metasploit_data_models 0.17.3 → 0.18.0.pre.compatibility

data/app/models/metasploit_data_models/search/operator/port/list.rb

@@ -0,0 +1,67 @@
+# Searches for a network port attribute.  Ports can be given as a single number or range of numbers and either or both
+# forms can be combined into a comma separated list.  Individual port numbers are validated to be greater than 0 and
+class MetasploitDataModels::Search::Operator::Port::List < Metasploit::Model::Search::Operator::Group::Union
+  #
+  # CONSTANTS
+  #
+
+  # Separates port number and/or port ranges
+  SEPARATOR = ','
+
+  #
+  # Attributes
+  #
+
+  # @!attribute [rw] attribute
+  #   Attribute holding port number.
+  #
+  #   @return [Symbol] `:port`
+  attr_writer :attribute
+
+  #
+  # Class Methods
+  #
+
+  # @note Can't be called `name` because it would alias `Class#name`
+  #
+  # Name of this operator.
+  #
+  # @return [String] `'port_list'`
+  def self.operator_name
+    'port_list'
+  end
+
+  #
+  # Instance Methods
+  #
+
+  # Defaults to `:port`.
+  #
+  # @return [Symbol]
+  def attribute
+    @attribute ||= :port
+  end
+
+  # Turns `{#attribute}:<number>,<range>` into the union of port <number> and port <range> searches.
+  #
+  # @param formatted_value [String] comma separated list of port numbers and ranges.
+  # @return [Array<Metasploit::Model::Search::Operation::Base]
+  def children(formatted_value)
+    separated_formatted_values = formatted_value.split(SEPARATOR)
+
+    separated_formatted_values.collect { |separated_formatted_value|
+      operation_class = MetasploitDataModels::Search::Operation::Port::Number
+
+      if separated_formatted_value.include? MetasploitDataModels::Search::Operation::Range::SEPARATOR
+        operation_class = MetasploitDataModels::Search::Operation::Port::Range
+      end
+
+      operation_class.new(
+          value: separated_formatted_value,
+          operator: self
+      )
+    }
+  end
+
+  alias_method :name, :attribute
+end

data/app/models/metasploit_data_models/search/visitor/attribute.rb

@@ -6,7 +6,8 @@ class MetasploitDataModels::Search::Visitor::Attribute
     visit operator.attribute_operator
   end
 
-  visit 'Metasploit::Model::Search::Operator::Attribute' do |operator|
+  visit 'Metasploit::Model::Search::Operator::Attribute',
+        'MetasploitDataModels::Search::Operator::Port::List' do |operator|
     table = operator.klass.arel_table
     table[operator.attribute]
   end

data/app/models/metasploit_data_models/search/visitor/includes.rb

@@ -8,7 +8,7 @@ class MetasploitDataModels::Search::Visitor::Includes
   #
 
   visit 'Metasploit::Model::Search::Group::Base',
-        'Metasploit::Model::Search::Operation::Union' do |parent|
+        'Metasploit::Model::Search::Operation::Group::Base' do |parent|
     parent.children.flat_map { |child|
       visit child
     }
@@ -22,7 +22,8 @@ class MetasploitDataModels::Search::Visitor::Includes
     [operator.association]
   end
 
-  visit 'Metasploit::Model::Search::Operator::Attribute' do |_operator|
+  visit 'Metasploit::Model::Search::Operator::Attribute',
+        'MetasploitDataModels::Search::Operator::Port::List' do |_operator|
     []
   end
 

data/app/models/metasploit_data_models/search/visitor/joins.rb

@@ -6,14 +6,15 @@ class MetasploitDataModels::Search::Visitor::Joins
   # Visitors
   #
 
