metasploit_data_models 0.17.0 → 0.17.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/.yardopts +1 -1
- data/Gemfile +6 -1
- data/app/models/mdm/client.rb +3 -1
- data/app/models/mdm/cred.rb +7 -2
- data/app/models/mdm/event.rb +7 -2
- data/app/models/mdm/exploit_attempt.rb +43 -2
- data/app/models/mdm/exploited_host.rb +7 -2
- data/app/models/mdm/host.rb +85 -49
- data/app/models/mdm/host_detail.rb +4 -1
- data/app/models/mdm/host_tag.rb +41 -3
- data/app/models/mdm/listener.rb +7 -2
- data/app/models/mdm/loot.rb +25 -3
- data/app/models/mdm/nexpose_console.rb +13 -0
- data/app/models/mdm/note.rb +10 -3
- data/app/models/mdm/ref.rb +4 -2
- data/app/models/mdm/route.rb +7 -1
- data/app/models/mdm/service.rb +71 -28
- data/app/models/mdm/session.rb +28 -3
- data/app/models/mdm/session_event.rb +3 -1
- data/app/models/mdm/tag.rb +29 -10
- data/app/models/mdm/task.rb +56 -17
- data/app/models/mdm/task_cred.rb +7 -3
- data/app/models/mdm/task_host.rb +7 -3
- data/app/models/mdm/task_service.rb +7 -3
- data/app/models/mdm/task_session.rb +7 -2
- data/app/models/mdm/user.rb +9 -2
- data/app/models/mdm/vuln.rb +27 -7
- data/app/models/mdm/vuln_attempt.rb +37 -2
- data/app/models/mdm/vuln_detail.rb +9 -1
- data/app/models/mdm/vuln_ref.rb +7 -2
- data/app/models/mdm/web_form.rb +3 -1
- data/app/models/mdm/web_page.rb +3 -1
- data/app/models/mdm/web_site.rb +19 -4
- data/app/models/mdm/web_vuln.rb +3 -1
- data/lib/metasploit_data_models/version.rb +1 -1
- data/lib/tasks/yard.rake +7 -0
- data/metasploit_data_models.gemspec +3 -1
- data/spec/app/models/mdm/host_spec.rb +0 -67
- data/spec/app/models/mdm/host_tag_spec.rb +38 -7
- data/spec/app/models/mdm/tag_spec.rb +5 -23
- metadata +11 -27
data/app/models/mdm/task_cred.rb
CHANGED
@@ -1,7 +1,11 @@
|
|
1
1
|
class Mdm::TaskCred < ActiveRecord::Base
|
2
|
-
|
3
|
-
|
4
|
-
|
2
|
+
belongs_to :cred,
|
3
|
+
class_name: 'Mdm::Cred',
|
4
|
+
inverse_of: :task_creds
|
5
|
+
|
6
|
+
belongs_to :task,
|
7
|
+
class_name: 'Mdm::Task',
|
8
|
+
inverse_of: :task_creds
|
5
9
|
|
6
10
|
validates :cred_id,
|
7
11
|
:uniqueness => {
|
data/app/models/mdm/task_host.rb
CHANGED
@@ -1,7 +1,11 @@
|
|
1
1
|
class Mdm::TaskHost < ActiveRecord::Base
|
2
|
-
|
3
|
-
|
4
|
-
|
2
|
+
belongs_to :host,
|
3
|
+
class_name: 'Mdm::Host',
|
4
|
+
inverse_of: :task_hosts
|
5
|
+
|
6
|
+
belongs_to :task,
|
7
|
+
class_name: 'Mdm::Task',
|
8
|
+
inverse_of: :task_hosts
|
5
9
|
|
6
10
|
validates :host_id,
|
7
11
|
:uniqueness => {
|
@@ -1,7 +1,11 @@
|
|
1
1
|
class Mdm::TaskService < ActiveRecord::Base
|
2
|
-
|
3
|
-
|
4
|
-
|
2
|
+
belongs_to :service,
|
3
|
+
class_name: 'Mdm::Service',
|
4
|
+
inverse_of: :task_services
|
5
|
+
|
6
|
+
belongs_to :task,
|
7
|
+
class_name: 'Mdm::Task',
|
8
|
+
inverse_of: :task_services
|
5
9
|
|
6
10
|
validates :service_id,
|
7
11
|
:uniqueness => {
|
@@ -1,6 +1,11 @@
|
|
1
1
|
class Mdm::TaskSession < ActiveRecord::Base
|
2
|
-
belongs_to :session,
|
3
|
-
|
2
|
+
belongs_to :session,
|
3
|
+
class_name: 'Mdm::Session',
|
4
|
+
inverse_of: :task_sessions
|
5
|
+
|
6
|
+
belongs_to :task,
|
7
|
+
class_name: 'Mdm::Task',
|
8
|
+
inverse_of: :task_sessions
|
4
9
|
|
5
10
|
validates :session_id,
|
6
11
|
:uniqueness => {
|
data/app/models/mdm/user.rb
CHANGED
@@ -5,8 +5,15 @@ class Mdm::User < ActiveRecord::Base
|
|
5
5
|
# Relations
|
6
6
|
#
|
7
7
|
|
8
|
-
has_many :owned_workspaces,
|
9
|
-
|
8
|
+
has_many :owned_workspaces,
|
9
|
+
class_name: 'Mdm::Workspace',
|
10
|
+
foreign_key: 'owner_id',
|
11
|
+
inverse_of: :owner
|
12
|
+
|
13
|
+
has_many :tags,
|
14
|
+
class_name: 'Mdm::Tag',
|
15
|
+
inverse_of: :user
|
16
|
+
|
10
17
|
has_and_belongs_to_many :workspaces, :join_table => 'workspace_members', :uniq => true, :class_name => 'Mdm::Workspace'
