RubyGems - metasploit_data_models - Versions diffs - 0.24.4 → 0.24.5 - Mend

metasploit_data_models 0.24.4 → 0.24.5

Files changed (158) hide show

checksums.yaml +4 -4
data/.rspec +3 -3
data/.travis.yml +3 -6
data/CONTRIBUTING.md +52 -10
data/Gemfile +8 -1
data/Rakefile +0 -23
data/app/models/mdm/api_key.rb +1 -41
data/app/models/mdm/client.rb +1 -41
data/app/models/mdm/cred.rb +19 -107
data/app/models/mdm/event.rb +1 -48
data/app/models/mdm/exploit_attempt.rb +16 -65
data/app/models/mdm/exploited_host.rb +1 -28
data/app/models/mdm/host_detail.rb +1 -45
data/app/models/mdm/host_tag.rb +8 -6
data/app/models/mdm/listener.rb +1 -53
data/app/models/mdm/macro.rb +0 -42
data/app/models/mdm/mod_ref.rb +0 -21
data/app/models/mdm/module/action.rb +0 -15
data/app/models/mdm/module/arch.rb +0 -10
data/app/models/mdm/module/author.rb +0 -16
data/app/models/mdm/module/mixin.rb +0 -13
data/app/models/mdm/module/platform.rb +0 -11
data/app/models/mdm/module/target.rb +0 -18
data/app/models/mdm/nexpose_console.rb +4 -82
data/app/models/mdm/profile.rb +0 -36
data/app/models/mdm/route.rb +5 -17
data/app/models/mdm/session_event.rb +1 -33
data/app/models/mdm/tag.rb +10 -49
data/app/models/mdm/task.rb +45 -94
data/app/models/mdm/task_cred.rb +0 -29
data/app/models/mdm/task_host.rb +0 -25
data/app/models/mdm/task_service.rb +0 -25
data/app/models/mdm/task_session.rb +0 -25
data/app/models/mdm/user.rb +6 -188
data/app/models/mdm/vuln_attempt.rb +12 -37
data/app/models/mdm/vuln_detail.rb +5 -139
data/app/models/mdm/vuln_ref.rb +1 -4
data/app/models/mdm/web_form.rb +1 -35
data/app/models/mdm/web_page.rb +1 -70
data/app/models/mdm/web_site.rb +1 -51
data/app/models/mdm/wmap_request.rb +0 -85
data/app/models/mdm/wmap_target.rb +0 -40
data/app/models/mdm/workspace.rb +14 -152
data/app/models/metasploit_data_models/automatic_exploitation.rb +16 -0
data/app/models/metasploit_data_models/automatic_exploitation/match.rb +24 -19
data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +5 -33
data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +4 -22
data/app/models/metasploit_data_models/automatic_exploitation/run.rb +3 -13
data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +1 -1
data/app/models/metasploit_data_models/module_run.rb +1 -1
data/app/models/metasploit_data_models/search/visitor/where.rb +1 -1
data/app/validators/ip_format_validator.rb +0 -4
data/app/validators/parameters_validator.rb +0 -12
data/app/validators/password_is_strong_validator.rb +1 -10
data/lib/mdm/host/operating_system_normalization.rb +10 -7
data/lib/metasploit_data_models.rb +0 -4
data/lib/metasploit_data_models/engine.rb +0 -2
data/lib/metasploit_data_models/serialized_prefs.rb +0 -6
data/lib/metasploit_data_models/version.rb +10 -24
data/lib/tasks/yard.rake +33 -0
data/metasploit_data_models.gemspec +2 -9
data/spec/app/models/mdm/api_key_spec.rb +3 -1
data/spec/app/models/mdm/client_spec.rb +11 -9
data/spec/app/models/mdm/cred_spec.rb +54 -42
data/spec/app/models/mdm/event_spec.rb +23 -21
data/spec/app/models/mdm/exploit_attempt_spec.rb +21 -19
data/spec/app/models/mdm/exploited_host_spec.rb +13 -11
data/spec/app/models/mdm/host_detail_spec.rb +17 -15
data/spec/app/models/mdm/host_spec.rb +260 -261
data/spec/app/models/mdm/host_tag_spec.rb +8 -6
data/spec/app/models/mdm/listener_spec.rb +32 -30
data/spec/app/models/mdm/loot_spec.rb +23 -21
data/spec/app/models/mdm/macro_spec.rb +3 -1
data/spec/app/models/mdm/mod_ref_spec.rb +3 -1
data/spec/app/models/mdm/module/action_spec.rb +12 -10
data/spec/app/models/mdm/module/arch_spec.rb +12 -10
data/spec/app/models/mdm/module/author_spec.rb +17 -22
data/spec/app/models/mdm/module/detail_spec.rb +75 -184
data/spec/app/models/mdm/module/mixin_spec.rb +12 -10
data/spec/app/models/mdm/module/platform_spec.rb +12 -10
data/spec/app/models/mdm/module/ref_spec.rb +12 -10
data/spec/app/models/mdm/module/target_spec.rb +15 -13
data/spec/app/models/mdm/nexpose_console_spec.rb +37 -35
data/spec/app/models/mdm/note_spec.rb +25 -23
data/spec/app/models/mdm/profile_spec.rb +3 -1
