metasploit_data_models 0.24.5 → 1.0.0.pre.rails.pre.4.0a

data/app/models/mdm/nexpose_console.rb

@@ -1,4 +1,5 @@
 class Mdm::NexposeConsole < ActiveRecord::Base
+  
   #
   # Associations
   #

data/app/models/mdm/note.rb

@@ -1,5 +1,6 @@
 # Data gathered or derived from the {#host} or {#service} such as its {#ntype fingerprint}.
 class Mdm::Note < ActiveRecord::Base
+  
   #
   # Associations
   #
@@ -84,10 +85,9 @@ class Mdm::Note < ActiveRecord::Base
   # Scopes
   #
 
-  scope :flagged, where('critical = true AND seen = false')
+  scope :flagged, -> { where('critical = true AND seen = false') }
 
-  notes = self.arel_table
-  scope :visible, where(notes[:ntype].not_in(['web.form', 'web.url', 'web.vuln']))
+  scope :visible, -> { where(Mdm::Note[:ntype].not_in(['web.form', 'web.url', 'web.vuln'])) }
 
   scope :search, lambda { |*args|
     where(["(data NOT ILIKE 'BAh7%' AND data LIKE ?)" +

data/app/models/mdm/ref.rb

@@ -44,11 +44,5 @@ class Mdm::Ref < ActiveRecord::Base
   #
   #   @return [String]
 
-  #
-  # Mass Assignment Security
-  #
-
-  attr_accessible :name
-
   Metasploit::Concern.run(self)
 end

data/app/models/mdm/route.rb

@@ -1,6 +1,7 @@
 class Mdm::Route < ActiveRecord::Base
+  
   #
-  # Relations
+  # Associations
   #
 
   # @!attribute [rw] session

data/app/models/mdm/service.rb

@@ -167,7 +167,7 @@ class Mdm::Service < ActiveRecord::Base
   # Scopes
   #
 
-  scope :inactive, where("services.state != 'open'")
+  scope :inactive, -> { where("services.state != 'open'") }
   scope :with_state, lambda { |a_state|  where("services.state = ?", a_state)}
   scope :search, lambda { |*args|
     where([

data/app/models/mdm/session.rb

@@ -1,6 +1,7 @@
 # A session opened on a {#host} using an {#via_exploit exploit} and controlled through a {#via_payload payload} to
 # connect back to the local host using meterpreter or a cmd shell.
 class Mdm::Session < ActiveRecord::Base
+  
   #
   # Associations
   #
@@ -10,10 +11,10 @@ class Mdm::Session < ActiveRecord::Base
   #
   #   @return [Array<Mdm::Event>]
   has_many :events,
-           class_name: 'Mdm::SessionEvent',
-           dependent: :delete_all,
-           inverse_of: :session,
-           order: 'created_at'
+            -> { order('created_at') },
+            class_name: 'Mdm::SessionEvent',
+            dependent: :delete_all,
+            inverse_of: :session
 
   # @!attribute exploit_attempt
   #   Exploit attempt that created this session.
@@ -162,9 +163,9 @@ class Mdm::Session < ActiveRecord::Base
   # Scopes
   #
 
-  scope :alive, where('closed_at IS NULL')
-  scope :dead, where('closed_at IS NOT NULL')
-  scope :upgradeable, where("closed_at IS NULL AND stype = 'shell' and platform ILIKE '%win%'")
+  scope :alive, -> { where('closed_at IS NULL') }
+  scope :dead, -> { where('closed_at IS NOT NULL') }
+  scope :upgradeable, -> { where("closed_at IS NULL AND stype = 'shell' and platform ILIKE '%win%'") }
 
   #
   # Serializations

data/app/models/mdm/session_event.rb

@@ -1,6 +1,7 @@
 class Mdm::SessionEvent < ActiveRecord::Base
+  
   #
-  # Relations
+  # Associations
   #
 
   belongs_to :session,

data/app/models/mdm/tag.rb

@@ -2,7 +2,7 @@ class Mdm::Tag < ActiveRecord::Base
   include Metasploit::Model::Search
 
