/spec/support/shared/examples/msf/db_manager/import_msf_xml.rb

https://github.com/debbiemezyene/metasploit-framework · Ruby · 1174 lines · 947 code · 222 blank · 5 comment · 41 complexity · edceedd2d173a42dae5f4cb1e9a37621 MD5 · raw file

  1. # -*- coding:binary -*-
  2. require 'builder'
  3. shared_examples_for 'Msf::DBManager::ImportMsfXml' do
  4. # Serialized format from pro/modules/auxiliary/pro/report.rb
  5. def serialize(object)
  6. # FIXME https://www.pivotaltracker.com/story/show/46578647
  7. marshalled = Marshal.dump(object)
  8. base64_encoded = [marshalled].pack('m')
  9. compact = base64_encoded.gsub(/\s+/, '')
  10. compact
  11. end
  12. def with_info
  13. db_manager.should_receive(:import_msf_web_element) do |*args, &specialization|
  14. info = specialization.call(element, options)
  15. yield info
  16. end
  17. subject
  18. end
  19. let(:allow_yaml) do
  20. false
  21. end
  22. let(:document) do
  23. REXML::Document.new(source)
  24. end
  25. let(:element) do
  26. nil
  27. end
  28. let(:host_attributes) do
  29. FactoryGirl.attributes_for(:mdm_host)
  30. end
  31. let(:msf_web_text_element_names) do
  32. [
  33. 'created-at',
  34. 'host',
  35. 'path',
  36. 'port',
  37. 'query',
  38. 'ssl',
  39. 'updated-at',
  40. 'vhost'
  41. ]
  42. end
  43. let(:notifier) do
  44. lambda do |event, data|
  45. end
  46. end
  47. let(:options) do
  48. {
  49. :allow_yaml => allow_yaml,
  50. :workspace => workspace
  51. }
  52. end
  53. let(:service_attributes) do
  54. FactoryGirl.attributes_for(:web_service)
  55. end
  56. let(:web_form_attributes) do
  57. FactoryGirl.attributes_for(:mdm_web_form, :exported)
  58. end
  59. let(:web_page_attributes) do
  60. FactoryGirl.attributes_for(:mdm_web_page)
  61. end
  62. let(:workspace) do
  63. nil
  64. end
  65. let(:xml) do
  66. Builder::XmlMarkup.new(:indent => 2)
  67. end
  68. it 'should include methods from module so method can be overridden easier in pro' do
  69. db_manager.should be_a Msf::DBManager::ImportMsfXml
  70. end
  71. context 'CONSTANTS' do
  72. it 'should define MSF_WEB_PAGE_TEXT_ELEMENT_NAMES in any order' do
  73. described_class::MSF_WEB_PAGE_TEXT_ELEMENT_NAMES =~ [
  74. 'auth',
  75. 'body',
  76. 'code',
  77. 'cookie',
  78. 'ctype',
  79. 'location',
  80. 'mtime'
  81. ]
  82. end
  83. it 'should define MSF_WEB_TEXT_ELEMENT_NAMES in any order' do
  84. described_class::MSF_WEB_TEXT_ELEMENT_NAMES =~ msf_web_text_element_names
  85. end
  86. it 'should define MSF_WEB_VULN_TEXT_ELEMENT_NAMES in any order' do
  87. described_class::MSF_WEB_VULN_TEXT_ELEMENT_NAMES =~ [
  88. 'blame',
  89. 'category',
  90. 'confidence',
  91. 'description',
  92. 'method',
  93. 'name',
  94. 'pname',
  95. 'proof',
  96. 'risk'
  97. ]
  98. end
  99. end
  100. context '#check_msf_xml_version!' do
  101. let(:root_tag) do
  102. 'root'
  103. end
  104. let(:source) do
  105. xml.tag!(root_tag)
  106. xml.target!