-  visit 'Metasploit::Model::Search::Group::Intersection' do |parent|
+  visit 'Metasploit::Model::Search::Group::Intersection',
+        'Metasploit::Model::Search::Operation::Group::Intersection' do |parent|
     parent.children.flat_map { |child|
       visit child
     }
   end
 
   visit 'Metasploit::Model::Search::Group::Union',
-        'Metasploit::Model::Search::Operation::Union' do |parent|
+        'Metasploit::Model::Search::Operation::Group::Union' do |parent|
     # A Set<Set> because if all children have multiple joins, but those multiple joins contain the same elements for
     # all children, then all joins can be counted as common:
     #
@@ -41,7 +42,8 @@ class MetasploitDataModels::Search::Visitor::Joins
     [operator.association]
   end
 
-  visit 'Metasploit::Model::Search::Operator::Attribute' do |_|
+  visit 'Metasploit::Model::Search::Operator::Attribute',
+        'MetasploitDataModels::Search::Operator::Port::List' do |_|
     []
   end
 

data/app/models/metasploit_data_models/search/visitor/method.rb

@@ -2,12 +2,13 @@
 class MetasploitDataModels::Search::Visitor::Method
   include Metasploit::Model::Visitation::Visit
 
-  visit 'Metasploit::Model::Search::Group::Intersection' do
+  visit 'Metasploit::Model::Search::Group::Intersection',
+        'Metasploit::Model::Search::Operation::Group::Intersection' do
     :and
   end
 
   visit 'Metasploit::Model::Search::Group::Union',
-        'Metasploit::Model::Search::Operation::Union' do
+        'Metasploit::Model::Search::Operation::Group::Union' do
     :or
   end
 

data/app/models/metasploit_data_models/search/visitor/where.rb

@@ -20,7 +20,7 @@ class MetasploitDataModels::Search::Visitor::Where
   #
 
   visit 'Metasploit::Model::Search::Group::Base',
-        'Metasploit::Model::Search::Operation::Union' do |parent|
+        'Metasploit::Model::Search::Operation::Group::Base' do |parent|
     method = method_visitor.visit parent
 
     children_arel = parent.children.collect { |child|
@@ -43,7 +43,13 @@ class MetasploitDataModels::Search::Visitor::Where
     match_value = "%#{operation.value}%"
 
     attribute.matches(match_value)
-	end
+  end
+
+  visit 'MetasploitDataModels::Search::Operation::Port::Range' do |range_operation|
+    attribute = attribute_visitor.visit range_operation.operator
+
+    attribute.in(range_operation.value)
+  end
 
   #
   # Methods

data/config/locales/en.yml

@@ -4,4 +4,20 @@ en:
       errors:
         messages:
           # have to duplicate activerecord.model.errors.message.taken because of the different i18n_scope
-          taken: "has already been taken"
+          taken: "has already been taken"
+
+        models:
+          metasploit_data_models/search/operator/multitext:
+            attributes:
+              operator_names:
+                too_short: "is too short (minimum is %{count} operator names)"
+          metasploit_data_models/search/operation/port/range:
+            attributes:
+              value:
+                port_range_extreme_inclusion: "has extreme (%{extreme}) value (%{extreme_value}) outside range (%{minimum}-%{maximum})."
+                port_range_extreme_not_an_integer: "has extreme (%{extreme}) value (%{extreme_value}) that is not an integer."
+          metasploit_data_models/search/operation/range:
+            attributes:
+              value:
+                order: "is not in order: begin (%{begin} is greater than end (%{end})."
+                range: "is not a range"

data/lib/metasploit_data_models.rb

@@ -19,23 +19,15 @@ require 'metasploit/model'
 require 'mdm'
 require 'mdm/module'
 require 'metasploit_data_models/base64_serializer'
-require 'metasploit_data_models/models'
 require 'metasploit_data_models/version'
 require 'metasploit_data_models/serialized_prefs'
 