|
11
18
|
|
12
19
|
#
|
data/app/models/mdm/vuln.rb
CHANGED
@@ -4,36 +4,57 @@ class Mdm::Vuln < ActiveRecord::Base
|
|
4
4
|
# Associations
|
5
5
|
#
|
6
6
|
|
7
|
+
# @!attribute exploit_attempts
|
8
|
+
# Attempts to exploit this vulnerability.
|
9
|
+
#
|
10
|
+
# @return [ActiveRecord::Relation<Mdm::ExploitAttempt>]
|
11
|
+
has_many :exploit_attempts,
|
12
|
+
class_name: 'Mdm::ExploitAttempt',
|
13
|
+
inverse_of: :vuln
|
14
|
+
|
7
15
|
# @!attribute [rw] host
|
8
16
|
# The host with this vulnerability.
|
9
17
|
#
|
10
18
|
# @return [Mdm::Host]
|
11
|
-
belongs_to :host,
|
19
|
+
belongs_to :host,
|
20
|
+
class_name: 'Mdm::Host',
|
21
|
+
counter_cache: :vuln_count,
|
22
|
+
inverse_of: :vulns
|
12
23
|
|
13
24
|
# @!attribute [rw] service
|
14
25
|
# The service with the vulnerability.
|
15
26
|
#
|
16
27
|
# @return [Mdm::Service]
|
17
|
-
belongs_to :service,
|
28
|
+
belongs_to :service,
|
29
|
+
class_name: 'Mdm::Service',
|
30
|
+
inverse_of: :vulns
|
18
31
|
|
19
32
|
# @!attribute [rw] vuln_attempts
|
20
33
|
# Attempts to exploit this vulnerability.
|
21
34
|
#
|
22
35
|
# @return [Array<Mdm::VulnAttempt>]
|
23
|
-
has_many :vuln_attempts,
|
36
|
+
has_many :vuln_attempts,
|
37
|
+
class_name: 'Mdm::VulnAttempt',
|
38
|
+
dependent: :destroy,
|
39
|
+
inverse_of: :vuln
|
24
40
|
|
25
41
|
# @!attribute [rw] vuln_details
|
26
42
|
# Additional information about this vulnerability.
|
27
43
|
#
|
28
44
|
# @return [Array<Mdm::VulnDetail>]
|
29
|
-
has_many :vuln_details,
|
45
|
+
has_many :vuln_details,
|
46
|
+
class_name: 'Mdm::VulnDetail',
|
47
|
+
dependent: :destroy,
|
48
|
+
inverse_of: :vuln
|
30
49
|
|
31
50
|
# @!attribute [rw] vulns_refs
|
32
51
|
# Join model that joins this vuln to its {Mdm::Ref external references}.
|
33
52
|
#
|
34
|
-
# @todo https://www.pivotaltracker.com/story/show/49004623
|
35
53
|
# @return [Array<Mdm::VulnRef>]
|
36
|
-
has_many :vulns_refs,
|
54
|
+
has_many :vulns_refs,
|
55
|
+
class_name: 'Mdm::VulnRef',
|
56
|
+
dependent: :destroy,
|
57
|
+
inverse_of: :vuln
|
37
58
|
|
38
59
|
#
|
39
60
|
# Through :vuln_refs
|
@@ -42,7 +63,6 @@ class Mdm::Vuln < ActiveRecord::Base
|
|
42
63
|
# @!attribute [r] refs
|
43
64
|
# External references to this vulnerability.
|
44
65
|
#
|
45
|
-
