metasploit_data_models 1.2.7 → 1.2.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/app/models/mdm/loot.rb +9 -10
- data/app/models/mdm/note.rb +8 -5
- data/app/models/mdm/service.rb +9 -7
- data/app/models/mdm/vuln.rb +9 -8
- data/lib/metasploit_data_models/version.rb +1 -2
- data/spec/app/models/mdm/loot_spec.rb +6 -0
- data/spec/app/models/mdm/module/detail_spec.rb +4 -1
- data/spec/app/models/mdm/note_spec.rb +6 -0
- data/spec/app/models/mdm/service_spec.rb +12 -3
- data/spec/app/models/mdm/vuln_spec.rb +11 -0
- data/spec/app/models/mdm/web_vuln_spec.rb +0 -4
- data/spec/app/models/mdm/workspace_spec.rb +2 -2
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb +3 -1
- data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb +1 -1
- data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb +2 -2
- data/spec/spec_helper.rb +9 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ac2e230d58545f2f98b7d4c884fe72f3a5019613
|
4
|
+
data.tar.gz: cf13ef55f75497f7433dac9fdc2cf38f6c20df12
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4bb6f24caafd89021295f7042f1bf15db115d635c7a7a12696fa81bab8c612ca8ff6855b2a155187eceb58bfd1cbc08e72cae60bae9706e68ab04d0460aea45e
|
7
|
+
data.tar.gz: 38324d7b45f7fcb28a46d9d273a4da9d7120334f23df94e3288ac0005ad60ea36966b70013e1639d82d8a7c19a8b66b894f6b703ed1b72f56bd58ee2eb765d2b
|
data/Gemfile
CHANGED
@@ -32,7 +32,7 @@ group :test do
|
|
32
32
|
# In a full rails project, factory_girl_rails would be in both the :development, and :test group, but since we only
|
33
33
|
# want rails in :test, factory_girl_rails must also only be in :test.
|
34
34
|
# add matchers from shoulda, such as validates_presence_of, which are useful for testing validations
|
35
|
-
gem 'shoulda-matchers'
|
35
|
+
gem 'shoulda-matchers', '~> 3.0'
|
36
36
|
# code coverage of tests
|
37
37
|
gem 'simplecov', :require => false
|
38
38
|
# need rspec-rails >= 2.12.0 as 2.12.0 adds support for redefining named subject in nested context that uses the
|
data/app/models/mdm/loot.rb
CHANGED
@@ -122,16 +122,15 @@ class Mdm::Loot < ActiveRecord::Base
|
|
122
122
|
#
|
123
123
|
|
124
124
|
scope :search, lambda { |*args|
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
where(conditions)
|
125
|
+
joins(:host).
|
126
|
+
where(
|
127
|
+
'loots.ltype ILIKE ? ' +
|
128
|
+
'OR loots.name ILIKE ? ' +
|
129
|
+
'OR loots.info ILIKE ? ' +
|
130
|
+
'OR loots.data ILIKE ? ' +
|
131
|
+
'OR COALESCE(hosts.name, CAST(hosts.address AS TEXT)) ILIKE ?',
|
132
|
+
"%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%"
|
133
|
+
)
|
135
134
|
}
|
136
135
|
|
137
136
|
#
|
data/app/models/mdm/note.rb
CHANGED
@@ -90,11 +90,14 @@ class Mdm::Note < ActiveRecord::Base
|
|
90
90
|
scope :visible, -> { where(Mdm::Note[:ntype].not_in(['web.form', 'web.url', 'web.vuln'])) }
|
91
91
|
|
92
92
|
scope :search, lambda { |*args|
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
93
|
+
joins(:host).
