Land rapid7#5069, breaking up with old options

Author: wvu

lib/msf/core/module.rb

@@ -3,6 +3,8 @@
 
 module Msf
 
+  autoload :OptionContainer, 'msf/core/option_container'
+
 ###
 #
 # The module base class is responsible for providing the common interface

lib/msf/core/opt.rb

@@ -0,0 +1,74 @@
+# -*- coding: binary -*-
+
+module Msf
+
+  #
+  # Builtin framework options with shortcut methods
+  #
+  # @example
+  #   register_options(
+  #     [
+  #       Opt::RHOST,
+  #       Opt::RPORT(21),
+  #     ]
+  #   )
+  #   register_advanced_options([Opt::Proxies])
+  #
+  module Opt
+
+    # @return [OptAddress]
+    def self.CHOST(default=nil, required=false, desc="The local client address")
+      Msf::OptAddress.new(__method__.to_s, [ required, desc, default ])
+    end
+
+    # @return [OptPort]
+    def self.CPORT(default=nil, required=false, desc="The local client port")
+      Msf::OptPort.new(__method__.to_s, [ required, desc, default ])
+    end
+
+    # @return [OptAddress]
+    def self.LHOST(default=nil, required=true, desc="The listen address")
+      Msf::OptAddress.new(__method__.to_s, [ required, desc, default ])
+    end
+
+    # @return [OptPort]
+    def self.LPORT(default=nil, required=true, desc="The listen port")
+      Msf::OptPort.new(__method__.to_s, [ required, desc, default ])
+    end
+
+    # @return [OptString]
+    def self.Proxies(default=nil, required=false, desc="A proxy chain of format type:host:port[,type:host:port][...]")
+      Msf::OptString.new(__method__.to_s, [ required, desc, default ])
+    end
+
+    # @return [OptAddress]
+    def self.RHOST(default=nil, required=true, desc="The target address")
+      Msf::OptAddress.new(__method__.to_s, [ required, desc, default ])
+    end
+
+    # @return [OptPort]
+    def self.RPORT(default=nil, required=true, desc="The target port")
+      Msf::OptPort.new(__method__.to_s, [ required, desc, default ])
+    end
+
+    # These are unused but remain for historical reasons
+    class << self
+      alias builtin_chost CHOST
+      alias builtin_cport CPORT
+      alias builtin_lhost LHOST
+      alias builtin_lport LPORT
+      alias builtin_proxies Proxies
+      alias builtin_rhost RHOST
+      alias builtin_rport RPORT
+    end
+
+    CHOST = CHOST()
+    CPORT = CPORT()
+    LHOST = LHOST()
+    LPORT = LPORT()
+    Proxies = Proxies()
+    RHOST = RHOST()
+    RPORT = RPORT()
+  end
+
+end

lib/msf/core/opt_address.rb

@@ -0,0 +1,37 @@
+# -*- coding: binary -*-
+
+module Msf
+
+###
+#
+# Network address option.
+#
+###
+class OptAddress < OptBase
+  def type
+    return 'address'
+  end
+
+  def valid?(value)
+    return false if empty_required_value?(value)
+    return false unless value.kind_of?(String) or value.kind_of?(NilClass)
+
+    if (value != nil and value.empty? == false)
+      begin
+        getaddr_result = ::Rex::Socket.getaddress(value, true)
+        # Covers a wierdcase where an incomplete ipv4 address will have it's
+        # missing octets filled in  with 0's. (e.g 192.168 become 192.0.0.168)
+        # which does not feel like a legit behaviour
+        if value =~ /^\d{1,3}(\.\d{1,3}){1,3}$/
+          return false unless value =~ Rex::Socket::MATCH_IPV4
+        end
+      rescue
+        return false
+      end
+    end
+
+    return super
+  end
+end
+
+end

lib/msf/core/opt_address_range.rb

@@ -0,0 +1,51 @@
+# -*- coding: binary -*-
+
+module Msf
+
+###
+#
+# Network address range option.
+#
+###
+class OptAddressRange < OptBase
+  def type
+    return 'addressrange'
+  end
+
+  def normalize(value)
+    return nil unless value.kind_of?(String)
+    if (value =~ /^file:(.*)/)
+      path = $1
+      return false if not File.exists?(path) or File.directory?(path)
+      return File.readlines(path).map{ |s| s.strip}.join(" ")
+    elsif (value =~ /^rand:(.*)/)
+      count = $1.to_i
+      return false if count < 1
+      ret = ''
+      count.times {
+        ret << " " if not ret.empty?
+        ret << [ rand(0x100000000) ].pack("N").unpack("C*").map{|x| x.to_s }.join(".")
+      }
+      return ret
+    end
+    return value
+  end
+
+  def valid?(value)
+    return false if empty_required_value?(value)
+    return false unless value.kind_of?(String) or value.kind_of?(NilClass)
+
+    if (value != nil and value.empty? == false)
+      normalized = normalize(value)
+      return false if normalized.nil?
+      walker = Rex::Socket::RangeWalker.new(normalized)
+      if (not walker or not walker.valid?)
+        return false
+      end
+    end
+
+    return super
+  end
+end
+
+end

