From 466576d03f9f14219de267a8357aac402baec58d Mon Sep 17 00:00:00 2001
From: David Maloney <DMaloney@rapid7.com>
Date: Sat, 14 Jun 2014 16:16:30 -0500
Subject: [PATCH] jtr wordlist validations started

start adding validations and exceptions for the
JtR Wordlist class.
---
 .../framework/jtr/invalid_wordlist.rb         | 20 ++++++
 lib/metasploit/framework/jtr/wordlist.rb      | 62 +++++++++++++++++++
 .../framework/jtr/invalid_wordlist_spec.rb    | 38 ++++++++++++
 3 files changed, 120 insertions(+)
 create mode 100644 lib/metasploit/framework/jtr/invalid_wordlist.rb
 create mode 100644 spec/lib/metasploit/framework/jtr/invalid_wordlist_spec.rb

diff --git a/lib/metasploit/framework/jtr/invalid_wordlist.rb b/lib/metasploit/framework/jtr/invalid_wordlist.rb
new file mode 100644
index 0000000000..edf91b9505
--- /dev/null
+++ b/lib/metasploit/framework/jtr/invalid_wordlist.rb
@@ -0,0 +1,20 @@
+module Metasploit
+  module Framework
+    module JtR
+
+      # This class is the generic Exception raised by a {Wordlist} when
+      # it fails validation. It rolls up all validation errors into a
+      # single exception so that all errors can be dealt with at once.
+      class InvalidWordlist < StandardError
+        attr_reader :model
+
+        def initialize(model)
+          @model = model
+
+          errors = @model.errors.full_messages.join(', ')
+          super(errors)
+        end
+      end
+    end
+  end
+end
\ No newline at end of file
diff --git a/lib/metasploit/framework/jtr/wordlist.rb b/lib/metasploit/framework/jtr/wordlist.rb
index 9c0db0b588..588366caf9 100644
--- a/lib/metasploit/framework/jtr/wordlist.rb
+++ b/lib/metasploit/framework/jtr/wordlist.rb
@@ -6,16 +6,78 @@ module Metasploit
       class Wordlist
         include ActiveModel::Validations
 
+        # @!attribute appenders
+        #   @return [Array] an array of strings to append to each word
         attr_accessor :appenders
+
+        # @!attribute custom_wordlist
+        #   @return [String] the path to a custom wordlist file to include
         attr_accessor :custom_wordlist
+
+        # @!attribute mutate
+        #   @return [TrueClass] if you want each word mutated as it is added
+        #   @return [FalseClass] if you do not want each word mutated
         attr_accessor :mutate
+
+        # @!attribute prependers
+        #   @return [Array] an array of strings to prepend to each word
         attr_accessor :prependers
+
+        # @!attribute use_common_root
+        #   @return [TrueClass] if you want to use the common root words wordlist
+        #   @return [FalseClass] if you do not want to use the common root words wordlist
         attr_accessor :use_common_root
+
+        # @!attribute use_creds
+        #   @return [TrueClass] if you want to seed the wordlist with existing credential data from the database
+        #   @return [FalseClass] if you do not want to seed the wordlist with existing credential data from the database
         attr_accessor :use_creds
+
+        # @!attribute use_db_info
+        #   @return [TrueClass] if you want to seed the wordlist with looted database names and schemas
+        #   @return [FalseClass] if you do not want to seed the wordlist with looted database names and schemas
         attr_accessor :use_db_info
+
+        # @!attribute use_default_wordlist
+        #   @return [TrueClass] if you want to use the default wordlist
+        #   @return [FalseClass] if you do not want to use the default wordlist
         attr_accessor :use_default_wordlist
+
+        # @!attribute use_hostnames
+        #   @return [TrueClass] if you want to seed the wordlist with existing hostnames from the database
+        #   @return [FalseClass] if you do not want to seed the wordlist with existing hostnames from the database
         attr_accessor :use_hostnames
 
+        validates :mutate,
+                  inclusion: { in: [true, false] }
+
+        validates :use_common_root,
+                  inclusion: { in: [true, false] }
+
+        validates :use_creds,
+                  inclusion: { in: [true, false] }
+
+        validates :use_db_info,
+                  inclusion: { in: [true, false] }
+
+        validates :use_default_wordlist,
+                  inclusion: { in: [true, false] }
+
+        validates :use_hostnames,
+                  inclusion: { in: [true, false] }
+
+
+        # Raise an exception if the attributes are not valid.
+        #
+        # @raise [Invalid] if the attributes are not valid on this scanner
+        # @return [void]
+        def valid!
+          unless valid?
+            raise Metasploit::Framework::JtR::InvalidWordlist.new(self)
+          end
+          nil
+        end
+
       end
 
     end
diff --git a/spec/lib/metasploit/framework/jtr/invalid_wordlist_spec.rb b/spec/lib/metasploit/framework/jtr/invalid_wordlist_spec.rb
new file mode 100644
index 0000000000..9061e2c78a
--- /dev/null
+++ b/spec/lib/metasploit/framework/jtr/invalid_wordlist_spec.rb
@@ -0,0 +1,38 @@
+require 'spec_helper'
+require 'metasploit/framework/jtr/invalid_wordlist'
+
+describe Metasploit::Framework::JtR::InvalidWordlist do
+
+  subject(:invalid) do
+    described_class.new(model)
+  end
+
+  let(:model) do
+    model_class.new
+  end
+
+  let(:model_class) do
+    Class.new do
+      include ActiveModel::Validations
+    end
+  end
+
+  it { should be_a StandardError }
+
+  it 'should use ActiveModel::Errors#full_messages' do
+    model.errors.should_receive(:full_messages).and_call_original
+
+    described_class.new(model)
+  end
+
+  context '#model' do
+    subject(:error_model) do
+      invalid.model
+    end
+
+    it 'should be the passed in model' do
+      error_model.should == model
+    end
+  end
+
+end
\ No newline at end of file