From 67622d905e58e22ba157f809529ab3d0bfbdd37c Mon Sep 17 00:00:00 2001
From: Postmodern <postmodern.mod3@gmail.com>
Date: Fri, 9 Aug 2024 18:47:48 -0700
Subject: [PATCH] Added the `test/js` payload (closes #124).

---
 lib/ronin/payloads/builtin/test/js.rb | 54 +++++++++++++++++++++++++++
 spec/builtin/test/js_spec.rb          | 39 +++++++++++++++++++
 2 files changed, 93 insertions(+)
 create mode 100644 lib/ronin/payloads/builtin/test/js.rb
 create mode 100644 spec/builtin/test/js_spec.rb

diff --git a/lib/ronin/payloads/builtin/test/js.rb b/lib/ronin/payloads/builtin/test/js.rb
new file mode 100644
index 00000000..477b4229
--- /dev/null
+++ b/lib/ronin/payloads/builtin/test/js.rb
@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+#
+# ronin-payloads - A Ruby micro-framework for writing and running exploit
+# payloads.
+#
+# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-payloads is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-payloads is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-payloads.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require 'ronin/payloads/javascript_payload'
+
+module Ronin
+  module Payloads
+    module Test
+      #
+      # A test JavaScript payload. Allows using a custom JavaScript with
+      # exploits that require a command payload. By default it prints `PWNED`
+      # using `console.log`.
+      #
+      # @since 0.3.0
+      #
+      class JS < JavaScriptPayload
+
+        register 'test/js'
+
+        summary "A test JavaScript payload"
+        description <<~DESC
+          Allows specifying a custom command for exploits that require a
+          command payload. By default it prints 'PWNED' using `console.log`.
+        DESC
+
+        param :javascript , String, default: %{console.log('PWNED');},
+                                    desc:    'The command to execute'
+
+        def build
+          @payload = params[:javascript]
+        end
+
+      end
+    end
+  end
+end
diff --git a/spec/builtin/test/js_spec.rb b/spec/builtin/test/js_spec.rb
new file mode 100644
index 00000000..6085b9c0
--- /dev/null
+++ b/spec/builtin/test/js_spec.rb
@@ -0,0 +1,39 @@
+require 'spec_helper'
+require 'ronin/payloads/builtin/test/js'
+
+describe Ronin::Payloads::Test::JS do
+  it "must inherit from Ronin::Payloads::JavaScriptPayload" do
+    expect(described_class).to be < Ronin::Payloads::JavaScriptPayload
+  end
+
+  describe ".id" do
+    subject { described_class }
+
+    it "must equal 'test/js'" do
+      expect(subject.id).to eq('test/js')
+    end
+  end
+
+  describe "#build" do
+    context "when the command param is not set" do
+      before { subject.build }
+
+      it "must set #payload to `console.log('PWNED');`" do
+        expect(subject.payload).to eq(%{console.log('PWNED');})
+      end
+    end
+
+    context "when the javascript param is set" do
+      let(:javascript) { "alert('PWNED');" }
+
+      before do
+        subject.params[:javascript] = javascript
+        subject.build
+      end
+
+      it "must set #payload to the javascript param" do
+        expect(subject.payload).to eq(javascript)
+      end
+    end
+  end
+end