metasploit_data_models 0.24.4 → 0.24.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rspec +3 -3
- data/.travis.yml +3 -6
- data/CONTRIBUTING.md +52 -10
- data/Gemfile +8 -1
- data/Rakefile +0 -23
- data/app/models/mdm/api_key.rb +1 -41
- data/app/models/mdm/client.rb +1 -41
- data/app/models/mdm/cred.rb +19 -107
- data/app/models/mdm/event.rb +1 -48
- data/app/models/mdm/exploit_attempt.rb +16 -65
- data/app/models/mdm/exploited_host.rb +1 -28
- data/app/models/mdm/host_detail.rb +1 -45
- data/app/models/mdm/host_tag.rb +8 -6
- data/app/models/mdm/listener.rb +1 -53
- data/app/models/mdm/macro.rb +0 -42
- data/app/models/mdm/mod_ref.rb +0 -21
- data/app/models/mdm/module/action.rb +0 -15
- data/app/models/mdm/module/arch.rb +0 -10
- data/app/models/mdm/module/author.rb +0 -16
- data/app/models/mdm/module/mixin.rb +0 -13
- data/app/models/mdm/module/platform.rb +0 -11
- data/app/models/mdm/module/target.rb +0 -18
- data/app/models/mdm/nexpose_console.rb +4 -82
- data/app/models/mdm/profile.rb +0 -36
- data/app/models/mdm/route.rb +5 -17
- data/app/models/mdm/session_event.rb +1 -33
- data/app/models/mdm/tag.rb +10 -49
- data/app/models/mdm/task.rb +45 -94
- data/app/models/mdm/task_cred.rb +0 -29
- data/app/models/mdm/task_host.rb +0 -25
- data/app/models/mdm/task_service.rb +0 -25
- data/app/models/mdm/task_session.rb +0 -25
- data/app/models/mdm/user.rb +6 -188
- data/app/models/mdm/vuln_attempt.rb +12 -37
- data/app/models/mdm/vuln_detail.rb +5 -139
- data/app/models/mdm/vuln_ref.rb +1 -4
- data/app/models/mdm/web_form.rb +1 -35
- data/app/models/mdm/web_page.rb +1 -70
- data/app/models/mdm/web_site.rb +1 -51
- data/app/models/mdm/wmap_request.rb +0 -85
- data/app/models/mdm/wmap_target.rb +0 -40
- data/app/models/mdm/workspace.rb +14 -152
- data/app/models/metasploit_data_models/automatic_exploitation.rb +16 -0
- data/app/models/metasploit_data_models/automatic_exploitation/match.rb +24 -19
- data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +5 -33
- data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +4 -22
- data/app/models/metasploit_data_models/automatic_exploitation/run.rb +3 -13
- data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +1 -1
- data/app/models/metasploit_data_models/module_run.rb +1 -1
- data/app/models/metasploit_data_models/search/visitor/where.rb +1 -1
- data/app/validators/ip_format_validator.rb +0 -4
- data/app/validators/parameters_validator.rb +0 -12
- data/app/validators/password_is_strong_validator.rb +1 -10
- data/lib/mdm/host/operating_system_normalization.rb +10 -7
- data/lib/metasploit_data_models.rb +0 -4
- data/lib/metasploit_data_models/engine.rb +0 -2
- data/lib/metasploit_data_models/serialized_prefs.rb +0 -6
- data/lib/metasploit_data_models/version.rb +10 -24
- data/lib/tasks/yard.rake +33 -0
- data/metasploit_data_models.gemspec +2 -9
- data/spec/app/models/mdm/api_key_spec.rb +3 -1
- data/spec/app/models/mdm/client_spec.rb +11 -9
- data/spec/app/models/mdm/cred_spec.rb +54 -42
- data/spec/app/models/mdm/event_spec.rb +23 -21
- data/spec/app/models/mdm/exploit_attempt_spec.rb +21 -19
- data/spec/app/models/mdm/exploited_host_spec.rb +13 -11
- data/spec/app/models/mdm/host_detail_spec.rb +17 -15
- data/spec/app/models/mdm/host_spec.rb +260 -261
- data/spec/app/models/mdm/host_tag_spec.rb +8 -6
- data/spec/app/models/mdm/listener_spec.rb +32 -30
- data/spec/app/models/mdm/loot_spec.rb +23 -21
- data/spec/app/models/mdm/macro_spec.rb +3 -1
- data/spec/app/models/mdm/mod_ref_spec.rb +3 -1
- data/spec/app/models/mdm/module/action_spec.rb +12 -10
- data/spec/app/models/mdm/module/arch_spec.rb +12 -10
- data/spec/app/models/mdm/module/author_spec.rb +17 -22
- data/spec/app/models/mdm/module/detail_spec.rb +75 -184
- data/spec/app/models/mdm/module/mixin_spec.rb +12 -10
