CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/spec/tools/java_deserializer_spec.rb
Views: 1904
1
require 'rex/java'

2
require 'stringio'

3


4
load Metasploit::Framework.root.join('tools/exploit/java_deserializer.rb').to_path

5


6
RSpec.describe JavaDeserializer do

7


8
  before(:context) do

9
    @out = $stdout

10
    @err = $stderr

11


12
    $stdout = StringIO.new

13
    $stderr = StringIO.new

14
  end

15


16
  after(:context) do

17
    $stdout = @out

18
    $stderr = @err

19
  end

20


21
  subject(:deserializer) do

22
    described_class.new

23
  end

24


25
  let(:valid_stream) do

26
    "\xac\xed\x00\x05\x75\x72\x00\x02" +

27
    "\x5b\x43\xb0\x26\x66\xb0\xe2\x5d" +

28
    "\x84\xac\x02\x00\x00\x78\x70\x00" +

29
    "\x00\x00\x02\x00\x61\x00\x62"

30
  end

31


32
  describe ".new" do

33
    it "returns a JavaDeserializer instance" do

34
      expect(deserializer).to be_a(JavaDeserializer)

35
    end

36


37
    it "initializes file to nil" do

38
      expect(deserializer.file).to be_nil

39
    end

40
  end

41


42
  describe "#run" do

43
    context "when file is nil" do

44
      it "returns nil" do

45
        expect(deserializer.run).to be_nil

46
      end

47
    end

48


49
    context "when file contains a valid stream" do

50
      before(:example) do

51
        $stdout.string = ''

52
      end

53


54
      context "when no options" do

55
        it "prints the stream contents" do

56
          expect(File).to receive(:new) do

57
            contents = valid_stream

58
            StringIO.new(contents)

59
          end

60
          deserializer.file = 'sample'

61
          deserializer.run

62
          expect($stdout.string).to include('[7e0001] NewArray { char, ["97", "98"] }')

63
        end

64
      end

65


66
      context "when :array in options" do

67
        it "prints the array contents" do

68
          expect(File).to receive(:new) do

69
            contents = valid_stream

70
            StringIO.new(contents)

71
          end

72
          deserializer.file = 'sample'

73
          deserializer.run({:array => '0'})

74
          expect($stdout.string).to include('Array Type: char')

75
        end

76
      end

77
    end

78


79
    context "when file contains an invalid stream" do

80
      it "prints the error while deserializing" do

81
        expect(File).to receive(:new) do

82
          contents = 'invalid_stream'

83
          StringIO.new(contents)

84
        end

85
        deserializer.file = 'sample'

86
        deserializer.run

87
        expect($stdout.string).to include('[-] Failed to unserialize Stream')

88
      end

89
    end

90
  end

91
end

92