Added Exploit.vulnerable_version? and #vulnerable_version? (closes …

…#151).
ronin-rb · Dec 13, 2024 · b42b5ec · b42b5ec
1 parent 6dba2a0
commit b42b5ec
Show file tree

Hide file tree

Showing 2 changed files with 91 additions and 0 deletions.
diff --git a/lib/ronin/exploits/exploit.rb b/lib/ronin/exploits/exploit.rb
@@ -437,6 +437,27 @@ def self.software_versions(new_software_versions=nil)
         end
       end
 
+      #
+      # Determines if the given software version is vulnerable by comparing it
+      # against {software_versions}.
+      #
+      # @param [String] version
+      #   The software version number to compare.
+      #
+      # @return [Boolean]
+      #
+      # @api semipublic
+      #
+      # @since 1.2.0
+      #
+      def self.vulnerable_version?(version)
+        software_version = Support::Software::Version.parse(version)
+
+        software_versions.any? do |version_range|
+          version_range.include?(software_version)
+        end
+      end
+
       #
       # Returns the type or kind of exploit.
       #
@@ -600,6 +621,22 @@ def exploit(dry_run: false)
       def validate
       end
 
+      #
+      # Determines if the given software version is vulnerable.
+      #
+      # @param [String] version
+      #   The software version number to compare.
+      #
+      # @return [Boolean]
+      #
+      # @api public
+      #
+      # @since 1.2.0
+      #
+      def vulnerable_version?(version)
+        self.class.vulnerable_version?(version)
+      end
+
       #
       # Returns a vulnerable test result for the {#test} method.
       #

diff --git a/spec/exploit_spec.rb b/spec/exploit_spec.rb
@@ -440,12 +440,66 @@ class OverridesItsInheritedSoftwareVersions < WithSoftwareVersionsSet
     end
   end
 
+  describe ".vulnerable_version?" do
+    module TestVulnerableVersion
+      class TestExploit < Ronin::Exploits::Exploit
+        software_versions [
+          '>= 1.2.3, < 2.0.0',
+          '>= 2.3.4, < 2.5.1'
+        ]
+      end
+    end
+
+    let(:test_class) { TestVulnerableVersion::TestExploit }
+
+    subject { test_class }
+
+    context "when the given version is within one of the .software_versions ranges" do
+      it "must return true" do
+        expect(subject.vulnerable_version?('1.4.2')).to be(true)
+      end
+    end
+
+    context "when the given version is not within any of the .software_versions ranges" do
+      it "must return false" do
+        expect(subject.vulnerable_version?('3.0.0')).to be(false)
+      end
+    end
+  end
+
   describe ".exploit_type" do
     subject { described_class }
 
     it { expect(subject.exploit_type).to eq(:exploit) }
   end
 
+  describe "#vulnerable_version?" do
+    module TestVulnerableVersion
+      class TestExploit < Ronin::Exploits::Exploit
+        software_versions [
+          '>= 1.2.3, < 2.0.0',
+          '>= 2.3.4, < 2.5.1'
+        ]
+      end
+    end
+
+    let(:test_class) { TestVulnerableVersion::TestExploit }
+
+    subject { test_class.new }
+
+    context "when the given version is within one of the .software_versions ranges" do
+      it "must return true" do
+        expect(subject.vulnerable_version?('1.4.2')).to be(true)
+      end
+    end
+
+    context "when the given version is not within any of the .software_versions ranges" do
+      it "must return false" do
+        expect(subject.vulnerable_version?('3.0.0')).to be(false)
+      end
+    end
+  end
+
   describe "#perform_validate" do
     it "must call #validate_params" do
       expect(subject).to receive(:validate_params)