metasploit_data_models 1.0.0.pre.rails.pre.4.0b → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (157) hide show
  1. checksums.yaml +4 -4
  2. data/.rspec +2 -2
  3. data/.travis.yml +6 -3
  4. data/CHANGELOG.md +6 -0
  5. data/CONTRIBUTING.md +10 -52
  6. data/Gemfile +4 -6
  7. data/RELEASING.md +88 -0
  8. data/Rakefile +23 -0
  9. data/UPGRADING.md +1 -0
  10. data/app/models/mdm/api_key.rb +41 -1
  11. data/app/models/mdm/client.rb +41 -1
  12. data/app/models/mdm/cred.rb +116 -28
  13. data/app/models/mdm/event.rb +47 -0
  14. data/app/models/mdm/exploit_attempt.rb +65 -16
  15. data/app/models/mdm/exploited_host.rb +27 -0
  16. data/app/models/mdm/host_detail.rb +44 -0
  17. data/app/models/mdm/host_tag.rb +6 -8
  18. data/app/models/mdm/listener.rb +52 -0
  19. data/app/models/mdm/macro.rb +42 -0
  20. data/app/models/mdm/mod_ref.rb +21 -1
  21. data/app/models/mdm/module/action.rb +15 -0
  22. data/app/models/mdm/module/arch.rb +10 -0
  23. data/app/models/mdm/module/author.rb +17 -1
  24. data/app/models/mdm/module/mixin.rb +13 -0
  25. data/app/models/mdm/module/platform.rb +11 -0
  26. data/app/models/mdm/module/target.rb +18 -0
  27. data/app/models/mdm/nexpose_console.rb +82 -4
  28. data/app/models/mdm/profile.rb +36 -0
  29. data/app/models/mdm/route.rb +16 -4
  30. data/app/models/mdm/session_event.rb +32 -0
  31. data/app/models/mdm/tag.rb +48 -9
  32. data/app/models/mdm/task.rb +85 -46
  33. data/app/models/mdm/task_cred.rb +29 -0
  34. data/app/models/mdm/task_host.rb +25 -0
  35. data/app/models/mdm/task_service.rb +25 -0
  36. data/app/models/mdm/task_session.rb +25 -0
  37. data/app/models/mdm/user.rb +192 -6
  38. data/app/models/mdm/vuln_attempt.rb +37 -12
  39. data/app/models/mdm/vuln_detail.rb +138 -5
  40. data/app/models/mdm/vuln_ref.rb +3 -0
  41. data/app/models/mdm/web_form.rb +34 -0
  42. data/app/models/mdm/web_page.rb +69 -0
  43. data/app/models/mdm/web_site.rb +50 -0
  44. data/app/models/mdm/wmap_request.rb +85 -0
  45. data/app/models/mdm/wmap_target.rb +40 -0
  46. data/app/models/mdm/workspace.rb +160 -17
  47. data/app/models/metasploit_data_models/automatic_exploitation/match.rb +13 -23
  48. data/app/models/metasploit_data_models/automatic_exploitation/match_result.rb +25 -4
  49. data/app/models/metasploit_data_models/automatic_exploitation/match_set.rb +15 -4
  50. data/app/models/metasploit_data_models/automatic_exploitation/run.rb +7 -3
  51. data/app/models/metasploit_data_models/ip_address/v4/segmented.rb +1 -1
  52. data/app/models/metasploit_data_models/module_run.rb +1 -1
  53. data/app/models/metasploit_data_models/search/visitor/where.rb +1 -1
  54. data/app/validators/ip_format_validator.rb +4 -0
  55. data/app/validators/parameters_validator.rb +12 -0
  56. data/app/validators/password_is_strong_validator.rb +10 -1
  57. data/lib/mdm/host/operating_system_normalization.rb +7 -10
  58. data/lib/metasploit_data_models.rb +4 -0
  59. data/lib/metasploit_data_models/automatic_exploitation.rb +25 -0
  60. data/lib/metasploit_data_models/engine.rb +2 -0
  61. data/lib/metasploit_data_models/serialized_prefs.rb +6 -0
  62. data/lib/metasploit_data_models/version.rb +30 -7
  63. data/metasploit_data_models.gemspec +9 -2
  64. data/spec/app/models/mdm/api_key_spec.rb +1 -3
  65. data/spec/app/models/mdm/client_spec.rb +9 -11
  66. data/spec/app/models/mdm/cred_spec.rb +42 -54
  67. data/spec/app/models/mdm/event_spec.rb +22 -24
  68. data/spec/app/models/mdm/exploit_attempt_spec.rb +19 -21
  69. data/spec/app/models/mdm/exploited_host_spec.rb +11 -13
  70. data/spec/app/models/mdm/host_detail_spec.rb +15 -17
  71. data/spec/app/models/mdm/host_spec.rb +262 -260
  72. data/spec/app/models/mdm/host_tag_spec.rb +6 -8
  73. data/spec/app/models/mdm/listener_spec.rb +30 -32
