# frozen_string_literal: true
#
# ronin-exploits - A Ruby library for ronin-rb that provides exploitation and
# payload crafting functionality.
#
# Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
#
# ronin-exploits is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ronin-exploits is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ronin-exploits.  If not, see <https://www.gnu.org/licenses/>.
#

require 'ronin/exploits/web_vuln'

require 'ronin/vulns/lfi'

module Ronin
  module Exploits
    #
    # Represents a [Local File Inclusion (LFI)][LFI] exploit.
    #
    # [LFI]: https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion
    #
    # ## Example
    #
    #     require 'ronin/exploits/lfi'
    #
    #     module Ronin
    #       module Exploits
    #         class MyExploit < LFI
    #
    #           register 'my_exploit'
    #
    #           base_path '/path/to/page.php'
    #           query_param 'template'
    #           depth 7
    #
    #         end
    #       end
    #     end
    #
    # @api public
    #
    # @since 1.0.0
    #
    class LFI < WebVuln

      references [
        'https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion'
      ]

      param :os, Enum[:unix, :windows], default: :unix,
                                        desc: 'Which OS to target'

      param :filter_bypass, Enum[
                              :null_byte,
                              :double_escape,
                              :base64,
                              :rot13,
                              :zlib
                            ], desc: 'Optional filter-bypass strategy to use'

      #
      # Gets or sets the directory traversal depth for the LFI vulnerability.
      #
      # @param [Integer, nil] new_depth
      #   The optional new directory traversal depth to set.
      #
      # @return [Integer]
      #   The LFI vulnerability's directory traverse depth.
      #   Defaults to `Ronin::Vulns::LFI::DEFAULT_DEPTH`.
      #
      # @example
      #   depth 7
      #
      def self.depth(new_depth=nil)
        if new_depth
          @depth = new_depth
        else
          @depth || if superclass < LFI
                      superclass.depth
                    else
                      Vulns::LFI::DEFAULT_DEPTH
                    end
        end
      end

      param :depth, Integer, default: depth,
                             desc: 'The number of directories to escape up'

      #
      # Returns the type or kind of exploit.
      #
      # @return [Symbol]
      #
      # @note
      #   This is used internally to map an exploit class to a printable type.
      #
      # @api private
      #
      def self.exploit_type
        :lfi
      end

      #
      # The directory traversal depth for the LFI exploit.
      #
      # @return [Integer]
      #
      # @see depth
      #
      def depth
        self.class.depth
      end

      #
      # The Local File Inclusion (LFI) vulnerability to exploit.
      #
      # @return [Ronin::Vulns::LFI]
      #
      def vuln
        @vuln ||= Vulns::LFI.new(
                    url, os:            params[:os],
                         depth:         depth,
                         filter_bypass: params[:filter_bypass],
                         **web_vuln_kwargs
                  )
      end

    end
  end
end