   #
-  # Relations
+  # Associations
   #
 
   # @!attribute hosts_tags
@@ -48,7 +48,7 @@ class Mdm::Tag < ActiveRecord::Base
             }
   validates :name,
             :format => {
-                :with => /^[A-Za-z0-9\x2e\x2d_]+$/, :message => "must be alphanumeric, dots, dashes, or underscores"
+                :with => /\A[A-Za-z0-9\x2e\x2d_]+\z/, :message => "must be alphanumeric, dots, dashes, or underscores"
             },
             :presence => true
 

data/app/models/mdm/task.rb

@@ -101,9 +101,7 @@ class Mdm::Task < ActiveRecord::Base
   #
   #   @return [Array<Mdm::Session>
   has_many :sessions, :through => :task_sessions, :class_name => 'Mdm::Session'
-
-
-
+  
 
   #
   # Serializations

data/app/models/mdm/user.rb

@@ -1,8 +1,8 @@
 class Mdm::User < ActiveRecord::Base
   extend MetasploitDataModels::SerializedPrefs
-
+  
   #
-  # Relations
+  # Associations
   #
 
   has_many :automatic_exploitation_runs,
@@ -26,8 +26,7 @@ class Mdm::User < ActiveRecord::Base
            class_name: 'Mdm::Tag',
            inverse_of: :user
 
-
-  has_and_belongs_to_many :workspaces, :join_table => 'workspace_members', :uniq => true, :class_name => 'Mdm::Workspace'
+  has_and_belongs_to_many :workspaces, -> { uniq }, :join_table => 'workspace_members', :class_name => 'Mdm::Workspace'
 
   #
   # Serialziations
@@ -39,7 +38,7 @@ class Mdm::User < ActiveRecord::Base
   serialized_prefs_attr_accessor :http_proxy_host, :http_proxy_port, :http_proxy_user, :http_proxy_pass
   serialized_prefs_attr_accessor :time_zone, :session_key
   serialized_prefs_attr_accessor :last_login_address # specifically NOT last_login_ip to prevent confusion with AuthLogic magic columns (which dont work for serialized fields)
-
+  
   Metasploit::Concern.run(self)
 end
 

data/app/models/mdm/vuln.rb

@@ -1,5 +1,6 @@
 # A vulnerability found on a {#host} or {#service}.
 class Mdm::Vuln < ActiveRecord::Base
+  
   #
   # Associations
   #
@@ -61,10 +62,11 @@ class Mdm::Vuln < ActiveRecord::Base
   #
   #   @return [<ActiveRecord::RelationMdm::Note>]
   has_many :notes,
+           -> { order('notes.created_at') },
            class_name: 'Mdm::Note',
            inverse_of: :vuln,
-           dependent: :delete_all,
-           order: 'notes.created_at'
+           dependent: :delete_all
+
 
   #
   # Through :vuln_refs
@@ -104,11 +106,10 @@ class Mdm::Vuln < ActiveRecord::Base
   #
   #   @return [ActiveRecord::Relation<Mdm::Module::Detail>]
   has_many :module_details,
-           :class_name => 'Mdm::Module::Detail',
-           :source => :detail,
-           :through => :module_refs,
-           :uniq => true
-
+            -> { uniq },
+            :class_name => 'Mdm::Module::Detail',
+            :source => :detail,
+            :through => :module_refs
   #
   # Attributes
   #

data/app/models/mdm/vuln_attempt.rb

@@ -1,4 +1,5 @@
 class Mdm::VulnAttempt < ActiveRecord::Base
+  
   #
   # Associations
   #

data/app/models/mdm/vuln_detail.rb

@@ -1,6 +1,7 @@
 class Mdm::VulnDetail < ActiveRecord::Base
+  
   #
-  # Relations
+  # Associations
   #
 
   belongs_to :nexpose_console,
@@ -11,7 +12,7 @@ class Mdm::VulnDetail < ActiveRecord::Base
              class_name: 'Mdm::Vuln',
              counter_cache: :vuln_detail_count,
              inverse_of: :vuln_details
-
+  
   #
   # Validations
   #

data/app/models/mdm/vuln_ref.rb

@@ -2,7 +2,7 @@ class Mdm::VulnRef < ActiveRecord::Base
   self.table_name = 'vulns_refs'
 
