infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Escape HTML for KB and update rspec

bug/bundler_fix
wchen-r7 2016-03-08 10:10:10 -06:00
parent ee63464b8c
commit 58b8c35146
3 changed files with 41 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
data/markdown_doc/post_demo_template.erb
View File

@ -28,13 +28,13 @@ If you wish to run the post against all sessions from framework, here is how:
1 - Create the following resource script: 1 - Create the following resource script:
``` ```
&#x3c;ruby&#x3e; <ruby>
framework.sessions.each_pair do |sid, session| framework.sessions.each_pair do |sid, session|
run_single("use <%= mod.fullname %>") run_single("use <%= mod.fullname %>")
run_single("set SESSION #{sid}") run_single("set SESSION #{sid}")
run_single("run") run_single("run")
end end
&#x3c;/ruby&#x3e; </ruby>
``` ```
2 - At the msf prompt, execute the above resource script: 2 - At the msf prompt, execute the above resource script:

54
lib/msf/util/document_generator/normalizer.rb
View File

@ -37,22 +37,22 @@ module Msf
# Markdown templates # Markdown templates
# #
CSS_BASE_PATH = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'markdown.css')) CSS_BASE_PATH = 'markdown.css'
HTML_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'html_template.erb')) HTML_TEMPLATE = 'html_template.erb'
TEMPLATE_PATH = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'default_template.erb')) TEMPLATE_PATH = 'default_template.erb'
# #
# Demo templates # Demo templates
# #
REMOTE_EXPLOIT_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'remote_exploit_demo_template.erb')) REMOTE_EXPLOIT_DEMO_TEMPLATE = 'remote_exploit_demo_template.erb'
BES_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'bes_demo_template.erb')) BES_DEMO_TEMPLATE = 'bes_demo_template.erb'
HTTPSERVER_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'httpserver_demo_template.erb')) HTTPSERVER_DEMO_TEMPLATE = 'httpserver_demo_template.erb'
GENERIC_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'generic_demo_template.erb')) GENERIC_DEMO_TEMPLATE = 'generic_demo_template.erb'
LOCALEXPLOIT_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'localexploit_demo_template.erb')) LOCALEXPLOIT_DEMO_TEMPLATE = 'localexploit_demo_template.erb'
POST_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'post_demo_template.erb')) POST_DEMO_TEMPLATE = 'post_demo_template.erb'
AUXILIARY_SCANNER_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'auxiliary_scanner_template.erb')) AUXILIARY_SCANNER_DEMO_TEMPLATE = 'auxiliary_scanner_template.erb'
PAYLOAD_DEMO_TEMPLATE = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', 'payload_demo_template.erb')) PAYLOAD_DEMO_TEMPLATE = 'payload_demo_template.erb'
# Returns the module document in HTML form. # Returns the module document in HTML form.
@ -63,10 +63,11 @@ module Msf
def get_md_content(items, kb) def get_md_content(items, kb)
@md_template ||= lambda { @md_template ||= lambda {
template = '' template = ''
File.open(TEMPLATE_PATH, 'rb') { |f| template = f.read } path = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', TEMPLATE_PATH))
File.open(path, 'rb') { |f| template = f.read }
return template return template
}.call }.call
md_to_html(ERB.new(@md_template).result(binding()), kb) md_to_html(ERB.new(@md_template).result(binding()), h(kb))