# @todo https://www.pivotaltracker.com/story/show/49004623
|
46
66
|
# @return [Array<Mdm::Ref>]
|
47
67
|
has_many :refs, :class_name => 'Mdm::Ref', :through => :vulns_refs
|
48
68
|
|
@@ -1,9 +1,44 @@
|
|
1
1
|
class Mdm::VulnAttempt < ActiveRecord::Base
|
2
2
|
#
|
3
|
-
#
|
3
|
+
# Associations
|
4
4
|
#
|
5
5
|
|
6
|
-
|
6
|
+
# @!attribute loot
|
7
|
+
# Loot gathered from this attempt.
|
8
|
+
#
|
9
|
+
# @return [Mdm::Loot] if {#exploited} is `true`.
|
10
|
+
# @return [nil] if {#exploited} is `false`.
|
11
|
+
belongs_to :loot,
|
12
|
+
class_name: 'Mdm::Loot',
|
13
|
+
inverse_of: :vuln_attempt
|
14
|
+
|
15
|
+
# @!attribute session
|
16
|
+
# The session opened by this attempt.
|
17
|
+
#
|
18
|
+
# @return [Mdm::Session] if {#exploited} is `true`.
|
19
|
+
# @return [nil] if {#exploited} is `false`.
|
20
|
+
belongs_to :session,
|
21
|
+
class_name: 'Mdm::Session',
|
22
|
+
inverse_of: :vuln_attempt
|
23
|
+
|
24
|
+
# @!attribute vuln
|
25
|
+
# The {Mdm::Vuln vulnerability} that this attempt was exploiting.
|
26
|
+
#
|
27
|
+
# @return [Mdm::Vuln]
|
28
|
+
belongs_to :vuln,
|
29
|
+
class_name: 'Mdm::Vuln',
|
30
|
+
counter_cache: :vuln_attempt_count,
|
31
|
+
inverse_of: :vuln_attempts
|
32
|
+
|
33
|
+
#
|
34
|
+
# Attributes
|
35
|
+
#
|
36
|
+
|
37
|
+
# @!attribute [rw] exploited
|
38
|
+
# Whether this attempt was successful.
|
39
|
+
#
|
40
|
+
# @return [true] if {#vuln} was exploited.
|
41
|
+
# @return [false] if {#vuln} was not exploited.
|
7
42
|
|
8
43
|
#
|
9
44
|
# Validations
|
@@ -2,7 +2,15 @@ class Mdm::VulnDetail < ActiveRecord::Base
|
|
2
2
|
#
|
3
3
|
# Relations
|
4
4
|
#
|
5
|
-
|
5
|
+
|
6
|
+
belongs_to :nexpose_console,
|
7
|
+
class_name: 'Mdm::NexposeConsole',
|
8
|
+
inverse_of: :vuln_details
|
9
|
+
|
10
|
+
belongs_to :vuln,
|
11
|
+
class_name: 'Mdm::Vuln',
|
12
|
+
counter_cache: :vuln_detail_count,
|
13
|
+
inverse_of: :vuln_details
|
6
14
|
|
7
15
|
#
|
8
16
|
# Validations
|
data/app/models/mdm/vuln_ref.rb
CHANGED
@@ -5,8 +5,13 @@ class Mdm::VulnRef < ActiveRecord::Base
|
|
5
5
|
# Relations
|
6
6
|
#
|
7
7
|
|
8
|
-
belongs_to :ref,
|
9
|
-
|
8
|
+
belongs_to :ref,
|
9
|
+
class_name: 'Mdm::Ref',
|
10
|
+
inverse_of: :vulns_refs
|
11
|
+
|
12
|
+
belongs_to :vuln,
|
13
|
+
class_name: 'Mdm::Vuln',
|
14
|
+
