Browse Source

Moved template validation into separate function, and added validation for pages

1205-drop-campaigns
Jordan Wright 3 years ago
parent
commit
f39014bbfc
4 changed files with 80 additions and 37 deletions
  1. +3
    -0
      models/page.go
  2. +34
    -0
      models/page_test.go
  3. +2
    -23
      models/template.go
  4. +41
    -14
      models/template_context.go

+ 3
- 0
models/page.go View File

@ -70,6 +70,9 @@ func (p *Page) Validate() error {
if p.CapturePasswords && !p.CaptureCredentials {
p.CaptureCredentials = true
}
if err := ValidateTemplate(p.HTML); err != nil {
return err
}
return p.parseHTML()
}

+ 34
- 0
models/page_test.go View File

@ -83,3 +83,37 @@ func (s *ModelsSuite) TestPostPage(c *check.C) {
c.Assert(ok, check.Equals, false)
})
}
func (s *ModelsSuite) TestPageValidation(c *check.C) {
html := `<html>
<head></head>
<body>{{.BaseURL}}</body>
</html>`
p := Page{
HTML: html,
RedirectURL: "http://example.com",
}
// Validate that a name is required
err := p.Validate()
c.Assert(err, check.Equals, ErrPageNameNotSpecified)
p.Name = "Test Page"
// Validate that CaptureCredentials is automatically set if somehow the
// user fails to set it, but does indicate that passwords should be
// captured
p.CapturePasswords = true
c.Assert(p.CaptureCredentials, check.Equals, false)
err = p.Validate()
c.Assert(err, check.Equals, nil)
c.Assert(p.CaptureCredentials, check.Equals, true)
// Validate that if the HTML contains an invalid template tag, that we
// catch it
p.HTML = `<html>
<head></head>
<body>{{.INVALIDTAG}}</body>
</html>`
err = p.Validate()
c.Assert(err, check.NotNil)
}

+ 2
- 23
models/template.go View File

@ -34,31 +34,10 @@ func (t *Template) Validate() error {
case t.Text == "" && t.HTML == "":
return ErrTemplateMissingParameter
}
// Test that the variables used in the template
// validate with no issues
vc := ValidationContext{
FromAddress: "foo@bar.com",
BaseURL: "http://example.com",
}
td := Result{
BaseRecipient: BaseRecipient{
Email: "foo@bar.com",
FirstName: "Foo",
LastName: "Bar",
Position: "Test",
},
RId: "123456",
}
ptx, err := NewPhishingTemplateContext(vc, td.BaseRecipient, td.RId)
if err != nil {
if err = ValidateTemplate(t.HTML); err != nil {
return err
}
_, err = ExecuteTemplate(t.HTML, ptx)
if err != nil {
return err
}
_, err = ExecuteTemplate(t.Text, ptx)
if err != nil {
if err = ValidateTemplate(t.Text); err != nil {
return err
}
return nil

+ 41
- 14
models/template_context.go View File

@ -15,20 +15,6 @@ type TemplateContext interface {
getBaseURL() string
}
// ValidationContext is used for validating templates and pages
type ValidationContext struct {
FromAddress string
BaseURL string
}
func (vc ValidationContext) getFromAddress() string {
return vc.FromAddress
}
func (vc ValidationContext) getBaseURL() string {
return vc.BaseURL
}
// PhishingTemplateContext is the context that is sent to any template, such
// as the email or landing page content.
type PhishingTemplateContext struct {
@ -94,3 +80,44 @@ func ExecuteTemplate(text string, data interface{}) (string, error) {
err = tmpl.Execute(&buff, data)
return buff.String(), err
}
// ValidationContext is used for validating templates and pages
type ValidationContext struct {
FromAddress string
BaseURL string
}
func (vc ValidationContext) getFromAddress() string {
return vc.FromAddress
}
func (vc ValidationContext) getBaseURL() string {
return vc.BaseURL
}
// ValidateTemplate ensures that the provided text in the page or template
// uses the supported template variables correctly.
func ValidateTemplate(text string) error {
vc := ValidationContext{
FromAddress: "foo@bar.com",
BaseURL: "http://example.com",
}
td := Result{
BaseRecipient: BaseRecipient{
Email: "foo@bar.com",
FirstName: "Foo",
LastName: "Bar",
Position: "Test",
},
RId: "123456",
}
ptx, err := NewPhishingTemplateContext(vc, td.BaseRecipient, td.RId)
if err != nil {
return err
}
_, err = ExecuteTemplate(text, ptx)
if err != nil {
return err
}
return nil
}

Loading…
Cancel
Save