diff --git a/lib/objects/post_provision_test.rb b/lib/objects/post_provision_test.rb index 99e4c9041..a7351f4c0 100644 --- a/lib/objects/post_provision_test.rb +++ b/lib/objects/post_provision_test.rb @@ -111,7 +111,10 @@ class PostProvisionTest def get_json_inputs json_inputs_path = "#{File.expand_path('../', self.module_path)}/secgen_functions/files/json_inputs/*" json_inputs_files = Dir.glob(json_inputs_path) - json_inputs_files.delete_if {|path| !path.include?(self.module_name)} + json_inputs_files.delete_if do |path| + end_path = path.split('/')[-1] + !end_path.include?(self.module_name) + end if json_inputs_files.size > 0 return JSON.parse(Base64.strict_decode64(File.read(json_inputs_files.first))) end diff --git a/modules/vulnerabilities/unix/webapp/onlinestore/files/mysql_setup.sh b/modules/vulnerabilities/unix/webapp/onlinestore/files/mysql_setup.sh index 8e158345f..06fc2362c 100644 --- a/modules/vulnerabilities/unix/webapp/onlinestore/files/mysql_setup.sh +++ b/modules/vulnerabilities/unix/webapp/onlinestore/files/mysql_setup.sh @@ -2,11 +2,10 @@ USERNAME=${1} PASSWORD=${2} -token=${3} echo "CREATE USER '${USERNAME}'@'localhost' IDENTIFIED BY '${PASSWORD}';"| mysql --force echo "GRANT ALL PRIVILEGES ON * . * TO '${USERNAME}'@'localhost';"| mysql --force echo "CREATE DATABASE csecvm;"| mysql --user=${USERNAME} --password=${PASSWORD} --force mysql --force --user=${USERNAME} --password=${PASSWORD} csecvm < ./csecvm.sql -echo "USE csecvm; INSERT INTO token VALUES ('${token}');" | mysql --force --user=${USERNAME} --password=${PASSWORD} \ No newline at end of file +echo "USE csecvm;" | mysql --force --user=${USERNAME} --password=${PASSWORD} \ No newline at end of file diff --git a/modules/vulnerabilities/unix/webapp/onlinestore/manifests/install.pp b/modules/vulnerabilities/unix/webapp/onlinestore/manifests/install.pp index 7e884d367..7ecb0be66 100644 --- a/modules/vulnerabilities/unix/webapp/onlinestore/manifests/install.pp +++ b/modules/vulnerabilities/unix/webapp/onlinestore/manifests/install.pp @@ -115,7 +115,7 @@ class onlinestore::install { exec { 'setup_mysql': cwd => "/tmp", - command => "sudo ./mysql_setup.sh $db_username $db_password $db_flag", + command => "sudo ./mysql_setup.sh $db_username $db_password", path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ], notify => Exec['create_command_injection_flag'], } diff --git a/modules/vulnerabilities/unix/webapp/onlinestore/templates/csecvm.sql.erb b/modules/vulnerabilities/unix/webapp/onlinestore/templates/csecvm.sql.erb index b7c894fb4..ea056e36d 100644 --- a/modules/vulnerabilities/unix/webapp/onlinestore/templates/csecvm.sql.erb +++ b/modules/vulnerabilities/unix/webapp/onlinestore/templates/csecvm.sql.erb @@ -151,7 +151,7 @@ DROP TABLE IF EXISTS `token`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `token` ( - `token` varchar(256) DEFAULT NULL + `token` text DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; @@ -161,7 +161,7 @@ CREATE TABLE `token` ( LOCK TABLES `token` WRITE; /*!40000 ALTER TABLE `token` DISABLE KEYS */; -INSERT INTO `token` VALUES ('f46659047894a919ab5f43c3338811e6'); +INSERT INTO token VALUES ('<%= @db_flag -%>'); /*!40000 ALTER TABLE `token` ENABLE KEYS */; UNLOCK TABLES;