metasploit_data_models 3.0.8 → 4.0.2

data/db/migrate/20150326183742_add_missing_ae_indices.rb

@@ -1,4 +1,4 @@
-class AddMissingAeIndices < ActiveRecord::Migration
+class AddMissingAeIndices < ActiveRecord::Migration[4.2]
   def up
     add_index :automatic_exploitation_match_results, :match_id
     add_index :automatic_exploitation_match_results, :run_id

data/db/migrate/20150421211719_rename_automatic_exploitation_index.rb

@@ -1,13 +1,13 @@
-class RenameAutomaticExploitationIndex < ActiveRecord::Migration
+class RenameAutomaticExploitationIndex < ActiveRecord::Migration[4.2]
   def up
-    if index_name_exists? :automatic_exploitation_matches, :index_automatic_exploitation_matches_on_ref_id, false
+    if index_name_exists? :automatic_exploitation_matches, :index_automatic_exploitation_matches_on_ref_id
       rename_index :automatic_exploitation_matches,
       :index_automatic_exploitation_matches_on_ref_id,
       :index_automatic_exploitation_matches_on_module_detail_id
     end
   end
   def down
-    if index_name_exists? :automatic_exploitation_matches, :index_automatic_exploitation_matches_on_module_detail_id, false
+    if index_name_exists? :automatic_exploitation_matches, :index_automatic_exploitation_matches_on_module_detail_id
       rename_index :automatic_exploitation_matches,
       :index_automatic_exploitation_matches_on_module_detail_id,
       :index_automatic_exploitation_matches_on_ref_id

data/db/migrate/20150514182921_add_origin_to_mdm_vuln.rb

@@ -1,4 +1,4 @@
-class AddOriginToMdmVuln < ActiveRecord::Migration
+class AddOriginToMdmVuln < ActiveRecord::Migration[4.2]
   def up
     add_column :vulns, :origin_id,   :integer
     add_column :vulns, :origin_type, :string

data/db/migrate/20160415153312_remove_not_null_from_web_vuln_p_arams.rb

@@ -1,4 +1,4 @@
-class RemoveNotNullFromWebVulnPArams < ActiveRecord::Migration
+class RemoveNotNullFromWebVulnPArams < ActiveRecord::Migration[4.2]
   def change
     change_column_null(:web_vulns, :params, true)
   end

data/db/migrate/20161004165612_add_fingerprinted_to_workspace.rb

@@ -1,4 +1,4 @@
-class AddFingerprintedToWorkspace < ActiveRecord::Migration
+class AddFingerprintedToWorkspace < ActiveRecord::Migration[4.2]
   def change
     add_column :workspaces, :import_fingerprint, :boolean, default: false
   end

data/db/migrate/20161227212223_add_os_family_to_hosts.rb

@@ -1,4 +1,4 @@
-class AddOsFamilyToHosts < ActiveRecord::Migration
+class AddOsFamilyToHosts < ActiveRecord::Migration[4.2]
   def change
     add_column :hosts, :os_family, :string
   end

data/db/migrate/20180904120211_create_payloads.rb

@@ -1,4 +1,4 @@
-class CreatePayloads < ActiveRecord::Migration
+class CreatePayloads < ActiveRecord::Migration[4.2]
   def change
     create_table :payloads do |t|
       t.string :name

data/db/migrate/20190308134512_create_async_callbacks.rb

@@ -0,0 +1,14 @@
+class CreateAsyncCallbacks < ActiveRecord::Migration[4.2]
+  def change
+    create_table :async_callbacks do |t|
+      t.string :uuid, :null => false
+      t.integer :timestamp, :null => false
+      t.string :listener_uri
+      t.string :target_host
+      t.string :target_port
+
+      t.timestamps null: false
+      t.uuid null: false
+    end
+  end
+end

data/db/migrate/20190507120211_remove_payload_workspaces.rb

@@ -0,0 +1,5 @@
+class RemovePayloadWorkspaces < ActiveRecord::Migration[4.2]
+  def change
+    remove_column :payloads, :workspace_id, :references
+  end
+end

