core = FactoryGirl.create(:metasploit_credential_core,
+                                  origin: FactoryGirl.create(:metasploit_credential_origin_import),
+                                  private: nonblank_priv,
+                                  public: blank_pub,
+                                  realm: nil,
+                                  workspace: framework.db.workspace)
+      end
+      context "when the credential is present" do
+        it "should show a user that matches the given expression" do
+          db.cmd_creds("-u", username)
+          @output.should =~ [
+            "Credentials",
+            "===========",
+            "",
+            "host  service  public    private   realm  private_type",
+            "----  -------  ------    -------   -----  ------------",
+            "               thisuser  thispass         Password",
+          ]
+        end
+        context "and when the username is blank" do
+          it "should show a user that matches the given expression" do
+            db.cmd_creds("-u", "")
+            @output.should =~ [
+              "Credentials",
+              "===========",
+              "",
+              "host  service  public  private        realm  private_type",
+              "----  -------  ------  -------        -----  ------------",
+              "                       nonblank_pass         Password"
+            ]
+          end
+        end
+      end
+      context "when the credential is absent" do
+        it "should return a blank set" do
+          db.cmd_creds("-u", nomatch_username)
+          @output.should =~ [
+            "===========",
+            "Credentials",
+            "",
+            "----  -------  ------  -------  -----  ------------",
+            "host  service  public  private  realm  private_type"
+          ]
+        end
+      end
+    end
    describe "add-password" do
      let(:username) { "username" }
      let(:password) { "password" }