Rescue Errno::ENOENT from File.open in read_module_content

[Fixes #38426061, #38097411]

Msf::Modules::Loader::Directory#read_module_content may calculate a non-existent
module_path that gets passed to File.open causing an Errno::ENOENT exception
to be raised when using the module cache with a module that has been
moved to a new path (as is the case that originally found this bug) or
deleted.  Now, the exception is rescued and read_module_content returns
an empty string (''), which load_module detects with
module_content.empty? and returns earlier without attempting to module
eval the (empty) content.

As having Msf::Modules::Loader::Directory#read_module_content rescue the
exception, meant there was another place that needed to log and error
and store an error in Msf::ModuleManager#module_load_error_by_path, I
refactored the error reporting to call
Msf::Modules::Loader::Base#load_error, which handles writing to the log
and setting the Hash, so the error reporting is consistent across the
loaders.

The exception hierarchy was also refactored so that
namespace_module.metasploit_class now has an error raising counter-part:
namespace_module.metasploit_class! that can be used with
Msf::Modules::Loader::Base#load_error as it requires an exception, and
not just a string so the exception class, message, and backtrace can be
logged.

Author: limhoff-r7

lib/msf/core/modules/error.rb

@@ -0,0 +1,38 @@
+# Base error class for all error under {Msf::Modules}
+class Msf::Modules::Error < StandardError
+	def initialize(attributes={})
+		@module_path = attributes[:module_path]
+		@module_reference_name = attributes[:module_reference_name]
+
+		message_parts = []
+		message_parts << "Failed to load module"
+
+		if module_reference_name or module_path
+			clause_parts = []
+
+			if module_reference_name
+				clause_parts << module_reference_name
+			end
+
+			if module_path
+				clause_parts << "from #{module_path}"
+			end
+
+			clause = clause_parts.join(' ')
+			message_parts << "(#{clause})"
+		end
+
+		causal_message = attributes[:causal_message]
+
+		if causal_message
+			message_parts << "due to #{causal_message}"
+		end
+
+		message = message_parts.join(' ')
+
+		super(message)
+	end
+
+	attr_reader :module_reference_name
+	attr_reader :module_path
+end

lib/msf/core/modules/loader/base.rb

@@ -3,6 +3,7 @@
 #
 require 'msf/core/modules/loader'
 require 'msf/core/modules/namespace'
+require 'msf/core/modules/metasploit_class_compatibility_error'
 require 'msf/core/modules/version_compatibility_error'
 
 # Responsible for loading modules for {Msf::ModuleManager}.
@@ -117,12 +118,17 @@ def load_module(parent_path, type, module_reference_name, options={})
 
     metasploit_class = nil
 
+    module_content = read_module_content(parent_path, type, module_reference_name)
+
+    if module_content.empty?
+	    # read_module_content is responsible for calling {#load_error}, so just return here.
+	    return false
+    end
+
     loaded = namespace_module_transaction(type + "/" + module_reference_name, :reload => reload) { |namespace_module|
       # set the parent_path so that the module can be reloaded with #load_module
       namespace_module.parent_path = parent_path
 
-      module_content = read_module_content(parent_path, type, module_reference_name)
-
       begin
         namespace_module.module_eval_with_lexical_scope(module_content, module_path)
       # handle interrupts as pass-throughs unlike other Exceptions so users can bail with Ctrl+C
@@ -133,45 +139,33 @@ def load_module(parent_path, type, module_reference_name, options={})
         begin
           namespace_module.version_compatible!(module_path, module_reference_name)
         rescue Msf::Modules::VersionCompatibilityError => version_compatibility_error
-          error_message = "Failed to load module (#{module_path}) due to error and #{version_compatibility_error}"
+	        load_error(module_path, version_compatibility_error)
         else
-          error_message = "#{error.class} #{error}"
+	        load_error(module_path, error)
         end
 
-        # record the error message without the backtrace for the console
-        module_manager.module_load_error_by_path[module_path] = error_message
-
-        error_message_with_backtrace = "#{error_message}:\n#{error.backtrace.join("\n")}"
-        elog(error_message_with_backtrace)
-
         return false
       end
 
       begin
         namespace_module.version_compatible!(module_path, module_reference_name)
       rescue Msf::Modules::VersionCompatibilityError => version_compatibility_error
-        error_message = version_compatibility_error.to_s
-
-        elog(error_message)
-        module_manager.module_load_error_by_path[module_path] = error_message
+	      load_error(module_path, version_compatibility_error)
 
         return false
       end
 
-      metasploit_class = namespace_module.metasploit_class
-
-      unless metasploit_class
-        error_message = "Missing Metasploit class constant"
-
-        elog(error_message)
-        module_manager.module_load_error_by_path[module_path] = error_message
+      begin
+	      metasploit_class = namespace_module.metasploit_class!(module_path, module_reference_name)
+      rescue Msf::Modules::MetasploitClassCompatibilityError => error
+	      load_error(module_path, error)
 