- data/spec/app/models/mdm/module/platform_spec.rb +12 -10
- data/spec/app/models/mdm/module/ref_spec.rb +12 -10
- data/spec/app/models/mdm/module/target_spec.rb +15 -13
- data/spec/app/models/mdm/nexpose_console_spec.rb +37 -35
- data/spec/app/models/mdm/note_spec.rb +25 -23
- data/spec/app/models/mdm/profile_spec.rb +3 -1
- data/spec/app/models/mdm/ref_spec.rb +12 -10
- data/spec/app/models/mdm/route_spec.rb +8 -6
- data/spec/app/models/mdm/service_spec.rb +40 -38
- data/spec/app/models/mdm/session_event_spec.rb +12 -10
- data/spec/app/models/mdm/session_spec.rb +15 -13
- data/spec/app/models/mdm/tag_spec.rb +29 -29
- data/spec/app/models/mdm/task_cred_spec.rb +11 -9
- data/spec/app/models/mdm/task_host_spec.rb +11 -9
- data/spec/app/models/mdm/task_service_spec.rb +11 -9
- data/spec/app/models/mdm/task_session_spec.rb +9 -7
- data/spec/app/models/mdm/task_spec.rb +29 -27
- data/spec/app/models/mdm/user_spec.rb +19 -17
- data/spec/app/models/mdm/vuln_attempt_spec.rb +16 -14
- data/spec/app/models/mdm/vuln_detail_spec.rb +28 -26
- data/spec/app/models/mdm/vuln_ref_spec.rb +10 -8
- data/spec/app/models/mdm/vuln_spec.rb +26 -24
- data/spec/app/models/mdm/web_form_spec.rb +13 -11
- data/spec/app/models/mdm/web_page_spec.rb +21 -19
- data/spec/app/models/mdm/web_site_spec.rb +23 -21
- data/spec/app/models/mdm/web_vuln_spec.rb +65 -63
- data/spec/app/models/mdm/wmap_request_spec.rb +3 -1
- data/spec/app/models/mdm/wmap_target_spec.rb +3 -1
- data/spec/app/models/mdm/workspace_spec.rb +100 -97
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +5 -3
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +15 -13
- data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +12 -10
- data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +23 -21
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +11 -9
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +23 -21
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +15 -22
- data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +6 -4
- data/spec/app/models/metasploit_data_models/module_run_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +20 -18
- data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +8 -6
- data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +4 -2
- data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +10 -8
- data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +8 -6
- data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +11 -9
- data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +7 -5
- data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +19 -17
- data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +7 -5
- data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +23 -61
- data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +10 -8
- data/spec/app/validators/parameters_validator_spec.rb +29 -29
- data/spec/app/validators/password_is_strong_validator_spec.rb +46 -54
- data/spec/dummy/db/structure.sql +3403 -0
- data/spec/factories/mdm/module/details.rb +1 -1
- data/spec/lib/base64_serializer_spec.rb +19 -19
- data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +12 -18
- data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +6 -4
- data/spec/lib/metasploit_data_models/match/child_spec.rb +4 -2
- data/spec/lib/metasploit_data_models/match/parent_spec.rb +6 -4
- data/spec/lib/metasploit_data_models/version_spec.rb +141 -3
- data/spec/spec_helper.rb +12 -86
- data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +2 -2
- data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +4 -4
- data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +2 -2
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +5 -5
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +5 -5
