infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12 from jvazquez-r7/review_4989 

Keep old values when bad file plus specs
bug/bundler_fix
HD Moore 2015-04-20 19:27:21 -05:00
parent c7da9d6f79 831e65261d
commit ea5673e080
3 changed files with 90 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/msf/core/option_container.rb
View File

@ -378,17 +378,18 @@ class OptAddressRange < OptBase
def normalize(value) def normalize(value)
return nil unless value.kind_of?(String) return nil unless value.kind_of?(String)
if (value =~ /^rand:(.*)/) if value =~ /^rand:(.*)/
count = $1.to_i count = $1.to_i
return false if count < 1 return false if count < 1
ret = '' ret = ''
count.times { count.times do
ret << " " if not ret.empty? ret << ' ' unless ret.empty?
ret << [ rand(0x100000000) ].pack("N").unpack("C*").map{|x| x.to_s }.join(".") ret << [ rand(0x100000000) ].pack('N').unpack('C*').map{|x| x.to_s }.join('.')
} end
return ret return ret
end end
return value
value
end end
def valid?(value) def valid?(value)

25
lib/msf/ui/console/command_dispatcher/core.rb
View File

@ -2068,13 +2068,26 @@ class Core
return true return true
end end
# If the value starts with file: and exists, load the file as the value # If the value starts with file: exists, and size isn't too big load the file as the value
if value =~ /^file:(.*)/ && ::File.file?($1) # Otherwise keep the old value
if value =~ /^file:(.*)/
fname = $1 fname = $1
if ::File.size(fname) > (1024*1024)
print_error("The file name specified is too big (over 1Mb)") begin
else fd = ::File.new(fname, 'rb')
::File.open(fname, "rb") {|fd| value = fd.read(fd.stat.size) } rescue ::Errno::ENOENT
print_error('The file name specified does not exist')
value = datastore[name]
fd = nil
end
if fd && fd.stat.size > (1024 * 1024)
print_error('The file name specified is too big (over 1Mb)')
value = datastore[name]
fd.close
elsif fd
value = fd.read(fd.stat.size)
fd.close
end end
end end

64
spec/lib/msf/ui/console/command_dispatcher/core_spec.rb
View File

@ -160,6 +160,70 @@ describe Msf::Ui::Console::CommandDispatcher::Core do
it "should show the correct value when both the module and the framework have this variable" do it "should show the correct value when both the module and the framework have this variable" do
set_and_test_variable(name, 'FRAMEWORK', 'MODULE', /^#{name} => FRAMEWORK$/, /^#{name} => MODULE$/) set_and_test_variable(name, 'FRAMEWORK', 'MODULE', /^#{name} => FRAMEWORK$/, /^#{name} => MODULE$/)
end end
context "when using file: prefix in the value" do
context "when the file exists" do
before(:each) do
allow(::File).to receive(:new) do |filename, mode|
fd = StringIO.new(file_contents, mode)
fd
end
allow_any_instance_of(::StringIO).to receive(:stat) do |io|
file_contents
end
end
context "when the size is 1MB" do
let(:file_name) do
::Rex::Text.rand_text_alpha(10).upcase
end
let(:file_contents) do
::Rex::Text.rand_text_alpha(1024 * 1024).upcase
end
it "should show the new value" do
set_and_test_variable(name, nil, "file:/#{file_name}", nil, /^#{name} => #{file_contents}$/)
end
end
context "when the size is greater than 1MB" do
let(:file_name) do
::Rex::Text.rand_text_alpha(10).upcase
end
let(:file_contents) do
::Rex::Text.rand_text_alpha(1024 * 1025).upcase
end
it "should show the old value" do
set_and_test_variable(name, nil, "file:/#{file_name}", nil, /^#{name} => $/)
end
end
context "when the size is less than 1MB" do
let(:file_name) do
::Rex::Text.rand_text_alpha(10).upcase
end
let(:file_contents) do
::Rex::Text.rand_text_alpha(10).upcase
end
it "should show the new value" do
set_and_test_variable(name, nil, "file:/#{file_name}", nil, /^#{name} => #{file_contents}$/)
end
end
end
context "when the file doesn't exist" do
it "should show the old value" do
set_and_test_variable(name, nil, "file:/#{::Rex::Text.rand_text_alpha(10).upcase}", nil, /^#{name} => $/)
end
end
end
end end
end end
end end