metasploit_data_models 0.24.4 → 0.24.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rspec +3 -3
- data/.travis.yml +3 -6
- data/CONTRIBUTING.md +52 -10
- data/Gemfile +8 -1
- data/Rakefile +0 -23
- data/app/models/mdm/api_key.rb +1 -41
- data/app/models/mdm/client.rb +1 -41
- data/app/models/mdm/cred.rb +19 -107
- data/app/models/mdm/event.rb +1 -48
- data/app/models/mdm/exploit_attempt.rb +16 -65
- data/app/models/mdm/exploited_host.rb +1 -28
- data/app/models/mdm/host_detail.rb +1 -45
- data/app/models/mdm/host_tag.rb +8 -6
- data/app/models/mdm/listener.rb +1 -53
- data/app/models/mdm/macro.rb +0 -42
- data/app/models/mdm/mod_ref.rb +0 -21
- data/app/models/mdm/module/action.rb +0 -15
- data/app/models/mdm/module/arch.rb +0 -10
- data/app/models/mdm/module/author.rb +0 -16
- data/app/models/mdm/module/mixin.rb +0 -13
- data/app/models/mdm/module/platform.rb +0 -11
- data/app/models/mdm/module/target.rb +0 -18
- data/app/models/mdm/nexpose_console.rb +4 -82
- data/app/models/mdm/profile.rb +0 -36
- data/app/models/mdm/route.rb +5 -17
- data/app/models/mdm/session_event.rb +1 -33
- data/app/models/mdm/tag.rb +10 -49
- data/app/models/mdm/task.rb +45 -94
- data/app/models/mdm/task_cred.rb +0 -29
- data/app/models/mdm/task_host.rb +0 -25
- data/app/models/mdm/task_service.rb +0 -25
- data/app/models/mdm/task_session.rb +0 -25
- data/app/models/mdm/user.rb +6 -188
- data/app/models/mdm/vuln_attempt.rb +12 -37
- data/app/models/mdm/vuln_detail.rb +5 -139
- data/app/models/mdm/vuln_ref.rb +1 -4
- data/app/models/mdm/web_form.rb +1 -35
- data/app/models/mdm/web_page.rb +1 -70
- data/app/models/mdm/web_site.rb +1 -51
- data/app/models/mdm/wmap_request.rb +0 -85
- data/app/models/mdm/wmap_target.rb +0 -40
- data/app/models/mdm/workspace.rb +14 -152
- data/app/models/metasploit_data_models/automatic_exploitation.rb +16 -0
- data/app/models/metasploit_data_models/automatic_exploitation/match.rb +24 -19
- data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +5 -33
- data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +4 -22
- data/app/models/metasploit_data_models/automatic_exploitation/run.rb +3 -13
- data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +1 -1
- data/app/models/metasploit_data_models/module_run.rb +1 -1
- data/app/models/metasploit_data_models/search/visitor/where.rb +1 -1
- data/app/validators/ip_format_validator.rb +0 -4
- data/app/validators/parameters_validator.rb +0 -12
- data/app/validators/password_is_strong_validator.rb +1 -10
- data/lib/mdm/host/operating_system_normalization.rb +10 -7
- data/lib/metasploit_data_models.rb +0 -4
- data/lib/metasploit_data_models/engine.rb +0 -2
- data/lib/metasploit_data_models/serialized_prefs.rb +0 -6
- data/lib/metasploit_data_models/version.rb +10 -24
- data/lib/tasks/yard.rake +33 -0
- data/metasploit_data_models.gemspec +2 -9
- data/spec/app/models/mdm/api_key_spec.rb +3 -1
- data/spec/app/models/mdm/client_spec.rb +11 -9
- data/spec/app/models/mdm/cred_spec.rb +54 -42
- data/spec/app/models/mdm/event_spec.rb +23 -21
- data/spec/app/models/mdm/exploit_attempt_spec.rb +21 -19
- data/spec/app/models/mdm/exploited_host_spec.rb +13 -11
- data/spec/app/models/mdm/host_detail_spec.rb +17 -15
- data/spec/app/models/mdm/host_spec.rb +260 -261
- data/spec/app/models/mdm/host_tag_spec.rb +8 -6
- data/spec/app/models/mdm/listener_spec.rb +32 -30
- data/spec/app/models/mdm/loot_spec.rb +23 -21
- data/spec/app/models/mdm/macro_spec.rb +3 -1
- data/spec/app/models/mdm/mod_ref_spec.rb +3 -1
- data/spec/app/models/mdm/module/action_spec.rb +12 -10
- data/spec/app/models/mdm/module/arch_spec.rb +12 -10
- data/spec/app/models/mdm/module/author_spec.rb +17 -22
- data/spec/app/models/mdm/module/detail_spec.rb +75 -184
