RubyGems - metasploit_data_models - Versions diffs - 0.24.4 → 0.24.5 - Mend

metasploit_data_models 0.24.4 → 0.24.5

Files changed (158) hide show

checksums.yaml +4 -4
data/.rspec +3 -3
data/.travis.yml +3 -6
data/CONTRIBUTING.md +52 -10
data/Gemfile +8 -1
data/Rakefile +0 -23
data/app/models/mdm/api_key.rb +1 -41
data/app/models/mdm/client.rb +1 -41
data/app/models/mdm/cred.rb +19 -107
data/app/models/mdm/event.rb +1 -48
data/app/models/mdm/exploit_attempt.rb +16 -65
data/app/models/mdm/exploited_host.rb +1 -28
data/app/models/mdm/host_detail.rb +1 -45
data/app/models/mdm/host_tag.rb +8 -6
data/app/models/mdm/listener.rb +1 -53
data/app/models/mdm/macro.rb +0 -42
data/app/models/mdm/mod_ref.rb +0 -21
data/app/models/mdm/module/action.rb +0 -15
data/app/models/mdm/module/arch.rb +0 -10
data/app/models/mdm/module/author.rb +0 -16
data/app/models/mdm/module/mixin.rb +0 -13
data/app/models/mdm/module/platform.rb +0 -11
data/app/models/mdm/module/target.rb +0 -18
data/app/models/mdm/nexpose_console.rb +4 -82
data/app/models/mdm/profile.rb +0 -36
data/app/models/mdm/route.rb +5 -17
data/app/models/mdm/session_event.rb +1 -33
data/app/models/mdm/tag.rb +10 -49
data/app/models/mdm/task.rb +45 -94
data/app/models/mdm/task_cred.rb +0 -29
data/app/models/mdm/task_host.rb +0 -25
data/app/models/mdm/task_service.rb +0 -25
data/app/models/mdm/task_session.rb +0 -25
data/app/models/mdm/user.rb +6 -188
data/app/models/mdm/vuln_attempt.rb +12 -37
data/app/models/mdm/vuln_detail.rb +5 -139
data/app/models/mdm/vuln_ref.rb +1 -4
data/app/models/mdm/web_form.rb +1 -35
data/app/models/mdm/web_page.rb +1 -70
data/app/models/mdm/web_site.rb +1 -51
data/app/models/mdm/wmap_request.rb +0 -85
data/app/models/mdm/wmap_target.rb +0 -40
data/app/models/mdm/workspace.rb +14 -152
data/app/models/metasploit_data_models/automatic_exploitation.rb +16 -0
data/app/models/metasploit_data_models/automatic_exploitation/match.rb +24 -19
data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +5 -33
data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +4 -22
data/app/models/metasploit_data_models/automatic_exploitation/run.rb +3 -13
data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +1 -1
data/app/models/metasploit_data_models/module_run.rb +1 -1
data/app/models/metasploit_data_models/search/visitor/where.rb +1 -1
data/app/validators/ip_format_validator.rb +0 -4
data/app/validators/parameters_validator.rb +0 -12
data/app/validators/password_is_strong_validator.rb +1 -10
data/lib/mdm/host/operating_system_normalization.rb +10 -7
data/lib/metasploit_data_models.rb +0 -4
data/lib/metasploit_data_models/engine.rb +0 -2
data/lib/metasploit_data_models/serialized_prefs.rb +0 -6
data/lib/metasploit_data_models/version.rb +10 -24
data/lib/tasks/yard.rake +33 -0
data/metasploit_data_models.gemspec +2 -9
data/spec/app/models/mdm/api_key_spec.rb +3 -1
data/spec/app/models/mdm/client_spec.rb +11 -9
data/spec/app/models/mdm/cred_spec.rb +54 -42
data/spec/app/models/mdm/event_spec.rb +23 -21
data/spec/app/models/mdm/exploit_attempt_spec.rb +21 -19
data/spec/app/models/mdm/exploited_host_spec.rb +13 -11
data/spec/app/models/mdm/host_detail_spec.rb +17 -15
data/spec/app/models/mdm/host_spec.rb +260 -261
data/spec/app/models/mdm/host_tag_spec.rb +8 -6
data/spec/app/models/mdm/listener_spec.rb +32 -30
data/spec/app/models/mdm/loot_spec.rb +23 -21
data/spec/app/models/mdm/macro_spec.rb +3 -1
data/spec/app/models/mdm/mod_ref_spec.rb +3 -1
data/spec/app/models/mdm/module/action_spec.rb +12 -10
data/spec/app/models/mdm/module/arch_spec.rb +12 -10
data/spec/app/models/mdm/module/author_spec.rb +17 -22
data/spec/app/models/mdm/module/detail_spec.rb +75 -184
data/spec/app/models/mdm/module/mixin_spec.rb +12 -10
data/spec/app/models/mdm/module/platform_spec.rb +12 -10
data/spec/app/models/mdm/module/ref_spec.rb +12 -10
data/spec/app/models/mdm/module/target_spec.rb +15 -13
data/spec/app/models/mdm/nexpose_console_spec.rb +37 -35
data/spec/app/models/mdm/note_spec.rb +25 -23
data/spec/app/models/mdm/profile_spec.rb +3 -1
