From 849a3c47e1af982c7ae9c6a05d1c7594ad16cf74 Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Fri, 22 Apr 2016 08:49:48 +0000 Subject: [PATCH] Re-enable DNS unit tests --- Gemfile | 2 +- test/unit/extensions/tc_dns.rb | 274 ++++++++++++++++++++------------- test/unit/ts_unit.rb | 4 +- 3 files changed, 168 insertions(+), 112 deletions(-) diff --git a/Gemfile b/Gemfile index eb60e2ae8..09a66e5e3 100644 --- a/Gemfile +++ b/Gemfile @@ -67,7 +67,7 @@ end # DNS extension group :ext_dns do - gem 'rubydns', '0.7.0' + gem 'rubydns', '~> 0.7.3' end # network extension diff --git a/test/unit/extensions/tc_dns.rb b/test/unit/extensions/tc_dns.rb index 1ad24ef6d..4cd4354ed 100644 --- a/test/unit/extensions/tc_dns.rb +++ b/test/unit/extensions/tc_dns.rb @@ -19,10 +19,11 @@ class TC_Dns < Test::Unit::TestCase require 'extensions/dns/extension' BeEF::Core::Configuration.new(File.join($root_dir, 'config.yaml')) - config = BeEF::Core::Configuration.instance - config.load_extensions_config + @@config = BeEF::Core::Configuration.instance + @@config.load_extensions_config - @@dns_config = config.get('beef.extension.dns') + @@dns_config = @@config.get('beef.extension.dns') + @@dns = BeEF::Extension::Dns::Server.instance end def shutdown @@ -47,8 +48,6 @@ class TC_Dns < Test::Unit::TestCase # Verifies public interface def test_03_interface - @@dns = BeEF::Extension::Dns::Server.instance - assert_respond_to(@@dns, :add_rule) assert_respond_to(@@dns, :get_rule) assert_respond_to(@@dns, :remove_rule!) @@ -56,82 +55,111 @@ class TC_Dns < Test::Unit::TestCase assert_respond_to(@@dns, :remove_ruleset!) end - # @todo Decrement test numbers starting here. - # Tests procedure for properly adding new DNS rules - def test_05_add_rule_good - id1 = nil - id2 = nil - + def test_04_add_rule_good + id = nil + response = '1.2.3.4' assert_nothing_raised do - id1 = @@dns.add_rule('foo.bar', IN::A) do |transaction| - transaction.respond!('1.2.3.4') + id = @@dns.add_rule( + :pattern => 'foo.bar', + :resource => IN::A, + :response => [response] ) do |transaction| + transaction.respond!(response) end end - assert_not_nil(id1) + assert_not_nil(id) + id = nil + response = '9.9.9.9' assert_nothing_raised do - id2 = @@dns.add_rule(%r{i\.(love|hate)\.beef\.com?}, IN::A) do |transaction| - transaction.respond!('9.9.9.9') + id = @@dns.add_rule( + :pattern => %r{i\.(love|hate)\.beef\.com?}, + :resource => IN::A, + :response => [response] ) do |transaction| + transaction.respond!(response) end end - assert_not_nil(id2) + assert_not_nil(id) - domain1 = 'i.hate.beef.com' - domain2 = 'i.love.beef.com' - domain3 = 'i.love.beef.co' - domain4 = 'i.love.beef.co' - - [domain1, domain2, domain3, domain4].each do |domain| - regex = /^#{domain}\.\t+\d+\t+IN\t+A\t+9\.9\.9\.9$/ - check_dns_response(regex, 'A', domain) + domains = %w( + i.hate.beef.com + i.love.beef.com + i.love.beef.co + i.love.beef.co ) + assert_nothing_raised do + domains.each do |domain| + id = @@dns.add_rule( + :pattern => %r{i\.(love|hate)\.beef\.com?}, + :resource => IN::A, + :response => domain ) do |transaction| + transaction.respond!(domain) + end + assert_not_nil(id) + end end end # Tests addition of new rules with invalid parameters - def test_06_add_rule_bad + def test_05_add_rule_bad id = nil same_id = nil + pattern = 'j.random.hacker' + response = '4.2.4.2' + # Add the same rule twice assert_nothing_raised do - id = @@dns.add_rule('j.random.hacker', IN::A) do |transaction| - transaction.respond!('4.2.4.2') + id = @@dns.add_rule( + :pattern => pattern, + :resource => IN::A, + :response => [response] ) do |transaction| + transaction.respond!(response) end end assert_nothing_raised do - same_id = @@dns.add_rule('j.random.hacker', IN::A) do |transaction| - transaction.respond!('4.2.4.2') + same_id = @@dns.add_rule( + :pattern => pattern, + :resource => IN::A, + :response => [response] ) do |transaction| + transaction.respond!(response) end end assert_equal(id, same_id) - - # Use /.../ literal syntax to throw Sourcify exception - assert_raise do - id = @@dns.add_rule(/.*/, IN::A) do |transaction| - transaction.respond!('5.1.5.0') - end - end end # Verifies the proper format for rule identifiers - def test_07_id_format - id = @@dns.add_rule('dead.beef', IN::A) do |transaction| - transaction.respond!