-        return false
+	      return false
       end
 
       unless usable?(metasploit_class)
         ilog(
-            "Skipping module #{module_reference_name} under #{parent_path} because is_usable returned false.",
+            "Skipping module (#{module_reference_name} from #{module_path}) because is_usable returned false.",
             'core',
             LEV_1
         )
@@ -409,6 +403,28 @@ def each_module_reference_name(path)
     raise ::NotImplementedError
   end
 
+	# Records the load error to {Msf::ModuleManager::Loading#module_load_error_by_path} and the log.
+	#
+	# @param [String] module_path Path to the module as returned by {#module_path}.
+	# @param [Exception, #class, #to_s, #backtrace] error the error that cause the module not to load.
+	# @return [void]
+	#
+	# @see #module_path
+	def load_error(module_path, error)
+		# module_load_error_by_path does not get the backtrace because the value is echoed to the msfconsole where
+		# backtraces should not appear.
+	  module_manager.module_load_error_by_path[module_path] = "#{error.class} #{error}"
+
+		log_lines = []
+	  log_lines << "#{module_path} failed to load due to the following error:"
+		log_lines << error.class.to_s
+		log_lines << error.to_s
+		log_lines += error.backtrace
+
+		log_message = log_lines.join("\n")
+		elog(log_message)
+	end
+
   # @return [Msf::ModuleManager] The module manager for which this loader is loading modules.
   attr_reader :module_manager
 

lib/msf/core/modules/loader/directory.rb

@@ -75,13 +75,17 @@ def read_module_content(parent_path, type, module_reference_name)
 
     module_content = ''
 
-    # force to read in binary mode so Pro modules won't be truncated on Windows
-    File.open(full_path, 'rb') do |f|
-      # Pass the size of the file as it leads to faster reads due to fewer buffer resizes. Greatest effect on Windows.
-      # @see http://www.ruby-forum.com/topic/209005
-      # @see https://github.com/ruby/ruby/blob/ruby_1_8_7/io.c#L1205
-      # @see https://github.com/ruby/ruby/blob/ruby_1_9_3/io.c#L2038
-      module_content = f.read(f.stat.size)
+    begin
+	    # force to read in binary mode so Pro modules won't be truncated on Windows
+	    File.open(full_path, 'rb') do |f|
+		    # Pass the size of the file as it leads to faster reads due to fewer buffer resizes. Greatest effect on Windows.
+		    # @see http://www.ruby-forum.com/topic/209005
+		    # @see https://github.com/ruby/ruby/blob/ruby_1_8_7/io.c#L1205
+		    # @see https://github.com/ruby/ruby/blob/ruby_1_9_3/io.c#L2038
+		    module_content = f.read(f.stat.size)
+	    end
+    rescue Errno::ENOENT => error
+	    load_error(full_path, error)
     end
 
     module_content

lib/msf/core/modules/metasploit_class_compatibility_error.rb

@@ -0,0 +1,13 @@
+require 'msf/core/modules/error'
+
+# Error raised by {Msf::Modules::Namespace#metasploit_class!} if it cannot the namespace_module does not have a constant
+# with {Msf::Framework::Major} or lower as a number after 'Metasploit', which indicates a compatible Msf::Module.
+class Msf::Modules::MetasploitClassCompatibilityError < Msf::Modules::Error
+  def initialize(attributes={})
+	  super_attributes = {
+			  :causal_message => 'Missing compatible Metasploit<major_version> class constant',
+	  }.merge(attributes)
+
+	  super(super_attributes)
+  end
+end

lib/msf/core/modules/namespace.rb

@@ -10,8 +10,6 @@ module Msf::Modules::Namespace
   # @return [nil] if such as class is not defined.
   def metasploit_class
     metasploit_class = nil
-    # don't search ancestors for the metasploit_class
-    #inherit = false
 
     ::Msf::Framework::Major.downto(1) do |major|
       # Since we really only care about the deepest namespace, we don't
@@ -29,6 +27,19 @@ def metasploit_class
     metasploit_class
   end
 
