Lands #3779, specs

MSP-11343 Merge specs that I missed during last merge.
2014-09-12 14:49:26 -05:00 · 2014-09-12 14:49:26 -05:00 · b80519dc16
parent 373861abb0 0ab36453b9
commit b80519dc16
2 changed files with 33 additions and 5 deletions
--- a/lib/metasploit/framework/login_scanner/glassfish.rb
+++ b/lib/metasploit/framework/login_scanner/glassfish.rb
@ -194,8 +194,8 @@ module Metasploit
        # @return [nil] If the banner did not match any of the expected values
        def extract_version(banner)
          # Set version.  Some GlassFish servers return banner "GlassFish v3".
-          if banner =~ /(GlassFish Server|Open Source Edition)[[:blank:]]*(\d\.\d)/
-            @version = $2
+          if banner =~ /GlassFish Server(?: Open Source Edition)?[[:blank:]]*(\d\.\d)/
+            @version = $1
          elsif banner =~ /GlassFish v(\d)/
            @version = $1
          elsif banner =~ /Sun GlassFish Enterprise Server v2/
--- a/spec/lib/metasploit/framework/login_scanner/glassfish_spec.rb
+++ b/spec/lib/metasploit/framework/login_scanner/glassfish_spec.rb
@ -297,12 +297,40 @@ describe Metasploit::Framework::LoginScanner::Glassfish do
  end

  context '#extract_version' do
-    let(:server_header) { "GlassFish Server Open Source Edition  4.0" }
+    # Thanks to shodan for Server headers
+    subject(:extracted_version) { http_scanner.extract_version(server_header) }

-    specify do
-      expect(http_scanner.extract_version(server_header)).to eq("4.0")
+    context 'with 9.1 header' do
+      let(:server_header) { "Sun Java System Application Server 9.1_02" }
+      it { is_expected.to start_with("9") }
    end

+    context 'with 4.0 header' do
+      let(:server_header) { "GlassFish Server Open Source Edition  4.0" }
+      it { is_expected.to start_with("4") }
+    end
+
+    context 'with 3.0 header' do
+      let(:server_header) { "GlassFish Server Open Source Edition 3.0.1" }
+      it { is_expected.to start_with("3") }
+    end
+
+    context 'with non-open-source header' do
+      let(:server_header) { "Oracle GlassFish Server 3.1.2.3" }
+      it { is_expected.to start_with("3") }
+    end
+
+    context 'with 2.1 header' do
+      let(:server_header) { "Sun GlassFish Enterprise Server v2.1" }
+      it { is_expected.to start_with("2") }
+    end
+
+    context 'with bogus header' do
+      let(:server_header) { "Apache-Coyote/1.1" }
+      it { is_expected.to be_nil }
+    end
+
+
  end

 end