metasploit_data_models 0.17.1 → 0.17.2.pre.metasploit.pre.data.pre.models.pre.search

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    YzgwYmExOTgyYjQyMTk5YzVlYjM0MWI2ZGEzNmQ5ZDU2NTQ3ZGI5Yw==
+    ZTk1ODlmNzUyMDg2MjZlMjZkNzUyMWVmZWQ4NTVlMzhlZmU2OWM2OA==
   data.tar.gz: !binary |-
-    MzcxMjM2YmVkOTE4OWIwODRjYjE2NjIyMDMyZDBmY2I3OWQzYWZlNg==
+    MDUzNTY1ZjRjNzU5NWYzOTMyODE1NGIxNzI0MzAwMjRlOWNjY2I2NQ==
 SHA512:
   metadata.gz: !binary |-
-    ODM4ZTQwMzc4MWNlNTIzM2Q4ZjY1OTU1ZGQ3MGViNTg5MzBlZjc1YjE3MGZl
-    YTkxYjdlNzY3MmQyZTU2Y2NlNmJlNmNkN2U3OWY5ZWUxMGI1ZTIyMWRlYmU3
-    YmVhNDZjMjc0MTA3MWJlOGQ1ZTY5NjFjYWI3MTlkYmNkYjVlNmI=
+    YTlhMTU5NTRiYTI5Y2YwZjYwOTMzNWIxN2NjOTY4YWVjNmE4Y2Q2OWFiNzc2
+    YzQ4NTJhNDRlOGYzODdkNjQ4MDljNDJlZTZlNTIxZmFjMTk5YTdjODU4NGVj
+    NjUzZTQyZTU1MmIzNGQ2NDg5MjdlZTk0MDJhM2Q4Mjc4MzY3NWI=
   data.tar.gz: !binary |-
-    ZGI0M2RlMDNlNzhhYjA5ZWUyOTJmNDIyNDZhYzIwNGI3ODAzN2I0NjkzMWYy
-    MTc3N2U1MWQxYzc4ZThjYTRhYmJhMTBjY2MyMzJmN2FjNzEzNDBjMmU2MDdk
-    ZWQ5YThhMDdiZDk5MGFhNzUxMjNhYjhiZDYxYTdjYTFhNzEzMTk=
+    NTFiMTFkODU2ZTZmZjE5ZGY1NjQwYjZkMDJkNjY2NjBlMGU4YzhmODQzNzJi
+    NWRjY2M5MjI4NDhhM2ZiM2ZmZGRhNWNhZjRlNDBhNzc0ODY3OTRkNjI0NzE3
+    MWIyZDUyZjg3NWU2NzEwMWVkMjc0MTYwNzMwZWMyYjQ0ZGFkNzQ=

data/.travis.yml

@@ -2,6 +2,10 @@ before_script:
   - cp spec/dummy/config/database.yml.travis spec/dummy/config/database.yml
   - rake db:setup
 language: ruby
+matrix:
+  allow_failures:
+    # Rubinius.mri_backtrace primitive failed (PrimitiveFailure)
+    - rvm: 'rbx-2.2'
 rvm:
   - '1.9.3'
   - '2.0'

data/Gemfile

@@ -32,6 +32,8 @@ group :test do
   gem 'shoulda-matchers'
   # code coverage of tests
   gem 'simplecov', :require => false
+  # @todo Update specs for rspec 3.0.0 compatibility and remove this gem in favor of just rspec-rails
+  gem 'rspec-core', '< 3.0.0'
   # need rspec-rails >= 2.12.0 as 2.12.0 adds support for redefining named subject in nested context that uses the
   # named subject from the outer context without causing a stack overflow.
   gem 'rspec-rails', '>= 2.12.0'

data/app/models/mdm/host.rb

@@ -1,6 +1,7 @@
 # A system with an {#address IP address} on the network that has been discovered in some way.
 class Mdm::Host < ActiveRecord::Base
   include Mdm::Host::OperatingSystemNormalization
+  include Metasploit::Model::Search
 
   #
   # CONSTANTS
@@ -462,6 +463,29 @@ class Mdm::Host < ActiveRecord::Base
   scope :tag_search,
         lambda { |*args| where("tags.name" => args[0]).includes(:tags) }
 
+  #
+  #
+  # Search
+  #
+  #
+
+  #
+  # Search Associations
+  #
+
+  search_association :services
+
+  #
+  # Search Attributes
+  #
+
+  search_attribute :name,
+                   type: :string
+
+  #
+  # Instance Methods
+  #
+
   # Returns whether 'host.updated.<attr>' {#notes note} is {Mdm::Note#data locked}.
   #
   # @return [true] if Mdm::Note with 'host.updated.<attr>' as {Mdm::Note#name} exists and data[:locked] is `true`.

