Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metasploit crashes when tab completing a partial path #19160

Open
2 tasks
zeroSteiner opened this issue May 3, 2024 · 1 comment
Open
2 tasks

Metasploit crashes when tab completing a partial path #19160

zeroSteiner opened this issue May 3, 2024 · 1 comment
Labels
bug

Comments

@zeroSteiner
Copy link
Contributor

zeroSteiner commented May 3, 2024
edited

Steps to reproduce

Tested with Metasploit v6.4.7 with Ruby 3.2.3

  1. Use Metasploit with Ruby 3.2 or later (when File.exists? was removed, spoiler alert, that's the issue)
  2. Find a module with an OptPath datastore option
  3. Type in a path that is partially complete, e.g. /path/to/some for a file named /path/to/something
  4. Hit the tab key twice to get tab complete
  5. See a stack trace that resembles the following
/home/smcintyre/.rvm/gems/ruby-3.2.3@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:8490:in `append_to_match': undefined method `exists?' for File:Class (NoMethodError)
Did you mean?  exist?
	from /home/smcintyre/.rvm/gems/ruby-3.2.3@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:6864:in `rl_complete_internal'
	from /home/smcintyre/.rvm/gems/ruby-3.2.3@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:6903:in `rl_complete'
	from /home/smcintyre/.rvm/gems/ruby-3.2.3@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4374:in `_rl_dispatch_subseq'
	from /home/smcintyre/.rvm/gems/ruby-3.2.3@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4363:in `_rl_dispatch'
	from /home/smcintyre/.rvm/gems/ruby-3.2.3@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4779:in `readline_internal_charloop'
	from /home/smcintyre/.rvm/gems/ruby-3.2.3@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4853:in `readline_internal'
	from /home/smcintyre/.rvm/gems/ruby-3.2.3@metasploit-framework/gems/rb-readline-0.5.5/lib/rbreadline.rb:4875:in `readline'
	from /home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/input/readline.rb:161:in `readline_with_output'
	from /home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/input/readline.rb:99:in `pgets'
	from /home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:341:in `get_input_line'
	from /home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:142:in `block in run'
	from /home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:309:in `block in with_history_manager_context'
	from /home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell/history_manager.rb:33:in `with_context'
	from /home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:306:in `with_history_manager_context'
	from /home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:133:in `run'
	from /home/smcintyre/Repositories/metasploit-framework.pr/lib/metasploit/framework/command/console.rb:54:in `start'
	from /home/smcintyre/Repositories/metasploit-framework.pr/lib/metasploit/framework/command/base.rb:82:in `start'
	from ./msfconsole:23:in `<main>'

Proposed solution

I've opened this ticket for visibility. I others start to run into this, we may want to consider a resolution that does not depend on the upstream project.
@zeroSteiner zeroSteiner added the bug label May 3, 2024
@zeroSteiner zeroSteiner changed the title Metasploit crashes when complete a partial path Metasploit crashes when tab completing a partial path May 3, 2024
@adfoster-r7
Copy link
Contributor

I'm not against having a polyfill for File.exists?; it would allow also allow older modules that use File.exists? to continue to work with newer framework releases/ruby runtimes

I've previously updated framework plus our other gems to no longer use File.exists? - but looks like I missed rb-readline. From a quick grep of the current gemset:

➜  ruby-3.0.5@metasploit-framework rg 'File.exists\?'                                          
gems/systemu-2.6.5/Rakefile
102:      extensions << ext if File.exists?(ext)

gems/pcaprub-0.13.2/USAGE.rdoc
42:  if(not File.exists?(pcapfile))

gems/Ascii85-1.1.0/bin/ascii85
59:  unless File.exists?(@options[:file])

gems/eventmachine-1.2.7/docs/old/ChangeLog
176:30Sep08: Added File.exists? checks in the args for start_tls, as suggested by

gems/http_parser.rb-0.8.0/tasks/compile.rake
37:  at_exit{ FileUtils.rm t.name if File.exists?(t.name) }

gems/rubocop-1.63.2/lib/rubocop/cop/lint/deprecated_class_methods.rb
11:      #   File.exists?(some_path)

gems/macaddr-1.7.2/Rakefile
102:      extensions << ext if File.exists?(ext)

gems/builder-3.2.4/rakelib/tags.rake
17:  SYSTEM_DIRS = RVM_GEMDIR && File.exists?(RVM_GEMDIR) ? RVM_GEMDIR : []

gems/rb-readline-0.5.5/lib/rbreadline.rb
6568:    return nil if !File.exists?(filename)
8489:      return temp_string_index unless File.exists? filename

It looks like we'll need to only update rb-readline, and maybe http_parser.rb? It looks like there was a commit for it - but it was never released as a version bump to Ruby gems: tmm1/http_parser.rb@f2b7e1a

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
Metasploit Kanban
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zeroSteiner @adfoster-r7