crash.software
Projects
Pull Requests
Issues
Builds
gophish
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY gophish Commits f39014bb
🤬

  • Moved template validation into separate function, and added validation for pages

  • Loading...
  • Jordan Wright committed 6 years ago
    f39014bb
    1 parent 0c5925ae
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    models/page.go
    skipped 69 lines
    70 70   if p.CapturePasswords && !p.CaptureCredentials {
    71 71   p.CaptureCredentials = true
    72 72   }
     73 + if err := ValidateTemplate(p.HTML); err != nil {
     74 + return err
     75 + }
    73 76   return p.parseHTML()
    74 77  }
    75 78   
    skipped 67 lines
  • ■ ■ ■ ■ ■ ■
    models/page_test.go
    skipped 83 lines
    84 84   })
    85 85  }
    86 86   
     87 +func (s *ModelsSuite) TestPageValidation(c *check.C) {
     88 + html := `<html>
     89 + <head></head>
     90 + <body>{{.BaseURL}}</body>
     91 + </html>`
     92 + p := Page{
     93 + HTML: html,
     94 + RedirectURL: "http://example.com",
     95 + }
     96 + // Validate that a name is required
     97 + err := p.Validate()
     98 + c.Assert(err, check.Equals, ErrPageNameNotSpecified)
     99 + 
     100 + p.Name = "Test Page"
     101 + 
     102 + // Validate that CaptureCredentials is automatically set if somehow the
     103 + // user fails to set it, but does indicate that passwords should be
     104 + // captured
     105 + p.CapturePasswords = true
     106 + c.Assert(p.CaptureCredentials, check.Equals, false)
     107 + err = p.Validate()
     108 + c.Assert(err, check.Equals, nil)
     109 + c.Assert(p.CaptureCredentials, check.Equals, true)
     110 + 
     111 + // Validate that if the HTML contains an invalid template tag, that we
     112 + // catch it
     113 + p.HTML = `<html>
     114 + <head></head>
     115 + <body>{{.INVALIDTAG}}</body>
     116 + </html>`
     117 + err = p.Validate()
     118 + c.Assert(err, check.NotNil)
     119 +}
     120 + 
  • ■ ■ ■ ■ ■
    models/template.go
    skipped 33 lines
    34 34   case t.Text == "" && t.HTML == "":
    35 35   return ErrTemplateMissingParameter
    36 36   }
    37  - // Test that the variables used in the template
    38  - // validate with no issues
    39  - vc := ValidationContext{
    40  - FromAddress: "[email protected]",
    41  - BaseURL: "http://example.com",
    42  - }
    43  - td := Result{
    44  - BaseRecipient: BaseRecipient{
    45  - Email: "[email protected]",
    46  - FirstName: "Foo",
    47  - LastName: "Bar",
    48  - Position: "Test",
    49  - },
    50  - RId: "123456",
    51  - }
    52  - ptx, err := NewPhishingTemplateContext(vc, td.BaseRecipient, td.RId)
    53  - if err != nil {
     37 + if err = ValidateTemplate(t.HTML); err != nil {
    54 38   return err
    55 39   }
    56  - _, err = ExecuteTemplate(t.HTML, ptx)
    57  - if err != nil {
    58  - return err
    59  - }
    60  - _, err = ExecuteTemplate(t.Text, ptx)
    61  - if err != nil {
     40 + if err = ValidateTemplate(t.Text); err != nil {
    62 41   return err
    63 42   }
    64 43   return nil
    skipped 142 lines
  • ■ ■ ■ ■ ■ ■
    models/template_context.go
    skipped 14 lines
    15 15   getBaseURL() string
    16 16  }
    17 17   
    18  -// ValidationContext is used for validating templates and pages
    19  -type ValidationContext struct {
    20  - FromAddress string
    21  - BaseURL string
    22  -}
    23  - 
    24  -func (vc ValidationContext) getFromAddress() string {
    25  - return vc.FromAddress
    26  -}
    27  - 
    28  -func (vc ValidationContext) getBaseURL() string {
    29  - return vc.BaseURL
    30  -}
    31  - 
    32 18  // PhishingTemplateContext is the context that is sent to any template, such
    33 19  // as the email or landing page content.
    34 20  type PhishingTemplateContext struct {
    skipped 60 lines
    95 81   return buff.String(), err
    96 82  }
    97 83   
     84 +// ValidationContext is used for validating templates and pages
     85 +type ValidationContext struct {
     86 + FromAddress string
     87 + BaseURL string
     88 +}
     89 + 
     90 +func (vc ValidationContext) getFromAddress() string {
     91 + return vc.FromAddress
     92 +}
     93 + 
     94 +func (vc ValidationContext) getBaseURL() string {
     95 + return vc.BaseURL
     96 +}
     97 + 
     98 +// ValidateTemplate ensures that the provided text in the page or template
     99 +// uses the supported template variables correctly.
     100 +func ValidateTemplate(text string) error {
     101 + vc := ValidationContext{
     102 + FromAddress: "[email protected]",
     103 + BaseURL: "http://example.com",
     104 + }
     105 + td := Result{
     106 + BaseRecipient: BaseRecipient{
     107 + Email: "[email protected]",
     108 + FirstName: "Foo",
     109 + LastName: "Bar",
     110 + Position: "Test",
     111 + },
     112 + RId: "123456",
     113 + }
     114 + ptx, err := NewPhishingTemplateContext(vc, td.BaseRecipient, td.RId)
     115 + if err != nil {
     116 + return err
     117 + }
     118 + _, err = ExecuteTemplate(text, ptx)
     119 + if err != nil {
     120 + return err
     121 + }
     122 + return nil
     123 +}
     124 + 
Please wait...
Page is in error, reload to recover