metasploit-model 0.24.1.pre.semantic.pre.versioning.pre.2.pre.0

data/app/models/metasploit/model/visitation/visitor.rb

@@ -0,0 +1,69 @@
+# Visits node in a {http://en.wikipedia.org/wiki/Tree_(data_structure) tree}, such as
+# {Metasploit::Model::Search::Query#tree}.
+class Metasploit::Model::Visitation::Visitor < Metasploit::Model::Base
+  #
+  # Attributes
+  #
+
+  # @!attribute [rw] block
+  #   Block that is instance_exec'd on instance of {#parent} and passed the node to visit.
+  #
+  #   @return [Proc]
+  attr_accessor :block
+
+  # @!attribute [rw] module_name
+  #   Name of `Module` (or `Class`) that can be visited by this visitor.  This visitor is also assumed to be able to
+  #   {#visit} any `Class` or `Module` that has the `Module` or `Class` with `module_name` as a `Module#ancestor`.
+  #
+  #   @return [String]
+  attr_accessor :module_name
+
+  # @!attribute [rw] parent
+  #   The `Class` on which this visitor was created.
+  #
+  #   @return [Class]
+  attr_accessor :parent
+
+  #
+  # Validations
+  #
+
+  validates :block,
+            :presence => true
+  validates :module_name,
+            :presence => true
+  validates :parent,
+            :presence => true
+
+  #
+  # Methods
+  #
+
+  # @param attributes [Hash{Symbol => Object}]
+  # @option attributes [String] :module_name name of module (or class) that can be visited by this visitor.
+  # @option attributes [Class] :parent The `Class` on which {Metasploit::Model::Visitation::Visit::ClassMethods#visit}
+  #   was called.
+  # @yield [node] Block instance_exec'd on instance of :parent class.
+  # @yieldparam node [Object] node being {Metasploit::Model::Visitation::Visit#visit visited}.
+  # @yieldreturn [Object] translation of `node`.
+  def initialize(attributes={}, &block)
+    attributes.assert_valid_keys(:module_name, :parent)
+
+    @block = block
+    super
+  end
+
+  # Visit `node` with {#block} instance_exec'd on `instance`.
+  #
+  # @param instance [Object] instance of {#parent}.
+  # @param node [Object] node being visited.
+  # @return [Object]
+  # @raise [TypeError] if `instance` is not a {#parent}.
+  def visit(instance, node)
+    unless instance.is_a? parent
+      raise TypeError, "#{instance} is not an instance of #{parent}, so it cannot be visited."
+    end
+
+    instance.instance_exec(node, &block)
+  end
+end

data/app/validators/derivation_validator.rb

@@ -0,0 +1,17 @@
+# Validator for {Metasploit::Model::Derivation::ClassMethods#derives}.
+class DerivationValidator < ActiveModel::EachValidator
+  # Validates that `attribute`'s `value` equals derived_<attribute>'s value.  If they are not equal then the error
+  # message is `'must match its derivation'`.
+  #
+  # @param record [#errors, ActiveRecord::Base] ActiveModel or ActiveRecord
+  # @param attribute [Symbol] name of derived attribute.
+  # @param value [Object] value of `attribute` in `record`.
+  # @return [void]
+  def validate_each(record, attribute, value)
+    derived_value = record.send("derived_#{attribute}")
+
+    if value != derived_value
+      record.errors[attribute] << 'must match its derivation'
+    end
+  end
+end

