metasploit_data_models 0.17.1-java → 0.17.2-java

data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb

@@ -0,0 +1,253 @@
+require 'spec_helper'
+
+describe MetasploitDataModels::Search::Visitor::Relation do
+  subject(:visitor) do
+    described_class.new(
+        :query => query
+    )
+  end
+
+  let(:formatted) do
+    # needs to be a valid operation so that query is valid
+    "name:\"#{value}\""
+  end
+
+  let(:query) do
+    Metasploit::Model::Search::Query.new(
+        :formatted => formatted,
+        :klass => Mdm::Host
+    )
+  end
+
+  let(:value) {
+    FactoryGirl.generate :mdm_host_name
+  }
+
+  context 'validations' do
+    context 'query' do
+      it { should validate_presence_of(:query) }
+
+      context 'valid' do
+        let(:error) do
+          I18n.translate('errors.messages.invalid')
+        end
+
+        let(:errors) do
+          visitor.errors[:query]
+        end
+
+        context 'with query' do
+          let(:query) do
+            double('Query')
+          end
+
+          before(:each) do
+            query.stub(:valid? => query)
+
+            visitor.valid?
+          end
+
+          context 'with valid' do
+            let(:valid) do
+              true
+            end
+
+            it 'should not record error' do
+              errors.should_not include(error)
+            end
+          end
+
+          context 'without valid' do
+            let(:valid) do
+              false
+            end
+
+            it 'should record error' do
+              errors.should_not include(error)
+            end
+          end
+        end
+
+        context 'without query' do
+          let(:query) do
+            nil
+          end
+
+          it 'should not record error' do
+            errors.should_not include(error)
+          end
+        end
+      end
+    end
+  end
+
+  context '#visit' do
+    subject(:visit) do
+      visitor.visit
+    end
+
+    context 'MetasploitDataModels::Search::Visitor::Includes' do
+      subject(:includes_visitor) do
+        visitor.visitor_by_relation_method[:includes]
+      end
+
+      it 'should visit Metasploit::Model::Search::Query#tree' do
+        includes_visitor.should_receive(:visit).with(query.tree)
+
+        visit
+      end
+
+      it 'should pass visited to ActiveRecord::Relation#includes' do
+        visited = double('Visited')
+        includes_visitor.stub(:visit).with(query.tree).and_return(visited)
+
+        ActiveRecord::Relation.any_instance.should_receive(:includes).with(visited).and_return(query.klass.scoped)
+
+        visit
+      end
+    end
+
+    context 'MetasploitDataModels::Search::Visitor::Joins' do
+      subject(:joins_visitor) do
+        visitor.visitor_by_relation_method[:joins]
+      end
+
+      it 'should visit Metasploit::Model::Search::Query#tree' do
+        joins_visitor.should_receive(:visit).with(query.tree)
+
+        visit
+      end
+
+      it 'should pass visited to ActiveRecord::Relation#joins' do
+        visited = double('Visited')
+        joins_visitor.stub(:visit).with(query.tree).and_return(visited)
+
+        ActiveRecord::Relation.any_instance.should_receive(:joins).with(visited).and_return(query.klass.scoped)
+
+        visit
+      end
+    end
+
+    context 'MetasploitDataModels::Search::Visitor::Where' do
+      subject(:where_visitor) do
+        visitor.visitor_by_relation_method[:where]
+      end
+
