From 83d2b5801e31fabb2cbc61fad14bfd80e5d3cd91 Mon Sep 17 00:00:00 2001
From: Postmodern <postmodern.mod3@gmail.com>
Date: Mon, 4 Dec 2023 14:42:30 -0800
Subject: [PATCH] Added missing support for importing
 `Ronin::Vulns::CommandInjection` objects.

---
 lib/ronin/vulns/importer.rb |  4 ++++
 spec/importer_spec.rb       | 46 +++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/lib/ronin/vulns/importer.rb b/lib/ronin/vulns/importer.rb
index d1a2554..5654c05 100644
--- a/lib/ronin/vulns/importer.rb
+++ b/lib/ronin/vulns/importer.rb
@@ -83,6 +83,10 @@ def self.import(vuln)
           attributes[:sqli_terminate]     = vuln.terminate
         when SSTI
           attributes[:ssti_escape_type] = vuln.escape_type
+        when CommandInjection
+          attributes[:command_injection_escape_quote]    = vuln.escape_quote
+          attributes[:command_injection_escape_operator] = vuln.escape_operator
+          attributes[:command_injection_terminator]      = vuln.terminator
         end
 
         imported_vuln = DB::WebVuln.transaction do
diff --git a/spec/importer_spec.rb b/spec/importer_spec.rb
index ab439c8..20495ec 100644
--- a/spec/importer_spec.rb
+++ b/spec/importer_spec.rb
@@ -4,6 +4,7 @@
 require 'ronin/vulns/rfi'
 require 'ronin/vulns/sqli'
 require 'ronin/vulns/ssti'
+require 'ronin/vulns/command_injection'
 require 'ronin/vulns/open_redirect'
 require 'ronin/vulns/reflected_xss'
 require 'ronin/db'
@@ -233,6 +234,51 @@
       end
     end
 
+    context "when given an Ronin::Vulns::CommandInjection object" do
+      let(:vuln_class) { Ronin::Vulns::CommandInjection }
+
+      include_context "importing common attributes"
+
+      context "when #escape_quote is set on the CommandInjection vuln object" do
+        let(:vuln) do
+          vuln_class.new(url, query_param:  query_param,
+                              escape_quote: "'")
+        end
+
+        it "must set the #command_injection_escape_quote field to the CommandInjection vuln object's #escape_type" do
+          imported_vuln = subject.import(vuln)
+
+          expect(imported_vuln.command_injection_escape_quote).to eq(vuln.escape_quote)
+        end
+      end
+
+      context "when #escape_operator is set on the CommandInjection vuln object" do
+        let(:vuln) do
+          vuln_class.new(url, query_param:     query_param,
+                              escape_operator: ";")
+        end
+
+        it "must set the #command_injection_escape_operator field to the CommandInjection vuln object's #escape_type" do
+          imported_vuln = subject.import(vuln)
+
+          expect(imported_vuln.command_injection_escape_operator).to eq(vuln.escape_operator)
+        end
+      end
+
+      context "when #terminator is set on the CommandInjection vuln object" do
+        let(:vuln) do
+          vuln_class.new(url, query_param: query_param,
+                              terminator:  "#")
+        end
+
+        it "must set the #command_injection_terminator field to the CommandInjection vuln object's #escape_type" do
+          imported_vuln = subject.import(vuln)
+
+          expect(imported_vuln.command_injection_terminator).to eq(vuln.terminator)
+        end
+      end
+    end
+
     context "when given an Ronin::Vulns::OpenRedirect object" do
       let(:vuln_class) { Ronin::Vulns::OpenRedirect }