data/spec/app/models/mdm/ref_spec.rb +12 -10
data/spec/app/models/mdm/route_spec.rb +8 -6
data/spec/app/models/mdm/service_spec.rb +40 -38
data/spec/app/models/mdm/session_event_spec.rb +12 -10
data/spec/app/models/mdm/session_spec.rb +15 -13
data/spec/app/models/mdm/tag_spec.rb +29 -29
data/spec/app/models/mdm/task_cred_spec.rb +11 -9
data/spec/app/models/mdm/task_host_spec.rb +11 -9
data/spec/app/models/mdm/task_service_spec.rb +11 -9
data/spec/app/models/mdm/task_session_spec.rb +9 -7
data/spec/app/models/mdm/task_spec.rb +29 -27
data/spec/app/models/mdm/user_spec.rb +19 -17
data/spec/app/models/mdm/vuln_attempt_spec.rb +16 -14
data/spec/app/models/mdm/vuln_detail_spec.rb +28 -26
data/spec/app/models/mdm/vuln_ref_spec.rb +10 -8
data/spec/app/models/mdm/vuln_spec.rb +26 -24
data/spec/app/models/mdm/web_form_spec.rb +13 -11
data/spec/app/models/mdm/web_page_spec.rb +21 -19
data/spec/app/models/mdm/web_site_spec.rb +23 -21
data/spec/app/models/mdm/web_vuln_spec.rb +65 -63
data/spec/app/models/mdm/wmap_request_spec.rb +3 -1
data/spec/app/models/mdm/wmap_target_spec.rb +3 -1
data/spec/app/models/mdm/workspace_spec.rb +100 -97
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +5 -3
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +15 -13
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +3 -1
data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +3 -1
data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +12 -10
data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +6 -4
data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +23 -21
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +11 -9
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +23 -21
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +6 -4
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +15 -22
data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +6 -4
data/spec/app/models/metasploit_data_models/module_run_spec.rb +3 -1
data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +20 -18
data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +8 -6
data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +10 -8
data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +10 -8
data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +4 -2
data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +10 -8
data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +8 -6
data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +11 -9
data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +7 -5
data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +19 -17
data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +7 -5
data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +23 -61
data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +10 -8
data/spec/app/validators/parameters_validator_spec.rb +29 -29
data/spec/app/validators/password_is_strong_validator_spec.rb +46 -54
data/spec/dummy/db/structure.sql +3403 -0
data/spec/factories/mdm/module/details.rb +1 -1
data/spec/lib/base64_serializer_spec.rb +19 -19
data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +12 -18
data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +6 -4
data/spec/lib/metasploit_data_models/match/child_spec.rb +4 -2
data/spec/lib/metasploit_data_models/match/parent_spec.rb +6 -4
data/spec/lib/metasploit_data_models/version_spec.rb +141 -3
data/spec/spec_helper.rb +12 -86
data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +2 -2
data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +4 -4
data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +2 -2
data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +5 -5
data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +5 -5
data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +3 -3
data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +6 -7
metadata +9 -67
data/CHANGELOG.md +0 -6
data/RELEASING.md +0 -88
data/UPGRADING.md +0 -1
data/lib/metasploit_data_models/automatic_exploitation.rb +0 -25
data/spec/lib/metasploit_data_models_spec.rb +0 -4

