Land rapid7#9024, fix bug when manually adding loot

cmd_loot was throwing a stack trace when the host was not properly defined.
This fixes it to give a useful error message.

Author: jbarnett-r7

lib/msf/ui/console/command_dispatcher/db.rb

@@ -479,7 +479,7 @@ def cmd_hosts(*args)
         'SortIndex' => order_by
       })
 
-    # Sentinal value meaning all
+    # Sentinel value meaning all
     host_ranges.push(nil) if host_ranges.empty?
 
     case
@@ -717,7 +717,7 @@ def cmd_services(*args)
         'SortIndex' => order_by
       })
 
-    # Sentinal value meaning all
+    # Sentinel value meaning all
     host_ranges.push(nil) if host_ranges.empty?
     ports = nil if ports.empty?
 
@@ -1115,7 +1115,7 @@ def make_sortable(input)
   def cmd_loot_help
     print_line "Usage: loot <options>"
     print_line " Info: loot [-h] [addr1 addr2 ...] [-t <type1,type2>]"
-    print_line "  Add: loot -f [fname] -i [info] -a [addr1 addr2 ...] [-t [type]"
+    print_line "  Add: loot -f [fname] -i [info] -a [addr1 addr2 ...] -t [type]"
     print_line "  Del: loot -d [addr1 addr2 ...]"
     print_line
     print_line "  -a,--add          Add loot to the list of addresses, instead of listing"
@@ -1187,34 +1187,38 @@ def cmd_loot(*args)
         'Columns' => [ 'host', 'service', 'type', 'name', 'content', 'info', 'path' ],
       })
 
-    # Sentinal value meaning all
+    # Sentinel value meaning all
     host_ranges.push(nil) if host_ranges.empty?
 
-  if mode == :add
-    if info.nil?
-      print_error("Info required")
-      return
-    end
-    if filename.nil?
-      print_error("Loot file required")
-      return
-    end
-    if types.nil? or types.size != 1
-      print_error("Exactly one loot type is required")
-      return
-    end
-    type = types.first
-    name = File.basename(filename)
-    host_ranges.each do |range|
-      range.each do |host|
-        file = File.open(filename, "rb")
-        contents = file.read
-        lootfile = framework.db.find_or_create_loot(:type => type, :host => host, :info => info, :data => contents, :path => filename, :name => name)
-        print_status("Added loot for #{host} (#{lootfile})")
+    if mode == :add
+      if host_ranges.compact.empty?
+        print_error('Address list required')
+        return
+      end
+      if info.nil?
+        print_error("Info required")
+        return
       end
+      if filename.nil?
+        print_error("Loot file required")
+        return
+      end
+      if types.nil? or types.size != 1
+        print_error("Exactly one loot type is required")
+        return
+      end
+      type = types.first
+      name = File.basename(filename)
+      file = File.open(filename, "rb")
+      contents = file.read
+      host_ranges.each do |range|
+        range.each do |host|
+          lootfile = framework.db.find_or_create_loot(:type => type, :host => host, :info => info, :data => contents, :path => filename, :name => name)
+          print_status("Added loot for #{host} (#{lootfile})")
+        end
+      end
+      return
     end
-    return
-  end
 
     each_host_range_chunk(host_ranges) do |host_search|
       framework.db.hosts(framework.db.workspace, false, host_search).each do |host|

spec/lib/msf/ui/console/command_dispatcher/db_spec.rb

@@ -148,7 +148,7 @@
         expect(@output).to match_array [
           "Usage: loot <options>",
           " Info: loot [-h] [addr1 addr2 ...] [-t <type1,type2>]",
-          "  Add: loot -f [fname] -i [info] -a [addr1 addr2 ...] [-t [type]",
+          "  Add: loot -f [fname] -i [info] -a [addr1 addr2 ...] -t [type]",
           "  Del: loot -d [addr1 addr2 ...]",
           "  -a,--add          Add loot to the list of addresses, instead of listing",
           "  -d,--delete       Delete *all* loot matching host and type",