metasploit_data_models 0.17.0 → 0.17.1

data/app/models/mdm/task_cred.rb

@@ -1,7 +1,11 @@
 class Mdm::TaskCred < ActiveRecord::Base
-  # attr_accessible :title, :body
-  belongs_to :cred, :class_name => 'Mdm::Cred'
-  belongs_to :task, :class_name =>  'Mdm::Task'
+  belongs_to :cred,
+             class_name: 'Mdm::Cred',
+             inverse_of: :task_creds
+
+  belongs_to :task,
+             class_name: 'Mdm::Task',
+             inverse_of: :task_creds
 
   validates :cred_id,
             :uniqueness => {

data/app/models/mdm/task_host.rb

@@ -1,7 +1,11 @@
 class Mdm::TaskHost < ActiveRecord::Base
-  # attr_accessible :title, :body
-  belongs_to :host, :class_name => 'Mdm::Host'
-  belongs_to :task, :class_name =>  'Mdm::Task'
+  belongs_to :host,
+             class_name: 'Mdm::Host',
+             inverse_of: :task_hosts
+
+  belongs_to :task,
+             class_name: 'Mdm::Task',
+             inverse_of: :task_hosts
 
   validates :host_id,
             :uniqueness => {

data/app/models/mdm/task_service.rb

@@ -1,7 +1,11 @@
 class Mdm::TaskService < ActiveRecord::Base
-  # attr_accessible :title, :body
-  belongs_to :service, :class_name => 'Mdm::Service'
-  belongs_to :task, :class_name =>  'Mdm::Task'
+  belongs_to :service,
+             class_name: 'Mdm::Service',
+             inverse_of: :task_services
+
+  belongs_to :task,
+             class_name: 'Mdm::Task',
+             inverse_of: :task_services
 
   validates :service_id,
             :uniqueness => {

data/app/models/mdm/task_session.rb

@@ -1,6 +1,11 @@
 class Mdm::TaskSession < ActiveRecord::Base
-  belongs_to :session, :class_name => 'Mdm::Session'
-  belongs_to :task, :class_name =>  'Mdm::Task'
+  belongs_to :session,
+             class_name: 'Mdm::Session',
+             inverse_of: :task_sessions
+
+  belongs_to :task,
+             class_name: 'Mdm::Task',
+             inverse_of: :task_sessions
 
   validates :session_id,
             :uniqueness => {

data/app/models/mdm/user.rb

@@ -5,8 +5,15 @@ class Mdm::User < ActiveRecord::Base
   # Relations
   #
 
-  has_many :owned_workspaces, :foreign_key => 'owner_id', :class_name => 'Mdm::Workspace'
-  has_many :tags, :class_name => 'Mdm::Tag'
+  has_many :owned_workspaces,
+           class_name: 'Mdm::Workspace',
+           foreign_key: 'owner_id',
+           inverse_of: :owner
+
+  has_many :tags,
+           class_name: 'Mdm::Tag',
+           inverse_of: :user
+
   has_and_belongs_to_many :workspaces, :join_table => 'workspace_members', :uniq => true, :class_name => 'Mdm::Workspace'
 
   #

data/app/models/mdm/vuln.rb

@@ -4,36 +4,57 @@ class Mdm::Vuln < ActiveRecord::Base
   # Associations
   #
 
+  # @!attribute exploit_attempts
+  #   Attempts to exploit this vulnerability.
+  #
+  #   @return [ActiveRecord::Relation<Mdm::ExploitAttempt>]
+  has_many :exploit_attempts,
+           class_name: 'Mdm::ExploitAttempt',
+           inverse_of: :vuln
+
   # @!attribute [rw] host
   #   The host with this vulnerability.
   #
   #   @return [Mdm::Host]
-  belongs_to :host, :class_name => 'Mdm::Host', :counter_cache => :vuln_count
+  belongs_to :host,
+             class_name: 'Mdm::Host',
+             counter_cache: :vuln_count,
+             inverse_of: :vulns
 
   # @!attribute [rw] service
   #   The service with the vulnerability.
   #
   #   @return [Mdm::Service]
-  belongs_to :service, :class_name => 'Mdm::Service'
+  belongs_to :service,
+             class_name: 'Mdm::Service',
+             inverse_of: :vulns
 