data/lib/mdm.rb

@@ -3,6 +3,7 @@ module Mdm
   extend ActiveSupport::Autoload
 
   autoload :ApiKey
+  autoload :AsyncCallback
   autoload :Client
   autoload :Cred
   autoload :Event

data/lib/metasploit_data_models.rb

@@ -18,7 +18,6 @@ require 'active_support/all'
 require 'metasploit/concern'
 require 'metasploit/model'
 require 'arel-helpers'
-require 'postgres_ext'
 
 #
 # Project

data/lib/metasploit_data_models/automatic_exploitation.rb

@@ -16,7 +16,7 @@ module MetasploitDataModels::AutomaticExploitation
   # Module Methods
   #
 
-  # The prefix of the `ActiveRecord::Base#table_name` of subclasses in this namespace.
+  # The prefix of the `ApplicationRecord#table_name` of subclasses in this namespace.
   #
   # @return [String]
   def self.table_name_prefix

data/lib/metasploit_data_models/base64_serializer.rb

@@ -1,5 +1,5 @@
 # Provides ActiveRecord 3.1x-friendly serialization for descendants of
-# ActiveRecord::Base. Backwards compatible with older YAML methods and
+# ApplicationRecord. Backwards compatible with older YAML methods and
 # will fall back to string decoding in the worst case
 #
 # @example Using default default of {}

data/lib/metasploit_data_models/change_required_columns_to_null_false.rb

@@ -2,7 +2,7 @@
 # `:null => true`, to `:null => false`.
 #
 #  @abstract Subclass and define COLUMNS as Array<Symbol> and TABLE_NAME as Symbol.
-class MetasploitDataModels::ChangeRequiredColumnsToNullFalse < ActiveRecord::Migration
+class MetasploitDataModels::ChangeRequiredColumnsToNullFalse < ActiveRecord::Migration[4.2]
   # Marks all the COLUMNS as `:null => true`
   def down
     # Use self.class:: so constants are resolved in subclasses instead of this class.
@@ -18,4 +18,4 @@ class MetasploitDataModels::ChangeRequiredColumnsToNullFalse < ActiveRecord::Mig
       change_column_null(self.class::TABLE_NAME, column, false)
     end
   end
-end
+end

data/lib/metasploit_data_models/engine.rb

@@ -1,6 +1,6 @@
 require 'rails'
 
-# `Rails::Engine` that exposes MetasploitDataModel's `ActiveRecord::Base` subclasses and automatically loads its
+# `Rails::Engine` that exposes MetasploitDataModel's `ApplicationRecord` subclasses and automatically loads its
 # `FactoryBot` factories, sequences, and traits.
 class MetasploitDataModels::Engine < Rails::Engine
   # @see http://viget.com/extend/rails-engine-testing-with-rspec-capybara-and-factorygirl

data/lib/metasploit_data_models/version.rb

@@ -1,6 +1,6 @@
 module MetasploitDataModels
   # VERSION is managed by GemRelease
-  VERSION = '3.0.8'
+  VERSION = '4.0.2'
 
   # @return [String]
   #

data/metasploit_data_models.gemspec

@@ -23,7 +23,6 @@ Gem::Specification.new do |s|
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = %w{app/models app/validators lib}
 
   s.required_ruby_version = '>= 2.1'
@@ -32,7 +31,7 @@ Gem::Specification.new do |s|
   # documentation
   s.add_development_dependency 'metasploit-yard'
   s.add_development_dependency 'yard-activerecord'
-  # embed ERDs on index, namespace Module and Class<ActiveRecord::Base> pages
+  # embed ERDs on index, namespace Module and Class<ApplicationRecord> pages
   s.add_development_dependency 'yard-metasploit-erd'
 
   s.add_development_dependency 'rake'
@@ -44,11 +43,11 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'pry'
 