|
94
|
+
where(
|
95
|
+
"(notes.data NOT ILIKE 'BAh7%' AND notes.data LIKE ?) " +
|
96
|
+
"OR (notes.data ILIKE 'BAh7%' AND decode(notes.data, 'base64') LIKE ?) " +
|
97
|
+
'OR notes.ntype ILIKE ? ' +
|
98
|
+
'OR COALESCE(hosts.name, CAST(hosts.address AS TEXT)) ILIKE ?',
|
99
|
+
"%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%"
|
100
|
+
)
|
98
101
|
}
|
99
102
|
|
100
103
|
#
|
data/app/models/mdm/service.rb
CHANGED
@@ -170,13 +170,15 @@ class Mdm::Service < ActiveRecord::Base
|
|
170
170
|
scope :inactive, -> { where("services.state != 'open'") }
|
171
171
|
scope :with_state, lambda { |a_state| where("services.state = ?", a_state)}
|
172
172
|
scope :search, lambda { |*args|
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
173
|
+
joins(:host).
|
174
|
+
where(
|
175
|
+
'services.name ILIKE ? OR ' +
|
176
|
+
'services.info ILIKE ? OR ' +
|
177
|
+
'services.proto ILIKE ? OR ' +
|
178
|
+
'services.port = ? OR ' +
|
179
|
+
'COALESCE(hosts.name, CAST(hosts.address AS TEXT)) ILIKE ?',
|
180
|
+
"%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", (args[0].to_i > 0) ? args[0].to_i : 99999, "%#{args[0]}%"
|
181
|
+
)
|
180
182
|
}
|
181
183
|
|
182
184
|
#
|
data/app/models/mdm/vuln.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# A vulnerability found on a {#host} or {#service}.
|
2
2
|
class Mdm::Vuln < ActiveRecord::Base
|
3
|
-
|
3
|
+
|
4
4
|
#
|
5
5
|
# Associations
|
6
6
|
#
|
@@ -169,15 +169,16 @@ class Mdm::Vuln < ActiveRecord::Base
|
|
169
169
|
|
170
170
|
scope :search, lambda { |query|
|
171
171
|
formatted_query = "%#{query}%"
|
172
|
-
|
173
172
|
where(
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
173
|
+
arel_table[:name].matches(formatted_query).or(
|
174
|
+
arel_table[:info].matches(formatted_query)
|
175
|
+
).or(
|
176
|
+
Mdm::Ref.arel_table[:name].matches(formatted_query)
|
177
|
+
).or(
|
178
|
+
Arel::Nodes::NamedFunction.new('CAST', [Mdm::Host.arel_table[:address].as('TEXT')]).matches(formatted_query)
|
179
|
+
)
|
179
180
|
).includes(
|
180
|
-
|
181
|
+
:refs, :host
|
181
182
|
)
|
182
183
|
}
|
183
184
|
|
@@ -63,6 +63,12 @@ RSpec.describe Mdm::Loot, type: :model do
|
|
63
63
|
myloot = FactoryGirl.create(:mdm_loot, :info => 'Find This')
|
64
64
|
expect(Mdm::Loot.search('Find This')).to include(myloot)
|
65
65
|
end
|
66
|
+
|
67
|
+
it 'should match on hostname' do
|
68
|
+
myloot = FactoryGirl.create(:mdm_loot, :info => 'Find This')
|
69
|
+
host_name = myloot.host.name
|
70
|
+
expect(Mdm::Loot.search(host_name)).to include(myloot)
