From 359306a1a463af49e0830edb66f5523a34e97d13 Mon Sep 17 00:00:00 2001 From: Fernando Arias Date: Fri, 18 Sep 2015 12:25:21 -0500 Subject: [PATCH] Add specs to exploit_attempt to cover report_exploit_failure MSP-13119 --- .../msf/db_manager/exploit_attempt.rb | 266 +++++++++++++++--- 1 file changed, 231 insertions(+), 35 deletions(-) diff --git a/spec/support/shared/examples/msf/db_manager/exploit_attempt.rb b/spec/support/shared/examples/msf/db_manager/exploit_attempt.rb index 135b6a0395..38ce121f0f 100644 --- a/spec/support/shared/examples/msf/db_manager/exploit_attempt.rb +++ b/spec/support/shared/examples/msf/db_manager/exploit_attempt.rb @@ -4,8 +4,227 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do it { is_expected.to respond_to :report_exploit_failure } it { is_expected.to respond_to :report_exploit_success } - describe '#report_exploit_success' do + describe '#report_exploit_failure' do + context "with a match" do + subject(:report_exploit_failure) do + db_manager.report_exploit_failure(opts) + end + let(:opts) do + { + workspace: workspace, + refs: refs, + host: host, + vuln: vuln_with_match + } + end + + let(:match) do + FactoryGirl.create(:automatic_exploitation_match) + end + + let(:vuln_with_match) do + match.matchable + end + + let(:host) do + FactoryGirl.create(:mdm_host, workspace:workspace,vulns:[vuln_with_match]) + end + + let(:workspace) do + FactoryGirl.create(:mdm_workspace) + end + + let(:refs) do + [ FactoryGirl.create(:mdm_ref) ] + end + + context 'with a vuln' do + specify do + expect { + report_exploit_failure + }.to change(Mdm::VulnAttempt,:count).by(1) + end + + it "should create a match result" do + expect { + report_exploit_failure + }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1) + end + + it "should create a match result with state FAILED" do + report_exploit_failure + expect( + MetasploitDataModels::AutomaticExploitation::MatchResult.where( + match_id: match.id, + state: MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED + ) + ).to exist + end + + context "calling report_exploit_success" do + after(:each) do + report_exploit_failure + end + + it "should call create_match_result_for_vuln" do + db_manager.should_receive(:create_match_result_for_vuln) + end + + it "should call create_match_result" do + db_manager.should_receive(:create_match_result) + end + + it "should call create_run_for_vuln" do + db_manager.should_receive(:create_run_for_vuln) + end + end + + end + + context 'without a vuln' do + let(:vuln_with_match) { nil } + + let(:host) do + FactoryGirl.create(:mdm_host, workspace:workspace) + end + + specify do + expect { + report_exploit_failure + }.not_to change(Mdm::VulnAttempt, :count) + end + + it "should not create a match result" do + expect { + report_exploit_failure + }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0) + end + + context "calling report_exploit_success" do + after(:each) do + report_exploit_failure + end + + it "should not call create_match_result_for_vuln" do + db_manager.should_not_receive(:create_match_result_for_vuln) + end + + it "should not call create_match_result" do + db_manager.should_not_receive(:create_match_result) + end + + it "should not call create_run_for_vuln" do + db_manager.should_not_receive(:create_run_for_vuln) + end + end + + end + end + + + context "without a match" do + subject(:report_exploit_failure) do + db_manager.report_exploit_failure(opts) + end + + let(:workspace) do + FactoryGirl.create(:mdm_workspace) + end + + let(:host) do + FactoryGirl.create(:mdm_host, workspace: workspace) + end + + let(:refs) do + [ FactoryGirl.create(:mdm_ref) ] + end + + let(:vuln) do + FactoryGirl.create(:mdm_vuln) + end + + let(:opts) do + { + workspace: workspace, + refs: refs, + host: host, + vuln: vuln, + } + end + + context 'with a vuln' do + specify do + expect { + report_exploit_failure + }.to change(Mdm::VulnAttempt,:count).by(1) + end + + it "should not create a match result" do + expect { + report_exploit_failure + }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0) + end + + context "calling report_exploit_success" do + after(:each) do + report_exploit_failure + end + + it "should call create_match_result_for_vuln" do + db_manager.should_receive(:create_match_result_for_vuln) + end + + it "should not call create_match_result" do + db_manager.should_not_receive(:create_match_result) + end + + it "should call create_run_for_vuln" do + db_manager.should_receive(:create_run_for_vuln) + end + end + + end + + context 'without a vuln' do + let(:vuln) { nil } + + specify do + expect { + report_exploit_failure + }.not_to change(Mdm::VulnAttempt, :count) + end + + it "should not create a match result" do + expect { + report_exploit_failure + }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0) + end + + context "calling report_exploit_success" do + after(:each) do + report_exploit_failure + end + + it "should not call create_match_result_for_vuln" do + db_manager.should_not_receive(:create_match_result_for_vuln) + end + + it "should not call create_match_result" do + db_manager.should_not_receive(:create_match_result) + end + + it "should not call create_run_for_vuln" do + db_manager.should_not_receive(:create_run_for_vuln) + end + end + + end + end + end + + + describe '#report_exploit_success' do context "with a match" do subject(:report_exploit_success) do db_manager.report_exploit_success(opts) @@ -52,42 +271,20 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do }.to change(Mdm::VulnAttempt,:count).by(1) end - context "with a session" do - it "should create a match result" do - expect { - report_exploit_success - }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1) - end - - it "should create a match result with state SUCCEEDED" do + it "should create a match result" do + expect { report_exploit_success - expect( - MetasploitDataModels::AutomaticExploitation::MatchResult.where( - match_id: match.id, - state: MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED - ) - ).to exist - end + }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1) end - context "without a session" do - let(:session_id) {nil} - - it "should create a match result" do - expect { - report_exploit_success - }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1) - end - - it "should create a match result with state FAILED" do - report_exploit_success - expect( - MetasploitDataModels::AutomaticExploitation::MatchResult.where( - match_id: match.id, - state: MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED - ) - ).to exist - end + it "should create a match result with state SUCCEEDED" do + report_exploit_success + expect( + MetasploitDataModels::AutomaticExploitation::MatchResult.where( + match_id: match.id, + state: MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED + ) + ).to exist end context "calling report_exploit_success" do @@ -250,6 +447,5 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do end end - end end