 
-  s.add_runtime_dependency 'activerecord', '~>4.2.6'
-  s.add_runtime_dependency 'activesupport', '~>4.2.6'
+  s.add_runtime_dependency 'activerecord', '~>5.2.2'
+  s.add_runtime_dependency 'activesupport', '~>5.2.2'
   s.add_runtime_dependency 'metasploit-concern'
   s.add_runtime_dependency 'metasploit-model'
-  s.add_runtime_dependency 'railties', '~>4.2.6'
+  s.add_runtime_dependency 'railties', '~>5.2.2'
 
   # os fingerprinting
   s.add_runtime_dependency 'recog', '~> 2.0'
@@ -56,9 +55,6 @@ Gem::Specification.new do |s|
   # arel-helpers: Useful tools to help construct database queries with ActiveRecord and Arel.
   s.add_runtime_dependency 'arel-helpers'
 
-  # Fixes a problem with arel not being able to visit IPAddr nodes
-  s.add_runtime_dependency 'postgres_ext'
-
   if RUBY_PLATFORM =~ /java/
     # markdown formatting for yard
     s.add_development_dependency 'kramdown'

data/spec/app/models/mdm/exploit_attempt_spec.rb

@@ -45,14 +45,14 @@ RSpec.describe Mdm::ExploitAttempt, type: :model do
       orphaned_attempt = FactoryBot.build(:mdm_exploit_attempt, :host => nil)
       expect(orphaned_attempt).not_to be_valid
       expect(orphaned_attempt.errors[:host_id]).to include("can't be blank")
-      propper_attempt = FactoryBot.build(:mdm_exploit_attempt)
+      propper_attempt = FactoryBot.create(:mdm_exploit_attempt)
       expect(propper_attempt).to be_valid
     end
   end
 
   context 'factory' do
     it 'should be valid' do
-      exploit_attempt = FactoryBot.build(:mdm_exploit_attempt)
+      exploit_attempt = FactoryBot.create(:mdm_exploit_attempt)
       expect(exploit_attempt).to be_valid
     end
   end

data/spec/app/models/mdm/host_detail_spec.rb

@@ -28,7 +28,7 @@ RSpec.describe Mdm::HostDetail, type: :model do
 
   context 'factory' do
     it 'should be valid' do
-      host_detail = FactoryBot.build(:mdm_host_detail)
+      host_detail = FactoryBot.create(:mdm_host_detail)
       expect(host_detail).to be_valid
     end
   end

data/spec/app/models/mdm/host_spec.rb

@@ -471,33 +471,33 @@ RSpec.describe Mdm::Host, type: :model do
 
   context 'os normalization' do
     context '#get_arch_from_string' do
-      context "should return 'x64'" do
+      context "should return 'x86_64'" do
         it "when the string contains 'x64'" do
-          expect(host.send(:get_arch_from_string, 'blahx64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahx64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'X64'" do
-          expect(host.send(:get_arch_from_string, 'blahX64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahX64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'x86_64'" do
-          expect(host.send(:get_arch_from_string, 'blahx86_64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahx86_64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'X86_64'" do
-          expect(host.send(:get_arch_from_string, 'blahX86_64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahX86_64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'amd64'" do
-          expect(host.send(:get_arch_from_string, 'blahamd64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahamd64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'AMD64'" do
-          expect(host.send(:get_arch_from_string, 'blahAMD64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahAMD64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'aMd64'" do
-          expect(host.send(:get_arch_from_string, 'blahamd64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahamd64blah')).to eq('x86_64')
         end
       end
 
@@ -531,21 +531,21 @@ RSpec.describe Mdm::Host, type: :model do
         end
       end
 