  107. end
  108. subject(:metadata) do
  109. db_manager.send(:check_msf_xml_version!, document)
  110. end
  111. it_should_behave_like(
  112. 'Msf::DBManager::ImportMsfXml#check_msf_xml_version! with root tag',
  113. 'MetasploitExpressV1',
  114. :allow_yaml => true
  115. )
  116. it_should_behave_like(
  117. 'Msf::DBManager::ImportMsfXml#check_msf_xml_version! with root tag',
  118. 'MetasploitExpressV2',
  119. :allow_yaml => true
  120. )
  121. it_should_behave_like(
  122. 'Msf::DBManager::ImportMsfXml#check_msf_xml_version! with root tag',
  123. 'MetasploitExpressV3',
  124. :allow_yaml => false
  125. )
  126. it_should_behave_like(
  127. 'Msf::DBManager::ImportMsfXml#check_msf_xml_version! with root tag',
  128. 'MetasploitExpressV4',
  129. :allow_yaml => false
  130. )
  131. context 'with other' do
  132. it 'should raise DBImportError' do
  133. expect {
  134. metadata
  135. }.to raise_error(
  136. Msf::DBImportError,
  137. 'Unsupported Metasploit XML document format'
  138. )
  139. end
  140. end
  141. end
  142. context '#import_msf_text_element' do
  143. let(:parent_element) do
  144. document.root
  145. end
  146. let(:child_name) do
  147. 'child'
  148. end
  149. let(:child_sym) do
  150. child_name.to_sym
  151. end
  152. subject(:info) do
  153. db_manager.send(:import_msf_text_element, parent_element, child_name)
  154. end
  155. context 'with child element' do
  156. let(:source) do
  157. xml.parent do
  158. xml.tag!(child_name, text)
  159. end
  160. xml.target!
  161. end
  162. context 'with padded text' do
  163. let(:stripped) do
  164. 'stripped'
  165. end
  166. let(:text) do
  167. " #{stripped} "
  168. end
  169. it 'should strip text' do
  170. info[:child].should == stripped
  171. end
  172. end
  173. context 'with NULL text' do
  174. let(:text) do
  175. 'NULL'
  176. end
  177. it 'should have nil for child name in info' do
  178. # use have_key to verify info isn't just returning hash default of
  179. # `nil`.
  180. info.should have_key(child_sym)
  181. info[child_sym].should be_nil
  182. end
  183. end
  184. context 'without NULL text' do
  185. let(:text) do
  186. 'some text'
  187. end
  188. it 'should have text for child name in info' do
  189. info[child_sym].should == text
  190. end
  191. end
  192. end
  193. context 'without child element' do
  194. let(:source) do
  195. xml.parent
  196. xml.target!
  197. end
  198. it 'should return an empty Hash' do
  199. info.should == {}
  200. end
  201. end
  202. end
  203. context 'import_msf_web_element' do
  204. let(:element) do
  205. document.root
  206. end
  207. let(:options) do
  208. {}
  209. end
  210. let(:specialization) do
  211. lambda { |element, options|
  212. {}
  213. }
  214. end
  215. subject(:import_msf_web_element) do
  216. db_manager.send(
  217. :import_msf_web_element,
  218. element,
  219. options,
  220. &specialization
  221. )
  222. end
  223. context 'with :type' do
  224. include_context 'DatabaseCleaner'
  225. let(:source) do
  226. xml.tag!("web_#{type}") do
  227. web_site = web_vuln.web_site
  228. service = web_site.service
  229. xml.host(service.host.address)
  230. xml.path(web_vuln.path)
  231. xml.port(service.port)
  232. xml.query(web_vuln.query)
  233. ssl = false
  234. if service.name == 'https'
  235. ssl = true
  236. end
  237. xml.ssl(ssl)
  238. xml.vhost(web_site.vhost)
  239. end
  240. xml.target!
