RubyGems - metasploit_data_models - Versions diffs - 0.24.4 → 0.24.5 - Mend

metasploit_data_models 0.24.4 → 0.24.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (158) hide show

checksums.yaml +4 -4
data/.rspec +3 -3
data/.travis.yml +3 -6
data/CONTRIBUTING.md +52 -10
data/Gemfile +8 -1
data/Rakefile +0 -23
data/app/models/mdm/api_key.rb +1 -41
data/app/models/mdm/client.rb +1 -41
data/app/models/mdm/cred.rb +19 -107
data/app/models/mdm/event.rb +1 -48
data/app/models/mdm/exploit_attempt.rb +16 -65
data/app/models/mdm/exploited_host.rb +1 -28
data/app/models/mdm/host_detail.rb +1 -45
data/app/models/mdm/host_tag.rb +8 -6
data/app/models/mdm/listener.rb +1 -53
data/app/models/mdm/macro.rb +0 -42
data/app/models/mdm/mod_ref.rb +0 -21
data/app/models/mdm/module/action.rb +0 -15
data/app/models/mdm/module/arch.rb +0 -10
data/app/models/mdm/module/author.rb +0 -16
data/app/models/mdm/module/mixin.rb +0 -13
data/app/models/mdm/module/platform.rb +0 -11
data/app/models/mdm/module/target.rb +0 -18
data/app/models/mdm/nexpose_console.rb +4 -82
data/app/models/mdm/profile.rb +0 -36
data/app/models/mdm/route.rb +5 -17
data/app/models/mdm/session_event.rb +1 -33
data/app/models/mdm/tag.rb +10 -49
data/app/models/mdm/task.rb +45 -94
data/app/models/mdm/task_cred.rb +0 -29
data/app/models/mdm/task_host.rb +0 -25
data/app/models/mdm/task_service.rb +0 -25
data/app/models/mdm/task_session.rb +0 -25
data/app/models/mdm/user.rb +6 -188
data/app/models/mdm/vuln_attempt.rb +12 -37
data/app/models/mdm/vuln_detail.rb +5 -139
data/app/models/mdm/vuln_ref.rb +1 -4
data/app/models/mdm/web_form.rb +1 -35
data/app/models/mdm/web_page.rb +1 -70
data/app/models/mdm/web_site.rb +1 -51
data/app/models/mdm/wmap_request.rb +0 -85
data/app/models/mdm/wmap_target.rb +0 -40
data/app/models/mdm/workspace.rb +14 -152
data/app/models/metasploit_data_models/automatic_exploitation.rb +16 -0
data/app/models/metasploit_data_models/automatic_exploitation/match.rb +24 -19
data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +5 -33
data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +4 -22
data/app/models/metasploit_data_models/automatic_exploitation/run.rb +3 -13
data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +1 -1
data/app/models/metasploit_data_models/module_run.rb +1 -1
data/app/models/metasploit_data_models/search/visitor/where.rb +1 -1
data/app/validators/ip_format_validator.rb +0 -4
data/app/validators/parameters_validator.rb +0 -12
data/app/validators/password_is_strong_validator.rb +1 -10
data/lib/mdm/host/operating_system_normalization.rb +10 -7
data/lib/metasploit_data_models.rb +0 -4
data/lib/metasploit_data_models/engine.rb +0 -2
data/lib/metasploit_data_models/serialized_prefs.rb +0 -6
data/lib/metasploit_data_models/version.rb +10 -24
data/lib/tasks/yard.rake +33 -0
data/metasploit_data_models.gemspec +2 -9
data/spec/app/models/mdm/api_key_spec.rb +3 -1
data/spec/app/models/mdm/client_spec.rb +11 -9
data/spec/app/models/mdm/cred_spec.rb +54 -42
data/spec/app/models/mdm/event_spec.rb +23 -21
data/spec/app/models/mdm/exploit_attempt_spec.rb +21 -19
data/spec/app/models/mdm/exploited_host_spec.rb +13 -11
data/spec/app/models/mdm/host_detail_spec.rb +17 -15
data/spec/app/models/mdm/host_spec.rb +260 -261
data/spec/app/models/mdm/host_tag_spec.rb +8 -6
data/spec/app/models/mdm/listener_spec.rb +32 -30
data/spec/app/models/mdm/loot_spec.rb +23 -21
data/spec/app/models/mdm/macro_spec.rb +3 -1
data/spec/app/models/mdm/mod_ref_spec.rb +3 -1
data/spec/app/models/mdm/module/action_spec.rb +12 -10
data/spec/app/models/mdm/module/arch_spec.rb +12 -10
data/spec/app/models/mdm/module/author_spec.rb +17 -22
data/spec/app/models/mdm/module/detail_spec.rb +75 -184
data/spec/app/models/mdm/module/mixin_spec.rb +12 -10
data/spec/app/models/mdm/module/platform_spec.rb +12 -10
data/spec/app/models/mdm/module/ref_spec.rb +12 -10
data/spec/app/models/mdm/module/target_spec.rb +15 -13
data/spec/app/models/mdm/nexpose_console_spec.rb +37 -35
data/spec/app/models/mdm/note_spec.rb +25 -23
data/spec/app/models/mdm/profile_spec.rb +3 -1