   #
-  # Relations
+  # Associations
   #
 
   belongs_to :ref,

data/app/models/mdm/web_form.rb

@@ -1,6 +1,7 @@
 class Mdm::WebForm < ActiveRecord::Base
+  
   #
-  # Relations
+  # Associations
   #
 
   belongs_to :web_site,

data/app/models/mdm/web_page.rb

@@ -1,6 +1,7 @@
 class Mdm::WebPage < ActiveRecord::Base
+  
   #
-  # Relations
+  # Associations
   #
 
   belongs_to :web_site,
@@ -12,7 +13,7 @@ class Mdm::WebPage < ActiveRecord::Base
   #
 
   serialize :headers, MetasploitDataModels::Base64Serializer.new
-
+    
   Metasploit::Concern.run(self)
 end
 

data/app/models/mdm/web_site.rb

@@ -1,6 +1,7 @@
 class Mdm::WebSite < ActiveRecord::Base
+  
   #
-  # Relations
+  # Associations
   #
 
   belongs_to :service,
@@ -39,7 +40,7 @@ class Mdm::WebSite < ActiveRecord::Base
 
   def to_url(ignore_vhost=false)
     proto = self.service.name == "https" ? "https" : "http"
-    host = ignore_vhost ? self.service.host.address : self.vhost
+    host = ignore_vhost ? self.service.host.address.to_s : self.vhost
     port = self.service.port
 
     if Rex::Socket.is_ipv6?(host)

data/app/models/mdm/web_vuln.rb

@@ -11,6 +11,7 @@
 #     end
 #   end
 class Mdm::WebVuln < ActiveRecord::Base
+  
   #
   # CONSTANTS
   #

data/app/models/mdm/wmap_request.rb

@@ -1,3 +1,15 @@
 class Mdm::WmapRequest < ActiveRecord::Base
   Metasploit::Concern.run(self)
+
+  #
+  # Attributes
+  #
+
+  # @!attribute [rw] address
+  #   The IP address for this request. Necessary to avoid coercion to an `IPAddr` object.
+  #
+  #   @return [String]
+  def address
+    self[:address].to_s
+  end
 end

data/app/models/mdm/wmap_target.rb

@@ -1,3 +1,15 @@
 class Mdm::WmapTarget < ActiveRecord::Base
   Metasploit::Concern.run(self)
+
+  #
+  # Attributes
+  #
+
+  # @!attribute [rw] address
+  #   The IP address for this target. Necessary to avoid coercion to an `IPAddr` object.
+  #
+  #   @return [String]
+  def address
+    self[:address].to_s
+  end
 end

data/app/models/mdm/workspace.rb

@@ -1,4 +1,5 @@
 class Mdm::Workspace < ActiveRecord::Base
+  
   #
   # Callbacks
   #
@@ -29,8 +30,8 @@ class Mdm::Workspace < ActiveRecord::Base
   has_many :listeners, :dependent => :destroy, :class_name => 'Mdm::Listener'
   has_many :notes, :class_name => 'Mdm::Note'
   belongs_to :owner, :class_name => 'Mdm::User', :foreign_key => 'owner_id'
-  has_many :tasks, :dependent => :destroy, :class_name => 'Mdm::Task', :order => 'created_at DESC'
-  has_and_belongs_to_many :users, :join_table => 'workspace_members', :uniq => true, :class_name => 'Mdm::User'
+  has_many :tasks, -> { order('created_at DESC') }, :dependent => :destroy, :class_name => 'Mdm::Task'
+  has_and_belongs_to_many :users, -> { uniq }, :join_table => 'workspace_members', :class_name => 'Mdm::User'
 
