metasploit_data_models 5.0.1 → 5.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6b3d6afb4043f6da94c943b5fbc781ae3181d50720a85dc148faaafb90342e9d
-  data.tar.gz: 42b7980d65c39dfafca53117d550d3bd408e845e051637b9dc2581f580c86f96
+  metadata.gz: 232b057420ed2ce662db4ebc490d34ef13bbb0ac57e2e35e516f886b7dfb9e0b
+  data.tar.gz: 644cade6aa4791d599c6405d61581bba496a8ae07c6d0b1d69579fc2d2867fc2
 SHA512:
-  metadata.gz: 8e868aaf68a281bfed3c28ce4bc262fdc8e33ed02ca90beb49c1136e94f78ab0c671e76d6c81d3110592b344ef463d5dc0686c3d110ff8abe3b1aed91a07e33a
-  data.tar.gz: 74ba74b84a2daadc73546e4b604e6c9cac36a3b1370e757848096c76f2580dc79d4d573c48833c904606fcd15535da27fb6d6a8e60fd83abd070b4bb3ba38c56
+  metadata.gz: ee21837a8af1f62fdfdec43615eb5dba2d62edc5bbc521627d97cd59d69fd78b06b13f1c94ca693810871ec24e0f0401449176fc53ca0ec3ea65ccabefc31e68
+  data.tar.gz: 0b95c36f7521b2e2cd503df6ad05d49b355550f102eec2df2ac9df03d8ec150575770561e0cba34297ab649bc987219b4eed9059a8445056e3ac4ce57a0b88d9

checksums.yaml.gz.sig

@@ -1,5 +1,2 @@
-s��K�ZU%���
-Vg\?ui��hׄ�=���Ь���*P�cjVO��dt,"��y[C��&�Åk�t���+b�3�~��Th�q�:eXJ<V�p�$w��QBe�I=��]r��1*�p�þ��*�ň�S&
-)�x��s�u,��畼Z׾p�;�C���k�ﺥ�q@?���DB�"Z�A�`�>`�;
-���,����P=6y�n	�I�`�w��
-K�D�έ��\���('�J�E�g���ț�s�1w�Nt
+���M}�͝�ʊ�}��N�!�1
+��DO�6u�7)X�c����o��w���Nd�U� �C�n��2���B�����V��	��>�p���Z���}&+-�q5&��b�sBP����~f�Q �hA).S���$ڄ9k��b���
@�|ک��{��s!s��

data/app/models/mdm/event.rb

@@ -11,12 +11,14 @@ class Mdm::Event < ApplicationRecord
   # @return [nil] if event did not occur on a host.
   belongs_to :host,
              class_name: 'Mdm::Host',
+             optional: true,
              inverse_of: :events
 
   # {Mdm::Workspace} in which this event occured.  If {#host} is present, then this will match
   # {Mdm::Host#workspace `host.workspace`}.
   belongs_to :workspace,
              class_name: 'Mdm::Workspace',
+             optional: true,
              inverse_of: :events
   
   #

data/app/models/mdm/exploit_attempt.rb

@@ -18,6 +18,7 @@ class Mdm::ExploitAttempt < ApplicationRecord
   # @return [Mdm::Loot, nil]
   belongs_to :loot,
              class_name: 'Mdm::Loot',
+             optional: true,
              inverse_of: :exploit_attempt
 
   # The service being exploited on {#host}.
@@ -25,6 +26,7 @@ class Mdm::ExploitAttempt < ApplicationRecord
   # @return [Mdm::Service, nil]
   belongs_to :service,
              class_name: 'Mdm::Service',
+             optional: true,
              inverse_of: :exploit_attempts
 
   # The session that was established when this attempt was successful.
@@ -33,6 +35,7 @@ class Mdm::ExploitAttempt < ApplicationRecord
   # @return [nil] if session was not established.
   belongs_to :session,
              class_name: 'Mdm::Session',
+             optional: true,
              inverse_of: :exploit_attempt
 