  241. end
  242. let(:type) do
  243. :vuln
  244. end
  245. let(:web_vuln) do
  246. FactoryGirl.create(:mdm_web_vuln)
  247. end
  248. before(:each) do
  249. db_manager.stub(
  250. :report_web_vuln
  251. ).with(
  252. an_instance_of(Hash)
  253. )
  254. options[:type] = type
  255. end
  256. context 'with :workspace' do
  257. let(:workspace) do
  258. double(':workspace')
  259. end
  260. before(:each) do
  261. options[:workspace] = workspace
  262. end
  263. it 'should not call Msf::DBManager#workspace' do
  264. db_manager.should_not_receive(:workspace)
  265. import_msf_web_element
  266. end
  267. it 'should pass :workspace to report_web_<:type>' do
  268. db_manager.should_receive(
  269. "report_web_#{type}"
  270. ).with(
  271. hash_including(:workspace => workspace)
  272. )
  273. import_msf_web_element
  274. end
  275. end
  276. context 'without :workspace' do
  277. let(:workspace) do
  278. FactoryGirl.create(:mdm_workspace)
  279. end
  280. before(:each) do
  281. db_manager.workspace = workspace
  282. end
  283. it 'should call Msf::DBManager#workspace' do
  284. db_manager.should_receive(:workspace).and_call_original
  285. import_msf_web_element
  286. end
  287. it 'should pass Msf::DBManager#workspace to report_web_<:type>' do
  288. db_manager.should_receive(
  289. "report_web_#{type}"
  290. ).with(
  291. hash_including(:workspace => workspace)
  292. )
  293. import_msf_web_element
  294. end
  295. end
  296. it 'should import all elements in MSF_WEB_TEXT_ELEMENT_NAMES with #import_msf_text_element' do
  297. msf_web_text_element_names.each do |name|
  298. db_manager.should_receive(
  299. :import_msf_text_element
  300. ).with(
  301. element,
  302. name
  303. ).and_call_original
  304. end
  305. import_msf_web_element
  306. end
  307. context 'with non-empty Hash from #import_msf_text_element' do
  308. let(:returned_hash) do
  309. {
  310. :host => '192.168.0.1'
  311. }
  312. end
  313. before(:each) do
  314. db_manager.stub(:import_msf_text_element).and_return(returned_hash)
  315. end
  316. it 'should pass returned Hash as part of Hash passed to report_web_<:type' do
  317. db_manager.should_receive(
  318. "report_web_#{type}"
  319. ).with(
  320. hash_including(returned_hash)
  321. )
  322. import_msf_web_element
  323. end
  324. end
  325. context 'ssl element' do
  326. context 'without element' do
  327. let(:source) do
  328. xml.tag!("web_#{type}")
  329. xml.target!
  330. end
  331. it 'should pass false for :ssl to report_web_<:type>' do
  332. db_manager.should_receive(
  333. "report_web_#{type}"
  334. ).with(
  335. hash_including(:ssl => false)
  336. )
  337. import_msf_web_element
  338. end
  339. end
  340. context 'with element' do
  341. let(:source) do
  342. xml.tag!("web_#{type}") do
  343. xml.ssl(ssl)
  344. end
  345. xml.target!
  346. end
  347. context "with 'true' text" do
  348. let(:ssl) do
  349. true
  350. end
  351. it 'should pass true for :ssl to report_web_<:type>' do
  352. db_manager.should_receive(
  353. "report_web_#{type}"
  354. ).with(
  355. hash_including(:ssl => true)
  356. )
  357. import_msf_web_element
  358. end
  359. end
  360. context "without 'true' text" do
  361. let(:ssl) do
  362. false
  363. end
  364. it 'should pass false for :ssl to report_web_<:type>' do
  365. db_manager.should_receive(
  366. "report_web_#{type}"
  367. ).with(
  368. hash_including(:ssl => false)
  369. )
  370. import_msf_web_element
  371. end
  372. end
  373. end
  374. end
  375. context 'specialization block' do
  376. let(:returned_hash) do