data/app/models/mdm/event.rb CHANGED Viewed

@@ -1,60 +1,16 @@
-# Records framework events to the database.
 class Mdm::Event < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # Host on which this event occurred.
-  #
-  # @return [Mdm::Host]
-  # @return [nil] if event did not occur on a host.
   belongs_to :host,
              class_name: 'Mdm::Host',
              inverse_of: :events
-  # {Mdm::Workspace} in which this event occured.  If {#host} is present, then this will match
-  # {Mdm::Host#workspace `host.workspace`}.
   belongs_to :workspace,
              class_name: 'Mdm::Workspace',
              inverse_of: :events
-  #
-  # Attributes
-  #
-  # @!attribute created_at
-  #   When this event was created.
-  #
-  #   @return [DateTime]
-  # @!attribute critical
-  #   Indicates if the event is critical.
-  #
-  #   @return [false] event is not critical.
-  #   @return [true] event is critical.
-  # @!attribute  name
-  #   Name of the event, such as 'module_run'.
-  #
-  #   @return [String]
-  # @!attribute seen
-  #   Whether a user has seen these events.
-  #
-  #   @return [false] if the event has not been seen.
-  #   @return [true] if any user has seen the event.
-  # @!attribute  updated_at
-  #   The last time this event was updated.
-  #
-  #   @return [DateTime]
-  # @!attribute username
-  #   Name of user that triggered the event.  Not necessarily a {Mdm::User#username}, as {#username} may be set to
-  #   the username of the user inferred from `ENV` when using metasploit-framework.
-  #
-  #   @return [String]
   #
   # Scopes
   #
@@ -66,9 +22,6 @@ class Mdm::Event < ActiveRecord::Base
   # Serializations
   #
-  # {#name}-specific information about this event.
-  #
-  # @return [Hash]
   serialize :info, MetasploitDataModels::Base64Serializer.new
   #

data/app/models/mdm/exploit_attempt.rb CHANGED Viewed

@@ -1,99 +1,50 @@
-# An attempt to exploit {#host}.
 class Mdm::ExploitAttempt < ActiveRecord::Base
   #
   # Associations
   #
-  # Host that was attempted to be exploited.
+  # @!attribute host
+  #   Host that was attempted to be exploited.
   #
-  # @return [Mdm::Host]
+  #   @return [Mdm::Host]
   belongs_to :host,
              class_name: 'Mdm::Host',
              counter_cache: :exploit_attempt_count,
              inverse_of: :exploit_attempts
-  # Loot gathers from the successful exploit.
+  # @!attribute loot
+  #   Loot gathers from the successful exploit.
   #
-  # @return [Mdm::Loot, nil]
+  #   @return [Mdm::Loot, nil]
   belongs_to :loot,
              class_name: 'Mdm::Loot',
              inverse_of: :exploit_attempt
-  # The service being exploited on {#host}.
+  # @!attribute service
+  #   The service being exploited on {#host}.
   #
-  # @return [Mdm::Service, nil]
+  #   @return [Mdm::Service, nil]
   belongs_to :service,
              class_name: 'Mdm::Service',
              inverse_of: :exploit_attempts
-  # The session that was established when this attempt was successful.
+  # @!attribute session
+  #   The session that was established when this attempt was successful.
   #
-  # @return [Mdm::Session]
-  # @return [nil] if session was not established.
+  #   @return [Mdm::Session]
+  #   @return [nil] if session was not established.
   belongs_to :session,
              class_name: 'Mdm::Session',
              inverse_of: :exploit_attempt
-  # The vulnerability that was attempted to be exploited.
+  # @!attribute vuln
+  #   The vulnerability that was attempted to be exploited.
   #
-  # @return [Mdm::Vuln, nil]
+  #   @return [Mdm::Vuln, nil]
   belongs_to :vuln,
              class_name: 'Mdm::Vuln',
              inverse_of: :exploit_attempts
-  #
-  # Attributes
-  #
-  # @!attribute attempted_at
-  #   When the attempt was made.
-  #
-  #   @return [DateTime]
-  # @!attribute exploited
-  #   Whether the attempt was successful.
-  #
-  #   @return [true] attempt was successful.
-  #   @return [false] attempt was not successful.
-  # @!attribute fail_detail
-  #   A more verbose reason (compared to {#fail_reason} for the failure.
-  #
-  #   @return [String, nil]
-  # @!attribute fail_reason
-  #   Summary of why the attempt failed if {#exploited} is `false`.  For more details see {#fail_detail}.
-  #
-  #   @return [String, nil]
-  # @!attribute host_id
-  #   Foreign key to look up {#host}.
-  #
-  #   @return [Integer]
-  # @!attribute  module
-  #   The full name of the exploit module that made the attempt.
-  #
-  #   @return [String]
-  #   @todo Remove deprecated Mdm::Exploit#module (MSP-9281)
-  # @!attribute port
-  #   The port on {#host} which the exploit was attempted.
-  #
-  #   @return [Integer]
-  #   @todo Mdm::ExploitAttempt#port and Mdm::ExploitAttempt#proto are obsolete and should be removed (MSP-9284)
-  # @!attribute proto
-  #   The protocol name used on {#port}.
-  #
-  #   @return [String]
-  #   @todo Mdm::ExploitAttempt#port and Mdm::ExploitAttempt#proto are obsolete and should be removed (MSP-9284)
-  # @!attribute username
-  #   Name of user that made the attempt.  May be an {Mdm::User#name} or a system username.
-  #
-  #   @return [String]
   #
   # Validations
   #