  74. data/spec/app/models/mdm/loot_spec.rb +21 -23
  75. data/spec/app/models/mdm/macro_spec.rb +1 -3
  76. data/spec/app/models/mdm/mod_ref_spec.rb +1 -3
  77. data/spec/app/models/mdm/module/action_spec.rb +8 -10
  78. data/spec/app/models/mdm/module/arch_spec.rb +8 -10
  79. data/spec/app/models/mdm/module/author_spec.rb +19 -14
  80. data/spec/app/models/mdm/module/detail_spec.rb +184 -75
  81. data/spec/app/models/mdm/module/mixin_spec.rb +8 -10
  82. data/spec/app/models/mdm/module/platform_spec.rb +8 -10
  83. data/spec/app/models/mdm/module/ref_spec.rb +8 -10
  84. data/spec/app/models/mdm/module/target_spec.rb +10 -12
  85. data/spec/app/models/mdm/nexpose_console_spec.rb +35 -37
  86. data/spec/app/models/mdm/note_spec.rb +23 -25
  87. data/spec/app/models/mdm/profile_spec.rb +1 -3
  88. data/spec/app/models/mdm/ref_spec.rb +9 -12
  89. data/spec/app/models/mdm/route_spec.rb +6 -8
  90. data/spec/app/models/mdm/service_spec.rb +38 -40
  91. data/spec/app/models/mdm/session_event_spec.rb +10 -12
  92. data/spec/app/models/mdm/session_spec.rb +13 -15
  93. data/spec/app/models/mdm/tag_spec.rb +29 -30
  94. data/spec/app/models/mdm/task_cred_spec.rb +9 -11
  95. data/spec/app/models/mdm/task_host_spec.rb +9 -11
  96. data/spec/app/models/mdm/task_service_spec.rb +9 -11
  97. data/spec/app/models/mdm/task_session_spec.rb +7 -9
  98. data/spec/app/models/mdm/task_spec.rb +27 -29
  99. data/spec/app/models/mdm/user_spec.rb +17 -19
  100. data/spec/app/models/mdm/vuln_attempt_spec.rb +14 -16
  101. data/spec/app/models/mdm/vuln_detail_spec.rb +26 -28
  102. data/spec/app/models/mdm/vuln_ref_spec.rb +8 -10
  103. data/spec/app/models/mdm/vuln_spec.rb +24 -26
  104. data/spec/app/models/mdm/web_form_spec.rb +11 -13
  105. data/spec/app/models/mdm/web_page_spec.rb +19 -21
  106. data/spec/app/models/mdm/web_site_spec.rb +21 -23
  107. data/spec/app/models/mdm/web_vuln_spec.rb +63 -65
  108. data/spec/app/models/mdm/wmap_request_spec.rb +1 -3
  109. data/spec/app/models/mdm/wmap_target_spec.rb +1 -3
  110. data/spec/app/models/mdm/workspace_spec.rb +97 -100
  111. data/spec/app/models/metasploit_data_models/automatic_exploitation/match_result_spec.rb +3 -5
  112. data/spec/app/models/metasploit_data_models/automatic_exploitation/match_set_spec.rb +13 -15
  113. data/spec/app/models/metasploit_data_models/automatic_exploitation/match_spec.rb +1 -3
  114. data/spec/app/models/metasploit_data_models/automatic_exploitation/run_spec.rb +1 -3
  115. data/spec/app/models/metasploit_data_models/ip_address/v4/cidr_spec.rb +10 -12
  116. data/spec/app/models/metasploit_data_models/ip_address/v4/nmap_spec.rb +4 -6
  117. data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +21 -23
  118. data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +9 -11
  119. data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +21 -23
  120. data/spec/app/models/metasploit_data_models/ip_address/v4/segment/segmented_spec.rb +4 -6
  121. data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +22 -15
  122. data/spec/app/models/metasploit_data_models/ip_address/v4/single_spec.rb +4 -6
  123. data/spec/app/models/metasploit_data_models/module_run_spec.rb +1 -3
  124. data/spec/app/models/metasploit_data_models/search/operation/ip_address_spec.rb +18 -20
  125. data/spec/app/models/metasploit_data_models/search/operation/port/number_spec.rb +6 -8
  126. data/spec/app/models/metasploit_data_models/search/operation/port/range_spec.rb +8 -10
  127. data/spec/app/models/metasploit_data_models/search/operation/range_spec.rb +8 -10
  128. data/spec/app/models/metasploit_data_models/search/operator/ip_address_spec.rb +2 -4
  129. data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +8 -10
  130. data/spec/app/models/metasploit_data_models/search/operator/port/list_spec.rb +6 -8