   # The vulnerability that was attempted to be exploited.
@@ -40,6 +43,7 @@ class Mdm::ExploitAttempt < ApplicationRecord
   # @return [Mdm::Vuln, nil]
   belongs_to :vuln,
              class_name: 'Mdm::Vuln',
+             optional: true,
              inverse_of: :exploit_attempts
 
   #

data/app/models/mdm/loot.rb

@@ -40,6 +40,7 @@ class Mdm::Loot < ApplicationRecord
   belongs_to :module_run,
              class_name: 'MetasploitDataModels::ModuleRun',
              foreign_key: :module_run_id,
+             optional: true, # allow for manually stored loot?
              inverse_of: :loots
 
   # @!attribute [rw] service
@@ -48,6 +49,7 @@ class Mdm::Loot < ApplicationRecord
   #   @return [Mdm::Service]
   belongs_to :service,
              class_name: 'Mdm::Service',
+             optional: true,
              inverse_of: :loots
 
   # @!attribute vuln_attempt

data/app/models/mdm/note.rb

@@ -13,6 +13,7 @@ class Mdm::Note < ApplicationRecord
   belongs_to :host,
              class_name: 'Mdm::Host',
              counter_cache: :note_count,
+             optional: true,
              inverse_of: :notes
 
   # @!attribute [rw] service
@@ -22,6 +23,7 @@ class Mdm::Note < ApplicationRecord
   #   @return [nil] if not is attached to an {Mdm::Host}.
   belongs_to :service,
              class_name: 'Mdm::Service',
+             optional: true,
              inverse_of: :notes
 
   # @!attribute [rw] vuln
@@ -31,6 +33,7 @@ class Mdm::Note < ApplicationRecord
   #   @return [nil] if not is attached to an {Mdm::Host}.
   belongs_to :vuln,
              class_name: 'Mdm::Vuln',
+             optional: true,
              inverse_of: :notes
 
   # @!attribute [rw] workspace

data/app/models/mdm/session.rb

@@ -47,6 +47,7 @@ class Mdm::Session < ApplicationRecord
   #   @return [MetasploitDataModels::ModuleRun]
   belongs_to :originating_module_run,
            class_name: 'MetasploitDataModels::ModuleRun',
+           optional: true, # no code currently generates a module_run
            foreign_key: :module_run_id,
            inverse_of: :spawned_session
 

data/app/models/mdm/tag.rb

@@ -15,6 +15,7 @@ class Mdm::Tag < ApplicationRecord
   # User that created this tag.
   belongs_to :user,
              class_name: 'Mdm::User',
+             optional: true, # no tags have ever actually had user set.
              inverse_of: :tags
 
   #

data/app/models/mdm/vuln.rb

@@ -20,6 +20,7 @@ class Mdm::Vuln < ApplicationRecord
   belongs_to :host,
              class_name: 'Mdm::Host',
              counter_cache: :vuln_count,
+             optional: true,
              inverse_of: :vulns
 
   # @!attribute [rw] matches
@@ -36,6 +37,7 @@ class Mdm::Vuln < ApplicationRecord
   #   @return [Mdm::Service]
   belongs_to :service,
              class_name: 'Mdm::Service',
+             optional: true,
              inverse_of: :vulns
 
   # @!attribute [rw] origin
@@ -44,6 +46,7 @@ class Mdm::Vuln < ApplicationRecord
   #
   #   @return [ActiveRecord::Relation<origin>]
   belongs_to :origin,
+             optional: true,
              polymorphic: true
 
   # @!attribute [rw] vuln_attempts

data/app/models/mdm/vuln_attempt.rb

@@ -11,6 +11,7 @@ class Mdm::VulnAttempt < ApplicationRecord
   # @return [nil] if {#exploited} is `false`.
   belongs_to :loot,
              class_name: 'Mdm::Loot',
+             optional: true,
              inverse_of: :vuln_attempt
 