data/app/validators/dynamic_length_validator.rb

@@ -0,0 +1,45 @@
+# Validates that `value` of `attribute` on `record` is meets the
+# `record.dynamic_length_validation_options(attribute)`.
+#
+# Works similar to `LengthValidator`, but the minimum and maximum lengths are controlled dynamically by the `record` to
+# allow the validation to vary based on some other attribute in the record.
+class DynamicLengthValidator < ActiveModel::EachValidator
+  # Validates that value's `#length` meets the minimum and maximum options in
+  # `record.dynamic_length_validation_options(attribute)`.
+  #
+  # @param record [Object, #dynamic_length_validation_options] record that supports dynmaic length options on
+  #   `attribute`.
+  # @param attribute [Symbol] name of an attribute on `record` with the given `value`.
+  # @param value [Object, #length] value of `attribute`.
+  # @return [void]
+  def validate_each(record, attribute, value)
+    # dynamic_options are not checked for validity the way options would be for LengthValidator because
+    # dynamic_length_validation_options can be {} in some cases.
+    dynamic_options = record.dynamic_length_validation_options(attribute)
+    value_length = value.length
+
+    ActiveModel::Validations::LengthValidator::CHECKS.each do |key, validity_check|
+      check_value = dynamic_options[key]
+
+      if check_value
+        unless value_length.send(validity_check, check_value)
+          errors_options = dynamic_options.except(*ActiveModel::Validations::LengthValidator::RESERVED_OPTIONS)
+          errors_options[:count] = check_value
+
+          message = errors_options[:message]
+          message_key = ActiveModel::Validations::LengthValidator::MESSAGES[key]
+
+          unless message
+            default_message = dynamic_options[message_key]
+
+            if default_message
+              errors_options[:message] = default_message
+            end
+          end
+
+          record.errors.add(attribute, message_key, errors_options)
+        end
+      end
+    end
+  end
+end

data/app/validators/ip_format_validator.rb

@@ -0,0 +1,31 @@
+require 'ipaddr'
+
+# Validates that value is an IPv4 or IPv6 address.
+class IpFormatValidator < ActiveModel::EachValidator
+  # Validates that `value` is an IPv4 or IPv4 address.  Ranges in CIDR or netmask notation are not allowed.
+  #
+  # @param record [#errors, ActiveRecord::Base] ActiveModel or ActiveRecord
+  # @param attribute [Symbol] name of IP address attribute.
+  # @param value [String, nil] IP address.
+  # @return [void]
+  # @see IPAddr#ipv4?
+  # @see IPAddr#ipv6?
+  def validate_each(record, attribute, value)
+    begin
+      potential_ip = IPAddr.new(value)
+    rescue ArgumentError
+      record.errors[attribute] << 'must be a valid IPv4 or IPv6 address'
+    else
+      # if it includes a netmask, then it's not an IP address, but an IP range.
+      if potential_ip.ipv4?
+        if potential_ip.instance_variable_get(:@mask_addr) != IPAddr::IN4MASK
+          record.errors[attribute] << 'must be a valid IPv4 or IPv6 address and not an IPv4 address range in CIDR or netmask notation'
+        end
+      elsif potential_ip.ipv6?
+        if potential_ip.instance_variable_get(:@mask_addr) != IPAddr::IN6MASK
+          record.errors[attribute] << 'must be a valid IPv4 or IPv6 address and not an IPv6 address range in CIDR or netmask notation'
+        end
+      end
+    end
+  end
+end

data/app/validators/nil_validator.rb

@@ -0,0 +1,16 @@
+# Validator to ensure an attribute is `nil`.  Intended for use conditionally with `:if` or `:unless` to ensure an
+# attribute is `nil` under one condition while a different validation, such as `:presence` or `:inclusion` is used under
+# the dual of that condition.
+class NilValidator < ActiveModel::EachValidator
+  # Validates that `value` is `nil`.
+  #
+  # @param record [#errors, ActiveRecord::Base] an ActiveModel or ActiveRecord
+  # @param attribute [Symbol] name of attribute being validated.
+  # @param value [#nil?] value of `attribute` to check with `nil?`
+  # @return [void]
+  def validate_each(record, attribute, value)
+    unless value.nil?
+      record.errors[attribute] << 'must be nil'
+    end
+  end
+end

