search

rapid7 / rex-socket

The Rex Socket Abstraction Library
Other
12 stars 33 forks source link

Logging Is Inaccessible #38

Open zeroSteiner opened 3 years ago

zeroSteiner commented 3 years ago

The logging methods used by rex-socket are defined globally by the Metasploit Framework. Because the elog function and LEV_3 constant is not defined within rex-socket it will crash when used outside of Metasploit.

There are at least 4 instances:

lib/rex/socket/parameters.rb:140:        elog("Failed to read cert: #{e.class}: #{e}", LogSource)
lib/rex/socket/parameters.rb:148:        elog("Failed to read client cert: #{e.class}: #{e}", LogSource)
lib/rex/socket/parameters.rb:156:        elog("Failed to read client key: #{e.class}: #{e}", LogSource)
lib/rex/socket.rb:750:      elog("#{e.message} (#{e.class})#{e.backtrace * "\n"}\n", LogSource, LEV_3)

The issue can be confirmed by triggering an error log. In the following scenario, the user creates a new Rex::Socket::Parameters instance and specifies an SSLCert file that exists, but can not be read. This assumes you're not running as root of course.

[1] pry(main)> require 'rex/socket'
=> true
[2] pry(main)> Rex::Socket::Parameters.new('SSLCert' => '/etc/shadow')
NameError: uninitialized constant Rex::Socket::Parameters::LogSource
Did you mean?  Rex::Socket::LogSource
from /home/smcintyre/Repositories/rex-socket/lib/rex/socket/parameters.rb:140:in `rescue in initialize'
Caused by Errno::EACCES: Permission denied @ rb_sysopen - /etc/shadow
from /home/smcintyre/Repositories/rex-socket/lib/rex/socket/parameters.rb:138:in `read'
[3] pry(main)>

Fixing the LogSource reference:

diff --git a/lib/rex/socket/parameters.rb b/lib/rex/socket/parameters.rb
index bb78631..e7e5509 100644
--- a/lib/rex/socket/parameters.rb
+++ b/lib/rex/socket/parameters.rb
@@ -137,7 +137,7 @@ class Rex::Socket::Parameters
       begin
         self.ssl_cert = ::File.read(hash['SSLCert'])
       rescue ::Exception => e
-        elog("Failed to read cert: #{e.class}: #{e}", LogSource)
+        elog("Failed to read cert: #{e.class}: #{e}", Rex::Socket::LogSource)
       end
     end
[1] pry(main)> require 'rex/socket'
=> true
[2] pry(main)> Rex::Socket::Parameters.new('SSLCert' => '/etc/shadow')
NoMethodError: undefined method `elog' for #<Rex::Socket::Parameters:0x00000000013d15c0 @ssl_version=nil>
from /home/smcintyre/Repositories/rex-socket/lib/rex/socket/parameters.rb:140:in `rescue in initialize'
Caused by Errno::EACCES: Permission denied @ rb_sysopen - /etc/shadow
from /home/smcintyre/Repositories/rex-socket/lib/rex/socket/parameters.rb:138:in `read'
[3] pry(main)>

Since this gem isn't dependant on Metasploit, the logging should function independently of it.

sempervictus commented 3 years ago

This is kinda my fault for asking to pull Rex out. Wanna assign me?

sempervictus commented 1 year ago

took a look over this, and it dawns on me that we have a bit of a logical absurdity here: logging is a core function of Rex, and itself depends on rex-sync but lives inside lib/rex/logging within Msf. For a more "holistic" approach, i think we should actually move that subtree out of Msf, probably into rex-core, since we already need that and sync to use socket. Thoughts?

Alternatively i can do some "magic" checks for whether logging is defined in the global namespace and if it isn't then create short stubs for API compatibility - AKA, hack it up some. :smile:

sempervictus commented 1 year ago

@zeroSteiner - could you please check to see if the linked PR in Core fixes this? I am not l33t enough to move those files w/ their history though.