metasploit_data_models 1.3.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3b60fcc58f7853a690eaa995996c2fef56b86439
-  data.tar.gz: 9dd6197c1457688c06a9d75dece9a42a931f1fdc
+  metadata.gz: 9e3831b7d870ff2f6137158b6b3834424a60d6e6
+  data.tar.gz: 203a3c40853109a9c1f2b66c45d278c1eb42345b
 SHA512:
-  metadata.gz: 695e9338ef6e687ce7830d7d3562559c6a447ad80c1b372bf361538d7114477e155e6e37d617860c1e7a750e55794d71164f939bf540967c4c29c8aaa9b47bed
-  data.tar.gz: 059b3ea8a8cb6a4b86ac74d18750948b3a59dbc5ed7ee253533e026704c339de968924a28f9363a2f8b287c64af9d8d7e5b0cff3e26c30d2bb809cacd132c3bc
+  metadata.gz: 70986e57992f2d364bb3fc1ec81267f889529877f4a2795245af315ad3d12b339a353fab8d81e1f96104af9c6581037babbe50874f33289aee936e5b79b6a54d
+  data.tar.gz: b99e4c92772eaf4223d2a6e68c0693a675d99268382287a8eeaad21c818361b3e13b4d5421793abbd19badf589378a0c26871f629f815c6e4733dac3abdf2675

data/.gitignore

@@ -25,3 +25,5 @@ Gemfile.lock
 pkg/*
 # Database configuration (with passwords) for specs
 spec/dummy/config/database.yml
+# Secrets
+spec/dummy/config/secrets.yml

data/Gemfile

@@ -3,17 +3,11 @@ source "https://rubygems.org"
 # Specify your gem's dependencies in metasploit_data_models.gemspec
 gemspec
 
-# gem 'metasploit-yard', github: 'rapid7/metasploit-yard',      branch: 'staging/rails-upgrade'
-# gem 'metasploit-erd',  github: 'rapid7/metasploit-erd',       branch: 'staging/rails-upgrade'
-# gem 'metasploit-erd',  github: 'rapid7/yard-metasploit-erd',  branch: 'staging/rails-upgrade'
-# gem 'metasploit-erd',  github: 'rapid7/metasploit-concern',   branch: 'staging/rails-upgrade'
-# gem 'metasploit-erd',  github: 'rapid7/metasploit-model',     branch: 'staging/rails-upgrade'
-
 
 group :development do
-  gem 'metasploit-erd'
+  #gem 'metasploit-erd'
   # embed ERDs on index, namespace Module and Class<ActiveRecord::Base> pages
-  gem 'yard-metasploit-erd'
+  #gem 'yard-metasploit-erd'
 end
 
 # used by dummy application
@@ -22,15 +16,12 @@ group :development, :test do
   gem 'coveralls', require: false  
   # supplies factories for producing model instance for specs
   # Version 4.1.0 or newer is needed to support generate calls without the 'FactoryGirl.' in factory definitions syntax.
-  gem 'factory_girl', '>= 4.1.0'
+  gem 'factory_girl'
   # auto-load factories from spec/factories
   gem 'factory_girl_rails'
 
-  rails_version_constraint = [
-      '>= 4.0.9',
-      '< 4.1.0'
-  ]
-  gem 'rails', *rails_version_constraint
+
+  gem 'rails', '~>4.2.6'
   # Used to create fake data
   gem "faker"
 end
@@ -39,12 +30,12 @@ group :test do
   # In a full rails project, factory_girl_rails would be in both the :development, and :test group, but since we only
   # want rails in :test, factory_girl_rails must also only be in :test.
   # add matchers from shoulda, such as validates_presence_of, which are useful for testing validations
-  gem 'shoulda-matchers', '~> 3.0'
+  gem 'shoulda-matchers'
   # code coverage of tests
   gem 'simplecov', :require => false
   # need rspec-rails >= 2.12.0 as 2.12.0 adds support for redefining named subject in nested context that uses the
   # named subject from the outer context without causing a stack overflow.
-  gem 'rspec-rails', '~> 3.2'
+  gem 'rspec-rails'
   # used for building markup for webpage factories
   gem 'builder'
 end

data/app/models/mdm/workspace.rb

@@ -129,41 +129,11 @@ class Mdm::Workspace < ActiveRecord::Base
 
   validates :name, :presence => true, :uniqueness => true, :length => {:maximum => 255}
   validates :description, :length => {:maximum => 4096}
-  validate :boundary_must_be_ip_range
 
