metasploit_data_models 0.6.13

data/spec/app/models/mdm/module_target_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+describe Mdm::ModuleTarget do
+  context 'associations' do
+    it { should belong_to(:module_detail).class_name('Mdm::ModuleDetail') }
+  end
+
+  context 'database' do
+    context 'columns' do
+      it { should have_db_column(:index).of_type(:integer) }
+      it { should have_db_column(:module_detail_id).of_type(:integer) }
+      it { should have_db_column(:name).of_type(:text) }
+    end
+
+    context 'indices' do
+      it { should have_db_index(:module_detail_id) }
+    end
+  end
+
+  context 'factories' do
+    context 'mdm_module_target' do
+      subject(:mdm_module_target) do
+        FactoryGirl.build :mdm_module_target
+      end
+
+      it { should be_valid }
+    end
+  end
+
+  context 'mass assignment security' do
+    it { should allow_mass_assignment_of(:index) }
+    it { should_not allow_mass_assignment_of(:module_detail_id) }
+    it { should allow_mass_assignment_of(:name) }
+  end
+
+  context 'validations' do
+    it { should validate_presence_of(:index) }
+    it { should validate_presence_of(:module_detail) }
+    it { should validate_presence_of(:name) }
+  end
+end

data/spec/app/models/mdm/web_vuln_spec.rb

@@ -0,0 +1,126 @@
+require 'spec_helper'
+
+describe Mdm::WebVuln do
+  let(:confidence_range) do
+    0 .. 100
+  end
+
+  let(:default_params) do
+    []
+  end
+
+  let(:methods) do
+    [
+        'GET',
+        'POST',
+        # XXX not sure why PATH is valid since it's not an HTTP method verb.
+        'PATH'
+    ]
+  end
+
+  let(:risk_range) do
+    0 .. 5
+  end
+
+  subject(:web_vuln) do
+    described_class.new
+  end
+
+  context 'associations' do
+    it { should belong_to(:web_site).class_name('Mdm::WebSite') }
+  end
+
+  context 'CONSTANTS' do
+    it 'should define CONFIDENCE_RANGE' do
+      described_class::CONFIDENCE_RANGE.should == confidence_range
+    end
+
+    it 'should define METHODS in any order' do
+      described_class::METHODS.should =~ methods
+    end
+
+    it 'should define RISK_RANGE' do
+      described_class::RISK_RANGE.should == risk_range
+    end
+  end
+
+  context 'database' do
+    context 'columns' do
+      it { should have_db_column(:blame).of_type(:text) }
+      it { should have_db_column(:category).of_type(:text).with_options(:null => false) }
+      it { should have_db_column(:confidence).of_type(:text).with_options(:null => false) }
+      it { should have_db_column(:description).of_type(:text) }
+      it { should have_db_column(:method).of_type(:string).with_options(:limit => 1024, :null => false) }
+      it { should have_db_column(:name).of_type(:string).with_options(:limit => 1024, :null => false) }
+      it { should have_db_column(:owner).of_type(:string) }
+      it { should have_db_column(:params).of_type(:text).with_options(:null => false) }
+      it { should have_db_column(:path).of_type(:text).with_options(:null => false) }
+      it { should have_db_column(:payload).of_type(:text) }
+      it { should have_db_column(:pname).of_type(:text).with_options(:null => false) }
+      it { should have_db_column(:proof).of_type(:binary).with_options(:null => false) }
+      it { should have_db_column(:query).of_type(:text) }
+      it { should have_db_column(:request).of_type(:binary) }
+      it { should have_db_column(:risk).of_type(:integer).with_options(:null => false) }
+      it { should have_db_column(:web_site_id).of_type(:integer).with_options(:null => false) }
+
+      context 'timestamps' do
+        it { should have_db_column(:created_at).of_type(:datetime).with_options(:null => false) }
+        it { should have_db_column(:updated_at).of_type(:datetime).with_options(:null => false) }
+      end
+    end
+
+    context 'indices' do
+      it { should have_db_index(:method) }
+      it { should have_db_index(:name) }
+      it { should have_db_index(:path) }
+    end
+  end
+
+  context 'validations' do
+    it { should validate_presence_of :category }
+    it { should ensure_inclusion_of(:confidence).in_range(confidence_range) }
+    it { should ensure_inclusion_of(:method).in_array(methods) }
+    it { should validate_presence_of :name }
+    it { should validate_presence_of :path }
+
+    it 'should not validate presence of params because it default to [] and can never be nil' do
+      web_vuln.should_not validate_presence_of(:params)
+    end
+
+    it { should validate_presence_of :pname }
+    it { should validate_presence_of :proof }
+    it { should ensure_inclusion_of(:risk).in_range(risk_range) }
+    it { should validate_presence_of :web_site }
+  end
+
+  context 'serializations' do
+    it { should serialize(:params).as_instance_of(MetasploitDataModels::Base64Serializer) }
+  end
+
+  context '#params' do
+    let(:default) do
+      []
+    end
+
+    let(:params) do
+      web_vuln.params
+    end
+
+    it 'should default to []' do
+      params.should == default
+    end
+
+    it 'should return default if set to nil' do
+      web_vuln.params = nil
+      web_vuln.params.should == default
+    end
+
+    it 'should return default if set to nil and saved' do
+      web_vuln = FactoryGirl.build(:mdm_web_vuln)
+      web_vuln.params = nil
+      web_vuln.save!
+
+      web_vuln.params.should == default
+    end
+  end
+end

