metasploit_data_models 4.0.1 → 4.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b39228ee81c302b3a79adb5b6b7fd283609315ba4e6ba3ce54fc118975d6169
-  data.tar.gz: 43d50e8c9c3dd6adcb4944539f45c7cae200b2d6341b4ab37ebbe1aff19583f6
+  metadata.gz: 7555384d31f970a18a9bbb5690a7222a786cdb966756007c3a1cfdc5075d4d36
+  data.tar.gz: deb67f833fd87103497c280059aee0636a247086e80d2b242709b78635943d76
 SHA512:
-  metadata.gz: 91e81439cde4eecd56be639a8349554ec16b950f3affd58a13024ec39a55756c49f8e36683f2fea36409cb8bf27eedd44f45b67d9788c2b7dde3455292c53435
-  data.tar.gz: 9b6e4a077c247d81d1fa24d63e4beb212a91b711ee762e52241b673b77045b08cf0b5e77249df08e73f33ca405e9e3838809ffde2734c53f6bac6a33d0f55887
+  metadata.gz: 1b35cf1660e18548a48ce3692a7536077544359a4cfb9d154c89b0a211f7ae2727ffa06501399eebfb1963531ce6a2f849ad1493918a893c0af454cce6b7598c
+  data.tar.gz: f43f98fce153d3774967efe636f7e53fd743f550ab37ee3856bb8f36e269c188ccd44823ae724e4f31c412833cba92809a9adc122106b1f94612ba0c0c318bc9

data/.github/workflows/verify.yml

@@ -0,0 +1,75 @@
+name: Verify
+
+on:
+  push:
+    branches:
+      - '*'
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  test:
+    runs-on: ubuntu-16.04
+    timeout-minutes: 40
+
+    services:
+      postgres:
+        image: postgres:9.6
+        ports: ["5432:5432"]
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    strategy:
+      fail-fast: true
+      matrix:
+        ruby:
+          - 2.7
+
+    env:
+      RAILS_ENV: test
+
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+      - name: Install system dependencies
+        run: sudo apt-get install libpcap-dev graphviz
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - uses: actions/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+
+      - name: Setup bundler
+        run: |
+          gem install bundler
+
+      - uses: actions/cache@v2
+        with:
+          path: vendor/bundle
+          key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-gems-
+
+      - name: Bundle install
+        run: |
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
+
+      - name: Test
+        run: |
+          cp spec/dummy/config/database.yml.github_actions spec/dummy/config/database.yml
+          bundle exec rake --version
+          bundle exec rake db:create db:migrate
+
+          # Disabling this check because it is proving unreliable
+          # git diff --exit-code spec/dummy/db/structure.sql
+          bundle exec rake spec
+          bundle exec rake yard

data/app/models/mdm/nexpose_console.rb

@@ -1,6 +1,5 @@
 # A connection to Nexpose from Metasploit.
 class Mdm::NexposeConsole < ApplicationRecord
-  
   #
   # Associations
   #
@@ -80,7 +79,7 @@ class Mdm::NexposeConsole < ApplicationRecord
   # Callbacks
   #
 
-  before_save :strip_protocol
+  before_validation :strip_protocol
 
   #
   # Serializations
@@ -96,10 +95,14 @@ class Mdm::NexposeConsole < ApplicationRecord
   # Validations
   #
 
-  validates :address, :presence => true
+  validates :address, :presence => true, :address_format => true
+
   validates :name, :presence => true
+
   validates :password, :presence => true
+
   validates :port, :numericality => { :only_integer => true }, :inclusion => {:in => 1..65535}
+
   validates :username, :presence => true
 
   #
@@ -110,7 +113,7 @@ class Mdm::NexposeConsole < ApplicationRecord
   #
   # @return [void]
   def strip_protocol
-    self.address.gsub!(/^http(s)*:\/\//i,'')
+    self.address.gsub!(/^http(s)*:\/\//i,'') unless self.address.nil?  
   end
 
   Metasploit::Concern.run(self)

data/app/models/mdm/note.rb

@@ -113,7 +113,7 @@ class Mdm::Note < ApplicationRecord
   #
   # @return [void]
   def normalize
-    if data_changed? and ntype =~ /fingerprint/ && host.workspace.present? && !host.workspace.import_fingerprint
+    if saved_change_to_data? and ntype =~ /fingerprint/ && host.workspace.present? && !host.workspace.import_fingerprint
       host.normalize_os
     end
   end

data/app/models/mdm/workspace.rb

@@ -21,11 +21,6 @@ class Mdm::Workspace < ApplicationRecord
            class_name: 'MetasploitDataModels::AutomaticExploitation:MatchSet',
            inverse_of: :workspace
 