data/spec/app/models/mdm/ref_spec.rb +12 -10
data/spec/app/models/mdm/route_spec.rb +8 -6
data/spec/app/models/mdm/service_spec.rb +40 -38
data/spec/app/models/mdm/session_event_spec.rb +12 -10
data/spec/app/models/mdm/session_spec.rb +15 -13
data/spec/app/models/mdm/tag_spec.rb +29 -29
data/spec/app/models/mdm/task_cred_spec.rb +11 -9
data/spec/app/models/mdm/task_host_spec.rb +11 -9
data/spec/app/models/mdm/task_service_spec.rb +11 -9
data/spec/app/models/mdm/task_session_spec.rb +9 -7
data/spec/app/models/mdm/task_spec.rb +29 -27
data/spec/app/models/mdm/user_spec.rb +19 -17
data/spec/app/models/mdm/vuln_attempt_spec.rb +16 -14
data/spec/app/models/mdm/vuln_detail_spec.rb +28 -26
data/spec/app/models/mdm/vuln_ref_spec.rb +10 -8
data/spec/app/models/mdm/vuln_spec.rb +26 -24
data/spec/app/models/mdm/web_form_spec.rb +13 -11
data/spec/app/models/mdm/web_page_spec.rb +21 -19
data/spec/app/models/mdm/web_site_spec.rb +23 -21
data/spec/app/models/mdm/web_vuln_spec.rb +65 -63
data/spec/app/models/mdm/wmap_request_spec.rb +3 -1
data/spec/app/models/mdm/wmap_target_spec.rb +3 -1
data/spec/app/models/mdm/workspace_spec.rb +100 -97
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +5 -3
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +15 -13
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +3 -1
data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +3 -1
data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +12 -10
data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +6 -4
data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +23 -21
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +11 -9
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +23 -21
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +6 -4
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +15 -22
data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +6 -4
data/spec/app/models/metasploit_data_models/module_run_spec.rb +3 -1
data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +20 -18
data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +8 -6
data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +10 -8
data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +10 -8
data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +4 -2
data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +10 -8
data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +8 -6
data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +11 -9
data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +7 -5
data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +19 -17
data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +7 -5
data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +23 -61
data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +10 -8
data/spec/app/validators/parameters_validator_spec.rb +29 -29
data/spec/app/validators/password_is_strong_validator_spec.rb +46 -54
data/spec/dummy/db/structure.sql +3403 -0
data/spec/factories/mdm/module/details.rb +1 -1
data/spec/lib/base64_serializer_spec.rb +19 -19
data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +12 -18
data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +6 -4
data/spec/lib/metasploit_data_models/match/child_spec.rb +4 -2
data/spec/lib/metasploit_data_models/match/parent_spec.rb +6 -4
data/spec/lib/metasploit_data_models/version_spec.rb +141 -3
data/spec/spec_helper.rb +12 -86
data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +2 -2
data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +4 -4
data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +2 -2
data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +5 -5
data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +5 -5
data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +3 -3
data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +6 -7
metadata +9 -67
data/CHANGELOG.md +0 -6
data/RELEASING.md +0 -88
data/UPGRADING.md +0 -1
data/lib/metasploit_data_models/automatic_exploitation.rb +0 -25
data/spec/lib/metasploit_data_models_spec.rb +0 -4