data/app/models/mdm/exploited_host.rb CHANGED Viewed

@@ -1,42 +1,15 @@
-# @deprecated use {Mdm::ExploitAttempt} instead.
-#
-# When a {#host} or {#service} on a {#host} is exploited.
 class Mdm::ExploitedHost < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # The host that was exploited.
   belongs_to :host,
              class_name: 'Mdm::Host',
              inverse_of: :exploited_hosts
-  # The service on {#host} that was exploited.
   belongs_to :service,
              class_name: 'Mdm::Service',
              inverse_of: :exploited_hosts
-  #
-  # Attributes
-  #
-  # @!attribute name
-  #   Name of exploit.
-  #
-  #   @return [String]
-  # @!attribute payload
-  #   {Mdm::Module::Class#full_name Full name of the payload module} used to exploit the {#host} or {#service} on
-  #   {#host}.
-  #
-  #   @return [String]
-  # @!attribute session_uuid
-  #   UUID of local session.
-  #
-  #   @return [String]
-  #   @deprecated Sessions no longer have UUIDs.  They have {Mdm::Session#local_id} that reflects the in-memory
-  #     Msf::Session ID and an in-database {Mdm::Session#id}.
   Metasploit::Concern.run(self)
 end

data/app/models/mdm/host_detail.rb CHANGED Viewed

@@ -1,57 +1,13 @@
-# Details supplied by Nexpose about a {Mdm::Host host}.
 class Mdm::HostDetail < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # Host that this detail is about.
   belongs_to :host,
              class_name: 'Mdm::Host',
              counter_cache: :host_detail_count,
              inverse_of: :host_details
-  #
-  # Attributes
-  #
-  # @!attribute host_id
-  #   The foreign key used to look up {#host}.
-  #
-  #   @return [Integer]
-  # @!attribute nx_console_id
-  #   The ID of the Nexpose console.
-  #
-  #   @return [Integer]
-  # @!attribute nx_device_id
-  #   The ID of the Device in Nexpose.
-  #
-  #   @return [Integer]
-  # @!attribute nx_risk_score
-  #   Risk score assigned by Nexpose.  Useful to ordering hosts to determine which host to target first in metasploit.
-  #
-  #   @return [Float]
-  # @!attribute nx_scan_template
-  #   The template used by Nexpose to perform the scan on the {#nx_site_name site} on {#host}.
-  #
-  #   @return [String]
-  # @!attribute nx_site_importance
-  #   The importance of scanning the {#nx_site_name site} running on {#host} according to Nexpose.
-  #
-  #   @return [String]
-  # @!attribute nx_site_name
-  #   Name of site running on {#host} according to Nexpose.
-  #
-  #   @return [String]
-  # @!attribute src
-  #    @return [String]
   #
   # Validations
   #