-      context "should return 'ppc'" do
+      context "should return 'PowerPC'" do
         it "when the string contains 'PowerPC'" do
-          expect(host.send(:get_arch_from_string, 'blahPowerPCblah')).to eq('ppc')
+          expect(host.send(:get_arch_from_string, 'blahPowerPCblah')).to eq('PowerPC')
         end
 
         it "when the string contains 'PPC'" do
-          expect(host.send(:get_arch_from_string, 'blahPPCblah')).to eq('ppc')
+          expect(host.send(:get_arch_from_string, 'blahPPCblah')).to eq('PowerPC')
         end
 
         it "when the string contains 'POWER'" do
-          expect(host.send(:get_arch_from_string, 'blahPOWERblah')).to eq('ppc')
+          expect(host.send(:get_arch_from_string, 'blahPOWERblah')).to eq('PowerPC')
         end
 
         it "when the string contains 'ppc'" do
-          expect(host.send(:get_arch_from_string, 'blahppcblah')).to eq('ppc')
+          expect(host.send(:get_arch_from_string, 'blahppcblah')).to eq('PowerPC')
         end
       end
 
@@ -560,22 +560,22 @@ RSpec.describe Mdm::Host, type: :model do
         end
       end
 
-      it "should return 'sparc' if the string contains SPARC, regardless of case" do
-        expect(host.send(:get_arch_from_string, 'blahSPARCblah')).to eq('sparc')
-        expect(host.send(:get_arch_from_string, 'blahSPaRCblah')).to eq('sparc')
-        expect(host.send(:get_arch_from_string, 'blahsparcblah')).to eq('sparc')
+      it "should return 'Sparc' if the string contains SPARC, regardless of case" do
+        expect(host.send(:get_arch_from_string, 'blahSPARCblah')).to eq('Sparc')
+        expect(host.send(:get_arch_from_string, 'blahSPaRCblah')).to eq('Sparc')
+        expect(host.send(:get_arch_from_string, 'blahsparcblah')).to eq('Sparc')
       end
 
-      it "should return 'arm' if the string contains 'ARM', regardless of case" do
-        expect(host.send(:get_arch_from_string, 'blahARMblah')).to eq('arm')
-        expect(host.send(:get_arch_from_string, 'blahArMblah')).to eq('arm')
-        expect(host.send(:get_arch_from_string, 'blaharmblah')).to eq('arm')
+      it "should return 'ARM' if the string contains 'ARM', regardless of case" do
+        expect(host.send(:get_arch_from_string, 'blahARMblah')).to eq('ARM')
+        expect(host.send(:get_arch_from_string, 'blahArMblah')).to eq('ARM')
+        expect(host.send(:get_arch_from_string, 'blaharmblah')).to eq('ARM')
       end
 
-      it "should return 'mips' if the string contains 'MIPS', regardless of case" do
-        expect(host.send(:get_arch_from_string, 'blahMIPSblah')).to eq('mips')
-        expect(host.send(:get_arch_from_string, 'blahMiPslah')).to eq('mips')
-        expect(host.send(:get_arch_from_string, 'blahmipsblah')).to eq('mips')
+      it "should return 'MIPS' if the string contains 'MIPS', regardless of case" do
+        expect(host.send(:get_arch_from_string, 'blahMIPSblah')).to eq('MIPS')
+        expect(host.send(:get_arch_from_string, 'blahMiPslah')).to eq('MIPS')
+        expect(host.send(:get_arch_from_string, 'blahmipsblah')).to eq('MIPS')
       end
     end
 
@@ -588,7 +588,7 @@ RSpec.describe Mdm::Host, type: :model do
       context 'arch' do
         it 'should return a value for arch if there is one' do
           result = host.send(:parse_windows_os_str, 'Windows x64')
-          expect(result['os.arch']).to eq('x64')
+          expect(result['os.arch']).to eq('x86_64')
         end
 
         it "should not have an arch key if we don't know the arch" do
@@ -1093,7 +1093,7 @@ RSpec.describe Mdm::Host, type: :model do
           fingerprint = FactoryBot.build(:mdm_retina_fingerprint, :host => host)
           result = host.send(:normalize_scanner_fp, fingerprint).first
           expect(result['os.product']).to eq( 'Windows Server 2003')
-          expect(result['os.arch']).to eq('x64')
+          expect(result['os.arch']).to eq('x86_64')
           expect(result['os.version']).to eq('SP2')
           expect(result['os.certainty'].to_f).to eq(0.8)
         end