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +3 -3
- data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +6 -7
- metadata +9 -67
- data/CHANGELOG.md +0 -6
- data/RELEASING.md +0 -88
- data/UPGRADING.md +0 -1
- data/lib/metasploit_data_models/automatic_exploitation.rb +0 -25
- data/spec/lib/metasploit_data_models_spec.rb +0 -4
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::VulnRef do
|
|
2
4
|
it_should_behave_like 'Metasploit::Concern.run'
|
|
3
5
|
|
|
4
6
|
context 'factories' do
|
|
@@ -7,27 +9,27 @@ RSpec.describe Mdm::VulnRef, type: :model do
|
|
|
7
9
|
FactoryGirl.build(:mdm_vuln_ref)
|
|
8
10
|
end
|
|
9
11
|
|
|
10
|
-
it {
|
|
12
|
+
it { should be_valid }
|
|
11
13
|
end
|
|
12
14
|
end
|
|
13
15
|
|
|
14
16
|
context 'database' do
|
|
15
17
|
context 'columns' do
|
|
16
|
-
it {
|
|
17
|
-
it {
|
|
18
|
-
it {
|
|
18
|
+
it { should have_db_column(:id).of_type(:integer) }
|
|
19
|
+
it { should have_db_column(:ref_id).of_type(:integer) }
|
|
20
|
+
it { should have_db_column(:vuln_id).of_type(:integer) }
|
|
19
21
|
end
|
|
20
22
|
end
|
|
21
23
|
|
|
22
24
|
context 'associations' do
|
|
23
|
-
it {
|
|
24
|
-
it {
|
|
25
|
+
it { should belong_to(:vuln).class_name('Mdm::Vuln') }
|
|
26
|
+
it { should belong_to(:ref).class_name('Mdm::Ref') }
|
|
25
27
|
end
|
|
26
28
|
|
|
27
29
|
context 'factory' do
|
|
28
30
|
it 'should be valid' do
|
|
29
31
|
vuln_ref = FactoryGirl.build(:mdm_vuln_ref)
|
|
30
|
-
|
|
32
|
+
vuln_ref.should be_valid
|
|
31
33
|
end
|
|
32
34
|
end
|
|
33
35
|
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::Vuln do
|
|
2
4
|
subject(:vuln) do
|
|
3
5
|
FactoryGirl.build(:mdm_vuln)
|
|
4
6
|
end
|
|
@@ -42,7 +44,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
42
44
|
it { is_expected.to have_many(:notes).class_name('Mdm::Note').dependent(:delete_all).order('notes.created_at') }
|
|
43
45
|
|
|
44
46
|
context 'module_details' do
|
|
45
|
-
it {
|
|
47
|
+
it { should have_many(:module_details).class_name('Mdm::Module::Detail').through(:module_refs) }
|
|
46
48
|
|
|
47
49
|
context 'with Mdm::Refs' do
|
|
48
50
|
let(:names) do
|
|
@@ -112,8 +114,8 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
112
114
|
module_details << module_ref.detail
|
|
113
115
|
end
|
|
114
116
|
|
|
115
|
-
|
|
116
|
-
|
|
117
|
+
vuln.module_details.count.should < module_details.length
|
|
118
|
+
module_details.uniq.count.should == vuln.module_details.count
|
|
117
119
|
end
|
|
118
120
|
end
|
|
119
121
|
end
|
|
@@ -124,20 +126,20 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
124
126
|
|
|
125
127
|
context 'database' do
|
|
126
128
|
context 'columns' do
|
|
127
|
-
it {
|
|
128
|
-
it {
|
|
129
|
-
it {
|
|
130
|
-
it {
|
|
131
|
-
it {
|
|
129
|
+
it { should have_db_column(:exploited_at).of_type(:datetime) }
|
|
130
|
+
it { should have_db_column(:host_id).of_type(:integer) }
|
|
131
|
+
it { should have_db_column(:info).of_type(:string) }
|
|
132
|
+
it { should have_db_column(:name).of_type(:string) }
|
|
133
|
+
it { should have_db_column(:service_id).of_type(:integer) }
|
|
132
134
|
|
|
133
135
|
context 'counter caches' do
|
|
134
|
-
it {
|
|
135
|
-
it {
|
|
136
|
+
it { should have_db_column(:vuln_attempt_count).of_type(:integer).with_options(:default => 0) }
|
|
137
|
+
it { should have_db_column(:vuln_detail_count).of_type(:integer).with_options(:default => 0) }
|
|
136
138
|
end
|
|
137
139
|
|
|
138
140
|
context 'timestamps' do
|
|
139
|
-
it {
|
|
140
|
-
it {
|
|
141
|
+
it { should have_db_column(:created_at).of_type(:datetime) }
|
|
142
|
+
it { should have_db_column(:updated_at).of_type(:datetime) }
|
|
141
143
|
end
|
|
142
144
|
end
|
|
143
145
|
end
|
|
@@ -148,7 +150,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
148
150
|