-  # @deprecated Use `Mdm::Workspace#core_credentials` defined by `Metasploit::Credential::Engine` to get
-  #   `Metasploit::Credential::Core`s gathered from this workspace's {#hosts} and {#services}.
-  #
-  # Creds gathered from this workspace's {#hosts} and {#services}.
-  has_many :creds, :through => :services, :class_name => 'Mdm::Cred'
 
   # Events that occurred in this workspace.
   has_many :events, dependent: :delete_all, :class_name => 'Mdm::Event'
@@ -80,6 +75,12 @@ class Mdm::Workspace < ApplicationRecord
 
   # Sessions opened on {#hosts} in this workspace.
   has_many :sessions, :through => :hosts, :class_name => 'Mdm::Session'
+  
+  # @deprecated Use `Mdm::Workspace#core_credentials` defined by `Metasploit::Credential::Engine` to get
+  #   `Metasploit::Credential::Core`s gathered from this workspace's {#hosts} and {#services}.
+  #
+  # Creds gathered from this workspace's {#hosts} and {#services}.
+  has_many :creds, :through => :services, :class_name => 'Mdm::Cred'
 
   #
   # Attributes

data/app/models/metasploit_data_models/search/visitor/where.rb

@@ -91,7 +91,7 @@ class MetasploitDataModels::Search::Visitor::Where
   visit 'MetasploitDataModels::Search::Operation::Port::Range' do |range_operation|
     attribute = attribute_visitor.visit range_operation.operator
 
-    attribute.in(range_operation.value)
+    attribute.between(range_operation.value)
   end
 
   #

data/db/migrate/20190308134512_create_async_callbacks.rb

@@ -8,7 +8,6 @@ class CreateAsyncCallbacks < ActiveRecord::Migration[4.2]
       t.string :target_port
 
       t.timestamps null: false
-      t.uuid null: false
     end
   end
 end

data/lib/metasploit_data_models/version.rb

@@ -1,6 +1,6 @@
 module MetasploitDataModels
   # VERSION is managed by GemRelease
-  VERSION = '4.0.1'
+  VERSION = '4.1.3'
 
   # @return [String]
   #

data/metasploit_data_models.gemspec

@@ -5,27 +5,19 @@ require 'metasploit_data_models/version'
 Gem::Specification.new do |s|
   s.name        = 'metasploit_data_models'
   s.version     = MetasploitDataModels::VERSION
-  s.authors     = [
-      'Samuel Huckins',
-      'Luke Imhoff',
-      "David 'thelightcosine' Maloney",
-      "Trevor 'burlyscudd' Rosen"
-  ]
-  s.email       = [
-      'shuckins@rapid7.com',
-      'luke_imhoff@rapid7.com',
-      'dmaloney@rapid7.com',
-      'trevor_rosen@rapid7.com'
-  ]
+  s.authors     = ['Metasploit Hackers']
+  s.email       = ['msfdev@metasploit.com']
   s.homepage    = ""
   s.summary     = %q{Database code for MSF and Metasploit Pro}
   s.description = %q{Implements minimal ActiveRecord models and database helper code used in both the Metasploit Framework (MSF) and Metasploit commercial editions.}
 
-  s.files         = `git ls-files`.split("\n")
+  s.files         = `git ls-files`.split("\n").reject { |file|
+    file =~ /^bin/
+  }
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.require_paths = %w{app/models app/validators lib}
 
-  s.required_ruby_version = '>= 2.1'
+  s.required_ruby_version = '>= 2.4'
 
   # ---- Dependencies ----
   # documentation
@@ -36,9 +28,7 @@ Gem::Specification.new do |s|
 
   s.add_development_dependency 'rake'
 
-  # documentation
-  # @note 0.8.7.4 has a bug where attribute writers show up as undocumented
-  s.add_development_dependency 'yard', '< 0.8.7.4'
+  s.add_development_dependency 'yard'
   # debugging
   s.add_development_dependency 'pry'
 
@@ -46,8 +36,9 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'activerecord', '~>5.2.2'
   s.add_runtime_dependency 'activesupport', '~>5.2.2'
   s.add_runtime_dependency 'metasploit-concern'
-  s.add_runtime_dependency 'metasploit-model'
+  s.add_runtime_dependency 'metasploit-model', '>=3.1'
   s.add_runtime_dependency 'railties', '~>5.2.2'
+  s.add_runtime_dependency 'webrick'
 
