metasploit_data_models 1.2.7 → 1.2.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a832e9ced35288ddac2edbb5e3cd4d4eb19cbb5c
-  data.tar.gz: a9f00670c0d01fe19f0991471f7344c6c3370915
+  metadata.gz: ac2e230d58545f2f98b7d4c884fe72f3a5019613
+  data.tar.gz: cf13ef55f75497f7433dac9fdc2cf38f6c20df12
 SHA512:
-  metadata.gz: 255b6a0e805116a6c992657c38d1f25ba81a863cec6dde9f79c5263016c693043c80c99c812329bc4186aab2bc7bccafebde2e9967102afffb2fb50520c58aa1
-  data.tar.gz: a0c035e7112895aee64de5fb2af85824dade5095b9d0da642d612c6d59d75d08a1a8216ac83cd95578fe68228561c0ba78ab8504c10d0971621b76eb62b54aef
+  metadata.gz: 4bb6f24caafd89021295f7042f1bf15db115d635c7a7a12696fa81bab8c612ca8ff6855b2a155187eceb58bfd1cbc08e72cae60bae9706e68ab04d0460aea45e
+  data.tar.gz: 38324d7b45f7fcb28a46d9d273a4da9d7120334f23df94e3288ac0005ad60ea36966b70013e1639d82d8a7c19a8b66b894f6b703ed1b72f56bd58ee2eb765d2b

data/Gemfile

@@ -32,7 +32,7 @@ group :test do
   # In a full rails project, factory_girl_rails would be in both the :development, and :test group, but since we only
   # want rails in :test, factory_girl_rails must also only be in :test.
   # add matchers from shoulda, such as validates_presence_of, which are useful for testing validations
-  gem 'shoulda-matchers'
+  gem 'shoulda-matchers', '~> 3.0'
   # code coverage of tests
   gem 'simplecov', :require => false
   # need rspec-rails >= 2.12.0 as 2.12.0 adds support for redefining named subject in nested context that uses the

data/app/models/mdm/loot.rb

@@ -122,16 +122,15 @@ class Mdm::Loot < ActiveRecord::Base
   #
 
   scope :search, lambda { |*args|
-    # @todo replace with AREL
-    terms = RELATIVE_SEARCH_FIELDS.collect { |relative_field|
-      "loots.#{relative_field} ILIKE ?"
-    }
-    disjunction = terms.join(' OR ')
-    formatted_parameter = "%#{args[0]}%"
-    parameters = [formatted_parameter] * RELATIVE_SEARCH_FIELDS.length
-    conditions = [disjunction] + parameters
-
-    where(conditions)
+    joins(:host).
+      where(
+        'loots.ltype ILIKE ? ' +
+          'OR loots.name ILIKE ? ' +
+          'OR loots.info ILIKE ? ' +
+          'OR loots.data ILIKE ? ' +
+          'OR COALESCE(hosts.name, CAST(hosts.address AS TEXT)) ILIKE ?',
+        "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%"
+      )
   }
 
   #

data/app/models/mdm/note.rb

@@ -90,11 +90,14 @@ class Mdm::Note < ActiveRecord::Base
   scope :visible, -> { where(Mdm::Note[:ntype].not_in(['web.form', 'web.url', 'web.vuln'])) }
 
   scope :search, lambda { |*args|
-    where(["(data NOT ILIKE 'BAh7%' AND data LIKE ?)" +
-               "OR (data ILIKE 'BAh7%' AND decode(data, 'base64') LIKE ?)" +
-               "OR ntype ILIKE ?",
-           "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%"
-          ])
+    joins(:host).
+      where(
+        "(notes.data NOT ILIKE 'BAh7%' AND notes.data LIKE ?) " +
+          "OR (notes.data ILIKE 'BAh7%' AND decode(notes.data, 'base64') LIKE ?) " +
+          'OR notes.ntype ILIKE ? ' +
+          'OR COALESCE(hosts.name, CAST(hosts.address AS TEXT)) ILIKE ?',
+        "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%"
+      )
   }
 
   #

data/app/models/mdm/service.rb

@@ -170,13 +170,15 @@ class Mdm::Service < ActiveRecord::Base
   scope :inactive, -> { where("services.state != 'open'") }
   scope :with_state, lambda { |a_state|  where("services.state = ?", a_state)}
   scope :search, lambda { |*args|
-    where([
-              "services.name ILIKE ? OR " +
-                  "services.info ILIKE ? OR " +
-                  "services.proto ILIKE ? OR " +
-                  "services.port = ? ",
-              "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", (args[0].to_i > 0) ? args[0].to_i : 99999
-          ])
+    joins(:host).
+      where(
+        'services.name ILIKE ? OR ' +
+          'services.info ILIKE ? OR ' +
+          'services.proto ILIKE ? OR ' +
+          'services.port = ? OR ' +
+          'COALESCE(hosts.name, CAST(hosts.address AS TEXT)) ILIKE ?',
+         "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", (args[0].to_i > 0) ? args[0].to_i : 99999, "%#{args[0]}%"
+      )
   }
 