data/spec/app/models/mdm/module/detail_spec.rb

@@ -328,10 +328,10 @@ RSpec.describe Mdm::Module::Detail, type: :model do
 
     context '#module_arch' do
       it 'finds all modules with a stance matching "java"' do
-        expect(Mdm::Module::Detail.module_arch(['%java%']).uniq).to contain_exactly(@cve_2012_0507)
+        expect(Mdm::Module::Detail.module_arch(['%java%']).distinct).to contain_exactly(@cve_2012_0507)
       end
       it 'finds all modules with a stance matching "pass"' do
-        expect(Mdm::Module::Detail.module_arch(['%java%', '%php%']).uniq).to contain_exactly(@cve_2012_0507, @cve_2010_0425)
+        expect(Mdm::Module::Detail.module_arch(['%java%', '%php%']).distinct).to contain_exactly(@cve_2012_0507, @cve_2010_0425)
       end
     end
 
@@ -364,68 +364,68 @@ RSpec.describe Mdm::Module::Detail, type: :model do
 
     context '#module_os_or_platform' do
       it 'finds all modules with a platform matching "linux"' do
-        expect(Mdm::Module::Detail.module_os_or_platform(['%linux%']).uniq).to contain_exactly(@cve_2012_0507)
+        expect(Mdm::Module::Detail.module_os_or_platform(['%linux%']).distinct).to contain_exactly(@cve_2012_0507)
       end
 
       it 'finds all modules with a platform matching "windows"' do
-        expect(Mdm::Module::Detail.module_os_or_platform(['%windows%']).uniq).to contain_exactly(
+        expect(Mdm::Module::Detail.module_os_or_platform(['%windows%']).distinct).to contain_exactly(
           @ms12_020,@ms08_067,@ms06_040,@cve_2012_0507)
       end
     end
 
     context 'module_ref' do
       it 'finds all modules with a reff matching "CVE-2012"' do
-        expect(Mdm::Module::Detail.module_ref(['%CVE-2012%']).uniq).to contain_exactly(
+        expect(Mdm::Module::Detail.module_ref(['%CVE-2012%']).distinct).to contain_exactly(
           @ms12_020,@cve_2012_0507)
       end
       it 'finds all modules with a reff matching "EDB"' do
-        expect(Mdm::Module::Detail.module_ref(['%EDB%']).uniq).to contain_exactly(@ms12_020)
+        expect(Mdm::Module::Detail.module_ref(['%EDB%']).distinct).to contain_exactly(@ms12_020)
       end
     end
 
     context '#module_stance' do
       it 'finds all modules with a stance matching "agg"' do
-        expect(Mdm::Module::Detail.module_stance(['%agg%']).uniq).to contain_exactly(
+        expect(Mdm::Module::Detail.module_stance(['%agg%']).distinct).to contain_exactly(
           @ms12_020,@ms08_067,@ms06_040,@cve_2010_0425)
       end
       it 'finds all modules with a stance matching "pass"' do
-        expect(Mdm::Module::Detail.module_stance(['%pass%']).uniq).to contain_exactly(@cve_2012_0507)
+        expect(Mdm::Module::Detail.module_stance(['%pass%']).distinct).to contain_exactly(@cve_2012_0507)
       end
     end
 