  131. data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb +9 -11
  132. data/spec/app/models/metasploit_data_models/search/visitor/includes_spec.rb +5 -7
  133. data/spec/app/models/metasploit_data_models/search/visitor/joins_spec.rb +17 -19
  134. data/spec/app/models/metasploit_data_models/search/visitor/method_spec.rb +5 -7
  135. data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb +61 -23
  136. data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb +8 -10
  137. data/spec/app/validators/parameters_validator_spec.rb +29 -29
  138. data/spec/app/validators/password_is_strong_validator_spec.rb +54 -46
  139. data/spec/lib/base64_serializer_spec.rb +19 -21
  140. data/spec/lib/ipaddr_spec.rb +1 -3
  141. data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +18 -12
  142. data/spec/lib/metasploit_data_models/ip_address/range_spec.rb +4 -6
  143. data/spec/lib/metasploit_data_models/match/child_spec.rb +2 -4
  144. data/spec/lib/metasploit_data_models/match/parent_spec.rb +4 -6
  145. data/spec/lib/metasploit_data_models/version_spec.rb +3 -139
  146. data/spec/lib/metasploit_data_models_spec.rb +4 -0
  147. data/spec/spec_helper.rb +86 -12
  148. data/spec/support/shared/examples/mdm/module/detail/does_not_support_stance_with_mtype.rb +2 -2
  149. data/spec/support/shared/examples/mdm/module/detail/supports_stance_with_mtype.rb +4 -4
  150. data/spec/support/shared/examples/metasploit_data_models/search/operation/ipaddress/match.rb +2 -2
  151. data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_children.rb +5 -5
  152. data/spec/support/shared/examples/metasploit_data_models/search/visitor/includes/visit/with_metasploit_model_search_operation_base.rb +5 -5
  153. data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_equality.rb +3 -3
  154. data/spec/support/shared/examples/metasploit_data_models/search/visitor/where/visit/with_metasploit_model_search_group_base.rb +7 -6
  155. metadata +74 -14
  156. data/app/models/metasploit_data_models/automatic_exploitation.rb +0 -16
  157. data/lib/tasks/yard.rake +0 -33
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8786462afa4886795f010d8d1932ed02af472907
4
- data.tar.gz: 54bb9201b29cf04d859e05094e265761ef80ada4
3
+ metadata.gz: 56925093d1b65f879700c5e36663b600fcc41535
4
+ data.tar.gz: aec5a56a97bd5afeb1b5e51502b2b11e0f5ae1f3
5
5
  SHA512:
6
- metadata.gz: 8dacbe23f336c1bd3b56ca69feea5bcd133aa427e88562f7a23b25b060c8a2f1f5c3ae268b96c8dbd87de6234d7ac33f4cc69bb5a53710e39477e50c90870115
7
- data.tar.gz: 19443fc84ba571a7cc3fc0a3da5975ec597060cbd4c345c356012fc6e99a6151e0313d3309ee7bca5c493337428a93862542e4ec2f5e1e72b1e53fb98197dc0e
6
+ metadata.gz: ba9146272ae101f2f4e15546334d7a50ca0e1a74cb2150376582be992b3b0ec2bf13d01642fdbac98ab88ea9d01eabd18df1769b06bdb841da1623d879452e56
7
+ data.tar.gz: 2bb46180f0879fb0f222ba384a84be59c48574b62e2aca3b9182e95e1703890b0f15c4a8f324a4a7f2f4bdd38114c7bb004594f026184b244a73c62f005dedaf
data/.rspec CHANGED
@@ -1,3 +1,3 @@
1
+ --color
1
2
  --format documentation
2
- --colour
3
- --drb
3
+ --require spec_helper
data/.travis.yml CHANGED
@@ -1,3 +1,8 @@
1
+ addons:
2
+ postgresql: '9.3'
3
+ before_install:
4
+ # graphviz for yard-metasploit-erd
5
+ - sudo apt-get install graphviz
1
6
  before_script:
2
7
  - cp spec/dummy/config/database.yml.travis spec/dummy/config/database.yml
3
8
  - bundle exec rake db:setup
@@ -5,6 +10,4 @@ cache: bundler
5
10
  language: ruby
6
11
  rvm:
7
12
  - 2.1
8
- sudo: false
9
- addons:
10
- postgresql: '9.3'
13
+ script: bundle exec rake spec yard
data/CHANGELOG.md ADDED
@@ -0,0 +1,6 @@
1
+ # Next Release
2
+
3
+ * Enhancements
4
+ * Bug Fixes
5
+ * Deprecations
6
+ * Incompatible Changes
data/CONTRIBUTING.md CHANGED
@@ -25,19 +25,18 @@ issue tracking software.
25
25
 