   #

data/app/models/mdm/vuln.rb

@@ -1,6 +1,6 @@
 # A vulnerability found on a {#host} or {#service}.
 class Mdm::Vuln < ActiveRecord::Base
-  
+
   #
   # Associations
   #
@@ -169,15 +169,16 @@ class Mdm::Vuln < ActiveRecord::Base
 
   scope :search, lambda { |query|
     formatted_query = "%#{query}%"
-
     where(
-        arel_table[:name].matches(formatted_query).or(
-            arel_table[:info].matches(formatted_query)
-        ).or(
-            Mdm::Ref.arel_table[:name].matches(formatted_query)
-        )
+      arel_table[:name].matches(formatted_query).or(
+        arel_table[:info].matches(formatted_query)
+      ).or(
+        Mdm::Ref.arel_table[:name].matches(formatted_query)
+      ).or(
+        Arel::Nodes::NamedFunction.new('CAST', [Mdm::Host.arel_table[:address].as('TEXT')]).matches(formatted_query)
+      )
     ).includes(
-        :refs
+      :refs, :host
     )
   }
 

data/lib/metasploit_data_models/version.rb

@@ -10,8 +10,7 @@ module MetasploitDataModels
     # The minor version number, scoped to the {MAJOR} version number.
     MINOR = 2
     # The patch version number, scoped to the {MAJOR} and {MINOR} version numbers.
-    PATCH = 7
-
+    PATCH = 8
 
     #
     # Module Methods

data/spec/app/models/mdm/loot_spec.rb

@@ -63,6 +63,12 @@ RSpec.describe Mdm::Loot, type: :model do
         myloot = FactoryGirl.create(:mdm_loot, :info => 'Find This')
         expect(Mdm::Loot.search('Find This')).to include(myloot)
       end
+
+      it 'should match on hostname' do
+        myloot = FactoryGirl.create(:mdm_loot, :info => 'Find This')
+        host_name = myloot.host.name
+        expect(Mdm::Loot.search(host_name)).to include(myloot)
+      end
     end
   end
 

data/spec/app/models/mdm/module/detail_spec.rb

@@ -240,7 +240,10 @@ RSpec.describe Mdm::Module::Detail, type: :model do
     # validate_inclusion_of(:privileged).in_array([true, false]) will fail on the disallowed values check.
 
     context 'rank' do
-      it { is_expected.to validate_numericality_of(:rank).only_integer }
+      it 'validates rank is only an integer', pending: 'https://github.com/thoughtbot/shoulda-matchers/issues/784' do
+        is_expected.to validate_numericality_of(:rank).only_integer
+      end
+
       it { is_expected.to validate_inclusion_of(:rank).in_array(ranks) }
     end
 

data/spec/app/models/mdm/note_spec.rb

@@ -80,6 +80,12 @@ RSpec.describe Mdm::Note, type: :model do
         flagged_note = FactoryGirl.create(:mdm_note, :ntype => 'flag.me', :critical => true, :seen => false)
         expect(Mdm::Note.search('flag.me')).to include(flagged_note)
       end
+
+      it 'should match on host name' do
+        flagged_note = FactoryGirl.create(:mdm_note, :seen => false)
+        host_name = flagged_note.host.name
+        expect(Mdm::Note.search(host_name)).to include(flagged_note)
+      end
     end
   end
 end

data/spec/app/models/mdm/service_spec.rb

@@ -53,14 +53,20 @@ RSpec.describe Mdm::Service, type: :model do
       end
     end
 
-    context "search for 'tcp'" do
-      it "should find only services that match" do
+    context 'search' do
+      it 'should find only services that match for \'tcp\'' do
         tcp_service   = FactoryGirl.create(:mdm_service, proto: 'tcp')
         udp_service    =  FactoryGirl.create(:mdm_service, proto: 'udp')
         search_results = Mdm::Service.search('tcp')
         expect(search_results).to     include(tcp_service)
         expect(search_results).not_to include(udp_service)
       end
+
+      it 'should query host name of services' do
+        service = FactoryGirl.create(:mdm_service)
+        host_name = service.host.name
+        expect(Mdm::Service.search(host_name)).to include(service)
+      end
     end
   end
 
@@ -174,7 +180,10 @@ RSpec.describe Mdm::Service, type: :model do
       FactoryGirl.build(:mdm_service)
     }
 