- data/spec/app/models/mdm/module/mixin_spec.rb +12 -10
- data/spec/app/models/mdm/module/platform_spec.rb +12 -10
- data/spec/app/models/mdm/module/ref_spec.rb +12 -10
- data/spec/app/models/mdm/module/target_spec.rb +15 -13
- data/spec/app/models/mdm/nexpose_console_spec.rb +37 -35
- data/spec/app/models/mdm/note_spec.rb +25 -23
- data/spec/app/models/mdm/profile_spec.rb +3 -1
- data/spec/app/models/mdm/ref_spec.rb +12 -10
- data/spec/app/models/mdm/route_spec.rb +8 -6
- data/spec/app/models/mdm/service_spec.rb +40 -38
- data/spec/app/models/mdm/session_event_spec.rb +12 -10
- data/spec/app/models/mdm/session_spec.rb +15 -13
- data/spec/app/models/mdm/tag_spec.rb +29 -29
- data/spec/app/models/mdm/task_cred_spec.rb +11 -9
- data/spec/app/models/mdm/task_host_spec.rb +11 -9
- data/spec/app/models/mdm/task_service_spec.rb +11 -9
- data/spec/app/models/mdm/task_session_spec.rb +9 -7
- data/spec/app/models/mdm/task_spec.rb +29 -27
- data/spec/app/models/mdm/user_spec.rb +19 -17
- data/spec/app/models/mdm/vuln_attempt_spec.rb +16 -14
- data/spec/app/models/mdm/vuln_detail_spec.rb +28 -26
- data/spec/app/models/mdm/vuln_ref_spec.rb +10 -8
- data/spec/app/models/mdm/vuln_spec.rb +26 -24
- data/spec/app/models/mdm/web_form_spec.rb +13 -11
- data/spec/app/models/mdm/web_page_spec.rb +21 -19
- data/spec/app/models/mdm/web_site_spec.rb +23 -21
- data/spec/app/models/mdm/web_vuln_spec.rb +65 -63
- data/spec/app/models/mdm/wmap_request_spec.rb +3 -1
- data/spec/app/models/mdm/wmap_target_spec.rb +3 -1
- data/spec/app/models/mdm/workspace_spec.rb +100 -97
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +5 -3
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +15 -13
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +12 -10
- data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +23 -21
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +11 -9
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +23 -21
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +15 -22
- data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/module_run_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +20 -18
- data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +8 -6
- data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +4 -2
- data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +8 -6
- data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +11 -9
- data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +7 -5
- data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +19 -17
- data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +7 -5
- data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +23 -61
- data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +10 -8
- data/spec/app/validators/parameters_validator_spec.rb +29 -29
- data/spec/app/validators/password_is_strong_validator_spec.rb +46 -54
- data/spec/dummy/db/structure.sql +3403 -0
- data/spec/factories/mdm/module/details.rb +1 -1
- data/spec/lib/base64_serializer_spec.rb +19 -19
- data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +12 -18
- data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +6 -4
- data/spec/lib/metasploit_data_models/match/child_spec.rb +4 -2
- data/spec/lib/metasploit_data_models/match/parent_spec.rb +6 -4
- data/spec/lib/metasploit_data_models/version_spec.rb +141 -3
- data/spec/spec_helper.rb +12 -86
- data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +2 -2
- data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +4 -4
- data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +2 -2
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +5 -5
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +5 -5
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +3 -3
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +6 -7
