Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
RSpec.describe ModuleValidation::Validator do
2
  let(:mod_class) { Msf::Exploit }
3
  let(:mod_options) do
4
    {
5
      framework: framework,
6
      name: 'Testing bad chars',
7
      author: [
8
        Msf::Author.new('Foobar'),
9
        Msf::Author.new('Jim'),
10
        Msf::Author.new('Bob')
11
      ],
12
      license: MSF_LICENSE,
13
      references: [Msf::Module::SiteReference.new('URL', 'https://example.com')],
14
      rank_to_s: Msf::RankingName[Msf::ExcellentRanking],
15
      rank: Msf::ExcellentRanking,
16
      notes: {
17
        'Stability' => [Msf::CRASH_SAFE],
18
        'SideEffects' => [Msf::ARTIFACTS_ON_DISK],
19
        'Reliability' => [Msf::FIRST_ATTEMPT_FAIL],
20
        'AKA' => %w[SMBGhost CoronaBlue]
21
      },
22
      stability: [Msf::CRASH_SAFE],
23
      side_effects: [Msf::ARTIFACTS_ON_DISK],
24
      reliability: [Msf::FIRST_ATTEMPT_FAIL],
25
      file_path: 'modules/exploits/windows/smb/cve_2020_0796_smbghost.rb',
26
      type: 'exploit',
27
      platform: Msf::Module::PlatformList.new(Msf::Module::Platform::Windows),
28
      targets: [Msf::Module::Target.new('Windows 10 v1903-1909 x64', { 'Platform' => 'win', 'Arch' => ['x64'] })],
29
      description: %q{
30
          A vulnerability exists within the Microsoft Server Message Block 3.1.1 (SMBv3) protocol that can be leveraged to
31
          execute code on a vulnerable server. This remove exploit implementation leverages this flaw to execute code
32
          in the context of the kernel, finally yielding a session as NT AUTHORITY\SYSTEM in spoolsv.exe. Exploitation
33
          can take a few minutes as the necessary data is gathered.
34
        }
35
    }
36
  end
37
  let(:framework) do
38
    instance_double(Msf::Framework)
39
  end
40

41
  let(:mod) do
42
    instance_double(mod_class, **mod_options)
43
  end
44

45
  subject { described_class.new(mod) }
46

47
  describe '#errors' do
48
    before(:each) do |example|
49
      subject.validate unless example.metadata[:skip_before]
50
    end
51

52
    context 'when the module is valid' do
53
      it 'has no errors' do
54
        expect(subject.errors.full_messages).to be_empty
55
      end
56
    end
57

58
    context 'when notes contains an invalid value' do
59
      let(:mod_options) do
60
        super().merge(notes: {
61
          'Stability' => [Msf::CRASH_SAFE],
62
          'SideEffects' => [Msf::ARTIFACTS_ON_DISK],
63
          'Reliability' => [Msf::FIRST_ATTEMPT_FAIL],
64
          'AKA' => %w[SMBGhost CoronaBlue],
65
          'NOCVE' => 'Reason not given'
66
        })
67
      end
68

69
      it 'has errors' do
70
        expect(subject.errors.full_messages).to eq ['Notes note value "NOCVE" must be an array, got "Reason not given"']
71
      end
72
    end
73

74
    context 'when the stability rating contains an invalid value' do
75
      let(:mod_options) do
76
        super().merge(stability: ['CRASH_SAFE'], rank: Msf::GreatRanking, rank_to_s: 'great')
77
      end
78

79
      it 'has errors' do
80
        expect(subject.errors.full_messages).to eq ['Stability contains invalid values ["CRASH_SAFE"] - only ["crash-safe", "crash-service-restarts", "crash-service-down", "crash-os-restarts", "crash-os-down", "service-resource-loss", "os-resource-loss"] is allowed']
81
      end
82
    end
83

84
    context 'when the stability rating contains an invalid values and an excellent ranking' do
85
      let(:mod_options) do
86
        super().merge(stability: [Msf::CRASH_SERVICE_RESTARTS])
87
      end
88

89
      it 'has errors' do
90
        expect(subject.errors.full_messages).to eq ['Stability must have CRASH_SAFE value if module has an ExcellentRanking, instead found ["crash-service-restarts"]']
91
      end
92
    end
93

94
    context 'when the side effects rating contains an invalid value' do
95
      let(:mod_options) do
96
        super().merge(side_effects: ['ARTIFACTS_ON_DISK'])
97
      end
98

99
      it 'has errors' do
100
        expect(subject.errors.full_messages).to eq ['Side effects contains invalid values ["ARTIFACTS_ON_DISK"] - only ["artifacts-on-disk", "config-changes", "ioc-in-logs", "account-lockouts", "screen-effects", "audio-effects", "physical-effects"] is allowed']
101
      end
102
    end
103

