metasploit_data_models 5.0.5 → 5.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/.github/workflows/verify.yml +25 -2
- data/Gemfile +3 -2
- data/app/models/mdm/web_page.rb +1 -1
- data/lib/metasploit_data_models/base64_serializer.rb +1 -1
- data/lib/metasploit_data_models/serialized_prefs.rb +1 -1
- data/lib/metasploit_data_models/version.rb +1 -1
- data/lib/metasploit_data_models/yaml.rb +31 -0
- data/lib/metasploit_data_models.rb +1 -0
- data/metasploit_data_models.gemspec +1 -1
- data/spec/app/models/mdm/host_spec.rb +4 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +3 -3
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +4 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +3 -3
- data/spec/dummy/config/application.rb +3 -1
- data.tar.gz.sig +0 -0
- metadata +7 -6
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 507d624327960ae9ad2055e39b92350caa4f5c1e045f4c72885b9ed4666206d8
|
|
4
|
+
data.tar.gz: 4d4910b9e92ae2c2b245b592c145104c957212c0782f7f64dc4db51d2a099264
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7559d185736e6efd66db60a061eeae9f231654cf43a794fe90f14078deffcf14f353b05e40449627e2a6b207c1db5e482c59491e2876c3a90b9800f64455a38e
|
|
7
|
+
data.tar.gz: 4edb158f27af03fcdbd76b62d25497966214fdcd4a1c3a7b4a4ec25a958f2ecbe78e0265dd46f4cb138dc5695910257c37a51685015b1cbc657aa30b2876661a
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
|
@@ -1,5 +1,21 @@
|
|
|
1
1
|
name: Verify
|
|
2
2
|
|
|
3
|
+
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
|
|
4
|
+
permissions:
|
|
5
|
+
actions: none
|
|
6
|
+
checks: none
|
|
7
|
+
contents: none
|
|
8
|
+
deployments: none
|
|
9
|
+
id-token: none
|
|
10
|
+
issues: none
|
|
11
|
+
discussions: none
|
|
12
|
+
packages: none
|
|
13
|
+
pages: none
|
|
14
|
+
pull-requests: none
|
|
15
|
+
repository-projects: none
|
|
16
|
+
security-events: none
|
|
17
|
+
statuses: none
|
|
18
|
+
|
|
3
19
|
on:
|
|
4
20
|
push:
|
|
5
21
|
branches:
|
|
@@ -10,7 +26,7 @@ on:
|
|
|
10
26
|
|
|
11
27
|
jobs:
|
|
12
28
|
test:
|
|
13
|
-
runs-on:
|
|
29
|
+
runs-on: ${{ matrix.os }}
|
|
14
30
|
timeout-minutes: 40
|
|
15
31
|
|
|
16
32
|
services:
|
|
@@ -34,11 +50,18 @@ jobs:
|
|
|
34
50
|
- 2.7
|
|
35
51
|
- 3.0
|
|
36
52
|
- 3.1
|
|
53
|
+
os:
|
|
54
|
+
- ubuntu-18.04
|
|
55
|
+
- ubuntu-22.04
|
|
56
|
+
exclude:
|
|
57
|
+
- { os: ubuntu-22.04, ruby: 2.6 }
|
|
58
|
+
- { os: ubuntu-22.04, ruby: 2.7 }
|
|
59
|
+
- { os: ubuntu-22.04, ruby: 3.0 }
|
|
37
60
|
|
|
38
61
|
env:
|
|
39
62
|
RAILS_ENV: test
|
|
40
63
|
|
|
41
|
-
name: Ruby ${{ matrix.ruby }}
|
|
64
|
+
name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
|
|
42
65
|
steps:
|
|
43
66
|
- name: Install system dependencies
|
|
44
67
|
run: sudo apt-get install libpcap-dev graphviz
|
data/Gemfile
CHANGED
|
@@ -3,7 +3,6 @@ source "https://rubygems.org"
|
|
|
3
3
|
# Specify your gem's dependencies in metasploit_data_models.gemspec
|
|
4
4
|
gemspec
|
|
5
5
|
|
|
6
|
-
|
|
7
6
|
group :development do
|
|
8
7
|
#gem 'metasploit-erd'