-# Only include the Rails engine when using Rails.  This allows the non-Rails projects, like metasploit-framework to use
-# the models by calling MetasploitDataModels.require_models.
+# Only include the Rails engine when using Rails.
 if defined? Rails
   require 'metasploit_data_models/engine'
 end
 
 module MetasploitDataModels
-  extend MetasploitDataModels::Models
-
-  def self.app_pathname
-    root.join('app')
-  end
-
   def self.root
     unless instance_variable_defined? :@root
       lib_pathname = Pathname.new(__FILE__).dirname

data/lib/metasploit_data_models/version.rb

@@ -1,8 +1,31 @@
 module MetasploitDataModels
-  # MetasploitDataModels follows the {http://semver.org/  Semantic Versioning Specification}.  At this time, the API
-  # is considered unstable because although the database migrations have moved from
-  # metasploit-framework/data/sql/migrate to db/migrate in this project, not all models have specs that verify the
-  # migrations (with have_db_column and have_db_index) and certain models may not be shared between metasploit-framework
-  # and pro, so models may be removed in the future.  Because of the unstable API the version should remain below 1.0.0
-  VERSION = '0.17.3'
+  # Holds components of {VERSION} as defined by {http://semver.org/spec/v2.0.0.html semantic versioning v2.0.0}.
+  module Version
+    # The major version number.
+    MAJOR = 0
+    # The minor version number, scoped to the {MAJOR} version number.
+    MINOR = 18
+    # The patch number, scoped to the {MINOR} version number.
+    PATCH = 0
+    # The prerelease version, scoped to the {MINOR} version number.
+    PRERELEASE = 'compatibility'
+
+    # The full version string, including the {MAJOR}, {MINOR}, {PATCH}, and optionally, the {PRERELEASE} in the
+    # {http://semver.org/spec/v2.0.0.html semantic versioning v2.0.0} format.
+    #
+    # @return [String] '{MAJOR}.{MINOR}.{PATCH}' on master.  '{MAJOR}.{MINOR}.{PATCH}-{PRERELEASE}' on any branch
+    #   other than master.
+    def self.full
+      version = "#{MAJOR}.#{MINOR}.#{PATCH}"
+
+      if defined? PRERELEASE
+        version = "#{version}-#{PRERELEASE}"
+      end
+
+      version
+    end
+  end
+
+  # @see Version.full
+  VERSION = Version.full
 end

data/metasploit_data_models.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |s|
       'Samuel Huckins',
       'Luke Imhoff',
       "David 'thelightcosine' Maloney",
-      'Trevor Rosen'
+      "Trevor 'burlyscudd' Rosen"
   ]
   s.email       = [
       'shuckins@rapid7.com',
@@ -39,7 +39,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'activerecord', '>= 3.2.13', '< 4.0.0'
   s.add_runtime_dependency 'activesupport'
   s.add_runtime_dependency 'metasploit-concern', '~> 0.1.0'
-  s.add_runtime_dependency 'metasploit-model', '>= 0.24.1', '< 0.25'
+  s.add_runtime_dependency 'metasploit-model', '>= 0.25.1', '< 0.26'
   
   if RUBY_PLATFORM =~ /java/
     # markdown formatting for yard

data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+describe MetasploitDataModels::Search::Operation::Port::Number do
+  context 'CONSTANTS' do
+    context 'BITS' do
+      subject(:bits) {
+        described_class::BITS
+      }
+
+      it { should == 16 }
+    end
+
+    context 'MAXIMUM' do
+      subject(:maxium) {
+        described_class::MAXIMUM
+      }
+
+      it { should == 65535 }
+    end
+
+    context 'MINIMUM' do
+      subject(:minimum) {
+        described_class::MINIMUM
+      }
+
+      it { should == 0 }
+    end
+
+    context 'RANGE' do
+      subject(:range) {
+        described_class::RANGE
+      }
+
+      it { should == (0..65535) }
+    end
+  end
+
+  context 'validations' do
+    it { should ensure_inclusion_of(:value).in_range(described_class::RANGE) }
+  end
+end