data/app/models/mdm/host_tag.rb CHANGED Viewed

@@ -1,4 +1,3 @@
-# Join model between {Mdm::Host} and {Mdm::Tag}.
 class Mdm::HostTag < ActiveRecord::Base
   self.table_name = "hosts_tags"
@@ -6,16 +5,20 @@ class Mdm::HostTag < ActiveRecord::Base
   # Associations
   #
-  # Host with {#tag}.
+  # @!attribute host
+  #   Host with {#tag}.
   #
-  # @todo MSP-2723
+  #   @todo MSP-2723
+  #   @return [Mdm::Host]
   belongs_to :host,
              class_name: 'Mdm::Host',
              inverse_of: :hosts_tags
-  # Tag on {#host}.
+  # @!attribute tag
+  #   Tag on {#host}.
   #
-  # @todo MSP-2723
+  #   @todo MSP-2723
+  #   @return [Mdm::Tag]
   belongs_to :tag,
              class_name: 'Mdm::Tag',
              inverse_of: :hosts_tags
@@ -41,7 +44,6 @@ class Mdm::HostTag < ActiveRecord::Base
     tag.destroy_if_orphaned
   end
-  # switch back to public for load hooks
   public
   Metasploit::Concern.run(self)

data/app/models/mdm/listener.rb CHANGED Viewed

@@ -1,72 +1,20 @@
-# A listener spawned by a {#task} that is waiting for connection on {#address}:{#port}.
 class Mdm::Listener < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # Task that spawned this listener.
   belongs_to :task,
              class_name: 'Mdm::Task',
              inverse_of: :listeners
-  # Workspace which controls this listener.
   belongs_to :workspace,
              class_name: 'Mdm::Workspace',
              inverse_of: :listeners
-  #
-  # Attributes
-  #
-  # @!attribute address
-  #   The IP address to which the listener is bound.
-  #
-  #   @return [String]
-  # @!attribute created_at
-  #   When this listener was created.  Not necessarily when it started listening.
-  #
-  #   @return [DateTime]
-  # @!attribute enabled
-  #   Whether listener is listening on {#address}:{#port}.
-  #
-  #   @return [true] listener is listening.
-  #   @return [false] listener is not listening.
-  # @!attribute macro
-  #   {Mdm::Macro#name Name of macro} run when a connect is made to the listener.
-  #
-  #   @return [String]
-  # @!attribute owner
-  #   The name of the user that setup this listener.
-  #
-  #   @return [String]
-  #   @see Mdm::User#username
-  # @!attribute payload
-  #   Reference name of the payload module that is sent when a connection is made to the listener.
-  #
-  #   @return [String]
-  # @!attribute port
-  #   Port on {#address} that listener is listening.
-  #
-  #   @return [Integer]
-  # @!attribute updated_at
-  #   The last time this listener was updated.
-  #
-  #   @return [DateTime]
   #
   # Serializations
   #
-  # Options used to spawn this listener.
-  #
-  # @return [Hash]
   serialize :options, MetasploitDataModels::Base64Serializer.new
   #

data/app/models/mdm/macro.rb CHANGED Viewed

@@ -1,54 +1,12 @@
-# Macro of {#actions} to run at once.
 class Mdm::Macro < ActiveRecord::Base
   extend MetasploitDataModels::SerializedPrefs
-  #
-  # Attributes
-  #
-  # @!attribute created_at
-  #   When this macro was created.
-  #
-  #   @return [DateTime]
-  # @!attribute description
-  #   Long description of what the macro does.
-  #
-  #   @return [String]
-  # @!attribute  name
-  #   The name of this macro.
-  #
-  #   @return [String]
-  # @!attribute owner
-  #   {Mdm::User#username Name of user} that owns this macro.
-  #
-  #   @return [String]
-  # @!attribute updated_at
-  #   When this macro was last updated.
-  #
-  #   @return [DateTime]
   #
   # Serialization
   #
-  # Actions run by this macro.
-  #
-  # @return [Array<Hash{Symbol=>Object}>] Array of action hashes.  Each action hash is have key :module with value
-  #   of an {Mdm::Module::Detail#fullname} and and key :options with value of options used to the run the module.
   serialize :actions, MetasploitDataModels::Base64Serializer.new
-  # Preference for this macro, shared across all actions.
-  #
-  # @return [Hash]
   serialize :prefs, MetasploitDataModels::Base64Serializer.new
-  # The maximum number of seconds that this macro is allowed to run.
-  #
-  # @return [Integer]
   serialized_prefs_attr_accessor :max_time
   #