Module: Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::Groups

Included in:
Groups
Defined in:
lib/msf/core/exploit/remote/http/gitlab/rest/v4/groups.rb

Overview

GitLab Groups mixin

Instance Method Summary collapse

Instance Method Details

#gitlab_create_group(group_name, api_token) ⇒ String?

Create a new group

Returns:

  • (String, nil)

    Group ID if successful create, nil otherwise

Raises:



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# File 'lib/msf/core/exploit/remote/http/gitlab/rest/v4/groups.rb', line 8

def gitlab_create_group(group_name, api_token)
  res = send_request_cgi({
    'method' => 'POST',
    'uri' => normalize_uri(target_uri.path, '/api/v4/groups'),
    'ctype' => 'application/json',
    'headers' => {
      'PRIVATE-TOKEN' => api_token
    },
    'data' => {
      name: group_name, path: group_name, visibility: 'public'
    }.to_json
  })

  raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res

  raise Msf::Exploit::Remote::HTTP::Gitlab::Error::GroupError, "Unable to create group. Unexpected HTTP #{res.code} response." if res.code != 201

  group = JSON.parse(res.body)

  return group if group

  nil
end

#gitlab_delete_group(group_id, api_token) ⇒ Boolean, GitLabClientError

Delete a group

Returns:

  • (Boolean, GitLabClientError)

    True if successful deleted, Msf::Exploit::Remote::HTTP::Gitlab::GitLabClientError otherwise

Raises:



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'lib/msf/core/exploit/remote/http/gitlab/rest/v4/groups.rb', line 35

def gitlab_delete_group(group_id, api_token)
  res = send_request_cgi({
    'method' => 'DELETE',
    'uri' => normalize_uri('/api/v4/groups', group_id),
    'ctype' => 'application/json',
    'headers' => {
      'PRIVATE-TOKEN' => api_token
    }
  })

  raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res

  raise Msf::Exploit::Remote::HTTP::Gitlab::Error::GroupError, "Unable to delete group. Unexpected HTTP #{res.code} response." if res.code != 202

  true
end