infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add host validations to ssh scanner 

add validations to the :host attribute
on the SSH LoginScanner
bug/bundler_fix
David Maloney 2014-04-16 10:26:00 -05:00
parent 60c879c824
commit 434391c308
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
2 changed files with 84 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
lib/metasploit/framework/login_scanner/ssh.rb
View File

@ -15,11 +15,19 @@ module Metasploit
# @return [Fixnum] The port to connect to # @return [Fixnum] The port to connect to
attr_accessor :port attr_accessor :port
validates :port, numericality: { validates :port,
only_integer: true, presence: true,
greater_than_or_equal_to: 1, numericality: {
less_than_or_equal_to: 65535 only_integer: true,
} greater_than_or_equal_to: 1,
less_than_or_equal_to: 65535
}
validates :host, presence: true
validates :cred_pairs, presence: true
validate :host_address_must_be_valid
# @param attributes [Hash{Symbol => String,nil}] # @param attributes [Hash{Symbol => String,nil}]
def initialize(attributes={}) def initialize(attributes={})
@ -28,6 +36,19 @@ module Metasploit
end end
end end
private
def host_address_must_be_valid
unless host.kind_of? String
errors.add(:host, "must be a string")
end
begin
::Rex::Socket.getaddress(value, true)
rescue
errors.add(:host, "could not be resolved")
end
end
end end

58
spec/lib/metasploit/framework/login_scanner/ssh_spec.rb
View File

@ -14,6 +14,11 @@ describe Metasploit::Framework::LoginScanner::SSH do
context 'validations' do context 'validations' do
context 'port' do context 'port' do
it 'is not valid for not set' do
expect(ssh_scanner).to_not be_valid
expect(ssh_scanner.errors[:port]).to include "is not a number"
end
it 'is not valid for a non-number' do it 'is not valid for a non-number' do
ssh_scanner.port = "a" ssh_scanner.port = "a"
expect(ssh_scanner).to_not be_valid expect(ssh_scanner).to_not be_valid
@ -43,6 +48,59 @@ describe Metasploit::Framework::LoginScanner::SSH do
expect(ssh_scanner).to_not be_valid expect(ssh_scanner).to_not be_valid
expect(ssh_scanner.errors[:port]).to include "must be less than or equal to 65535" expect(ssh_scanner.errors[:port]).to include "must be less than or equal to 65535"
end end
it 'is valid for a legitimate port number' do
ssh_scanner.port = rand(65534) + 1
expect(ssh_scanner.errors[:port]).to be_empty
end
end
context 'host' do
it 'is not valid for not set' do
expect(ssh_scanner).to_not be_valid
expect(ssh_scanner.errors[:host]).to include "can't be blank"
end
it 'is not valid for a non-string input' do
ssh_scanner.host = 5
expect(ssh_scanner).to_not be_valid
expect(ssh_scanner.errors[:host]).to include "must be a string"
end
it 'is not valid for an improper IP address' do
ssh_scanner.host = '192.168.1.1.5'
expect(ssh_scanner).to_not be_valid
expect(ssh_scanner.errors[:host]).to include "could not be resolved"
end
it 'is not valid for an incomplete IP address' do
ssh_scanner.host = '192.168'
expect(ssh_scanner).to_not be_valid
expect(ssh_scanner.errors[:host]).to include "could not be resolved"
end
it 'is not valid for an invalid IP address' do
ssh_scanner.host = '192.300.675.123'
expect(ssh_scanner).to_not be_valid
expect(ssh_scanner.errors[:host]).to include "could not be resolved"
end
it 'is not valid for DNS name that cannot be resolved' do
ssh_scanner.host = 'nosuchplace.metasploit.com'
expect(ssh_scanner).to_not be_valid
expect(ssh_scanner.errors[:host]).to include "could not be resolved"
end
it 'is valid for a valid IP address' do
ssh_scanner.host = '127.0.0.1'
expect(ssh_scanner.errors[:host]).to be_empty
end
it 'is valid for a DNS name it can resolve' do
ssh_scanner.host = 'localhost'
expect(ssh_scanner.errors[:host]).to be_empty
end
end end
end end
end end