metasploit-model 2.0.3 → 3.1.2

data/lib/metasploit/model/engine.rb

@@ -22,12 +22,12 @@ class Metasploit::Model::Engine < Rails::Engine
   end
 
   initializer 'metasploit-model.prepend_factory_path', :after => 'factory_girl.set_factory_paths' do
-    if defined? FactoryGirl
+    if defined? FactoryBot
       relative_definition_file_path = config.generators.options[:factory_girl][:dir]
       definition_file_path = root.join(relative_definition_file_path)
 
       # unshift so that dependent gems can modify metasploit-model's factories
-      FactoryGirl.definition_file_paths.unshift definition_file_path
+      FactoryBot.definition_file_paths.unshift definition_file_path
     end
   end
 end

data/lib/metasploit/model/search/attribute.rb

@@ -16,7 +16,7 @@
 # The help for each operator is uses the `I18n` system, so the help for an attribute operator on a given class can
 # added to `config/locales/<lang>.yml`.  The scope of the lookup, under the language key is the `Class`'s
 # `i18n_scope`, which is `metasploit.model` if the `Class` includes {Metasploit::Model::Translation} or
-# `active_record` for `ActiveRecord::Base` subclasses.  Under the `i18n_scope`, any `Module#ancestor`'s
+# `active_record` for `ApplicationRecord` subclasses.  Under the `i18n_scope`, any `Module#ancestor`'s
 # `model_name.i18n_key` can be used to look up the help for an attribute's operator.  This allows for super
 # classes or mixins to define the search operator help for subclasses.
 #

data/lib/metasploit/model/translation.rb

@@ -1,6 +1,6 @@
 # ActiveRecord::Translation is a dirty bastard and overrides `ActiveModel::Translation#lookup_ancestors`, so that it
 # will only count superclasses, and not all ancestors.  Metasploit::Model needs the original behavior so that its
-# {Metasploit::Model::Module} modules can supply translations to both `ActiveRecord::Base` descendants in `Mdm` and
+# {Metasploit::Model::Module} modules can supply translations to both `ApplicationRecord` descendants in `Mdm` and
 # `ActiveModel` descendants in `Metasploit::Framework`
 #
 # @see https://github.com/rails/rails/issues/11409
@@ -28,4 +28,4 @@ module Metasploit::Model::Translation
       'metasploit.model'
     end
   end
-end
+end

data/lib/metasploit/model/version.rb

@@ -1,7 +1,7 @@
 module Metasploit
   module Model
     # VERSION is managed by GemRelease
-    VERSION = '2.0.3'
+    VERSION = '3.1.2'
   
     # @return [String]
     #

data/metasploit-model.gemspec

@@ -6,19 +6,19 @@ require 'metasploit/model/version'
 Gem::Specification.new do |spec|
   spec.name          = 'metasploit-model'
   spec.version       = Metasploit::Model::VERSION
-  spec.authors       = ['Luke Imhoff']
-  spec.email         = ['luke_imhoff@rapid7.com']
+  spec.authors       = ['Metasploit Hackers']
+  spec.email         = ['msfdev@metasploit.com']
   spec.description   = %q{Common code, such as validators and mixins, that are shared between ActiveModels in metasploit-framework and ActiveRecords in metasploit_data_models.}
   spec.summary       = %q{Metasploit Model Mixins and Validators}
 
-  spec.files         = `git ls-files`.split($/)
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.files         = `git ls-files`.split($/).reject { |file|
+    file =~ /^bin/
+  }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = %w{app/models app/validators lib}
 
-  spec.required_ruby_version = '>= 2.1'
+  spec.required_ruby_version = '>= 2.2.0'
 
-  spec.add_development_dependency 'bundler', '~> 1.3'
   spec.add_development_dependency 'metasploit-yard'
   spec.add_development_dependency 'metasploit-erd'
   spec.add_development_dependency 'rake'
@@ -29,10 +29,10 @@ Gem::Specification.new do |spec|
 
   # Dependency loading
 
-  spec.add_runtime_dependency 'activemodel', '~> 4.2.6'
-  spec.add_runtime_dependency 'activesupport', '~> 4.2.6'
+  spec.add_runtime_dependency 'activemodel', '~> 5.2.2'
+  spec.add_runtime_dependency 'activesupport', '~> 5.2.2'
 
