From d655b3d226ef276da6c01831d5ff3a01c23331cf Mon Sep 17 00:00:00 2001
From: ts <thomashaw@localhost.localdomain>
Date: Thu, 7 Feb 2019 11:11:50 +0000
Subject: [PATCH] updated tests + team project

---
 .../secgen_test/parameterised_website.rb      | 42 +++++++++++++++----
 .../services/unix/ntp/ntp/secgen_test/ntp.rb  | 17 ++++++--
 .../secgen_test/parameterised_accounts.rb     | 24 +++++++++++
 .../suid_root_bash/secgen_metadata.xml        |  4 ++
 .../secgen_test/suid_root_bash.rb             | 10 ++---
 .../bash/shellshock/secgen_test/shellshock.rb | 18 ++++++++
 .../secgen_test/vsftpd_234_backdoor.rb        |  1 -
 .../moinmoin_195/secgen_test/moinmoin_195.rb  |  1 +
 scenarios/security_audit/team_project.xml     |  2 +-
 scenarios/tests/test_scenario.xml             |  2 +-
 10 files changed, 101 insertions(+), 20 deletions(-)
 create mode 100644 modules/utilities/unix/system/parameterised_accounts/secgen_test/parameterised_accounts.rb
 create mode 100644 modules/vulnerabilities/unix/bash/shellshock/secgen_test/shellshock.rb

diff --git a/modules/services/unix/http/parameterised_website/secgen_test/parameterised_website.rb b/modules/services/unix/http/parameterised_website/secgen_test/parameterised_website.rb
index 53de3efc7..032c30b34 100644
--- a/modules/services/unix/http/parameterised_website/secgen_test/parameterised_website.rb
+++ b/modules/services/unix/http/parameterised_website/secgen_test/parameterised_website.rb
@@ -2,6 +2,8 @@ require_relative '../../../../../lib/post_provision_test'
 require 'json'
 
 class ParamWebsiteTest < PostProvisionTest
+  attr_accessor :organisation
+
   def initialize
     self.module_name = 'parameterised_website'
     self.module_path = get_module_path(__FILE__)
@@ -12,32 +14,54 @@ class ParamWebsiteTest < PostProvisionTest
     super
     json_inputs = get_json_inputs
     test_service_up
+    test_html_returned_content("/css/#{json_inputs['theme'][0]}", 'Bootswatch v4.0.0')
     test_org_functionality(json_inputs)
     test_additional_page(json_inputs)
-    test_html_returned_content("/css/#{json_inputs['theme'][0]}", 'Bootswatch v4.0.0')
+    test_security_audit_remit(json_inputs)
+    test_acceptable_use_policy(json_inputs)
+  end
+
+  def get_organisation(json_inputs)
+    JSON.parse(json_inputs['organisation'][0])
   end
 
   def test_org_functionality(json_inputs)
     if json_inputs['organisation'] and
-       json_inputs['organisation'][0] and
-       json_inputs['organisation'][0] != ''
+        json_inputs['organisation'][0] and
+        json_inputs['organisation'][0] != ''
 
-      organisation = JSON.parse(json_inputs['organisation'][0])
+      organisation = get_organisation(json_inputs)
       employee_1 = organisation['employees'][0]
 
       test_html_returned_content('/index.html', organisation['business_name'])
-      test_html_returned_content('/contact.html', organisation['business_moto'])
+      test_html_returned_content('/contact.html', organisation['business_motto'])
       test_html_returned_content('/contact.html', employee_1['name'])
     end
   end
 
+  def test_security_audit_remit(json_inputs)
+    if json_inputs['security_audit'] and
+        json_inputs['security_audit'][0] and
+        json_inputs['security_audit'][0] != ''
+      test_html_returned_content('/security_audit_remit.html', "Security Audit Remit of #{get_organisation(json_inputs)['business_name']}")
+    end
+  end
+
+  def test_acceptable_use_policy(json_inputs)
+    if json_inputs['host_acceptable_use_policy'] and
+        json_inputs['host_acceptable_use_policy'][0] and
+        json_inputs['host_acceptable_use_policy'][0] == 'true'
+      test_html_returned_content('/acceptable_use_policy.html', "Acceptable Use Policy")
+      test_html_returned_content('/acceptable_use_policy.html', get_organisation(json_inputs)['business_name'])
+    end
+  end
 
