metasploit_data_models 0.7.0-java → 0.11.2-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (70) hide show
  1. data/.gitignore +3 -0
  2. data/.travis.yml +1 -0
  3. data/app/models/mdm/host.rb +352 -26
  4. data/app/models/mdm/loot.rb +72 -7
  5. data/app/models/mdm/{module_action.rb → module/action.rb} +3 -3
  6. data/app/models/mdm/{module_arch.rb → module/arch.rb} +3 -3
  7. data/app/models/mdm/{module_author.rb → module/author.rb} +3 -3
  8. data/app/models/mdm/module/detail.rb +280 -0
  9. data/app/models/mdm/{module_mixin.rb → module/mixin.rb} +3 -3
  10. data/app/models/mdm/{module_platform.rb → module/platform.rb} +3 -3
  11. data/app/models/mdm/module/ref.rb +48 -0
  12. data/app/models/mdm/{module_target.rb → module/target.rb} +3 -3
  13. data/app/models/mdm/note.rb +61 -6
  14. data/app/models/mdm/ref.rb +39 -1
  15. data/app/models/mdm/service.rb +85 -7
  16. data/app/models/mdm/session.rb +100 -6
  17. data/app/models/mdm/vuln.rb +104 -24
  18. data/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb +1 -17
  19. data/db/migrate/20130412154159_change_foreign_key_in_module_actions.rb +25 -0
  20. data/db/migrate/20130412171844_change_foreign_key_in_module_archs.rb +25 -0
  21. data/db/migrate/20130412173121_change_foreign_key_in_module_authors.rb +25 -0
  22. data/db/migrate/20130412173640_change_foreign_key_in_module_mixins.rb +25 -0
  23. data/db/migrate/20130412174254_change_foreign_key_in_module_platforms.rb +25 -0
  24. data/db/migrate/20130412174719_change_foreign_key_in_module_refs.rb +25 -0
  25. data/db/migrate/20130412175040_change_foreign_key_in_module_targets.rb +25 -0
  26. data/db/migrate/20130430151353_change_required_columns_to_null_false_in_hosts.rb +11 -0
  27. data/db/migrate/20130430162145_enforce_address_uniqueness_in_workspace_in_hosts.rb +23 -0
  28. data/lib/mdm/module.rb +4 -0
  29. data/lib/metasploit_data_models.rb +1 -0
  30. data/lib/metasploit_data_models/change_required_columns_to_null_false.rb +23 -0
  31. data/lib/metasploit_data_models/version.rb +1 -1
  32. data/spec/app/models/mdm/host_spec.rb +411 -0
  33. data/spec/app/models/mdm/host_tag_spec.rb +13 -0
  34. data/spec/app/models/mdm/{module_action_spec.rb → module/action_spec.rb} +6 -6
  35. data/spec/app/models/mdm/{module_arch_spec.rb → module/arch_spec.rb} +6 -6
  36. data/spec/app/models/mdm/{module_author_spec.rb → module/author_spec.rb} +6 -6
  37. data/spec/app/models/mdm/{module_detail_spec.rb → module/detail_spec.rb} +101 -11
  38. data/spec/app/models/mdm/{module_mixin_spec.rb → module/mixin_spec.rb} +6 -6
  39. data/spec/app/models/mdm/{module_platform_spec.rb → module/platform_spec.rb} +6 -6
  40. data/spec/app/models/mdm/module/ref_spec.rb +62 -0
  41. data/spec/app/models/mdm/{module_target_spec.rb → module/target_spec.rb} +6 -6
  42. data/spec/app/models/mdm/ref_spec.rb +62 -0
  43. data/spec/app/models/mdm/tag_spec.rb +13 -0
  44. data/spec/app/models/mdm/vuln_ref_spec.rb +13 -0
  45. data/spec/app/models/mdm/vuln_spec.rb +231 -0
  46. data/spec/dummy/db/schema.rb +20 -20
  47. data/spec/factories/mdm/host_tags.rb +9 -0
  48. data/spec/factories/mdm/hosts.rb +65 -0
  49. data/spec/factories/mdm/module/actions.rb +14 -0
  50. data/spec/factories/mdm/module/archs.rb +14 -0
  51. data/spec/factories/mdm/{module_authors.rb → module/authors.rb} +4 -4
  52. data/spec/factories/mdm/module/details.rb +66 -0
  53. data/spec/factories/mdm/module/mixins.rb +14 -0
  54. data/spec/factories/mdm/module/platforms.rb +14 -0
  55. data/spec/factories/mdm/module/refs.rb +14 -0
  56. data/spec/factories/mdm/{module_targets.rb → module/targets.rb} +3 -3
  57. data/spec/factories/mdm/refs.rb +9 -0
  58. data/spec/factories/mdm/tags.rb +14 -0
  59. data/spec/factories/mdm/vuln_refs.rb +4 -0
  60. data/spec/factories/mdm/vulns.rb +20 -0
  61. metadata +75 -42
  62. data/app/models/mdm/module_detail.rb +0 -59
  63. data/app/models/mdm/module_ref.rb +0 -24
  64. data/spec/app/models/mdm/module_ref_spec.rb +0 -38
  65. data/spec/factories/mdm/module_actions.rb +0 -14
  66. data/spec/factories/mdm/module_archs.rb +0 -14
  67. data/spec/factories/mdm/module_details.rb +0 -9
  68. data/spec/factories/mdm/module_mixins.rb +0 -14
  69. data/spec/factories/mdm/module_platforms.rb +0 -14
  70. data/spec/factories/mdm/module_refs.rb +0 -14
@@ -1,39 +1,125 @@
1
+ # A vulnerability found on a {#host} or {#service}.
1
2
  class Mdm::Vuln < ActiveRecord::Base
2
3
  #
3
- # Callbacks
4
+ # Associations
4
5
  #
5
6
 
