Add specs to verify server header matching

bug/bundler_fix
James Lee 2014-09-11 11:42:38 -05:00
parent 9151c2c79d
commit a8e3ff0c0f
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
2 changed files with 28 additions and 5 deletions

View File

@ -194,8 +194,8 @@ module Metasploit
# @return [nil] If the banner did not match any of the expected values
def extract_version(banner)
# Set version. Some GlassFish servers return banner "GlassFish v3".
if banner =~ /(GlassFish Server|Open Source Edition)[[:blank:]]*(\d\.\d)/
@version = $2
if banner =~ /GlassFish Server(?: Open Source Edition)?[[:blank:]]*(\d\.\d)/
@version = $1
elsif banner =~ /GlassFish v(\d)/
@version = $1
elsif banner =~ /Sun GlassFish Enterprise Server v2/

View File

@ -297,12 +297,35 @@ describe Metasploit::Framework::LoginScanner::Glassfish do
end
context '#extract_version' do
let(:server_header) { "GlassFish Server Open Source Edition 4.0" }
# Thanks to shodan for Server headers
subject(:extracted_version) { http_scanner.extract_version(server_header) }
specify do
expect(http_scanner.extract_version(server_header)).to eq("4.0")
context 'with 9.1 header' do
let(:server_header) { "Sun Java System Application Server 9.1_02" }
it { is_expected.to start_with("9") }
end
context 'with 4.0 header' do
let(:server_header) { "GlassFish Server Open Source Edition 4.0" }
it { is_expected.to start_with("4") }
end
context 'with 3.0 header' do
let(:server_header) { "GlassFish Server Open Source Edition 3.0.1" }
it { is_expected.to start_with("3") }
end
context 'with 2.1 header' do
let(:server_header) { "Sun GlassFish Enterprise Server v2.1" }
it { is_expected.to start_with("2") }
end
context 'with bogus header' do
let(:server_header) { "Apache-Coyote/1.1" }
it { is_expected.to be_nil }
end
end
end