  377. {
  378. :specialized => double('Value')
  379. }
  380. end
  381. let(:specialization) do
  382. lambda { |element, option|
  383. returned_hash
  384. }
  385. end
  386. it 'should be called with element and options' do
  387. actual_args = []
  388. db_manager.send(
  389. :import_msf_web_element,
  390. element,
  391. options) do |*args|
  392. actual_args = args
  393. returned_hash
  394. end
  395. actual_args.should == [element, options]
  396. end
  397. it 'should pass return Hash to report_web_<:type>' do
  398. db_manager.should_receive(
  399. "report_web_#{type}"
  400. ).with(
  401. hash_including(returned_hash)
  402. )
  403. import_msf_web_element
  404. end
  405. end
  406. context 'notifier' do
  407. context 'with :notifier' do
  408. let(:event) do
  409. "web_#{type}".to_sym
  410. end
  411. let(:notifier) do
  412. lambda do |*args|
  413. successive_args << args
  414. end
  415. end
  416. let(:successive_args) do
  417. []
  418. end
  419. before(:each) do
  420. options[:notifier] = notifier
  421. end
  422. it 'should call :notifier with event and path' do
  423. import_msf_web_element
  424. successive_args.length.should == 1
  425. args = successive_args[0]
  426. args.length.should == 2
  427. args[0].should == event
  428. args[1].should == web_vuln.path
  429. end
  430. end
  431. context 'without :notifier' do
  432. it 'should not raise an error' do
  433. expect {
  434. import_msf_web_element
  435. }.to_not raise_error
  436. end
  437. end
  438. end
  439. end
  440. context 'without :type' do
  441. let(:element) do
  442. nil
  443. end
  444. it 'should raise KeyError' do
  445. expect {
  446. import_msf_web_element
  447. }.to raise_error(KeyError, 'key not found: :type')
  448. end
  449. end
  450. end
  451. context '#import_msf_web_form_element' do
  452. let(:type) do
  453. :form
  454. end
  455. subject(:import_msf_web_form_element) do
  456. db_manager.import_msf_web_form_element(
  457. element,
  458. options,
  459. &notifier
  460. )
  461. end
  462. context 'call to #import_msf_web_element' do
  463. it_should_behave_like 'Msf::DBManager::ImportMsfXml#import_msf_web_element specialization'
  464. context 'specialization return' do
  465. let(:element) do
  466. document.root
  467. end
  468. let(:source) do
  469. xml.web_form do
  470. xml.method(
  471. web_form_attributes.fetch(:method)
  472. )
  473. serialized_params = serialize(
  474. web_form_attributes.fetch(:params)
  475. )
  476. xml.params(serialized_params)
  477. end
  478. xml.target!
  479. end
  480. it 'should be a Hash' do
  481. with_info do |info|
  482. info.should be_a Hash
  483. end
  484. end
  485. it 'should include :method' do
  486. with_info do |info|
  487. info[:method].should == web_form_attributes[:method]
  488. end
  489. end
  490. it 'should include :params' do
  491. with_info do |info|
  492. info[:params].should == web_form_attributes[:params]
  493. end
  494. end
  495. end
  496. end
  497. context 'with required attributes' do
  498. include_context 'DatabaseCleaner'
  499. let(:element) do
  500. document.root
  501. end
  502. let(:source) do
  503. xml.web_form do
  504. xml.host(
  505. host_attributes.fetch(:address)
  506. )
  507. xml.method(
  508. web_form_attributes.fetch(:method)
  509. )
  510. xml.path(
  511. web_form_attributes.fetch(:path)
  512. )
  513. xml.port(
  514. service_attributes.fetch(:port)
  515. )
  516. ssl = false
  517. if service_attributes[:name] == 'https'
  518. ssl = true
  519. end
  520. xml.ssl(ssl)
  521. end
  522. xml.target!