6
- after_update :save_refs
7
+ # @!attribute [rw] host
8
+ # The host with this vulnerability.
9
+ #
10
+ # @return [Mdm::Host]
11
+ belongs_to :host, :class_name => 'Mdm::Host', :counter_cache => :vuln_count
7
12
 
13
+ # @!attribute [rw] service
14
+ # The service with the vulnerability.
8
15
  #
9
- # Relations
16
+ # @return [Mdm::Service]
17
+ belongs_to :service, :class_name => 'Mdm::Service'
18
+
19
+ # @!attribute [rw] vuln_attempts
20
+ # Attempts to exploit this vulnerability.
10
21
  #
22
+ # @return [Array<Mdm::VulnAttempt>]
23
+ has_many :vuln_attempts, :class_name => 'Mdm::VulnAttempt', :dependent => :destroy
11
24
 
12
- belongs_to :host, :class_name => 'Mdm::Host', :counter_cache => :vuln_count
13
- belongs_to :service, :class_name => 'Mdm::Service', :foreign_key => :service_id
14
- has_many :vuln_attempts, :dependent => :destroy, :class_name => 'Mdm::VulnAttempt'
15
- has_many :vuln_details, :dependent => :destroy, :class_name => 'Mdm::VulnDetail'
16
- has_many :vulns_refs, :class_name => 'Mdm::VulnRef'
25
+ # @!attribute [rw] vuln_details
26
+ # Additional information about this vulnerability.
27
+ #
28
+ # @return [Array<Mdm::VulnDetail>]
29
+ has_many :vuln_details, :class_name => 'Mdm::VulnDetail', :dependent => :destroy
30
+
31
+ # @!attribute [rw] vulns_refs
32
+ # Join model that joins this vuln to its {Mdm::Ref external references}.
33
+ #
34
+ # @todo https://www.pivotaltracker.com/story/show/49004623
35
+ # @return [Array<Mdm::VulnRef>]
36
+ has_many :vulns_refs, :class_name => 'Mdm::VulnRef', :dependent => :destroy
17
37
 
18
38
  #
19
39
  # Through :vuln_refs
20
40
  #
21
- has_many :refs, :through => :vulns_refs, :class_name => 'Mdm::Ref'
41
+
42
+ # @!attribute [r] refs
43
+ # External references to this vulnerability.
44
+ #
45
+ # @todo https://www.pivotaltracker.com/story/show/49004623
46
+ # @return [Array<Mdm::Ref>]
47
+ has_many :refs, :class_name => 'Mdm::Ref', :through => :vulns_refs
48
+
49
+ #
50
+ # Through refs
51
+ #
52
+
53
+ # @!attribute [r] module_refs
54
+ # References in module that match {Mdm::Ref#name names} in {#refs}.
55
+ #
56
+ # @return [Array<Mdm::Module::Ref>]
57
+ has_many :module_refs, :class_name => 'Mdm::Module::Ref', :through => :refs
58
+
59
+ #
60
+ # Through module_refs
61
+ #
62
+
63
+ # @!attribute [r] module_details
64
+ # {Mdm::Module::Detail Modules} that share the same external references as this vuln.
65
+ #
66
+ # @return [Array<Mdm::Module::Detail>]
67
+ has_many :module_details,
68
+ :class_name => 'Mdm::Module::Detail',
69
+ :source => :detail,
70
+ :through => :module_refs,
71
+ :uniq => true
72
+
73
+ #
74
+ # Attributes
75
+ #
76
+
77
+ # @!attribute [rw] exploited_at
78
+ # When the vulnerability was exploited
79
+ #
80
+ # @return [DateTime]
81
+
82
+ # @!attribute [rw] name
83
+ # The name of the vulnerability in metasploit-framework or from the import source.
84
+ #
85
+ # @return [String]
86
+
87
+ # @!attribute [rw] info
88
+ # Additional information about the vulnerability
89
+ #
90
+ # @return [String]
91
+
92
+ # @!attribute [rw] vuln_attempt_count
93
+ # Counter cache for number of {#vuln_attempts}.
94
+ #
95
+ # @return [Integer]
96
+
97
+ # @!attribute [rw] vuln_detail_count
98
+ # Counter cache for number of {#vuln_details}.
99
+ #
100
+ # @return [Integer]
101
+
102
+ #
103
+ # Callbacks
104
+ #
105
+
106
+ after_update :save_refs
22
107
 
