From 2ec037226c5fcf54ff3c37579eaabc085297f8f0 Mon Sep 17 00:00:00 2001
From: dwelch-r7 <dean_welch@rapid7.com>
Date: Thu, 13 May 2021 16:44:17 +0100
Subject: [PATCH] allow spaces in input

---
 lib/msfdb_helpers/pg_ctl.rb        | 26 +++++++++++++-------------
 lib/msfdb_helpers/pg_ctlcluster.rb | 24 ++++++++++++------------
 msfdb                              |  6 +++---
 3 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/lib/msfdb_helpers/pg_ctl.rb b/lib/msfdb_helpers/pg_ctl.rb
index d19da56203..72c50c4d85 100644
--- a/lib/msfdb_helpers/pg_ctl.rb
+++ b/lib/msfdb_helpers/pg_ctl.rb
@@ -29,7 +29,7 @@ module MsfdbHelpers
 
       puts "Creating database at #{@db}"
       Dir.mkdir(@db)
-      run_cmd("initdb --auth-host=trust --auth-local=trust -E UTF8 #{@db}")
+      run_cmd("initdb --auth-host=trust --auth-local=trust -E UTF8 #{@db.shellescape}")
 
       File.open("#{@db}/postgresql.conf", 'a') do |f|
         f.puts "port = #{@options[:db_port]}"
@@ -66,15 +66,15 @@ module MsfdbHelpers
     end
 
     def start
-      if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} status") == 0
+      if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db.shellescape} status") == 0
         puts "Database already started at #{@db}"
         return true
       end
 
       print "Starting database at #{@db}..."
-      run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} -l #{@db}/log start")
+      run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db.shellescape} -l #{@db.shellescape}/log start")
       sleep(2)
-      if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} status") != 0
+      if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db.shellescape} status") != 0
         puts 'failed'.red.bold.to_s
         false
       else
@@ -84,9 +84,9 @@ module MsfdbHelpers
     end
 
     def stop
-      if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} status") == 0
+      if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db.shellescape} status") == 0
         puts "Stopping database at #{@db}"
-        run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} stop")
+        run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db.shellescape} stop")
       else
         puts "Database is no longer running at #{@db}"
       end
@@ -99,7 +99,7 @@ module MsfdbHelpers
 
     def status
       if Dir.exist?(@db)
-        if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db} status") == 0
+        if run_cmd("pg_ctl -o \"-p #{@options[:db_port]}\" -D #{@db.shellescape} status") == 0
           puts "Database started at #{@db}"
         else
           puts "Database is not running at #{@db}"
@@ -111,12 +111,12 @@ module MsfdbHelpers
 
     def create_db_users(msf_pass, msftest_pass)
       puts 'Creating database users'
-      run_psql("create user #{@options[:msf_db_user]} with password '#{msf_pass}'")
-      run_psql("create user #{@options[:msftest_db_user]} with password '#{msftest_pass}'")
-      run_psql("alter role #{@options[:msf_db_user]} createdb")
-      run_psql("alter role #{@options[:msftest_db_user]} createdb")
-      run_psql("alter role #{@options[:msf_db_user]} with password '#{msf_pass}'")
-      run_psql("alter role #{@options[:msftest_db_user]} with password '#{msftest_pass}'")
+      run_psql("create user #{@options[:msf_db_user].shellescape} with password '#{msf_pass}'")
+      run_psql("create user #{@options[:msftest_db_user].shellescape} with password '#{msftest_pass}'")
+      run_psql("alter role #{@options[:msf_db_user].shellescape} createdb")
+      run_psql("alter role #{@options[:msftest_db_user].shellescape} createdb")
+      run_psql("alter role #{@options[:msf_db_user].shellescape} with password '#{msf_pass}'")
+      run_psql("alter role #{@options[:msftest_db_user].shellescape} with password '#{msftest_pass}'")
 
       conn = PG.connect(host: @options[:db_host], dbname: 'postgres', port: @options[:db_port], user: @options[:msf_db_user], password: msf_pass)
       conn.exec("CREATE DATABASE #{@options[:msf_db_name]}")
diff --git a/lib/msfdb_helpers/pg_ctlcluster.rb b/lib/msfdb_helpers/pg_ctlcluster.rb
index 52ef080fd1..a5c8c6f85d 100644
--- a/lib/msfdb_helpers/pg_ctlcluster.rb
+++ b/lib/msfdb_helpers/pg_ctlcluster.rb
@@ -33,7 +33,7 @@ module MsfdbHelpers
       puts "Creating database at #{@db}"
       Dir.mkdir(@db)
       FileUtils.mkdir_p(@pg_cluster_conf_root)
-      run_cmd("pg_createcluster --user=$(whoami) -l #{@db}/log -d #{@db} -s /tmp --encoding=UTF8 #{@pg_version} #{@options[:msf_db_name]} -- --username=$(whoami) --auth-host=trust --auth-local=trust")
+      run_cmd("pg_createcluster --user=$(whoami) -l #{@db.shellescape}/log -d #{@db.shellescape} -s /tmp --encoding=UTF8 #{@pg_version} #{@options[:msf_db_name].shellescape} -- --username=$(whoami) --auth-host=trust --auth-local=trust")
       File.open("#{@pg_cluster_conf_root}/#{@pg_version}/#{@options[:msf_db_name]}/postgresql.conf", 'a') do |f|
         f.puts "port = #{@options[:db_port]}"
       end
@@ -52,7 +52,7 @@ module MsfdbHelpers
 