data/app/validators/parameters_validator.rb

@@ -0,0 +1,147 @@
+# Validates that attribute's value is Array<Array(String, String)> which is the only valid type signature for serialized
+# parameters.
+class ParametersValidator < ActiveModel::EachValidator
+  # Sentence explaining the valid type signature for parameters.
+  TYPE_SIGNATURE_SENTENCE = 'Valid parameters are an Array<Array(String, String)>.'
+
+  # Validates that attribute's value is Array<Array(String, String)> which is the only valid type signature for
+  # serialized parameters.  Errors are specific to the how different `value` is compared to correct format.
+  #
+  # @param record [#errors, ActiveRecord::Base] ActiveModel or ActiveRecord
+  # @param attribute [Symbol] serialized parameters attribute name.
+  # @param value [Object, nil, Array, Array<Array>, Array<Array(String, String)>] serialized parameters.
+  # @return [void]
+  def validate_each(record, attribute, value)
+    if value.is_a? Array
+      value.each_with_index do |element, index|
+        if element.is_a? Array
+          if element.length != 2
+            extreme = :few
+
+            if element.length > 2
+              extreme = :many
+            end
+
+            length_error = length_error_at(
+                :extreme => extreme,
+                :element => element,
+                :index => index
+            )
+
+            record.errors[attribute] << length_error
+          else
+            parameter_name = element.first
+
+            if parameter_name.is_a? String
+              unless parameter_name.present?
+                error = error_at(
+                    :element => element,
+                    :index => index,
+                    :prefix => "has blank parameter name"
+                )
+                record.errors[attribute] << error
+              end
+            else
+              error = error_at(
+                  :element => element,
+                  :index => index,
+                  :prefix => "has non-String parameter name (#{parameter_name.inspect})"
+              )
+              record.errors[attribute] << error
+            end
+
+            parameter_value = element.second
+
+            unless parameter_value.is_a? String
+              error = error_at(
+                  :element => element,
+                  :index => index,
+                  :prefix => "has non-String parameter value (#{parameter_value.inspect})"
+              )
+              record.errors[attribute] << error
+            end
+          end
+        else
+          error = error_at(
+              :element => element,
+              :index => index,
+              :prefix => 'has non-Array'
+          )
+          record.errors[attribute] << error
+        end
+      end
+    else
+      record.errors[attribute] << "is not an Array.  #{TYPE_SIGNATURE_SENTENCE}"
+    end
+  end
+
+  private
+
+  # Generates error message for element at the given index.  Prefix is prepened to {#location_clause} to make a
+  # sentence.  {TYPE_SIGNATURE_SENTENCE} is appended to that sentence.
+  #
+  # @param options [Hash{Symbol => Object}]
+  # @option options [Object] :element The element that has the error.
+  # @option options [Integer] :index The index of element in its parent Array.
+  # @option options [String] :prefix Specific error prefix to differentiate from other calls to {#error_at}.
+  # @return [String]
+  # @see #location_clause
+  def error_at(options={})
+    options.assert_valid_keys(:element, :index, :prefix)
+    prefix = options.fetch(:prefix)
+
+    clause = location_clause(
+        :element => options[:element],
+        :index => options[:index]
+    )
+    sentence = "#{prefix} #{clause}."
+
+    sentences = [
+        sentence,
+        TYPE_SIGNATURE_SENTENCE
+    ]
+
+    error = sentences.join("  ")
+
+    error
+  end
+
+  # Generates error message for too few or too many elements.
+  #
+  # @param options [Hash{Symbol => Object}]
+  # @option options [Array] :element Array that has the wrong number of elements.
+  # @option options [:few, :many] :extreme whether :element has too `:few` or too `:many` child elements.
+  # @option options [Integer] :index index of `:element` in its parent Array.
+  # @return [String]
+  # @see {#error_at}
+  def length_error_at(options={})
+    options.assert_valid_keys(:element, :extreme, :index)
+    extreme = options.fetch(:extreme)
+
+    prefix = "has too #{extreme} elements"
+    error = error_at(
+        :element => options[:element],
+        :index => options[:index],
+        :prefix => prefix
+    )
+
+    error
+  end
+
+  # Generates a clause with the location of element and its value.
+  #
+  # @param options [Hash{Symbol => String,Integer}]
+  # @option options [Object, #inspect] :element an element in a parent Array.
+  # @option options [Integer] :index index of `:element` in parent Array.
+  # @return [String] "at index <index> (<element.inspect>)"
+  def location_clause(options={})
+    options.assert_valid_keys(:element, :index)
+
+    element = options.fetch(:element)
+    index = options.fetch(:index)
+
+    clause = "at index #{index} (#{element.inspect})"
+
+    clause
+  end
+end