FactoryGirl.build(:mdm_host_vuln)
|
|
149
151
|
end
|
|
150
152
|
|
|
151
|
-
it {
|
|
153
|
+
it { should be_valid }
|
|
152
154
|
end
|
|
153
155
|
|
|
154
156
|
context 'mdm_service_vuln' do
|
|
@@ -156,7 +158,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
156
158
|
FactoryGirl.build(:mdm_service_vuln)
|
|
157
159
|
end
|
|
158
160
|
|
|
159
|
-
it {
|
|
161
|
+
it { should be_valid }
|
|
160
162
|
end
|
|
161
163
|
|
|
162
164
|
context 'mdm_vuln' do
|
|
@@ -164,7 +166,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
164
166
|
FactoryGirl.build(:mdm_vuln)
|
|
165
167
|
end
|
|
166
168
|
|
|
167
|
-
it {
|
|
169
|
+
it { should be_valid }
|
|
168
170
|
end
|
|
169
171
|
end
|
|
170
172
|
|
|
@@ -195,7 +197,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
195
197
|
end
|
|
196
198
|
|
|
197
199
|
it 'should match Mdm::Vuln' do
|
|
198
|
-
|
|
200
|
+
results.should =~ [vuln]
|
|
199
201
|
end
|
|
200
202
|
end
|
|
201
203
|
|
|
@@ -205,7 +207,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
205
207
|
end
|
|
206
208
|
|
|
207
209
|
it 'should not match Mdm::Vuln' do
|
|
208
|
-
|
|
210
|
+
results.should be_empty
|
|
209
211
|
end
|
|
210
212
|
end
|
|
211
213
|
end
|
|
@@ -217,7 +219,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
217
219
|
end
|
|
218
220
|
|
|
219
221
|
it 'should match Mdm::Vuln' do
|
|
220
|
-
|
|
222
|
+
results.should =~ [vuln]
|
|
221
223
|
end
|
|
222
224
|
end
|
|
223
225
|
|
|
@@ -227,7 +229,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
227
229
|
end
|
|
228
230
|
|
|
229
231
|
it 'should not match Mdm::Vuln' do
|
|
230
|
-
|
|
232
|
+
results.should be_empty
|
|
231
233
|
end
|
|
232
234
|
end
|
|
233
235
|
|
|
@@ -237,7 +239,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
237
239
|
end
|
|
238
240
|
|
|
239
241
|
it 'should match Mdm::Vuln' do
|
|
240
|
-
|
|
242
|
+
results.should =~ [vuln]
|
|
241
243
|
end
|
|
242
244
|
end
|
|
243
245
|
|
|
@@ -247,7 +249,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
247
249
|
end
|
|
248
250
|
|
|
249
251
|
it 'should not match Mdm::Vuln' do
|
|
250
|
-
|
|
252
|
+
results.should be_empty
|
|
251
253
|
end
|
|
252
254
|
end
|
|
253
255
|
end
|
|
@@ -257,7 +259,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
257
259
|
end
|
|
258
260
|
|
|
259
261
|
context 'validations' do
|
|
260
|
-
it {
|
|
262
|
+
it { should validate_presence_of :name }
|
|
261
263
|
|
|
262
264
|
context "invalid" do
|
|
263
265
|
let(:mdm_vuln) do
|
|
@@ -268,7 +270,7 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
|
268
270
|
str = Faker::Lorem.characters(256)
|
|
269
271
|
mdm_vuln.name = str
|
|
270
272
|
mdm_vuln.valid?
|
|
271
|
-
|
|
273
|
+
mdm_vuln.errors[:name][0].should include "is too long"
|
|
272
274
|
end
|
|
273
275
|
end
|
|
274
276
|
end
|
|
@@ -1,34 +1,36 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::WebForm do
|
|
2
4
|
it_should_behave_like 'Metasploit::Concern.run'
|
|
3
5
|
|
|
4
6
|
context 'associations' do
|
|
5
|
-
it {
|
|
7
|
+
it { should belong_to(:web_site).class_name('Mdm::WebSite') }
|
|
6
8
|
end
|
|
7
9
|
|
|
8
10
|
context 'database' do
|
|
9
11
|
|
|
10
12
|
context 'timestamps'do
|
|
11
|
-
it {
|
|
12
|
-
it {
|
|
13
|
+
it { should have_db_column(:created_at).of_type(:datetime).with_options(:null => false) }
|
|
14
|
+
it { should have_db_column(:updated_at).of_type(:datetime).with_options(:null => false) }
|
|
13
15
|
end
|
|
14
16
|
|
|
15
17
|
context 'columns' do
|
|
16
|
-
it {
|
|
17
|
-
it {
|
|
18
|
-
it {
|
|
19
|
-
it {
|
|
20
|
-
it {
|
|
18
|
+
it { should have_db_column(:web_site_id).of_type(:integer).with_options(:null => false) }
|
|
19
|
+
it { should have_db_column(:path).of_type(:text) }
|
|
20
|
+
it { should have_db_column(:method).of_type(:string) }