data/spec/app/models/mdm/ref_spec.rb +12 -10
data/spec/app/models/mdm/route_spec.rb +8 -6
data/spec/app/models/mdm/service_spec.rb +40 -38
data/spec/app/models/mdm/session_event_spec.rb +12 -10
data/spec/app/models/mdm/session_spec.rb +15 -13
data/spec/app/models/mdm/tag_spec.rb +29 -29
data/spec/app/models/mdm/task_cred_spec.rb +11 -9
data/spec/app/models/mdm/task_host_spec.rb +11 -9
data/spec/app/models/mdm/task_service_spec.rb +11 -9
data/spec/app/models/mdm/task_session_spec.rb +9 -7
data/spec/app/models/mdm/task_spec.rb +29 -27
data/spec/app/models/mdm/user_spec.rb +19 -17
data/spec/app/models/mdm/vuln_attempt_spec.rb +16 -14
data/spec/app/models/mdm/vuln_detail_spec.rb +28 -26
data/spec/app/models/mdm/vuln_ref_spec.rb +10 -8
data/spec/app/models/mdm/vuln_spec.rb +26 -24
data/spec/app/models/mdm/web_form_spec.rb +13 -11
data/spec/app/models/mdm/web_page_spec.rb +21 -19
data/spec/app/models/mdm/web_site_spec.rb +23 -21
data/spec/app/models/mdm/web_vuln_spec.rb +65 -63
data/spec/app/models/mdm/wmap_request_spec.rb +3 -1
data/spec/app/models/mdm/wmap_target_spec.rb +3 -1
data/spec/app/models/mdm/workspace_spec.rb +100 -97
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +5 -3
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +15 -13
data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +3 -1
data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +3 -1
data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +12 -10
data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +6 -4
data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +23 -21
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +11 -9
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +23 -21
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +6 -4
data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +15 -22
data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +6 -4
data/spec/app/models/metasploit_data_models/module_run_spec.rb +3 -1
data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +20 -18
data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +8 -6
data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +10 -8
data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +10 -8
data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +4 -2
data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +10 -8
data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +8 -6
data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +11 -9
data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +7 -5
data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +19 -17
data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +7 -5
data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +23 -61
data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +10 -8
data/spec/app/validators/parameters_validator_spec.rb +29 -29
data/spec/app/validators/password_is_strong_validator_spec.rb +46 -54
data/spec/dummy/db/structure.sql +3403 -0
data/spec/factories/mdm/module/details.rb +1 -1
data/spec/lib/base64_serializer_spec.rb +19 -19
data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +12 -18
data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +6 -4
data/spec/lib/metasploit_data_models/match/child_spec.rb +4 -2
data/spec/lib/metasploit_data_models/match/parent_spec.rb +6 -4
data/spec/lib/metasploit_data_models/version_spec.rb +141 -3
data/spec/spec_helper.rb +12 -86
data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +2 -2
data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +4 -4
data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +2 -2
data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +5 -5
data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +5 -5
data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +3 -3
data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +6 -7
metadata +9 -67
data/CHANGELOG.md +0 -6
data/RELEASING.md +0 -88
data/UPGRADING.md +0 -1
data/lib/metasploit_data_models/automatic_exploitation.rb +0 -25
data/spec/lib/metasploit_data_models_spec.rb +0 -4