   # @!attribute [rw] vuln_attempts
   #   Attempts to exploit this vulnerability.
   #
   #   @return [Array<Mdm::VulnAttempt>]
-  has_many :vuln_attempts, :class_name => 'Mdm::VulnAttempt', :dependent => :destroy
+  has_many :vuln_attempts,
+           class_name: 'Mdm::VulnAttempt',
+           dependent: :destroy,
+           inverse_of: :vuln
 
   # @!attribute [rw] vuln_details
   #   Additional information about this vulnerability.
   #
   #   @return [Array<Mdm::VulnDetail>]
-  has_many :vuln_details, :class_name => 'Mdm::VulnDetail', :dependent => :destroy
+  has_many :vuln_details,
+           class_name: 'Mdm::VulnDetail',
+           dependent: :destroy,
+           inverse_of: :vuln
 
   # @!attribute [rw] vulns_refs
   #   Join model that joins this vuln to its {Mdm::Ref external references}.
   #
-  #   @todo https://www.pivotaltracker.com/story/show/49004623
   #   @return [Array<Mdm::VulnRef>]
-  has_many :vulns_refs, :class_name => 'Mdm::VulnRef', :dependent => :destroy
+  has_many :vulns_refs,
+           class_name: 'Mdm::VulnRef',
+           dependent: :destroy,
+           inverse_of: :vuln
 
   #
   # Through :vuln_refs
@@ -42,7 +63,6 @@ class Mdm::Vuln < ActiveRecord::Base
   # @!attribute [r] refs
   #   External references to this vulnerability.
   #
-  #   @todo https://www.pivotaltracker.com/story/show/49004623
   #   @return [Array<Mdm::Ref>]
   has_many :refs, :class_name => 'Mdm::Ref', :through => :vulns_refs
 

data/app/models/mdm/vuln_attempt.rb

@@ -1,9 +1,44 @@
 class Mdm::VulnAttempt < ActiveRecord::Base
   #
-  # Relations
+  # Associations
   #
 
-  belongs_to :vuln, :class_name => 'Mdm::Vuln', :counter_cache => :vuln_attempt_count
+  # @!attribute loot
+  #   Loot gathered from this attempt.
+  #
+  #   @return [Mdm::Loot] if {#exploited} is `true`.
+  #   @return [nil] if {#exploited} is `false`.
+  belongs_to :loot,
+             class_name: 'Mdm::Loot',
+             inverse_of: :vuln_attempt
+
+  # @!attribute session
+  #   The session opened by this attempt.
+  #
+  #   @return [Mdm::Session] if {#exploited} is `true`.
+  #   @return [nil] if {#exploited} is `false`.
+  belongs_to :session,
+             class_name: 'Mdm::Session',
+             inverse_of: :vuln_attempt
+
+  # @!attribute vuln
+  #   The {Mdm::Vuln vulnerability} that this attempt was exploiting.
+  #
+  #   @return [Mdm::Vuln]
+  belongs_to :vuln,
+             class_name: 'Mdm::Vuln',
+             counter_cache: :vuln_attempt_count,
+             inverse_of: :vuln_attempts
+
+  #
+  # Attributes
+  #
+
+  # @!attribute [rw] exploited
+  #   Whether this attempt was successful.
+  #
+  #   @return [true] if {#vuln} was exploited.
+  #   @return [false] if {#vuln} was not exploited.
 
   #
   # Validations

data/app/models/mdm/vuln_detail.rb

@@ -2,7 +2,15 @@ class Mdm::VulnDetail < ActiveRecord::Base
   #
   # Relations
   #
-  belongs_to :vuln, :class_name => 'Mdm::Vuln', :counter_cache => :vuln_detail_count
+
+  belongs_to :nexpose_console,
+             class_name: 'Mdm::NexposeConsole',
+             inverse_of: :vuln_details
+
+  belongs_to :vuln,
+             class_name: 'Mdm::Vuln',
+             counter_cache: :vuln_detail_count,
+             inverse_of: :vuln_details
 