lib/msf/core/opt_base.rb

@@ -0,0 +1,166 @@
+# -*- coding: binary -*-
+require 'resolv'
+require 'msf/core'
+require 'rex/socket'
+
+module Msf
+
+  ###
+  #
+  # The base class for all options.
+  #
+  ###
+  class OptBase
+
+    #
+    # Initializes a named option with the supplied attribute array.
+    # The array is composed of three values.
+    #
+    # attrs[0] = required (boolean type)
+    # attrs[1] = description (string)
+    # attrs[2] = default value
+    # attrs[3] = possible enum values
+    # attrs[4] = Regex to validate the option
+    #
+    def initialize(in_name, attrs = [])
+      self.name     = in_name
+      self.advanced = false
+      self.evasion  = false
+      self.required = attrs[0] || false
+      self.desc     = attrs[1]
+      self.default  = attrs[2]
+      self.enums    = [ *(attrs[3]) ].map { |x| x.to_s }
+      regex_temp    = attrs[4] || nil
+      if regex_temp
+        # convert to string
+        regex_temp = regex_temp.to_s if regex_temp.is_a? Regexp
+        # remove start and end character, they will be added later
+        regex_temp = regex_temp.sub(/^\^/, '').sub(/\$$/, '')
+        # Add start and end marker to match the whole regex
+        regex_temp = "^#{regex_temp}$"
+        begin
+          Regexp.compile(regex_temp)
+          self.regex = regex_temp
+        rescue RegexpError, TypeError => e
+          raise("Invalid Regex #{regex_temp}: #{e}")
+        end
+      end
+    end
+
+    #
+    # Returns true if this is a required option.
+    #
+    def required?
+      return required
+    end
+
+    #
+    # Returns true if this is an advanced option.
+    #
+    def advanced?
+      return advanced
+    end
+
+    #
+    # Returns true if this is an evasion option.
+    #
+    def evasion?
+      return evasion
+    end
+
+    #
+    # Returns true if the supplied type is equivalent to this option's type.
+    #
+    def type?(in_type)
+      return (type == in_type)
+    end
+
+    #
+    # If it's required and the value is nil or empty, then it's not valid.
+    #
+    def valid?(value)
+      if required?
+        # required variable not set
+        return false if (value == nil or value.to_s.empty?)
+      end
+      if regex
+        if value.match(regex)
+          return true
+        else
+          return false
+        end
+      end
+      return true
+    end
+
+    #
+    # Returns true if the value supplied is nil and it's required to be
+    # a valid value
+    #
+    def empty_required_value?(value)
+      return (required? and value.nil?)
+    end
+
+    #
+    # Normalizes the supplied value to conform with the type that the option is
+    # conveying.
+    #
+    def normalize(value)
+      value
+    end
+
+    #
+    # Returns a string representing a user-friendly display of the chosen value
+    #
+    def display_value(value)
+      value.to_s
+    end
+
+    #
+    # The name of the option.
+    #
+    attr_reader   :name
+    #
+    # Whether or not the option is required.
+    #
+    attr_reader   :required
+    #
+    # The description of the option.
+    #
+    attr_reader   :desc
+    #
+    # The default value of the option.
+    #
+    attr_reader   :default
+    #
+    # Storing the name of the option.
+    #
+    attr_writer   :name
+    #
+    # Whether or not this is an advanced option.
+    #
+    attr_accessor :advanced
+    #
+    # Whether or not this is an evasion option.
+    #
+    attr_accessor :evasion
+    #
+    # The module or entity that owns this option.
+    #
+    attr_accessor :owner
+    #
+    # The list of potential valid values
+    #
+    attr_accessor :enums
+    #
+    # A optional regex to validate the option value
+    #
+    attr_accessor :regex
+
+    protected
+
+    attr_writer   :required, :desc, :default # :nodoc:
+  end
+
+end
+

lib/msf/core/opt_bool.rb

@@ -0,0 +1,48 @@
+# -*- coding: binary -*-
+
+module Msf
+
+###
+#
+# Boolean option.
+#
+###
+class OptBool < OptBase
+
+  TrueRegex = /^(y|yes|t|1|true)$/i
+
+  def type
+    return 'bool'
+  end
+
+  def valid?(value)
+    return false if empty_required_value?(value)
+
+    if ((value != nil and
+        (value.to_s.empty? == false) and
+        (value.to_s.match(/^(y|yes|n|no|t|f|0|1|true|false)$/i) == nil)))
+      return false
+    end
+
+    true
+  end
+
+  def normalize(value)
+    if(value.nil? or value.to_s.match(TrueRegex).nil?)
+      false
+    else
+      true
+    end
+  end
+
+  def is_true?(value)
+    return normalize(value)
+  end
+
+  def is_false?(value)
+    return !is_true?(value)
+  end
+
+end
+
+end