   def test_additional_page(json_inputs)
     if json_inputs['additional_page_filenames'] and
-       json_inputs['additional_page_filenames'][0] and
-       json_inputs['additional_page_filenames'][0].include? 'html' and
-       json_inputs['additional_pages'] and
-       json_inputs['additional_pages'][0]
+        json_inputs['additional_page_filenames'][0] and
+        json_inputs['additional_page_filenames'][0].include? 'html' and
+        json_inputs['additional_pages'] and
+        json_inputs['additional_pages'][0]
 
       page_name = json_inputs['additional_page_filenames'][0]
       page_name = "/#{page_name}" if page_name.split[0] != '/'
diff --git a/modules/services/unix/ntp/ntp/secgen_test/ntp.rb b/modules/services/unix/ntp/ntp/secgen_test/ntp.rb
index 2f8bcf569..8a72f2117 100644
--- a/modules/services/unix/ntp/ntp/secgen_test/ntp.rb
+++ b/modules/services/unix/ntp/ntp/secgen_test/ntp.rb
@@ -15,10 +15,21 @@ class NTPTest < PostProvisionTest
   end
 
   def test_ntp_query
-    begin
-      time_response = Net::NTP.get(system_ip, port).time
+    time_response = ''
+    retries = 5
+    while retries > 0
+      begin
+        time_response = Net::NTP.get(system_ip, port).time
+        break
+      rescue Errno::ECONNREFUSED, Timeout::Error
+        # do nothing
+      end
+      sleep 2
+      retries = -1
+    end
+    if time_response != ''
       self.outputs << "PASSED: NTP responded on UDP port #{port} with #{time_response}"
-    rescue Errno::ECONNREFUSED
+    else
       self.outputs << "FAILED: unable to connect to #{module_name} on UDP port #{port}"
       self.all_tests_passed = false
     end
diff --git a/modules/utilities/unix/system/parameterised_accounts/secgen_test/parameterised_accounts.rb b/modules/utilities/unix/system/parameterised_accounts/secgen_test/parameterised_accounts.rb
new file mode 100644
index 000000000..b869febd9
--- /dev/null
+++ b/modules/utilities/unix/system/parameterised_accounts/secgen_test/parameterised_accounts.rb
@@ -0,0 +1,24 @@
+require_relative '../../../../../lib/post_provision_test'
+
+class ParameterisedAccountsTest < PostProvisionTest
+  def initialize
+    self.module_name = 'parameterised_accounts'
+    self.module_path = get_module_path(__FILE__)
+    super
+  end
+
+  def test_module
+    super
+    test_accounts_exist
+  end
+
+  def test_accounts_exist
+    get_json_inputs['accounts'].each do |account|
+      account = JSON.parse(account)
+      username = account['username']
+      test_local_command("#{username} account exists?", 'cat /etc/passwd', username)
+    end
+  end
+end
+
+ParameterisedAccountsTest.new.run
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/suid_root_bash/secgen_metadata.xml b/modules/vulnerabilities/unix/access_control_misconfigurations/suid_root_bash/secgen_metadata.xml
index 8e4f18057..718b2a5a6 100644
--- a/modules/vulnerabilities/unix/access_control_misconfigurations/suid_root_bash/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/access_control_misconfigurations/suid_root_bash/secgen_metadata.xml
@@ -15,4 +15,8 @@
 
   <hint>Shell permission misconfiguration</hint>
   <solution>Bash shell running with root permissions due to suid bit set (try /bin/bash -cp "some_command")</solution>
+
+  <conflict>
+    <module_path>.*shellshock.*</module_path>
+  </conflict>
 </vulnerability>
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/suid_root_bash/secgen_test/suid_root_bash.rb b/modules/vulnerabilities/unix/access_control_misconfigurations/suid_root_bash/secgen_test/suid_root_bash.rb
index e8f8c1589..df9d697cc 100644
--- a/modules/vulnerabilities/unix/access_control_misconfigurations/suid_root_bash/secgen_test/suid_root_bash.rb
+++ b/modules/vulnerabilities/unix/access_control_misconfigurations/suid_root_bash/secgen_test/suid_root_bash.rb
@@ -1,19 +1,19 @@
 require_relative '../../../../../lib/post_provision_test'
 