26
26
  ### `PRERELEASE`
27
27
 
28
- 1. Update `PRERELEASE` to match the `SUMMARY` in the branch name. If you branched from `master`, and [version.rb](lib/metasploit_data_models/version.rb) does not have `PRERELEASE` defined, then adding the following lines after `PATCH`:
28
+ 1. Update `PRERELEASE` to match the `SUMMARY` in the branch name. If you branched from `master`, and [version.rb](lib/metasploit_data_models/version.rb) does not have `PRERELEASE` defined, then adding the following lines after `PATCH`:
29
29
  ```
30
- # The prerelease version, scoped to the {PATCH} version number.
30
+ # The prerelease version, scoped to the {MAJOR}, {MINOR}, and {PATCH} version number.
31
31
  PRERELEASE = '<SUMMARY>'
32
32
  ```
33
33
  2. `rake spec`
34
34
  3. Verify the specs pass, which indicates that `PRERELEASE` was updated correctly.
35
35
  4. Commit the change `git commit -a`
36
36
 
37
-
38
37
  ### Your changes
39
38
 
40
- Make your changes or however many commits you like, commiting each with `git commit`.
39
+ Make your changes or however many commits you like, committing each with `git commit`.
41
40
 
42
41
  ### Pre-Pull Request Testing
43
42
 
@@ -46,12 +45,12 @@ Make your changes or however many commits you like, commiting each with `git com
46
45
 
47
46
  ### Push
48
47
 
49
- Push your branch to your fork on gitub: `git push push TYPE/ISSUE/SUMMARY`
48
+ Push your branch to your fork on github: `git push TYPE/ISSUE/SUMMARY`
50
49
 
51
50
  ### Pull Request
52
51
 
53
52
  * [Create new Pull Request](https://github.com/rapid7/metasploit_data_models/compare/)
54
- * Add a Verification Steps comment
53
+ * Add a Verification Steps to the description comment
55
54
 
56
55
  ```
57
56
  # Verification Steps
@@ -62,11 +61,12 @@ Push your branch to your fork on gitub: `git push push TYPE/ISSUE/SUMMARY`
62
61
  - [ ] `rake spec`
63
62
  - [ ] VERIFY no failures
64
63
  ```
64
+
65
65
  You should also include at least one scenario to manually check the changes outside of specs.
66
66
 
67
67
  * Add a Post-merge Steps comment
68
68
 
69
- The 'Post-merge Steps' are a reminder to the reviewer of the Pull Request of how to update the [`PRERELEASE`](lib/metasploit_data_models/version.rb) so that [version_spec.rb](spec/lib/metasploit_data_models/version_spec.rb) passes on the target branch after the merge.
69
+ The 'Post-merge Steps' are a reminder to the reviewer of the Pull Request of how to update the [`PRERELEASE`](lib/metasploit_data_models/version.rb) so that [version_spec.rb](spec/lib/metasploit_data_models/version.rb_spec.rb) passes on the target branch after the merge.
70
70
 
71
71
  DESTINATION is the name of the destination branch into which the merge is being made. SOURCE_SUMMARY is the SUMMARY from TYPE/ISSUE/SUMMARY branch name for the SOURCE branch that is being made.
72
72
 
@@ -106,7 +106,7 @@ Perform these steps prior to pushing to DESTINATION or the build will be broke o
106
106
  - [ ] Change `PRERELEASE` from `SOURCE_SUMMARY` to `DESTINATION_SUMMARY` to match the branch (DESTINATION) summary (DESTINATION_SUMMARY)
107
107
 
108
108
  ## Gem build
109
- - [ ] gem build *.gemspec
109
+ - [ ] gem build metasploit_data_models.gemspec
110
110
  - [ ] VERIFY the prerelease suffix has change on the gem.
111
111
 