+      it 'should visit Metasploit::Model::Search::Query#tree' do
+        where_visitor.should_receive(:visit).with(query.tree)
+
+        visit
+      end
+
+      it 'should pass visited to ActiveRecord::Relation#includes' do
+        visited = double('Visited')
+        where_visitor.stub(:visit).with(query.tree).and_return(visited)
+
+        ActiveRecord::Relation.any_instance.should_receive(:where).with(visited).and_return(query.klass.scoped)
+
+        visit
+      end
+    end
+
+    context 'matching record' do
+      context 'with Mdm::Host' do
+        #
+        # lets
+        #
+        # Don't use factories to prevent prefix aliasing when sequences go from 1 to 10 or 10 to 100
+        #
+
+        let(:matching_record_name) {
+          'mdm_host_name_a'
+        }
+
+        let(:matching_service_name) {
+          'mdm_service_name_a'
+        }
+
+        let(:non_matching_record_name) {
+          'mdm_host_name_b'
+        }
+
+        let(:non_matching_service_name) {
+          'mdm_service_name_b'
+        }
+
+        #
+        # let!s
+        #
+
+        let!(:matching_record) do
+          FactoryGirl.build(
+              :mdm_host,
+              name: matching_record_name
+          )
+        end
+
+        let!(:matching_service) do
+          FactoryGirl.create(
+              :mdm_service,
+              host: matching_record,
+              name: matching_service_name
+          )
+        end
+
+        let!(:non_matching_record) do
+          FactoryGirl.build(
+              :mdm_host,
+              name: non_matching_record_name
+          )
+        end
+
+        let!(:non_matching_service) do
+          FactoryGirl.create(
+              :mdm_service,
+              host: non_matching_record,
+              name: non_matching_service_name
+          )
+        end
+
+        it_should_behave_like 'MetasploitDataModels::Search::Visitor::Relation#visit matching record',
+                              :attribute => :name
+
+        it_should_behave_like 'MetasploitDataModels::Search::Visitor::Relation#visit matching record',
+                              association: :services,
+                              attribute: :name
+
+        context 'with all operators' do
+          let(:formatted) {
+            %Q{name:"#{matching_record_name}" services.name:"#{matching_service_name}"}
+          }
+
+          it 'should find only matching record' do
+            if visit.to_a != [matching_record]
+              true
+            end
+
+            expect(visit).to match_array([matching_record])
+          end
+        end
+      end
+    end
+  end
+
+  context '#visitor_by_relation_method' do
+    subject(:visitor_by_relation_method) do
+      visitor.visitor_by_relation_method
+    end
+
+    its([:joins]) { should be_a MetasploitDataModels::Search::Visitor::Joins }
+    its([:includes]) { should be_a MetasploitDataModels::Search::Visitor::Includes }
+    its([:where]) { should be_a MetasploitDataModels::Search::Visitor::Where }
+  end
+
+  context 'visitor_class_by_relation_method' do
+    subject(:visitor_class_by_relation_method) do
+      described_class.visitor_class_by_relation_method
+    end
+
+    its([:joins]) { should == MetasploitDataModels::Search::Visitor::Joins }
+    its([:includes]) { should == MetasploitDataModels::Search::Visitor::Includes }
+    its([:where]) { should == MetasploitDataModels::Search::Visitor::Where }
+  end
+end