|
|
21
|
+
it { should have_db_column(:params).of_type(:text) }
|
|
22
|
+
it { should have_db_column(:query).of_type(:text) }
|
|
21
23
|
end
|
|
22
24
|
|
|
23
25
|
context 'indices' do
|
|
24
|
-
it {
|
|
26
|
+
it { should have_db_index(:path) }
|
|
25
27
|
end
|
|
26
28
|
end
|
|
27
29
|
|
|
28
30
|
context 'factory' do
|
|
29
31
|
it 'should be valid' do
|
|
30
32
|
web_form = FactoryGirl.build(:mdm_web_form)
|
|
31
|
-
|
|
33
|
+
web_form.should be_valid
|
|
32
34
|
end
|
|
33
35
|
end
|
|
34
36
|
|
|
@@ -1,42 +1,44 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::WebPage do
|
|
2
4
|
it_should_behave_like 'Metasploit::Concern.run'
|
|
3
5
|
|
|
4
6
|
context 'associations' do
|
|
5
|
-
it {
|
|
7
|
+
it { should belong_to(:web_site).class_name('Mdm::WebSite') }
|
|
6
8
|
end
|
|
7
9
|
|
|
8
10
|
context 'database' do
|
|
9
11
|
|
|
10
12
|
context 'timestamps'do
|
|
11
|
-
it {
|
|
12
|
-
it {
|
|
13
|
-
it {
|
|
13
|
+
it { should have_db_column(:created_at).of_type(:datetime).with_options(:null => false) }
|
|
14
|
+
it { should have_db_column(:updated_at).of_type(:datetime).with_options(:null => false) }
|
|
15
|
+
it { should have_db_column(:mtime).of_type(:datetime) }
|
|
14
16
|
end
|
|
15
17
|
|
|
16
18
|
context 'columns' do
|
|
17
|
-
it {
|
|
18
|
-
it {
|
|
19
|
-
it {
|
|
20
|
-
it {
|
|
21
|
-
it {
|
|
22
|
-
it {
|
|
23
|
-
it {
|
|
24
|
-
it {
|
|
25
|
-
it {
|
|
26
|
-
it {
|
|
27
|
-
it {
|
|
19
|
+
it { should have_db_column(:web_site_id).of_type(:integer).with_options(:null => false) }
|
|
20
|
+
it { should have_db_column(:path).of_type(:text) }
|
|
21
|
+
it { should have_db_column(:query).of_type(:text) }
|
|
22
|
+
it { should have_db_column(:code).of_type(:integer).with_options(:null => false) }
|
|
23
|
+
it { should have_db_column(:cookie).of_type(:text) }
|
|
24
|
+
it { should have_db_column(:auth).of_type(:text) }
|
|
25
|
+
it { should have_db_column(:ctype).of_type(:text) }
|
|
26
|
+
it { should have_db_column(:location).of_type(:text) }
|
|
27
|
+
it { should have_db_column(:headers).of_type(:text) }
|
|
28
|
+
it { should have_db_column(:body).of_type(:binary) }
|
|
29
|
+
it { should have_db_column(:request).of_type(:binary) }
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
context 'indices' do
|
|
31
|
-
it {
|
|
32
|
-
it {
|
|
33
|
+
it { should have_db_index(:path) }
|
|
34
|
+
it { should have_db_index(:query) }
|
|
33
35
|
end
|
|
34
36
|
end
|
|
35
37
|
|
|
36
38
|
context 'factory' do
|
|
37
39
|
it 'should be valid' do
|
|
38
40
|
web_page = FactoryGirl.build(:mdm_web_page)
|
|
39
|
-
|
|
41
|
+
web_page.should be_valid
|
|
40
42
|
end
|
|
41
43
|
end
|
|
42
44
|
|
|
@@ -1,31 +1,33 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::WebSite do
|
|
2
4
|
it_should_behave_like 'Metasploit::Concern.run'
|
|
3
5
|
|
|
4
6
|
context 'factory' do
|
|
5
7
|
it 'should be valid' do
|
|
6
8
|
web_site = FactoryGirl.build(:mdm_web_site)
|
|
7
|
-
|
|
9
|
+
web_site.should be_valid
|
|
8
10
|
end
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
context 'database' do
|
|
12
14
|
|
|
13
15
|
context 'timestamps'do
|
|
14
|
-
it {
|
|
15
|
-
it {
|
|
16
|
+
it { should have_db_column(:created_at).of_type(:datetime).with_options(:null => false) }
|
|
17
|
+
it { should have_db_column(:updated_at).of_type(:datetime).with_options(:null => false) }
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
context 'columns' do
|
|
19
|
-
it {
|
|
20
|
-
it {
|
|
21
|
-
it {
|
|
22
|
-
it {
|
|
21
|
+
it { should have_db_column(:service_id).of_type(:integer).with_options(:null => false) }
|
|
22
|
+
it { should have_db_column(:vhost).of_type(:string) }
|
|
23
|
+
it { should have_db_column(:comments).of_type(:text) }
|
|
24
|
+
