Update .gitignore to include secrets for local GitHub Actions testing; refactor spec_helper.rb for improved fork handling

2025-08-25 22:24:15 +10:00
parent 50e8468236
commit f9c630b5d6
2 changed files with 159 additions and 99 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -131,3 +131,6 @@ node_modules/
 # Generated files
 out/
 doc/rdoc/
 # Secrets for testing github actions locally
 .secrets
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -1,17 +1,21 @@
 # frozen_string_literal: true
 #
 # Copyright (c) 2006-2025 Wade Alcorn - wade@bindshell.net
 # Browser Exploitation Framework (BeEF) - https://beefproject.com
 # See the file 'doc/COPYING' for copying permission
 #
 # Set external and internal character encodings to UTF-8
 Encoding.default_external = Encoding::UTF_8
 Encoding.default_internal = Encoding::UTF_8
 require 'logger'
 require 'net/http'
 require 'uri'
 require 'core/loader.rb'
-# @note We need to load variables that 'beef' usually does for us
+# We need to load variables that 'beef' usually does for us
 # @todo review this config (this isn't used or is shadowed by the monkey patching, needs a further look to fix properly)
 config = BeEF::Core::Configuration.new('config.yaml')
 $home_dir = Dir.pwd
 $root_dir = Dir.pwd
@@ -26,13 +30,13 @@ require 'browserstack/local'
 require 'byebug'
 # Require supports
-Dir['spec/support/*.rb'].each do |f|
+Dir['spec/support/*.rb'].each { |f| require f }
  require f
 end
 ENV['RACK_ENV'] ||= 'test' # Set the environment to test
 ARGV.clear
 SERVER_START_TIMEOUT = Integer(ENV['SERVER_START_TIMEOUT'] || 20)
 ## BrowserStack config
 # Monkey patch to avoid reset sessions
@@ -42,29 +46,83 @@ class Capybara::Selenium::Driver < Capybara::Driver::Base
  end
 end
-TASK_ID = (ENV['TASK_ID'] || 0).to_i
+TASK_ID     = (ENV['TASK_ID'] || 0).to_i
 CONFIG_FILE = ENV['CONFIG_FILE'] || 'windows/win10/win10_chrome_81.config.yml'
-CONFIG = YAML.safe_load(File.read("./spec/support/browserstack/#{CONFIG_FILE}"))
+CONFIG      = YAML.safe_load(File.read("./spec/support/browserstack/#{CONFIG_FILE}"))
 CONFIG['user'] = ENV['BROWSERSTACK_USERNAME'] || ''
-CONFIG['key'] = ENV['BROWSERSTACK_ACCESS_KEY'] || ''
+CONFIG['key']  = ENV['BROWSERSTACK_ACCESS_KEY'] || ''
-## DB config
+## DB config for unit tests (in-memory). We will disconnect these before forking the server.
 ActiveRecord::Base.logger = nil
 OTR::ActiveRecord.configure_from_hash!(adapter: 'sqlite3', database: ':memory:')
 # otr-activerecord requires manually establishing the connection with the following line
 # Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
 if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
  OTR::ActiveRecord.establish_connection!
 end
 ActiveRecord::Schema.verbose = false
-# Migrate (if required)
+# Migrate (if required) for the in-memory schema used by non-server specs
-ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages
+ActiveRecord::Migration.verbose = false
 ActiveRecord::Migrator.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
-context = ActiveRecord::MigrationContext.new(ActiveRecord::Migrator.migrations_paths)
+mem_context = ActiveRecord::MigrationContext.new(ActiveRecord::Migrator.migrations_paths)
-if context.needs_migration?
+if mem_context.needs_migration?
-  ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate
+  ActiveRecord::Migrator
    .new(:up, mem_context.migrations, mem_context.schema_migration, mem_context.internal_metadata)
    .migrate
 end
 # -------------------------------------------------------------------
 # Console logger shims
 # Some extensions may call Console.level= or BeEF::Core::Console.level=
 # Ensure both are safe.
 # -------------------------------------------------------------------
 module BeEF
  module Core
    module Console
      class << self
        attr_accessor :logger
        def level=(val)
