RubyGems - metasploit_data_models - Versions diffs - 0.23.1 → 0.23.2 - Mend

metasploit_data_models 0.23.1 → 0.23.2

Files changed (47) hide show

data/db/migrate/20131002164449_create_automatic_exploitation_match_sets.rb ADDED

@@ -0,0 +1,12 @@
+class CreateAutomaticExploitationMatchSets < ActiveRecord::Migration
+  def change
+    create_table :automatic_exploitation_match_sets do |t|
+      t.integer :workspace_id
+      t.integer :user_id
+      t.timestamps
+    end
+    add_index :automatic_exploitation_match_sets, :user_id
+    add_index :automatic_exploitation_match_sets, :workspace_id
+  end
+end

data/db/migrate/20131008213344_create_automatic_exploitation_runs.rb ADDED

@@ -0,0 +1,11 @@
+class CreateAutomaticExploitationRuns < ActiveRecord::Migration
+  def change
+    create_table :automatic_exploitation_runs do |t|
+      t.integer :workspace_id
+      t.integer :user_id
+      t.integer :match_set_id
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20131011184338_module_detail_on_automatic_exploitation_match.rb ADDED

@@ -0,0 +1,10 @@
+class ModuleDetailOnAutomaticExploitationMatch < ActiveRecord::Migration
+  def up
+    rename_column :automatic_exploitation_matches, :ref_id, :module_detail_id
+    add_column :automatic_exploitation_matches, :match_set_id, :integer
+  end
+  def down
+    rename_column :automatic_exploitation_matches, :module_detail_id, :ref_id
+  end
+end

data/db/migrate/20131017150735_create_automatic_exploitation_match_results.rb ADDED

@@ -0,0 +1,11 @@
+class CreateAutomaticExploitationMatchResults < ActiveRecord::Migration
+  def change
+    create_table :automatic_exploitation_match_results do |t|
+      t.integer :match_id
+      t.integer :run_id
+      t.string :state, null: false
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20131021185657_make_match_polymorphic.rb ADDED

@@ -0,0 +1,11 @@
+class MakeMatchPolymorphic < ActiveRecord::Migration
+  def up
+    add_column :automatic_exploitation_matches, :matchable_type, :string
+    add_column :automatic_exploitation_matches, :matchable_id, :integer
+  end
+  def down
+    remove_column :automatic_exploitation_matches, :matchable_type
+    remove_column :automatic_exploitation_matches, :matchable_id
+  end
+end

data/db/migrate/20150219173821_create_module_runs.rb ADDED

@@ -0,0 +1,23 @@
+class CreateModuleRuns < ActiveRecord::Migration
+  def change
+    create_table :module_runs do |t|
+      t.datetime :attempted_at
+      t.text :fail_detail
+      t.string :fail_reason
+      t.text :module_fullname
+      t.integer :port
+      t.string :proto
+      t.integer :session_id
+      t.string :status
+      t.integer :trackable_id
+      t.string :trackable_type
+      t.integer :user_id
+      t.string :username
+      t.timestamps
+    end
+    add_index :module_runs, :session_id
+    add_index :module_runs, :user_id
+  end
+end

data/db/migrate/20150219215039_add_module_run_to_session.rb ADDED

@@ -0,0 +1,8 @@
+class AddModuleRunToSession < ActiveRecord::Migration
+  def change
+    change_table :sessions do |t|
+      t.integer :module_run_id
+    end
+    add_index :sessions, :module_run_id
+  end
+end

data/db/migrate/20150226151459_add_module_run_fk_to_loot.rb ADDED

@@ -0,0 +1,8 @@
+class AddModuleRunFkToLoot < ActiveRecord::Migration
+  def change
+    change_table(:loots) do |t|
+      t.integer :module_run_id
+      t.index :module_run_id
+    end
+  end
+end

data/db/migrate/20150312155312_add_module_full_name_to_match.rb ADDED

@@ -0,0 +1,6 @@
+class AddModuleFullNameToMatch < ActiveRecord::Migration
+  def change
+    add_column :automatic_exploitation_matches, :module_fullname, :text
+    add_index :automatic_exploitation_matches, :module_fullname
+  end
+end

data/db/migrate/20150326183742_add_missing_ae_indices.rb ADDED

@@ -0,0 +1,13 @@
+class AddMissingAeIndices < ActiveRecord::Migration
+  def up
+    add_index :automatic_exploitation_match_results, :match_id
+    add_index :automatic_exploitation_match_results, :run_id
+    add_index :automatic_exploitation_runs, :match_set_id
+    add_index :automatic_exploitation_runs, :user_id
+    add_index :automatic_exploitation_runs, :workspace_id
+  end
+  def down
+  end
+end

data/lib/metasploit_data_models/version.rb CHANGED

@@ -6,7 +6,7 @@ module MetasploitDataModels
     # The minor version number, scoped to the {MAJOR} version number.
     MINOR = 23
     # The patch number, scoped to the {MAJOR} and {MINOR} version numbers.
-    PATCH = 1
+    PATCH = 2
     # The full version string, including the {MAJOR}, {MINOR}, {PATCH}, and optionally, the `PRERELEASE` in the
     # {http://semver.org/spec/v2.0.0.html semantic versioning v2.0.0} format.

