RubyGems - metasploit_data_models - Versions diffs - 0.23.1 → 0.23.2 - Mend

metasploit_data_models 0.23.1 → 0.23.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

data/db/migrate/20131002164449_create_automatic_exploitation_match_sets.rb ADDED

@@ -0,0 +1,12 @@
+class CreateAutomaticExploitationMatchSets < ActiveRecord::Migration
+  def change
+    create_table :automatic_exploitation_match_sets do |t|
+      t.integer :workspace_id
+      t.integer :user_id
+      t.timestamps
+    end
+    add_index :automatic_exploitation_match_sets, :user_id
+    add_index :automatic_exploitation_match_sets, :workspace_id
+  end
+end

data/db/migrate/20131008213344_create_automatic_exploitation_runs.rb ADDED

@@ -0,0 +1,11 @@
+class CreateAutomaticExploitationRuns < ActiveRecord::Migration
+  def change
+    create_table :automatic_exploitation_runs do |t|
+      t.integer :workspace_id
+      t.integer :user_id
+      t.integer :match_set_id
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20131011184338_module_detail_on_automatic_exploitation_match.rb ADDED

@@ -0,0 +1,10 @@
+class ModuleDetailOnAutomaticExploitationMatch < ActiveRecord::Migration
+  def up
+    rename_column :automatic_exploitation_matches, :ref_id, :module_detail_id
+    add_column :automatic_exploitation_matches, :match_set_id, :integer
+  end
+  def down
+    rename_column :automatic_exploitation_matches, :module_detail_id, :ref_id
+  end
+end

data/db/migrate/20131017150735_create_automatic_exploitation_match_results.rb ADDED

@@ -0,0 +1,11 @@
+class CreateAutomaticExploitationMatchResults < ActiveRecord::Migration
+  def change
+    create_table :automatic_exploitation_match_results do |t|
+      t.integer :match_id
+      t.integer :run_id
+      t.string :state, null: false
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20131021185657_make_match_polymorphic.rb ADDED

@@ -0,0 +1,11 @@
+class MakeMatchPolymorphic < ActiveRecord::Migration
+  def up
+    add_column :automatic_exploitation_matches, :matchable_type, :string
+    add_column :automatic_exploitation_matches, :matchable_id, :integer
+  end
+  def down
+    remove_column :automatic_exploitation_matches, :matchable_type
+    remove_column :automatic_exploitation_matches, :matchable_id
+  end
+end

data/db/migrate/20150219173821_create_module_runs.rb ADDED

@@ -0,0 +1,23 @@
+class CreateModuleRuns < ActiveRecord::Migration
+  def change
+    create_table :module_runs do |t|
+      t.datetime :attempted_at
+      t.text :fail_detail
+      t.string :fail_reason
+      t.text :module_fullname
+      t.integer :port
+      t.string :proto
+      t.integer :session_id
+      t.string :status
+      t.integer :trackable_id
+      t.string :trackable_type
+      t.integer :user_id
+      t.string :username
+      t.timestamps
+    end
+    add_index :module_runs, :session_id
+    add_index :module_runs, :user_id
+  end
+end

data/db/migrate/20150219215039_add_module_run_to_session.rb ADDED

@@ -0,0 +1,8 @@
+class AddModuleRunToSession < ActiveRecord::Migration
+  def change
+    change_table :sessions do |t|
+      t.integer :module_run_id
+    end
+    add_index :sessions, :module_run_id
+  end
+end

data/db/migrate/20150226151459_add_module_run_fk_to_loot.rb ADDED

@@ -0,0 +1,8 @@
+class AddModuleRunFkToLoot < ActiveRecord::Migration
+  def change
+    change_table(:loots) do |t|
+      t.integer :module_run_id
+      t.index :module_run_id
+    end
+  end
+end

data/db/migrate/20150312155312_add_module_full_name_to_match.rb ADDED

@@ -0,0 +1,6 @@
+class AddModuleFullNameToMatch < ActiveRecord::Migration
+  def change
+    add_column :automatic_exploitation_matches, :module_fullname, :text
+    add_index :automatic_exploitation_matches, :module_fullname
+  end
+end

data/db/migrate/20150326183742_add_missing_ae_indices.rb ADDED

@@ -0,0 +1,13 @@
+class AddMissingAeIndices < ActiveRecord::Migration
+  def up
+    add_index :automatic_exploitation_match_results, :match_id
+    add_index :automatic_exploitation_match_results, :run_id
+    add_index :automatic_exploitation_runs, :match_set_id
+    add_index :automatic_exploitation_runs, :user_id
+    add_index :automatic_exploitation_runs, :workspace_id
+  end
+  def down
+  end
+end

data/lib/metasploit_data_models/version.rb CHANGED

@@ -6,7 +6,7 @@ module MetasploitDataModels
     # The minor version number, scoped to the {MAJOR} version number.
     MINOR = 23
     # The patch number, scoped to the {MAJOR} and {MINOR} version numbers.
-    PATCH = 1
+    PATCH = 2
     # The full version string, including the {MAJOR}, {MINOR}, {PATCH}, and optionally, the `PRERELEASE` in the
     # {http://semver.org/spec/v2.0.0.html semantic versioning v2.0.0} format.