   #
   # Through :hosts
@@ -177,7 +178,7 @@ class Mdm::Workspace < ActiveRecord::Base
   def web_unique_forms(addrs=nil)
     forms = unique_web_forms
     if addrs
-      forms.reject! { |f| not addrs.include?(f.web_site.service.host.address) }
+      forms.reject!{|f| not addrs.include?( f.web_site.service.host.address.to_s ) }
     end
     forms
   end

data/app/models/metasploit_data_models/automatic_exploitation/match.rb

@@ -1,6 +1,4 @@
 class MetasploitDataModels::AutomaticExploitation::Match < ActiveRecord::Base
-  attr_accessible :match_set_id, :module_fullname
-
 
   #
   # Associations
@@ -11,7 +9,6 @@ class MetasploitDataModels::AutomaticExploitation::Match < ActiveRecord::Base
   #
   #   @return [Mdm::Vuln, Mdm::Service]
   belongs_to :matchable, polymorphic: true
-  attr_accessible :matchable
 
   # @!attribute module_detail
   #   The MSF module that this match connects to

data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb

@@ -1,5 +1,4 @@
 class MetasploitDataModels::AutomaticExploitation::MatchResult < ActiveRecord::Base
-  attr_accessible :match_id, :run_id, :state
 
   # Running associated exploit did NOT create a session
   FAILED = "failed"
@@ -36,16 +35,5 @@ class MetasploitDataModels::AutomaticExploitation::MatchResult < ActiveRecord::B
   scope :succeeded, lambda { where(state:"succeeded") }
   scope :failed, lambda { where(state:"failed") }
 
-  # Runs of {#match} by workspace ID
-  scope :by_workspace, lambda { |workspace_id|
-                       joins(
-                         MetasploitDataModels::AutomaticExploitation::MatchResult.join_association(:match),
-                         MetasploitDataModels::AutomaticExploitation::Match.join_association(:match_set)
-                       ).where(
-                         MetasploitDataModels::AutomaticExploitation::MatchSet[:workspace_id].eq(workspace_id),
-                       )
-                     }
-
   Metasploit::Concern.run(self)
 end
-

data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb

@@ -1,5 +1,4 @@
 class MetasploitDataModels::AutomaticExploitation::MatchSet < ActiveRecord::Base
-  attr_accessible :user_id, :workspace_id, :minimum_rank
 
   has_many :runs,
            class_name: "MetasploitDataModels::AutomaticExploitation::Run",

data/app/models/metasploit_data_models/automatic_exploitation/run.rb

@@ -1,6 +1,4 @@
 class MetasploitDataModels::AutomaticExploitation::Run < ActiveRecord::Base
-  attr_accessible :user_id, :workspace_id, :match_set_id
-
   #
   # ASSOCIATIONS
   #

data/app/validators/ip_format_validator.rb

@@ -4,7 +4,12 @@ class IpFormatValidator < ActiveModel::EachValidator
   def validate_each(object, attribute, value)
     error_message_block = lambda{ object.errors[attribute] << " must be a valid IPv4 or IPv6 address" }
     begin
-      potential_ip = IPAddr.new(value)
+      if value.is_a? IPAddr
+        potential_ip = value.dup
+      else
+        potential_ip = IPAddr.new(value)
+      end
+      
       error_message_block.call unless potential_ip.ipv4? || potential_ip.ipv6?
     rescue ArgumentError
       error_message_block.call

data/config/initializers/ipaddr.rb

@@ -0,0 +1,35 @@
+module IPAddrExtensions
+  extend ActiveSupport::Concern
+  included do
+    begin
+      remove_method :==
+    rescue NameError => e
+      puts e.message
+    end
+    
+    alias_method :spaceship_without_rescue, :<=>
+    alias_method :<=>, :spaceship_with_rescue
+    
+    alias_method_chain :include?, :rescue
+  end
+  
+
+  def spaceship_with_rescue(other)
+    begin
+      spaceship_without_rescue(other)
+    rescue ArgumentError
+      false
+    end
+  end
+
+  def include_with_rescue?(other)
+    begin
+      include_without_rescue?(other)
+    rescue ArgumentError
+      false
+    end
+  end
+
+end
+
+IPAddr.send(:include, IPAddrExtensions)