|
71
|
+
end
|
66
72
|
end
|
67
73
|
end
|
68
74
|
|
@@ -240,7 +240,10 @@ RSpec.describe Mdm::Module::Detail, type: :model do
|
|
240
240
|
# validate_inclusion_of(:privileged).in_array([true, false]) will fail on the disallowed values check.
|
241
241
|
|
242
242
|
context 'rank' do
|
243
|
-
it
|
243
|
+
it 'validates rank is only an integer', pending: 'https://github.com/thoughtbot/shoulda-matchers/issues/784' do
|
244
|
+
is_expected.to validate_numericality_of(:rank).only_integer
|
245
|
+
end
|
246
|
+
|
244
247
|
it { is_expected.to validate_inclusion_of(:rank).in_array(ranks) }
|
245
248
|
end
|
246
249
|
|
@@ -80,6 +80,12 @@ RSpec.describe Mdm::Note, type: :model do
|
|
80
80
|
flagged_note = FactoryGirl.create(:mdm_note, :ntype => 'flag.me', :critical => true, :seen => false)
|
81
81
|
expect(Mdm::Note.search('flag.me')).to include(flagged_note)
|
82
82
|
end
|
83
|
+
|
84
|
+
it 'should match on host name' do
|
85
|
+
flagged_note = FactoryGirl.create(:mdm_note, :seen => false)
|
86
|
+
host_name = flagged_note.host.name
|
87
|
+
expect(Mdm::Note.search(host_name)).to include(flagged_note)
|
88
|
+
end
|
83
89
|
end
|
84
90
|
end
|
85
91
|
end
|
@@ -53,14 +53,20 @@ RSpec.describe Mdm::Service, type: :model do
|
|
53
53
|
end
|
54
54
|
end
|
55
55
|
|
56
|
-
context
|
57
|
-
it
|
56
|
+
context 'search' do
|
57
|
+
it 'should find only services that match for \'tcp\'' do
|
58
58
|
tcp_service = FactoryGirl.create(:mdm_service, proto: 'tcp')
|
59
59
|
udp_service = FactoryGirl.create(:mdm_service, proto: 'udp')
|
60
60
|
search_results = Mdm::Service.search('tcp')
|
61
61
|
expect(search_results).to include(tcp_service)
|
62
62
|
expect(search_results).not_to include(udp_service)
|
63
63
|
end
|
64
|
+
|
65
|
+
it 'should query host name of services' do
|
66
|
+
service = FactoryGirl.create(:mdm_service)
|
67
|
+
host_name = service.host.name
|
68
|
+
expect(Mdm::Service.search(host_name)).to include(service)
|
69
|
+
end
|
64
70
|
end
|
65
71
|
end
|
66
72
|
|
@@ -174,7 +180,10 @@ RSpec.describe Mdm::Service, type: :model do
|
|
174
180
|
FactoryGirl.build(:mdm_service)
|
175
181
|
}
|
176
182
|
|
177
|
-
it
|
183
|
+
it 'validate port is only an integer', pending: 'https://github.com/thoughtbot/shoulda-matchers/issues/784' do
|
184
|
+
is_expected.to validate_numericality_of(:port).only_integer
|
185
|
+
end
|
186
|
+
|
178
187
|
it { is_expected.to validate_inclusion_of(:proto).in_array(described_class::PROTOS) }
|
179
188
|
|
180
189
|
context 'when a duplicate service already exists' do
|
@@ -256,6 +256,17 @@ RSpec.describe Mdm::Vuln, type: :model do
|
|
256
256
|
end
|
257
257
|
end
|
258
258
|
end
|
259
|
+
|
260
|
+
context 'with Mdm::Host' do
|
261
|
+
context 'with query matching Mdm::Host address' do
|
262
|
+
let(:vuln_with_host) { FactoryGirl.create(:mdm_vuln, :host)}
|
263
|
+
let(:query) { vuln_with_host.host.address}
|
264
|
+
|
265
|
+
it 'should match Mdm::Vuln' do
|
266
|
+
expect(results).to match_array [vuln_with_host]
|
267
|
+
end
|
268
|
+
end
|
269
|
+
end
|
259
270
|
end
|
260
271
|
end
|
261
272
|
end
|
@@ -115,10 +115,6 @@ RSpec.describe Mdm::WebVuln, type: :model do
|
|
115
115
|
it { is_expected.to validate_presence_of :path }
|
116
116
|
|
117
117
|
context 'params' do
|
118
|
-
it 'should not validate presence of params because it default to [] and can never be nil' do
|
119
|
-
expect(web_vuln).not_to validate_presence_of(:params)
|
120
|
-
end
|
121
|
-
|
122
118
|
context 'validates parameters' do
|
123
119
|
let(:type_signature_sentence) do
|
124
120
|
"Valid parameters are an Array<Array(String, String)>."