- metadata +9 -67
- data/CHANGELOG.md +0 -6
- data/RELEASING.md +0 -88
- data/UPGRADING.md +0 -1
- data/lib/metasploit_data_models/automatic_exploitation.rb +0 -25
- data/spec/lib/metasploit_data_models_spec.rb +0 -4
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::VulnRef do
|
|
2
4
|
it_should_behave_like 'Metasploit::Concern.run'
|
|
3
5
|
|
|
4
6
|
context 'factories' do
|
|
@@ -7,27 +9,27 @@ RSpec.describe Mdm::VulnRef, type: :model do
|
|
|
7
9
|
FactoryGirl.build(:mdm_vuln_ref)
|
|
8
10
|
end
|
|
9
11
|
|
|
10
|
-
it {
|
|
12
|
+
it { should be_valid }
|
|
11
13
|
end
|
|
12
14
|
end
|
|
13
15
|
|
|
14
16
|
context 'database' do
|
|
15
17
|
context 'columns' do
|
|
16
|
-
it {
|
|
17
|
-
it {
|
|
18
|
-
it {
|
|
18
|
+
it { should have_db_column(:id).of_type(:integer) }
|
|
19
|
+
it { should have_db_column(:ref_id).of_type(:integer) }
|
|
20
|
+
it { should have_db_column(:vuln_id).of_type(:integer) }
|
|
19
21
|
end
|
|
20
22
|
end
|
|
21
23
|
|
|
22
24
|
context 'associations' do
|
|
23
|
-
it {
|
|
24
|
-
it {
|
|
25
|
+
it { should belong_to(:vuln).class_name('Mdm::Vuln') }
|
|
26
|
+
it { should belong_to(:ref).class_name('Mdm::Ref') }
|
|
25
27
|
end
|
|
26
28
|
|
|
27
29
|
context 'factory' do
|
|
28
30
|
it 'should be valid' do
|
|
29
31
|
vuln_ref = FactoryGirl.build(:mdm_vuln_ref)
|
|
30
|
-
|
|
32
|
+
vuln_ref.should be_valid
|
|
31
33
|
end
|
|
32
34
|
end
|
|
33
35
|
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::Vuln do
|
|
2
4
|
subject(:vuln) do
|
|
3
5
|
FactoryGirl.build(:mdm_vuln)
|
|
4
6
|
end
|
|
@@ -42,7 +44,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
42
44
|
it { is_expected.to have_many(:notes).class_name('Mdm::Note').dependent(:delete_all).order('notes.created_at') }
|
|
43
45
|
|
|
44
46
|
context 'module_details' do
|
|
45
|
-
it {
|
|
47
|
+
it { should have_many(:module_details).class_name('Mdm::Module::Detail').through(:module_refs) }
|
|
46
48
|
|
|
47
49
|
context 'with Mdm::Refs' do
|
|
48
50
|
let(:names) do
|
|
@@ -112,8 +114,8 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
112
114
|
module_details << module_ref.detail
|
|
113
115
|
end
|
|
114
116
|
|
|
115
|
-
|
|
116
|
-
|
|
117
|
+
vuln.module_details.count.should < module_details.length
|
|
118
|
+
module_details.uniq.count.should == vuln.module_details.count
|
|
117
119
|
end
|
|
118
120
|
end
|
|
119
121
|
end
|
|
@@ -124,20 +126,20 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
124
126
|
|
|
125
127
|
context 'database' do
|
|
126
128
|
context 'columns' do
|
|
127
|
-
it {
|
|
128
|
-
it {
|
|
129
|
-
it {
|
|
130
|
-
it {
|
|
131
|
-
it {
|
|
129
|
+
it { should have_db_column(:exploited_at).of_type(:datetime) }
|
|
130
|
+
it { should have_db_column(:host_id).of_type(:integer) }
|
|
131
|
+
it { should have_db_column(:info).of_type(:string) }
|
|
132
|
+
it { should have_db_column(:name).of_type(:string) }
|
|
133
|
+
it { should have_db_column(:service_id).of_type(:integer) }
|
|
132
134
|
|
|
133
135
|
context 'counter caches' do
|
|
134
|
-
it {
|
|
135
|
-
it {
|
|
136
|
+
it { should have_db_column(:vuln_attempt_count).of_type(:integer).with_options(:default => 0) }
|
|
137
|
+
it { should have_db_column(:vuln_detail_count).of_type(:integer).with_options(:default => 0) }
|
|
136
138
|
end
|
|
137
139
|
|
|
138
140
|
context 'timestamps' do
|
|
139
|
-
it {
|
|
140
|
-
it {
|
|
141
|
+
it { should have_db_column(:created_at).of_type(:datetime) }
|
|
142
|
+
it { should have_db_column(:updated_at).of_type(:datetime) }
|
|
141
143
|
end
|
|
142
144
|
end
|
|
143
145
|
end
|
|
@@ -148,7 +150,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
148
150
|
FactoryGirl.build(:mdm_host_vuln)
|
|
149
151
|
end
|
|
150
152
|
|
|