data/app/models/mdm/vuln_attempt.rb CHANGED Viewed

@@ -1,28 +1,30 @@
-# An attempt to exploit a {#vuln}.
 class Mdm::VulnAttempt < ActiveRecord::Base
   #
   # Associations
   #
-  # Loot gathered from this attempt.
+  # @!attribute loot
+  #   Loot gathered from this attempt.
   #
-  # @return [Mdm::Loot] if {#exploited} is `true`.
-  # @return [nil] if {#exploited} is `false`.
+  #   @return [Mdm::Loot] if {#exploited} is `true`.
+  #   @return [nil] if {#exploited} is `false`.
   belongs_to :loot,
              class_name: 'Mdm::Loot',
              inverse_of: :vuln_attempt
-  # The session opened by this attempt.
+  # @!attribute session
+  #   The session opened by this attempt.
   #
-  # @return [Mdm::Session] if {#exploited} is `true`.
-  # @return [nil] if {#exploited} is `false`.
+  #   @return [Mdm::Session] if {#exploited} is `true`.
+  #   @return [nil] if {#exploited} is `false`.
   belongs_to :session,
              class_name: 'Mdm::Session',
              inverse_of: :vuln_attempt
-  # The {Mdm::Vuln vulnerability} that this attempt was exploiting.
+  # @!attribute vuln
+  #   The {Mdm::Vuln vulnerability} that this attempt was exploiting.
   #
-  # @return [Mdm::Vuln]
+  #   @return [Mdm::Vuln]
   belongs_to :vuln,
              class_name: 'Mdm::Vuln',
              counter_cache: :vuln_attempt_count,
@@ -32,39 +34,12 @@ class Mdm::VulnAttempt < ActiveRecord::Base
   # Attributes
   #
-  # @!attribute attempted_at
-  #   When this attempt was made.
-  #
-  #   @return [DateTime]
-  # @!attribute exploited
+  # @!attribute [rw] exploited
   #   Whether this attempt was successful.
   #
   #   @return [true] if {#vuln} was exploited.
   #   @return [false] if {#vuln} was not exploited.
-  # @!attribute fail_detail
-  #   Long details about why this attempt failed.
-  #
-  #   @return [String] if {#exploited} is `false`.
-  #   @return [nil] if {#exploited} is `true`.
-  # @!attribute fail_reason
-  #   Short reason why this attempt failed.
-  #
-  #   @return [String] if {#exploited} is `false`.
-  #   @return [nil] if {#exploited} is `true`
-  # @!attribute module
-  #   {Mdm::Module::Detail#fullname Full name of exploit Metasploit Module} that was used in this attempt.
-  #
-  #   @return [String]
-  # @!attribute username
-  #   The {Mdm::User#username name of the user} that made this attempt.
-  #
-  #   @return [String]
   #
   # Validations
   #