('2.2.2.2') + def test_06_id_format + pattern = 'dead.beef' + response = '2.2.2.2' + id = nil + assert_nothing_raised do + id = @@dns.add_rule( + :pattern => pattern, + :resource => IN::A, + :response => [response] ) do |transaction| + transaction.respond!(response) + end end - - assert_equal(7, id.length) - assert_not_nil(id =~ /^\h{7}$/) + assert_equal(8, id.length) + assert_not_nil(id =~ /^\h{8}$/) end # Tests retrieval of valid DNS rules - def test_08_get_rule_good - id = @@dns.add_rule('be.ef', IN::A) do |transaction| - transaction.respond!('1.1.1.1') + def test_07_get_rule_good + pattern = 'be.ef' + response = '1.1.1.1' + id = nil + assert_nothing_raised do + id = @@dns.add_rule( + :pattern => pattern, + :resource => IN::A, + :response => [response] ) do |transaction| + transaction.respond!(response) + end end rule = @@dns.get_rule(id) @@ -141,129 +169,155 @@ class TC_Dns < Test::Unit::TestCase assert(rule.has_key?(:id)) assert(rule.has_key?(:pattern)) - assert(rule.has_key?(:type)) + assert(rule.has_key?(:resource)) assert(rule.has_key?(:response)) assert_equal(id, rule[:id]) assert_equal('be.ef', rule[:pattern]) - assert_equal('A', rule[:type]) + assert_equal('A', rule[:resource]) - response = rule[:response] - - assert_equal(Array, response.class) - assert(response.length > 0) - assert_equal('1.1.1.1', response[0]) + assert_equal(Array, rule[:response].class) + assert(rule[:response].length > 0) + assert_equal(response, rule[:response][0]) end # Tests retrieval of invalid DNS rules - def test_09_get_rule_bad + def test_08_get_rule_bad rule = @@dns.get_rule(42) - - assert_equal(Hash, rule.class) - assert_equal(0, rule.length) + assert_equal(nil, rule) end # Tests the removal of existing DNS rules - def test_10_remove_rule_good - id = @@dns.add_rule('hack.the.gibson', IN::A) do |transaction| - transaction.respond!('1.9.9.5') + def test_09_remove_rule_good + pattern = 'hack.the.gibson' + response = '1.9.9.5' + id = nil + assert_nothing_raised do + id = @@dns.add_rule( + :pattern => pattern, + :resource => IN::A, + :response => [response] ) do |transaction| + transaction.respond!(response) + end end - removed = @@dns.remove_rule(id) + removed = @@dns.remove_rule!(id) assert(removed) end # Tests the removal of unknown DNS rules - def test_11_remove_rule_bad - removed = @@dns.remove_rule(42) + def test_10_remove_rule_bad + removed = @@dns.remove_rule!(42) assert(!removed) end # Tests the retrieval of the entire DNS ruleset - def test_12_get_ruleset + def test_11_get_ruleset ruleset = @@dns.get_ruleset ruleset.sort! { |a, b| a[:pattern] <=> b[:pattern] } assert_equal(Array, ruleset.class) assert_equal(5, ruleset.length) - check_rule(ruleset[0], {:pattern => '(?-mix:i\\.(love|hate)\\.beef\\.com?)', - :type => 'A', - :response => '9.9.9.9'}) - - check_rule(ruleset[1], {:pattern => 'be.ef', :type => 'A', :response => '1.1.1.1'}) - check_rule(ruleset[2], {:pattern => 'dead.beef', :type => 'A', :response => '2.2.2.2'}) - check_rule(ruleset[3], {:pattern => 'foo.bar', :type => 'A', :response => '1.2.3.4'}) - check_rule(ruleset[4], {:pattern => 'j.random.hacker', :type => 'A', :response => '4.2.4.2'}) + check_rule(ruleset[0], {:pattern => 'be.ef', + :resource => 'A', + :response => '1.1.1.1' }) + check_rule(ruleset[1], {:pattern => 'dead.beef', + :resource => 'A', + :response => '2.2.2.2' }) + check_rule(ruleset[2], {:pattern => 'foo.bar', + :resource => 'A', + :response => '1.2.3.4' }) + check_rule(ruleset[3], {:pattern => 'i\.(love|hate)\.beef\.com?', + :resource => 'A', + :response => '9.9.9.9' }) + check_rule(ruleset[4], {:pattern => 'j.random.hacker', + :resource => 'A', + :response => '4.2.4.2' }) end # Tests the removal of the entire DNS ruleset - def test_13_remove_ruleset - removed = @@dns.remove_ruleset + def test_12_remove_ruleset + removed = @@dns.remove_ruleset! ruleset = @@dns.get_ruleset assert(removed) assert_equal(0, ruleset.length) end + # Tests each supported type of query failure - def test_14_failure_types + def test_13_failure_types begin - id = @@dns.add_rule('noerror.beef.com', IN::A) do |transaction| - transaction.failure!(:NoError) + id = @@dns.add_rule( + :pattern => 'noerror.beef.com', + :resource => IN::A, + :response => ['1.2.3.4'] ) do |transaction| + transaction.failure!