end end
@ -79,7 +80,8 @@ module Msf
def load_css def load_css
@css ||= lambda { @css ||= lambda {
data = '' data = ''
File.open(CSS_BASE_PATH, 'rb') { |f| data = f.read } path = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', CSS_BASE_PATH))
File.open(path, 'rb') { |f| data = f.read }
return data return data
}.call }.call
end end
@ -94,7 +96,8 @@ module Msf
r = Redcarpet::Markdown.new(Redcarpet::Render::MsfMdHTML, fenced_code_blocks: true, no_intra_emphasis: true, escape_html: true) r = Redcarpet::Markdown.new(Redcarpet::Render::MsfMdHTML, fenced_code_blocks: true, no_intra_emphasis: true, escape_html: true)
ERB.new(@html_template ||= lambda { ERB.new(@html_template ||= lambda {
html_template = '' html_template = ''
File.open(HTML_TEMPLATE, 'rb') { |f| html_template = f.read } path = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', HTML_TEMPLATE))
File.open(path, 'rb') { |f| html_template = f.read }
return html_template return html_template
}.call).result(binding()) }.call).result(binding())
end end
@ -207,13 +210,14 @@ module Msf
end end
# Returns a parsed ERB template. # Returns a parsed demo ERB template.
# #
# @param mod [Msf::Module] Metasploit module. # @param mod [Msf::Module] Metasploit module.
# @param path [String] Template path. # @param path [String] Template path.
# @return [String] # @return [String]
def load_template(mod, path) def load_demo_template(mod, path)
data = '' data = ''
path = File.expand_path(File.join(Msf::Config.data_directory, 'markdown_doc', path))
File.open(path, 'rb') { |f| data = f.read } File.open(path, 'rb') { |f| data = f.read }
ERB.new(data).result(binding()) ERB.new(data).result(binding())
end end
@ -244,21 +248,21 @@ module Msf
# @return [String] # @return [String]
def normalize_demo_output(mod) def normalize_demo_output(mod)
if mod.kind_of?(Msf::Exploit::Remote::BrowserExploitServer) && mod.shortname != 'browser_autopwn2' if mod.kind_of?(Msf::Exploit::Remote::BrowserExploitServer) && mod.shortname != 'browser_autopwn2'
load_template(mod, BES_DEMO_TEMPLATE) load_demo_template(mod, BES_DEMO_TEMPLATE)
elsif mod.kind_of?(Msf::Exploit::Remote::HttpServer) elsif mod.kind_of?(Msf::Exploit::Remote::HttpServer)
load_template(mod, HTTPSERVER_DEMO_TEMPLATE) load_demo_template(mod, HTTPSERVER_DEMO_TEMPLATE)
elsif mod.kind_of?(Msf::Exploit::Local) elsif mod.kind_of?(Msf::Exploit::Local)
load_template(mod, LOCALEXPLOIT_DEMO_TEMPLATE) load_demo_template(mod, LOCALEXPLOIT_DEMO_TEMPLATE)
elsif mod.kind_of?(Msf::Post) elsif mod.kind_of?(Msf::Post)
load_template(mod, POST_DEMO_TEMPLATE) load_demo_template(mod, POST_DEMO_TEMPLATE)
elsif mod.kind_of?(Msf::Payload) elsif mod.kind_of?(Msf::Payload)
load_template(mod, PAYLOAD_DEMO_TEMPLATE) load_demo_template(mod, PAYLOAD_DEMO_TEMPLATE)
elsif mod.kind_of?(Msf::Auxiliary::Scanner) elsif mod.kind_of?(Msf::Auxiliary::Scanner)
load_template(mod, AUXILIARY_SCANNER_DEMO_TEMPLATE) load_demo_template(mod, AUXILIARY_SCANNER_DEMO_TEMPLATE)
elsif is_remote_exploit?(mod) elsif is_remote_exploit?(mod)
load_template(mod, REMOTE_EXPLOIT_DEMO_TEMPLATE) load_demo_template(mod, REMOTE_EXPLOIT_DEMO_TEMPLATE)
else else
load_template(mod, GENERIC_DEMO_TEMPLATE) load_demo_template(mod, GENERIC_DEMO_TEMPLATE)
end end
end end