   #
   # Instance Methods
   #
 
-  # If {#limit_to_network} is disabled, this will always return `true`. Otherwise, return `true` only if all of the
-  # given IPs are within the project {#boundary boundaries}.
-  #
-  # @param ips [String] IP range(s)
-  # @return [true] if actions on ips are allowed.
-  # @return [false] if actions are not allowed on ips.
-  def allow_actions_on?(ips)
-    return true unless limit_to_network
-    return true unless boundary
-    return true if boundary.empty?
-    boundaries = Shellwords.split(boundary)
-    return true if boundaries.empty? # It's okay if there is no boundary range after all
-    given_range = Rex::Socket::RangeWalker.new(ips)
-    return false unless given_range # Can't do things to nonexistant IPs
-    allowed = false
-    boundaries.each do |boundary_range|
-      ok_range = Rex::Socket::RangeWalker.new(boundary)
-      allowed  = true if ok_range.include_range? given_range
-    end
-    return allowed
-  end
-
-  # Validates that {#boundary} is {#valid_ip_or_range? a valid IP address or IP address range}.
-  #
-  # @return [void]
-  def boundary_must_be_ip_range
-    errors.add(:boundary, "must be a valid IP range") unless valid_ip_or_range?(boundary)
-  end
-
   # @deprecated Use `Mdm::Workspace#credential_cores` when `Metasploit::Credential::Engine` is installed to get
   #    `Metasploit::Credential::Core`s.  Use `Mdm::Service#logins` when `Metasploit::Credential::Engine` is installed to
   #    get `Metasploit::Credential::Login`s.
@@ -265,7 +235,6 @@ class Mdm::Workspace < ActiveRecord::Base
       Mdm::Service.join_association(:host),
       Mdm::Host.join_association(:workspace)
     ).where(Mdm::Workspace[:id].eq(id)).uniq
-    
   end
 
   # Web vulnerability found on {#web_sites}.
@@ -295,7 +264,7 @@ class Mdm::Workspace < ActiveRecord::Base
   def web_unique_forms(addrs=nil)
     forms = unique_web_forms
     if addrs
-      forms.reject!{|f| not addrs.include?( f.web_site.service.host.address.to_s ) }
+      forms.to_a.reject!{|f| not addrs.include?( f.web_site.service.host.address.to_s ) }
     end
     forms
   end
@@ -309,18 +278,6 @@ class Mdm::Workspace < ActiveRecord::Base
     boundary.strip! if boundary
   end
 
-  # Returns whether `string` is a valid IP address or IP address range.
-  #
-  # @return [true] if valid IP address or IP address range.
-  # @return [false] otherwise.
-  def valid_ip_or_range?(string)
-    begin
-      Rex::Socket::RangeWalker.new(string)
-    rescue
-      return false
-    end
-  end
-
   public
 
   Metasploit::Concern.run(self)

data/app/models/metasploit_data_models/search/visitor/where.rb

@@ -118,7 +118,7 @@ class MetasploitDataModels::Search::Visitor::Where
   #
   # @return [Arel::Nodes::NamedFunction]
   def cast_to_inet(string)
-    cast_argument = Arel::Nodes::As.new(string, Arel::Nodes::SqlLiteral.new('INET'))
+    cast_argument = Arel::Nodes::As.new(Arel::Nodes.build_quoted(string), Arel::Nodes::SqlLiteral.new('INET'))
     Arel::Nodes::NamedFunction.new('CAST', [cast_argument])
   end
 

data/db/migrate/20160415153312_remove_not_null_from_web_vuln_p_arams.rb

@@ -0,0 +1,5 @@
+class RemoveNotNullFromWebVulnPArams < ActiveRecord::Migration
+  def change
+    change_column_null(:web_vulns, :params, true)
+  end
+end

data/lib/metasploit_data_models/version.rb

@@ -1,6 +1,6 @@
 module MetasploitDataModels
   # VERSION is managed by GemRelease
-  VERSION = '1.3.0'
+  VERSION = '2.0.0'
 
   # @return [String]
   #

data/metasploit_data_models.gemspec

@@ -30,10 +30,10 @@ Gem::Specification.new do |s|
 
   # ---- Dependencies ----
   # documentation
-  s.add_development_dependency 'metasploit-yard', '~> 1.1'
-  s.add_development_dependency 'yard-activerecord', '~> 0.0.14'
+  s.add_development_dependency 'metasploit-yard'
+  s.add_development_dependency 'yard-activerecord'
   # embed ERDs on index, namespace Module and Class<ActiveRecord::Base> pages
-  s.add_development_dependency 'yard-metasploit-erd', '~> 1.1'
+  s.add_development_dependency 'yard-metasploit-erd'
 
   s.add_development_dependency 'rake'
 
@@ -43,13 +43,12 @@ Gem::Specification.new do |s|
   # debugging
   s.add_development_dependency 'pry'
 