data/spec/dummy/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    "application", :media => "all" %>
+  <%= javascript_include_tag "application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Dummy::Application

data/spec/dummy/config/application.rb

@@ -0,0 +1,61 @@
+require File.expand_path('../boot', __FILE__)
+
+require 'rails/all'
+
+Bundler.require(*Rails.groups)
+# require the engine being tested.  In a non-dummy app this would be handled by the engine's gem being in the Gemfile
+# for real app and Bundler.require requiring the gem.
+require 'metasploit_data_models'
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+
+    # Enable escaping HTML in JSON.
+    config.active_support.escape_html_entities_in_json = true
+
+    # Use SQL instead of Active Record's schema dumper when creating the database.
+    # This is necessary if your schema can't be completely dumped by the schema dumper,
+    # like if you have constraints or database-specific column types
+    # config.active_record.schema_format = :sql
+
+    # Enforce whitelist mode for mass assignment.
+    # This will create an empty whitelist of attributes available for mass-assignment for all models
+    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
+    # parameters by using an attr_accessible or attr_protected declaration.
+    config.active_record.whitelist_attributes = true
+
+    # Enable the asset pipeline
+    config.assets.enabled = true
+
+    # Version of your assets, change this if you want to expire all your assets
+    config.assets.version = '1.0'
+  end
+end
+

data/spec/dummy/config/boot.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/database.yml.example

@@ -0,0 +1,22 @@
+# Please only use postgresql bound to a TCP port.
+development: &pgsql
+  adapter: postgresql
+  database: metasploit_data_models_development
+  username: metasploit_data_models_development
+  password: __________________________________
+  host: localhost
+  port: 5432
+  pool: 5
+  timeout: 5
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+#
+# Note also, sqlite3 is totally unsupported by Metasploit now.
+test:
+  <<: *pgsql
+  database: metasploit_data_models_test
+  username: metasploit_data_models_test
+  password: ___________________________
+

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Dummy::Application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,37 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+end

data/spec/dummy/config/environments/production.rb

@@ -0,0 +1,67 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this)
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS
+  config.assets.compress = true
+
+  # Don't fallback to assets pipeline if a precompiled asset is missed
+  config.assets.compile = false
+
+  # Generate digests for assets URLs
+  config.assets.digest = true
+
+  # Defaults to nil and saved in location specified by config.assets.prefix
+  # config.assets.manifest = YOUR_PATH
+
+  # Specifies the header that your server uses for sending files
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Prepend all log lines with the following tags
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
+  # config.assets.precompile += %w( search.js )
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  # config.active_record.auto_explain_threshold_in_seconds = 0.5
+end