Add specs to exploit_attempt to cover report_exploit_failure

MSP-13119
bug/bundler_fix
Fernando Arias 2015-09-18 12:25:21 -05:00
parent d3a73149a2
commit 359306a1a4
No known key found for this signature in database
GPG Key ID: 89EC07CE01DF79A1
1 changed files with 231 additions and 35 deletions

View File

@ -4,8 +4,227 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do
it { is_expected.to respond_to :report_exploit_failure } it { is_expected.to respond_to :report_exploit_failure }
it { is_expected.to respond_to :report_exploit_success } it { is_expected.to respond_to :report_exploit_success }
describe '#report_exploit_success' do describe '#report_exploit_failure' do
context "with a match" do
subject(:report_exploit_failure) do
db_manager.report_exploit_failure(opts)
end
let(:opts) do
{
workspace: workspace,
refs: refs,
host: host,
vuln: vuln_with_match
}
end
let(:match) do
FactoryGirl.create(:automatic_exploitation_match)
end
let(:vuln_with_match) do
match.matchable
end
let(:host) do
FactoryGirl.create(:mdm_host, workspace:workspace,vulns:[vuln_with_match])
end
let(:workspace) do
FactoryGirl.create(:mdm_workspace)
end
let(:refs) do
[ FactoryGirl.create(:mdm_ref) ]
end
context 'with a vuln' do
specify do
expect {
report_exploit_failure
}.to change(Mdm::VulnAttempt,:count).by(1)
end
it "should create a match result" do
expect {
report_exploit_failure
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1)
end
it "should create a match result with state FAILED" do
report_exploit_failure
expect(
MetasploitDataModels::AutomaticExploitation::MatchResult.where(
match_id: match.id,
state: MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED
)
).to exist
end
context "calling report_exploit_success" do
after(:each) do
report_exploit_failure
end
it "should call create_match_result_for_vuln" do
db_manager.should_receive(:create_match_result_for_vuln)
end
it "should call create_match_result" do
db_manager.should_receive(:create_match_result)
end
it "should call create_run_for_vuln" do
db_manager.should_receive(:create_run_for_vuln)
end
end
end
context 'without a vuln' do
let(:vuln_with_match) { nil }
let(:host) do
FactoryGirl.create(:mdm_host, workspace:workspace)
end
specify do
expect {
report_exploit_failure
}.not_to change(Mdm::VulnAttempt, :count)
end
it "should not create a match result" do
expect {
report_exploit_failure
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
end
context "calling report_exploit_success" do
after(:each) do
report_exploit_failure
end
it "should not call create_match_result_for_vuln" do
db_manager.should_not_receive(:create_match_result_for_vuln)
end
it "should not call create_match_result" do
db_manager.should_not_receive(:create_match_result)
end
it "should not call create_run_for_vuln" do
db_manager.should_not_receive(:create_run_for_vuln)
end
end
end
end
context "without a match" do
subject(:report_exploit_failure) do
db_manager.report_exploit_failure(opts)
end
let(:workspace) do
FactoryGirl.create(:mdm_workspace)
end
let(:host) do
FactoryGirl.create(:mdm_host, workspace: workspace)
end
let(:refs) do
[ FactoryGirl.create(:mdm_ref) ]
end
let(:vuln) do
FactoryGirl.create(:mdm_vuln)
end
let(:opts) do
{
workspace: workspace,
refs: refs,
host: host,
vuln: vuln,
}
end
context 'with a vuln' do
specify do
expect {
report_exploit_failure
}.to change(Mdm::VulnAttempt,:count).by(1)
end
it "should not create a match result" do
expect {
report_exploit_failure
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
end
context "calling report_exploit_success" do
after(:each) do
report_exploit_failure
end
it "should call create_match_result_for_vuln" do
db_manager.should_receive(:create_match_result_for_vuln)
end
it "should not call create_match_result" do
db_manager.should_not_receive(:create_match_result)
end
it "should call create_run_for_vuln" do
db_manager.should_receive(:create_run_for_vuln)
end
end
end
context 'without a vuln' do
let(:vuln) { nil }
specify do
expect {
report_exploit_failure
}.not_to change(Mdm::VulnAttempt, :count)
end
it "should not create a match result" do
expect {
report_exploit_failure
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(0)
end
context "calling report_exploit_success" do
after(:each) do
report_exploit_failure
end
it "should not call create_match_result_for_vuln" do
db_manager.should_not_receive(:create_match_result_for_vuln)
end
it "should not call create_match_result" do
db_manager.should_not_receive(:create_match_result)
end
it "should not call create_run_for_vuln" do
db_manager.should_not_receive(:create_run_for_vuln)
end
end
end
end
end
describe '#report_exploit_success' do
context "with a match" do context "with a match" do
subject(:report_exploit_success) do subject(:report_exploit_success) do
db_manager.report_exploit_success(opts) db_manager.report_exploit_success(opts)
@ -52,42 +271,20 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do
}.to change(Mdm::VulnAttempt,:count).by(1) }.to change(Mdm::VulnAttempt,:count).by(1)
end end
context "with a session" do it "should create a match result" do
it "should create a match result" do expect {
expect {
report_exploit_success
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1)
end
it "should create a match result with state SUCCEEDED" do
report_exploit_success report_exploit_success
expect( }.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1)
MetasploitDataModels::AutomaticExploitation::MatchResult.where(
match_id: match.id,
state: MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED
)
).to exist
end
end end
context "without a session" do it "should create a match result with state SUCCEEDED" do
let(:session_id) {nil} report_exploit_success
expect(
it "should create a match result" do MetasploitDataModels::AutomaticExploitation::MatchResult.where(
expect { match_id: match.id,
report_exploit_success state: MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED
}.to change(MetasploitDataModels::AutomaticExploitation::MatchResult,:count).by(1) )
end ).to exist
it "should create a match result with state FAILED" do
report_exploit_success
expect(
MetasploitDataModels::AutomaticExploitation::MatchResult.where(
match_id: match.id,
state: MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED
)
).to exist
end
end end
context "calling report_exploit_success" do context "calling report_exploit_success" do
@ -250,6 +447,5 @@ shared_examples_for 'Msf::DBManager::ExploitAttempt' do
end end
end end
end end
end end