data/spec/app/models/mdm/host_spec.rb CHANGED

@@ -102,7 +102,7 @@ describe Mdm::Host do
     end
   end
-	context 'associations' do
+  context 'associations' do
     it { should have_many(:creds).class_name('Mdm::Cred').through(:services) }
     it { should have_many(:clients).class_name('Mdm::Client').dependent(:destroy) }
     it { should have_many(:exploit_attempts).class_name('Mdm::ExploitAttempt').dependent(:destroy) }
@@ -110,6 +110,7 @@ describe Mdm::Host do
     it { should have_many(:host_details).class_name('Mdm::HostDetail').dependent(:destroy) }
     it { should have_many(:hosts_tags).class_name('Mdm::HostTag') }
     it { should have_many(:loots).class_name('Mdm::Loot').dependent(:destroy).order('loots.created_at DESC') }
+    it { should have_many(:module_runs).class_name('MetasploitDataModels::ModuleRun') }
     it { should have_many(:task_hosts).class_name('Mdm::TaskHost').dependent(:destroy) }
     it { should have_many(:tasks).class_name('Mdm::Task').through(:task_hosts) }
@@ -208,9 +209,9 @@ describe Mdm::Host do
     it { should have_many(:vuln_refs).class_name('Mdm::VulnRef') }
     it { should have_many(:web_sites).class_name('Mdm::WebSite').through(:services) }
     it { should belong_to(:workspace).class_name('Mdm::Workspace') }
-	end
+  end
-	context 'CONSTANTS' do
+  context 'CONSTANTS' do
     context 'ARCHITECTURES' do
       subject(:architectures) do
         described_class::ARCHITECTURES
@@ -285,30 +286,30 @@ describe Mdm::Host do
     end
-		context 'SEARCH_FIELDS' do
-			subject(:search_fields) do
-				described_class::SEARCH_FIELDS
-			end
-			it 'should be an Array<String>' do
-				search_fields.should be_an Array
-				search_fields.each { |search_field|
-					search_field.should be_a String
-				}
-			end
-			it 'should cast address to text' do
-				search_fields.should include('address::text')
-			end
-			it { should include('comments') }
-			it { should include('mac') }
-			it { should include('name') }
-			it { should include('os_flavor') }
-			it { should include('os_name') }
-			it { should include('os_sp') }
-			it { should include('purpose') }
+    context 'SEARCH_FIELDS' do
+      subject(:search_fields) do
+        described_class::SEARCH_FIELDS
+      end
+      it 'should be an Array<String>' do
+        search_fields.should be_an Array
+        search_fields.each { |search_field|
+          search_field.should be_a String
+        }
+      end
+      it 'should cast address to text' do
+        search_fields.should include('address::text')
+      end
+      it { should include('comments') }
+      it { should include('mac') }
+      it { should include('name') }
+      it { should include('os_flavor') }
+      it { should include('os_name') }
+      it { should include('os_sp') }
+      it { should include('purpose') }
     end
     it 'should define STATES in any order' do

data/spec/app/models/mdm/loot_spec.rb CHANGED

@@ -7,6 +7,7 @@ describe Mdm::Loot do
     it { should belong_to(:workspace).class_name('Mdm::Workspace') }
     it { should belong_to(:service).class_name('Mdm::Service') }
     it { should belong_to(:host).class_name('Mdm::Host') }
+    it { should belong_to(:module_run).class_name('MetasploitDataModels::ModuleRun') }
   end
   context 'database' do

data/spec/app/models/mdm/module/detail_spec.rb CHANGED

@@ -430,5 +430,5 @@ describe Mdm::Module::Detail do
         its(:name) { should == name }
       end
     end
-	end
-end
+  end
+end