  523. end
  524. it 'should create an Mdm::WebForm' do
  525. expect {
  526. import_msf_web_form_element
  527. }.to change(Mdm::WebForm, :count).by(1)
  528. end
  529. end
  530. end
  531. context '#import_msf_web_page_element' do
  532. let(:type) do
  533. :page
  534. end
  535. subject(:import_msf_web_page_element) do
  536. db_manager.import_msf_web_page_element(
  537. element,
  538. options,
  539. &notifier
  540. )
  541. end
  542. context 'call to #import_msf_web_element' do
  543. it_should_behave_like 'Msf::DBManager::ImportMsfXml#import_msf_web_element specialization'
  544. context 'specialization return' do
  545. let(:element) do
  546. document.root
  547. end
  548. let(:source) do
  549. xml.web_page do
  550. xml.auth(
  551. web_page_attributes.fetch(:auth)
  552. )
  553. xml.body(
  554. web_page_attributes.fetch(:body)
  555. )
  556. xml.code(
  557. web_page_attributes.fetch(:code)
  558. )
  559. xml.cookie(
  560. web_page_attributes.fetch(:cookie)
  561. )
  562. xml.ctype(
  563. web_page_attributes.fetch(:ctype)
  564. )
  565. serialized_headers = serialize(
  566. web_page_attributes.fetch(:headers)
  567. )
  568. xml.headers(serialized_headers)
  569. xml.location(
  570. web_page_attributes.fetch(:location)
  571. )
  572. xml.mtime(
  573. web_page_attributes.fetch(:mtime)
  574. )
  575. end
  576. xml.target!
  577. end
  578. it 'should be a Hash' do
  579. db_manager.should_receive(:import_msf_web_element) do |*args, &specialization|
  580. info = specialization.call(element, options)
  581. info.should be_a Hash
  582. end
  583. import_msf_web_page_element
  584. end
  585. it 'should include :auth' do
  586. with_info do |info|
  587. info[:auth].should == web_page_attributes.fetch(:auth)
  588. end
  589. end
  590. it 'should include :body' do
  591. with_info do |info|
  592. info[:body].should == web_page_attributes.fetch(:body)
  593. end
  594. end
  595. it 'should include :code' do
  596. with_info do |info|
  597. info[:code].should == web_page_attributes.fetch(:code)
  598. end
  599. end
  600. it 'should include :cookie' do
  601. with_info do |info|
  602. info[:cookie].should == web_page_attributes.fetch(:cookie)
  603. end
  604. end
  605. it 'should include :ctype' do
  606. with_info do |info|
  607. info[:ctype].should == web_page_attributes.fetch(:ctype)
  608. end
  609. end
  610. it 'should include :headers' do
  611. with_info do |info|
  612. info[:headers].should == web_page_attributes.fetch(:headers)
  613. end
  614. end
  615. it 'should include :location' do
  616. with_info do |info|
  617. info[:location].should == web_page_attributes.fetch(:location)
  618. end
  619. end
  620. it 'should include :mtime' do
  621. with_info do |info|
  622. info[:mtime].should == web_page_attributes.fetch(:mtime)
  623. end
  624. end
  625. end
  626. end
  627. context 'with required attributes' do
  628. include_context 'DatabaseCleaner'
  629. let(:element) do
  630. document.root
  631. end
  632. let(:source) do
  633. xml.web_page do
  634. xml.body(
  635. web_page_attributes.fetch(:body)
  636. )
  637. xml.code(
  638. web_page_attributes.fetch(:code)
  639. )
  640. serialized_headers = serialize(
  641. web_page_attributes.fetch(:headers)
  642. )
  643. xml.headers(serialized_headers)
  644. xml.host(
  645. host_attributes.fetch(:address)
  646. )
  647. xml.path(
  648. web_page_attributes.fetch(:headers)
  649. )
  650. xml.port(
  651. service_attributes.fetch(:port)
  652. )
  653. xml.query(
  654. web_page_attributes.fetch(:query)
  655. )
  656. ssl = false
  657. if service_attributes[:name] == 'https'
  658. ssl = true
  659. end
  660. xml.ssl(ssl)
  661. end
  662. xml.target!