inverse_of: :vulns_refs
|
10
15
|
|
11
16
|
ActiveSupport.run_load_hooks(:mdm_vuln_ref, self)
|
12
17
|
end
|
data/app/models/mdm/web_form.rb
CHANGED
data/app/models/mdm/web_page.rb
CHANGED
data/app/models/mdm/web_site.rb
CHANGED
@@ -3,10 +3,25 @@ class Mdm::WebSite < ActiveRecord::Base
|
|
3
3
|
# Relations
|
4
4
|
#
|
5
5
|
|
6
|
-
belongs_to :service,
|
7
|
-
|
8
|
-
|
9
|
-
|
6
|
+
belongs_to :service,
|
7
|
+
class_name: 'Mdm::Service',
|
8
|
+
foreign_key: 'service_id',
|
9
|
+
inverse_of: :web_sites
|
10
|
+
|
11
|
+
has_many :web_forms,
|
12
|
+
class_name: 'Mdm::WebForm',
|
13
|
+
dependent: :destroy,
|
14
|
+
inverse_of: :web_site
|
15
|
+
|
16
|
+
has_many :web_pages,
|
17
|
+
class_name: 'Mdm::WebPage',
|
18
|
+
dependent: :destroy,
|
19
|
+
inverse_of: :web_site
|
20
|
+
|
21
|
+
has_many :web_vulns,
|
22
|
+
class_name: 'Mdm::WebVuln',
|
23
|
+
dependent: :destroy,
|
24
|
+
inverse_of: :web_site
|
10
25
|
|
11
26
|
#
|
12
27
|
# Serializations
|
data/app/models/mdm/web_vuln.rb
CHANGED
@@ -4,5 +4,5 @@ module MetasploitDataModels
|
|
4
4
|
# metasploit-framework/data/sql/migrate to db/migrate in this project, not all models have specs that verify the
|
5
5
|
# migrations (with have_db_column and have_db_index) and certain models may not be shared between metasploit-framework
|
6
6
|
# and pro, so models may be removed in the future. Because of the unstable API the version should remain below 1.0.0
|
7
|
-
VERSION = '0.17.
|
7
|
+
VERSION = '0.17.1'
|
8
8
|
end
|
data/lib/tasks/yard.rake
CHANGED
@@ -12,6 +12,9 @@ if defined? YARD
|
|
12
12
|
}
|
13
13
|
end
|
14
14
|
|
15
|
+
# need environment so that yard templates can load ActiveRecord::Base subclasses for Entity-Relationship Diagrams
|
16
|
+
task :doc => :eager_load
|
17
|
+
|
15
18
|
desc "Shows stats for YARD Documentation including listing undocumented modules, classes, constants, and methods"
|
16
19
|
task :stats => :environment do
|
17
20
|
stats = YARD::CLI::Stats.new
|
@@ -23,4 +26,8 @@ if defined? YARD
|
|
23
26
|
desc "Generate YARD documentation"
|
24
27
|
# allow calling namespace to as a task that goes to default task for namespace
|
25
28
|
task :yard => ['yard:doc']
|
29
|
+
end
|
30
|
+
|
31
|
+
task eager_load: :environment do
|
32
|
+
Rails.application.eager_load!