data/spec/app/models/mdm/session_spec.rb CHANGED

@@ -25,31 +25,34 @@ describe Mdm::Session do
   context 'database' do
     context 'timestamps'do
-      it { should have_db_column(:opened_at).of_type(:datetime).with_options(:null => false) }
-      it { should have_db_column(:closed_at).of_type(:datetime) }
-      it { should have_db_column(:last_seen).of_type(:datetime) }
+      it { is_expected.to have_db_column(:closed_at).of_type(:datetime) }
+      it { is_expected.to have_db_column(:last_seen).of_type(:datetime) }
+      it { is_expected.to have_db_column(:opened_at).of_type(:datetime).with_options(:null => false) }
     end
     context 'columns' do
-      it { should have_db_column(:host_id).of_type(:integer) }
-      it { should have_db_column(:stype).of_type(:string) }
-      it { should have_db_column(:via_exploit).of_type(:string) }
-      it { should have_db_column(:via_payload).of_type(:string) }
-      it { should have_db_column(:desc).of_type(:string) }
-      it { should have_db_column(:port).of_type(:integer) }
-      it { should have_db_column(:platform).of_type(:string) }
-      it { should have_db_column(:datastore).of_type(:text) }
-      it { should have_db_column(:local_id).of_type(:integer) }
+      it { is_expected.to have_db_column(:datastore).of_type(:text) }
+      it { is_expected.to have_db_column(:desc).of_type(:string) }
+      it { is_expected.to have_db_column(:host_id).of_type(:integer) }
+      it { is_expected.to have_db_column(:local_id).of_type(:integer) }
+      it { is_expected.to have_db_column(:module_run_id).of_type(:integer) }
+      it { is_expected.to have_db_column(:platform).of_type(:string) }
+      it { is_expected.to have_db_column(:port).of_type(:integer) }
+      it { is_expected.to have_db_column(:stype).of_type(:string) }
+      it { is_expected.to have_db_column(:via_exploit).of_type(:string) }
+      it { is_expected.to have_db_column(:via_payload).of_type(:string) }
     end
   end
   context 'associations' do
-    it { should belong_to(:host).class_name('Mdm::Host') }
-    it { should have_many(:events).class_name('Mdm::SessionEvent').dependent(:delete_all) }
-    it { should have_many(:routes).class_name('Mdm::Route').dependent(:delete_all) }
-    it { should have_one(:workspace).class_name('Mdm::Workspace').through(:host) }
-    it { should have_many(:task_sessions).class_name('Mdm::TaskSession').dependent(:destroy)}
-    it { should have_many(:tasks).class_name('Mdm::Task').through(:task_sessions)}
+    it { is_expected.to have_many(:events).class_name('Mdm::SessionEvent').dependent(:delete_all) }
+    it { is_expected.to belong_to(:host).class_name('Mdm::Host') }
+    it { is_expected.to belong_to(:originating_module_run).class_name('MetasploitDataModels::ModuleRun') }
+    it { is_expected.to have_many(:routes).class_name('Mdm::Route').dependent(:delete_all) }
+    it { is_expected.to have_many(:target_module_runs).class_name('MetasploitDataModels::ModuleRun') }
+    it { is_expected.to have_many(:tasks).class_name('Mdm::Task').through(:task_sessions)}
+    it { is_expected.to have_many(:task_sessions).class_name('Mdm::TaskSession').dependent(:destroy) }
+    it { is_expected.to have_one(:workspace).class_name('Mdm::Workspace').through(:host) }
   end
   context 'scopes' do

data/spec/app/models/mdm/vuln_spec.rb CHANGED

@@ -33,16 +33,15 @@ describe Mdm::Vuln do
   context 'associations' do
-    it { should belong_to(:host).class_name('Mdm::Host') }
-    it { should belong_to(:service).class_name('Mdm::Service') }
-    it { should have_many(:module_refs).class_name('Mdm::Module::Ref').through(:refs) }
-    # @todo https://www.pivotaltracker.com/story/show/49004623
-    it { should have_many(:refs).class_name('Mdm::Ref').through(:vulns_refs) }
-    it { should have_many(:vuln_attempts).class_name('Mdm::VulnAttempt').dependent(:destroy) }
-    it { should have_many(:vuln_details).class_name('Mdm::VulnDetail').dependent(:destroy) }
-    # @todo https://www.pivotaltracker.com/story/show/49004623
-    it { should have_many(:vulns_refs).class_name('Mdm::VulnRef').dependent(:destroy) }
-    it { should have_many(:notes).class_name('Mdm::Note').dependent(:delete_all).order('notes.created_at') }
+    it { is_expected.to belong_to(:host).class_name('Mdm::Host') }
+    it { is_expected.to belong_to(:service).class_name('Mdm::Service') }
+    it { is_expected.to have_many(:module_refs).class_name('Mdm::Module::Ref').through(:refs) }
+    it { is_expected.to have_many(:module_runs).class_name('MetasploitDataModels::ModuleRun') }
+    it { is_expected.to have_many(:refs).class_name('Mdm::Ref').through(:vulns_refs) }
+    it { is_expected.to have_many(:vuln_attempts).class_name('Mdm::VulnAttempt').dependent(:destroy) }
+    it { is_expected.to have_many(:vuln_details).class_name('Mdm::VulnDetail').dependent(:destroy) }
+    it { is_expected.to have_many(:vulns_refs).class_name('Mdm::VulnRef').dependent(:destroy) }
+    it { is_expected.to have_many(:notes).class_name('Mdm::Note').dependent(:delete_all).order('notes.created_at') }
     context 'module_details' do
       it { should have_many(:module_details).class_name('Mdm::Module::Detail').through(:module_refs) }