151
|
-
it {
|
|
153
|
+
it { should be_valid }
|
|
152
154
|
end
|
|
153
155
|
|
|
154
156
|
context 'mdm_service_vuln' do
|
|
@@ -156,7 +158,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
156
158
|
FactoryGirl.build(:mdm_service_vuln)
|
|
157
159
|
end
|
|
158
160
|
|
|
159
|
-
it {
|
|
161
|
+
it { should be_valid }
|
|
160
162
|
end
|
|
161
163
|
|
|
162
164
|
context 'mdm_vuln' do
|
|
@@ -164,7 +166,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
164
166
|
FactoryGirl.build(:mdm_vuln)
|
|
165
167
|
end
|
|
166
168
|
|
|
167
|
-
it {
|
|
169
|
+
it { should be_valid }
|
|
168
170
|
end
|
|
169
171
|
end
|
|
170
172
|
|
|
@@ -195,7 +197,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
195
197
|
end
|
|
196
198
|
|
|
197
199
|
it 'should match Mdm::Vuln' do
|
|
198
|
-
|
|
200
|
+
results.should =~ [vuln]
|
|
199
201
|
end
|
|
200
202
|
end
|
|
201
203
|
|
|
@@ -205,7 +207,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
205
207
|
end
|
|
206
208
|
|
|
207
209
|
it 'should not match Mdm::Vuln' do
|
|
208
|
-
|
|
210
|
+
results.should be_empty
|
|
209
211
|
end
|
|
210
212
|
end
|
|
211
213
|
end
|
|
@@ -217,7 +219,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
217
219
|
end
|
|
218
220
|
|
|
219
221
|
it 'should match Mdm::Vuln' do
|
|
220
|
-
|
|
222
|
+
results.should =~ [vuln]
|
|
221
223
|
end
|
|
222
224
|
end
|
|
223
225
|
|
|
@@ -227,7 +229,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
227
229
|
end
|
|
228
230
|
|
|
229
231
|
it 'should not match Mdm::Vuln' do
|
|
230
|
-
|
|
232
|
+
results.should be_empty
|
|
231
233
|
end
|
|
232
234
|
end
|
|
233
235
|
|
|
@@ -237,7 +239,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
237
239
|
end
|
|
238
240
|
|
|
239
241
|
it 'should match Mdm::Vuln' do
|
|
240
|
-
|
|
242
|
+
results.should =~ [vuln]
|
|
241
243
|
end
|
|
242
244
|
end
|
|
243
245
|
|
|
@@ -247,7 +249,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
247
249
|
end
|
|
248
250
|
|
|
249
251
|
it 'should not match Mdm::Vuln' do
|
|
250
|
-
|
|
252
|
+
results.should be_empty
|
|
251
253
|
end
|
|
252
254
|
end
|
|
253
255
|
end
|
|
@@ -257,7 +259,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
257
259
|
end
|
|
258
260
|
|
|
259
261
|
context 'validations' do
|
|
260
|
-
it {
|
|
262
|
+
it { should validate_presence_of :name }
|
|
261
263
|
|
|
262
264
|
context "invalid" do
|
|
263
265
|
let(:mdm_vuln) do
|
|
@@ -268,7 +270,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
268
270
|
str = Faker::Lorem.characters(256)
|
|
269
271
|
mdm_vuln.name = str
|
|
270
272
|
mdm_vuln.valid?
|
|
271
|
-
|
|
273
|
+
mdm_vuln.errors[:name][0].should include "is too long"
|
|
272
274
|
end
|
|
273
275
|
end
|
|
274
276
|
end
|
|
@@ -1,34 +1,36 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::WebForm do
|
|
2
4
|
it_should_behave_like 'Metasploit::Concern.run'
|
|
3
5
|
|
|
4
6
|
context 'associations' do
|
|
5
|
-
it {
|
|
7
|
+
it { should belong_to(:web_site).class_name('Mdm::WebSite') }
|
|
6
8
|
end
|
|
7
9
|
|
|
8
10
|
context 'database' do
|
|
9
11
|
|
|
10
12
|
context 'timestamps'do
|
|
11
|
-
it {
|
|
12
|
-
it {
|
|
13
|
+
it { should have_db_column(:created_at).of_type(:datetime).with_options(:null => false) }
|
|
14
|
+
it { should have_db_column(:updated_at).of_type(:datetime).with_options(:null => false) }
|
|
13
15
|
end
|
|
14
16
|
|
|
15
17
|
context 'columns' do
|
|
16
|
-
it {
|
|
17
|
-
it {
|
|
18
|
-
it {
|
|
19
|
-
it {
|
|
20
|
-
it {
|
|
18
|
+
it { should have_db_column(:web_site_id).of_type(:integer).with_options(:null => false) }
|
|
19
|
+
it { should have_db_column(:path).of_type(:text) }
|
|
20
|
+
it { should have_db_column(:method).of_type(:string) }
|
|
21
|
+
it { should have_db_column(:params).of_type(:text) }
