Fix some BES rspec

wchen-r7 · wchen-r7 · commit eabf561a1f4d · 2015-07-11T22:16:10.000-05:00
diff --git a/spec/lib/msf/core/exploit/remote/browser_exploit_server_spec.rb b/spec/lib/msf/core/exploit/remote/browser_exploit_server_spec.rb
@@ -3,40 +3,38 @@
 
 describe Msf::Exploit::Remote::BrowserExploitServer do
 
-  # When unpacked, this gives us:
-  # {
-  #  "BAP.1433806920.Client.blLGFIlwYrxfvcY" =>
-  #    {
-  #      "source"      => "script",
-  #      "os_name"     => "Windows 8.1",
-  #      "os_vendor"   => "undefined",
-  #      "os_device"   => "undefined",
-  #      "ua_name"     => "Firefox",
-  #      "ua_ver"      => "35.0",
-  #      "arch"        => "x86",
-  #      "java"        => "1.7",
-  #      "silverlight" => "false",
-  #      "flash"       => "14.0",
-  #      "vuln_test"   => "true",
-  #      "proxy"       => false,
-  #      "language"    => "en-US,en;q=0.5",
-  #      "tried"       => true,
-  #      "activex"     => [{"clsid"=>"{D27CDB6E-AE6D-11cf-96B8-444553540000}", "method"=>"LoadMovie"}]
-  # }}
-  let(:first_packed_profile) do
-    "\x81\xD9%BAP.1433806920.Client.blLGFIlwYrxfvcY\x8F\xA6source\xA6script\xA7os_name\xABWindows 8.1\xA9os_vendor\xA9undefined\xA9os_device\xA9undefined\xA7ua_name\xA7Firefox\xA6ua_ver\xA435.0\xA4arch\xA3x86\xA4java\xA31.7\xABsilverlight\xA5false\xA5flash\xA414.0\xA9vuln_test\xA4true\xA5proxy\xC2\xA8language\xC4\x0Een-US,en;q=0.5\xA5tried\xC3\xA7activex\x91\x82\xA5clsid\xD9&{D27CDB6E-AE6D-11cf-96B8-444553540000}\xA6method\xA9LoadMovie"
+  let(:in_memory_profile) do
+   {
+    "BAP.1433806920.Client.blLGFIlwYrxfvcY" =>
+      {
+        source: "script",
+        os_name: "Windows 8.1",
+        os_vendor:  "undefined",
+        os_device: "undefined",
+        ua_name: "Firefox",
+        ua_ver: "35.0",
+        arch: "x86",
+        java: "1.7",
+        silverlight: "false",
+        flash: "14.0",
+        vuln_test: "true",
+        proxy: false,
+        language: "en-US,en;q=0.5",
+        tried: true,
+        activex: [{"clsid"=>"{D27CDB6E-AE6D-11cf-96B8-444553540000}", "method"=>"LoadMovie"}]
+   }}
   end
 
   let(:default_note_type_prefix) do
-    MessagePack.unpack(first_packed_profile).keys.first.split('.')[0,3] * "."
+    in_memory_profile.keys.first.split('.')[0,3] * "."
   end
 
   let(:first_profile_tag) do
-    MessagePack.unpack(first_packed_profile).keys.first.split('.')[3]
+    in_memory_profile.keys.first.split('.')[3]
   end
 
   let(:first_profile_info) do
-    MessagePack.unpack(first_packed_profile).values.first
+    in_memory_profile.values.first
   end
 
   let(:cli) do
@@ -46,6 +44,10 @@
     sock
   end
 
+  let(:shortname) do
+    'browser_exploit_server'
+  end
+
   def create_fake_note(tag, data)
     note = double('note')
     allow(note).to receive(:ntype).and_return(tag)
@@ -57,14 +59,15 @@ def create_fake_note(tag, data)
 
   before(:each) do
     allow_any_instance_of(described_class).to receive(:vprint_status)
-    @notes = [create_fake_note(first_profile_tag, first_packed_profile)]
+    @notes = [create_fake_note(first_profile_tag, in_memory_profile)]
   end
 
   subject(:server) do
     mod = Msf::Exploit::Remote.allocate
     mod.extend described_class
     mod.send(:initialize)
     mod.send(:datastore=, {'NoteTypePrefix' => default_note_type_prefix})
+    allow(mod).to receive(:shortname).and_return(shortname)
     mod
   end
 