112
112
  ## RSpec
@@ -118,47 +118,5 @@ Perform these steps prior to pushing to DESTINATION or the build will be broke o
118
118
  - [ ] `git push origin DESTINATION`
119
119
  ```
120
120
 
121
- * Add a 'Release Steps' comment
122
-
123
- The 'Release Steps' are a reminder to the reviewer of the Pull Request of how to release the gem.
124
-
125
- ```
126
- # Release
127
-
128
- Complete these steps on DESTINATION
129
-
130
- ## Version
131
-
132
- ### Compatible changes
133
-
134
- If the change are compatible with the previous branch's API, then increment [`PATCH`](lib/metasploit_data_models/version.rb).
135
-
136
- ### Incompatible changes
137
-
138
- If your changes are incompatible with the previous branch's API, then increment
139
- [`MINOR`](lib/metasploit_data_models/version.rb) and reset [`PATCH`](lib/metasploit_data_models/version.rb) to `0`.
140
-
141
- - [ ] Following the rules for [semantic versioning 2.0](http://semver.org/spec/v2.0.0.html), update
142
- [`MINOR`](lib/metasploit_data_models/version.rb) and [`PATCH`](lib/metasploit_data_models/version.rb) and commit the changes.
143
-
144
- ## JRuby
145
- - [ ] `rvm use jruby@metasploit_data_models`
146
- - [ ] `rm Gemfile.lock`
147
- - [ ] `bundle install`
148
- - [ ] `rake release`
149
-
150
- ## MRI Ruby
151
- - [ ] `rvm use ruby-2.1@metasploit_data_models`
152
- - [ ] `rm Gemfile.lock`
153
- - [ ] `bundle install`
154
- - [ ] `rake release`
155
- ```
156
-
157
- ### Downstream dependencies
158
-
159
- When releasing new versions, the following projects may need to be updated:
160
-
161
- * [metasploit-credential](https://github.com/rapid7/metasploit-credential)
162
- * [metasploit-framework](https://github.com/rapid7/metasploit-framework)
163
- * [metasploit-pro-ui](https://github.com/rapid7/pro/tree/master/ui)
164
- * [metasploit-pro-engine](https://github.com/rapid7/pro/tree/master/engine)
121
+ To update the [CHANGELOG.md](CHANGELOG.md) with the merged changes or release the merged code see
122
+ [RELEASING.md](RELEASING.md)
data/Gemfile CHANGED
@@ -4,9 +4,9 @@ source "https://rubygems.org"
4
4
  gemspec
5
5
 
6
6
  group :development do
7
- gem 'metasploit-erd', '1.0.0.pre.rails.pre.4.0'
7
+ gem 'metasploit-erd', '~> 1.0'
8
8
  # embed ERDs on index, namespace Module and Class<ActiveRecord::Base> pages
9
- gem 'yard-metasploit-erd', '1.0.0.pre.rails.pre.4.0'
9
+ gem 'yard-metasploit-erd', '~> 1.0'
10
10
  end
11
11
 
12
12
  # used by dummy application
@@ -18,7 +18,7 @@ group :development, :test do
18
18
  gem 'factory_girl', '>= 4.1.0'
19
19
  # auto-load factories from spec/factories
20
20
  gem 'factory_girl_rails'
21
-
21
+
22
22
  rails_version_constraint = [
23
23
  '>= 4.0.9',
24
24
  '< 4.1.0'
@@ -35,11 +35,9 @@ group :test do
35
35
  gem 'shoulda-matchers'
36
36
  # code coverage of tests
37
37
  gem 'simplecov', :require => false
38
- # @todo Update specs for rspec 3.0.0 compatibility and remove this gem in favor of just rspec-rails
39
- gem 'rspec-core', '< 3.0.0'
40
38
  # need rspec-rails >= 2.12.0 as 2.12.0 adds support for redefining named subject in nested context that uses the
41
39
  # named subject from the outer context without causing a stack overflow.
42
- gem 'rspec-rails', '>= 2.12.0'
40
+ gem 'rspec-rails', '~> 3.2'
43
41
  # used for building markup for webpage factories
44
42
  gem 'builder'
45
43
  end
data/RELEASING.md ADDED
@@ -0,0 +1,88 @@
1
+ # Releasing
2
+
3
+ These steps can be added to the Pull Request description's task list to remind the reviewer of how to release the
4
+ gem.
5
+
6
+ ```
7
+ # Release
8
+
9
+ Complete these steps on DESTINATION
10
+
11
+ ## [CHANGELOG.md](CHANGELOG.md)
12
+
13
+ ### Terminology
14
+
15
+ * "Enhancements" are widdening the API, such as by adding new classes or methods.
16
+ * "Bug Fixes" are fixes to the implementation that do not affect the public API. If the public API is affected then
17
+ the change should be listed as both a "Bug Fix" and either an "Enhancement" or "Incompatible Change" depending on how
18
+ the bug was fixed.
19
+ * "Deprecations" are changes to the implementation that cause deprecation warnings to be issued for APIs which will be
20
+ removed in a future major release. "Deprecations" are usually accompanied by an Enhancement that creates a new API
21
+ that is meant to be used in favor of the deprecated API.