data/app/models/mdm/vuln_detail.rb CHANGED Viewed

@@ -1,151 +1,17 @@
-# {Mdm::Vuln Vulnerability details} supplied from an external source, such as Nexpose.
 class Mdm::VulnDetail < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # The vulnerability this detail is about.
-  belongs_to :vuln, class_name: 'Mdm::Vuln', counter_cache: :vuln_detail_count, inverse_of: :vuln_details
-  #
-  #
-  # Attributes
-  #
-  #
-  # @!attribute description
-  #   Long description of this vulnerability.
-  #
-  #   @return [String]
-  # @!attribute src
-  #   Source of this vulnerability detail.
-  #
-  #   @return [String]
-  # @!attribute title
-  #   Title of this vulnerability.
-  #
-  #   @return [String]
-  # @!attribute proof
-  #   Proof of this vulnerability existing on the target.
-  #
-  #   @return [String]
-  # @!attribute solution
-  #   Solution to fix this vulnerability.
-  #
-  #   @return [String]
-  #
-  # @!group Common Vulnerability Scoring System
-  #
-  # @!attribute cvss_score
-  #   Composite Common Vulnerability Scoring System (CVSS) Score
-  #
-  #   @return [Float]
-  # @!attribute cvss_vector
-  #   {#cvss_score} broken down into its encoded components
-  #
-  #   @return [String]
-  #   @see http://nvd.nist.gov/cvss.cfm?vectorinfo
-  #
-  # @!endgroup
-  #
-  #
-  # @!group Nexpose
-  #
-  # association is declared here so it can be in Nexpose group
-  # The Nexpose console that supplied this information.
   belongs_to :nexpose_console,
              class_name: 'Mdm::NexposeConsole',
-             foreign_key: :nx_console_id,
              inverse_of: :vuln_details
-  # @!attribute nx_added
-  #   When this vulnerability was added in Nexpose.
-  #
-  #   @return [DateTime]
-  # @!attribute nx_device_id
-  #   ID of target device in Nexpose.
-  #
-  #   @return [Integer]
-  # @!attribute nx_modified
-  #   The last time this vulnerability was modified in Nexpose.
-  #
-  #   @return [DateTime]
-  # @!attribute nx_proof_key
-  #   Key to {#proof} in Nexpose.
-  #
-  #   @return [String]
-  # @!attribute nx_published
-  #   When this vulnerability was published according to Nexpose.
-  #
-  #   @return [DateTime]
-  # @!attribute nx_scan_id
-  #   ID of scan that found this vulnerability in Nexpose.
-  #
-  #   @return [Integer]
-  # @!attribute nx_tags
-  #   Tags on this vulnerability in Nexpose.
-  #
-  #   @return [String]
-  # @!attribute nx_vuln_id
-  #   ID of this vulnerability in Nexpose.
-  #
-  #   @return [String]
-  # @!attribute nx_vuln_status
-  #   Status of this vulnerability in Nexpose.
-  #
-  #   @return [String]
-  # @!attribute nx_vulnerable_since
-  #   When this vulnerability was first identified for the target in Nexpose.
-  #
-  #   @return [DateTime]
-  # @!attribute nx_severity
-  #   Severity of this vulnerability according to Nexpose.
-  #
-  #   @return [Float]
-  #
-  # @!endgroup
-  #
-  #
-  # @!group Nexpose PCI
-  #
-  # @!attribute nx_pci_compliance_status
-  #   Status of PCI compliance with regards to this vulnerability according to Nexpose.
-  #
-  #   @return [String]
-  # @!attribute nx_pci_severity
-  #   The severity for the vulnerability under PCI according to Nexpose.
-  #
-  #   @return [Float]
+  belongs_to :vuln,
+             class_name: 'Mdm::Vuln',
+             counter_cache: :vuln_detail_count,
+             inverse_of: :vuln_details
-  #
-  # @!endgroup
-  #
   #
   # Validations
   #

data/app/models/mdm/vuln_ref.rb CHANGED Viewed

@@ -1,17 +1,14 @@
-# Join model between {Mdm::Vuln} and {Mdm::Ref}.
 class Mdm::VulnRef < ActiveRecord::Base
   self.table_name = 'vulns_refs'
   #
-  # Associations
+  # Relations
   #
-  # {Mdm::Ref Reference} to {#vuln}.
   belongs_to :ref,
              class_name: 'Mdm::Ref',
              inverse_of: :vulns_refs
-  # {Mdm::Vuln Vulnerability} imported or discovered by metasploit.
   belongs_to :vuln,
              class_name: 'Mdm::Vuln',
              inverse_of: :vulns_refs

data/app/models/mdm/web_form.rb CHANGED Viewed

@@ -1,50 +1,16 @@
-# A filled-in form on a {#web_site}.
 class Mdm::WebForm < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # {Mdm::WebSite Web site} on which this form is.
   belongs_to :web_site,
              class_name: 'Mdm::WebSite',
              inverse_of: :web_forms
-  #
-  # Attributes
-  #
-  # @!attribute created_at
-  #   When this web form was created.
-  #
-  #   @return [DateTime]
-  # @!attribute method
-  #   HTTP method (or verb) used to submitted this form, such as GET or POST.
-  #
-  #   @return [String]
-  # @!attribute path
-  #   Path portion of URL to which this form was submitted.
-  #
-  #   @return [String]
-  # @!attribute query
-  #   URL query that submitted for this form.
-  #
-  #   @return [String]
-  # @!attribute updated_at
-  #   The last time this web form was updated.
-  #
-  #   @return [DateTime]
   #
   # Serializations
   #
-  # Parameters submitted in this form.
-  #
-  # @return [Array<Array(String, String)>>]
   serialize :params, MetasploitDataModels::Base64Serializer.new
   Metasploit::Concern.run(self)