|
@@ -138,11 +138,11 @@ RSpec.describe Mdm::Workspace, type: :model do
|
|
138
138
|
end
|
139
139
|
|
140
140
|
context 'description' do
|
141
|
-
it { is_expected.to
|
141
|
+
it { is_expected.to validate_length_of(:description).is_at_most(4 * (2 ** 10)) }
|
142
142
|
end
|
143
143
|
|
144
144
|
context 'name' do
|
145
|
-
it { is_expected.to
|
145
|
+
it { is_expected.to validate_length_of(:name).is_at_most(2**8 - 1) }
|
146
146
|
it { is_expected.to validate_presence_of :name }
|
147
147
|
it { is_expected.to validate_uniqueness_of :name }
|
148
148
|
end
|
@@ -10,7 +10,9 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Single, type: :mode
|
|
10
10
|
}
|
11
11
|
|
12
12
|
context 'validations' do
|
13
|
-
it
|
13
|
+
it 'validates value is only an integer between 0 and 255 inclusive', pending: 'https://github.com/thoughtbot/shoulda-matchers/issues/784' do
|
14
|
+
is_expected.to validate_numericality_of(:value).is_greater_than_or_equal_to(0).is_less_than_or_equal_to(255).only_integer
|
15
|
+
end
|
14
16
|
end
|
15
17
|
|
16
18
|
it 'can be used in a Range' do
|
@@ -10,7 +10,7 @@ RSpec.describe MetasploitDataModels::Search::Operator::Multitext, type: :model d
|
|
10
10
|
}
|
11
11
|
|
12
12
|
context 'validations' do
|
13
|
-
it { is_expected.to
|
13
|
+
it { is_expected.to validate_length_of(:operator_names).is_at_least(2) }
|
14
14
|
it { is_expected.to validate_presence_of :name }
|
15
15
|
end
|
16
16
|
|
@@ -1,4 +1,4 @@
|
|
1
|
-
RSpec.describe MetasploitDataModels::IPAddress::CIDR do
|
1
|
+
RSpec.describe MetasploitDataModels::IPAddress::CIDR, type: :model do
|
2
2
|
subject(:including_class_instance) {
|
3
3
|
including_class.new(
|
4
4
|
value: formatted_value
|
@@ -138,7 +138,7 @@ RSpec.describe MetasploitDataModels::IPAddress::CIDR do
|
|
138
138
|
segment_count * segment_bits
|
139
139
|
}
|
140
140
|
|
141
|
-
it 'validates it is an integer between 0 and maximum_prefix_length' do
|
141
|
+
it 'validates it is an integer between 0 and maximum_prefix_length', pending: 'https://github.com/thoughtbot/shoulda-matchers/issues/784' do
|
142
142
|
expect(including_class_instance).to validate_numericality_of(:prefix_length).only_integer.is_greater_than_or_equal_to(0).is_less_than_or_equal_to(maximum_prefix_length)
|
143
143
|
end
|
144
144
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -128,3 +128,12 @@ RSpec.configure do |config|
|
|
128
128
|
allow_any_instance_of(Mdm::Workspace).to receive(:valid_ip_or_range?).and_return(true)
|
129
129
|
end
|
130
130
|
end
|
131
|
+
|
132
|
+
Shoulda::Matchers.configure do |config|
|
133
|
+
config.integrate do |with|
|
134
|
+
with.library :active_record
|
135
|
+
with.library :active_model
|
136
|
+
|
137
|
+
with.test_framework :rspec
|
138
|
+
end
|
139
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: metasploit_data_models
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Samuel Huckins
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2015-
|
14
|
+
date: 2015-10-21 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: metasploit-version
|
@@ -731,7 +731,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
731
731
|
version: '0'
|
732
732
|
requirements: []
|
733
733
|
rubyforge_project:
|
734
|
-
rubygems_version: 2.4.
|
734
|
+
rubygems_version: 2.4.8
|
735
735
|
signing_key:
|
736
736
|
specification_version: 4
|
737
737
|
summary: Database code for MSF and Metasploit Pro
|