Resolve additional test failures for c2 branch#21656
Conversation
8955f11 to
5a185c0
Compare
There was a problem hiding this comment.
Pull request overview
This PR addresses additional test failures on the C2 branch by adjusting acceptance expectations, expanding payload cache-size consistency coverage, and applying a few payload/CI fixes aimed at stabilizing Meterpreter-related tests across platforms.
Changes:
- Expanded
spec/modules/payloads_spec.rbto cover cached-size consistency for additional Java and PHP Meterpreter payloads. - Updated PHP Meterpreter single payloads to include
Msf::Sessions::MeterpreterOptions::Php(language-specific options module). - Adjusted CI workflows to support building against a configurable
metasploit-payloadsrepository/commit (but currently introduces hardcoded fork/branch usage inmeterpreter_acceptance.yml).
Impact Analysis:
- Blast radius: medium — affects CI signal for Meterpreter acceptance, and alters behavior in shared payload code paths (
MachO#sign) used by macOS payload generation. - Data and contract effects: low — no schema changes; however, CI contract/inputs behavior is impacted by the hardcoded repo/commit in
meterpreter_acceptance.yml. - Rollback and test focus: rollback is straightforward (workflow + small library/module changes); prioritize validating Meterpreter acceptance workflows (repo/commit selection + build gating) and macOS Mach-O signing correctness on Linux runners.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
spec/support/acceptance/session/php.rb |
Removes an OSX known-failure entry for a PHP session acceptance case. |
spec/modules/payloads_spec.rb |
Adds cached-size consistency specs for additional Java and PHP Meterpreter payloads. |
modules/payloads/singles/php/meterpreter_reverse_http.rb |
Switches to PHP-specific Meterpreter options mixin. |
modules/payloads/singles/php/meterpreter_reverse_https.rb |
Switches to PHP-specific Meterpreter options mixin. |
lib/rex/proto/http/server.rb |
Comment-only ASCII punctuation change. |
lib/rex/proto/http/request.rb |
Comment-only change (removes non-ASCII shrug). |
lib/msf/core/payload/malleable_c2.rb |
Comment-only ASCII punctuation changes. |
lib/msf/core/payload/macho.rb |
Preserves original Mach-O bytes and uses them for signing to avoid ruby-macho serialize issues on Linux. |
lib/msf/core/payload/java/meterpreter_loader.rb |
Comment-only ASCII punctuation changes. |
lib/msf/core/handler/reverse_http.rb |
Comment-only ASCII punctuation changes. |
lib/msf/base/sessions/mettle_config.rb |
Comment-only ASCII punctuation change. |
.github/workflows/shared_meterpreter_acceptance.yml |
Adds an input to select the metasploit-payloads repository and tweaks job naming/comments. |
.github/workflows/meterpreter_acceptance.yml |
Changes defaults and (currently) hardcodes a fork/branch + forces builds (needs correction). |
.github/workflows/command_shell_acceptance.yml |
Updates default metasploit-payloads commit to 6.5. |
Comments suppressed due to low confidence (1)
.github/workflows/meterpreter_acceptance.yml:69
- Critical: Problem: The meterpreter_acceptance workflow hardcodes a fork/branch for metasploit-payloads and forces payload/mettle builds on every run, ignoring workflow_dispatch inputs and PR labels. Impact: CI will run against non-upstream payload sources and do extra compilation work, making results unreliable and increasing runtime/cost. Fix: Pass through the workflow inputs and restore label-gated build flags (and rely on shared workflow defaults for the repo).
build:
uses: ./.github/workflows/shared_meterpreter_acceptance.yml
with:
metasploit_payloads_repo: adfoster-r7/metasploit-payloads
metasploit_payloads_commit: update-php-meterpreter-errors
mettle_commit: ${{ github.event.inputs.mettle_commit || '6.5' }}
build_metasploit_payloads: true
build_mettle: true
78333fd to
e70625c
Compare
04ae89e to
af16317
Compare
e016a13 to
d5604fe
Compare
| known_failures: [ | ||
| "[-] FAILED: should return a list of processes" | ||
| ] | ||
| known_failures: [] |
There was a problem hiding this comment.
Resolved: rapid7/metasploit-payloads#802
| @@ -109,19 +109,22 @@ jobs: | |||
| tools: none | |||
|
|
|||
| - name: Install system dependencies (Windows) | |||
There was a problem hiding this comment.
This was silently broken when pointing towards the custom 6.5 branches
| shell: cmd | ||
| shell: pwsh | ||
| if: runner.os == 'Windows' | ||
| run: | |
There was a problem hiding this comment.
This was silently broken when pointing towards the custom 6.5 branches
| # block. Catch the overflow here with a useful message instead of | ||
| # letting the gem's `to_binary` raise a generic "config block too | ||
| # large" — baked-in EXTENSIONS= is the usual culprit. | ||
| # large" -- baked-in EXTENSIONS= is the usual culprit. |
There was a problem hiding this comment.
Getting rid of non-ascii chars which aren't allowed in modules
3060458 to
d5f54a8
Compare
610a280 to
e569df0
Compare
e569df0 to
082d99f
Compare
|
Looks like windows 2022 has been failing since pre5, but passed on pre4 - will merge this in, and resolve/debug that separately |
| metasploit-credential (>= 6.0.21) | ||
| metasploit-model | ||
| metasploit-payloads (= 2.0.245) | ||
| metasploit-payloads (= 2.0.246.pre.7) |
There was a problem hiding this comment.
Looks like windows 2022 has been failing since pre5, but passed on pre4 - will merge this in, and resolve/debug that separately
Patching additional c2 errors