|
|
22
|
+
it { should have_db_column(:query).of_type(:text) }
|
|
21
23
|
end
|
|
22
24
|
|
|
23
25
|
context 'indices' do
|
|
24
|
-
it {
|
|
26
|
+
it { should have_db_index(:path) }
|
|
25
27
|
end
|
|
26
28
|
end
|
|
27
29
|
|
|
28
30
|
context 'factory' do
|
|
29
31
|
it 'should be valid' do
|
|
30
32
|
web_form = FactoryGirl.build(:mdm_web_form)
|
|
31
|
-
|
|
33
|
+
web_form.should be_valid
|
|
32
34
|
end
|
|
33
35
|
end
|
|
34
36
|
|
|
@@ -1,42 +1,44 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::WebPage do
|
|
2
4
|
it_should_behave_like 'Metasploit::Concern.run'
|
|
3
5
|
|
|
4
6
|
context 'associations' do
|
|
5
|
-
it {
|
|
7
|
+
it { should belong_to(:web_site).class_name('Mdm::WebSite') }
|
|
6
8
|
end
|
|
7
9
|
|
|
8
10
|
context 'database' do
|
|
9
11
|
|
|
10
12
|
context 'timestamps'do
|
|
11
|
-
it {
|
|
12
|
-
it {
|
|
13
|
-
it {
|
|
13
|
+
it { should have_db_column(:created_at).of_type(:datetime).with_options(:null => false) }
|
|
14
|
+
it { should have_db_column(:updated_at).of_type(:datetime).with_options(:null => false) }
|
|
15
|
+
it { should have_db_column(:mtime).of_type(:datetime) }
|
|
14
16
|
end
|
|
15
17
|
|
|
16
18
|
context 'columns' do
|
|
17
|
-
it {
|
|
18
|
-
it {
|
|
19
|
-
it {
|
|
20
|
-
it {
|
|
21
|
-
it {
|
|
22
|
-
it {
|
|
23
|
-
it {
|
|
24
|
-
it {
|
|
25
|
-
it {
|
|
26
|
-
it {
|
|
27
|
-
it {
|
|
19
|
+
it { should have_db_column(:web_site_id).of_type(:integer).with_options(:null => false) }
|
|
20
|
+
it { should have_db_column(:path).of_type(:text) }
|
|
21
|
+
it { should have_db_column(:query).of_type(:text) }
|
|
22
|
+
it { should have_db_column(:code).of_type(:integer).with_options(:null => false) }
|
|
23
|
+
it { should have_db_column(:cookie).of_type(:text) }
|
|
24
|
+
it { should have_db_column(:auth).of_type(:text) }
|
|
25
|
+
it { should have_db_column(:ctype).of_type(:text) }
|
|
26
|
+
it { should have_db_column(:location).of_type(:text) }
|
|
27
|
+
it { should have_db_column(:headers).of_type(:text) }
|
|
28
|
+
it { should have_db_column(:body).of_type(:binary) }
|
|
29
|
+
it { should have_db_column(:request).of_type(:binary) }
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
context 'indices' do
|
|
31
|
-
it {
|
|
32
|
-
it {
|
|
33
|
+
it { should have_db_index(:path) }
|
|
34
|
+
it { should have_db_index(:query) }
|
|
33
35
|
end
|
|
34
36
|
end
|
|
35
37
|
|
|
36
38
|
context 'factory' do
|
|
37
39
|
it 'should be valid' do
|
|
38
40
|
web_page = FactoryGirl.build(:mdm_web_page)
|
|
39
|
-
|
|
41
|
+
web_page.should be_valid
|
|
40
42
|
end
|
|
41
43
|
end
|
|
42
44
|
|
|
@@ -1,31 +1,33 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::WebSite do
|
|
2
4
|
it_should_behave_like 'Metasploit::Concern.run'
|
|
3
5
|
|
|
4
6
|
context 'factory' do
|
|
5
7
|
it 'should be valid' do
|
|
6
8
|
web_site = FactoryGirl.build(:mdm_web_site)
|
|
7
|
-
|
|
9
|
+
web_site.should be_valid
|
|
8
10
|
end
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
context 'database' do
|
|
12
14
|
|
|
13
15
|
context 'timestamps'do
|
|
14
|
-
it {
|
|
15
|
-
it {
|
|
16
|
+
it { should have_db_column(:created_at).of_type(:datetime).with_options(:null => false) }
|
|
17
|
+
it { should have_db_column(:updated_at).of_type(:datetime).with_options(:null => false) }
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
context 'columns' do
|
|
19
|
-
it {
|
|
20
|
-
it {
|
|
21
|
-
it {
|
|
22
|
-
it {
|
|
21
|
+
it { should have_db_column(:service_id).of_type(:integer).with_options(:null => false) }
|
|
22
|
+
it { should have_db_column(:vhost).of_type(:string) }
|
|
23
|
+
it { should have_db_column(:comments).of_type(:text) }
|
|
24
|
+
it { should have_db_column(:options).of_type(:text) }