  663. end
  664. it 'should create an Mdm::WebPage' do
  665. expect {
  666. import_msf_web_page_element
  667. }.to change(Mdm::WebPage, :count).by(1)
  668. end
  669. end
  670. end
  671. context '#import_msf_web_vuln_element' do
  672. let(:type) do
  673. :vuln
  674. end
  675. let(:web_vuln_attributes) do
  676. FactoryGirl.attributes_for(:exported_web_vuln)
  677. end
  678. subject(:import_msf_web_vuln_element) do
  679. db_manager.import_msf_web_vuln_element(
  680. element,
  681. options,
  682. &notifier
  683. )
  684. end
  685. context 'call to #import_msf_web_element' do
  686. it_should_behave_like 'Msf::DBManager::ImportMsfXml#import_msf_web_element specialization'
  687. context 'specialization return' do
  688. let(:element) do
  689. document.root
  690. end
  691. let(:source) do
  692. xml.web_vuln do
  693. xml.blame(
  694. web_vuln_attributes.fetch(:blame)
  695. )
  696. xml.category(
  697. web_vuln_attributes.fetch(:category)
  698. )
  699. xml.confidence(
  700. web_vuln_attributes.fetch(:confidence)
  701. )
  702. xml.description(
  703. web_vuln_attributes.fetch(:description)
  704. )
  705. xml.method(
  706. web_vuln_attributes.fetch(:method)
  707. )
  708. xml.name(
  709. web_vuln_attributes.fetch(:name)
  710. )
  711. xml.pname(
  712. web_vuln_attributes.fetch(:pname)
  713. )
  714. xml.proof(
  715. web_vuln_attributes.fetch(:proof)
  716. )
  717. xml.risk(
  718. web_vuln_attributes.fetch(:risk)
  719. )
  720. end
  721. xml.target!
  722. end
  723. it 'should be a Hash' do
  724. with_info do |info|
  725. info.should be_a Hash
  726. end
  727. import_msf_web_vuln_element
  728. end
  729. it 'should include :blame' do
  730. with_info do |info|
  731. info[:blame].should == web_vuln_attributes.fetch(:blame)
  732. end
  733. end
  734. it 'should include :category' do
  735. with_info do |info|
  736. info[:category].should == web_vuln_attributes.fetch(:category)
  737. end
  738. end
  739. it 'should include :confidence' do
  740. with_info do |info|
  741. info[:confidence].should == web_vuln_attributes.fetch(:confidence)
  742. end
  743. end
  744. it 'should include :description' do
  745. with_info do |info|
  746. info[:description].should == web_vuln_attributes.fetch(:description)
  747. end
  748. end
  749. it 'should include :method' do
  750. with_info do |info|
  751. info[:method].should == web_vuln_attributes.fetch(:method)
  752. end
  753. end
  754. it 'should include :name' do
  755. with_info do |info|
  756. info[:name].should == web_vuln_attributes.fetch(:name)
  757. end
  758. end
  759. it 'should include :pname' do
  760. with_info do |info|
  761. info[:pname].should == web_vuln_attributes.fetch(:pname)
  762. end
  763. end
  764. it 'should include :proof' do
  765. with_info do |info|
  766. info[:proof].should == web_vuln_attributes.fetch(:proof)
  767. end
  768. end
  769. it 'should include :risk' do
  770. with_info do |info|
  771. info[:risk].should == web_vuln_attributes.fetch(:risk)
  772. end
  773. end
  774. end
  775. end
  776. context 'with required attributes' do
  777. include_context 'DatabaseCleaner'
  778. let(:element) do
  779. document.root
  780. end
  781. let(:source) do
  782. xml.web_vuln do
  783. xml.category(
  784. web_vuln_attributes.fetch(:category)
  785. )
  786. xml.host(
  787. host_attributes.fetch(:address)
  788. )
  789. xml.method(
  790. web_vuln_attributes.fetch(:method)
  791. )
  792. xml.name(
  793. web_vuln_attributes.fetch(:name)
  794. )
  795. serialized_params = serialize(
  796. web_vuln_attributes.fetch(:params)
  797. )
  798. xml.params(serialized_params)
  799. xml.path(
  800. web_vuln_attributes.fetch(:path)
  801. )
  802. xml.pname(
  803. web_vuln_attributes.fetch(:pname)
  804. )
  805. xml.port(
  806. service_attributes.fetch(:port)
  807. )
  808. xml.proof(
  809. web_vuln_attributes.fetch(:proof)
  810. )
  811. xml.risk(
  812. web_vuln_attributes.fetch(:risk)
  813. )
  814. ssl = false
  815. if service_attributes[:name] == 'https'
  816. ssl = true
  817. end
  818. xml.ssl(ssl)
  819. end
  820. xml.target!
