Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/spec/lib/metasploit/framework/aws/client_spec.rb
Views: 11789
require 'spec_helper'1require 'metasploit/framework/aws/client'23RSpec.describe Metasploit::Framework::Aws::Client do45subject do6s = Class.new(Msf::Auxiliary) do7include Metasploit::Framework::Aws::Client8end.new9s.datastore['Region'] = 'us-east-1'10s.datastore['RHOST'] = '127.0.0.1'11s12end1314let(:body_hash) { { 'a' => 'b', 'b' => 'c' } }1516let(:body) { 'a=b&b=c' }1718let(:value) { 'metasploit' }1920let(:key) { 'metasploit' }2122let(:headers) { { 'H1' => 1, 'H2' => 2 } }2324let(:headers_down_join) { headers.keys.map(&:downcase).join(';') }2526let(:digest) { 'ca6ac6af66c22d8acdd6e42a00a9a21a24a37e3fa6a018662fb6dbaabfe7a96d' }2728let(:body_digest) { '4044f25c89ec766b67d5e8c5d9e387cf209e740ee5ad65868f5a9f6e587acf43' }2930let(:signature) { 'ac297b1b72d956a81bf9d2d20bfd98bca632c0607f2a8c896779f08d19e637d6' }3132let(:creds) do33{34'AccessKeyId' => 'AWS_ACCESS_KEY_ID',35'SecretAccessKey' => 'AWS_SECRET_ACCESS_KEY',36'Token' => 'AWS_SESSION_TOKEN'37}38end3940let(:now) { "20161124T175843Z" }4142let(:service) { 'iam' }4344let(:auth_header) { "AWS4-HMAC-SHA256 Credential=#{creds.fetch('AccessKeyId')}/#{now[0, 8]}/#{subject.datastore['Region']}/#{service}/aws4_request, SignedHeaders=#{headers_down_join}, Signature=#{signature}" }4546it 'should create a SHA 265 digest' do47d = subject.hexdigest(value)48expect(d).to eq(digest)49expect(subject.hexdigest(nil)).to be_nil50expect(subject.hexdigest([])).to be_nil51end5253it 'should perform proper hmac hashing' do54hmac = subject.hmac(key, value)55result = "\xD1?O\xA5\xFF\x7FT_\xC97\e\x01dp\x11)\x0FSL\xC3>\x1F\v\xA7\xD4\xEA\xB8\x99\xE0DW\xF7".force_encoding('ASCII-8BIT')56expect(hmac).to eq(result)57expect(subject.hmac([], value)).to be_nil58expect(subject.hmac(key, {})).to be_nil59expect(subject.hmac(key, nil)).to be_nil60expect(subject.hmac(nil, value)).to be_nil61expect(subject.hmac(1, 2)).to be_nil62expect(subject.hmac(nil, nil)).to be_nil63end6465it 'should create a hex hmac' do66hexhmac = subject.hexhmac(key, value)67expect(hexhmac).to eq("d13f4fa5ff7f545fc9371b01647011290f534cc33e1f0ba7d4eab899e04457f7")68expect(subject.hexhmac([], value)).to be_nil69expect(subject.hexhmac(key, {})).to be_nil70expect(subject.hexhmac(key, nil)).to be_nil71expect(subject.hexhmac(nil, value)).to be_nil72expect(subject.hexhmac(1, 2)).to be_nil73expect(subject.hexhmac(nil, nil)).to be_nil74end7576it 'should create a request' do77header_keys, request = subject.request_to_sign(headers, digest)78expect(header_keys).to eq(headers_down_join)79expect(request).to eq("POST\n/\n\nh1:1\nh2:2\n\n#{headers_down_join}\n#{digest}")80end8182it 'should create a signed message' do83h, s = subject.sign(creds, service, headers, digest, now)84expect(h).to eq(headers_down_join)85expect(s).to eq(signature)86end8788it 'should create an Authorization header' do89auth = subject.auth(creds, service, headers, digest, now)90expect(auth).to eq(auth_header)91end9293it 'should create the request body' do94b = subject.body(body_hash)95expect(b).to eq(body)96end9798it 'should create proper headers' do99h = subject.headers(creds, service, digest, now)100expect(h.fetch('Content-Type')).to eq("application/x-www-form-urlencoded; charset=utf-8")101expect(h.fetch('Accept-Encoding')).to be_empty102expect(h.fetch('User-Agent')).to eq(Metasploit::Framework::Aws::Client::USER_AGENT)103expect(h.fetch('X-Amz-Date')).to eq(now)104expect(h.fetch('Host')).to eq(subject.datastore['RHOST'])105expect(h.fetch('X-Amz-Content-Sha256')).to eq(digest)106expect(h.fetch('Accept')).to eq('*/*')107expect(h.fetch('X-Amz-Security-Token')).to eq(creds.fetch('Token'))108expect(h.fetch('Authorization')).to eq("AWS4-HMAC-SHA256 Credential=AWS_ACCESS_KEY_ID/#{now[0, 8]}/#{subject.datastore['Region']}/#{service}/aws4_request, SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date, Signature=275d7332d893de60eaf9f033e1f125f9f00e79c86b7b8902d620da778aff602b")109end110111it 'should not error out with weird input' do112expect { subject.print_results({}, 'Test') }.to raise_error(KeyError)113expect { subject.print_results({ 'TestResponse' => nil }, 'Test') }.not_to raise_error114expect(subject.print_results({ 'TestResponse' => [] }, 'Test')).to eq({})115end116117it 'should not error out with non Hash values' do118expect { subject.print_hsh(nil) }.not_to raise_error119expect { subject.print_hsh([]) }.not_to raise_error120expect { subject.print_hsh(-42) }.not_to raise_error121expect { subject.print_hsh('A' * 5000) }.not_to raise_error122end123end124125126