From d9391d384fd8afdec3d3d7ef84141007e5b4f4c7 Mon Sep 17 00:00:00 2001
From: Mihai Ordean <research@mihaiordean.com>
Date: Mon, 13 Mar 2017 15:10:17 +0000
Subject: [PATCH] added check to verify if leaked files is empty

---
 lib/.DS_Store                                 | Bin 12292 -> 0 bytes
 lib/templates/.DS_Store                       | Bin 6148 -> 0 bytes
 .../secgen_functions/manifests/leak_file.pp   |  32 ++++++++++--------
 .../name_based_username/secgen_local/local.rb |   2 +-
 .../parameterised_accounts.xml                |  14 ++++++--
 5 files changed, 29 insertions(+), 19 deletions(-)
 delete mode 100644 lib/.DS_Store
 delete mode 100644 lib/templates/.DS_Store

diff --git a/lib/.DS_Store b/lib/.DS_Store
deleted file mode 100644
index 691b1bbaba4da0e0408dd9138065d7191db3bf7d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12292
zcmeI1PiqrF6u{p!soh|OT!b7vte$cRlBH5TcvwOd>#2}J!B%uPTbke|8?qZCq|wFC
z;MWkrs~^If2wpwuRqz<!o0-Pl>_!xVw)m#Zyy?6@Gy8j+-M$n6L}TPx02Kf*u#+rb
z#384Vo_eOO>6I%e1^NRx&<77j(B1Jf*1W(3m;e)C0!)AjoCN~-&ZcH8dG9MNk4%6G
z{Femi`CwuvX=@oPDIXm;$Pxf$5tn7dIo1Kv$JEl+GFDQ$VoX&%2<<9#i6N9b>P<37
zX=@oPsoX&*cMy7Kp(_+2cSk={nuD;F<dF$5fh+;4-AmAh0DAb7sNaLO>jy4s=>v5a
zdlmb}Y=&d5hdT}j+T)Eo@VjADuYVA0h2r{!4Wm>tHV^l^eJ>a{f>GZK4_cjI-0FHq
zt}}cn=aCbQ!iF=Hnq4RAphnL3g22c5p|;-ddQs<5xiXnp+x41h)u%OcV%4{|YUa%w
zx2DsQVU)_RjLX-q-@do!oJ^m;h~<$%=qCqUQoql~mpIEo;Dv49#l6WbN9`Y5t#;5G
zs4&*2e5+p2Y<i=p4e-8Te3iC2v3h~`8&-o(a>rc?mJ{n~YuNXL{xNFR$s;(z%nrcE
z?9x2k@sqg~AJLL>Ys_<-@%Tr%-C9*{GZ&Q3ZAP8W?bUaZbjB)?+Xru7qYdRF$7-J2
zUs$DcYcGklklS^YPaMPai8p%~AfZj1^!}F<3ZB-^Pne@kpUfoR0zAVz%1_@%YoAe5
zoykT<r&j0t-qDwuykGQEnt1j5&nr&QKKS+|$s+MNU(lo}%ZG~IXCdb@91l!j1q2Ez
zMuqDCJIlZSU%^fsf(bBzvr0e|o2_O8Pj~tk^5Q|M);6&}#!ijwVkM;u4rD^>vK&V_
z|A!&YO|7%FjFm(Uw!i*Gz#r8G{Qj3o;(-Y;0Vco%m;e)C0!)AjFaajO1egF5U;<3w
H+!6Qzyd;h?

diff --git a/lib/templates/.DS_Store b/lib/templates/.DS_Store
deleted file mode 100644
index 2ee34ff66ed9c1fa7ec34b34646a7439d6b61b4c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6148
zcmeHKyH3ME5S)b+ktmXq@=7Ws{=kX?5;Z>nhKMF25|7mG_-vScfUpb&4F#H&cIR%r
z<FlvmdI8w#<?akv0+`bs@#<k}e%*ay2bD1*o%guG1D??npC;AcC!D*$o{W1uj`$m#
zV#8d2x!v9N+g;B}f6NQ|$y*p#GASShq<|EV0#e|23V83O&5sflrGONW0-p-__o2}p
zyTTzcJ{=4(0uX0RhjAUV1hIL7*cA?m%+M^U#H3n{7?yPATh(=iLt@flaWd~yCtFP@
z7N;}cq8!#GDoOz<Fjn9&w@dH;=ky=u|1n8BDIf*@l>#<fU#(YsrRuGdm-AlR=-2cQ
qV{Mc(L@OpnE9S;q@$r|s=4)Q>3Wvm?Gaq!Kegs?>nH2a71>ON=6ddXR