   #
   # Validations

data/app/models/mdm/vuln_ref.rb

@@ -5,8 +5,13 @@ class Mdm::VulnRef < ActiveRecord::Base
   # Relations
   #
 
-  belongs_to :ref, :class_name => 'Mdm::Ref'
-  belongs_to :vuln, :class_name => 'Mdm::Vuln'
+  belongs_to :ref,
+             class_name: 'Mdm::Ref',
+             inverse_of: :vulns_refs
+
+  belongs_to :vuln,
+             class_name: 'Mdm::Vuln',
+             inverse_of: :vulns_refs
 
   ActiveSupport.run_load_hooks(:mdm_vuln_ref, self)
 end

data/app/models/mdm/web_form.rb

@@ -3,7 +3,9 @@ class Mdm::WebForm < ActiveRecord::Base
   # Relations
   #
 
-  belongs_to :web_site, :class_name => 'Mdm::WebSite'
+  belongs_to :web_site,
+             class_name: 'Mdm::WebSite',
+             inverse_of: :web_forms
 
   #
   # Serializations

data/app/models/mdm/web_page.rb

@@ -3,7 +3,9 @@ class Mdm::WebPage < ActiveRecord::Base
   # Relations
   #
 
-  belongs_to :web_site, :class_name => 'Mdm::WebSite'
+  belongs_to :web_site,
+             class_name: 'Mdm::WebSite',
+             inverse_of: :web_pages
 
   #
   # Serializations

data/app/models/mdm/web_site.rb

@@ -3,10 +3,25 @@ class Mdm::WebSite < ActiveRecord::Base
   # Relations
   #
 
-  belongs_to :service, :class_name => 'Mdm::Service', :foreign_key => 'service_id'
-  has_many :web_forms, :dependent => :destroy, :class_name => 'Mdm::WebForm'
-  has_many :web_pages, :dependent => :destroy, :class_name => 'Mdm::WebPage'
-  has_many :web_vulns, :dependent => :destroy, :class_name => 'Mdm::WebVuln'
+  belongs_to :service,
+             class_name: 'Mdm::Service',
+             foreign_key: 'service_id',
+             inverse_of: :web_sites
+
+  has_many :web_forms,
+           class_name: 'Mdm::WebForm',
+           dependent: :destroy,
+           inverse_of: :web_site
+
+  has_many :web_pages,
+           class_name: 'Mdm::WebPage',
+           dependent: :destroy,
+           inverse_of: :web_site
+
+  has_many :web_vulns,
+           class_name: 'Mdm::WebVuln',
+           dependent: :destroy,
+           inverse_of: :web_site
 
   #
   # Serializations

data/app/models/mdm/web_vuln.rb

@@ -36,7 +36,9 @@ class Mdm::WebVuln < ActiveRecord::Base
   # Associations
   #
 
-  belongs_to :web_site, :class_name => 'Mdm::WebSite'
+  belongs_to :web_site,
+             class_name: 'Mdm::WebSite',
+             inverse_of: :web_vulns
 
   #
   # Attributes

data/lib/metasploit_data_models/version.rb

@@ -4,5 +4,5 @@ module MetasploitDataModels
   # metasploit-framework/data/sql/migrate to db/migrate in this project, not all models have specs that verify the
   # migrations (with have_db_column and have_db_index) and certain models may not be shared between metasploit-framework
   # and pro, so models may be removed in the future.  Because of the unstable API the version should remain below 1.0.0
-  VERSION = '0.17.0'
+  VERSION = '0.17.1'
 end

data/lib/tasks/yard.rake

@@ -12,6 +12,9 @@ if defined? YARD
       }
     end
 
+    # need environment so that yard templates can load ActiveRecord::Base subclasses for Entity-Relationship Diagrams
+    task :doc => :eager_load
+
     desc "Shows stats for YARD Documentation including listing undocumented modules, classes, constants, and methods"
     task :stats => :environment do
       stats = YARD::CLI::Stats.new
@@ -23,4 +26,8 @@ if defined? YARD
   desc "Generate YARD documentation"
   # allow calling namespace to as a task that goes to default task for namespace
   task :yard => ['yard:doc']
+end
+
+task eager_load: :environment do
+  Rails.application.eager_load!
 end

data/metasploit_data_models.gemspec

@@ -34,7 +34,9 @@ Gem::Specification.new do |s|
   # debugging
   s.add_development_dependency 'pry'
 