22
+ * "Incompatbile Changes" are the removal of classes or methods or new required arguments or setup that shrink the API.
23
+ It is best practice to make a "Deprecation" for the API prior to its removal.
24
+
25
+ ### Task List
26
+
27
+ - [ ] Generate the list of changes since the last release: `git log v<LAST_MAJOR>.<LAST_MINOR>.<LAST_PATCH>..HEAD`
28
+ - [ ] For each commit in the release, find the corresponding PR by search for the commit on Github.
29
+ - [ ] For each PR, determine whether it is an Enhancement, Bug Fix, Deprecation, and/or Incompatible Change. A PR can
30
+ be in more than one category, in which case it should be listed in each category it belongs, but with a category
31
+ specific description of the change.
32
+ - [ ] Add an item to each category's list in the following format: `[#<PR>](https://github.com/rapid7/metasploit_data_models/pull/<PR>) <consumer summary> - [@<github_user>](https://github.com/<github_user>)`
33
+ `consumer_summary` should be a summary of the Enhancement, Bug Fix, Deprecation, or Incompatible Change from a
34
+ downstream consumer's of the library's perspective. `github_user` should be Github handle of the author of the
35
+ PR.
36
+ - [ ] If you added any Deprecations or Incompatible Changes, then adding upgrading information to
37
+ [UPGRADING.md](UPGRADING.md)
38
+
39
+ ## `VERSION`
40
+
41
+ The entries in the [CHANGELOG.md](CHANGELOG.md) can be used to help determine how the `VERSION` should be bumped.
42
+
43
+ ### Bug fixes
44
+
45
+ If the [CHANGELOG.md](CHANGELOG.md) contains only Bug Fixes for the Next Release, then increment
46
+ [`PATCH`](lib/metasploit_data_models/version.rb).
47
+
48
+ ### Compatible API changes
49
+
50
+ If the [CHANGELOG.md](CHANGELOG.md) contains any Enhancements or Deprecations, then increment
51
+ [`MINOR`](lib/metasploit_data_models/version.rb) and reset [`PATCH`](lib/metasploit_data_models/version.rb) to `0`.
52
+
53
+ ### Incompatible API changes
54
+
55
+ If the [CHANGELOG.md](CHANGELOG.md) contains any Incompatible Change, then increment [`MAJOR`](lib/metasploit_data_models/version.rb) and
56
+ reset [`MINOR`](lib/metasploit_data_models/version.rb and [`PATCH`](lib/metasploit_data_models/version.rb) to `0`.
57
+
58
+ ## Setup [CHANGELOG.md](CHANGELOG.md) for next release
59
+
60
+ - [ ] Change `Next Release` section name at the top of [CHANGELOG.md](CHANGELOG.md) to match the current `VERSION`.
61
+ - [ ] Add a new `Next Release` section above the `VERSION`'s section you just renamed:
62
+ <pre>
63
+ # Next Release
64
+
65
+ * Enhancements
66
+ * Bug Fixes
67
+ * Deprecations
68
+ * Incompatible Changes
69
+ </pre>
70
+
71
+ ## Release to rubygems.org
72
+
73
+ ## jruby
74
+ - [ ] `rvm use jruby@metasploit_data_models`
75
+ - [ ] `rm Gemfile.lock`
76
+ - [ ] `bundle install`
77
+ - [ ] `rake release`
78
+
79
+ ## ruby-2.1
80
+ - [ ] `rvm use ruby-2.1@metasploit_data_models`
81
+ - [ ] `rm Gemfile.lock`
82
+ - [ ] `bundle install`
83
+ - [ ] `rake release`
84
+ ```
85
+
86
+ ### Downstream dependencies
87
+
88
+ There are currently no known downstream dependencies
data/Rakefile CHANGED
@@ -42,6 +42,29 @@ else
42
42
  task :default => :spec
43
43
  end
44
44
 
45
+ # Use find_all_by_name instead of find_by_name as find_all_by_name will return pre-release versions
46
+ gem_specification = Gem::Specification.find_all_by_name('metasploit-yard').first
47
+
48
+ if gem_specification
49
+ Dir[File.join(gem_specification.gem_dir, 'lib', 'tasks', '**', '*.rake')].each do |rake|
50
+ load rake
51
+ end
52
+
53
+ #
54
+ # Eager load before yard docs so that ActiveRecord::Base subclasses are loaded for yard-metasploit-erd
55
+ #
56
+
57
+ task 'yard:doc' => :eager_load
58
+
59
+ task eager_load: :environment do
60
+ Rails.application.eager_load!
61
+ end
62
+ else
63
+ puts "metasploit-yard not in bundle, so can't setup yard tasks. " \
64
+ "To run yard ensure to install the development group."
65
+ print_without = true
66
+ end
67
+
45
68
  if print_without
46
69
  puts "Bundle currently installed '--without #{Bundler.settings.without.join(' ')}'."
47
70
  puts "To clear the without option do `bundle install --without ''` (the --without flag with an empty string) or " \
data/UPGRADING.md ADDED
@@ -0,0 +1 @@
1
+ No Deprecations or Incompatible Changes have been introduced at this time