   # The session opened by this attempt.
@@ -19,6 +20,7 @@ class Mdm::VulnAttempt < ApplicationRecord
   # @return [nil] if {#exploited} is `false`.
   belongs_to :session,
              class_name: 'Mdm::Session',
+             optional: true,
              inverse_of: :vuln_attempt
 
   # The {Mdm::Vuln vulnerability} that this attempt was exploiting.

data/app/models/mdm/vuln_detail.rb

@@ -67,6 +67,7 @@ class Mdm::VulnDetail < ApplicationRecord
   belongs_to :nexpose_console,
              class_name: 'Mdm::NexposeConsole',
              foreign_key: :nx_console_id,
+             optional: true,
              inverse_of: :vuln_details
 
   # @!attribute nx_added

data/app/models/mdm/workspace.rb

@@ -36,7 +36,7 @@ class Mdm::Workspace < ApplicationRecord
 
   # User that owns this workspace and has full permissions within this workspace even if they are not an
   # {Mdm::User#admin administrator}.
-  belongs_to :owner, :class_name => 'Mdm::User', :foreign_key => 'owner_id'
+  belongs_to :owner, :class_name => 'Mdm::User', :foreign_key => 'owner_id', optional: true
 
   # Tasks run inside this workspace.
   has_many :tasks,

data/app/models/metasploit_data_models/automatic_exploitation/match.rb

@@ -17,6 +17,7 @@ class MetasploitDataModels::AutomaticExploitation::Match < ApplicationRecord
   # The {MatchSet} this match is part of
   belongs_to :match_set,
              class_name: 'MetasploitDataModels::AutomaticExploitation::MatchSet',
+             optional: true,
              inverse_of: :matches
 
   # The Metasploit Module that this match connects to

data/app/models/metasploit_data_models/module_run.rb

@@ -109,6 +109,7 @@ class MetasploitDataModels::ModuleRun < ApplicationRecord
   belongs_to :target_session,
              class_name: 'Mdm::Session',
              foreign_key: :session_id,
+             optional: true,
              inverse_of: :target_module_runs
 
 
@@ -130,6 +131,7 @@ class MetasploitDataModels::ModuleRun < ApplicationRecord
   belongs_to :user,
              class_name:  'Mdm::User',
              foreign_key: 'user_id',
+             optional: true,
              inverse_of: :module_runs
 
 

data/lib/metasploit_data_models/version.rb

@@ -1,6 +1,6 @@
 module MetasploitDataModels
   # VERSION is managed by GemRelease
-  VERSION = '5.0.1'
+  VERSION = '5.0.2'
 
   # @return [String]
   #

data/spec/app/models/mdm/event_spec.rb

@@ -2,8 +2,8 @@ RSpec.describe Mdm::Event, type: :model do
   it_should_behave_like 'Metasploit::Concern.run'
 
   context 'associations' do
-    it { is_expected.to belong_to(:host).class_name('Mdm::Host') }
-    it { is_expected.to belong_to(:workspace).class_name('Mdm::Workspace') }
+    it { is_expected.to belong_to(:host).optional.class_name('Mdm::Host') }
+    it { is_expected.to belong_to(:workspace).optional.class_name('Mdm::Workspace') }
   end
 
   context 'database' do

data/spec/app/models/mdm/loot_spec.rb

@@ -3,9 +3,9 @@ RSpec.describe Mdm::Loot, type: :model do
 
   context 'associations' do
     it { is_expected.to belong_to(:workspace).class_name('Mdm::Workspace') }
-    it { is_expected.to belong_to(:service).class_name('Mdm::Service') }
+    it { is_expected.to belong_to(:service).optional.class_name('Mdm::Service') }
     it { is_expected.to belong_to(:host).class_name('Mdm::Host') }
-    it { is_expected.to belong_to(:module_run).class_name('MetasploitDataModels::ModuleRun') }
+    it { is_expected.to belong_to(:module_run).optional.class_name('MetasploitDataModels::ModuleRun') }
   end
 