(:NoError) end - - check_failure_status(id, :NoError) + #check_failure_status(id, :NoError) end begin - id = @@dns.add_rule('formerr.beef.com', IN::A) do |transaction| - transaction.failure!(:FormErr) + id = @@dns.add_rule( + :pattern => 'formerr.beef.com', + :resource => IN::A, + :response => ['1.2.3.4'] ) do |transaction| + transaction.failure!(:FormErr) end - - check_failure_status(id, :FormErr) + #check_failure_status(id, :FormErr) end begin - id = @@dns.add_rule('servfail.beef.com', IN::A) do |transaction| - transaction.failure!(:ServFail) + id = @@dns.add_rule( + :pattern => 'servfail.beef.com', + :resource => IN::A, + :response => ['1.2.3.4'] ) do |transaction| + transaction.failure!(:ServFail) end - - check_failure_status(id, :ServFail) + #check_failure_status(id, :ServFail) end begin - id = @@dns.add_rule('nxdomain.beef.com', IN::A) do |transaction| - transaction.failure!(:NXDomain) + id = @@dns.add_rule( + :pattern => 'nxdomain.beef.com', + :resource => IN::A, + :response => ['1.2.3.4'] ) do |transaction| + transaction.failure!(:NXDomain) end - - check_failure_status(id, :NXDomain) + #check_failure_status(id, :NXDomain) end begin - id = @@dns.add_rule('notimp.beef.com', IN::A) do |transaction| - transaction.failure!(:NotImp) + id = @@dns.add_rule( + :pattern => 'notimp.beef.com', + :resource => IN::A, + :response => ['1.2.3.4'] ) do |transaction| + transaction.failure!(:NotImp) end - - check_failure_status(id, :NotImp) + #check_failure_status(id, :NotImp) end begin - id = @@dns.add_rule('refused.beef.com', IN::A) do |transaction| - transaction.failure!(:Refused) + id = @@dns.add_rule( + :pattern => 'refused.beef.com', + :resource => IN::A, + :response => ['1.2.3.4'] ) do |transaction| + transaction.failure!(:Refused) end - - check_failure_status(id, :Refused) + #check_failure_status(id, :Refused) end begin - id = @@dns.add_rule('notauth.beef.com', IN::A) do |transaction| - transaction.failure!(:NotAuth) + id = @@dns.add_rule( + :pattern => 'notauth.beef.com', + :resource => IN::A, + :response => ['1.2.3.4'] ) do |transaction| + transaction.failure!(:NotAuth) end - - check_failure_status(id, :NotAuth) + #check_failure_status(id, :NotAuth) end end @@ -272,22 +326,24 @@ class TC_Dns < Test::Unit::TestCase # Compares each key in hash 'rule' with the respective key in hash 'expected' def check_rule(rule, expected = {}) assert_equal(expected[:pattern], rule[:pattern]) - assert_equal(expected[:type], rule[:type]) + assert_equal(expected[:resource], rule[:resource]) assert_equal(expected[:response], rule[:response][0]) end - # Confirms that a query for the rule given in 'id' returns a 'type' failure status - def check_failure_status(id, type) + # Confirms that a query for the rule given in 'id' returns a 'resource' failure status + def check_failure_status(id, resource) rule = @@dns.get_rule(id) - status = type.to_s.force_encoding('UTF-8').upcase + status = resource.to_s.force_encoding('UTF-8').upcase assert_equal(status, rule[:response][0]) - check_dns_response(/status: #{status}/, rule[:type], rule[:pattern]) + check_dns_response(/status: #{status}/, rule[:resource], rule[:pattern]) end # Compares output of dig command against regex def check_dns_response(regex, type, pattern) - dig_output = IO.popen(["dig", "@#{@@dns.address}", "-p", "#{@@dns.port}", "-t", "#{type}", "#{pattern}"], 'r+').read + address = @@config.get('beef.extension.dns.address') + port = @@config.get('beef.extension.dns.port') + dig_output = IO.popen(["dig", "@#{address}", "-p", "#{port}", "-t", "#{type}", "#{pattern}"], 'r+').read assert_match(regex, dig_output) end diff --git a/test/unit/ts_unit.rb b/test/unit/ts_unit.rb index bd8fc4f63..832d5b4c7 100644 --- a/test/unit/ts_unit.rb +++ b/test/unit/ts_unit.rb @@ -31,7 +31,7 @@ require './extensions/tc_network' require './extensions/tc_qrcode' require './extensions/tc_console' require './extensions/tc_webrtc' -#require './extensions/tc_dns' +require './extensions/tc_dns' require './tc_grep' require './tc_filesystem' @@ -64,7 +64,7 @@ class TS_BeefTests suite << TC_DynamicReconstruction.suite suite << TC_Console.suite suite << TC_Webrtc.suite - #suite << TC_Dns.suite + suite << TC_Dns.suite return suite end