data/app/models/mdm/service.rb

@@ -1,5 +1,7 @@
 # A service, such as an ssh server or web server, running on a {#host}.
 class Mdm::Service < ActiveRecord::Base
+  include Metasploit::Model::Search
+
   #
   # CONSTANTS
   #
@@ -174,6 +176,13 @@ class Mdm::Service < ActiveRecord::Base
           ])
   }
 
+  #
+  # Search Attributes
+  #
+
+  search_attribute :name,
+                   type: :string
+
   #
   # Validations
   #

data/app/models/metasploit_data_models/search/visitor/attribute.rb

@@ -0,0 +1,13 @@
+# Extracts the `Arel::Attribute` objects from `Metasploit::Model::Search::Operator::Base` subclasses.
+class MetasploitDataModels::Search::Visitor::Attribute
+  include Metasploit::Model::Visitation::Visit
+
+  visit 'Metasploit::Model::Search::Operator::Association' do |operator|
+    visit operator.attribute_operator
+  end
+
+  visit 'Metasploit::Model::Search::Operator::Attribute' do |operator|
+    table = operator.klass.arel_table
+    table[operator.attribute]
+  end
+end

data/app/models/metasploit_data_models/search/visitor/includes.rb

@@ -0,0 +1,28 @@
+# Gathers all the association names to pass to `ActiveRecord::Relation#includes` from a
+# `Metasploit::Model::Search::Query`
+class MetasploitDataModels::Search::Visitor::Includes
+  include Metasploit::Model::Visitation::Visit
+
+  #
+  # Visitors
+  #
+
+  visit 'Metasploit::Model::Search::Group::Base',
+        'Metasploit::Model::Search::Operation::Union' do |parent|
+    parent.children.flat_map { |child|
+      visit child
+    }
+	end
+
+  visit 'Metasploit::Model::Search::Operation::Base' do |operation|
+    visit operation.operator
+  end
+
+  visit 'Metasploit::Model::Search::Operator::Association' do |operator|
+    [operator.association]
+  end
+
+  visit 'Metasploit::Model::Search::Operator::Attribute' do |_operator|
+    []
+  end
+end

data/app/models/metasploit_data_models/search/visitor/joins.rb

@@ -0,0 +1,47 @@
+# Gathers all the association names to pass to `ActiveRecord::Relation#joins` from a `Metasploit::Model::Search::Query`
+class MetasploitDataModels::Search::Visitor::Joins
+  include Metasploit::Model::Visitation::Visit
+
+  #
+  # Visitors
+  #
+
+  visit 'Metasploit::Model::Search::Group::Intersection' do |parent|
+    parent.children.flat_map { |child|
+      visit child
+    }
+  end
+
+  visit 'Metasploit::Model::Search::Group::Union',
+        'Metasploit::Model::Search::Operation::Union' do |parent|
+    # A Set<Set> because if all children have multiple joins, but those multiple joins contain the same elements for
+    # all children, then all joins can be counted as common:
+    #
+    #  (a.b:1 && c.d:2) || (a.b:3 && c.d:4) should return [:a, :c] since its common to both
+    #  (a.b:1 && c.d:2 && e.f:3) || (a.b:3 && c.d:4) should return [:a, :c] since its the common _subset_
+    join_set_set = parent.children.each_with_object(Set.new) { |child, set|
+      child_joins = visit child
+      child_join_set = Set.new child_joins
+
+      set.add child_join_set
+    }
+
+    common_join_set = join_set_set.reduce { |common_subset, set|
+      common_subset & set
+    }
+
+    common_join_set.to_a
+  end
+
+  visit 'Metasploit::Model::Search::Operation::Base' do |operation|
+    visit operation.operator
+  end
+
+  visit 'Metasploit::Model::Search::Operator::Association' do |operator|
+    [operator.association]
+  end
+
+  visit 'Metasploit::Model::Search::Operator::Attribute' do |_|
+    []
+  end
+end

data/app/models/metasploit_data_models/search/visitor/method.rb

@@ -0,0 +1,13 @@
+# Extracts which AREL method to use as a translation for `Metasploit::Model::Search::Group::Base` subclasses.
+class MetasploitDataModels::Search::Visitor::Method
+  include Metasploit::Model::Visitation::Visit
+
+  visit 'Metasploit::Model::Search::Group::Intersection' do
+    :and
+  end
+
+  visit 'Metasploit::Model::Search::Group::Union',
+        'Metasploit::Model::Search::Operation::Union' do
+    :or
+  end
+end