  821. end
  822. it 'should create an Mdm::WebVuln' do
  823. expect {
  824. import_msf_web_vuln_element
  825. }.to change(Mdm::WebVuln, :count).by(1)
  826. end
  827. end
  828. end
  829. context '#import_msf_xml' do
  830. let(:data) do
  831. '<MetasploitV4/>'
  832. end
  833. subject(:import_msf_xml) do
  834. db_manager.import_msf_xml(:data => data)
  835. end
  836. it 'should call #check_msf_xml_version!' do
  837. db_manager.should_receive(:check_msf_xml_version!).and_call_original
  838. import_msf_xml
  839. end
  840. context 'with web_forms/web_form elements' do
  841. include_context 'DatabaseCleaner'
  842. let(:data) do
  843. xml.tag!('MetasploitV4') do
  844. xml.web_forms do
  845. xml.web_form do
  846. xml.host(
  847. host_attributes.fetch(:address)
  848. )
  849. xml.method(
  850. web_form_attributes.fetch(:method)
  851. )
  852. xml.path(
  853. web_form_attributes.fetch(:path)
  854. )
  855. xml.port(
  856. service_attributes.fetch(:port)
  857. )
  858. ssl = false
  859. if service_attributes[:name] == 'https'
  860. ssl = true
  861. end
  862. xml.ssl(ssl)
  863. end
  864. end
  865. end
  866. xml.target!
  867. end
  868. it 'should call #import_msf_web_form_element' do
  869. db_manager.should_receive(:import_msf_web_form_element).and_call_original
  870. import_msf_xml
  871. end
  872. end
  873. context 'with web_pages/web_page elements' do
  874. include_context 'DatabaseCleaner'
  875. let(:data) do
  876. xml.tag!('MetasploitV4') do
  877. xml.web_pages do
  878. xml.web_page do
  879. xml.body(
  880. web_page_attributes.fetch(:body)
  881. )
  882. xml.code(
  883. web_page_attributes.fetch(:code)
  884. )
  885. serialized_headers = serialize(
  886. web_page_attributes.fetch(:headers)
  887. )
  888. xml.headers(serialized_headers)
  889. xml.host(
  890. host_attributes.fetch(:address)
  891. )
  892. xml.path(
  893. web_page_attributes.fetch(:headers)
  894. )
  895. xml.port(
  896. service_attributes.fetch(:port)
  897. )
  898. xml.query(
  899. web_page_attributes.fetch(:query)
  900. )
  901. ssl = false
  902. if service_attributes[:name] == 'https'
  903. ssl = true
  904. end
  905. xml.ssl(ssl)
  906. end
  907. end
  908. end
  909. xml.target!
  910. end
  911. it 'should call #import_msf_web_page_element' do
  912. db_manager.should_receive(:import_msf_web_page_element).and_call_original
  913. import_msf_xml
  914. end
  915. end
  916. context 'with web_vulns/web_vuln elements' do
  917. include_context 'DatabaseCleaner'
  918. let(:data) do
  919. xml.tag!('MetasploitV4') do
  920. xml.web_vulns do
  921. xml.web_vuln do
  922. xml.category(web_vuln.category)
  923. service = web_vuln.web_site.service
  924. xml.host(service.host.address)
  925. xml.method(web_vuln.method)
  926. xml.name(web_vuln.name)
  927. serialized_params = serialize(web_vuln.params)
  928. xml.params(serialized_params)
  929. xml.path(web_vuln.path)
  930. xml.pname(web_vuln.pname)
  931. xml.port(service.port)
  932. xml.proof(web_vuln.proof)
  933. ssl = false
  934. if service.name == 'https'
  935. ssl = true
  936. end
  937. xml.ssl(ssl)
  938. end
  939. end
  940. end
  941. xml.target!
  942. end
  943. let(:web_vuln) do
  944. FactoryGirl.create(:mdm_web_vuln)
  945. end
  946. it 'should call #import_msf_web_vuln_element' do
  947. db_manager.should_receive(:import_msf_web_vuln_element).and_call_original
  948. import_msf_xml
  949. end
  950. end
  951. end
  952. end