         if @options[:delete_existing_data]
           puts "Deleting all data at #{@db}"
-          run_cmd("pg_dropcluster #{@pg_version} #{@options[:msf_db_name]}")
+          run_cmd("pg_dropcluster #{@pg_version} #{@options[:msf_db_name].shellescape}")
           FileUtils.rm_rf(@db)
           FileUtils.rm_rf("#{@localconf}/.local/etc/postgresql")
           File.delete(@db_conf)
@@ -69,7 +69,7 @@ module MsfdbHelpers
 
     def start
       print "Starting database at #{@db}..."
-      status = run_cmd("pg_ctlcluster #{@pg_version} #{@options[:msf_db_name]} start -- -o \"-p #{@options[:db_port]}\" -D #{@db} -l #{@db}/log")
+      status = run_cmd("pg_ctlcluster #{@pg_version} #{@options[:msf_db_name].shellescape} start -- -o \"-p #{@options[:db_port]}\" -D #{@db.shellescape} -l #{@db.shellescape}/log")
       case status
       when 0
         puts 'success'.green.bold.to_s
@@ -84,16 +84,16 @@ module MsfdbHelpers
     end
 
     def stop
-      run_cmd("pg_ctlcluster #{get_postgres_version} #{@options[:msf_db_name]} stop -- -o \"-p #{@options[:db_port]}\" -D #{@db}")
+      run_cmd("pg_ctlcluster #{get_postgres_version} #{@options[:msf_db_name].shellescape} stop -- -o \"-p #{@options[:db_port]}\" -D #{@db.shellescape}")
     end
 
     def restart
-      run_cmd("pg_ctlcluster #{@pg_version} #{@options[:msf_db_name]} reload -- -o \"-p #{@options[:db_port]}\" -D #{@db} -l #{@db}/log")
+      run_cmd("pg_ctlcluster #{@pg_version} #{@options[:msf_db_name].shellescape} reload -- -o \"-p #{@options[:db_port]}\" -D #{@db.shellescape} -l #{@db.shellescape}/log")
     end
 
     def status
       if Dir.exist?(@db)
-        if run_cmd("pg_ctlcluster #{@pg_version} #{@options[:msf_db_name]} status -- -o \"-p #{@options[:db_port]}\" -D #{@db}") == 0
+        if run_cmd("pg_ctlcluster #{@pg_version} #{@options[:msf_db_name].shellescape} status -- -o \"-p #{@options[:db_port]}\" -D #{@db.shellescape}") == 0
           puts "Database started at #{@db}"
         else
           puts "Database is not running at #{@db}"
@@ -125,12 +125,12 @@ module MsfdbHelpers
 
     def create_db_users(msf_pass, msftest_pass)
       puts 'Creating database users'
-      run_psql("create user #{@options[:msf_db_user]} with password '#{msf_pass}'")
-      run_psql("create user #{@options[:msftest_db_user]} with password '#{msftest_pass}'")
-      run_psql("alter role #{@options[:msf_db_user]} createdb")
-      run_psql("alter role #{@options[:msftest_db_user]} createdb")
-      run_psql("alter role #{@options[:msf_db_user]} with password '#{msf_pass}'")
-      run_psql("alter role #{@options[:msftest_db_user]} with password '#{msftest_pass}'")
+      run_psql("create user #{@options[:msf_db_user].shellescape} with password '#{msf_pass}'")
+      run_psql("create user #{@options[:msftest_db_user].shellescape} with password '#{msftest_pass}'")
+      run_psql("alter role #{@options[:msf_db_user].shellescape} createdb")
+      run_psql("alter role #{@options[:msftest_db_user].shellescape} createdb")
+      run_psql("alter role #{@options[:msf_db_user].shellescape} with password '#{msf_pass}'")
+      run_psql("alter role #{@options[:msftest_db_user].shellescape} with password '#{msftest_pass}'")
 
       conn = PG.connect(host: @options[:db_host], dbname: 'postgres', port: @options[:db_port], user: @options[:msf_db_user], password: msf_pass)
       conn.exec("CREATE DATABASE #{@options[:msf_db_name]}")
diff --git a/msfdb b/msfdb
index f8aa1171d6..7ea13d1b4d 100755
--- a/msfdb
+++ b/msfdb
@@ -656,11 +656,11 @@ end
 
 # TODO: In the future this can be replaced by Msf::WebServices::HttpDBManagerService
 def thin_cmd
-  server_opts = "--rackup #{@ws_conf} --address #{@options[:address]} --port #{@options[:port]}"
-  ssl_opts = @options[:ssl] ? "--ssl --ssl-key-file #{@options[:ssl_key]} --ssl-cert-file #{@options[:ssl_cert]}" : ''
+  server_opts = "--rackup #{@ws_conf.shellescape} --address #{@options[:address].shellescape} --port #{@options[:port]}"
+  ssl_opts = @options[:ssl] ? "--ssl --ssl-key-file #{@options[:ssl_key].shellescape} --ssl-cert-file #{@options[:ssl_cert].shellescape}" : ''
   ssl_opts << ' --ssl-disable-verify' if skip_ssl_verify?
   adapter_opts = "--environment #{@options[:ws_env]}"
-  daemon_opts = "--daemonize --log #{@ws_log} --pid #{@ws_pid} --tag #{@ws_tag}" if @options[:daemon]
+  daemon_opts = "--daemonize --log #{@ws_log.shellescape} --pid #{@ws_pid.shellescape} --tag #{@ws_tag}" if @options[:daemon]
   all_opts = [server_opts, ssl_opts, adapter_opts, daemon_opts].reject(&:blank?).join(' ')
 
   "thin #{all_opts}"