-  spec.add_runtime_dependency 'railties', '~> 4.2.6'
+  spec.add_runtime_dependency 'railties', '~> 5.2.2'
 
   if RUBY_PLATFORM =~ /java/
     # markdown formatting for yard

data/spec/app/models/metasploit/model/association/reflection_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe Metasploit::Model::Association::Reflection, type: :model do
 
 
     let(:class_name) do
-      FactoryGirl.generate :metasploit_model_association_reflection_class_name
+      FactoryBot.generate :metasploit_model_association_reflection_class_name
     end
 
     let(:class_name_class) do
@@ -24,7 +24,7 @@ RSpec.describe Metasploit::Model::Association::Reflection, type: :model do
     end
 
     let(:name) do
-      FactoryGirl.generate :metasploit_model_association_reflection_name
+      FactoryBot.generate :metasploit_model_association_reflection_name
     end
 
     let(:reflection) do

data/spec/app/models/metasploit/model/search/operator/association_spec.rb

@@ -7,7 +7,7 @@ RSpec.describe Metasploit::Model::Search::Operator::Association, type: :model do
   end
 
   let(:association) do
-    FactoryGirl.generate :metasploit_model_search_operator_association_association
+    FactoryBot.generate :metasploit_model_search_operator_association_association
   end
 
   let(:source_operator) do

data/spec/app/models/metasploit/model/search/operator/attribute_spec.rb

@@ -86,7 +86,7 @@ RSpec.describe Metasploit::Model::Search::Operator::Attribute, type: :model do
     end
 
     let(:attribute) do
-      FactoryGirl.generate :metasploit_model_search_operator_attribute_attribute
+      FactoryBot.generate :metasploit_model_search_operator_attribute_attribute
     end
 
     let(:attribute_operator) do

data/spec/app/validators/address_format_validator_spec.rb

@@ -0,0 +1,136 @@
+RSpec.describe AddressFormatValidator do
+  subject(:address_format_validator) do
+    described_class.new(
+        :attributes => attributes
+    )
+  end
+
+  let(:attribute) do
+    :address
+  end
+
+  let(:attributes) do
+    [
+        attribute
+    ]
+  end
+
+  context '#validate_each' do
+    subject(:validate_each) do
+      address_format_validator.validate_each(record, attribute, value)
+    end
+
+    let(:error) do
+      'must be a valid (IP or hostname) address'
+    end
+
+    let(:record) do
+      record_class.new
+    end
+
+    let(:record_class) do
+      # capture for Class.new scope
+      attribute = self.attribute
+
+      Class.new do
+        include ActiveModel::Validations
+
+        #
+        # Validations
+        #
+
+        validates attribute,
+                  :address_format => true
+      end
+    end
+
+    context 'address' do
+      context 'in IPv4 format' do
+        let(:value) do
+          '192.168.0.1'
+        end
+
+        it 'should not record any errors' do
+          validate_each
+
+          expect(record.errors).to be_empty
+        end
+      end
+
+      context 'in IPv6 format' do
+        let(:value) do
+          '::1'
+        end
+
+        it 'should not record any errors' do
+          validate_each
+
+          expect(record.errors).to be_empty
+        end
+      end
+
+      context 'with a valid hostname' do
+        let(:value) do
+          'testvalue.test.com'
+        end
+
+        it 'should not record any errors' do
+          validate_each
+
+          expect(record.errors).to be_empty
+        end
+      end
+
+      context 'with localhost' do
+        let(:value) do
+          'localhost'
+        end
+
+        it 'should not record any errors' do
+          validate_each
+
+          expect(record.errors).to be_empty
+        end
+      end
+
+      context 'with blank address' do
+        let(:value) do
+          ''
+        end
+
+        it 'should record error' do
+          validate_each
+
+          expect(record.errors[attribute]).to include(error)
+        end
+      end
+
+      context 'with nil value' do
+        let(:value) do
+          nil
+        end
+
+        it 'should record error on attribute' do
+          validate_each
+
+          expect(record.errors[attribute]).to include(error)
+        end
+      end
+
+      context 'with a malformed hostname should record an error' do
+        invalid_hostnames = ['testvalue.test.com:', 'testvalue-.test.com', '[testvalue.test.com]']
+        invalid_hostnames.each do | entry |
+          let(:value) do
+            entry
+          end
+
+          it 'should record an error on attribute' do
+            validate_each
+            expect(record.errors[attribute]).to include(error)
+          end
+        end
+
+      end
+    end
+  end
+end

data/spec/app/validators/ip_format_validator_spec.rb

@@ -69,30 +69,6 @@ RSpec.describe IpFormatValidator do
         end
       end
 
-      context 'with IPv4 range' do
-        let(:value) do
-          '127.0.0.1/8'
-        end
-
-        it 'should record error' do
-          validate_each
-
-          expect(record.errors[attribute]).to include("#{error} and not an IPv4 address range in CIDR or netmask notation")
-        end
-      end
-
-      context 'with IPv6 range' do
-        let(:value) do
-          '3ffe:505:2::1/48'
-        end
-
-        it 'should record error' do
-          validate_each
-
-          expect(record.errors[attribute]).to include("#{error} and not an IPv6 address range in CIDR or netmask notation")
-        end
-      end
-
       context 'without IPv4 or IPv6 address' do
         let(:value) do
           'localhost'