-  s.add_runtime_dependency 'activerecord', '>= 3.2.13'
+  # restrict from rails 4.0 as it requires protected_attributes gem and other changes for compatibility
+  # @see MSP-2971
+  s.add_runtime_dependency 'activerecord', '>= 3.2.13', '< 4.0.0'
   s.add_runtime_dependency 'activesupport'
   
   if RUBY_PLATFORM =~ /java/

data/spec/app/models/mdm/host_spec.rb

@@ -202,73 +202,6 @@ describe Mdm::Host do
     it { should belong_to(:workspace).class_name('Mdm::Workspace') }
 	end
 
-	context 'callbacks' do
-    context 'before destroy' do
-      context 'cleanup_tags' do
-        context 'with tags' do
-          let!(:tag) do
-            FactoryGirl.create(:mdm_tag)
-          end
-
-          let!(:host) do
-            FactoryGirl.create(:mdm_host)
-          end
-
-          context 'with only this host' do
-            before(:each) do
-              FactoryGirl.create(
-                  :mdm_host_tag,
-                  :host => host,
-                  :tag => tag
-              )
-            end
-
-            it 'should destroy the tags' do
-              expect {
-                host.destroy
-              }.to change(Mdm::Tag, :count).by(-1)
-            end
-
-            it 'should destroy the host tags' do
-              expect {
-                host.destroy
-              }.to change(Mdm::HostTag, :count).by(-1)
-            end
-          end
-
-          context 'with additional hosts' do
-            let(:other_host) do
-              FactoryGirl.create(:mdm_host)
-            end
-
-            before(:each) do
-              FactoryGirl.create(:mdm_host_tag, :host => host, :tag => tag)
-              FactoryGirl.create(:mdm_host_tag, :host => other_host, :tag => tag)
-            end
-
-            it 'should not destroy the tag' do
-              expect {
-                host.destroy
-              }.to_not change(Mdm::Tag, :count)
-            end
-
-            it 'should destroy the host tags' do
-              expect {
-                host.destroy
-              }.to change(Mdm::HostTag, :count).by(-1)
-            end
-
-            it "should not destroy the other host's tags" do
-              host.destroy
-
-              other_host.hosts_tags.count.should == 1
-            end
-          end
-        end
-      end
-    end
-	end
-
 	context 'CONSTANTS' do
     context 'ARCHITECTURES' do
       subject(:architectures) do

data/spec/app/models/mdm/host_tag_spec.rb

@@ -25,15 +25,46 @@ describe Mdm::HostTag do
   end
 
   context '#destroy' do
-    it 'should successfully destroy the object' do
-      host_tag = FactoryGirl.create(:mdm_host_tag)
+    let(:tag) do
+      FactoryGirl.create(
+          :mdm_tag
+      )
+    end
+
+    let!(:host_tag) do
+      FactoryGirl.create(
+          :mdm_host_tag,
+          :tag => tag
+      )
+    end
+
+    it 'should delete 1 Mdm::HostTag' do
       expect {
         host_tag.destroy
-      }.to_not raise_error
-      expect {
-        host_tag.reload
-      }.to raise_error(ActiveRecord::RecordNotFound)
+      }.to change(Mdm::HostTag, :count).by(-1)
+    end
+
+    context 'with multiple Mdm::HostTags using same Mdm::Tag' do
+      let!(:other_host_tag) do
+        FactoryGirl.create(
+            :mdm_host_tag,
+            :tag => tag
+        )
+      end
+
+      it 'should not delete Mdm::Tag' do
+        expect {
+          host_tag.destroy
+        }.to_not change(Mdm::Tag, :count)
+      end
     end
-  end
 
+    context 'with only one Mdm::HostTag using Mdm::Tag' do
+      it 'should delete Mdm::Tag' do
+        expect {
+          host_tag.destroy
+        }.to change(Mdm::Tag, :count).by(-1)
+      end
+    end
+  end
 end