   # os fingerprinting
   s.add_runtime_dependency 'recog', '~> 2.0'

data/spec/app/models/mdm/host_spec.rb

@@ -471,33 +471,33 @@ RSpec.describe Mdm::Host, type: :model do
 
   context 'os normalization' do
     context '#get_arch_from_string' do
-      context "should return 'x64'" do
+      context "should return 'x86_64'" do
         it "when the string contains 'x64'" do
-          expect(host.send(:get_arch_from_string, 'blahx64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahx64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'X64'" do
-          expect(host.send(:get_arch_from_string, 'blahX64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahX64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'x86_64'" do
-          expect(host.send(:get_arch_from_string, 'blahx86_64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahx86_64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'X86_64'" do
-          expect(host.send(:get_arch_from_string, 'blahX86_64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahX86_64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'amd64'" do
-          expect(host.send(:get_arch_from_string, 'blahamd64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahamd64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'AMD64'" do
-          expect(host.send(:get_arch_from_string, 'blahAMD64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahAMD64blah')).to eq('x86_64')
         end
 
         it "when the string contains 'aMd64'" do
-          expect(host.send(:get_arch_from_string, 'blahamd64blah')).to eq('x64')
+          expect(host.send(:get_arch_from_string, 'blahamd64blah')).to eq('x86_64')
         end
       end
 
@@ -531,21 +531,21 @@ RSpec.describe Mdm::Host, type: :model do
         end
       end
 
-      context "should return 'ppc'" do
+      context "should return 'PowerPC'" do
         it "when the string contains 'PowerPC'" do
-          expect(host.send(:get_arch_from_string, 'blahPowerPCblah')).to eq('ppc')
+          expect(host.send(:get_arch_from_string, 'blahPowerPCblah')).to eq('PowerPC')
         end
 
         it "when the string contains 'PPC'" do
-          expect(host.send(:get_arch_from_string, 'blahPPCblah')).to eq('ppc')
+          expect(host.send(:get_arch_from_string, 'blahPPCblah')).to eq('PowerPC')
         end
 
         it "when the string contains 'POWER'" do
-          expect(host.send(:get_arch_from_string, 'blahPOWERblah')).to eq('ppc')
+          expect(host.send(:get_arch_from_string, 'blahPOWERblah')).to eq('PowerPC')
         end
 
         it "when the string contains 'ppc'" do
-          expect(host.send(:get_arch_from_string, 'blahppcblah')).to eq('ppc')
+          expect(host.send(:get_arch_from_string, 'blahppcblah')).to eq('PowerPC')
         end
       end
 
@@ -560,22 +560,22 @@ RSpec.describe Mdm::Host, type: :model do
         end
       end
 
-      it "should return 'sparc' if the string contains SPARC, regardless of case" do
-        expect(host.send(:get_arch_from_string, 'blahSPARCblah')).to eq('sparc')
-        expect(host.send(:get_arch_from_string, 'blahSPaRCblah')).to eq('sparc')
-        expect(host.send(:get_arch_from_string, 'blahsparcblah')).to eq('sparc')
+      it "should return 'Sparc' if the string contains SPARC, regardless of case" do
+        expect(host.send(:get_arch_from_string, 'blahSPARCblah')).to eq('Sparc')
+        expect(host.send(:get_arch_from_string, 'blahSPaRCblah')).to eq('Sparc')
+        expect(host.send(:get_arch_from_string, 'blahsparcblah')).to eq('Sparc')
       end
 
-      it "should return 'arm' if the string contains 'ARM', regardless of case" do
-        expect(host.send(:get_arch_from_string, 'blahARMblah')).to eq('arm')
-        expect(host.send(:get_arch_from_string, 'blahArMblah')).to eq('arm')
-        expect(host.send(:get_arch_from_string, 'blaharmblah')).to eq('arm')
+      it "should return 'ARM' if the string contains 'ARM', regardless of case" do
+        expect(host.send(:get_arch_from_string, 'blahARMblah')).to eq('ARM')
+        expect(host.send(:get_arch_from_string, 'blahArMblah')).to eq('ARM')
+        expect(host.send(:get_arch_from_string, 'blaharmblah')).to eq('ARM')
       end
 
-      it "should return 'mips' if the string contains 'MIPS', regardless of case" do
-        expect(host.send(:get_arch_from_string, 'blahMIPSblah')).to eq('mips')
-        expect(host.send(:get_arch_from_string, 'blahMiPslah')).to eq('mips')
-        expect(host.send(:get_arch_from_string, 'blahmipsblah')).to eq('mips')
+      it "should return 'MIPS' if the string contains 'MIPS', regardless of case" do
+        expect(host.send(:get_arch_from_string, 'blahMIPSblah')).to eq('MIPS')
+        expect(host.send(:get_arch_from_string, 'blahMiPslah')).to eq('MIPS')
+        expect(host.send(:get_arch_from_string, 'blahmipsblah')).to eq('MIPS')
       end
     end
 