data/spec/app/models/mdm/host_spec.rb CHANGED

@@ -102,7 +102,7 @@ describe Mdm::Host do
     end
   end
-	context 'associations' do
+  context 'associations' do
     it { should have_many(:creds).class_name('Mdm::Cred').through(:services) }
     it { should have_many(:clients).class_name('Mdm::Client').dependent(:destroy) }
     it { should have_many(:exploit_attempts).class_name('Mdm::ExploitAttempt').dependent(:destroy) }
@@ -110,6 +110,7 @@ describe Mdm::Host do
     it { should have_many(:host_details).class_name('Mdm::HostDetail').dependent(:destroy) }
     it { should have_many(:hosts_tags).class_name('Mdm::HostTag') }
     it { should have_many(:loots).class_name('Mdm::Loot').dependent(:destroy).order('loots.created_at DESC') }
+    it { should have_many(:module_runs).class_name('MetasploitDataModels::ModuleRun') }
     it { should have_many(:task_hosts).class_name('Mdm::TaskHost').dependent(:destroy) }
     it { should have_many(:tasks).class_name('Mdm::Task').through(:task_hosts) }
@@ -208,9 +209,9 @@ describe Mdm::Host do
     it { should have_many(:vuln_refs).class_name('Mdm::VulnRef') }
     it { should have_many(:web_sites).class_name('Mdm::WebSite').through(:services) }
     it { should belong_to(:workspace).class_name('Mdm::Workspace') }
-	end
+  end
-	context 'CONSTANTS' do
+  context 'CONSTANTS' do
     context 'ARCHITECTURES' do
       subject(:architectures) do
         described_class::ARCHITECTURES
@@ -285,30 +286,30 @@ describe Mdm::Host do
     end
-		context 'SEARCH_FIELDS' do
-			subject(:search_fields) do
-				described_class::SEARCH_FIELDS
-			end
-			it 'should be an Array<String>' do
-				search_fields.should be_an Array
-				search_fields.each { |search_field|
-					search_field.should be_a String
-				}
-			end
-			it 'should cast address to text' do
-				search_fields.should include('address::text')
-			end
-			it { should include('comments') }
-			it { should include('mac') }
-			it { should include('name') }
-			it { should include('os_flavor') }
-			it { should include('os_name') }
-			it { should include('os_sp') }
-			it { should include('purpose') }
+    context 'SEARCH_FIELDS' do
+      subject(:search_fields) do
+        described_class::SEARCH_FIELDS
+      end
+      it 'should be an Array<String>' do
+        search_fields.should be_an Array
+        search_fields.each { |search_field|
+          search_field.should be_a String
+        }
+      end
+      it 'should cast address to text' do
+        search_fields.should include('address::text')
+      end
+      it { should include('comments') }
+      it { should include('mac') }
+      it { should include('name') }
+      it { should include('os_flavor') }
+      it { should include('os_name') }
+      it { should include('os_sp') }
+      it { should include('purpose') }
     end
     it 'should define STATES in any order' do

data/spec/app/models/mdm/loot_spec.rb CHANGED

@@ -7,6 +7,7 @@ describe Mdm::Loot do
     it { should belong_to(:workspace).class_name('Mdm::Workspace') }
     it { should belong_to(:service).class_name('Mdm::Service') }
     it { should belong_to(:host).class_name('Mdm::Host') }
+    it { should belong_to(:module_run).class_name('MetasploitDataModels::ModuleRun') }
   end
   context 'database' do

data/spec/app/models/mdm/module/detail_spec.rb CHANGED

@@ -430,5 +430,5 @@ describe Mdm::Module::Detail do
         its(:name) { should == name }
       end
     end
-	end
-end
+  end
+end