diff --git a/modules/build/puppet/secgen_functions/manifests/leak_file.pp b/modules/build/puppet/secgen_functions/manifests/leak_file.pp
index bcbb1304e..19bdc65dc 100644
--- a/modules/build/puppet/secgen_functions/manifests/leak_file.pp
+++ b/modules/build/puppet/secgen_functions/manifests/leak_file.pp
@@ -1,20 +1,22 @@
 define secgen_functions::leak_file($leaked_filename, $storage_directory, $strings_to_leak, $owner = 'root', $group = 'root', $mode = '0777', $leaked_from = '' ) {
-  $path_to_leak = "$storage_directory/$leaked_filename"
+  if ($leaked_filename != ''){
+    $path_to_leak = "$storage_directory/$leaked_filename"
 
-  # If the file already exists append to it, otherwise create it.
-  if (defined(File[$path_to_leak])){
-    notice("File with that name already defined, appending leaked strings instead...")
-    exec { "$leaked_from-$path_to_leak":
-      path    => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'],
-      command => "echo $strings_to_leak >> $path_to_leak",
-    }
-  } else {
-    file { $path_to_leak:
-      ensure   => present,
-      owner    => $owner,
-      group    => $group,
-      mode     => $mode,
-      content  => template('secgen_functions/overshare.erb')
+    # If the file already exists append to it, otherwise create it.
+    if (defined(File[$path_to_leak])){
+      notice("File with that name already defined, appending leaked strings instead...")
+      exec { "$leaked_from-$path_to_leak":
+        path    => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'],
+        command => "echo $strings_to_leak >> $path_to_leak",
+      }
+    } else {
+      file { $path_to_leak:
+        ensure   => present,
+        owner    => $owner,
+        group    => $group,
+        mode     => $mode,
+        content  => template('secgen_functions/overshare.erb')
+      }
     }
   }
 }
diff --git a/modules/generators/content/name_based_username/secgen_local/local.rb b/modules/generators/content/name_based_username/secgen_local/local.rb
index b946701c4..d3abea0c7 100644
--- a/modules/generators/content/name_based_username/secgen_local/local.rb
+++ b/modules/generators/content/name_based_username/secgen_local/local.rb
@@ -13,7 +13,7 @@ class NameBasedUsernameGenerator < StringEncoder
 
   # Generate a username based on a random adjective and a random noun
   def encode_all
-    self.outputs << Faker::Internet.user_name(self.name, %w(- _))
+    self.outputs << Faker::Internet.user_name(self.name, %w(nil _))
   end
 
   def get_options_array
diff --git a/scenarios/parameterised_examples/encoder_examples/parameterised_accounts.xml b/scenarios/parameterised_examples/encoder_examples/parameterised_accounts.xml
index fc468d04d..7523abc38 100644
--- a/scenarios/parameterised_examples/encoder_examples/parameterised_accounts.xml
+++ b/scenarios/parameterised_examples/encoder_examples/parameterised_accounts.xml
@@ -6,10 +6,18 @@
 	<!-- an example remote storage system, with a remotely exploitable vulnerability that can then be escalated to root -->
 	<system>
 		<system_name>storage_server</system_name>
-		<base platform="linux"/>
-
-		<vulnerability module_path=".*parameterised_accounts"/>
+		<base platform="linux" distro="Debian 7.8"/>
 
+		<vulnerability module_path=".*parameterised_accounts">
+			<input into="accounts">
+				<generator type="account">
+					<input into="username">
+						<value>example_username</value>
+					</input>
+				</generator>
+			</input>
+		</vulnerability>
+		
 		<network type="private_network" range="dhcp"/>
 	</system>
 </scenario>