@@ -588,7 +588,7 @@ RSpec.describe Mdm::Host, type: :model do
       context 'arch' do
         it 'should return a value for arch if there is one' do
           result = host.send(:parse_windows_os_str, 'Windows x64')
-          expect(result['os.arch']).to eq('x64')
+          expect(result['os.arch']).to eq('x86_64')
         end
 
         it "should not have an arch key if we don't know the arch" do
@@ -1093,7 +1093,7 @@ RSpec.describe Mdm::Host, type: :model do
           fingerprint = FactoryBot.build(:mdm_retina_fingerprint, :host => host)
           result = host.send(:normalize_scanner_fp, fingerprint).first
           expect(result['os.product']).to eq( 'Windows Server 2003')
-          expect(result['os.arch']).to eq('x64')
+          expect(result['os.arch']).to eq('x86_64')
           expect(result['os.version']).to eq('SP2')
           expect(result['os.certainty'].to_f).to eq(0.8)
         end

data/spec/app/models/mdm/nexpose_console_spec.rb

@@ -32,7 +32,7 @@ RSpec.describe Mdm::NexposeConsole, type: :model do
 
   context '#destroy' do
     it 'should successfully destroy the object' do
-      nexpose_console = FactoryBot.create(:mdm_nexpose_console)
+      nexpose_console = FactoryBot.create(:mdm_nexpose_console, :address => 'localhost')
       expect {
         nexpose_console.destroy
       }.to_not raise_error
@@ -50,6 +50,20 @@ RSpec.describe Mdm::NexposeConsole, type: :model do
         expect(addressless_nexpose_console.errors[:address]).to include("can't be blank")
       end
 
+      it 'should be valid for a valid hostname' do
+        host_nexpose_console = FactoryBot.build(:mdm_nexpose_console, :address => 'testvalue.test.com')
+        expect(host_nexpose_console).to be_valid
+      end
+
+      it 'should be invalid for a malformed hostname' do
+        host_nexpose_consoles = ['testvalue.test.com:', 'testvalue-.test.com', '[testvalue.test.com]']
+        host_nexpose_consoles.each do | entry |
+          host_nexpose_console = FactoryBot.build(:mdm_nexpose_console, :address => entry)
+          expect(host_nexpose_console).not_to be_valid
+          expect(host_nexpose_console.errors[:address]).to include("must be a valid (IP or hostname) address")
+        end
+      end
+
       it 'should be valid for IPv4 format' do
         ipv4_nexpose_console = FactoryBot.build(:mdm_nexpose_console, :address => '192.168.1.120')
         expect(ipv4_nexpose_console).to be_valid

data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb

@@ -233,7 +233,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Single, type: :mode
   end
 
   context '#to_s' do
-    subject(:to_s) {
+    subject(:call_to_s) {
       single.to_s
     }
 
@@ -256,7 +256,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Single, type: :mode
     it 'delegates to #value' do
       expect(value).to receive(:to_s)
 
-      to_s
+      call_to_s
     end
   end
 
@@ -321,4 +321,4 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Single, type: :mode
       end
     end
   end
-end
+end

data/spec/app/models/metasploit_data_models/search/visitor/where_spec.rb

@@ -129,7 +129,7 @@ RSpec.describe MetasploitDataModels::Search::Visitor::Where, type: :model do
         attribute = double('Visited Operator')
         allow(visitor.attribute_visitor).to receive(:visit).with(operator).and_return(attribute)
 
-        expect(attribute).to receive(:in).with(range)
+        expect(attribute).to receive(:between).with(range)
 
         visit
       end

data/spec/dummy/config/{database.yml.travis → database.yml.github_actions}

@@ -1,18 +1,17 @@
-# @note This file is only for use in travis-ci.  If you need to make a `spec/dummy/config/database.yml` for running
+# @note This file is only for use in Github Actions.  If you need to make a `spec/dummy/config/database.yml` for running
 # rake, rake spec, or rspec locally, please customize `spec/dummy/config/database.yml.example`.
 #
 # @example Customizing config/database.yml.example
 #   cp spec/dummy/config/database.yml.example spec/dummy/config/database.yml
 #   # update password fields for each environment's user
 
-# Using the postgres user locally without a host and port is the supported configuration from Travis-CI
-#
-# @see http://about.travis-ci.org/docs/user/database-setup/#PostgreSQL
 development: &pgsql
   adapter: postgresql
   database: metasploit_data_models_development
+  host: localhost
   username: postgres
-  pool: 5
+  password: postgres
+  pool: 25
   timeout: 5
 
 # Warning: The database defined as "test" will be erased and re-generated from your development database when you run