Squash commit for blank creds search and test

Tod Beardsley · Tod Beardsley · commit 2294ea0e93e0 · 2015-01-26T16:26:30.000-06:00
This should fix up rapid7#4642 with respect to rapid7#4504. Squashed commit of the following: commit 124d53ccb00cd200bede092e893dda7e033d3e17 Merge: cb2bef8 ccad159 Author: Tod Beardsley <tod_beardsley@rapid7.com> Date: Mon Jan 26 16:23:03 2015 -0600 Merge branch 'feature/creds-blank-finders' into temp commit ccad159 Author: Tod Beardsley <tod_beardsley@rapid7.com> Date: Mon Jan 26 15:58:02 2015 -0600 Clean out whitespace, make vars more meaningful commit 266b45d Author: Tod Beardsley <tod_beardsley@rapid7.com> Date: Mon Jan 26 15:54:32 2015 -0600 Add some specs for regular users and blank users commit 2e51503 Author: Tod Beardsley <tod_beardsley@rapid7.com> Date: Mon Jan 26 15:04:03 2015 -0600 Users should be able to find blank user/pass
diff --git a/lib/msf/ui/console/command_dispatcher/db.rb b/lib/msf/ui/console/command_dispatcher/db.rb
@@ -868,6 +868,16 @@ def creds_search(*args)
         # Exclude creds that don't match the given type
         next if type.present? && !core.private.kind_of?(type)
 
+        # Exclude non-blank username creds if that's what we're after
+        if user_regex.present? && user_regex == // && !core.public.username.blank?
+          next
+        end
+
+        # Exclude non-blank password creds if that's what we're after
+        if pass_regex.present? && pass_regex == // && !core.private.data.blank?
+          next
+        end
+
         # Exclude creds that don't match the given user
         if user_regex.present? && !core.public.username.match(user_regex)
           next
diff --git a/spec/lib/msf/ui/console/command_dispatcher/db_spec.rb b/spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
@@ -65,6 +65,73 @@
   it { is_expected.to respond_to :set_rhosts_from_addrs }
 
   describe "#cmd_creds" do
+
+    describe "-u" do
+      let(:username)            { "thisuser" }
+      let(:password)            { "thispass" }
+      let(:nomatch_username)    { "thatuser" }
+      let(:nomatch_password)    { "thatpass" }
+      let(:blank_username)      { "" }
+      let(:blank_password)      { "" }
+      let(:nonblank_username)   { "nonblank_user" }
+      let(:nonblank_password)   { "nonblank_pass" }
+      before(:each) do
+        priv = FactoryGirl.create(:metasploit_credential_password, data: password)
+        pub = FactoryGirl.create(:metasploit_credential_username, username: username)
+        core = FactoryGirl.create(:metasploit_credential_core,
+                                  origin: FactoryGirl.create(:metasploit_credential_origin_import),
+                                  private: priv,
+                                  public: pub,
+                                  realm: nil,
+                                  workspace: framework.db.workspace)
+        nonblank_priv = FactoryGirl.create(:metasploit_credential_password, data: nonblank_password)
+        blank_pub = FactoryGirl.create(:metasploit_credential_blank_username)
+        core = FactoryGirl.create(:metasploit_credential_core,
+                                  origin: FactoryGirl.create(:metasploit_credential_origin_import),
+                                  private: nonblank_priv,
+                                  public: blank_pub,
+                                  realm: nil,
+                                  workspace: framework.db.workspace)
+      end
+      context "when the credential is present" do
+        it "should show a user that matches the given expression" do
+          db.cmd_creds("-u", username)
+          @output.should =~ [
+            "Credentials",
+            "===========",
+            "",
+            "host  service  public    private   realm  private_type",
+            "----  -------  ------    -------   -----  ------------",
+            "               thisuser  thispass         Password",
+          ]
+        end
+        context "and when the username is blank" do
+          it "should show a user that matches the given expression" do
+            db.cmd_creds("-u", "")
+            @output.should =~ [
+              "Credentials",
+              "===========",
+              "",
+              "host  service  public  private        realm  private_type",
+              "----  -------  ------  -------        -----  ------------",
+              "                       nonblank_pass         Password"
+            ]
+          end
+        end
+      end
+      context "when the credential is absent" do
+        it "should return a blank set" do
+          db.cmd_creds("-u", nomatch_username)
+          @output.should =~ [
+            "===========",
+            "Credentials",
+            "",
+            "----  -------  ------  -------  -----  ------------",
+            "host  service  public  private  realm  private_type"
+          ]
+        end
+      end
+    end
     describe "add-password" do
       let(:username) { "username" }
       let(:password) { "password" }