|
|
9
8
|
# embed ERDs on index, namespace Module and Class<ApplicationRecord> pages
|
|
@@ -13,7 +12,7 @@ end
|
|
|
13
12
|
# used by dummy application
|
|
14
13
|
group :development, :test do
|
|
15
14
|
# Upload coverage reports to coveralls.io
|
|
16
|
-
gem 'coveralls', require: false
|
|
15
|
+
gem 'coveralls', require: false
|
|
17
16
|
# supplies factories for producing model instance for specs
|
|
18
17
|
# Version 4.1.0 or newer is needed to support generate calls without the 'FactoryBot.' in factory definitions syntax.
|
|
19
18
|
gem 'factory_bot'
|
|
@@ -21,6 +20,8 @@ group :development, :test do
|
|
|
21
20
|
gem 'factory_bot_rails'
|
|
22
21
|
|
|
23
22
|
gem 'rails', '~> 6.0'
|
|
23
|
+
gem 'net-smtp', require: false
|
|
24
|
+
|
|
24
25
|
# Used to create fake data
|
|
25
26
|
gem "faker"
|
|
26
27
|
|
data/app/models/mdm/web_page.rb
CHANGED
|
@@ -27,7 +27,7 @@ class MetasploitDataModels::Base64Serializer
|
|
|
27
27
|
},
|
|
28
28
|
lambda { |serialized|
|
|
29
29
|
# Support legacy YAML encoding for existing data
|
|
30
|
-
YAML.
|
|
30
|
+
YAML.safe_load(serialized, permitted_classes: Rails.application.config.active_record.yaml_column_permitted_classes)
|
|
31
31
|
},
|
|
32
32
|
lambda { |serialized|
|
|
33
33
|
# Fall back to string decoding
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# Namespace for YAML configuration
|
|
2
|
+
class MetasploitDataModels::YAML
|
|
3
|
+
#
|
|
4
|
+
# CONSTANTS
|
|
5
|
+
#
|
|
6
|
+
|
|
7
|
+
# List of supported classes when deserializing YAML classes
|
|
8
|
+
# See: https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
|
|
9
|
+
#
|
|
10
|
+
PERMITTED_CLASSES = [
|
|
11
|
+
Range,
|
|
12
|
+
Set,
|
|
13
|
+
Symbol,
|
|
14
|
+
Time,
|
|
15
|
+
'WEBrick::Cookie'.to_sym,
|
|
16
|
+
'ActionController::Parameters'.to_sym,
|
|
17
|
+
'ActiveModel::Attribute::FromDatabase'.to_sym,
|
|
18
|
+
'ActiveModel::Attribute::FromUser'.to_sym,
|
|
19
|
+
'ActiveModel::Attribute::WithCastValue'.to_sym,
|
|
20
|
+
'ActiveModel::Type::Boolean'.to_sym,
|
|
21
|
+
'ActiveModel::Type::Integer'.to_sym,
|
|
22
|
+
'ActiveModel::Type::String'.to_sym,
|
|
23
|
+
'ActiveRecord::Coders::JSON'.to_sym,
|
|
24
|
+
'ActiveSupport::TimeWithZone'.to_sym,
|
|
25
|
+
'ActiveSupport::TimeZone'.to_sym,
|
|
26
|
+
'ActiveRecord::Type::Serialized'.to_sym,
|
|
27
|
+
'ActiveRecord::Type::Text'.to_sym,
|
|
28
|
+
'ActiveSupport::HashWithIndifferentAccess'.to_sym,
|
|
29
|
+
'Mdm::Workspace'.to_sym
|
|
30
|
+
].freeze
|
|
31
|
+
end
|
|
@@ -41,7 +41,7 @@ Gem::Specification.new do |s|
|
|
|
41
41
|
s.add_runtime_dependency 'webrick'
|
|
42
42
|
|
|
43
43
|
# os fingerprinting
|
|
44
|
-
s.add_runtime_dependency 'recog'
|
|
44
|
+
s.add_runtime_dependency 'recog'