it { should have_db_column(:options).of_type(:text) }
|
|
23
25
|
end
|
|
24
26
|
|
|
25
27
|
context 'indices' do
|
|
26
|
-
it {
|
|
27
|
-
it {
|
|
28
|
-
it {
|
|
28
|
+
it { should have_db_index(:comments) }
|
|
29
|
+
it { should have_db_index(:options) }
|
|
30
|
+
it { should have_db_index(:vhost) }
|
|
29
31
|
end
|
|
30
32
|
end
|
|
31
33
|
|
|
@@ -42,10 +44,10 @@ RSpec.describe Mdm::WebSite, type: :model do
|
|
|
42
44
|
end
|
|
43
45
|
|
|
44
46
|
context 'associations' do
|
|
45
|
-
it {
|
|
46
|
-
it {
|
|
47
|
-
it {
|
|
48
|
-
it {
|
|
47
|
+
it { should belong_to(:service).class_name('Mdm::Service') }
|
|
48
|
+
it { should have_many(:web_forms).class_name('Mdm::WebForm').dependent(:destroy) }
|
|
49
|
+
it { should have_many(:web_pages).class_name('Mdm::WebPage').dependent(:destroy) }
|
|
50
|
+
it { should have_many(:web_vulns).class_name('Mdm::WebVuln').dependent(:destroy) }
|
|
49
51
|
end
|
|
50
52
|
|
|
51
53
|
context 'methods' do
|
|
@@ -54,9 +56,9 @@ RSpec.describe Mdm::WebSite, type: :model do
|
|
|
54
56
|
mysite = FactoryGirl.create(:mdm_web_site)
|
|
55
57
|
FactoryGirl.create(:mdm_web_form, :web_site => mysite)
|
|
56
58
|
FactoryGirl.create(:mdm_web_form, :web_site => mysite)
|
|
57
|
-
|
|
59
|
+
mysite.form_count.should == 2
|
|
58
60
|
FactoryGirl.create(:mdm_web_form, :web_site => mysite)
|
|
59
|
-
|
|
61
|
+
mysite.form_count.should == 3
|
|
60
62
|
end
|
|
61
63
|
end
|
|
62
64
|
|
|
@@ -65,9 +67,9 @@ RSpec.describe Mdm::WebSite, type: :model do
|
|
|
65
67
|
mysite = FactoryGirl.create(:mdm_web_site)
|
|
66
68
|
FactoryGirl.create(:mdm_web_page, :web_site => mysite)
|
|
67
69
|
FactoryGirl.create(:mdm_web_page, :web_site => mysite)
|
|
68
|
-
|
|
70
|
+
mysite.page_count.should == 2
|
|
69
71
|
FactoryGirl.create(:mdm_web_page, :web_site => mysite)
|
|
70
|
-
|
|
72
|
+
mysite.page_count.should == 3
|
|
71
73
|
end
|
|
72
74
|
end
|
|
73
75
|
|
|
@@ -76,9 +78,9 @@ RSpec.describe Mdm::WebSite, type: :model do
|
|
|
76
78
|
mysite = FactoryGirl.create(:mdm_web_site)
|
|
77
79
|
FactoryGirl.create(:mdm_web_vuln, :web_site => mysite)
|
|
78
80
|
FactoryGirl.create(:mdm_web_vuln, :web_site => mysite)
|
|
79
|
-
|
|
81
|
+
mysite.vuln_count.should == 2
|
|
80
82
|
FactoryGirl.create(:mdm_web_vuln, :web_site => mysite)
|
|
81
|
-
|
|
83
|
+
mysite.vuln_count.should == 3
|
|
82
84
|
end
|
|
83
85
|
end
|
|
84
86
|
end
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Mdm::WebVuln do
|
|
2
4
|
let(:confidence_range) do
|
|
3
5
|
0 .. 100
|
|
4
6
|
end
|
|
@@ -27,20 +29,20 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
27
29
|
it_should_behave_like 'Metasploit::Concern.run'
|
|
28
30
|
|
|
29
31
|
context 'associations' do
|
|
30
|
-
it {
|
|
32
|
+
it { should belong_to(:web_site).class_name('Mdm::WebSite') }
|
|
31
33
|
end
|
|
32
34
|
|
|
33
35
|
context 'CONSTANTS' do
|
|
34
36
|
it 'should define CONFIDENCE_RANGE' do
|
|
35
|
-
|
|
37
|
+
described_class::CONFIDENCE_RANGE.should == confidence_range
|
|
36
38
|
end
|
|
37
39
|
|
|
38
40
|
it 'should define METHODS in any order' do
|
|
39
|
-
|
|
41
|
+
described_class::METHODS.should =~ methods
|
|
40
42
|
end
|
|
41
43
|
|
|
42
44
|
it 'should define RISK_RANGE' do
|
|
43
|
-
|
|
45
|
+
described_class::RISK_RANGE.should == risk_range
|
|
44
46
|
end
|
|
45
47
|
end
|
|
46
48
|
|
|
@@ -58,33 +60,33 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
58
60
|
|
|
59
61
|
context 'database' do
|
|
60
62
|
context 'columns' do
|
|
61
|
-
it {
|
|
62
|
-
it {
|
|
63
|
-
it {
|
|
64
|
-
it {
|
|
65
|
-
it {
|
|
66
|
-
it {
|
|
67
|
-
it {
|
|
68
|
-
it {
|
|
69
|
-
it {
|
|
70
|
-
it {
|
|
71
|
-
it {
|
|
72
|
-
it {
|
|
73
|
-
it {
|
|
74
|
-
it {
|
|
75
|
-
it {
|
|
76
|
-
it {
|
|
63
|
+
it { should have_db_column(:blame).of_type(:text) }