data/spec/app/models/mdm/session_spec.rb CHANGED

@@ -25,31 +25,34 @@ describe Mdm::Session do
   context 'database' do
     context 'timestamps'do
-      it { should have_db_column(:opened_at).of_type(:datetime).with_options(:null => false) }
-      it { should have_db_column(:closed_at).of_type(:datetime) }
-      it { should have_db_column(:last_seen).of_type(:datetime) }
+      it { is_expected.to have_db_column(:closed_at).of_type(:datetime) }
+      it { is_expected.to have_db_column(:last_seen).of_type(:datetime) }
+      it { is_expected.to have_db_column(:opened_at).of_type(:datetime).with_options(:null => false) }
     end
     context 'columns' do
-      it { should have_db_column(:host_id).of_type(:integer) }
-      it { should have_db_column(:stype).of_type(:string) }
-      it { should have_db_column(:via_exploit).of_type(:string) }
-      it { should have_db_column(:via_payload).of_type(:string) }
-      it { should have_db_column(:desc).of_type(:string) }
-      it { should have_db_column(:port).of_type(:integer) }
-      it { should have_db_column(:platform).of_type(:string) }
-      it { should have_db_column(:datastore).of_type(:text) }
-      it { should have_db_column(:local_id).of_type(:integer) }
+      it { is_expected.to have_db_column(:datastore).of_type(:text) }
+      it { is_expected.to have_db_column(:desc).of_type(:string) }
+      it { is_expected.to have_db_column(:host_id).of_type(:integer) }
+      it { is_expected.to have_db_column(:local_id).of_type(:integer) }
+      it { is_expected.to have_db_column(:module_run_id).of_type(:integer) }
+      it { is_expected.to have_db_column(:platform).of_type(:string) }
+      it { is_expected.to have_db_column(:port).of_type(:integer) }
+      it { is_expected.to have_db_column(:stype).of_type(:string) }
+      it { is_expected.to have_db_column(:via_exploit).of_type(:string) }
+      it { is_expected.to have_db_column(:via_payload).of_type(:string) }
     end
   end
   context 'associations' do
-    it { should belong_to(:host).class_name('Mdm::Host') }
-    it { should have_many(:events).class_name('Mdm::SessionEvent').dependent(:delete_all) }
-    it { should have_many(:routes).class_name('Mdm::Route').dependent(:delete_all) }
-    it { should have_one(:workspace).class_name('Mdm::Workspace').through(:host) }
-    it { should have_many(:task_sessions).class_name('Mdm::TaskSession').dependent(:destroy)}
-    it { should have_many(:tasks).class_name('Mdm::Task').through(:task_sessions)}
+    it { is_expected.to have_many(:events).class_name('Mdm::SessionEvent').dependent(:delete_all) }
+    it { is_expected.to belong_to(:host).class_name('Mdm::Host') }
+    it { is_expected.to belong_to(:originating_module_run).class_name('MetasploitDataModels::ModuleRun') }
+    it { is_expected.to have_many(:routes).class_name('Mdm::Route').dependent(:delete_all) }
+    it { is_expected.to have_many(:target_module_runs).class_name('MetasploitDataModels::ModuleRun') }
+    it { is_expected.to have_many(:tasks).class_name('Mdm::Task').through(:task_sessions)}
+    it { is_expected.to have_many(:task_sessions).class_name('Mdm::TaskSession').dependent(:destroy) }
+    it { is_expected.to have_one(:workspace).class_name('Mdm::Workspace').through(:host) }
   end
   context 'scopes' do

data/spec/app/models/mdm/vuln_spec.rb CHANGED

@@ -33,16 +33,15 @@ describe Mdm::Vuln do
   context 'associations' do
-    it { should belong_to(:host).class_name('Mdm::Host') }
-    it { should belong_to(:service).class_name('Mdm::Service') }
-    it { should have_many(:module_refs).class_name('Mdm::Module::Ref').through(:refs) }
-    # @todo https://www.pivotaltracker.com/story/show/49004623
-    it { should have_many(:refs).class_name('Mdm::Ref').through(:vulns_refs) }
-    it { should have_many(:vuln_attempts).class_name('Mdm::VulnAttempt').dependent(:destroy) }
-    it { should have_many(:vuln_details).class_name('Mdm::VulnDetail').dependent(:destroy) }
-    # @todo https://www.pivotaltracker.com/story/show/49004623
-    it { should have_many(:vulns_refs).class_name('Mdm::VulnRef').dependent(:destroy) }
-    it { should have_many(:notes).class_name('Mdm::Note').dependent(:delete_all).order('notes.created_at') }
+    it { is_expected.to belong_to(:host).class_name('Mdm::Host') }
+    it { is_expected.to belong_to(:service).class_name('Mdm::Service') }
+    it { is_expected.to have_many(:module_refs).class_name('Mdm::Module::Ref').through(:refs) }
+    it { is_expected.to have_many(:module_runs).class_name('MetasploitDataModels::ModuleRun') }
+    it { is_expected.to have_many(:refs).class_name('Mdm::Ref').through(:vulns_refs) }
+    it { is_expected.to have_many(:vuln_attempts).class_name('Mdm::VulnAttempt').dependent(:destroy) }
+    it { is_expected.to have_many(:vuln_details).class_name('Mdm::VulnDetail').dependent(:destroy) }
+    it { is_expected.to have_many(:vulns_refs).class_name('Mdm::VulnRef').dependent(:destroy) }
+    it { is_expected.to have_many(:notes).class_name('Mdm::Note').dependent(:delete_all).order('notes.created_at') }
     context 'module_details' do
       it { should have_many(:module_details).class_name('Mdm::Module::Detail').through(:module_refs) }