+  def metasploit_class!(module_path, module_reference_name)
+	  metasploit_class = self.metasploit_class
+
+	  unless metasploit_class
+		  raise Msf::Modules::MetasploitClassCompatibilityError.new(
+				        :module_path => module_path,
+				        :module_reference_name => module_reference_name
+		        )
+	  end
+
+	  metasploit_class
+  end
+
   # Raises an error unless {Msf::Framework::VersionCore} and {Msf::Framework::VersionAPI} meet the minimum required
   # versions defined in RequiredVersions in the module content.
   #

lib/msf/core/modules/version_compatibility_error.rb

@@ -1,20 +1,43 @@
+require 'msf/core/modules/error'
+
 # Error raised by {Msf::Modules::Namespace#version_compatible!} on {Msf::Modules::Loader::Base#create_namespace_module}
 # if the API or Core version does not meet the minimum requirements defined in the RequiredVersions constant in the
 # {Msf::Modules::Loader::Base#read_module_content module content}.
-class Msf::Modules::VersionCompatibilityError < StandardError
+class Msf::Modules::VersionCompatibilityError < Msf::Modules::Error
   # @param [Hash{Symbol => Float}] attributes
   # @option attributes [Float] :minimum_api_version The minimum {Msf::Framework::VersionAPI} as defined in
   #   RequiredVersions.
   # @option attributes [Float] :minimum_core_version The minimum {Msf::Framework::VersionCore} as defined in
   #   RequiredVersions.
   def initialize(attributes={})
-    @module_path = attributes[:module_path]
-    @module_reference_name = attributes[:module_reference_name]
     @minimum_api_version = attributes[:minimum_api_version]
     @minimum_core_version = attributes[:minimum_core_version]
 
-    super("Failed to reload module (#{module_reference_name} from #{module_path}) due to version check " \
-          "(requires API:#{minimum_api_version} Core:#{minimum_core_version})")
+    message_parts = []
+    message_parts << 'version check'
+
+    if minimum_api_version or minimum_core_version
+	    clause_parts = []
+
+	    if minimum_api_version
+		    clause_parts << "API >= #{minimum_api_version}"
+	    end
+
+	    if minimum_core_version
+		    clause_parts << "Core >= #{minimum_core_version}"
+	    end
+
+	    clause = clause_parts.join(' and ')
+	    message_parts << "(requires #{clause})"
+    end
+
+    causal_message = message_parts.join(' ')
+
+    super_attributes = {
+		    :causal_message => causal_message
+    }.merge(attributes)
+
+    super(super_attributes)
   end
 
   # @return [Float] The minimum value of {Msf::Framework::VersionAPI} for the module to be compatible.

spec/lib/msf/core/modules/error_spec.rb

@@ -0,0 +1,101 @@
+require 'spec_helper'
+
+describe Msf::Modules::Error do
+	context 'instance methods' do
+		context '#initialize' do
+      include_context 'Msf::Modules::Error attributes'
+
+			context 'with :causal_message' do
+				subject do
+					described_class.new(:causal_message => causal_message)
+				end
+
+				it 'should include causal_message in error' do
+					subject.to_s.should == "Failed to load module due to #{causal_message}"
+				end
+			end
+
+			context 'with :causal_message and :module_path' do
+				subject do
+					described_class.new(
+							:causal_message => causal_message,
+							:module_path => module_path
+					)
+				end
+
+				it 'should include causal_message and module_path in error' do
+					subject.to_s.should == "Failed to load module (from #{module_path}) due to #{causal_message}"
+				end
+			end
+
+			context 'with :causal_message and :module_reference_name' do
+        subject do
+	        described_class.new(
+			        :causal_message => causal_message,
+	            :module_reference_name => module_reference_name
+	        )
+        end
+
+				it 'should include causal_message and module_reference_name in error' do
+					subject.to_s.should == "Failed to load module (#{module_reference_name}) due to #{causal_message}"
+				end
+			end
+
+			context 'with :causal_message, :module_path, and :module_reference_nam' do
+				subject do
+					described_class.new(
+							:causal_message => causal_message,
+					    :module_path => module_path,
+					    :module_reference_name => module_reference_name
+					)
+				end
+
+				it 'should include causal_message, module_path, and module_reference_name in error' do
+					subject.to_s.should == "Failed to load module (#{module_reference_name} from #{module_path}) due to #{causal_message}"
+				end
+			end
+
+			context 'with :module_path' do
+				subject do
+					described_class.new(:module_path => module_path)
+				end
+
+				it 'should use :module_path for module_path' do
+					subject.module_path.should == module_path
+				end
+
+				it 'should include module_path in error' do
+					subject.to_s.should == "Failed to load module (from #{module_path})"
+				end
+			end
+
+			context 'with :module_path and :module_reference_name' do
+				subject do
+					described_class.new(
+							:module_path => module_path,
+							:module_reference_name => module_reference_name
+					)
+				end
+
+				it 'should include module_path and module_reference_name in error' do
+					subject.to_s.should == "Failed to load module (#{module_reference_name} from #{module_path})"
+				end
+			end
+
+			context 'with :module_reference_name' do
+				subject do
+					described_class.new(:module_reference_name => module_reference_name)
+				end
+
+				it 'should use :module_reference_name for module_reference_name' do
+					subject.module_reference_name.should == module_reference_name
+				end
+
+				it 'should include module_reference_name in error' do
+					subject.to_s.should == "Failed to load module (#{module_reference_name})"
+				end
+			end
+
+		end
+	end
+end