Module: Msf::Exploit::Remote::HTTP::Gitlab::Rest::V4::AccessTokens

Included in:

AccessTokens

Defined in:

lib/msf/core/exploit/remote/http/gitlab/rest/v4/access_tokens.rb

Instance Method Summary

• #gitlab_revoke_personal_access_token(personal_access_token) ⇒ nil, GitLabClientError

  Revoke a Gitlab access token via the v4 REST api.

Instance Method Details

#gitlab_revoke_personal_access_token(personal_access_token) ⇒ nil, GitLabClientError

Revoke a Gitlab access token via the v4 REST api

Returns:

• (nil, GitLabClientError) —

  nil if revoke, Msf::Exploit::Remote::HTTP::Gitlab::GitLabClientError otherwise

Raises:

• (Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError)

# File 'lib/msf/core/exploit/remote/http/gitlab/rest/v4/access_tokens.rb', line 7

def gitlab_revoke_personal_access_token(personal_access_token)
  res = send_request_cgi({
    'method' => 'DELETE',
    'uri' => normalize_uri(target_uri.path, '/api/v4/personal_access_tokens/self'),
    'ctype' => 'application/json',
    'headers' => {
      'PRIVATE-TOKEN' => personal_access_token
    }
  })

  raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError.new message: 'Request timed out' unless res

  raise Msf::Exploit::Remote::HTTP::Gitlab::Error::ClientError, "Failed to revoke access token.  Unexpected HTTP #{res.code} response." unless res.code == 204

  nil
end