20
spec/lib/msf/util/document_generator/normalizer_spec.rb
View File

@ -195,11 +195,11 @@ RSpec.describe Msf::Util::DocumentGenerator::DocumentNormalizer do
end end
end end
describe 'load_template' do describe 'load_demo_template' do
context 'when a BrowserExploitServer demo template path is given' do context 'when a BrowserExploitServer demo template path is given' do
it 'returns the demo' do it 'returns the demo' do
template = Msf::Util::DocumentGenerator::DocumentNormalizer::BES_DEMO_TEMPLATE template = Msf::Util::DocumentGenerator::DocumentNormalizer::BES_DEMO_TEMPLATE
expect(subject.send(:load_template, msf_mod, template)).to include('This module is also supported by Browser Autopwn 2') expect(subject.send(:load_demo_template, msf_mod, template)).to include('This module is also supported by Browser Autopwn 2')
end end
end end
end end
@ -208,42 +208,42 @@ RSpec.describe Msf::Util::DocumentGenerator::DocumentNormalizer do
context 'when the module is a kind of Msf::Exploit::Remote::HttpServer' do context 'when the module is a kind of Msf::Exploit::Remote::HttpServer' do
it 'returns the demo of HTTPSERVER_DEMO_TEMPLATE' do it 'returns the demo of HTTPSERVER_DEMO_TEMPLATE' do
template = Msf::Util::DocumentGenerator::DocumentNormalizer::HTTPSERVER_DEMO_TEMPLATE template = Msf::Util::DocumentGenerator::DocumentNormalizer::HTTPSERVER_DEMO_TEMPLATE
expect(subject.send(:load_template, msf_mod, template)).to include("use #{mod_fullname}") expect(subject.send(:load_demo_template, msf_mod, template)).to include("use #{mod_fullname}")
end end
end end
context 'when the module is a kind of Msf::Exploit::Local' do context 'when the module is a kind of Msf::Exploit::Local' do
it 'returns the content of LOCALEXPLOIT_DEMO_TEMPLATE' do it 'returns the content of LOCALEXPLOIT_DEMO_TEMPLATE' do
template = Msf::Util::DocumentGenerator::DocumentNormalizer::LOCALEXPLOIT_DEMO_TEMPLATE template = Msf::Util::DocumentGenerator::DocumentNormalizer::LOCALEXPLOIT_DEMO_TEMPLATE
expect(subject.send(:load_template, msf_mod, template)).to include('To run a local exploit, make sure you are at the msf prompt.') expect(subject.send(:load_demo_template, msf_mod, template)).to include('To run a local exploit, make sure you are at the msf prompt.')
end end
end end
context 'when the module is a kind of Msf::Post' do context 'when the module is a kind of Msf::Post' do
it 'returns the demo of POST_DEMO_TEMPLATE' do it 'returns the demo of POST_DEMO_TEMPLATE' do
template = Msf::Util::DocumentGenerator::DocumentNormalizer::POST_DEMO_TEMPLATE template = Msf::Util::DocumentGenerator::DocumentNormalizer::POST_DEMO_TEMPLATE
expect(subject.send(:load_template, msf_mod, template)).to include('There are two ways to execute this post module') expect(subject.send(:load_demo_template, msf_mod, template)).to include('There are two ways to execute this post module')
end end
end end
context 'when the module is a kind of Msf::Payload' do context 'when the module is a kind of Msf::Payload' do
it 'returns the demo of PAYLOAD_TEMPLATE' do it 'returns the demo of PAYLOAD_TEMPLATE' do
template = Msf::Util::DocumentGenerator::DocumentNormalizer::PAYLOAD_TEMPLATE template = Msf::Util::DocumentGenerator::DocumentNormalizer::PAYLOAD_DEMO_TEMPLATE
expect(subject.send(:load_template, msf_mod, template)).to include('> generate') expect(subject.send(:load_demo_template, msf_mod, template)).to include('> generate')
end end
end end
context 'when the module is a kind of Msf::Auxiliary::Scanner' do context 'when the module is a kind of Msf::Auxiliary::Scanner' do
it 'returns the demo of AUXILIARY_SCANNER_TEMPLATE' do it 'returns the demo of AUXILIARY_SCANNER_TEMPLATE' do
template = Msf::Util::DocumentGenerator::DocumentNormalizer::AUXILIARY_SCANNER_TEMPLATE template = Msf::Util::DocumentGenerator::DocumentNormalizer::AUXILIARY_SCANNER_DEMO_TEMPLATE
expect(subject.send(:load_template, msf_mod, template)).to include('This module is a scanner module') expect(subject.send(:load_demo_template, msf_mod, template)).to include('This module is a scanner module')
end end
end end
context 'when the module does not have a known kind' do context 'when the module does not have a known kind' do
it 'returns the demo of GENERIC_DEMO_TEMPLATE' do it 'returns the demo of GENERIC_DEMO_TEMPLATE' do
template = Msf::Util::DocumentGenerator::DocumentNormalizer::GENERIC_DEMO_TEMPLATE template = Msf::Util::DocumentGenerator::DocumentNormalizer::GENERIC_DEMO_TEMPLATE
expect(subject.send(:load_template, msf_mod, template)).to include('msf exploit') expect(subject.send(:load_demo_template, msf_mod, template)).to include('msf exploit')
end end
end end
end end