   context 'database' do

data/spec/app/models/mdm/note_spec.rb

@@ -41,9 +41,9 @@ RSpec.describe Mdm::Note, type: :model do
 
   context 'associations' do
     it { is_expected.to belong_to(:workspace).class_name('Mdm::Workspace') }
-    it { is_expected.to belong_to(:host).class_name('Mdm::Host') }
-    it { is_expected.to belong_to(:service).class_name('Mdm::Service') }
-    it { is_expected.to belong_to(:vuln).class_name('Mdm::Vuln') }
+    it { is_expected.to belong_to(:host).optional.class_name('Mdm::Host') }
+    it { is_expected.to belong_to(:service).optional.class_name('Mdm::Service') }
+    it { is_expected.to belong_to(:vuln).optional.class_name('Mdm::Vuln') }
   end
 
   context 'scopes' do

data/spec/app/models/mdm/session_spec.rb

@@ -45,7 +45,7 @@ RSpec.describe Mdm::Session, type: :model do
   context 'associations' do
     it { is_expected.to have_many(:events).class_name('Mdm::SessionEvent').dependent(:delete_all) }
     it { is_expected.to belong_to(:host).class_name('Mdm::Host') }
-    it { is_expected.to belong_to(:originating_module_run).class_name('MetasploitDataModels::ModuleRun') }
+    it { is_expected.to belong_to(:originating_module_run).optional.class_name('MetasploitDataModels::ModuleRun') }
     it { is_expected.to have_many(:routes).class_name('Mdm::Route').dependent(:delete_all) }
     it { is_expected.to have_many(:target_module_runs).class_name('MetasploitDataModels::ModuleRun') }
     it { is_expected.to have_many(:tasks).class_name('Mdm::Task').through(:task_sessions)}

data/spec/app/models/mdm/tag_spec.rb

@@ -6,7 +6,7 @@ RSpec.describe Mdm::Tag, type: :model do
   context 'associations' do
     it { is_expected.to have_many(:hosts_tags).class_name('Mdm::HostTag') }
     it { is_expected.to have_many(:hosts).class_name('Mdm::Host').through(:hosts_tags) }
-    it { is_expected.to belong_to(:user).class_name('Mdm::User') }
+    it { is_expected.to belong_to(:user).optional.class_name('Mdm::User') }
   end
 
   context 'database' do

data/spec/app/models/mdm/vuln_spec.rb

@@ -31,9 +31,9 @@ RSpec.describe Mdm::Vuln, type: :model do
 
 
   context 'associations' do
-    it { is_expected.to belong_to(:host).class_name('Mdm::Host') }
-    it { is_expected.to belong_to(:origin) }
-    it { is_expected.to belong_to(:service).class_name('Mdm::Service') }
+    it { is_expected.to belong_to(:host).optional.class_name('Mdm::Host') }
+    it { is_expected.to belong_to(:origin).optional }
+    it { is_expected.to belong_to(:service).optional.class_name('Mdm::Service') }
     it { is_expected.to have_many(:module_refs).class_name('Mdm::Module::Ref').through(:refs) }
     it { is_expected.to have_many(:module_runs).class_name('MetasploitDataModels::ModuleRun') }
     it { is_expected.to have_many(:refs).class_name('Mdm::Ref').through(:vulns_refs) }