@@ -1,14 +1,54 @@
1
+ # API key to access the RPC.
1
2
  class Mdm::ApiKey < ActiveRecord::Base
2
3
 
3
4
  #
4
- # Validators
5
+ # Attributes
6
+ #
7
+
8
+ # @!attribute [rw] created_at
9
+ # When this API Key was created.
10
+ #
11
+ # @return [DateTime]
12
+
13
+ # @!attribute [rw] token
14
+ # The API Key to authenicate to the RPC.
15
+ #
16
+ # @return [String]
17
+
18
+ # @!attribute [rw] updated_at
19
+ # The last time this API Key was updated.
20
+ #
21
+ # @return [DateTime]
22
+
23
+ #
24
+ #
25
+ # Validations
26
+ #
27
+ #
28
+
29
+ #
30
+ # Method Validations
5
31
  #
6
32
 
7
33
  validate :supports_api
34
+
35
+ #
36
+ # Attribute Validations
37
+ #
38
+
8
39
  validates :token, :presence => true, :length => { :minimum => 8 }
9
40
 
41
+ #
42
+ # Instance Methods
43
+ #
44
+
10
45
  protected
11
46
 
47
+
48
+ # Validates whether License supports API.
49
+ #
50
+ # @return [void]
51
+ # @todo MSP-2724
12
52
  def supports_api
13
53
  license = License.get
14
54
 
@@ -1,10 +1,50 @@
1
+ # Client used for `report_client` in metasploit-framework Metasploit Modules.
1
2
  class Mdm::Client < ActiveRecord::Base
2
3
  #
3
4
  # Associations
4
5
  #
6
+
7
+ # {Mdm::Host} from which this client connected.
5
8
  belongs_to :host,
6
9
  class_name: 'Mdm::Host',
7
10
  inverse_of: :clients
8
-
11
+
12
+ #
13
+ # Attributes
14
+ #
15
+
16
+ # @!attribute created_at
17
+ # When this client was created.
18
+ #
19
+ # @return [DateTime]
20
+
21
+ # @!attribute updated_at
22
+ # When this client was last updated.
23
+ #
24
+ # @return [DateTime]
25
+
26
+ #
27
+ # @!group User Agent
28
+ #
29
+
30
+ # @!attribute ua_name
31
+ # Parsed name from {#ua_string user agent string}
32
+ #
33
+ # @return [String]
34
+
35
+ # @!attribute ua_string
36
+ # Raw user agent string from client browser
37
+ #
38
+ # @return [String]
39
+
40
+ # @!attribute ua_ver
41
+ # Version of user agent.
42
+ #
43
+ # @return [String]
44
+
45
+ #
46
+ # @!endgroup
47
+ #
48
+
9
49
  Metasploit::Concern.run(self)
10
50
  end
@@ -1,46 +1,111 @@
1
+ # @deprecated Use metasploit-credential's `Metasploit::Credential::Core`.
2
+ #
3
+ # A credential captured from a {#service}.
1
4
  class Mdm::Cred < ActiveRecord::Base
2
5
  #
3
- # Associations
6
+ # CONSTANTS
4
7
  #
5
8
 
6
- # @!attribute [rw] servce
7
- # The service this cred is for
9
+ # Checks if {#proof} is an SSH Key in {#ssh_key_id}.
10
+ KEY_ID_REGEX = /([0-9a-fA-F:]{47})/
11
+
12
+ # Maps {#ptype_human} to {#ptype}.
13
+ PTYPES = {
14
+ 'read/write password' => 'password_rw',
15
+ 'read-only password' => 'password_ro',
16
+ 'SMB hash' => 'smb_hash',
17
+ 'SSH private key' => 'ssh_key',
18
+ 'SSH public key' => 'ssh_pubkey'
19
+ }
20
+
21
+ #
22
+ #
23
+ # Associations
24
+ #
8
25
  #
9
- # @return [Mdm::Service]
26
+
27
+ # The {Mdm::Service} this Cred is for.
10
28
  belongs_to :service,
11
29
  class_name: 'Mdm::Service',
12
30
  inverse_of: :creds
13
31
 
14
- # @!attribute [rw] task_creds
15
- # Details about what Tasks touched this cred
16
- #
17
- # @return [Array<Mdm::TaskCred>]
32
+ # Joins {#tasks} to this Cred.
18
33
  has_many :task_creds,
19
34
  class_name: 'Mdm::TaskCred',
20
35
  dependent: :destroy,
21
36
  inverse_of: :cred
22
37
 
23
- # @!attribute [rw] tasks
24
- # Tasks that touched this service
25
38
  #
26
- # @return [Array<Mdm::Task>]
39
+ # through: :task_creds
40
+ #
41
+
42
+ # Tasks that touched this service
27
43
  has_many :tasks, :through => :task_creds
28
-
44
+
29
45
  #
30
- # CONSTANTS
46
+ # Attributes
47
+ #
48
+
49
+ # @!attribute active
50
+ # Whether the credential is active.
51
+ #
52
+ # @return [false] if a captured credential cannot be used to log into {#service}.
53
+ # @return [true] otherwise
54
+
55
+ # @!attribute created_at
56
+ # When this credential was created.
57
+ #
58
+ # @return [DateTime]
59
+
60
+ # @!attribute pass
61
+ # Pass of credential.
62
+ #
63
+ # @return [String, nil]
64
+
65
+ # @!attribute proof
66
+ # Proof of credential capture.
67
+ #
68
+ # @return [String]
69
+
70
+ # @!attribute ptype
71
+ # Type of {#pass}.
72
+ #
73
+ # @return [String]
74
+
75
+ # @!attribute source_id
76
+ # Id of source of this credential.
77
+ #
78
+ # @return [Integer, nil]
79
+
80
+ # @!attribute source_type
81
+ # Type of source with {#source_id}.
82
+ #
83
+ # @return [String, nil]
84
+
85