104
    context 'when the reliability rating contains an invalid value' do
105
      let(:mod_options) do
106
        super().merge(reliability: ['FIRST_ATTEMPT_FAIL'])
107
      end
108

109
      it 'has errors' do
110
        expect(subject.errors.full_messages).to eq ['Reliability contains invalid values ["FIRST_ATTEMPT_FAIL"] - only ["first-attempt-fail", "repeatable-session", "unreliable-session", "event-dependent"] is allowed']
111
      end
112
    end
113

114
    context 'when the references contains an invalid value' do
115
      let(:mod_options) do
116
        super().merge(references: [
117
          Msf::Module::SiteReference.new('url', 'https://example.com'),
118
          Msf::Module::SiteReference.new('FOO', 'https://example.com'),
119
          Msf::Module::SiteReference.new('NOCVE', 'Reason not given'),
120
          Msf::Module::SiteReference.new('AKA', 'Foobar'),
121
        ])
122
      end
123

124
      it 'has errors' do
125
        expect(subject.errors.full_messages).to eq [
126
          'References url is not valid, must be in ["CVE", "CWE", "BID", "MSB", "EDB", "US-CERT-VU", "ZDI", "URL", "WPVDB", "PACKETSTORM", "LOGO", "SOUNDTRACK", "OSVDB", "VTS", "OVE"]',
127
          'References FOO is not valid, must be in ["CVE", "CWE", "BID", "MSB", "EDB", "US-CERT-VU", "ZDI", "URL", "WPVDB", "PACKETSTORM", "LOGO", "SOUNDTRACK", "OSVDB", "VTS", "OVE"]',
128
          "References NOCVE please include NOCVE values in the 'notes' section, rather than in 'references'",
129
          "References AKA please include AKA values in the 'notes' section, rather than in 'references'"
130
        ]
131
      end
132
    end
133

134
    context 'when the license contains an invalid value' do
135
      let(:mod_options) do
136
        super().merge(license: 'MSF_LICENSE')
137
      end
138

139
      it 'has errors' do
140
        expect(subject.errors.full_messages).to eq ['License must include a valid license']
141
      end
142
    end
143

144
    context 'when the rank contains an invalid value' do
145
      let(:mod_options) do
146
        super().merge(rank: 'ExcellentRanking')
147
      end
148

149
      it 'has errors' do
150
        expect(subject.errors.full_messages).to eq ['Rank must include a valid module ranking']
151
      end
152
    end
153

154
    context 'when the author is missing' do
155
      let(:mod_options) do
156
        super().merge(author: [])
157
      end
158

159
      it 'has errors' do
160
        expect(subject.errors.full_messages).to eq ["Author can't be blank"]
161
      end
162
    end
163

164
    context 'when the author contains bad characters' do
165
      let(:mod_options) do
166
        super().merge(author: [
167
          Msf::Author.new('@Foobar'),
168
          Msf::Author.new('Foobar')
169
        ])
170
      end
171

172
      it 'has errors' do
173
        expect(subject.errors.full_messages).to eq ['Author must not include username handles, found "@Foobar". Try leaving it in a comment instead']
174
      end
175
    end
176

177
    context 'when the module name contains bad characters' do
178
      let(:mod_options) do
179
        super().merge(name: 'Testing <> bad & chars')
180
      end
181

182
      it 'has errors' do
183
        expect(subject.errors.full_messages).to eq ['Name must not contain the characters &<>']
184
      end
185
    end
186

187
    context 'when the module file path is not snake case' do
188
      let(:mod_options) do
189
        super().merge(file_path: 'modules/exploits/windows/smb/CVE_2020_0796_smbghost.rb')
190
      end
191

192
      it 'has errors' do
193
        expect(subject.errors.full_messages).to eq ['File path must be snake case, instead found "modules/exploits/windows/smb/CVE_2020_0796_smbghost.rb"']
194
      end
195
    end
196

197
    context 'when the description is missing' do
198
      let(:mod_options) do
199
        super().merge(description: nil)
200
      end
201

202
      it 'has errors' do
203
        expect(subject.errors.full_messages).to eq ["Description can't be blank"]
204
      end
205
    end
206

207
    context 'when the platform value is invalid', skip_before: true do
208
      let(:mod_options) do
209
        super().merge(platform: Msf::Module::PlatformList.new('foo'))
210
      end
211

212
      it 'raises an ArgumentError' do
213
        expect { subject }.to raise_error ArgumentError, 'No classes in Msf::Module::Platform for foo!'
214
      end
215
    end
216

217
    context 'when the platform is missing and targets does not contain platform values' do
218
      let(:mod_options) do
219
        super().merge(platform: nil, targets: [Msf::Module::Target.new('Windows 10 v1903-1909 x64', { 'Arch' => ['x64'] })])
220
      end
221

222
      it 'has errors' do
223
        expect(subject.errors.full_messages).to eq ['Platform must be included either within targets or platform module metadata']
224
      end
225
    end
226
  end
227
end
228

229