-  rails_version_constraints = ['>= 4.0.9', '< 4.1.0']
 
-  s.add_runtime_dependency 'activerecord', *rails_version_constraints
-  s.add_runtime_dependency 'activesupport', *rails_version_constraints
-  s.add_runtime_dependency 'metasploit-concern', '~> 1.1'
-  s.add_runtime_dependency 'metasploit-model', '~> 1.1'
-  s.add_runtime_dependency 'railties', *rails_version_constraints
+  s.add_runtime_dependency 'activerecord', '~>4.2.6'
+  s.add_runtime_dependency 'activesupport', '~>4.2.6'
+  s.add_runtime_dependency 'metasploit-concern'
+  s.add_runtime_dependency 'metasploit-model'
+  s.add_runtime_dependency 'railties', '~>4.2.6'
 
   # os fingerprinting
   s.add_runtime_dependency 'recog', '~> 2.0'

data/spec/app/models/mdm/host_spec.rb

@@ -408,7 +408,7 @@ RSpec.describe Mdm::Host, type: :model do
         let(:arch) { "asdfasdf" }
         it 'should normalize to Unknown' do
           expect(host).to be_valid
-          expect(host.arch).to be described_class::UNKNOWN_ARCHITECTURE
+          expect(host.arch).to eq described_class::UNKNOWN_ARCHITECTURE
         end
       end
       described_class::ARCHITECTURES.each do |arch|

data/spec/app/models/mdm/web_vuln_spec.rb

@@ -65,7 +65,7 @@ RSpec.describe Mdm::WebVuln, type: :model do
       it { is_expected.to have_db_column(:method).of_type(:string).with_options(:limit => 1024, :null => false) }
       it { is_expected.to have_db_column(:name).of_type(:string).with_options(:limit => 1024, :null => false) }
       it { is_expected.to have_db_column(:owner).of_type(:string) }
-      it { is_expected.to have_db_column(:params).of_type(:text).with_options(:null => false) }
+      it { is_expected.to have_db_column(:params).of_type(:text) }
       it { is_expected.to have_db_column(:path).of_type(:text).with_options(:null => false) }
       it { is_expected.to have_db_column(:payload).of_type(:text) }
       it { is_expected.to have_db_column(:pname).of_type(:text) }

data/spec/app/models/mdm/workspace_spec.rb

@@ -85,58 +85,6 @@ RSpec.describe Mdm::Workspace, type: :model do
   end
 
   context 'validations' do
-    context 'boundary' do
-      let(:boundary) do
-        nil
-      end
-
-      let(:error) do
-        'must be a valid IP range'
-      end
-
-      before(:example) do
-        workspace.boundary = boundary
-        workspace.valid?
-      end
-
-      it 'should validate using #valid_ip_or_range?' do
-        expect(workspace).to receive(:valid_ip_or_range?).with(boundary).and_return(false)
-
-        workspace.valid?
-      end
-
-      context 'with valid IP' do
-        let(:boundary) do
-          '192.168.0.1'
-        end
-
-        it 'should not record an error' do
-          expect(workspace.errors[:boundary]).not_to include(error)
-        end
-      end
-
-      context 'with valid range' do
-        let(:boundary) do
-          '192.168.0.1/24'
-        end
-
-        it 'should not record an error' do
-          expect(workspace.errors[:boundary]).not_to include(error)
-        end
-      end
-
-      context 'with invalid IP or range' do
-        let(:boundary) do
-          '192.168'
-        end
-
-        it 'should record error that boundary must be a valid IP range', :pending => 'https://www.pivotaltracker.com/story/show/43171927' do
-          expect(workspace).not_to be_valid
-          expect(workkspace.errors[:boundary]).to include(error)
-        end
-      end
-    end
-
     context 'description' do
       it { is_expected.to validate_length_of(:description).is_at_most(4 * (2 ** 10)) }
     end
@@ -549,5 +497,4 @@ RSpec.describe Mdm::Workspace, type: :model do
       end
     end
   end
-
-end
+end

data/spec/app/models/metasploit_data_models/search/visitor/relation_spec.rb

@@ -680,7 +680,7 @@ RSpec.describe MetasploitDataModels::Search::Visitor::Relation, type: :model do
 
             context 'with CIDR' do
               let(:formatted_address) {
-                '1.3.4.5/8'
+                "'1.3.4.5/8'"
               }
 
               it 'should find only matching record' do

data/spec/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+load Gem.bin_path('bundler', 'bundle')

data/spec/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require_relative '../config/boot'
+require 'rails/commands'

data/spec/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative '../config/boot'
+require 'rake'
+Rake.application.run

data/spec/dummy/config/boot.rb

@@ -1,10 +1,4 @@
-require 'rubygems'
-gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
 
