Add example to describe how send_request handles a JSESSIONID cookie

jvazquez-r7 · jvazquez-r7 · commit 424d1ec47f3b · 2014-09-07T19:33:56.000-05:00
diff --git a/spec/lib/metasploit/framework/login_scanner/glassfish_spec.rb b/spec/lib/metasploit/framework/login_scanner/glassfish_spec.rb
@@ -4,10 +4,11 @@
 
 describe Metasploit::Framework::LoginScanner::Glassfish do
 
+  subject(:http_scanner) { described_class.new }
+
   it_behaves_like 'Metasploit::Framework::LoginScanner::Base',  has_realm_key: true, has_default_realm: false
   it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
 
-  subject(:http_scanner) { described_class.new }
 
   let(:good_version) do
     '4.0'
@@ -50,6 +51,13 @@
       allow_any_instance_of(Rex::Proto::Http::Client).to receive(:send_recv).and_return(Rex::Proto::Http::Response.new(res_code))
       expect(http_scanner.send_request(req_opts)).to be_kind_of(Rex::Proto::Http::Response)
     end
+
+    it 'parses JSESSIONID session cookies' do
+      allow_any_instance_of(Rex::Proto::Http::Client).to receive(:send_recv).and_return(Rex::Proto::Http::Response.new(res_code))
+      allow_any_instance_of(Rex::Proto::Http::Response).to receive(:get_cookies).and_return("JSESSIONID=JSESSIONID_MAGIC_VALUE;")
+      http_scanner.send_request(req_opts)
+      expect(http_scanner.jsession).to eq("JSESSIONID_MAGIC_VALUE")
+    end
   end
 
   context '#is_secure_admin_disabled?' do
