From 240059801ecff3870ffd9c59a76df66178cbedcb Mon Sep 17 00:00:00 2001
From: "Z. Cliffe Schreuders" <code.cliffe@schreuders.org>
Date: Mon, 15 Jul 2019 10:04:13 +0100
Subject: [PATCH] gitlist work with less flags than the module was expecting

---
 .../webapp/gitlist_040/manifests/configure.pp | 35 ++++++++++++++-----
 1 file changed, 27 insertions(+), 8 deletions(-)

diff --git a/modules/vulnerabilities/unix/webapp/gitlist_040/manifests/configure.pp b/modules/vulnerabilities/unix/webapp/gitlist_040/manifests/configure.pp
index d875fc02d..7b34bc759 100644
--- a/modules/vulnerabilities/unix/webapp/gitlist_040/manifests/configure.pp
+++ b/modules/vulnerabilities/unix/webapp/gitlist_040/manifests/configure.pp
@@ -5,6 +5,33 @@ class gitlist_040::configure {
   $images_to_leak = $secgen_parameters['images_to_leak']
   $leaked_files_path = '/home/git/repositories/secret_files'
 
+  # when there are multiple strings to leak:
+  #   leak the first one as a flag, requiring exploitation to access;
+  #   leak the subsequent ones publically through the website;
+
+  if $strings_to_leak.length == 0 {
+    warning('No strings_to_leak provided!')
+  } elsif $strings_to_leak.length == 1 {
+    warning("Only one string to leak provided, publically showing a default message.")
+
+    $flag = [$strings_to_leak[0]]
+    $flag_filename = [$leaked_filenames[0]]
+
+    $public_strings_to_leak = ["Nothing to see here."]
+    $public_strings_to_leak_filename = $leaked_filenames[1, -1]
+  } else { # more than 1 strings_to_leak
+    warning("One string to leak will require exploitation, others will be publically shown.")
+    $flag = [$strings_to_leak[0]]
+    $flag_filename = [$leaked_filenames[0]]
+    
+    # all but the first elements (used above already)
+    $public_strings_to_leak = $strings_to_leak[1, -1]
+    $public_strings_to_leak_filename = $leaked_filenames[1, -1]
+  }
+
+
+  $git_args = '-c user.name="gitlist" -c user.email="git@list.com"'
+
   Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
 
   # Create /home/git/repositories
@@ -23,12 +50,6 @@ class gitlist_040::configure {
     command => "git init",
   }
 
-  $flag = [$strings_to_leak[0]]
-  $flag_filename = [$leaked_filenames[0]]
-  # all but the first elements (used above already)
-  $public_strings_to_leak = $strings_to_leak[1, -1]
-  $public_strings_to_leak_filename = $leaked_filenames[1, -1]
-
   ::secgen_functions::leak_files { 'gitlist_040-flag-leak':
     storage_directory => '/home/git',
     leaked_filenames  => $flag_filename,
@@ -50,8 +71,6 @@ class gitlist_040::configure {
     before            => Exec['initial_commit_leaked_files_repo']
   }
 
-  $git_args = '-c user.name="gitlist" -c user.email="git@list.com"'
-
   exec { 'initial_commit_leaked_files_repo':
     cwd     => $leaked_files_path,
     command => "git $git_args add *; git $git_args commit -a -m 'initial commit'",