Add the Signature Verification to the Code to fix issue 828

mandiant · Apr 23, 2024 · dca330c · dca330c
1 parent 731f6ec
commit dca330c
Show file tree

Hide file tree

Showing 2 changed files with 101 additions and 10 deletions.
diff --git a/packages/metasploit.vm/tools/chocolateyinstall.ps1 b/packages/metasploit.vm/tools/chocolateyinstall.ps1
@@ -2,17 +2,25 @@ $ErrorActionPreference = 'Stop'
 Import-Module vm.common -Force -DisableNameChecking
 
 try {
-    $toolName = 'Metasploit'
-    $category = 'Command & Control'
+    # Download the installer
+    $packageArgs        = @{
+        packageName     = $env:ChocolateyPackageName
+        file            = Join-Path ${Env:TEMP} 'metasploitframework-latest.msi'
+        url             = 'https://windows.metasploit.com/metasploitframework-latest.msi'
+    }
 
-    $exeUrl = 'https://windows.metasploit.com/metasploitframework-latest.msi'
-    $exeSha256 = '470039711E182C4551169A776AFC8C10B4BAEA1600334449998894B2D725D49A'
-    # can't install to specified path.
-    $toolDir = Join-Path ${Env:SystemDrive} "metasploit-framework"
-    $binDir = Join-Path $toolDir "bin"
-    $executablePath = (Join-Path $binDir "msfconsole.bat")
-    VM-Install-With-Installer $toolName $category "MSI" "/q /norestart" $executablePath $exeUrl -sha256 $exeSha256
+    $filePath = Get-ChocolateyWebFile @packageArgs
+    VM-Assert-Path $filePath
+    VM-Assert-Signature $filePath
 
+    # Install the downloaded installer
+    $packageArgs        = @{
+        packageName     = $env:ChocolateyPackageName
+        file            = $filePath
+        fileType        = 'MSI'
+        silentArgs      = "/quiet /norestart /l*v `"$($env:TEMP)\$($env:chocolateyPackageName).$($env:chocolateyPackageVersion).MsiInstall.log`""
+    }
+    Install-ChocolateyInstallPackage @packageArgs
 } catch {
     VM-Write-Log-Exception $_
-}
+}
diff --git a/test_install.ps1 b/test_install.ps1
@@ -0,0 +1,83 @@
+# Build the packages in the 'packages' directory given as argument (or all if none provided) into the 'built_pkgs'.
+# Install the built packages. If a package install fails and the $all switch is not provided,
+# the rest of the packages are not installed
+
+# Examples
+## ./test_install
+## ./test_install '7zip.vm 010editor.vm'
+## ./test_install -all
+
+param ([string] $package_names=$null, [int] $max_tries=2, [switch] $all)
+
+# Error Code Definitions
+# ----------------------
+# 0: operation was successful, no issues detected
+# 1605: software is not installed
+# 1614: product is uninstalled
+# 1641: success, reboot initiated
+# 3010: success, reboot required
+# other (not listed): likely an error has occurred
+$validExitCodes = @(0, 1605, 1614, 1641, 3010)
+$packages_dir_name = 'packages'
+$built_pkgs_dir_name = 'built_pkgs'
+$result_file = "success_failure.json"
+
+
+$root = Get-Location
+$built_pkgs_dir = New-Item -ItemType Directory -Force $built_pkgs_dir_name
+
+if ($package_names) {
+    $packages = $package_names.Split(" ")
+} else {
+    $packages = Get-ChildItem -Path $packages_dir_name | Select-Object -ExpandProperty Name
+}
+
+foreach ($package in $packages) {
+    Set-Location "$root\$packages_dir_name\$package"
+    choco pack -y -out $built_pkgs_dir
+    if ($LASTEXITCODE -ne 0) { Exit 1 } # Abort with the first failing build
+}
+
+
+$exclude_tests = @("installer.vm")
+
+$failures = New-Object Collections.Generic.List[string]
+$failed = 0
+$success = 0
+
+$built_pkgs = Get-ChildItem $built_pkgs_dir | Foreach-Object { ([regex]::match($_.BaseName, '(.*?[.](?:vm)).*').Groups[1].Value) } | Where-Object { $_ -notin $exclude_tests }
+Set-Location $built_pkgs_dir
+foreach ($package in $built_pkgs) {
+    # We try to install the package several times (with a minute interval) to prevent transient failures
+    for ($tries = 1; $tries -le $max_tries; $tries += 1) {
+        # install looks for a nuspec with the same version as the installed one
+        # upgrade installs the last found version (even if the package is not installed)
+        choco upgrade $package -y -r -s "'.;https://www.myget.org/F/vm-packages/api/v2;https://community.chocolatey.org/api/v2/'" --no-progress --force
+        if ($validExitCodes -contains $LASTEXITCODE) {
+            $success += 1
+            break
+        } elseif ($tries -lt $max_tries) {
+            Write-Host -ForegroundColor Yellow "[WARN] Failed to install $package - Try $tries"
+            Start-Sleep -Seconds 60
+        } else {
+            Write-Host -ForegroundColor Red "[ERROR] Failed to install $package - Try $tries"
+            $failed += 1
+            $failures.Add("`"$package`"")
+            if (-not $all.IsPresent) { break } # Abort with the first failing install
+        }
+    }
+}
+
+# Restore the original location
+Set-Location -Path $root -PassThru | Out-Null
+
+Write-Host -ForegroundColor Green "`nSUCCESS:$success"
+Write-Host -ForegroundColor Red "FAILURE:$failed"
+
+Write-Host "`nWriting success/failure/total and failing packages to $result_file"
+$failures_str = $failures -join ","
+"{`"success`":$success,`"failure`":$failed,`"total`":$($packages.Count),`"failures`":[$failures_str]}" | Out-File -FilePath $result_file
+
+if ($failed){ Exit 1 }
+# Return 0 to avoid valid exit codes to fail the test
+Exit 0