data/app/validators/password_is_strong_validator.rb

@@ -0,0 +1,115 @@
+# Validates that the password is strong.
+class PasswordIsStrongValidator < ActiveModel::EachValidator
+  #
+  # CONSTANTS
+  #
+
+  # Password that are used too often and will be easily guessed.
+  COMMON_PASSWORDS = %w{
+			password pass root admin metasploit
+			msf 123456 qwerty abc123 letmein monkey link182 demo
+			changeme test1234 rapid7
+		}
+
+  # Validates that `value` is a strong password.  A password is strong if it meets the following rules:
+  # * SHOULD contain at least one letter.
+  # * SHOULD contain at least one digit.
+  # * SHOULD contain at least one special character.
+  # * SHOULD NOT contain `record.username` (case-insensitive).
+  # * SHOULD NOT be in {COMMON_PASSWORDS}.
+  # * SHOULD NOT repetitions.
+  #
+  # @param record [#errors, #username, ActiveRecord::Base] ActiveModel or ActiveRecord that supports #username method.
+  # @param attribute [Symbol] password attribute name.
+  # @param value [String] a password.
+  # @return [void]
+  def validate_each(record, attribute, value)
+    return if value.blank?
+
+    if is_simple?(value)
+      record.errors[attribute] << 'must contain letters, numbers, and at least one special character'
+    end
+
+    if contains_username?(record.username, value)
+      record.errors[attribute] << 'must not contain the username'
+    end
+
+    if is_common_password?(value)
+      record.errors[attribute] << 'must not be a common password'
+    end
+
+    if contains_repetition?(value)
+      record.errors[attribute] << 'must not be a predictable sequence of characters'
+    end
+  end
+
+  private
+
+  # Password repetition (quite basic) -- no "aaaaaa" or "ababab" or "abcabc" or
+  # "abcdabcd" (but note that the user can use "aaaaaab" or something).
+  #
+  # @param password [String]
+  # @return [Boolean]
+  def contains_repetition?(password)
+    if password.scan(/./).uniq.size < 2
+      return true
+    end
+
+    if (password.size % 2 == 0) and (password.scan(/../).uniq.size < 2)
+      return true
+    end
+
+    if (password.size % 3 == 0) and (password.scan(/.../).uniq.size < 2)
+      return true
+    end
+
+    if (password.size % 4 == 0) and (password.scan(/..../).uniq.size < 2)
+      return true
+    end
+
+    false
+  end
+
+  # Whether username is in password (case-insensitively).
+  #
+  # @return [false] if `password` is blank.
+  # @return [false] if `username` is blank.
+  # @return [false] unless `username` is in `password`.
+  # @return [true] if `username` is in `password`.
+  def contains_username?(username, password)
+    contains = false
+
+    unless password.blank? or username.blank?
+      escaped_username = Regexp.escape(username)
+      username_regexp = Regexp.new(escaped_username, Regexp::IGNORECASE)
+
+      if username_regexp.match(password)
+        contains = true
+      end
+    end
+
+    contains
+  end
+
+  # Whether `password` is in {COMMON_PASSWORDS} or a simple variation of a password in {COMMON_PASSWORDS}.
+  #
+  # @param password [String]
+  # @return [Boolean]
+  def is_common_password?(password)
+    COMMON_PASSWORDS.each do |pw|
+      common_pw = [pw, pw + "!", pw + "1", pw + "12", pw + "123", pw + "1234"]
+      if common_pw.include?(password.downcase)
+        return true
+      end
+    end
+    false
+  end
+
+  # Returns whether the password is simple.
+  #
+  # @return [false] if password contains a letter, digit and special character.
+  # @return [true] otherwise
+  def is_simple?(password)
+    not (password =~ /[A-Za-z]/ and password =~ /[0-9]/ and password =~ /[\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x3a\x3b\x3c\x3d\x3e\x3f\x5b\x5c\x5d\x5e\x5f\x60\x7b\x7c\x7d\x7e]/)
+  end
+end