|
26
33
|
end
|
@@ -34,7 +34,9 @@ Gem::Specification.new do |s|
|
|
34
34
|
# debugging
|
35
35
|
s.add_development_dependency 'pry'
|
36
36
|
|
37
|
-
|
37
|
+
# restrict from rails 4.0 as it requires protected_attributes gem and other changes for compatibility
|
38
|
+
# @see MSP-2971
|
39
|
+
s.add_runtime_dependency 'activerecord', '>= 3.2.13', '< 4.0.0'
|
38
40
|
s.add_runtime_dependency 'activesupport'
|
39
41
|
|
40
42
|
if RUBY_PLATFORM =~ /java/
|
@@ -202,73 +202,6 @@ describe Mdm::Host do
|
|
202
202
|
it { should belong_to(:workspace).class_name('Mdm::Workspace') }
|
203
203
|
end
|
204
204
|
|
205
|
-
context 'callbacks' do
|
206
|
-
context 'before destroy' do
|
207
|
-
context 'cleanup_tags' do
|
208
|
-
context 'with tags' do
|
209
|
-
let!(:tag) do
|
210
|
-
FactoryGirl.create(:mdm_tag)
|
211
|
-
end
|
212
|
-
|
213
|
-
let!(:host) do
|
214
|
-
FactoryGirl.create(:mdm_host)
|
215
|
-
end
|
216
|
-
|
217
|
-
context 'with only this host' do
|
218
|
-
before(:each) do
|
219
|
-
FactoryGirl.create(
|
220
|
-
:mdm_host_tag,
|
221
|
-
:host => host,
|
222
|
-
:tag => tag
|
223
|
-
)
|
224
|
-
end
|
225
|
-
|
226
|
-
it 'should destroy the tags' do
|
227
|
-
expect {
|
228
|
-
host.destroy
|
229
|
-
}.to change(Mdm::Tag, :count).by(-1)
|
230
|
-
end
|
231
|
-
|
232
|
-
it 'should destroy the host tags' do
|
233
|
-
expect {
|
234
|
-
host.destroy
|
235
|
-
}.to change(Mdm::HostTag, :count).by(-1)
|
236
|
-
end
|
237
|
-
end
|
238
|
-
|
239
|
-
context 'with additional hosts' do
|
240
|
-
let(:other_host) do
|
241
|
-
FactoryGirl.create(:mdm_host)
|
242
|
-
end
|
243
|
-
|
244
|
-
before(:each) do
|
245
|
-
FactoryGirl.create(:mdm_host_tag, :host => host, :tag => tag)
|
246
|
-
FactoryGirl.create(:mdm_host_tag, :host => other_host, :tag => tag)
|
247
|
-
end
|
248
|
-
|
249
|
-
it 'should not destroy the tag' do
|
250
|
-
expect {
|
251
|
-
host.destroy
|
252
|
-
}.to_not change(Mdm::Tag, :count)
|
253
|
-
end
|
254
|
-
|
255
|
-
it 'should destroy the host tags' do
|
256
|
-
expect {
|
257
|
-
host.destroy
|
258
|
-
}.to change(Mdm::HostTag, :count).by(-1)
|
259
|
-
end
|
260
|
-
|
261
|
-
it "should not destroy the other host's tags" do
|
262
|
-
host.destroy
|
263
|
-
|
264
|
-
other_host.hosts_tags.count.should == 1
|
265
|
-
end
|
266
|
-
end
|
267
|
-
end
|
268
|
-
end
|
269
|
-
end
|
270
|
-
end
|
271
|
-
|
272
205
|
context 'CONSTANTS' do
|
273
206
|
context 'ARCHITECTURES' do
|
274
207
|
subject(:architectures) do
|
@@ -25,15 +25,46 @@ describe Mdm::HostTag do
|
|
25
25
|
end
|
26
26
|
|
27
27
|
context '#destroy' do
|
28
|
-
|
29
|
-
|
28
|
+
let(:tag) do
|
29
|
+
FactoryGirl.create(
|
30
|
+
:mdm_tag
|
31
|
+
)
|
32
|
+
end
|
33
|
+
|
34
|
+
let!(:host_tag) do
|
35
|
+
FactoryGirl.create(
|
36
|
+
:mdm_host_tag,
|
37
|
+
:tag => tag
|
38
|
+
)
|
39
|
+
end
|
40
|
+
|
41
|
+
it 'should delete 1 Mdm::HostTag' do
|
30
42
|
expect {
|
31
43
|
host_tag.destroy
|
32
|
-
}.
|
33
|
-
|
34
|
-
|
35
|
-
|
44
|
+
}.to change(Mdm::HostTag, :count).by(-1)
|
45
|
+
end
|
46
|
+
|
47
|
+
context 'with multiple Mdm::HostTags using same Mdm::Tag' do
|
48
|
+
let!(:other_host_tag) do
|
49
|
+
FactoryGirl.create(
|
50
|
+
:mdm_host_tag,
|
51
|
+
:tag => tag
|
52
|
+
)
|
53
|
+
end
|
54
|
+
|
55
|
+
it 'should not delete Mdm::Tag' do
|
56
|
+
expect {
|
57
|
+
host_tag.destroy
|
58
|
+
}.to_not change(Mdm::Tag, :count)
|
59
|
+
end
|
36
60
|
end
|
37
|
-
end
|
38
61
|
|
62
|
+
context 'with only one Mdm::HostTag using Mdm::Tag' do
|
63
|
+
it 'should delete Mdm::Tag' do
|
64
|
+
expect {
|
65
|
+
host_tag.destroy
|
66
|
+
}.to change(Mdm::Tag, :count).by(-1)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
39
70
|
end
|