data/app/models/metasploit_data_models/search/visitor/relation.rb

@@ -0,0 +1,87 @@
+# Generates a `ActiveRecord::Relation` from an `Metasploit::Model::Search::Query#tree`
+class MetasploitDataModels::Search::Visitor::Relation < Metasploit::Model::Base
+  #
+  # CONSTANTS
+  #
+
+  # `ActiveRecord::Relation` methods that can compute their argument with a visitor under the
+  # {MetasploitDataModels::Search::Visitor} namespace.
+  RELATION_METHODS = [
+      :joins,
+      :includes,
+      :where
+  ]
+
+  #
+  # Attributes
+  #
+
+  # @!attribute [rw] query
+  #   The query to visit.  Query supplies Class with #scope upon which to build `ActiveRecord::Relation`.
+  #
+  #   @return [Metasploit::Model::Search::Query]
+  attr_accessor :query
+
+  #
+  # Validations
+  #
+
+  validate :valid_query
+
+  validates :query,
+            :presence => true
+
+  #
+  # Methods
+  #
+
+  # Visits {#query} tree to produce an `ActiveRecord::Relation` on the `Metasploit::Model::Search::Query#klass`.
+  #
+  # @return [ActiveRecord::Relation]
+  def visit
+    tree = query.tree
+
+    # Enumerable#inject does not support 3 arity for Hashes so need to unpack pair
+    visitor_by_relation_method.inject(query.klass.scoped) do |relation, pair|
+      relation_method, visitor = pair
+      visited = visitor.visit(tree)
+      relation.send(relation_method, visited)
+    end
+  end
+
+  # Map method on `ActiveRecord::Relation` to visitor that can visit `Metasploit::Model::Search::Query#tree` to
+  # produce the arguments to the method on `ActiveRecord::Relation`.
+  #
+  # @return [Hash{Symbol => #visit}]
+  def visitor_by_relation_method
+    # Enumerable#each_with_object does not support 3 arity for Hashes so need to unpack pair
+    @visitor_by_relation_method ||= self.class.visitor_class_by_relation_method.each_with_object({}) { |pair, visitor_by_relation_method|
+      relation_method, visitor_class = pair
+      visitor_by_relation_method[relation_method] = visitor_class.new
+    }
+  end
+
+  # Maps method on `ActiveRecord::Relation` to the `Class` under {MetasploitDataModels::Search::Visitor} whose
+  # `#visit` method can produce the arguments to the `ActiveRecord::Relation` method.
+  #
+  # @return [Hash{Symbol => Class}]
+  def self.visitor_class_by_relation_method
+    @relation_method_by_visitor_class ||= RELATION_METHODS.each_with_object({}) { |relation_method, relation_method_by_visitor_class|
+      visitor_class_name = "#{parent.name}::#{relation_method.to_s.camelize}"
+      visitor_class = visitor_class_name.constantize
+
+      relation_method_by_visitor_class[relation_method] = visitor_class
+    }
+  end
+
+  private
+
+  # Validates that {#query} is valid.
+  #
+  # @return [void]
+  def valid_query
+    if query and !query.valid?
+      errors.add(:query, :invalid)
+    end
+  end
+end

data/app/models/metasploit_data_models/search/visitor/where.rb

@@ -0,0 +1,65 @@
+# Generates AREL to pass to `ActiveRecord::Relation#where` from a `Metasploit::Model::Search::Query`.
+class MetasploitDataModels::Search::Visitor::Where
+  include Metasploit::Model::Visitation::Visit
+
+  #
+  # CONSTANTS
+  #
+
+  # `Metasploit::Model::Search::Operation::Base` subclasses that check their value with the equality operator in
+  # AREL
+  EQUALITY_OPERATION_CLASS_NAMES = [
+      'Metasploit::Model::Search::Operation::Boolean',
+      'Metasploit::Model::Search::Operation::Date',
+      'Metasploit::Model::Search::Operation::Integer',
+      'Metasploit::Model::Search::Operation::Set'
+  ]
+
+  #
+  # Visitor
+  #
+
+  visit 'Metasploit::Model::Search::Group::Base',
+        'Metasploit::Model::Search::Operation::Union' do |parent|
+    method = method_visitor.visit parent
+
+    children_arel = parent.children.collect { |child|
+      visit child
+    }
+
+    children_arel.inject { |group_arel, child_arel|
+      group_arel.send(method, child_arel)
+    }
+  end
+
+  visit *EQUALITY_OPERATION_CLASS_NAMES do |operation|
+    attribute = attribute_visitor.visit operation.operator
+
+    attribute.eq(operation.value)
+  end
+
+  visit 'Metasploit::Model::Search::Operation::String' do |operation|
+    attribute = attribute_visitor.visit operation.operator
+    match_value = "%#{operation.value}%"
+
+    attribute.matches(match_value)
+	end
+
+  #
+  # Methods
+  #
+
+  # Visitor for `Metasploit::Model::Search::Operator::Base` subclasses to generate `Arel::Attributes::Attribute`.
+  #
+  # @return [MetasploitDataModels::Search::Visitor::Attribute]
+  def attribute_visitor
+    @attribute_visitor ||= MetasploitDataModels::Search::Visitor::Attribute.new
+  end
+
+  # Visitor for `Metasploit::Model::Search::Group::Base` subclasses to generate equivalent AREL node methods.
+  #
+  # @return [MetasploitDataModels::Search::Visitor::Method]
+  def method_visitor
+    @method_visitor ||= MetasploitDataModels::Search::Visitor::Method.new
+  end
+end