-if File.exist?(gemfile)
-  ENV['BUNDLE_GEMFILE'] = gemfile
-  require 'bundler'
-  Bundler.setup
-end
-
-$:.unshift File.expand_path('../../../../lib', __FILE__)
+require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])

data/spec/dummy/config/environment.rb

@@ -1,5 +1,5 @@
-# Load the rails application
+# Load the Rails application.
 require File.expand_path('../application', __FILE__)
 
-# Initialize the rails application
-Dummy::Application.initialize!
+# Initialize the Rails application.
+Rails.application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -1,23 +1,37 @@
-Dummy::Application.configure do
-  # Settings specified here will take precedence over those in config/application.rb
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
 
   # In the development environment your application's code is reloaded on
   # every request. This slows down response time but is perfect for development
   # since you don't have to restart the web server when you make code changes.
   config.cache_classes = false
 
-  # Show full error reports and disable caching
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports and disable caching.
   config.consider_all_requests_local       = true
   config.action_controller.perform_caching = false
 
-  # Don't care if the mailer can't send
+  # Don't care if the mailer can't send.
   config.action_mailer.raise_delivery_errors = false
 
-  # Do not compress assets
-  config.assets.compress = false
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+  # Raise an error on page load if there are pending migrations.
+  config.active_record.migration_error = :page_load
 
-  # Expands the lines which load the assets
+  # Debug mode disables concatenation and preprocessing of assets.
+  # This option may cause significant delays in view rendering with a large
+  # number of complex assets.
   config.assets.debug = true
 
-  config.eager_load = false
+  # Adds additional error checking when serving assets at runtime.
+  # Checks for improperly declared sprockets dependencies.
+  # Raises helpful error messages.
+  config.assets.raise_runtime_errors = true
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
 end

data/spec/dummy/config/environments/production.rb

@@ -1,66 +1,78 @@
-Dummy::Application.configure do
-  # Settings specified here will take precedence over those in config/application.rb
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
 
-  # Code is not reloaded between requests
+  # Code is not reloaded between requests.
   config.cache_classes = true
 
-  # Full error reports are disabled and caching is turned on
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
   config.consider_all_requests_local       = false
   config.action_controller.perform_caching = true
 
-  # Disable Rails's static asset server (Apache or nginx will already do this)
+  # Enable Rack::Cache to put a simple HTTP cache in front of your application
+  # Add `rack-cache` to your Gemfile before enabling this.
+  # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
+  # config.action_dispatch.rack_cache = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this).
   config.serve_static_assets = false
 
-  # Compress JavaScripts and CSS
-  config.assets.compress = true
+  # Compress JavaScripts and CSS.
+  config.assets.js_compressor = :uglifier
+  # config.assets.css_compressor = :sass
 
-  # Don't fallback to assets pipeline if a precompiled asset is missed
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
   config.assets.compile = false
 
-  # Generate digests for assets URLs
+  # Generate digests for assets URLs.
   config.assets.digest = true
 
-  # Defaults to nil and saved in location specified by config.assets.prefix
-  # config.assets.manifest = YOUR_PATH
+  # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
 
-  # Specifies the header that your server uses for sending files
+  # Specifies the header that your server uses for sending files.
   # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
   # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   # config.force_ssl = true
 
-  # See everything in the log (default is :info)
-  # config.log_level = :debug
+  # Set to :debug to see everything in the log.
+  config.log_level = :info
 
-  # Prepend all log lines with the following tags
+  # Prepend all log lines with the following tags.
   # config.log_tags = [ :subdomain, :uuid ]
 
-  # Use a different logger for distributed setups
+  # Use a different logger for distributed setups.
   # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
 
-  # Use a different cache store in production
+  # Use a different cache store in production.
   # config.cache_store = :mem_cache_store
 
-  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
   # config.action_controller.asset_host = "http://assets.example.com"
 
-  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
-  # config.assets.precompile += %w( search.js )
-
-  # Disable delivery errors, bad email addresses will be ignored
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
   # config.action_mailer.raise_delivery_errors = false
 
-  # Enable threaded mode
-  # config.threadsafe!
-
   # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
-  # the I18n.default_locale when a translation can not be found)
+  # the I18n.default_locale when a translation cannot be found).
   config.i18n.fallbacks = true
 
-  # Log the query plan for queries taking more than this (works
-  # with SQLite, MySQL, and PostgreSQL)
-  # config.active_record.auto_explain_threshold_in_seconds = 0.5
-  
-  config.eager_load = true
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  # Disable automatic flushing of the log to improve performance.
+  # config.autoflush_log = false
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
 end