     context '#module_text' do
       it 'finds all modules with a description matching "ConnectMCSPDU"' do
-        expect(Mdm::Module::Detail.module_text(['%ConnectMCSPDU%']).uniq).to contain_exactly(@ms12_020)
+        expect(Mdm::Module::Detail.module_text(['%ConnectMCSPDU%']).distinct).to contain_exactly(@ms12_020)
       end
       it 'finds all modules with a fullname matching "smb/ms0"' do
-        expect(Mdm::Module::Detail.module_text(['%smb/ms0%']).uniq).to contain_exactly(@ms08_067,@ms06_040)
+        expect(Mdm::Module::Detail.module_text(['%smb/ms0%']).distinct).to contain_exactly(@ms08_067,@ms06_040)
       end
       it 'finds all modules with a name matching "Microsoft Server Service"' do
-        expect(Mdm::Module::Detail.module_text(['%Microsoft Server Service%']).uniq).to contain_exactly(@ms08_067,@ms06_040)
+        expect(Mdm::Module::Detail.module_text(['%Microsoft Server Service%']).distinct).to contain_exactly(@ms08_067,@ms06_040)
       end
       it 'finds all modules with a arch matching "php"' do
-        expect(Mdm::Module::Detail.module_text(['%php%']).uniq).to contain_exactly(@cve_2010_0425)
+        expect(Mdm::Module::Detail.module_text(['%php%']).distinct).to contain_exactly(@cve_2010_0425)
       end
       it 'finds all modules with a author matching "jduck"' do
-        expect(Mdm::Module::Detail.module_text(['%jduck%']).uniq).to contain_exactly(@ms12_020,@ms08_067)
+        expect(Mdm::Module::Detail.module_text(['%jduck%']).distinct).to contain_exactly(@ms12_020,@ms08_067)
       end
       it 'finds all modules with a platform matching "linux"' do
-        expect(Mdm::Module::Detail.module_text(['%linux%']).uniq).to contain_exactly(@cve_2012_0507)
+        expect(Mdm::Module::Detail.module_text(['%linux%']).distinct).to contain_exactly(@cve_2012_0507)
       end
       it 'finds all modules with a ref matching "MSB-MS"' do
-        expect(Mdm::Module::Detail.module_text(['%MSB-MS%']).uniq).to contain_exactly(@ms12_020,@ms08_067,@ms06_040)
+        expect(Mdm::Module::Detail.module_text(['%MSB-MS%']).distinct).to contain_exactly(@ms12_020,@ms08_067,@ms06_040)
       end
       it 'finds all modules with a target matching "Auto"' do
-        expect(Mdm::Module::Detail.module_text(['%Auto%']).uniq).to contain_exactly(@ms08_067,@ms06_040,@cve_2010_0425)
+        expect(Mdm::Module::Detail.module_text(['%Auto%']).distinct).to contain_exactly(@ms08_067,@ms06_040,@cve_2010_0425)
       end
     end
 
     context 'module_type' do
       it 'finds all modules with a mtype matching "aux"' do
-        expect(Mdm::Module::Detail.module_type(['%aux%']).uniq).to contain_exactly(@ms12_020)
+        expect(Mdm::Module::Detail.module_type(['%aux%']).distinct).to contain_exactly(@ms12_020)
       end
       it 'finds all modules with a mtype matching "exp"' do
-        expect(Mdm::Module::Detail.module_type(['%exp%']).uniq).to contain_exactly(
+        expect(Mdm::Module::Detail.module_type(['%exp%']).distinct).to contain_exactly(
           @ms08_067,@ms06_040,@cve_2012_0507,@cve_2010_0425)
       end
     end

data/spec/app/models/mdm/service_spec.rb

@@ -82,6 +82,7 @@ RSpec.describe Mdm::Service, type: :model do
 
       it 'should include recog data when there is a match' do
         host = FactoryBot.create(:mdm_host)
+        host.name = 'example.com'
         FactoryBot.create(
           :mdm_service,
           :host => host,

data/spec/app/models/mdm/vuln_attempt_spec.rb

@@ -33,7 +33,7 @@ RSpec.describe Mdm::VulnAttempt, type: :model do
 
   context 'factory' do
     it 'should be valid' do
-      vuln_attempt = FactoryBot.build(:mdm_vuln_attempt)
+      vuln_attempt = FactoryBot.create(:mdm_vuln_attempt)
       expect(vuln_attempt).to be_valid
     end
   end