|
|
45
45
|
|
|
46
46
|
# arel-helpers: Useful tools to help construct database queries with ActiveRecord and Arel.
|
|
47
47
|
s.add_runtime_dependency 'arel-helpers'
|
|
@@ -547,14 +547,14 @@ RSpec.describe Mdm::Host, type: :model do
|
|
|
547
547
|
it "when the string contains 'ppc'" do
|
|
548
548
|
expect(host.send(:get_arch_from_string, 'blahppcblah')).to eq('PowerPC')
|
|
549
549
|
end
|
|
550
|
-
end
|
|
551
550
|
|
|
552
|
-
context 'should return nil' do
|
|
553
551
|
it 'when PowerPC is cased incorrectly' do
|
|
554
|
-
expect(host.send(:get_arch_from_string, 'powerPC')).to eq(
|
|
555
|
-
expect(host.send(:get_arch_from_string, 'Powerpc')).to eq(
|
|
552
|
+
expect(host.send(:get_arch_from_string, 'powerPC')).to eq('PowerPC')
|
|
553
|
+
expect(host.send(:get_arch_from_string, 'Powerpc')).to eq('PowerPC')
|
|
556
554
|
end
|
|
555
|
+
end
|
|
557
556
|
|
|
557
|
+
context 'should return nil' do
|
|
558
558
|
it 'when no recognized arch string is present' do
|
|
559
559
|
expect(host.send(:get_arch_from_string, 'blahblah')).to eq(nil)
|
|
560
560
|
end
|
|
@@ -185,7 +185,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Range, type: :model do
|
|
|
185
185
|
end
|
|
186
186
|
|
|
187
187
|
context '#to_s' do
|
|
188
|
-
subject(:
|
|
188
|
+
subject(:to_s_result) {
|
|
189
189
|
range.to_s
|
|
190
190
|
}
|
|
191
191
|
|
|
@@ -195,7 +195,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Range, type: :model do
|
|
|
195
195
|
}
|
|
196
196
|
|
|
197
197
|
it 'equals the original formatted value' do
|
|
198
|
-
expect(
|
|
198
|
+
expect(to_s_result).to eq(formatted_value)
|
|
199
199
|
end
|
|
200
200
|
end
|
|
201
201
|
|
|
@@ -295,4 +295,4 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Range, type: :model do
|
|
|
295
295
|
it { is_expected.not_to be_a Range }
|
|
296
296
|
end
|
|
297
297
|
end
|
|
298
|
-
end
|
|
298
|
+
end
|
|
@@ -135,7 +135,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
|
|
|
135
135
|
end
|
|
136
136
|
|
|
137
137
|
context '#to_s' do
|
|
138
|
-
subject(:
|
|
138
|
+
subject(:to_s_value) do
|
|
139
139
|
nmap.to_s
|
|
140
140
|
end
|
|
141
141
|
|
|
@@ -145,7 +145,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
|
|
|
145
145
|
}
|
|
146
146
|
|
|
147
147
|
it 'returns a string equal to the original formatted value' do
|
|
148
|
-
expect(
|
|
148
|
+
expect(to_s_value).to eq(formatted_value)
|
|
149
149
|
end
|
|
150
150
|
end
|
|
151
151
|
|
|
@@ -155,7 +155,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
|
|
|
155
155
|
}
|
|
156
156
|
|
|
157
157
|
it 'returned the formatted value as a string' do
|
|
158
|
-
expect(
|
|
158
|
+
expect(to_s_value).to eq(formatted_value.to_s)
|
|
159
159
|
end
|
|
160
160
|
end
|
|
161
161
|
end
|
|
@@ -273,4 +273,4 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
|
|
|
273
273
|
end
|
|
274
274
|
end
|
|
275
275
|
end
|
|
276
|
-
end
|
|
276
|
+
end
|
|
@@ -185,7 +185,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::Range, type:
|
|
|
185
185
|
end
|
|
186
186
|
|
|
187
187
|
context '#to_s' do
|
|
188
|
-
subject(:
|
|
188
|
+
subject(:to_s_result) {
|
|
189
189
|
range.to_s
|
|
190
190
|
}
|
|
191
191
|
|
|
@@ -195,7 +195,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::Range, type:
|
|
|
195
195
|
}
|
|
196
196
|
|
|
197
197
|
it 'equals the original formatted value' do
|
|
198
|
-
expect(
|
|
198
|
+
expect(to_s_result).to eq(formatted_value)
|
|
199
199
|
end
|
|
200
200
|
end
|
|
201
201
|
|
|
@@ -299,4 +299,4 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::Range, type:
|
|
|
299
299
|
it { is_expected.not_to be_a Range }
|
|
300
300
|
end
|
|
301
301
|
end
|
|
302
|
-
end
|
|
302
|
+
end
|
|
@@ -39,13 +39,15 @@ module Dummy
|
|
|
39
39
|
|
|
40
40
|
# Configure sensitive parameters which will be filtered from the log file.
|
|
41
41
|
config.filter_parameters += [:password]
|
|
42
|
-
|
|
42
|
+
|
|
43
43
|
# Raise deprecations as errors
|
|
44
44
|
config.active_support.deprecation = :raise
|
|
45
45
|
|
|
46
46
|
# Enable escaping HTML in JSON.
|
|
47
47
|
config.active_support.escape_html_entities_in_json = true
|
|
48
48
|
|
|
49
|
+
config.active_record.yaml_column_permitted_classes = MetasploitDataModels::YAML::PERMITTED_CLASSES
|
|
50
|
+
|
|
49
51
|
# Use SQL instead of Active Record's schema dumper when creating the database.
|
|
50
52
|
# This is necessary if your schema can't be completely dumped by the schema dumper,
|
|
51
53
|
# like if you have constraints or database-specific column types
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: metasploit_data_models
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.0.
|
|
4
|
+
version: 5.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Metasploit Hackers
|
|
@@ -93,7 +93,7 @@ cert_chain:
|
|
|
93
93
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
|
94
94
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
|
95
95
|
-----END CERTIFICATE-----
|
|
96
|
-
date: 2022-
|
|
96
|
+
date: 2022-11-01 00:00:00.000000000 Z
|
|
97
97
|
dependencies:
|
|
98
98
|
- !ruby/object:Gem::Dependency
|
|
99
99
|
name: metasploit-yard
|
|
@@ -267,16 +267,16 @@ dependencies:
|
|
|
267
267
|
name: recog
|
|
268
268
|
requirement: !ruby/object:Gem::Requirement
|
|
269
269
|
requirements:
|
|
270
|
-
- - "
|
|
270
|
+
- - ">="
|
|
271
271
|
- !ruby/object:Gem::Version
|
|
272
|
-
version: '
|
|
272
|
+
version: '0'
|
|
273
273
|
type: :runtime
|
|
274
274
|
prerelease: false
|
|
275
275
|
version_requirements: !ruby/object:Gem::Requirement
|
|
276
276
|
requirements:
|
|
277
|
-
- - "
|
|
277
|
+
- - ">="
|
|
278
278
|
- !ruby/object:Gem::Version
|
|
279
|
-
version: '
|
|
279
|
+
version: '0'
|
|
280
280
|
- !ruby/object:Gem::Dependency
|
|
281
281
|
name: arel-helpers
|
|
282
282
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -576,6 +576,7 @@ files:
|
|
|
576
576
|
- lib/metasploit_data_models/search/visitor.rb
|
|
577
577
|
- lib/metasploit_data_models/serialized_prefs.rb
|
|
578
578
|
- lib/metasploit_data_models/version.rb
|
|
579
|
+
- lib/metasploit_data_models/yaml.rb
|
|
579
580
|
- metasploit_data_models.gemspec
|
|
580
581
|
- script/rails
|
|
581
582
|
- spec/app/models/mdm/api_key_spec.rb
|
metadata.gz.sig
CHANGED
|
Binary file
|