Land rapid7#4989, @hmoore-r7's change to file: handling

Datastore options with file: are handled at set time

Author: jvazquez-r7

lib/msf/core/opt_address_range.rb

@@ -14,21 +14,18 @@ def type
 
   def normalize(value)
     return nil unless value.kind_of?(String)
-    if (value =~ /^file:(.*)/)
-      path = $1
-      return false if not File.exists?(path) or File.directory?(path)
-      return File.readlines(path).map{ |s| s.strip}.join(" ")
-    elsif (value =~ /^rand:(.*)/)
+    if value =~ /^rand:(.*)/
       count = $1.to_i
       return false if count < 1
       ret = ''
-      count.times {
-        ret << " " if not ret.empty?
-        ret << [ rand(0x100000000) ].pack("N").unpack("C*").map{|x| x.to_s }.join(".")
-      }
+      count.times do
+        ret << ' ' if not ret.empty?
+        ret << [ rand(0x100000000) ].pack('N').unpack('C*').map{|x| x.to_s }.join('.')
+      end
       return ret
     end
-    return value
+
+    value
   end
 
   def valid?(value)

lib/msf/core/opt_raw.rb

@@ -13,14 +13,6 @@ def type
   end
 
   def normalize(value)
-    if (value =~ /^file:(.*)/)
-      path = $1
-      begin
-        value = File.read(path)
-      rescue ::Errno::ENOENT, ::Errno::EISDIR
-        value = nil
-      end
-    end
     value
   end
 

lib/msf/core/opt_string.rb

@@ -13,14 +13,6 @@ def type
   end
 
   def normalize(value)
-    if (value =~ /^file:(.*)/)
-      path = $1
-      begin
-        value = File.read(path)
-      rescue ::Errno::ENOENT, ::Errno::EISDIR
-        value = nil
-      end
-    end
     value
   end
 

lib/msf/ui/console/command_dispatcher/core.rb

@@ -2070,6 +2070,29 @@ def cmd_set(*args)
       return true
     end
 
+    # If the value starts with file: exists, and size isn't too big load the file as the value
+    # Otherwise keep the old value
+    if value =~ /^file:(.*)/
+      fname = $1
+
+      begin
+        fd = ::File.new(fname, 'rb')
+      rescue ::Errno::ENOENT
+        print_error('The file name specified does not exist')
+        value = datastore[name]
+        fd = nil
+      end
+
+      if fd && fd.stat.size > (1024 * 1024)
+        print_error('The file name specified is too big (over 1Mb)')
+        value = datastore[name]
+        fd.close
+      elsif fd
+        value = fd.read(fd.stat.size)
+        fd.close
+      end
+    end
+
     if append
       datastore[name] = datastore[name] + value
     else

spec/lib/msf/core/opt_address_range_spec.rb

@@ -10,8 +10,7 @@
     { :value => "192.0.2.0-255",   :normalized => "192.0.2.0-255" },
     { :value => "192.0.2.0,1-255", :normalized => "192.0.2.0,1-255" },
     { :value => "192.0.2.*",       :normalized => "192.0.2.*" },
-    { :value => "192.0.2.0-192.0.2.255", :normalized => "192.0.2.0-192.0.2.255" },
-    { :value => "file:#{File.expand_path('short_address_list.txt',FILE_FIXTURES_PATH)}", :normalized => '192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5'},
+    { :value => "192.0.2.0-192.0.2.255", :normalized => "192.0.2.0-192.0.2.255" }
   ]
   invalid_values = [
     # Too many dots

spec/lib/msf/core/opt_raw_spec.rb

@@ -6,8 +6,7 @@
 describe Msf::OptRaw do
 
   valid_values = [
-      { :value => 'foo',    :normalized => 'foo'     },
-      { :value => "file:#{File.expand_path('string_list.txt',FILE_FIXTURES_PATH)}",:normalized => "foo\nbar\nbaz" },
+      { :value => 'foo',    :normalized => 'foo'     }
   ]
   invalid_values = []
 

spec/lib/msf/ui/console/command_dispatcher/core_spec.rb

@@ -160,6 +160,70 @@ def set_and_test_variable(name, framework_value, module_value, framework_re, mod
         it "should show the correct value when both the module and the framework have this variable" do
           set_and_test_variable(name, 'FRAMEWORK', 'MODULE', /^#{name} => FRAMEWORK$/, /^#{name} => MODULE$/)
         end
+
+        context "when using file: prefix in the value" do
+          context "when the file exists" do
+
+            before(:each) do
+              allow(::File).to receive(:new) do |filename, mode|
+                fd = StringIO.new(file_contents, mode)
+                fd
+              end
+
+              allow_any_instance_of(::StringIO).to receive(:stat) do |io|
+                file_contents
+              end
+            end
+
+            context "when the size is 1MB" do
+              let(:file_name) do
+                ::Rex::Text.rand_text_alpha(10).upcase
+              end
+
+              let(:file_contents) do
+                ::Rex::Text.rand_text_alpha(1024 * 1024).upcase
+              end
+
+              it "should show the new value" do
+                set_and_test_variable(name, nil, "file:/#{file_name}", nil, /^#{name} => #{file_contents}$/)
+              end
+            end
+
+            context "when the size is greater than 1MB" do
+              let(:file_name) do
+                ::Rex::Text.rand_text_alpha(10).upcase
+              end
+
+              let(:file_contents) do
+                ::Rex::Text.rand_text_alpha(1024 * 1025).upcase
+              end
+
+              it "should show the old value" do
+                set_and_test_variable(name, nil, "file:/#{file_name}", nil, /^#{name} => $/)
+              end
+            end
+
+            context "when the size is less than 1MB" do
+              let(:file_name) do
+                ::Rex::Text.rand_text_alpha(10).upcase
+              end
+
+              let(:file_contents) do
+                ::Rex::Text.rand_text_alpha(10).upcase
+              end
+
+              it "should show the new value" do
+                set_and_test_variable(name, nil, "file:/#{file_name}", nil, /^#{name} => #{file_contents}$/)
+              end
+            end
+          end
+
+          context "when the file doesn't exist" do
+            it "should show the old value" do
+              set_and_test_variable(name, nil, "file:/#{::Rex::Text.rand_text_alpha(10).upcase}", nil, /^#{name} => $/)
+            end
+          end
+        end
       end
     end
   end