          (self.logger ||= Logger.new($stdout)).level = val
        end
        def level
          (self.logger ||= Logger.new($stdout)).level
        end
        # Proxy common logger methods if called directly (info, warn, error, etc.)
        def method_missing(m, *args, &blk)
          lg = (self.logger ||= Logger.new($stdout))
          return lg.public_send(m, *args, &blk) if lg.respond_to?(m)
          super
        end
        def respond_to_missing?(m, include_priv = false)
          (self.logger ||= Logger.new($stdout)).respond_to?(m, include_priv) || super
        end
      end
    end
  end
 end
 BeEF::Core::Console.logger ||= Logger.new($stdout)
 # Some code may reference a top-level ::Console constant (not namespaced)
 unless defined?(::Console) && ::Console.respond_to?(:level=)
  module ::Console
    class << self
      attr_accessor :logger
      def level=(val)
        (self.logger ||= Logger.new($stdout)).level = val
      end
      def level
        (self.logger ||= Logger.new($stdout)).level
      end
      # Proxy to logger for typical logging calls
      def method_missing(m, *args, &blk)
        lg = (self.logger ||= Logger.new($stdout))
        return lg.public_send(m, *args, &blk) if lg.respond_to?(m)
        super
      end
      def respond_to_missing?(m, include_priv = false)
        (self.logger ||= Logger.new($stdout)).respond_to?(m, include_priv) || super
      end
    end
  end
 end
 RSpec.configure do |config|
@@ -76,9 +134,9 @@ RSpec.configure do |config|
  config.expect_with :rspec do |c|
    c.syntax = :expect
  end
  config.around do |example|
    ActiveRecord::Base.transaction do
      # byebug
      example.run
      raise ActiveRecord::Rollback
    end
@@ -94,146 +152,145 @@ RSpec.configure do |config|
    exit 0
  ensure
    print_info 'Shutting down server'
-    Process.kill('KILL', server_pid)
+    Process.kill('KILL', server_pid) if server_pid
-    Process.kill('KILL', server_pids)
+    Array(server_pids).compact.each { |pid| Process.kill('KILL', pid) }
  end
-########################################
+  ########################################
-def reset_beef_db
+  def reset_beef_db
-  begin
+    db_file = BeEF::Core::Configuration.instance.get('beef.database.file')
-      db_file = BeEF::Core::Configuration.instance.get('beef.database.file')
+    File.delete(db_file) if File.exist?(db_file)
      File.delete(db_file) if File.exist?(db_file)
  rescue => e
-      print_error("Could not remove '#{db_file}' database file: #{e.message}")
+    print_error("Could not remove '#{db_file}' database file: #{e.message}")
  end
 end
-require 'socket'
+  require 'socket'
  def port_available?
    socket = TCPSocket.new(@host, @port)
    socket.close
-    false  # If a connection is made, the port is in use, so it's not available.
+    false # If a connection is made, the port is in use.
-  rescue Errno::ECONNREFUSED
+  rescue Errno::ECONNREFUSED, Errno::EADDRNOTAVAIL
-    true   # If the connection is refused, the port is not in use, so it's available.
+    true  # Connection refused/unavailable => port is free.
  rescue Errno::EADDRNOTAVAIL
    true   # If the connection is refused, the port is not in use, so it's available.
  end
  def configure_beef
    # Reset or re-initialise the configuration to a default state
    @config = BeEF::Core::Configuration.instance
-
+    @config.set('beef.credentials.user',  'beef')
-    @config.set('beef.credentials.user', "beef")
+    @config.set('beef.credentials.passwd','beef')
    @config.set('beef.credentials.passwd', "beef")
    @config.set('beef.http.https.enable', false)
  end
  # Load the server
  def load_beef_extensions_and_modules
-      # Load BeEF extensions
+    # Load BeEF extensions
-      BeEF::Extensions.load
+    BeEF::Extensions.load
    # Load BeEF modules only if they are not already loaded
    BeEF::Modules.load if @config.get('beef.module').nil?
  end
-      # Load BeEF modules only if they are not already loaded
+  # --- HARD fork-safety: disconnect every pool/adapter we can find ---
-      BeEF::Modules.load if @config.get('beef.module').nil?
+  def disconnect_all_active_record!
    if defined?(ActiveRecord::Base)
      # Disconnect every connection pool explicitly
      handler = ActiveRecord::Base.connection_handler
      handler.connection_pool_list.each { |pool| pool.disconnect! } if handler.respond_to?(:connection_pool_list)
      ActiveRecord::Base.clear_active_connections!
      ActiveRecord::Base.clear_all_connections!
    end
    OTR::ActiveRecord.disconnect! if defined?(OTR::ActiveRecord)
  end
  def start_beef_server
    configure_beef
    @port = @config.get('beef.http.port')
    @host = @config.get('beef.http.host')
    @host = '127.0.0.1'
    unless port_available?
      print_error "Port #{@port} is already in use. Exiting."
-      exit
+      exit 1
    end
    load_beef_extensions_and_modules
-    # Grab DB file and regenerate if requested
+    # DB file for BeEF runtime (not the in-memory test DB)
    db_file = @config.get('beef.database.file')
    if BeEF::Core::Console::CommandLine.parse[:resetdb]
      File.delete(db_file) if File.exist?(db_file)
    end
-    # Load up DB and migrate if necessary
+    # ***** IMPORTANT: close any and all AR/OTR connections before forking *****
-    ActiveRecord::Base.logger = nil
+    disconnect_all_active_record!