|
|
23
25
|
end
|
|
24
26
|
|
|
25
27
|
context 'indices' do
|
|
26
|
-
it {
|
|
27
|
-
it {
|
|
28
|
-
it {
|
|
28
|
+
it { should have_db_index(:comments) }
|
|
29
|
+
it { should have_db_index(:options) }
|
|
30
|
+
it { should have_db_index(:vhost) }
|
|
29
31
|
end
|
|
30
32
|
end
|
|
31
33
|
|
|
@@ -42,10 +44,10 @@ RSpec.describe Mdm::WebSite, type: :model do
|
|
|
42
44
|
end
|
|
43
45
|
|
|
44
46
|
context 'associations' do
|
|
45
|
-
it {
|
|
46
|
-
it {
|
|
47
|
-
it {
|
|
48
|
-
it {
|
|
47
|
+
it { should belong_to(:service).class_name('Mdm::Service') }
|
|
48
|
+
it { should have_many(:web_forms).class_name('Mdm::WebForm').dependent(:destroy) }
|
|
49
|
+
it { should have_many(:web_pages).class_name('Mdm::WebPage').dependent(:destroy) }
|
|
50
|
+
it { should have_many(:web_vulns).class_name('Mdm::WebVuln').dependent(:destroy) }
|
|
49
51
|
end
|
|
50
52
|
|
|
51
53
|
context 'methods' do
|
|
@@ -54,9 +56,9 @@ RSpec.describe Mdm::WebSite, type: :model do
|
|
|
54
56
|
mysite = FactoryGirl.create(:mdm_web_site)
|
|
55
57
|
FactoryGirl.create(:mdm_web_form, :web_site => mysite)
|
|
56
58
|
FactoryGirl.create(:mdm_web_form, :web_site => mysite)
|
|
57
|
-
|
|
59
|
+
mysite.form_count.should == 2
|
|
58
60
|
FactoryGirl.create(:mdm_web_form, :web_site => mysite)
|
|
59
|
-
|
|
61
|
+
mysite.form_count.should == 3
|
|
60
62
|
end
|
|
61
63
|
end
|
|
62
64
|
|
|
@@ -65,9 +67,9 @@ RSpec.describe Mdm::WebSite, type: :model do
|
|
|
65
67
|
mysite = FactoryGirl.create(:mdm_web_site)
|
|
66
68
|
FactoryGirl.create(:mdm_web_page, :web_site => mysite)
|
|
67
69
|
FactoryGirl.create(:mdm_web_page, :web_site => mysite)
|
|
68
|
-
|
|
70
|
+
mysite.page_count.should == 2
|
|
69
71
|
FactoryGirl.create(:mdm_web_page, :web_site => mysite)
|
|
70
|
-
|
|
72
|
+
mysite.page_count.should == 3
|
|
71
73
|
end
|
|
72
74
|
end
|
|
73
75
|
|
|
@@ -76,9 +78,9 @@ RSpec.describe Mdm::WebSite, type: :model do
|
|
|
76
78
|
mysite = FactoryGirl.create(:mdm_web_site)
|
|
77
79
|
FactoryGirl.create(:mdm_web_vuln, :web_site => mysite)
|
|
78
80
|
FactoryGirl.create(:mdm_web_vuln, :web_site => mysite)
|
|
79
|
-
|
|
81
|
+
mysite.vuln_count.should == 2
|
|
80
82
|
FactoryGirl.create(:mdm_web_vuln, :web_site => mysite)
|
|
81
|
-
|
|
83
|
+
mysite.vuln_count.should == 3
|
|
82
84
|
end
|
|
83
85
|
end
|
|
84
86
|
end
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::WebVuln do
|
|
2
4
|
let(:confidence_range) do
|
|
3
5
|
0 .. 100
|
|
4
6
|
end
|
|
@@ -27,20 +29,20 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
27
29
|
it_should_behave_like 'Metasploit::Concern.run'
|
|
28
30
|
|
|
29
31
|
context 'associations' do
|
|
30
|
-
it {
|
|
32
|
+
it { should belong_to(:web_site).class_name('Mdm::WebSite') }
|
|
31
33
|
end
|
|
32
34
|
|
|
33
35
|
context 'CONSTANTS' do
|
|
34
36
|
it 'should define CONFIDENCE_RANGE' do
|
|
35
|
-
|
|
37
|
+
described_class::CONFIDENCE_RANGE.should == confidence_range
|
|
36
38
|
end
|
|
37
39
|
|
|
38
40
|
it 'should define METHODS in any order' do
|
|
39
|
-
|
|
41
|
+
described_class::METHODS.should =~ methods
|
|
40
42
|
end
|
|
41
43
|
|
|
42
44
|
it 'should define RISK_RANGE' do
|
|
43
|
-
|
|
45
|
+
described_class::RISK_RANGE.should == risk_range
|
|
44
46
|
end
|
|
45
47
|
end
|
|
46
48
|
|
|
@@ -58,33 +60,33 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
58
60
|
|
|
59
61
|
context 'database' do
|
|
60
62
|
context 'columns' do
|
|
61
|
-
it {
|
|
62
|
-
it {
|
|
63
|
-
it {
|
|
64
|
-
it {
|
|
65
|
-
it {
|
|
66
|
-
it {
|
|
67
|
-
it {
|
|
68
|
-
it {
|
|
69
|
-
it {
|
|
70
|
-
it {
|
|
71
|
-
it {
|
|
72
|
-
it {
|
|
73
|
-
it {
|
|
74
|
-
it {
|
|
75
|
-
it {
|
|
76
|
-
it {
|
|
63
|
+
it { should have_db_column(:blame).of_type(:text) }
|
|
64
|