data/app/models/mdm/vuln_attempt.rb CHANGED Viewed

@@ -1,28 +1,30 @@
-# An attempt to exploit a {#vuln}.
 class Mdm::VulnAttempt < ActiveRecord::Base
   #
   # Associations
   #
-  # Loot gathered from this attempt.
+  # @!attribute loot
+  #   Loot gathered from this attempt.
   #
-  # @return [Mdm::Loot] if {#exploited} is `true`.
-  # @return [nil] if {#exploited} is `false`.
+  #   @return [Mdm::Loot] if {#exploited} is `true`.
+  #   @return [nil] if {#exploited} is `false`.
   belongs_to :loot,
              class_name: 'Mdm::Loot',
              inverse_of: :vuln_attempt
-  # The session opened by this attempt.
+  # @!attribute session
+  #   The session opened by this attempt.
   #
-  # @return [Mdm::Session] if {#exploited} is `true`.
-  # @return [nil] if {#exploited} is `false`.
+  #   @return [Mdm::Session] if {#exploited} is `true`.
+  #   @return [nil] if {#exploited} is `false`.
   belongs_to :session,
              class_name: 'Mdm::Session',
              inverse_of: :vuln_attempt
-  # The {Mdm::Vuln vulnerability} that this attempt was exploiting.
+  # @!attribute vuln
+  #   The {Mdm::Vuln vulnerability} that this attempt was exploiting.
   #
-  # @return [Mdm::Vuln]
+  #   @return [Mdm::Vuln]
   belongs_to :vuln,
              class_name: 'Mdm::Vuln',
              counter_cache: :vuln_attempt_count,
@@ -32,39 +34,12 @@ class Mdm::VulnAttempt < ActiveRecord::Base
   # Attributes
   #
-  # @!attribute attempted_at
-  #   When this attempt was made.
-  #
-  #   @return [DateTime]
-  # @!attribute exploited
+  # @!attribute [rw] exploited
   #   Whether this attempt was successful.
   #
   #   @return [true] if {#vuln} was exploited.
   #   @return [false] if {#vuln} was not exploited.
-  # @!attribute fail_detail
-  #   Long details about why this attempt failed.
-  #
-  #   @return [String] if {#exploited} is `false`.
-  #   @return [nil] if {#exploited} is `true`.
-  # @!attribute fail_reason
-  #   Short reason why this attempt failed.
-  #
-  #   @return [String] if {#exploited} is `false`.
-  #   @return [nil] if {#exploited} is `true`
-  # @!attribute module
-  #   {Mdm::Module::Detail#fullname Full name of exploit Metasploit Module} that was used in this attempt.
-  #
-  #   @return [String]
-  # @!attribute username
-  #   The {Mdm::User#username name of the user} that made this attempt.
-  #
-  #   @return [String]
   #
   # Validations
   #