data/config/locales/en.yml

@@ -0,0 +1,7 @@
+en:
+  metasploit:
+    model:
+      errors:
+        messages:
+          # have to duplicate activerecord.model.errors.message.taken because of the different i18n_scope
+          taken: "has already been taken"

data/lib/metasploit_data_models.rb

@@ -10,6 +10,7 @@ require 'active_record'
 require 'active_support'
 require 'active_support/all'
 require 'active_support/dependencies'
+require 'metasploit/model'
 
 #
 # Project

data/lib/metasploit_data_models/search.rb

@@ -0,0 +1,6 @@
+module MetasploitDataModels
+  # Namespace that deals with search {Mdm} models.
+  module Search
+
+  end
+end

data/lib/metasploit_data_models/search/visitor.rb

@@ -0,0 +1,8 @@
+module MetasploitDataModels
+  module Search
+    # Namespace for all visitors of `Metasploit::Model::Search::Query` that help search {Mdm} models.
+    module Visitor
+
+    end
+  end
+end

data/lib/metasploit_data_models/version.rb

@@ -4,5 +4,5 @@ module MetasploitDataModels
   # metasploit-framework/data/sql/migrate to db/migrate in this project, not all models have specs that verify the
   # migrations (with have_db_column and have_db_index) and certain models may not be shared between metasploit-framework
   # and pro, so models may be removed in the future.  Because of the unstable API the version should remain below 1.0.0
-  VERSION = '0.17.1'
+  VERSION = '0.17.2-metasploit-data-models-search'
 end

data/metasploit_data_models.gemspec

@@ -38,6 +38,7 @@ Gem::Specification.new do |s|
   # @see MSP-2971
   s.add_runtime_dependency 'activerecord', '>= 3.2.13', '< 4.0.0'
   s.add_runtime_dependency 'activesupport'
+  s.add_runtime_dependency 'metasploit-model', '>= 0.24.1.pre.semantic.pre.versioning.pre.2.pre.0', '< 0.25'
   
   if RUBY_PLATFORM =~ /java/
     # markdown formatting for yard

data/spec/app/models/metasploit_data_models/search/visitor/attribute_spec.rb

@@ -0,0 +1,74 @@
+require 'spec_helper'
+
+describe MetasploitDataModels::Search::Visitor::Attribute do
+  subject(:visitor) do
+    described_class.new
+  end
+
+  context '#visit' do
+    subject(:visit) do
+      visitor.visit(node)
+    end
+
+    context 'with Metasploit::Model::Search::Operator::Association' do
+      let(:attribute_operator) do
+        double('Attribute Operator')
+      end
+
+      let(:node) do
+        Metasploit::Model::Search::Operator::Association.new(
+            :attribute_operator => attribute_operator
+        )
+      end
+
+      it 'should visit Metasploit::Model::Search::Operator::Association#attribute_operator' do
+        visitor.should_receive(:visit).with(node).and_call_original
+        visitor.should_receive(:visit).with(attribute_operator)
+
+        visit
+      end
+
+      it 'should return visit of Metasploit::Model::Search::Operator::Association#attribute_operator' do
+        visitor.should_receive(:visit).with(node).and_call_original
+
+        visited = double('Attribute Operator Visited')
+        visitor.stub(:visit).with(attribute_operator).and_return(visited)
+
+        visit.should == visited
+      end
+    end
+
+    context 'with Metasploit::Model::Search::Operator::Attribute' do
+      let(:node) do
+        Metasploit::Model::Search::Operator::Attribute.new(
+            # needs to be a real column so look up on AREL table works
+            :attribute => :name,
+            # needs to be a real class so Class#arel_table works
+            :klass => Mdm::Host
+        )
+      end
+
+      it { should be_a Arel::Attributes::Attribute }
+
+      context 'name' do
+        subject(:name) do
+          visit.name
+        end
+
+        it 'should be Metasploit::Model::Search::Operator::Attribute#attribute' do
+          name.should == node.attribute
+        end
+      end
+
+      context 'relation' do
+        subject(:relation) do
+          visit.relation
+        end
+
+        it 'should be Class#arel_table for Metasploit::Model::Search::Operator::Attribute#klass' do
+          relation.should == node.klass.arel_table
+        end
+      end
+    end
+  end
+end