data/app/models/mdm/web_page.rb CHANGED Viewed

@@ -1,85 +1,16 @@
-# Web page requested from a {#web_site}.
 class Mdm::WebPage < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # Mdm::WebSite Web site} from which this page was requested.
   belongs_to :web_site,
              class_name: 'Mdm::WebSite',
              inverse_of: :web_pages
-  #
-  # Attributes
-  #
-  # @!attribute auth
-  #   Credentials sent to server to authenticate to web site to allow access to this web page.
-  #
-  #   @return [String]
-  # @!attribute body
-  #   Body of response from server.
-  #
-  #   @return [String]
-  # @!attribute code
-  #   HTTP Status code return from {#web_site} when requesting this web page.
-  #
-  #   @return [Integer]
-  # @!attribute cookie
-  #   Cookies derived from {#headers}.
-  #
-  #   @return [String]
-  # @!attribute created_at
-  #   When this web page was created.
-  #
-  #   @return [DateTime]
-  # @!attribute ctype
-  #   The content type derived from the {#headers} of the returned web page.
-  #
-  #   @return [String]
-  # @!attribute location
-  #   Location derived from {#headers}.
-  #
-  #   @return [String]
-  # @!attribute mtime
-  #   The last modified time of the web page derived from the {#headers}.
-  #
-  #   @return [DateTime]
-  # @!attribute path
-  #   Path portion of URL that was used to access this web page.
-  #
-  #   @return [String]
-  # @!attribute query
-  #   Query portion of URLthat was used to access this web page.
-  #
-  #   @return [String]
-  # @!attribute request
-  #   Request sent to server to cause this web page to be returned.
-  #
-  #   @return [String]
-  # @!attribute updated_at
-  #   The last time this web page was updated.
-  #
-  #   @return [DateTime]
   #
   # Serializations
   #
-  # Headers sent from server.
-  #
-  # @return [Hash{String => String}]
   serialize :headers, MetasploitDataModels::Base64Serializer.new
   Metasploit::Concern.run(self)

data/app/models/mdm/web_site.rb CHANGED Viewed

@@ -1,89 +1,42 @@
-# A Web Site running on a {#service}.
 class Mdm::WebSite < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # The service on which this web site is running.
   belongs_to :service,
              class_name: 'Mdm::Service',
              foreign_key: 'service_id',
              inverse_of: :web_sites
-  # Filled-in forms within this web site.
   has_many :web_forms,
            class_name: 'Mdm::WebForm',
            dependent: :destroy,
            inverse_of: :web_site
-  # Web pages found on this web site.
   has_many :web_pages,
            class_name: 'Mdm::WebPage',
            dependent: :destroy,
            inverse_of: :web_site
-  # Vulnerabilities found on this web site.
   has_many :web_vulns,
            class_name: 'Mdm::WebVuln',
            dependent: :destroy,
            inverse_of: :web_site
-  #
-  # Attributes
-  #
-  # @!attribute [rw] comments
-  #   User entered comments about this web site.
-  #
-  #   @return [String]
-  # @!attribute [rw] created_at
-  #   When this web site was created.
-  #
-  #   @return [DateTime]
-  # @!attribute [rw] updated_at
-  #   The last time this web site was updated.
-  #
-  #   @return [DateTime]
-  # @!attribute [rw] vhost
-  #   The virtual host for the web site in case `service.host.name` or `service.host.address` is no the host for this
-  #   web site.
-  #
-  #   @return [String]
   #
   # Serializations
   #
-  # @!attribute [rw] options
-  #   @todo Determine format and purpose of Mdm::WebSite#options.
   serialize :options, ::MetasploitDataModels::Base64Serializer.new
-  #
-  # Instance Methods
-  #
-  # Number of {#web_forms}.
-  #
-  # @return [Integer]
   def form_count
     web_forms.size
   end
-  # Number of {#web_pages}.
-  #
-  # @return [Integer]
   def page_count
     web_pages.size
   end
-  # Converts this web site to its URL, including scheme, host and port.
-  #
-  # @param ignore_vhost [Boolean] if `false` use {#vhost} for host portion of URL.  If `true` use {Mdm::Host#address} of
-  #   {Mdm::Service#host} of {#service} for host portion of URL.
-  # @return [String] <scheme>://<host>[:<port>]
   def to_url(ignore_vhost=false)
     proto = self.service.name == "https" ? "https" : "http"
     host = ignore_vhost ? self.service.host.address : self.vhost
@@ -100,9 +53,6 @@ class Mdm::WebSite < ActiveRecord::Base
     url
   end
-  # Number of {#web_vulns}.
-  #
-  # @return [Integer]
   def vuln_count
     web_vulns.size
   end