data/app/models/mdm/vuln_detail.rb CHANGED Viewed

@@ -1,151 +1,17 @@
-# {Mdm::Vuln Vulnerability details} supplied from an external source, such as Nexpose.
 class Mdm::VulnDetail < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # The vulnerability this detail is about.
-  belongs_to :vuln, class_name: 'Mdm::Vuln', counter_cache: :vuln_detail_count, inverse_of: :vuln_details
-  #
-  #
-  # Attributes
-  #
-  #
-  # @!attribute description
-  #   Long description of this vulnerability.
-  #
-  #   @return [String]
-  # @!attribute src
-  #   Source of this vulnerability detail.
-  #
-  #   @return [String]
-  # @!attribute title
-  #   Title of this vulnerability.
-  #
-  #   @return [String]
-  # @!attribute proof
-  #   Proof of this vulnerability existing on the target.
-  #
-  #   @return [String]
-  # @!attribute solution
-  #   Solution to fix this vulnerability.
-  #
-  #   @return [String]
-  #
-  # @!group Common Vulnerability Scoring System
-  #
-  # @!attribute cvss_score
-  #   Composite Common Vulnerability Scoring System (CVSS) Score
-  #
-  #   @return [Float]
-  # @!attribute cvss_vector
-  #   {#cvss_score} broken down into its encoded components
-  #
-  #   @return [String]
-  #   @see http://nvd.nist.gov/cvss.cfm?vectorinfo
-  #
-  # @!endgroup
-  #
-  #
-  # @!group Nexpose
-  #
-  # association is declared here so it can be in Nexpose group
-  # The Nexpose console that supplied this information.
   belongs_to :nexpose_console,
              class_name: 'Mdm::NexposeConsole',
-             foreign_key: :nx_console_id,
              inverse_of: :vuln_details
-  # @!attribute nx_added
-  #   When this vulnerability was added in Nexpose.
-  #
-  #   @return [DateTime]
-  # @!attribute nx_device_id
-  #   ID of target device in Nexpose.
-  #
-  #   @return [Integer]
-  # @!attribute nx_modified
-  #   The last time this vulnerability was modified in Nexpose.
-  #
-  #   @return [DateTime]
-  # @!attribute nx_proof_key
-  #   Key to {#proof} in Nexpose.
-  #
-  #   @return [String]
-  # @!attribute nx_published
-  #   When this vulnerability was published according to Nexpose.
-  #
-  #   @return [DateTime]
-  # @!attribute nx_scan_id
-  #   ID of scan that found this vulnerability in Nexpose.
-  #
-  #   @return [Integer]
-  # @!attribute nx_tags
-  #   Tags on this vulnerability in Nexpose.
-  #
-  #   @return [String]
-  # @!attribute nx_vuln_id
-  #   ID of this vulnerability in Nexpose.
-  #
-  #   @return [String]
-  # @!attribute nx_vuln_status
-  #   Status of this vulnerability in Nexpose.
-  #
-  #   @return [String]
-  # @!attribute nx_vulnerable_since
-  #   When this vulnerability was first identified for the target in Nexpose.
-  #
-  #   @return [DateTime]
-  # @!attribute nx_severity
-  #   Severity of this vulnerability according to Nexpose.
-  #
-  #   @return [Float]
-  #
-  # @!endgroup
-  #
-  #
-  # @!group Nexpose PCI
-  #
-  # @!attribute nx_pci_compliance_status
-  #   Status of PCI compliance with regards to this vulnerability according to Nexpose.
-  #
-  #   @return [String]
-  # @!attribute nx_pci_severity
-  #   The severity for the vulnerability under PCI according to Nexpose.
-  #
-  #   @return [Float]
+  belongs_to :vuln,
+             class_name: 'Mdm::Vuln',
+             counter_cache: :vuln_detail_count,
+             inverse_of: :vuln_details
-  #
-  # @!endgroup
-  #
   #
   # Validations
   #

data/app/models/mdm/vuln_ref.rb CHANGED Viewed

@@ -1,17 +1,14 @@
-# Join model between {Mdm::Vuln} and {Mdm::Ref}.
 class Mdm::VulnRef < ActiveRecord::Base
   self.table_name = 'vulns_refs'
   #
-  # Associations
+  # Relations
   #
-  # {Mdm::Ref Reference} to {#vuln}.
   belongs_to :ref,
              class_name: 'Mdm::Ref',
              inverse_of: :vulns_refs
-  # {Mdm::Vuln Vulnerability} imported or discovered by metasploit.
   belongs_to :vuln,
              class_name: 'Mdm::Vuln',
              inverse_of: :vulns_refs

data/app/models/mdm/web_form.rb CHANGED Viewed

@@ -1,50 +1,16 @@
-# A filled-in form on a {#web_site}.
 class Mdm::WebForm < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # {Mdm::WebSite Web site} on which this form is.
   belongs_to :web_site,
              class_name: 'Mdm::WebSite',
              inverse_of: :web_forms
-  #
-  # Attributes
-  #
-  # @!attribute created_at
-  #   When this web form was created.
-  #
-  #   @return [DateTime]
-  # @!attribute method
-  #   HTTP method (or verb) used to submitted this form, such as GET or POST.
-  #
-  #   @return [String]
-  # @!attribute path
-  #   Path portion of URL to which this form was submitted.
-  #
-  #   @return [String]
-  # @!attribute query
-  #   URL query that submitted for this form.
-  #
-  #   @return [String]
-  # @!attribute updated_at
-  #   The last time this web form was updated.
-  #
-  #   @return [DateTime]
   #
   # Serializations
   #
-  # Parameters submitted in this form.
-  #
-  # @return [Array<Array(String, String)>>]
   serialize :params, MetasploitDataModels::Base64Serializer.new
   Metasploit::Concern.run(self)