 
-class SUIDNanoTest < PostProvisionTest
+class SUIDBashTest < PostProvisionTest
   def initialize
-    self.module_name = 'suid_root_nano'
+    self.module_name = 'suid_root_bash'
     self.module_path = get_module_path(__FILE__)
     super
   end
 
   def test_module
     super
-    test_local_command('nano suid bit set?','sudo ls -la /bin/nano', '-rwsrwxrwx')
-    test_local_command('nano runs?','/bin/nano --version', 'GNU nano')
+    test_local_command('bash suid bit set?','sudo ls -la /bin/bash', '-rwsrwxrwx')
+    test_local_command('bash runs?','/bin/bash --version', 'GNU bash')
   end
 
 end
 
-SUIDNanoTest.new.run
\ No newline at end of file
+SUIDBashTest.new.run
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/bash/shellshock/secgen_test/shellshock.rb b/modules/vulnerabilities/unix/bash/shellshock/secgen_test/shellshock.rb
new file mode 100644
index 000000000..7f506e288
--- /dev/null
+++ b/modules/vulnerabilities/unix/bash/shellshock/secgen_test/shellshock.rb
@@ -0,0 +1,18 @@
+require_relative '../../../../../lib/post_provision_test'
+
+
+class ShellshockTest < PostProvisionTest
+  def initialize
+    self.module_name = 'shellshock'
+    self.module_path = get_module_path(__FILE__)
+    super
+  end
+
+  def test_module
+    super
+    test_local_command('correct /bin/bash version?','/bin/bash --version', 'version 4.1')
+  end
+
+end
+
+ShellshockTest.new.run
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_test/vsftpd_234_backdoor.rb b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_test/vsftpd_234_backdoor.rb
index d5d7e85d4..176bcfb8b 100644
--- a/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_test/vsftpd_234_backdoor.rb
+++ b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_test/vsftpd_234_backdoor.rb
@@ -2,7 +2,6 @@ require_relative '../../../../../lib/post_provision_test'
 
 class Vsftpd234BackdoorTest < PostProvisionTest
   def initialize
-    super
     self.module_name = 'vsftpd_234_backdoor'
     self.module_path = get_module_path(__FILE__)
     super
diff --git a/modules/vulnerabilities/unix/webapp/moinmoin_195/secgen_test/moinmoin_195.rb b/modules/vulnerabilities/unix/webapp/moinmoin_195/secgen_test/moinmoin_195.rb
index 4c6fcc9f7..bd0de9206 100644
--- a/modules/vulnerabilities/unix/webapp/moinmoin_195/secgen_test/moinmoin_195.rb
+++ b/modules/vulnerabilities/unix/webapp/moinmoin_195/secgen_test/moinmoin_195.rb
@@ -10,6 +10,7 @@ class MoinMoin195Test < PostProvisionTest
   def test_module
     super
     test_service_up
+    test_html_returned_content('/index.html','<script type="text/javascript" src="/moin_static195/common/js/common.js"></script>')
   end
 end
 
diff --git a/scenarios/security_audit/team_project.xml b/scenarios/security_audit/team_project.xml
index b80365b6a..1cd951b2b 100644
--- a/scenarios/security_audit/team_project.xml
+++ b/scenarios/security_audit/team_project.xml
@@ -19,7 +19,7 @@
   <!-- Web Server on NIC1 and NIC2 -->
   <system>
     <system_name>web</system_name>
-    <base platform="linux" distro="Debian 7.8" type="server"/>
+    <base platform="linux" type="server"/>
 
     <input into_datastore="IP_addresses">
       <value>172.10.0.2</value>
diff --git a/scenarios/tests/test_scenario.xml b/scenarios/tests/test_scenario.xml
index 7d5e7cc5d..4b5bd5335 100644
--- a/scenarios/tests/test_scenario.xml
+++ b/scenarios/tests/test_scenario.xml
@@ -10,7 +10,7 @@
     <vulnerability module_path=".*dirtycow.*"/>
 
     <input into_datastore="IP_addresses">
-      <value>172.16.0.12</value>
+      <value>172.16.0.14</value>
     </input>
 
     <network type="private_network">