23
108
  #
24
109
  # Scopes
25
110
  #
26
111
 
27
- scope :search, lambda { |*args|
112
+ scope :search, lambda { |query|
113
+ formatted_query = "%#{query}%"
114
+
28
115
  where(
29
- [
30
- '(vulns.name ILIKE ? or vulns.info ILIKE ? or refs.name ILIKE ?)',
31
- "%#{args[0]}%",
32
- "%#{args[0]}%",
33
- "%#{args[0]}%"
34
- ]
35
- ).joins(
36
- 'LEFT OUTER JOIN vulns_refs ON vulns_refs.vuln_id=vulns.id LEFT OUTER JOIN refs ON refs.id=vulns_refs.ref_id'
116
+ arel_table[:name].matches(formatted_query).or(
117
+ arel_table[:info].matches(formatted_query)
118
+ ).or(
119
+ Mdm::Ref.arel_table[:name].matches(formatted_query)
120
+ )
121
+ ).includes(
122
+ :refs
37
123
  )
38
124
  }
39
125
 
@@ -46,12 +132,6 @@ class Mdm::Vuln < ActiveRecord::Base
46
132
 
47
133
  private
48
134
 
49
- def before_destroy
50
- Mdm::VulnRef.delete_all('vuln_id = ?', self.id)
51
- Mdm::VulnDetail.delete_all('vuln_id = ?', self.id)
52
- Mdm::VulnAttempt.delete_all('vuln_id = ?', self.id)
53
- end
54
-
55
135
  def save_refs
56
136
  refs.each { |ref| ref.save(:validate => false) }
57
137
  end
@@ -1,6 +1,6 @@
1
1
  # Changes all the {COLUMNS} in the web_vulns table that are required for {Mdm::WebVuln}, but were previously
2
2
  # :null => true
3
- class ChangeRequiredColumnsToNullFalseInWebVulns < ActiveRecord::Migration
3
+ class ChangeRequiredColumnsToNullFalseInWebVulns < MetasploitDataModels::ChangeRequiredColumnsToNullFalse
4
4
  # Columns that were previously :null => true, but are actually required to be non-null, so should be
5
5
  # :null => false
6
6
  COLUMNS = [
@@ -16,20 +16,4 @@ class ChangeRequiredColumnsToNullFalseInWebVulns < ActiveRecord::Migration
16
16
  ]
17
17
  # Table in which {COLUMNS} are.
18
18
  TABLE_NAME = :web_vulns
19
-
20
- # Marks all the {COLUMNS} as :null => true
21
- def down
22
- COLUMNS.each do |column|
23
- change_column_null(TABLE_NAME, column, true)
24
- end
25
- end
26
-
27
- # Marks all the {COLUMNS} as :null => false
28
- def up
29
- COLUMNS.each do |column|
30
- change_column_null(TABLE_NAME, column, false)
31
- end
32
- end
33
-
34
-
35
19
  end
@@ -0,0 +1,25 @@
1
+ # Changes `module_actions.module_detail_id` to `module_actions.detail_id` so that foreign key matches the conventional
2
+ # name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
3
+ class ChangeForeignKeyInModuleActions < ActiveRecord::Migration
4
+ #
5
+ # CONSTANTS
6
+ #
7
+
8
+ NEW_COLUMN_NAME= :detail_id
9
+ OLD_COLUMN_NAME = :module_detail_id
10
+ TABLE_NAME = :module_actions
11
+
12
+ # Renames `module_actions.detail_id` to `module_actions.module_detail_id`.
13
+ #
14
+ # @return [void]
15
+ def down
16
+ rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
17
+ end
18
+
19
+ # Rename `module_actions.module_detail_id` to `module_actions.detail_id`
20
+ #
21
+ # @return [void]
22
+ def up
23
+ rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
24
+ end
25
+ end
@@ -0,0 +1,25 @@
1
+ # Changes `module_archs.module_detail_id` to `module_archs.detail_id` so that foreign key matches the conventional
2
+ # name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
3
+ class ChangeForeignKeyInModuleArchs < ActiveRecord::Migration
4
+ #
5
+ # CONSTANTS
6
+ #
7
+
8
+ NEW_COLUMN_NAME= :detail_id
9
+ OLD_COLUMN_NAME = :module_detail_id
10
+ TABLE_NAME = :module_archs
11
+
12
+ # Renames `module_archs.detail_id` to `module_archs.module_detail_id`.
13
+ #
14
+ # @return [void]
15