+
it { should have_db_column(:category).of_type(:text).with_options(:null => false) }
|
|
65
|
+
it { should have_db_column(:confidence).of_type(:integer).with_options(:null => false) }
|
|
66
|
+
it { should have_db_column(:description).of_type(:text) }
|
|
67
|
+
it { should have_db_column(:method).of_type(:string).with_options(:limit => 1024, :null => false) }
|
|
68
|
+
it { should have_db_column(:name).of_type(:string).with_options(:limit => 1024, :null => false) }
|
|
69
|
+
it { should have_db_column(:owner).of_type(:string) }
|
|
70
|
+
it { should have_db_column(:params).of_type(:text).with_options(:null => false) }
|
|
71
|
+
it { should have_db_column(:path).of_type(:text).with_options(:null => false) }
|
|
72
|
+
it { should have_db_column(:payload).of_type(:text) }
|
|
73
|
+
it { should have_db_column(:pname).of_type(:text) }
|
|
74
|
+
it { should have_db_column(:proof).of_type(:binary).with_options(:null => false) }
|
|
75
|
+
it { should have_db_column(:query).of_type(:text) }
|
|
76
|
+
it { should have_db_column(:request).of_type(:binary) }
|
|
77
|
+
it { should have_db_column(:risk).of_type(:integer).with_options(:null => false) }
|
|
78
|
+
it { should have_db_column(:web_site_id).of_type(:integer).with_options(:null => false) }
|
|
77
79
|
|
|
78
80
|
context 'timestamps' do
|
|
79
|
-
it {
|
|
80
|
-
it {
|
|
81
|
+
it { should have_db_column(:created_at).of_type(:datetime).with_options(:null => false) }
|
|
82
|
+
it { should have_db_column(:updated_at).of_type(:datetime).with_options(:null => false) }
|
|
81
83
|
end
|
|
82
84
|
end
|
|
83
85
|
|
|
84
86
|
context 'indices' do
|
|
85
|
-
it {
|
|
86
|
-
it {
|
|
87
|
-
it {
|
|
87
|
+
it { should have_db_index(:method) }
|
|
88
|
+
it { should have_db_index(:name) }
|
|
89
|
+
it { should have_db_index(:path) }
|
|
88
90
|
end
|
|
89
91
|
end
|
|
90
92
|
|
|
@@ -94,7 +96,7 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
94
96
|
FactoryGirl.build(:mdm_web_vuln)
|
|
95
97
|
end
|
|
96
98
|
|
|
97
|
-
it {
|
|
99
|
+
it { should be_valid }
|
|
98
100
|
|
|
99
101
|
context 'after reloading' do
|
|
100
102
|
before(:each) do
|
|
@@ -102,21 +104,21 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
102
104
|
mdm_web_vuln.reload
|
|
103
105
|
end
|
|
104
106
|
|
|
105
|
-
it {
|
|
107
|
+
it { should be_valid }
|
|
106
108
|
end
|
|
107
109
|
end
|
|
108
110
|
end
|
|
109
111
|
|
|
110
112
|
context 'validations' do
|
|
111
|
-
it {
|
|
112
|
-
it {
|
|
113
|
-
it {
|
|
114
|
-
it {
|
|
115
|
-
it {
|
|
113
|
+
it { should validate_presence_of :category }
|
|
114
|
+
it { should ensure_inclusion_of(:confidence).in_range(confidence_range) }
|
|
115
|
+
it { should ensure_inclusion_of(:method).in_array(methods) }
|
|
116
|
+
it { should validate_presence_of :name }
|
|
117
|
+
it { should validate_presence_of :path }
|
|
116
118
|
|
|
117
119
|
context 'params' do
|
|
118
120
|
it 'should not validate presence of params because it default to [] and can never be nil' do
|
|
119
|
-
|
|
121
|
+
web_vuln.should_not validate_presence_of(:params)
|
|
120
122
|
end
|
|
121
123
|
|
|
122
124
|
context 'validates parameters' do
|
|
@@ -127,9 +129,9 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
127
129
|
it 'should validate params is an Array' do
|
|
128
130
|
web_vuln.params = ''
|
|
129
131
|
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
132
|
+
web_vuln.params.should_not be_an Array
|
|
133
|
+
web_vuln.should_not be_valid
|
|
134
|
+
web_vuln.errors[:params].should include(
|
|
133
135
|
"is not an Array. #{type_signature_sentence}"
|
|
134
136
|
)
|
|
135
137
|
end
|
|
@@ -138,7 +140,7 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
138
140
|
web_vuln.params = []
|
|
139
141
|
web_vuln.valid?