+ # @!attribute updated_at
86
+ # The last time this credential was updated.
87
+ #
88
+ # @return [DateTime]
89
+
90
+ # @!attribute user
91
+ # User name of credential.
92
+ #
93
+ # @return [String, nil]
94
+
95
+ #
96
+ # Callbacks
31
97
  #
32
- KEY_ID_REGEX = /([0-9a-fA-F:]{47})/
33
- PTYPES = {
34
- 'read/write password' => 'password_rw',
35
- 'read-only password' => 'password_ro',
36
- 'SMB hash' => 'smb_hash',
37
- 'SSH private key' => 'ssh_key',
38
- 'SSH public key' => 'ssh_pubkey'
39
- }
40
98
 
41
99
  after_create :increment_host_counter_cache
42
100
  after_destroy :decrement_host_counter_cache
43
101
 
102
+ #
103
+ # Instance methods
104
+ #
105
+
106
+ # Humanized {#ptype}.
107
+ #
108
+ # @return [String, nil]
44
109
  def ptype_human
45
110
  humanized = PTYPES.select do |k, v|
46
111
  v == ptype
@@ -49,13 +114,24 @@ class Mdm::Cred < ActiveRecord::Base
49
114
  humanized ? humanized : ptype
50
115
  end
51
116
 
52
- # Returns its key id. If this is not an ssh-type key, returns nil.
117
+ # Returns SSH Key ID.
118
+ #
119
+ # @return [String] SSH Key Id if ssh-type key and {#proof} matches {KEY_ID_REGEX}.
120
+ # @return [nil] otherwise
53
121
  def ssh_key_id
54
122
  return nil unless self.ptype =~ /^ssh_/
55
123
  return nil unless self.proof =~ KEY_ID_REGEX
56
124
  $1.downcase # Can't run into NilClass problems.
57
125
  end
58
126
 
127
+ # Returns whether `other`'s SSH private key or public key matches.
128
+ #
129
+ # @return [false] if `other` is not same class as `self`.
130
+ # @return [false] if {#ptype} does not match.
131
+ # @return [false] if {#ptype} is neither `"ssh_key"` nor `"ssh_pubkey"`.
132
+ # @return [false] if {#ssh_key_id} is `nil`.
133
+ # @return [false] if {#ssh_key_id} does not match.
134
+ # @return [true] if {#ssh_key_id} matches.
59
135
  def ssh_key_matches?(other_cred)
60
136
  return false unless other_cred.kind_of? self.class
61
137
  return false unless self.ptype == other_cred.ptype
@@ -70,14 +146,16 @@ class Mdm::Cred < ActiveRecord::Base
70
146
  matches.include?(self) and matches.include?(other_cred)
71
147
  end
72
148
 
73
- # Returns all keys with matching key ids, including itself
74
- # If this is not an ssh-type key, always returns an empty array.
149
+ # Returns all keys with matching key ids, including itself.
150
+ #
151
+ # @return [ActiveRecord::Relation<Mdm::Cred>] ssh_key and ssh_pubkey creds with matching {#ssh_key_id}.
75
152
  def ssh_keys
76
153
  (self.ssh_private_keys | self.ssh_public_keys)
77
154
  end
78
155
 
79
- # Returns all private keys with matching key ids, including itself
80
- # If this is not an ssh-type key, always returns an empty array.
156
+ # Returns all private keys with matching {#ssh_key_id}, including itself.
157
+ #
158
+ # @return [ActiveRecord::Relation<Mdm::Cred>] ssh_key creds with matching {#ssh_key_id}.
81
159
  def ssh_private_keys
82
160
  return [] unless self.ssh_key_id
83
161
  matches = self.class.all(
@@ -86,8 +164,9 @@ class Mdm::Cred < ActiveRecord::Base
86
164
  matches.select {|c| c.workspace == self.workspace}
87
165
  end
88
166
 
89
- # Returns all public keys with matching key ids, including itself
90
- # If this is not an ssh-type key, always returns an empty array.
167
+ # Returns all public keys with matching {#ssh_key_id}, including itself.
168
+ #
169
+ # @return [ActiveRecord::Relation<Mdm::Cred>] ssh_pubkey creds with matching {#ssh_key_id}.
91
170
  def ssh_public_keys
92
171
  return [] unless self.ssh_key_id
93
172
  matches = self.class.all(
@@ -97,20 +176,29 @@ class Mdm::Cred < ActiveRecord::Base
97
176
  end
98
177
 
99
178
  # Returns its workspace
179
+ #
180
+ # @return [Mdm::Workspace]
100
181
  def workspace
101
182
  self.service.host.workspace
102
183
  end
103
184
 
104
185
  private
105
186
 
187
+ # Decrements {Mdm::Host#cred_count}.
188
+ #
189
+ # @return [void]
106
190
  def decrement_host_counter_cache
107
191
  Mdm::Host.decrement_counter("cred_count", self.service.host_id)
108
192
  end
109
193
 
194
+ # Increments {Mdm::Host#cred_count}.
195
+ #
196
+ # @return [void]
110
197
  def increment_host_counter_cache
111
198
  Mdm::Host.increment_counter("cred_count", self.service.host_id)
112
199
  end
113
200
 
201
+ # Switch back to public for load hooks.
114
202
  public
115
203
 
116
204
  Metasploit::Concern.run(self)