    OTR::ActiveRecord.configure_from_hash!(adapter:'sqlite3', database: db_file)
    # otr-activerecord require you to manually establish the connection with the following line
    #Also a check to confirm that the correct Gem version is installed to require it, likely easier for old systems.
    if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
      OTR::ActiveRecord.establish_connection!
    end
    # Migrate (if required)
    ActiveRecord::Migration.verbose = false # silence activerecord migration stdout messages
    ActiveRecord::Migrator.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
    context = ActiveRecord::MigrationContext.new(ActiveRecord::Migrator.migrations_paths)
    if context.needs_migration?
      ActiveRecord::Migrator.new(:up, context.migrations, context.schema_migration, context.internal_metadata).migrate
    end
    BeEF::Core::Migration.instance.update_db!
    # Spawn HTTP Server
    # print_info "Starting HTTP Hook Server"
    http_hook_server = BeEF::Core::Server.instance
    http_hook_server.prepare
    # Generate a token for the server to respond with
    BeEF::Core::Crypto::api_token
    # Initiate server start-up
    BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
    pid = fork do
      # Child: establish a fresh connection to the file DB
      OTR::ActiveRecord.configure_from_hash!(adapter: 'sqlite3', database: db_file)
      if Gem.loaded_specs['otr-activerecord'].version > Gem::Version.create('1.4.2')
        OTR::ActiveRecord.establish_connection!
      end
      # Apply migrations for runtime DB
      ActiveRecord::Migration.verbose = false
      ActiveRecord::Migrator.migrations_paths = [File.join('core', 'main', 'ar-migrations')]
      context = ActiveRecord::MigrationContext.new(ActiveRecord::Migrator.migrations_paths)
      if context.needs_migration?
        ActiveRecord::Migrator
          .new(:up, context.migrations, context.schema_migration, context.internal_metadata)
          .migrate
      end
      BeEF::Core::Migration.instance.update_db!
      # Spawn HTTP Server
      http_hook_server = BeEF::Core::Server.instance
      http_hook_server.prepare
      # Generate a token for the server to respond with
      BeEF::Core::Crypto::api_token
      # Fire pre_http_start hooks (Dns extension, etc.)
      BeEF::API::Registrar.instance.fire(BeEF::API::Server, 'pre_http_start', http_hook_server)
      # Start server (blocking call)
      http_hook_server.start
    end
-    return pid
+    pid
  end
  def beef_server_running?(uri_str)
-    begin
+    uri = URI.parse(uri_str)
-      uri = URI.parse(uri_str)
+    response = Net::HTTP.get_response(uri)
-      response = Net::HTTP.get_response(uri)
+    response.is_a?(Net::HTTPSuccess)
-      response.is_a?(Net::HTTPSuccess)
+  rescue Errno::ECONNREFUSED, StandardError
-      rescue Errno::ECONNREFUSED
+    false
        return false # Connection refused means the server is not running
      rescue StandardError => e
        return false # Any other error means the server is not running
    end
  end
  def wait_for_beef_server_to_start(uri_str, timeout: 5)
-    start_time = Time.now # Record the time we started
+    start_time = Time.now
-    until beef_server_running?(uri_str) || (Time.now - start_time) > timeout do
+    until beef_server_running?(uri_str) || (Time.now - start_time) > timeout
-      sleep 0.1 # Wait a bit before checking again
+      sleep 0.1
    end
-    beef_server_running?(uri_str) # Return the result of the check
+    beef_server_running?(uri_str)
  end
  def start_beef_server_and_wait
-    puts "Starting BeEF server"
+    puts 'Starting BeEF server'
    pid = start_beef_server
    puts "BeEF server started with PID: #{pid}"
-    if wait_for_beef_server_to_start('http://localhost:3000', timeout: SERVER_START_TIMEOUT)
+    unless wait_for_beef_server_to_start('http://localhost:3000', timeout: SERVER_START_TIMEOUT)
-      # print_info "Server started successfully."
+      print_error 'Server failed to start within timeout.'
    else
      print_error "Server failed to start within timeout."
    end
    pid
  end
  def stop_beef_server(pid)
-    exit if pid.nil?
+    return if pid.nil?
-    # Shutting down server
+    Process.kill('KILL', pid)
-    Process.kill("KILL", pid) unless pid.nil?
+    Process.wait(pid)
    Process.wait(pid) unless pid.nil? # Ensure the process has exited and the port is released 
    pid = nil       
  end
 end