|
|
140
142
|
|
|
141
|
-
|
|
143
|
+
web_vuln.errors[:params].should be_empty
|
|
142
144
|
end
|
|
143
145
|
|
|
144
146
|
context 'with bad element' do
|
|
@@ -156,12 +158,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
156
158
|
end
|
|
157
159
|
|
|
158
160
|
it 'should not be an Array' do
|
|
159
|
-
|
|
161
|
+
web_vuln.params.first.should_not be_an Array
|
|
160
162
|
end
|
|
161
163
|
|
|
162
164
|
it 'should validate elements of params are Arrays' do
|
|
163
|
-
|
|
164
|
-
|
|
165
|
+
web_vuln.should_not be_valid
|
|
166
|
+
web_vuln.errors[:params].should include(
|
|
165
167
|
"has non-Array at index #{index} (#{element.inspect}). " \
|
|
166
168
|
"#{type_signature_sentence}"
|
|
167
169
|
)
|
|
@@ -174,12 +176,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
174
176
|
end
|
|
175
177
|
|
|
176
178
|
it 'should have length < 2' do
|
|
177
|
-
|
|
179
|
+
web_vuln.params.first.length.should < 2
|
|
178
180
|
end
|
|
179
181
|
|
|
180
182
|
it 'should validate elements of params are not too short' do
|
|
181
|
-
|
|
182
|
-
|
|
183
|
+
web_vuln.should_not be_valid
|
|
184
|
+
web_vuln.errors[:params].should include(
|
|
183
185
|
"has too few elements at index #{index} (#{element.inspect}). " \
|
|
184
186
|
"#{type_signature_sentence}"
|
|
185
187
|
)
|
|
@@ -192,12 +194,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
192
194
|
end
|
|
193
195
|
|
|
194
196
|
it 'should have length > 2' do
|
|
195
|
-
|
|
197
|
+
web_vuln.params.first.length.should > 2
|
|
196
198
|
end
|
|
197
199
|
|
|
198
200
|
it 'should validate elements of params are not too long' do
|
|
199
|
-
|
|
200
|
-
|
|
201
|
+
web_vuln.should_not be_valid
|
|
202
|
+
web_vuln.errors[:params].should include(
|
|
201
203
|
"has too many elements at index #{index} (#{element.inspect}). " \
|
|
202
204
|
"#{type_signature_sentence}"
|
|
203
205
|
)
|
|
@@ -216,12 +218,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
216
218
|
end
|
|
217
219
|
|
|
218
220
|
it 'should have blank parameter name' do
|
|
219
|
-
|
|
221
|
+
web_vuln.params.first.first.should be_empty
|
|
220
222
|
end
|
|
221
223
|
|
|
222
224
|
it 'should validate that parameter name is not empty' do
|
|
223
|
-
|
|
224
|
-
|
|
225
|
+
web_vuln.should_not be_valid
|
|
226
|
+
web_vuln.errors[:params].should include(
|
|
225
227
|
"has blank parameter name at index #{index} " \
|
|
226
228
|
"(#{element.inspect}). " \
|
|
227
229
|
"#{type_signature_sentence}"
|
|
@@ -236,12 +238,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
236
238
|
end
|
|
237
239
|
|
|
238
240
|
it 'should not have String for parameter name' do
|
|
239
|
-
|
|
241
|
+
web_vuln.params.first.first.should_not be_a String
|
|
240
242
|
end
|
|
241
243
|
|
|
242
244
|
it 'should validate that parameter name is a String' do
|
|
243
|
-
|
|
244
|
-
|
|
245
|
+
web_vuln.should_not be_valid
|
|
246
|
+
web_vuln.errors[:params].should include(
|
|
245
247
|
"has non-String parameter name (#{parameter_name.inspect}) " \
|
|
246
248
|
"at index #{index} (#{element.inspect}). " \
|
|
247
249
|
"#{type_signature_sentence}"
|
|
@@ -261,12 +263,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
261
263
|
end
|
|
262
264
|
|
|
263
265
|
it 'should not have String for parameter name' do
|
|
264
|
-
|
|
266
|
+
web_vuln.params.first.second.should_not be_a String
|
|
265
267
|
end
|
|
266
268
|
|
|
267
269
|
it 'should validate that parameter value is a String' do
|
|
268
|
-
|
|
269
|
-
|
|
270
|
+
web_vuln.should_not be_valid
|
|
271
|
+
web_vuln.errors[:params].should include(
|
|
270
272
|
"has non-String parameter value (#{parameter_value}) " \
|
|
271
273
|
"at index #{index} (#{element.inspect}). " \
|
|
272
274
|
"#{type_signature_sentence}"
|
|
@@ -278,13 +280,13 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
278
280
|
end
|
|
279
281
|
end
|
|
280
282
|
|
|
281
|
-
it {
|
|
282
|
-
it {
|
|
283
|
-
it {
|
|
283
|
+
it { should validate_presence_of :proof }
|
|
284
|
+
it { should ensure_inclusion_of(:risk).in_range(risk_range) }
|
|
285
|
+
it { should validate_presence_of :web_site }
|
|
284
286
|
end
|
|
285
287
|
|
|
286
288
|
context 'serializations' do
|
|
287
|
-
it {
|
|
289
|
+
it { should serialize(:params).as_instance_of(MetasploitDataModels::Base64Serializer) }
|
|
288
290
|
end
|
|
289
291
|
|
|
290
292
|
context '#params' do
|
|
@@ -297,12 +299,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
297
299
|
end
|
|
298
300
|
|
|
299
301
|
it 'should default to []' do
|
|
300
|
-
|
|
302
|
+
params.should == default
|
|
301
303
|
end
|
|
302
304
|
|
|
303
305
|
it 'should return default if set to nil' do
|
|
304
306
|
web_vuln.params = nil
|
|
305
|
-
|
|
307
|
+
web_vuln.params.should == default
|
|
306
308
|
end
|
|
307
309
|
|
|
308
310
|
it 'should return default if set to nil and saved' do
|
|
@@ -310,7 +312,7 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
310
312
|
web_vuln.params = nil
|
|
311
313
|
web_vuln.save!
|
|
312
314
|
|
|
313
|
-
|
|
315
|
+
web_vuln.params.should == default
|
|
314
316
|
end
|
|
315
317
|
end
|
|
316
318
|
end
|