Squash commit for blank creds search and test

This should fix up #4642 with respect to #4504.

Squashed commit of the following:

commit 124d53ccb00cd200bede092e893dda7e033d3e17
Merge: cb2bef8 ccad159
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 16:23:03 2015 -0600

    Merge branch 'feature/creds-blank-finders' into temp

commit ccad159222eaa949d76e22b588d1ac7709fb2f27
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 15:58:02 2015 -0600

    Clean out whitespace, make vars more meaningful

commit 266b45dff26e2778e43d8e4750d212b5aee5a009
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 15:54:32 2015 -0600

    Add some specs for regular users and blank users

commit 2e51503f76e9a2f6921c57e86a2f98527f80c874
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Jan 26 15:04:03 2015 -0600

    Users should be able to find blank user/pass
bug/bundler_fix
Tod Beardsley 2015-01-26 16:26:30 -06:00
parent cb2bef878b
commit 2294ea0e93
No known key found for this signature in database
GPG Key ID: BD63D0A3EA19CAAC
2 changed files with 77 additions and 0 deletions

View File

@ -868,6 +868,16 @@ class Db
# Exclude creds that don't match the given type # Exclude creds that don't match the given type
next if type.present? && !core.private.kind_of?(type) next if type.present? && !core.private.kind_of?(type)
# Exclude non-blank username creds if that's what we're after
if user_regex.present? && user_regex == // && !core.public.username.blank?
next
end
# Exclude non-blank password creds if that's what we're after
if pass_regex.present? && pass_regex == // && !core.private.data.blank?
next
end
# Exclude creds that don't match the given user # Exclude creds that don't match the given user
if user_regex.present? && !core.public.username.match(user_regex) if user_regex.present? && !core.public.username.match(user_regex)
next next

View File

@ -65,6 +65,73 @@ describe Msf::Ui::Console::CommandDispatcher::Db do
it { is_expected.to respond_to :set_rhosts_from_addrs } it { is_expected.to respond_to :set_rhosts_from_addrs }
describe "#cmd_creds" do describe "#cmd_creds" do
describe "-u" do
let(:username) { "thisuser" }
let(:password) { "thispass" }
let(:nomatch_username) { "thatuser" }
let(:nomatch_password) { "thatpass" }
let(:blank_username) { "" }
let(:blank_password) { "" }
let(:nonblank_username) { "nonblank_user" }
let(:nonblank_password) { "nonblank_pass" }
before(:each) do
priv = FactoryGirl.create(:metasploit_credential_password, data: password)
pub = FactoryGirl.create(:metasploit_credential_username, username: username)
core = FactoryGirl.create(:metasploit_credential_core,
origin: FactoryGirl.create(:metasploit_credential_origin_import),
private: priv,
public: pub,
realm: nil,
workspace: framework.db.workspace)
nonblank_priv = FactoryGirl.create(:metasploit_credential_password, data: nonblank_password)
blank_pub = FactoryGirl.create(:metasploit_credential_blank_username)
core = FactoryGirl.create(:metasploit_credential_core,
origin: FactoryGirl.create(:metasploit_credential_origin_import),
private: nonblank_priv,
public: blank_pub,
realm: nil,
workspace: framework.db.workspace)
end
context "when the credential is present" do
it "should show a user that matches the given expression" do
db.cmd_creds("-u", username)
@output.should =~ [
"Credentials",
"===========",
"",
"host service public private realm private_type",
"---- ------- ------ ------- ----- ------------",
" thisuser thispass Password",
]
end
context "and when the username is blank" do
it "should show a user that matches the given expression" do
db.cmd_creds("-u", "")
@output.should =~ [
"Credentials",
"===========",
"",
"host service public private realm private_type",
"---- ------- ------ ------- ----- ------------",
" nonblank_pass Password"
]
end
end
end
context "when the credential is absent" do
it "should return a blank set" do
db.cmd_creds("-u", nomatch_username)
@output.should =~ [
"===========",
"Credentials",
"",
"---- ------- ------ ------- ----- ------------",
"host service public private realm private_type"
]
end
end
end
describe "add-password" do describe "add-password" do
let(:username) { "username" } let(:username) { "username" }
let(:password) { "password" } let(:password) { "password" }