-    it { is_expected.to validate_numericality_of(:port).only_integer }
+    it 'validate port is only an integer', pending: 'https://github.com/thoughtbot/shoulda-matchers/issues/784' do
+      is_expected.to validate_numericality_of(:port).only_integer
+    end
+
     it { is_expected.to validate_inclusion_of(:proto).in_array(described_class::PROTOS) }
 
     context 'when a duplicate service already exists' do

data/spec/app/models/mdm/vuln_spec.rb

@@ -256,6 +256,17 @@ RSpec.describe Mdm::Vuln, type: :model do
             end
           end
         end
+
+        context 'with Mdm::Host' do
+          context 'with query matching Mdm::Host address' do
+            let(:vuln_with_host) { FactoryGirl.create(:mdm_vuln, :host)}
+            let(:query) { vuln_with_host.host.address}
+
+            it 'should match Mdm::Vuln' do
+              expect(results).to match_array [vuln_with_host]
+            end
+          end
+        end
       end
     end
   end

data/spec/app/models/mdm/web_vuln_spec.rb

@@ -115,10 +115,6 @@ RSpec.describe Mdm::WebVuln, type: :model do
     it { is_expected.to validate_presence_of :path }
 
     context 'params' do
-      it 'should not validate presence of params because it default to [] and can never be nil' do
-        expect(web_vuln).not_to validate_presence_of(:params)
-      end
-
       context 'validates parameters' do
         let(:type_signature_sentence) do
           "Valid parameters are an Array<Array(String, String)>."

data/spec/app/models/mdm/workspace_spec.rb

@@ -138,11 +138,11 @@ RSpec.describe Mdm::Workspace, type: :model do
     end
 
     context 'description' do
-      it { is_expected.to ensure_length_of(:description).is_at_most(4 * (2 ** 10)) }
+      it { is_expected.to validate_length_of(:description).is_at_most(4 * (2 ** 10)) }
     end
 
     context 'name' do
-      it { is_expected.to ensure_length_of(:name).is_at_most(2**8 - 1) }
+      it { is_expected.to validate_length_of(:name).is_at_most(2**8 - 1) }
       it { is_expected.to validate_presence_of :name }
       it { is_expected.to validate_uniqueness_of :name }
     end

data/spec/app/models/metasploit_data_models/ip_address/v4/segment/single_spec.rb

@@ -10,7 +10,9 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Single, type: :mode
   }
 
   context 'validations' do
-    it { is_expected.to validate_numericality_of(:value).is_greater_than_or_equal_to(0).is_less_than_or_equal_to(255).only_integer }
+    it 'validates value is only an integer between 0 and 255 inclusive', pending: 'https://github.com/thoughtbot/shoulda-matchers/issues/784' do
+      is_expected.to validate_numericality_of(:value).is_greater_than_or_equal_to(0).is_less_than_or_equal_to(255).only_integer
+    end
   end
 
   it 'can be used in a Range' do

data/spec/app/models/metasploit_data_models/search/operator/multitext_spec.rb

@@ -10,7 +10,7 @@ RSpec.describe MetasploitDataModels::Search::Operator::Multitext, type: :model d
   }
 
   context 'validations' do
-    it { is_expected.to ensure_length_of(:operator_names).is_at_least(2) }
+    it { is_expected.to validate_length_of(:operator_names).is_at_least(2) }
     it { is_expected.to validate_presence_of :name }
   end
 

data/spec/lib/metasploit_data_models/ip_address/cidr_spec.rb

@@ -1,4 +1,4 @@
-RSpec.describe MetasploitDataModels::IPAddress::CIDR do
+RSpec.describe MetasploitDataModels::IPAddress::CIDR, type: :model do
   subject(:including_class_instance) {
     including_class.new(
         value: formatted_value
@@ -138,7 +138,7 @@ RSpec.describe MetasploitDataModels::IPAddress::CIDR do
         segment_count * segment_bits
       }
 
-      it 'validates it is an integer between 0 and maximum_prefix_length' do
+      it 'validates it is an integer between 0 and maximum_prefix_length', pending: 'https://github.com/thoughtbot/shoulda-matchers/issues/784' do
         expect(including_class_instance).to validate_numericality_of(:prefix_length).only_integer.is_greater_than_or_equal_to(0).is_less_than_or_equal_to(maximum_prefix_length)
       end
     end

data/spec/spec_helper.rb

@@ -128,3 +128,12 @@ RSpec.configure do |config|
     allow_any_instance_of(Mdm::Workspace).to receive(:valid_ip_or_range?).and_return(true)
   end
 end
+
+Shoulda::Matchers.configure do |config|
+  config.integrate do |with|
+    with.library :active_record
+    with.library :active_model
+
+    with.test_framework :rspec
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit_data_models
 version: !ruby/object:Gem::Version
-  version: 1.2.7
+  version: 1.2.8
 platform: ruby
 authors:
 - Samuel Huckins
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-29 00:00:00.000000000 Z
+date: 2015-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: metasploit-version
@@ -731,7 +731,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.3
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: Database code for MSF and Metasploit Pro