+ def down
16
+ rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
17
+ end
18
+
19
+ # Rename `module_archs.module_detail_id` to `module_archs.detail_id`
20
+ #
21
+ # @return [void]
22
+ def up
23
+ rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
24
+ end
25
+ end
@@ -0,0 +1,25 @@
1
+ # Changes `module_authors.module_detail_id` to `module_authors.detail_id` so that foreign key matches the conventional
2
+ # name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
3
+ class ChangeForeignKeyInModuleAuthors < ActiveRecord::Migration
4
+ #
5
+ # CONSTANTS
6
+ #
7
+
8
+ NEW_COLUMN_NAME= :detail_id
9
+ OLD_COLUMN_NAME = :module_detail_id
10
+ TABLE_NAME = :module_authors
11
+
12
+ # Renames `module_authors.detail_id` to `module_authors.module_detail_id`.
13
+ #
14
+ # @return [void]
15
+ def down
16
+ rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
17
+ end
18
+
19
+ # Rename `module_authors.module_detail_id` to `module_authors.detail_id`
20
+ #
21
+ # @return [void]
22
+ def up
23
+ rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
24
+ end
25
+ end
@@ -0,0 +1,25 @@
1
+ # Changes `module_mixins.module_detail_id` to `module_mixins.detail_id` so that foreign key matches the conventional
2
+ # name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
3
+ class ChangeForeignKeyInModuleMixins < ActiveRecord::Migration
4
+ #
5
+ # CONSTANTS
6
+ #
7
+
8
+ NEW_COLUMN_NAME= :detail_id
9
+ OLD_COLUMN_NAME = :module_detail_id
10
+ TABLE_NAME = :module_mixins
11
+
12
+ # Renames `module_mixins.detail_id` to `module_mixins.module_detail_id`.
13
+ #
14
+ # @return [void]
15
+ def down
16
+ rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
17
+ end
18
+
19
+ # Rename `module_mixins.module_detail_id` to `module_mixins.detail_id`
20
+ #
21
+ # @return [void]
22
+ def up
23
+ rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
24
+ end
25
+ end
@@ -0,0 +1,25 @@
1
+ # Changes `module_platforms.module_detail_id` to `module_platforms.detail_id` so that foreign key matches the conventional
2
+ # name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
3
+ class ChangeForeignKeyInModulePlatforms < ActiveRecord::Migration
4
+ #
5
+ # CONSTANTS
6
+ #
7
+
8
+ NEW_COLUMN_NAME= :detail_id
9
+ OLD_COLUMN_NAME = :module_detail_id
10
+ TABLE_NAME = :module_platforms
11
+
12
+ # Renames `module_platforms.detail_id` to `module_platforms.module_detail_id`.
13
+ #
14
+ # @return [void]
15
+ def down
16
+ rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
17
+ end
18
+
19
+ # Rename `module_platforms.module_detail_id` to `module_platforms.detail_id`
20
+ #
21
+ # @return [void]
22
+ def up
23
+ rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
24
+ end
25
+ end
@@ -0,0 +1,25 @@
1
+ # Changes `module_refs.module_detail_id` to `module_refs.detail_id` so that foreign key matches the conventional
2
+ # name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
3
+ class ChangeForeignKeyInModuleRefs < ActiveRecord::Migration
4
+ #
5
+ # CONSTANTS
6
+ #
7
+
8
+ NEW_COLUMN_NAME= :detail_id
9
+ OLD_COLUMN_NAME = :module_detail_id
10
+ TABLE_NAME = :module_refs
11
+
12
+ # Renames `module_refs.detail_id` to `module_refs.module_detail_id`.
13
+ #
14
+ # @return [void]
15
+ def down
16
+ rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
17
+ end
18
+
19
+ # Rename `module_refs.module_detail_id` to `module_refs.detail_id`
20
+ #
21
+ # @return [void]
22
+ def up
23
+ rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
24
+ end
25
+ end
@@ -0,0 +1,25 @@
1
+ # Changes `module_targets.module_detail_id` to `module_targets.detail_id` so that foreign key matches the conventional
2
+ # name when `Mdm::ModuleDetail` became {Mdm::Module::Detail}.
3
+ class ChangeForeignKeyInModuleTargets < ActiveRecord::Migration
4
+ #
5
+ # CONSTANTS
6
+ #
7
+
8
+ NEW_COLUMN_NAME= :detail_id
9
+ OLD_COLUMN_NAME = :module_detail_id
10
+ TABLE_NAME = :module_targets
11
+
12
+ # Renames `module_targets.detail_id` to `module_targets.module_detail_id`.
13
+ #
14
+ # @return [void]
15
+ def down
16
+ rename_column TABLE_NAME, NEW_COLUMN_NAME, OLD_COLUMN_NAME
17
+ end
18
+
19
+ # Rename `module_targets.module_detail_id` to `module_targets.detail_id`
20
+ #
21
+ # @return [void]
22
+ def up
23
+ rename_column TABLE_NAME, OLD_COLUMN_NAME, NEW_COLUMN_NAME
24
+ end
25
+ end
@@ -0,0 +1,11 @@
1
+ # Changes all the {COLUMNS} in the hosts table that are required for {Mdm::Host}, but were previously `:null => true`.
2
+ class ChangeRequiredColumnsToNullFalseInHosts < MetasploitDataModels::ChangeRequiredColumnsToNullFalse
3
+ # Columns that were previously `:null => true`, but are actually required to be non-null, so should be
4
+ # `:null => false`
5
+ COLUMNS = [
6
+ :address,
7
+ :workspace_id
8
+ ]
9
+ # Table in which {COLUMNS} are.
10
+ TABLE_NAME = :hosts
11
+ end
@@ -0,0 +1,23 @@
1
+ # Changes index on address so it scoped to workspace_id and is unique to match the validation in {Mdm::Host} on
2
+ # {Mdm::Host#address}.
3
+ class EnforceAddressUniquenessInWorkspaceInHosts < ActiveRecord::Migration
4
+ TABLE_NAME = :hosts
5
+
6
+ # Restores old index on address
7
+ def down
8
+ change_table TABLE_NAME do |t|
9
+ t.remove_index [:workspace_id, :address]
10
+
11
+ t.index :address
12
+ end
13
+ end
14
+
15
+ # Make index on address scope to workspace_id and be unique
16
+ def up
17
+ change_table TABLE_NAME do |t|
18
+ t.remove_index :address
19
+
20
+ t.index [:workspace_id, :address], :unique => true
21
+ end
22
+ end
23
+ end
data/lib/mdm/module.rb ADDED
@@ -0,0 +1,4 @@
1
+ # Namespace for all models dealing with module caching.
2
+ module Mdm::Module
3
+
4
+ end
@@ -15,6 +15,7 @@ require 'active_support/dependencies'
15
15
  # Project
16
16
  #
17
17
  require 'mdm'
18
+ require 'mdm/module'
18
19
  require 'metasploit_data_models/version'
19
20
  require 'metasploit_data_models/serialized_prefs'
20
21
  require 'metasploit_data_models/base64_serializer'
@@ -0,0 +1,23 @@
1
+ module MetasploitDataModels
2
+ # Changes all the COLUMNS in the table with TABLE_NAME that are required from the table's mode, but were previously
3
+ # `:null => true`, to `:null => false`.
4
+ #
5
+ # @abstract Subclass and define COLUMNS as Array<Symbol> and TABLE_NAME as Symbol.
6
+ class ChangeRequiredColumnsToNullFalse < ActiveRecord::Migration
7
+ # Marks all the COLUMNS as `:null => true`
8
+ def down
9
+ # Use self.class:: so constants are resolved in subclasses instead of this class.
10
+ self.class::COLUMNS.each do |column|
11
+ change_column_null(self.class::TABLE_NAME, column, true)
12
+ end
13
+ end
14
+
15
+ # Marks all the COLUMNS as `:null => false`
16
+ def up
17
+ # Use self.class:: so constants are resolved in subclasses instead of this class.
18
+ self.class::COLUMNS.each do |column|
19
+ change_column_null(self.class::TABLE_NAME, column, false)
20
+ end
21
+ end
22
+ end
23
+ end