|
|
64
|
+
it { should have_db_column(:category).of_type(:text).with_options(:null => false) }
|
|
65
|
+
it { should have_db_column(:confidence).of_type(:integer).with_options(:null => false) }
|
|
66
|
+
it { should have_db_column(:description).of_type(:text) }
|
|
67
|
+
it { should have_db_column(:method).of_type(:string).with_options(:limit => 1024, :null => false) }
|
|
68
|
+
it { should have_db_column(:name).of_type(:string).with_options(:limit => 1024, :null => false) }
|
|
69
|
+
it { should have_db_column(:owner).of_type(:string) }
|
|
70
|
+
it { should have_db_column(:params).of_type(:text).with_options(:null => false) }
|
|
71
|
+
it { should have_db_column(:path).of_type(:text).with_options(:null => false) }
|
|
72
|
+
it { should have_db_column(:payload).of_type(:text) }
|
|
73
|
+
it { should have_db_column(:pname).of_type(:text) }
|
|
74
|
+
it { should have_db_column(:proof).of_type(:binary).with_options(:null => false) }
|
|
75
|
+
it { should have_db_column(:query).of_type(:text) }
|
|
76
|
+
it { should have_db_column(:request).of_type(:binary) }
|
|
77
|
+
it { should have_db_column(:risk).of_type(:integer).with_options(:null => false) }
|
|
78
|
+
it { should have_db_column(:web_site_id).of_type(:integer).with_options(:null => false) }
|
|
77
79
|
|
|
78
80
|
context 'timestamps' do
|
|
79
|
-
it {
|
|
80
|
-
it {
|
|
81
|
+
it { should have_db_column(:created_at).of_type(:datetime).with_options(:null => false) }
|
|
82
|
+
it { should have_db_column(:updated_at).of_type(:datetime).with_options(:null => false) }
|
|
81
83
|
end
|
|
82
84
|
end
|
|
83
85
|
|
|
84
86
|
context 'indices' do
|
|
85
|
-
it {
|
|
86
|
-
it {
|
|
87
|
-
it {
|
|
87
|
+
it { should have_db_index(:method) }
|
|
88
|
+
it { should have_db_index(:name) }
|
|
89
|
+
it { should have_db_index(:path) }
|
|
88
90
|
end
|
|
89
91
|
end
|
|
90
92
|
|
|
@@ -94,7 +96,7 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
94
96
|
FactoryGirl.build(:mdm_web_vuln)
|
|
95
97
|
end
|
|
96
98
|
|
|
97
|
-
it {
|
|
99
|
+
it { should be_valid }
|
|
98
100
|
|
|
99
101
|
context 'after reloading' do
|
|
100
102
|
before(:each) do
|
|
@@ -102,21 +104,21 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
102
104
|
mdm_web_vuln.reload
|
|
103
105
|
end
|
|
104
106
|
|
|
105
|
-
it {
|
|
107
|
+
it { should be_valid }
|
|
106
108
|
end
|
|
107
109
|
end
|
|
108
110
|
end
|
|
109
111
|
|
|
110
112
|
context 'validations' do
|
|
111
|
-
it {
|
|
112
|
-
it {
|
|
113
|
-
it {
|
|
114
|
-
it {
|
|
115
|
-
it {
|
|
113
|
+
it { should validate_presence_of :category }
|
|
114
|
+
it { should ensure_inclusion_of(:confidence).in_range(confidence_range) }
|
|
115
|
+
it { should ensure_inclusion_of(:method).in_array(methods) }
|
|
116
|
+
it { should validate_presence_of :name }
|
|
117
|
+
it { should validate_presence_of :path }
|
|
116
118
|
|
|
117
119
|
context 'params' do
|
|
118
120
|
it 'should not validate presence of params because it default to [] and can never be nil' do
|
|
119
|
-
|
|
121
|
+
web_vuln.should_not validate_presence_of(:params)
|
|
120
122
|
end
|
|
121
123
|
|
|
122
124
|
context 'validates parameters' do
|
|
@@ -127,9 +129,9 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
127
129
|
it 'should validate params is an Array' do
|
|
128
130
|
web_vuln.params = ''
|
|
129
131
|
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
132
|
+
web_vuln.params.should_not be_an Array
|
|
133
|
+
web_vuln.should_not be_valid
|
|
134
|
+
web_vuln.errors[:params].should include(
|
|
133
135
|
"is not an Array. #{type_signature_sentence}"
|
|
134
136
|
)
|
|
135
137
|
end
|
|
@@ -138,7 +140,7 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
138
140
|
web_vuln.params = []
|
|
139
141
|
web_vuln.valid?
