CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/spec/lib/metasploit/framework/aws/client_spec.rb
Views: 11789
1
require 'spec_helper'
2
require 'metasploit/framework/aws/client'
3
4
RSpec.describe Metasploit::Framework::Aws::Client do
5
6
subject do
7
s = Class.new(Msf::Auxiliary) do
8
include Metasploit::Framework::Aws::Client
9
end.new
10
s.datastore['Region'] = 'us-east-1'
11
s.datastore['RHOST'] = '127.0.0.1'
12
s
13
end
14
15
let(:body_hash) { { 'a' => 'b', 'b' => 'c' } }
16
17
let(:body) { 'a=b&b=c' }
18
19
let(:value) { 'metasploit' }
20
21
let(:key) { 'metasploit' }
22
23
let(:headers) { { 'H1' => 1, 'H2' => 2 } }
24
25
let(:headers_down_join) { headers.keys.map(&:downcase).join(';') }
26
27
let(:digest) { 'ca6ac6af66c22d8acdd6e42a00a9a21a24a37e3fa6a018662fb6dbaabfe7a96d' }
28
29
let(:body_digest) { '4044f25c89ec766b67d5e8c5d9e387cf209e740ee5ad65868f5a9f6e587acf43' }
30
31
let(:signature) { 'ac297b1b72d956a81bf9d2d20bfd98bca632c0607f2a8c896779f08d19e637d6' }
32
33
let(:creds) do
34
{
35
'AccessKeyId' => 'AWS_ACCESS_KEY_ID',
36
'SecretAccessKey' => 'AWS_SECRET_ACCESS_KEY',
37
'Token' => 'AWS_SESSION_TOKEN'
38
}
39
end
40
41
let(:now) { "20161124T175843Z" }
42
43
let(:service) { 'iam' }
44
45
let(:auth_header) { "AWS4-HMAC-SHA256 Credential=#{creds.fetch('AccessKeyId')}/#{now[0, 8]}/#{subject.datastore['Region']}/#{service}/aws4_request, SignedHeaders=#{headers_down_join}, Signature=#{signature}" }
46
47
it 'should create a SHA 265 digest' do
48
d = subject.hexdigest(value)
49
expect(d).to eq(digest)
50
expect(subject.hexdigest(nil)).to be_nil
51
expect(subject.hexdigest([])).to be_nil
52
end
53
54
it 'should perform proper hmac hashing' do
55
hmac = subject.hmac(key, value)
56
result = "\xD1?O\xA5\xFF\x7FT_\xC97\e\x01dp\x11)\x0FSL\xC3>\x1F\v\xA7\xD4\xEA\xB8\x99\xE0DW\xF7".force_encoding('ASCII-8BIT')
57
expect(hmac).to eq(result)
58
expect(subject.hmac([], value)).to be_nil
59
expect(subject.hmac(key, {})).to be_nil
60
expect(subject.hmac(key, nil)).to be_nil
61
expect(subject.hmac(nil, value)).to be_nil
62
expect(subject.hmac(1, 2)).to be_nil
63
expect(subject.hmac(nil, nil)).to be_nil
64
end
65
66
it 'should create a hex hmac' do
67
hexhmac = subject.hexhmac(key, value)
68
expect(hexhmac).to eq("d13f4fa5ff7f545fc9371b01647011290f534cc33e1f0ba7d4eab899e04457f7")
69
expect(subject.hexhmac([], value)).to be_nil
70
expect(subject.hexhmac(key, {})).to be_nil
71
expect(subject.hexhmac(key, nil)).to be_nil
72
expect(subject.hexhmac(nil, value)).to be_nil
73
expect(subject.hexhmac(1, 2)).to be_nil
74
expect(subject.hexhmac(nil, nil)).to be_nil
75
end
76
77
it 'should create a request' do
78
header_keys, request = subject.request_to_sign(headers, digest)
79
expect(header_keys).to eq(headers_down_join)
80
expect(request).to eq("POST\n/\n\nh1:1\nh2:2\n\n#{headers_down_join}\n#{digest}")
81
end
82
83
it 'should create a signed message' do
84
h, s = subject.sign(creds, service, headers, digest, now)
85
expect(h).to eq(headers_down_join)
86
expect(s).to eq(signature)
87
end
88
89
it 'should create an Authorization header' do
90
auth = subject.auth(creds, service, headers, digest, now)
91
expect(auth).to eq(auth_header)
92
end
93
94
it 'should create the request body' do
95
b = subject.body(body_hash)
96
expect(b).to eq(body)
97
end
98
99
it 'should create proper headers' do
100
h = subject.headers(creds, service, digest, now)
101
expect(h.fetch('Content-Type')).to eq("application/x-www-form-urlencoded; charset=utf-8")
102
expect(h.fetch('Accept-Encoding')).to be_empty
103
expect(h.fetch('User-Agent')).to eq(Metasploit::Framework::Aws::Client::USER_AGENT)
104
expect(h.fetch('X-Amz-Date')).to eq(now)
105
expect(h.fetch('Host')).to eq(subject.datastore['RHOST'])
106
expect(h.fetch('X-Amz-Content-Sha256')).to eq(digest)
107
expect(h.fetch('Accept')).to eq('*/*')
108
expect(h.fetch('X-Amz-Security-Token')).to eq(creds.fetch('Token'))
109
expect(h.fetch('Authorization')).to eq("AWS4-HMAC-SHA256 Credential=AWS_ACCESS_KEY_ID/#{now[0, 8]}/#{subject.datastore['Region']}/#{service}/aws4_request, SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date, Signature=275d7332d893de60eaf9f033e1f125f9f00e79c86b7b8902d620da778aff602b")
110
end
111
112
it 'should not error out with weird input' do
113
expect { subject.print_results({}, 'Test') }.to raise_error(KeyError)
114
expect { subject.print_results({ 'TestResponse' => nil }, 'Test') }.not_to raise_error
115
expect(subject.print_results({ 'TestResponse' => [] }, 'Test')).to eq({})
116
end
117
118
it 'should not error out with non Hash values' do
119
expect { subject.print_hsh(nil) }.not_to raise_error
120
expect { subject.print_hsh([]) }.not_to raise_error
121
expect { subject.print_hsh(-42) }.not_to raise_error
122
expect { subject.print_hsh('A' * 5000) }.not_to raise_error
123
end
124
end
125
126