Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
r3set
/
MetaSploitFraemwork
spogulis no https://github.com/rapid7/metasploit-framework
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Atzars: master
Atzari Tagi
MetaSploitFr...
/
spec
/
tools
/
java_deserializer_spec.rb

java_deserializer_spec.rb 2.2 KB
Patstāvīgā saite Vēsture Neapstrādāts

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. require 'rex/java'
    2. 

  2. require 'stringio'
    3. 

  3. 

  4. load Metasploit::Framework.root.join('tools/exploit/java_deserializer.rb').to_path
    5. 

  5. 

  6. RSpec.describe JavaDeserializer do
    7. 

  7. 

  8.   before(:context) do
    9. 

  9.     @out = $stdout
    10. 

  10.     @err = $stderr
    11. 

  11. 

  12.     $stdout = StringIO.new
    13. 

  13.     $stderr = StringIO.new
    14. 

  14.   end
    15. 

  15. 

  16.   after(:context) do
    17. 

  17.     $stdout = @out
    18. 

  18.     $stderr = @err
    19. 

  19.   end
    20. 

  20. 

  21.   subject(:deserializer) do
    22. 

  22.     described_class.new
    23. 

  23.   end
    24. 

  24. 

  25.   let(:valid_stream) do
    26. 

  26.     "\xac\xed\x00\x05\x75\x72\x00\x02" +
    27. 

  27.     "\x5b\x43\xb0\x26\x66\xb0\xe2\x5d" +
    28. 

  28.     "\x84\xac\x02\x00\x00\x78\x70\x00" +
    29. 

  29.     "\x00\x00\x02\x00\x61\x00\x62"
    30. 

  30.   end
    31. 

  31. 

  32.   describe ".new" do
    33. 

  33.     it "returns a JavaDeserializer instance" do
    34. 

  34.       expect(deserializer).to be_a(JavaDeserializer)
    35. 

  35.     end
    36. 

  36. 

  37.     it "initializes file to nil" do
    38. 

  38.       expect(deserializer.file).to be_nil
    39. 

  39.     end
    40. 

  40.   end
    41. 

  41. 

  42.   describe "#run" do
    43. 

  43.     context "when file is nil" do
    44. 

  44.       it "returns nil" do
    45. 

  45.         expect(deserializer.run).to be_nil
    46. 

  46.       end
    47. 

  47.     end
    48. 

  48. 

  49.     context "when file contains a valid stream" do
    50. 

  50.       before(:example) do
    51. 

  51.         $stdout.string = ''
    52. 

  52.       end
    53. 

  53. 

  54.       context "when no options" do
    55. 

  55.         it "prints the stream contents" do
    56. 

  56.           expect(File).to receive(:new) do
    57. 

  57.             contents = valid_stream
    58. 

  58.             StringIO.new(contents)
    59. 

  59.           end
    60. 

  60.           deserializer.file = 'sample'
    61. 

  61.           deserializer.run
    62. 

  62.           expect($stdout.string).to include('[7e0001] NewArray { char, ["97", "98"] }')
    63. 

  63.         end
    64. 

  64.       end
    65. 

  65. 

  66.       context "when :array in options" do
    67. 

  67.         it "prints the array contents" do
    68. 

  68.           expect(File).to receive(:new) do
    69. 

  69.             contents = valid_stream
    70. 

  70.             StringIO.new(contents)
    71. 

  71.           end
    72. 

  72.           deserializer.file = 'sample'
    73. 

  73.           deserializer.run({:array => '0'})
    74. 

  74.           expect($stdout.string).to include('Array Type: char')
    75. 

  75.         end
    76. 

  76.       end
    77. 

  77.     end
    78. 

  78. 

  79.     context "when file contains an invalid stream" do
    80. 

  80.       it "prints the error while deserializing" do
    81. 

  81.         expect(File).to receive(:new) do
    82. 

  82.           contents = 'invalid_stream'
    83. 

  83.           StringIO.new(contents)
    84. 

  84.         end
    85. 

  85.         deserializer.file = 'sample'
    86. 

  86.         deserializer.run
    87. 

  87.         expect($stdout.string).to include('[-] Failed to unserialize Stream')
    88. 

  88.       end
    89. 

  89.     end
    90. 

  90.   end
    91. 

  91. end
    92.