|
|
140
142
|
|
|
141
|
-
|
|
143
|
+
web_vuln.errors[:params].should be_empty
|
|
142
144
|
end
|
|
143
145
|
|
|
144
146
|
context 'with bad element' do
|
|
@@ -156,12 +158,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
156
158
|
end
|
|
157
159
|
|
|
158
160
|
it 'should not be an Array' do
|
|
159
|
-
|
|
161
|
+
web_vuln.params.first.should_not be_an Array
|
|
160
162
|
end
|
|
161
163
|
|
|
162
164
|
it 'should validate elements of params are Arrays' do
|
|
163
|
-
|
|
164
|
-
|
|
165
|
+
web_vuln.should_not be_valid
|
|
166
|
+
web_vuln.errors[:params].should include(
|
|
165
167
|
"has non-Array at index #{index} (#{element.inspect}). " \
|
|
166
168
|
"#{type_signature_sentence}"
|
|
167
169
|
)
|
|
@@ -174,12 +176,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
174
176
|
end
|
|
175
177
|
|
|
176
178
|
it 'should have length < 2' do
|
|
177
|
-
|
|
179
|
+
web_vuln.params.first.length.should < 2
|
|
178
180
|
end
|
|
179
181
|
|
|
180
182
|
it 'should validate elements of params are not too short' do
|
|
181
|
-
|
|
182
|
-
|
|
183
|
+
web_vuln.should_not be_valid
|
|
184
|
+
web_vuln.errors[:params].should include(
|
|
183
185
|
"has too few elements at index #{index} (#{element.inspect}). " \
|
|
184
186
|
"#{type_signature_sentence}"
|
|
185
187
|
)
|
|
@@ -192,12 +194,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
192
194
|
end
|
|
193
195
|
|
|
194
196
|
it 'should have length > 2' do
|
|
195
|
-
|
|
197
|
+
web_vuln.params.first.length.should > 2
|
|
196
198
|
end
|
|
197
199
|
|
|
198
200
|
it 'should validate elements of params are not too long' do
|
|
199
|
-
|
|
200
|
-
|
|
201
|
+
web_vuln.should_not be_valid
|
|
202
|
+
web_vuln.errors[:params].should include(
|
|
201
203
|
"has too many elements at index #{index} (#{element.inspect}). " \
|
|
202
204
|
"#{type_signature_sentence}"
|
|
203
205
|
)
|
|
@@ -216,12 +218,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
216
218
|
end
|
|
217
219
|
|
|
218
220
|
it 'should have blank parameter name' do
|
|
219
|
-
|
|
221
|
+
web_vuln.params.first.first.should be_empty
|
|
220
222
|
end
|
|
221
223
|
|
|
222
224
|
it 'should validate that parameter name is not empty' do
|
|
223
|
-
|
|
224
|
-
|
|
225
|
+
web_vuln.should_not be_valid
|
|
226
|
+
web_vuln.errors[:params].should include(
|
|
225
227
|
"has blank parameter name at index #{index} " \
|
|
226
228
|
"(#{element.inspect}). " \
|
|
227
229
|
"#{type_signature_sentence}"
|
|
@@ -236,12 +238,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
236
238
|
end
|
|
237
239
|
|
|
238
240
|
it 'should not have String for parameter name' do
|
|
239
|
-
|
|
241
|
+
web_vuln.params.first.first.should_not be_a String
|
|
240
242
|
end
|
|
241
243
|
|
|
242
244
|
it 'should validate that parameter name is a String' do
|
|
243
|
-
|
|
244
|
-
|
|
245
|
+
web_vuln.should_not be_valid
|
|
246
|
+
web_vuln.errors[:params].should include(
|
|
245
247
|
"has non-String parameter name (#{parameter_name.inspect}) " \
|
|
246
248
|
"at index #{index} (#{element.inspect}). " \
|
|
247
249
|
"#{type_signature_sentence}"
|
|
@@ -261,12 +263,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
261
263
|
end
|
|
262
264
|
|
|
263
265
|
it 'should not have String for parameter name' do
|
|
264
|
-
|
|
266
|
+
web_vuln.params.first.second.should_not be_a String
|
|
265
267
|
end
|
|
266
268
|
|
|
267
269
|
it 'should validate that parameter value is a String' do
|
|
268
|
-
|
|
269
|
-
|
|
270
|
+
web_vuln.should_not be_valid
|
|
271
|
+
web_vuln.errors[:params].should include(
|
|
270
272
|
"has non-String parameter value (#{parameter_value}) " \
|
|
271
273
|
"at index #{index} (#{element.inspect}). " \
|
|
272
274
|
"#{type_signature_sentence}"
|
|
@@ -278,13 +280,13 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
278
280
|
end
|
|
279
281
|
end
|
|
280
282
|
|
|
281
|
-
it {
|
|
282
|
-
it {
|
|
283
|
-
it {
|
|
283
|
+
it { should validate_presence_of :proof }
|
|
284
|
+
it { should ensure_inclusion_of(:risk).in_range(risk_range) }
|
|
285
|
+
it { should validate_presence_of :web_site }
|
|
284
286
|
end
|
|
285
287
|
|
|
286
288
|
context 'serializations' do
|
|
287
|
-
it {
|
|
289
|
+
it { should serialize(:params).as_instance_of(MetasploitDataModels::Base64Serializer) }
|
|
288
290
|
end
|
|
289
291
|
|
|
290
292
|
context '#params' do
|
|
@@ -297,12 +299,12 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
297
299
|
end
|
|
298
300
|
|
|
299
301
|
it 'should default to []' do
|
|
300
|
-
|
|
302
|
+
params.should == default
|
|
301
303
|
end
|
|
302
304
|
|
|
303
305
|
it 'should return default if set to nil' do
|
|
304
306
|
web_vuln.params = nil
|
|
305
|
-
|
|
307
|
+
web_vuln.params.should == default
|
|
306
308
|
end
|
|
307
309
|
|
|
308
310
|
it 'should return default if set to nil and saved' do
|
|
@@ -310,7 +312,7 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
|
310
312
|
web_vuln.params = nil
|
|
311
313
|
web_vuln.save!
|
|
312
314
|
|
|
313
|
-
|
|
315
|
+
web_vuln.params.should == default
|
|
314
316
|
end
|
|
315
317
|
end
|
|
316
318
|
end
|