metasploit_data_models 0.16.4 → 0.16.5

data/db/migrate/20130430162145_enforce_address_uniqueness_in_workspace_in_hosts.rb

@@ -3,20 +3,98 @@
 class EnforceAddressUniquenessInWorkspaceInHosts < ActiveRecord::Migration
   TABLE_NAME = :hosts
 
+  # maps Table -> Association Column for models that "belong to" a Host
+  HOST_ASSOCIATION_MAP = {
+    'clients'          => 'host_id',
+    'events'           => 'host_id',
+    'exploit_attempts' => 'host_id',
+    'exploited_hosts'  => 'host_id',
+    'host_details'     => 'host_id',
+    'hosts_tags'       => 'host_id',
+    'loots'            => 'host_id',
+    'notes'            => 'host_id',
+    'sessions'         => 'host_id',
+    'services'         => 'host_id',
+    'vulns'            => 'host_id'
+  }
+
+  # Historically there a few scenarios where a user could end up with Hosts
+  #  in the same workspace with the same IP. Primarily, if you run a Nexpose Scan
+  #  and a Discover scan simultaneously, AR does not know about these separate
+  #  transactions, so the Hosts will be valid when added and the user will end up
+  #  (when transaction completes) with two hosts with the same IP in the same workspace.
+  #
+  # Since we are adding a DB uniq constraint here, this migration could fail if the user
+  #  has hit aforementioned scenarios. So we try to "merge" any hosts with the same
+  #  address in the same workspace before adding the DB constraint, to prevent the
+  #  migration from simply failing.
+  #
+  # Note: We can't rely on AR directly here (or in any migration), since we have no
+  #  idea what version of the code the user has checked out. So we fall back to SQL :(
+  def find_and_merge_duplicate_hosts!
+    # find all duplicate addresses within the same workspace currently in the db
+    dupe_addresses_and_workspaces = ActiveRecord::Base.connection.execute(%Q{
+      SELECT workspace_id, address, count_addr
+        FROM (
+          SELECT workspace_id, address, COUNT(address) AS count_addr
+            FROM hosts
+            GROUP BY address, workspace_id
+        ) X
+        WHERE count_addr > 1
+    })
+
+    if dupe_addresses_and_workspaces.present? and
+       not dupe_addresses_and_workspaces.num_tuples.zero?
+      puts "Duplicate hosts in workspace found. Merging host references."
+      # iterate through the duped IPs
+      dupe_addresses_and_workspaces.each do |result|
+        # so its come to this
+        address      = ActiveRecord::Base.connection.quote(result['address'])
+        workspace_id = result['workspace_id'].to_i
+        # look up the duplicate Host table entries to find all IDs of the duped Hosts
+        hosts = ActiveRecord::Base.connection.execute(%Q|
+          SELECT id
+            FROM hosts
+            WHERE address=#{address} AND workspace_id=#{workspace_id}
+            ORDER BY id DESC
+        |)
+        # grab and quote the ID for each result row
+        hosts = hosts.map { |h| h["id"].to_i }
+        # grab every Host entry besides the first one
+        first_host_id = hosts.first
+        dupe_host_ids = hosts[1..-1]
+        # update associations to these duplicate Hosts
+        HOST_ASSOCIATION_MAP.each do |table, column|
+          ActiveRecord::Base.connection.execute(%Q|
+            UPDATE #{table} SET #{column}=#{first_host_id}
+              WHERE #{column} IN (#{dupe_host_ids.join(',')})
+          |)
+        end
+        # destroy the duplicate host rows
+        ActiveRecord::Base.connection.execute(%Q|
+          DELETE FROM hosts WHERE id IN (#{dupe_host_ids.join(',')})
+        |)
+      end
+
+      # At this point all duped hosts in the same workspace should be merged.
+      # You could end up with duplicate services, but hey its better than just
+      #   dropping all data about the old Host.
+    end
+  end
+
   # Restores old index on address
   def down
     change_table TABLE_NAME do |t|
       t.remove_index [:workspace_id, :address]
-
       t.index :address
     end
   end
 
   # Make index on address scope to workspace_id and be unique
   def up
+    find_and_merge_duplicate_hosts!
     change_table TABLE_NAME do |t|
       t.remove_index :address
-
       t.index [:workspace_id, :address], :unique => true
     end
   end

data/lib/metasploit_data_models/version.rb

@@ -4,5 +4,5 @@ module MetasploitDataModels
   # metasploit-framework/data/sql/migrate to db/migrate in this project, not all models have specs that verify the
   # migrations (with have_db_column and have_db_index) and certain models may not be shared between metasploit-framework
   # and pro, so models may be removed in the future.  Because of the unstable API the version should remain below 1.0.0
-  VERSION = '0.16.4'
+  VERSION = '0.16.5'
 end

metadata

@@ -1,7 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: metasploit_data_models
 version: !ruby/object:Gem::Version
-  version: 0.16.4
+  version: 0.16.5
+  prerelease: 
 platform: ruby
 authors:
 - Samuel Huckins
@@ -11,11 +12,12 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-05 00:00:00.000000000 Z
+date: 2013-07-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -23,6 +25,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -30,6 +33,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -37,6 +41,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -44,6 +49,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -51,6 +57,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -58,6 +65,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -65,6 +73,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -72,6 +81,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -79,6 +89,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -86,6 +97,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -93,6 +105,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -100,6 +113,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -107,6 +121,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -437,26 +452,33 @@ files:
 - spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb
 homepage: ''
 licenses: []
-metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -1502167183498467311
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -1502167183498467311
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 1.8.25
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: Database code for MSF and Metasploit Pro
 test_files:
 - spec/app/models/mdm/client_spec.rb

checksums.yaml

@@ -1,15 +0,0 @@
----
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    ZDhiOTE4MWQ2Y2YzMDQ4YzYyODE4MWQyNTg0ODNlY2Q1ZTg5NTIyOA==
-  data.tar.gz: !binary |-
-    MTc2ZTEyYjJiYjc4OTFiZWMzZWZmMTZjYjFjMTBhN2QxZjcyNDM1Mg==
-!binary "U0hBNTEy":
-  metadata.gz: !binary |-
-    MDNiODM5MzVlNzljMTM4NTFmYjk1ZmIyMmZjMWU2NTBmMjI4ZDc1NDU1M2I0
-    MDBmY2I1NDM3ZmQ0NzIxNTIzZmNkMzMxN2MxZmI1MzM5ZDNiZTQwMjIyYmZm
-    YWNiZTA5MTdmNmE4NGU0MDUwOTk3MGQ2MDgwOTY5OWQ5YmUzZDc=
-  data.tar.gz: !binary |-
-    N2YzNGQxMDM1NTNiNDg4YTg0M2YwZjMxY2VmY2NlOGI1ZDBlM2EwN2U1YzZi
-    NzQ0NGYzMGIzYmRhN2JlOTg1NzA4ODRkMjI3MDU4NDk5OTg0YzI1YjVhYzdl
-    NmMyNjIzNWViOGNkNjA2YWQxZWJhMWYwNzNiNjg1MDA3MzRhYmM=