Move file processing to helper method.

Also fixed a bug in processing loot files.

Author: jbarnett-r7

lib/msf/core/db_manager/http/servlet/loot_servlet.rb

@@ -29,46 +29,10 @@ def self.report_loot
     lambda {
 
       job = lambda { |opts|
-        # This regex does a best attempt to determine if opts[:data] is valid Base64
-        # See https://stackoverflow.com/questions/8571501/how-to-check-whether-the-string-is-base64-encoded-or-not
-        if opts[:data] =~ /^([A-Za-z0-9+\/]{4})*([A-Za-z0-9+\/]{4}|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{2}==)$/
-          opts[:data] = Base64.urlsafe_decode64(opts[:data]) if opts[:data]
-        end
-
-        # This code is all for writing out the file locally.
-        # It is copied from lib/msf/core/auxiliary/report.rb
-        # We shouldn't duplicate it so a better method should be used
-        if ! ::File.directory?(Msf::Config.loot_directory)
-          FileUtils.mkdir_p(Msf::Config.loot_directory)
-        end
-
-        ext = 'bin'
-        if opts[:name]
-          parts = opts[:name].to_s.split('.')
-          if parts.length > 1 and parts[-1].length < 4
-            ext = parts[-1]
-          end
-        end
-
-        case opts[:content_type]
-          when /^text\/[\w\.]+$/
-            ext = "txt"
-        end
-        # This method is available even if there is no database, don't bother checking
-        host = Msf::Util::Host.normalize_host(opts[:host])
-
-        ws = (opts[:workspace] ? opts[:workspace] : 'default')
-        name =
-            Time.now.strftime("%Y%m%d%H%M%S") + "_" + ws + "_" +
-                (host || 'unknown') + '_' + opts[:type][0,16] + '_' +
-                Rex::Text.rand_text_numeric(6) + '.' + ext
-
-        name.gsub!(/[^a-z0-9\.\_]+/i, '')
-
-        path = File.join(Msf::Config.loot_directory, name)
-        full_path = ::File.expand_path(path)
-        File.open(full_path, "wb") do |fd|
-          fd.write(opts[:data])
+        if opts[:data]
+          filename = File.basename(opts[:path])
+          local_path = File.join(Msf::Config.loot_directory, filename)
+          process_file(opts[:data], local_path)
         end
 
         get_db().report_loot(opts)

lib/msf/core/db_manager/http/servlet/nmap_servlet.rb

@@ -16,12 +16,9 @@ def self.import_nmap_xml_file
     lambda {
 
       job = lambda { |opts|
-
         nmap_file = opts[:filename].split('/').last
-        local_file = File.open(File.join(Msf::Config.local_directory, nmap_file), 'w')
-        local_file.write(Base64.urlsafe_decode64(opts[:data]))
-        local_file.close
-        opts[:filename] = File.expand_path(local_file)
+        nmap_file_path = File.join(Msf::Config.local_directory, nmap_file)
+        opts[:filename] = process_file(opts[:data], nmap_file_path)
         get_db().import_nmap_xml_file(opts)
       }
       exec_report_job(request, &job)

lib/msf/core/db_manager/http/servlet_helper.rb

@@ -57,6 +57,27 @@ def get_db()
     DBManagerProxy.instance.db
   end
 
+  # Processes a Base64 encoded file included in a JSON request.
+  # Saves the file in the location specified in the parameter.
+  #
+  # @param base64_file [String] The Base64 encoded file.
+  # @param save_dir [String] The location to store the file. This should include the file's name.
+  # @return [String] The location where the file was successfully stored.
+  def process_file(base64_file, save_dir)
+    decoded_file = Base64.urlsafe_decode64(base64_file)
+    begin
+      # If we are running the data service on the same box this will ensure we only write
+      # the file if it is somehow not there already.
+      unless File.exists?(save_dir) && File.read(save_dir) == decoded_file
+        File.open(save_dir, 'r+') { |file| file.write(decoded_file) }
+      end
+    rescue Exception => e
+      puts "There was an error writing the file: #{e}"
+      e.backtrace.each { |line| puts "#{line}\n"}
+    end
+    save_dir
+  end
+
   #######
   private
   #######