data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb ADDED

@@ -0,0 +1,88 @@
+require 'spec_helper'
+describe MetasploitDataModels::AutomaticExploitation::MatchResult do
+  it_should_behave_like 'Metasploit::Concern.run'
+  context "database" do
+    it { is_expected.to have_db_column(:match_id).of_type(:integer) }
+    it { is_expected.to have_db_index(:match_id) }
+    it { is_expected.to have_db_column(:run_id).of_type(:integer) }
+    it { is_expected.to have_db_index(:run_id) }
+  end
+  context 'associations' do
+    it { should belong_to(:match).class_name('MetasploitDataModels::AutomaticExploitation::Match') }
+    it { should belong_to(:run).class_name('MetasploitDataModels::AutomaticExploitation::Run') }
+  end
+  context 'scopes' do
+    before do
+      match_failed    = FactoryGirl.create(:automatic_exploitation_match)
+      match_succeeded = FactoryGirl.create(:automatic_exploitation_match)
+      run             = FactoryGirl.create(:automatic_exploitation_run)
+      described_class.create do |match_result|
+        match_result.match = match_failed
+        match_result.run   = run
+        match_result.state = MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED
+      end
+      described_class.create do |match_result|
+        match_result.match = match_succeeded
+        match_result.run   = run
+        match_result.state = MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED
+      end
+    end
+    context 'succeeded' do
+      subject(:succeeded) do
+        described_class.succeeded
+      end
+      specify 'returns only successful results' do
+        expect(succeeded.count).to eq(1)
+        expect(succeeded.first.state).to eq(MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED)
+      end
+    end
+    context 'failed' do
+      subject(:failed) do
+        described_class.failed
+      end
+      specify 'returns only failed results' do
+        expect(failed.count).to eq(1)
+        expect(failed.first.state).to eq(MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED)
+      end
+    end
+  end
+  context 'validations' do
+    context 'state' do
+      subject(:match_result) do
+        FactoryGirl.build(:automatic_exploitation_match_result, state: state)
+      end
+      context 'with nil' do
+        let(:state) { nil }
+        specify do
+          expect(match_result).not_to be_valid
+          expect(match_result.errors[:state]).to include("can't be blank")
+        end
+      end
+      context 'with "asdf"' do
+        let(:state) { "asdf" }
+        specify do
+          expect(match_result).not_to be_valid
+          expect(match_result.errors[:state]).to include("is not included in the list")
+        end
+      end
+      context 'with "succeeded"' do
+        let(:state) { MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED }
+        specify do
+          expect(match_result).to be_valid
+        end
+      end
+    end
+  end
+end

data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb ADDED

@@ -0,0 +1,48 @@
+require 'spec_helper'
+describe MetasploitDataModels::AutomaticExploitation::MatchSet do
+  describe "database" do
+    describe "foreign_keys" do
+      it { should have_db_column(:workspace_id).of_type(:integer) }
+      it { should have_db_column(:user_id).of_type(:integer) }
+    end
+    describe "indices" do
+      it { should have_db_index(:user_id) }
+      it { should have_db_index(:workspace_id) }
+    end
+  end
+  describe "associations" do
+    it { should have_many(:matches).class_name('MetasploitDataModels::AutomaticExploitation::Match') }
+    it { should have_many(:matches).inverse_of(:match_set) }
+    it { should have_many(:runs).class_name('MetasploitDataModels::AutomaticExploitation::Run') }
+    it { should have_many(:runs).inverse_of(:match_set) }
+    it { should belong_to(:user).class_name('Mdm::User') }
+    it { should belong_to(:user).inverse_of(:automatic_exploitation_match_sets) }
+    it { should belong_to(:workspace).class_name('Mdm::Workspace') }
+    it { should belong_to(:workspace).inverse_of(:automatic_exploitation_match_sets) }
+  end
+  describe "validations" do
+    subject(:match_set){ FactoryGirl.build(:automatic_exploitation_match_set)}
+    describe "missing user" do
+      before(:each) do
+        match_set.user = nil
+      end
+      it{ is_expected.to be_invalid }
+    end
+    describe "missing workspace" do
+      before(:each) do
+        match_set.workspace = nil
+      end
+      it{ is_expected.to be_invalid }
+    end
+  end
+end