data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb

@@ -0,0 +1,140 @@
+require 'spec_helper'
+
+describe MetasploitDataModels::Search::Operation::Port::Range do
+  subject(:port_range_operation) {
+    described_class.new(
+        value: formatted_value
+    )
+  }
+
+  let(:formatted_value) {
+    '1'
+  }
+
+  it { should be_a MetasploitDataModels::Search::Operation::Range }
+
+  context 'validations' do
+    before(:each) do
+      port_range_operation.valid?
+    end
+
+    context 'errors on #value' do
+      subject(:value_errors) {
+        port_range_operation.errors[:value]
+      }
+
+      context 'with Range' do
+        context 'with Integers' do
+          context 'covered by MetasploitDataModels::Search::Operation::Port::Number::RANGE' do
+            let(:formatted_value) {
+              '1-2'
+            }
+
+            it { should be_empty }
+          end
+
+          # this can't actually happen because the minimum is 0 and a negative number can't be parsed, but validation
+          # is there in case @value is set directly.
+          context 'without Range#begin covered by MetasploitDataModels::Search::Operation::Port::Number::RANGE' do
+            let(:error) {
+              I18n.translate!(
+                  'metasploit.model.errors.models.metasploit_data_models/search/operation/port/range.attributes.value.port_range_extreme_inclusion',
+                  extreme: :begin,
+                  extreme_value: range_begin,
+                  maximum: MetasploitDataModels::Search::Operation::Port::Number::MAXIMUM,
+                  minimum: MetasploitDataModels::Search::Operation::Port::Number::MINIMUM
+              )
+            }
+
+            let(:formatted_value) {
+              nil
+            }
+
+            let(:port_range_operation) {
+              super().tap { |port_range_operation|
+                port_range_operation.instance_variable_set(:@value, Range.new(range_begin, range_end))
+              }
+            }
+
+            let(:range_begin) {
+              -1
+            }
+
+            let(:range_end) {
+              1
+            }
+
+            it { should include error }
+          end
+
+          context 'without Range#begin covered by MetasploitDataModels::Search::Operation::Port::Number::RANGE' do
+            let(:error) {
+              I18n.translate!(
+                  'metasploit.model.errors.models.metasploit_data_models/search/operation/port/range.attributes.value.port_range_extreme_inclusion',
+                  extreme: :end,
+                  extreme_value: range_end,
+                  maximum: MetasploitDataModels::Search::Operation::Port::Number::MAXIMUM,
+                  minimum: MetasploitDataModels::Search::Operation::Port::Number::MINIMUM
+              )
+            }
+
+            let(:formatted_value) {
+              "0-#{range_end}"
+            }
+
+            let(:range_end) {
+              MetasploitDataModels::Search::Operation::Port::Number::MAXIMUM + 1
+            }
+
+            it { should include error }
+          end
+        end
+
+        context 'without Integers' do
+          let(:begin_error) {
+            I18n.translate!(
+                  'metasploit.model.errors.models.metasploit_data_models/search/operation/port/range.attributes.value.port_range_extreme_not_an_integer',
+                  extreme: :begin,
+                  extreme_value: range_begin
+              )
+          }
+
+          let(:end_error) {
+            I18n.translate!(
+                'metasploit.model.errors.models.metasploit_data_models/search/operation/port/range.attributes.value.port_range_extreme_not_an_integer',
+                extreme: :end,
+                extreme_value: range_end
+            )
+          }
+
+          let(:formatted_value) {
+            "#{range_begin}-#{range_end}"
+          }
+
+          let(:range_begin) {
+            'a'
+          }
+
+          let(:range_end) {
+            'b'
+          }
+
+          it { should include begin_error }
+          it { should include end_error }
+        end
+      end
+
+      context 'without Range' do
+        let(:error) {
+          I18n.translate!('metasploit.model.errors.models.metasploit_data_models/search/operation/range.attributes.value.range')
+        }
+
+        let(:formatted_value) {
+          '1'
+        }
+
+        it { should include(error) }
+      end
+    end
+  end
+end