More robust manifest finding

MSP-10825

lib/metasploit/credential/importer/multi.rb

@@ -2,6 +2,7 @@
 # Standard Library
 #
 
+require 'csv'
 require 'pathname'
 
 # {Metasploit::Credential::Importer::Multi} allows a single class to pass off a file to the correct importer as
@@ -60,11 +61,19 @@ def zip?
     end
   end
 
-  # True if the file has a ".csv" extension
+  # True if the file has a comma in the first place there should be one.
+  # Further validation for well-formedness is available in {Metasploit::Credential::Importer::Core}
   #
   # @return [Boolean]
   def csv?
-    ::Pathname.new(input.path).extname == '.csv'
+    test_header_byte_length = Metasploit::Credential::Importer::Core::VALID_SHORT_CSV_HEADERS.first.size + 1
+    test_bytes              =  input.read(test_header_byte_length)
+    if test_bytes.present? && test_bytes.include?(',')
+      input.rewind
+      true
+    else
+      false
+    end
   end
 
   private

lib/metasploit/credential/importer/zip.rb

@@ -61,7 +61,7 @@ def import!
       end
     end
 
-    csv_path = File.join(extracted_zip_directory, MANIFEST_FILE_NAME)
+    csv_path = Dir.glob(File.join(extracted_zip_directory,'**', MANIFEST_FILE_NAME)).first
     csv_input = File.open(csv_path)
     Metasploit::Credential::Importer::Core.new(input: csv_input, origin: origin, workspace: workspace).import!
   end
@@ -81,8 +81,8 @@ def extracted_zip_directory
   def input_is_well_formed
     begin
       Zip::File.open input.path do |archive|
-        manifest_file = archive.find_entry(MANIFEST_FILE_NAME)
-        if manifest_file
+        glob_check  = archive.glob("**#{File::SEPARATOR}#{MANIFEST_FILE_NAME}")
+        if glob_check.present?
           true
         else
           errors.add(:input, :missing_manifest)

spec/lib/metasploit/credential/importer/multi_spec.rb

@@ -5,22 +5,51 @@
   include_context 'metasploit_credential_importer_zip_file'
 
   UNSUPPORTED_FILE = 'bad.txt'
+  INVALID_CSV_FILE = 'malformed.csv'
+  VALID_CSV_FILE   = 'well-formed.csv'
 
   let(:import_origin){ FactoryGirl.create :metasploit_credential_origin_import }
+  let(:supported_file){ FactoryGirl.generate :metasploit_credential_importer_zip_file }
+  let(:unsupported_file){ File.open("#{Dir.tmpdir}/#{UNSUPPORTED_FILE}", 'wb') }
+
+  let(:invalid_csv){ FactoryGirl.generate(:malformed_csv)}
+  let(:valid_csv){ FactoryGirl.generate(:well_formed_csv_compliant_header)}
+
+  let(:valid_csv_file) do
+    File.open("#{Dir.tmpdir}/#{VALID_CSV_FILE}", 'w') do |file|
+      file << valid_csv.read
+    end
+  end
 
   describe "validation" do
     describe "when given a file that is not a zip or a CSV" do
-      let(:unsupported_file){ File.open("#{Dir.tmpdir}/#{UNSUPPORTED_FILE}", 'wb') }
-      subject(:multi_importer){ Metasploit::Credential::Importer::Multi.new(input: unsupported_file, origin: import_origin)}
+      subject(:multi_importer){ Metasploit::Credential::Importer::Multi.new(input: File.open(unsupported_file), origin: import_origin)}
 
       it { should_not be_valid }
     end
 
     context "when given zip file" do
-      let(:supported_file){ FactoryGirl.generate :metasploit_credential_importer_zip_file }
-      subject(:multi_importer){ Metasploit::Credential::Importer::Multi.new(input: supported_file, origin: import_origin)}
+      subject(:multi_importer){ Metasploit::Credential::Importer::Multi.new(input: File.open(supported_file), origin: import_origin)}
 
       it { should be_valid }
     end
+
+    describe "#csv?" do
+      describe 'when the file can be opened as a CSV' do
+        subject(:multi_importer){ Metasploit::Credential::Importer::Multi.new(input: File.open(valid_csv_file), origin: import_origin)}
+
+        it 'should return true' do
+          multi_importer.csv?.should be_true
+        end
+      end
+
+      describe 'when the file is not a well-formed CSV' do
+        subject(:multi_importer){ Metasploit::Credential::Importer::Multi.new(input: File.open(unsupported_file), origin: import_origin)}
+
+        it 'should return true' do
+          multi_importer.csv?.should be_false
+        end
+      end
+    end
   end
 end