@@ -99,14 +102,14 @@ def create_fake_note(tag, data)
 
   describe '#has_bad_activex?' do
     context 'when there is a bad activex' do
-      let(:js_ax_value) { "#{first_profile_info['activex'][0][:clsid]}=>#{first_profile_info['activex'][0][:method]}=>false" }
+      let(:js_ax_value) { "#{first_profile_info[:activex][0][:clsid]}=>#{first_profile_info[:activex][0][:method]}=>false" }
       it 'returns false' do
         expect(server.has_bad_activex?(js_ax_value)).to be_truthy
       end
     end
 
     context 'when there is no bad activex' do
-      let(:js_ax_value) { "#{first_profile_info['activex'][0][:clsid]}=>#{first_profile_info['activex'][0][:method]}=>true" }
+      let(:js_ax_value) { "#{first_profile_info[:activex][0][:clsid]}=>#{first_profile_info[:activex][0][:method]}=>true" }
       it 'returns true' do
         expect(server.has_bad_activex?(js_ax_value)).to be_falsey
       end
@@ -194,7 +197,7 @@ def create_fake_note(tag, data)
 
   describe '#on_request_uri' do
     before(:each) do
-      allow(server).to receive(:get_profile_info) { MessagePack.unpack(first_packed_profile) }
+      allow(server).to receive(:get_profile_info) { in_memory_profile }
       allow(server).to receive(:init_profile).with(kind_of(String))
       allow(server).to receive(:update_profile)
       allow(server).to receive(:process_browser_info)
@@ -260,4 +263,113 @@ def create_fake_note(tag, data)
       end
     end
   end
+
+  describe '#browser_profile_prefix' do
+    it 'returns a BES prefix' do
+      expect(subject.browser_profile_prefix).to include(shortname)
+    end
+  end
+
+  describe '#get_custom_404_url' do
+    let(:custom_404) do
+      'http://example.com'
+    end
+
+    before(:each) do
+      allow(subject).to receive(:datastore).and_return({'Custom404'=>custom_404})
+    end
+
+    context 'when a custom 404 URL is set' do
+      it 'returns the URL' do
+        expect(subject.get_custom_404_url).to eq(custom_404)
+      end
+    end
+  end
+
+  describe '#get_module_uri' do
+    let(:exploit_receiver_page) do
+      'exploit_receiver_page'
+    end
+
+    before(:each) do
+      subject.instance_variable_set(:@exploit_receiver_page, exploit_receiver_page)
+      allow(subject).to receive(:get_uri).and_return('')
+    end
+
+    it 'returns a module URI' do
+      expect(subject.get_module_uri).to include(exploit_receiver_page)
+    end
+  end
+
+  describe '#try_set_target' do
+    let(:aux_mod) do
+      mod = Msf::Auxiliary.allocate
+      mod.extend described_class
+      mod.send(:initialize)
+      mod
+    end
+
+    let(:target_options) do
+      {ua_name: 'Firefox'}
+    end
+
+    let(:target) do
+      t = double('target')
+      allow(t).to receive(:opts).and_return(target_options)
+      t
+    end
+
+    let(:default_auto_target) do
+      # The default auto target is always the first on the list.
+      # In a module this would be the "Automatic" target.
+      t = double('target')
+      allow(t).to receive(:opts).and_return({})
+      t
+    end
+
+    let(:targets) do
+      [ default_auto_target, target ]
+    end
+
+    context 'when an auxiliary uses BES' do
+      it 'returns nil' do
+        expect(aux_mod.try_set_target(first_profile_info)).to be_nil
+      end
+    end
+
+    context 'when an exploit uses BES' do
+      it 'sets the instance variable @target' do
+        expect(subject.instance_variable_get(:@target)).to be_nil
+        allow(subject).to receive(:targets).and_return(targets)
+        subject.try_set_target(first_profile_info)
+        expect(subject.instance_variable_get(:@target)).to eq(target)
+      end
+    end
+  end
+
+  skip '#get_bad_requirements' do
+  end
+
+  skip '#process_browser_info' do
+  end
+
+  skip '#has_proxy?' do
+  end
+
+  skip '#cookie_name' do
+  end
+
+  skip '#cookie_header' do
+  end
+
+  skip '#send_exploit_html' do
+  end
+
+  skip '#send_not_found' do
+  end
+
+  skip '#js_vuln_test' do
+  end
+
 end
+