data/spec/app/validators/password_is_strong_validator_spec.rb

@@ -15,9 +15,9 @@ RSpec.describe PasswordIsStrongValidator do
     ]
   end
 
-  context '#contains_repetition' do
-    subject(:contains_repetition?) do
-      password_is_strong_validator.send(:contains_repetition?, password)
+  context '#is_only_repetition' do
+    subject(:is_only_repetition?) do
+      password_is_strong_validator.send(:is_only_repetition?, password)
     end
 
     context 'with all the same character' do
@@ -56,8 +56,8 @@ RSpec.describe PasswordIsStrongValidator do
       let(:password) do
         'abcdefgh'
       end
-
       it { is_expected.to eq(false) }
+
     end
   end
 
@@ -66,59 +66,48 @@ RSpec.describe PasswordIsStrongValidator do
       password_is_strong_validator.send(:contains_username?, username, password)
     end
 
-    let(:username) do
-      ''
-    end
-
-    context 'with blank password' do
-      let(:password) do
-        ''
-      end
-
-      it { is_expected.to eq(false) }
-    end
-
-    context 'without blank password' do
-      let(:password) do
-        'password'
+    context 'without blank username' do
+      let(:username) do
+        'username'
       end
 
-      context 'with blank username' do
-        let(:username) do
+      context 'with blank password' do
+        let(:password) do
           ''
         end
-
         it { is_expected.to eq(false) }
       end
 
-      context 'without blank username' do
+      context 'with reserved regex characters in username' do
         let(:username) do
-          'username'
+          "user(with)regex"
         end
 
-        it 'should escape username' do
-          expect(Regexp).to receive(:escape).with(username).and_call_original
-
-          contains_username?
+        context 'with username in password' do
+          let(:password) do
+            "myPassworduser(with)regexValue"
+          end
+          it { is_expected.to eq(false)}
         end
+      end
 
-        context 'with matching password' do
-          context 'of different case' do
-            let(:password) do
-              username.titleize
-            end
-
-            it { is_expected.to eq(true) }
+      context 'with matching password' do
+        context 'of different case' do
+          let(:password) do
+            username.titleize
           end
 
-          context 'of same case' do
-            let(:password) do
-              username
-            end
+          it { is_expected.to eq(true) }
+        end
 
-            it { is_expected.to eq(true) }
+        context 'of same case' do
+          let(:password) do
+            username
           end
+
+          it { is_expected.to eq(true) }
         end
+
       end
     end
   end
@@ -231,7 +220,7 @@ RSpec.describe PasswordIsStrongValidator do
 
             context 'without repetition' do
               let(:value) do
-                'A$uperg00dp@ssw0rd'
+                'A$uperg00dp@sw0rd'
               end
 
               it 'should not record any errors' do
@@ -245,4 +234,4 @@ RSpec.describe PasswordIsStrongValidator do
       end
     end
   end
-end
+end

data/spec/dummy/app/models/application_record.rb

@@ -0,0 +1,3 @@
+class ApplicationRecord < ApplicationRecord
+  self.abstract_class = true
+end

data/spec/dummy/config/application.rb

@@ -3,6 +3,7 @@ require File.expand_path('../boot', __FILE__)
 # Pick the frameworks you want:
 require 'active_model/railtie'
 require 'action_controller/railtie'
+require 'active_record/railtie'
 
 Bundler.require(*Rails.groups)
 
@@ -40,11 +41,6 @@ module Dummy
     # Enable escaping HTML in JSON.
     config.active_support.escape_html_entities_in_json = true
 
-    # Enable the asset pipeline
-    config.assets.enabled = false
-
-    # Version of your assets, change this if you want to expire all your assets
-    config.assets.version = '1.0'
   end
 end
 

data/spec/dummy/config/environments/development.rb

@@ -20,16 +20,6 @@ Rails.application.configure do
   # Raise an error on page load if there are pending migrations.
   config.active_record.migration_error = :page_load
 
-  # Debug mode disables concatenation and preprocessing of assets.
-  # This option may cause significant delays in view rendering with a large
-  # number of complex assets.
-  config.assets.debug = true
-
-  # Adds additional error checking when serving assets at runtime.
-  # Checks for improperly declared sprockets dependencies.
-  # Raises helpful error messages.
-  config.assets.raise_runtime_errors = true
-
   # Raises error for missing translations
   # config.action_view.raise_on_missing_translations = true
 end