data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb

@@ -0,0 +1,147 @@
+require 'spec_helper'
+
+describe MetasploitDataModels::Search::Visitor::Where do
+  subject(:visitor) do
+    described_class.new
+  end
+
+  context '#attribute_visitor' do
+    subject(:attribute_visitor) do
+      visitor.attribute_visitor
+    end
+
+    it { should be_a MetasploitDataModels::Search::Visitor::Attribute }
+  end
+
+  context '#method_visitor' do
+    subject(:method_visitor) do
+      visitor.method_visitor
+    end
+
+    it { should be_a MetasploitDataModels::Search::Visitor::Method }
+  end
+
+  context '#visit' do
+    subject(:visit) do
+      visitor.visit(node)
+    end
+
+    arel_class_by_group_class = {
+        Metasploit::Model::Search::Group::Intersection => Arel::Nodes::And,
+        Metasploit::Model::Search::Group::Union => Arel::Nodes::Or
+    }
+
+    arel_class_by_group_class.each do |group_class, arel_class|
+      context "with #{group_class}" do
+        it_should_behave_like 'MetasploitDataModels::Search::Visitor::Where#visit with Metasploit::Model::Search::Group::Base',
+                              :arel_class => arel_class do
+          let(:node_class) do
+            group_class
+          end
+        end
+      end
+    end
+
+    equality_operation_classes = [
+        Metasploit::Model::Search::Operation::Boolean,
+        Metasploit::Model::Search::Operation::Date,
+        Metasploit::Model::Search::Operation::Integer,
+        Metasploit::Model::Search::Operation::Set::Integer,
+        Metasploit::Model::Search::Operation::Set::String
+    ]
+
+    equality_operation_classes.each do |operation_class|
+      context "with #{operation_class}" do
+        it_should_behave_like 'MetasploitDataModels::Search::Visitor::Where#visit with equality operation' do
+          let(:node_class) do
+            operation_class
+          end
+        end
+      end
+    end
+
+    context 'with Metasploit::Model::Search::Operation::String' do
+      let(:node) do
+        Metasploit::Model::Search::Operation::String.new(
+            :operator => operator,
+            :value => value
+        )
+      end
+
+      let(:operator) do
+        Metasploit::Model::Search::Operator::Attribute.new(
+            :klass => Mdm::Host,
+            :attribute => :name
+        )
+      end
+
+      let(:value) do
+        'metasploitable'
+      end
+
+      it 'should visit operation.operator with attribute_visitor' do
+        visitor.attribute_visitor.should_receive(:visit).with(operator).and_call_original
+
+        visit
+      end
+
+      it 'should call matches on Arel::Attributes::Attribute from attribute_visitor' do
+        attribute = double('Visited Operator')
+        visitor.attribute_visitor.stub(:visit).with(operator).and_return(attribute)
+
+        attribute.should_receive(:matches).with("%#{value}%")
+
+        visit
+      end
+    end
+
+    context 'with Metasploit::Model::Search::Query#tree' do
+      let(:node) do
+        query.tree
+      end
+
+      let(:query) do
+        Metasploit::Model::Search::Query.new(
+            :formatted => formatted,
+            :klass => klass
+        )
+      end
+
+      context 'with Metasploit::model::Search::Query#klass' do
+        context 'with Mdm::Host' do
+          let(:klass) {
+            Mdm::Host
+          }
+
+          context 'with name' do
+            let(:name) do
+              FactoryGirl.generate :mdm_host_name
+            end
+
+            let(:formatted) do
+              "name:\"#{name}\""
+            end
+
+            it 'should match module_instances.name with ILIKE' do
+              visit.to_sql.should == "\"hosts\".\"name\" ILIKE '%#{name}%'"
+            end
+          end
+
+          context 'with services.name' do
+            let(:name) do
+              FactoryGirl.generate :mdm_service_name
+            end
+
+            let(:formatted) do
+              "services.name:\"#{name}\""
+            end
+
+            it 'should match module_actions.name with ILIKE' do
+              visit.to_sql.should == "\"services\".\"name\" ILIKE '%#{name}%'"
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/spec/dummy/config/initializers/active_record_migrations.rb

@@ -0,0 +1,4 @@
+# remove Dummy's db/migrate, which doesn't exists and replace it with gem's
+ActiveRecord::Migrator.migrations_paths = [
+    MetasploitDataModels.root.join('db', 'migrate').to_path
+]

data/spec/factories/mdm/services.rb

@@ -8,6 +8,7 @@ FactoryGirl.define do
     #
     # Attributes
     #
+    name { generate :mdm_service_name }
     port 4567
     proto 'snmp'
     state 'open'
@@ -19,6 +20,10 @@ FactoryGirl.define do
     end
   end
 
+  sequence(:mdm_service_name) { |n|
+    "mdm_service_name#{n}"
+  }
+
   port_bits = 16
   port_limit = 1 << port_bits
 

data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb

@@ -0,0 +1,38 @@
+shared_examples_for 'MetasploitDataModels::Search::Visitor::Includes#visit with #children' do
+  let(:children) do
+    2.times.collect { |n|
+      double("Child #{n}")
+    }
+  end
+
+  let(:node) do
+    node_class.new(
+        :children => children
+    )
+  end
+
+  it 'should visit each child' do
+    # needed for call to visit subject
+    visitor.should_receive(:visit).with(node).and_call_original
+
+    children.each do |child|
+      visitor.should_receive(:visit).with(child).and_return([])
+    end
+
+    visit
+  end
+
+  it 'should return Array of all child visits' do
+    child_visits = []
+
+    visitor.should_receive(:visit).with(node).and_call_original
+
+    children.each_with_index do |child, i|
+      child_visit = ["Visited Child #{i}"]
+      visitor.stub(:visit).with(child).and_return(child_visit)
+      child_visits.concat(child_visit)
+    end
+
+    visit.should == child_visits
+  end
+end