data/app/models/mdm/web_page.rb CHANGED Viewed

@@ -1,85 +1,16 @@
-# Web page requested from a {#web_site}.
 class Mdm::WebPage < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # Mdm::WebSite Web site} from which this page was requested.
   belongs_to :web_site,
              class_name: 'Mdm::WebSite',
              inverse_of: :web_pages
-  #
-  # Attributes
-  #
-  # @!attribute auth
-  #   Credentials sent to server to authenticate to web site to allow access to this web page.
-  #
-  #   @return [String]
-  # @!attribute body
-  #   Body of response from server.
-  #
-  #   @return [String]
-  # @!attribute code
-  #   HTTP Status code return from {#web_site} when requesting this web page.
-  #
-  #   @return [Integer]
-  # @!attribute cookie
-  #   Cookies derived from {#headers}.
-  #
-  #   @return [String]
-  # @!attribute created_at
-  #   When this web page was created.
-  #
-  #   @return [DateTime]
-  # @!attribute ctype
-  #   The content type derived from the {#headers} of the returned web page.
-  #
-  #   @return [String]
-  # @!attribute location
-  #   Location derived from {#headers}.
-  #
-  #   @return [String]
-  # @!attribute mtime
-  #   The last modified time of the web page derived from the {#headers}.
-  #
-  #   @return [DateTime]
-  # @!attribute path
-  #   Path portion of URL that was used to access this web page.
-  #
-  #   @return [String]
-  # @!attribute query
-  #   Query portion of URLthat was used to access this web page.
-  #
-  #   @return [String]
-  # @!attribute request
-  #   Request sent to server to cause this web page to be returned.
-  #
-  #   @return [String]
-  # @!attribute updated_at
-  #   The last time this web page was updated.
-  #
-  #   @return [DateTime]
   #
   # Serializations
   #
-  # Headers sent from server.
-  #
-  # @return [Hash{String => String}]
   serialize :headers, MetasploitDataModels::Base64Serializer.new
   Metasploit::Concern.run(self)

data/app/models/mdm/web_site.rb CHANGED Viewed

@@ -1,89 +1,42 @@
-# A Web Site running on a {#service}.
 class Mdm::WebSite < ActiveRecord::Base
   #
-  # Associations
+  # Relations
   #
-  # The service on which this web site is running.
   belongs_to :service,
              class_name: 'Mdm::Service',
              foreign_key: 'service_id',
              inverse_of: :web_sites
-  # Filled-in forms within this web site.
   has_many :web_forms,
            class_name: 'Mdm::WebForm',
            dependent: :destroy,
            inverse_of: :web_site
-  # Web pages found on this web site.
   has_many :web_pages,
            class_name: 'Mdm::WebPage',
            dependent: :destroy,
            inverse_of: :web_site
-  # Vulnerabilities found on this web site.
   has_many :web_vulns,
            class_name: 'Mdm::WebVuln',
            dependent: :destroy,
            inverse_of: :web_site
-  #
-  # Attributes
-  #
-  # @!attribute [rw] comments
-  #   User entered comments about this web site.
-  #
-  #   @return [String]
-  # @!attribute [rw] created_at
-  #   When this web site was created.
-  #
-  #   @return [DateTime]
-  # @!attribute [rw] updated_at
-  #   The last time this web site was updated.
-  #
-  #   @return [DateTime]
-  # @!attribute [rw] vhost
-  #   The virtual host for the web site in case `service.host.name` or `service.host.address` is no the host for this
-  #   web site.
-  #
-  #   @return [String]
   #
   # Serializations
   #
-  # @!attribute [rw] options
-  #   @todo Determine format and purpose of Mdm::WebSite#options.
   serialize :options, ::MetasploitDataModels::Base64Serializer.new
-  #
-  # Instance Methods
-  #
-  # Number of {#web_forms}.
-  #
-  # @return [Integer]
   def form_count
     web_forms.size
   end
-  # Number of {#web_pages}.
-  #
-  # @return [Integer]
   def page_count
     web_pages.size
   end
-  # Converts this web site to its URL, including scheme, host and port.
-  #
-  # @param ignore_vhost [Boolean] if `false` use {#vhost} for host portion of URL.  If `true` use {Mdm::Host#address} of
-  #   {Mdm::Service#host} of {#service} for host portion of URL.
-  # @return [String] <scheme>://<host>[:<port>]
   def to_url(ignore_vhost=false)
     proto = self.service.name == "https" ? "https" : "http"
     host = ignore_vhost ? self.service.host.address : self.vhost
@@ -100,9 +53,6 @@ class Mdm::WebSite < ActiveRecord::Base
     url
   end
-  # Number of {#web_vulns}.
-  #
-  # @return [Integer]
   def vuln_count
     web_vulns.size
   end