data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb ADDED

@@ -0,0 +1,88 @@
+require 'spec_helper'
+describe MetasploitDataModels::AutomaticExploitation::MatchResult do
+  it_should_behave_like 'Metasploit::Concern.run'
+  context "database" do
+    it { is_expected.to have_db_column(:match_id).of_type(:integer) }
+    it { is_expected.to have_db_index(:match_id) }
+    it { is_expected.to have_db_column(:run_id).of_type(:integer) }
+    it { is_expected.to have_db_index(:run_id) }
+  end
+  context 'associations' do
+    it { should belong_to(:match).class_name('MetasploitDataModels::AutomaticExploitation::Match') }
+    it { should belong_to(:run).class_name('MetasploitDataModels::AutomaticExploitation::Run') }
+  end
+  context 'scopes' do
+    before do
+      match_failed    = FactoryGirl.create(:automatic_exploitation_match)
+      match_succeeded = FactoryGirl.create(:automatic_exploitation_match)
+      run             = FactoryGirl.create(:automatic_exploitation_run)
+      described_class.create do |match_result|
+        match_result.match = match_failed
+        match_result.run   = run
+        match_result.state = MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED
+      end
+      described_class.create do |match_result|
+        match_result.match = match_succeeded
+        match_result.run   = run
+        match_result.state = MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED
+      end
+    end
+    context 'succeeded' do
+      subject(:succeeded) do
+        described_class.succeeded
+      end
+      specify 'returns only successful results' do
+        expect(succeeded.count).to eq(1)
+        expect(succeeded.first.state).to eq(MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED)
+      end
+    end
+    context 'failed' do
+      subject(:failed) do
+        described_class.failed
+      end
+      specify 'returns only failed results' do
+        expect(failed.count).to eq(1)
+        expect(failed.first.state).to eq(MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED)
+      end
+    end
+  end
+  context 'validations' do
+    context 'state' do
+      subject(:match_result) do
+        FactoryGirl.build(:automatic_exploitation_match_result, state: state)
+      end
+      context 'with nil' do
+        let(:state) { nil }
+        specify do
+          expect(match_result).not_to be_valid
+          expect(match_result.errors[:state]).to include("can't be blank")
+        end
+      end
+      context 'with "asdf"' do
+        let(:state) { "asdf" }
+        specify do
+          expect(match_result).not_to be_valid
+          expect(match_result.errors[:state]).to include("is not included in the list")
+        end
+      end
+      context 'with "succeeded"' do
+        let(:state) { MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED }
+        specify do
+          expect(match_result).to be_valid
+        end
+      end
+    end
+  end
+end

data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb ADDED

@@ -0,0 +1,48 @@
+require 'spec_helper'
+describe MetasploitDataModels::AutomaticExploitation::MatchSet do
+  describe "database" do
+    describe "foreign_keys" do
+      it { should have_db_column(:workspace_id).of_type(:integer) }
+      it { should have_db_column(:user_id).of_type(:integer) }
+    end
+    describe "indices" do
+      it { should have_db_index(:user_id) }
+      it { should have_db_index(:workspace_id) }
+    end
+  end
+  describe "associations" do
+    it { should have_many(:matches).class_name('MetasploitDataModels::AutomaticExploitation::Match') }
+    it { should have_many(:matches).inverse_of(:match_set) }
+    it { should have_many(:runs).class_name('MetasploitDataModels::AutomaticExploitation::Run') }
+    it { should have_many(:runs).inverse_of(:match_set) }
+    it { should belong_to(:user).class_name('Mdm::User') }
+    it { should belong_to(:user).inverse_of(:automatic_exploitation_match_sets) }
+    it { should belong_to(:workspace).class_name('Mdm::Workspace') }
+    it { should belong_to(:workspace).inverse_of(:automatic_exploitation_match_sets) }
+  end
+  describe "validations" do
+    subject(:match_set){ FactoryGirl.build(:automatic_exploitation_match_set)}
+    describe "missing user" do
+      before(:each) do
+        match_set.user = nil
+      end
+      it{ is_expected.to be_invalid }
+    end
+    describe "missing workspace" do
+      before(:each) do
+        match_set.workspace = nil
+      end
+      it{ is_expected.to be_invalid }
+    end
+  end
+end