From 6cdfd322f29e8a8ac102e8fcd2b5a12e7928a9e5 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Sun, 7 Sep 2014 21:35:33 -0500
Subject: [PATCH] change should to expect

---
 .../framework/login_scanner/glassfish_spec.rb | 82 +++++++++++++++++--
 1 file changed, 77 insertions(+), 5 deletions(-)

diff --git a/spec/lib/metasploit/framework/login_scanner/glassfish_spec.rb b/spec/lib/metasploit/framework/login_scanner/glassfish_spec.rb
index 025b3867b2..73d3826a00 100644
--- a/spec/lib/metasploit/framework/login_scanner/glassfish_spec.rb
+++ b/spec/lib/metasploit/framework/login_scanner/glassfish_spec.rb
@@ -142,11 +142,11 @@ describe Metasploit::Framework::LoginScanner::Glassfish do
     end
 
     it 'returns status Metasploit::Model::Login::Status::SUCCESSFUL for a valid credential' do
-      http_scanner.try_glassfish_2(cred)[:status].should eq(Metasploit::Model::Login::Status::SUCCESSFUL)
+      expect(http_scanner.try_glassfish_2(cred)[:status]).to eq(Metasploit::Model::Login::Status::SUCCESSFUL)
     end
 
     it 'returns Metasploit::Model::Login::Status::INCORRECT for an invalid credential' do
-      http_scanner.try_glassfish_2(bad_cred)[:status].should eq(Metasploit::Model::Login::Status::INCORRECT)
+      expect(http_scanner.try_glassfish_2(bad_cred)[:status]).to eq(Metasploit::Model::Login::Status::INCORRECT)
     end
   end
 
@@ -188,15 +188,15 @@ describe Metasploit::Framework::LoginScanner::Glassfish do
     end
 
     it 'returns status Metasploit::Model::Login::Status::SUCCESSFUL for a valid credential' do
-      http_scanner.try_glassfish_3(cred)[:status].should eq(Metasploit::Model::Login::Status::SUCCESSFUL)
+      expect(http_scanner.try_glassfish_3(cred)[:status]).to eq(Metasploit::Model::Login::Status::SUCCESSFUL)
     end
 
     it 'returns status Metasploit::Model::Login::Status::SUCCESSFUL based on a disabled remote admin message' do
-      http_scanner.try_glassfish_3(disabled_cred)[:status].should eq(Metasploit::Model::Login::Status::SUCCESSFUL)
+      expect(http_scanner.try_glassfish_3(disabled_cred)[:status]).to eq(Metasploit::Model::Login::Status::SUCCESSFUL)
     end
 
     it 'returns status Metasploit::Model::Login::Status::INCORRECT for an invalid credential' do
-      http_scanner.try_glassfish_3(bad_cred)[:status].should eq(Metasploit::Model::Login::Status::INCORRECT)
+      expect(http_scanner.try_glassfish_3(bad_cred)[:status]).to eq(Metasploit::Model::Login::Status::INCORRECT)
     end
   end
 
@@ -229,6 +229,78 @@ describe Metasploit::Framework::LoginScanner::Glassfish do
       end
     end
 
+    context 'when Glassfish version 2' do
+      let(:login_ok_message) do
+        '<title>Deploy Enterprise Applications/Modules</title>'
+      end
+
+      it 'returns a Metasploit::Framework::LoginScanner::Result' do
+        allow_any_instance_of(Rex::Proto::Http::Client).to receive(:send_recv) do |cli, req|
+          if req.opts['uri'] && req.opts['uri'].include?('j_security_check') &&
+              req.opts['data'] &&
+              req.opts['data'].include?("j_username=#{username}") &&
+              req. opts['data'].include?("j_password=#{password}")
+            res = Rex::Proto::Http::Response.new(302)
+            res.headers['Location'] = '/applications/upload.jsf'
+            res.headers['Set-Cookie'] = 'JSESSIONID=GOODSESSIONID'
+            res
+          elsif req.opts['uri'] && req.opts['uri'].include?('j_security_check')
+            res = Rex::Proto::Http::Response.new(200)
+            res.body = 'bad login'
+          elsif req.opts['uri'] &&
+              req.opts['uri'].include?('/applications/upload.jsf')
+            res = Rex::Proto::Http::Response.new(200)
+            res.body = '<title>Deploy Enterprise Applications/Modules</title>'
+          else
+            res = Rex::Proto::Http::Response.new(404)
+          end
+
+          res
+        end
+
+        expect(http_scanner.attempt_login(cred)).to be_kind_of(Metasploit::Framework::LoginScanner::Result)
+      end
+    end
+
+    context 'when Glassfish version 3' do
+      let(:login_ok_message) do
+        '<title>Deploy Enterprise Applications/Modules</title>'
+      end
+
+
+      it 'returns a Metasploit::Framework::LoginScanner::Result' do
+        allow_any_instance_of(Rex::Proto::Http::Client).to receive(:send_recv) do |cli, req|
+          if req.opts['uri'] && req.opts['uri'].include?('j_security_check') &&
+              req.opts['data'] &&
+              req.opts['data'].include?("j_username=#{username}") &&
+              req. opts['data'].include?("j_password=#{password}")
+            res = Rex::Proto::Http::Response.new(302)
+            res.headers['Location'] = '/common/applications/uploadFrame.jsf'
+            res.headers['Set-Cookie'] = 'JSESSIONID=GOODSESSIONID'
+            res
+          elsif req.opts['uri'] && req.opts['uri'].include?('j_security_check') &&
+              req.opts['data'] &&
+              req.opts['data'].include?("j_username=#{username_disabled}") &&
+              req. opts['data'].include?("j_password=#{password_disabled}")
+            res = Rex::Proto::Http::Response.new(200)
+            res.body = 'Secure Admin must be enabled'
+          elsif req.opts['uri'] && req.opts['uri'].include?('j_security_check')
+            res = Rex::Proto::Http::Response.new(200)
+            res.body = 'bad login'
+          elsif req.opts['uri'] &&
+              req.opts['uri'].include?('/common/applications/uploadFrame.jsf')
+            res = Rex::Proto::Http::Response.new(200)
+            res.body = '<title>Deploy Applications or Modules'
+          else
+            res = Rex::Proto::Http::Response.new(404)
+          end
+
+          res
+        end
+
+        expect(http_scanner.attempt_login(cred)).to be_kind_of(Metasploit::Framework::LoginScanner::Result)
+      end
+    end
   end
 
 end