data/spec/app/models/mdm/workspace_spec.rb

@@ -46,7 +46,7 @@ RSpec.describe Mdm::Workspace, type: :model do
     it { is_expected.to have_many(:listeners).class_name('Mdm::Listener').dependent(:destroy) }
     it { is_expected.to have_many(:loots).class_name('Mdm::Loot').through(:hosts) }
     it { is_expected.to have_many(:notes).class_name('Mdm::Note') }
-    it { is_expected.to belong_to(:owner).class_name('Mdm::User').with_foreign_key('owner_id') }
+    it { is_expected.to belong_to(:owner).optional.class_name('Mdm::User').with_foreign_key('owner_id') }
     it { is_expected.to have_many(:services).class_name('Mdm::Service').through(:hosts).with_foreign_key('service_id') }
     it { is_expected.to have_many(:sessions).class_name('Mdm::Session').through(:hosts) }
     it { is_expected.to have_many(:tasks).class_name('Mdm::Task').dependent(:destroy).order('created_at DESC') }
@@ -185,7 +185,7 @@ RSpec.describe Mdm::Workspace, type: :model do
         before(:example) do
           FactoryBot.create(
               :mdm_workspace,
-              :name => default
+              :name => Mdm::Workspace::DEFAULT
           )
         end
 
@@ -220,7 +220,7 @@ RSpec.describe Mdm::Workspace, type: :model do
 
       context 'with DEFAULT name' do
         before(:example) do
-          workspace.name = default
+          workspace.name = Mdm::Workspace::DEFAULT
         end
 
         it { is_expected.to eq(true) }

data/spec/app/models/metasploit_data_models/module_run_spec.rb

@@ -18,10 +18,10 @@ RSpec.describe MetasploitDataModels::ModuleRun, type: :model do
   end
 
   context "associations" do
-    it { is_expected.to belong_to(:user).class_name('Mdm::User') }
-    it { is_expected.to belong_to(:user).inverse_of(:module_runs) }
-    it { is_expected.to belong_to(:target_session).class_name('Mdm::Session') }
-    it { is_expected.to belong_to(:target_session).inverse_of(:target_module_runs) }
+    it { is_expected.to belong_to(:user).optional.class_name('Mdm::User') }
+    it { is_expected.to belong_to(:user).optional.inverse_of(:module_runs) }
+    it { is_expected.to belong_to(:target_session).optional.class_name('Mdm::Session') }
+    it { is_expected.to belong_to(:target_session).optional.inverse_of(:target_module_runs) }
     it { is_expected.to belong_to(:trackable) }
     it { is_expected.to belong_to(:module_detail).class_name('Mdm::Module::Detail') }
     it { is_expected.to belong_to(:module_detail).inverse_of(:module_runs) }
@@ -40,7 +40,7 @@ RSpec.describe MetasploitDataModels::ModuleRun, type: :model do
       context "when the module is an exploit" do
         context "and that exploit IS NOT local" do
           before(:example) do
-            module_run.module_fullname = 'exploit/windows/mah-crazy-exploit'
+            module_run.module_detail = FactoryBot.create(:mdm_module_detail, fullname: 'exploit/windows/mah-crazy-exploit')
           end
 
           it { is_expected.to_not be_valid }
@@ -48,7 +48,7 @@ RSpec.describe MetasploitDataModels::ModuleRun, type: :model do
 
         context "and that exploit IS local" do
           before(:example) do
-            module_run.module_fullname = 'exploit/windows/local/mah-crazy-exploit'
+            module_run.module_detail = FactoryBot.create(:mdm_module_detail, fullname: 'exploit/windows/local/mah-crazy-exploit')
           end
 
           it { is_expected.to be_valid }
@@ -65,7 +65,7 @@ RSpec.describe MetasploitDataModels::ModuleRun, type: :model do
 
         context "and it IS NOT a login scanner" do
           before(:example) do
-            module_run.module_fullname = 'post/multi/gather/steal-minecraft-maps'
+            module_run.module_detail = FactoryBot.create(:mdm_module_detail, fullname: 'post/multi/gather/steal-minecraft-maps')
           end
 
           it { is_expected.to_not be_valid }
@@ -73,7 +73,7 @@ RSpec.describe MetasploitDataModels::ModuleRun, type: :model do
 
         context "and it IS a login scanner" do
           before(:example) do
-            module_run.module_fullname = 'auxiliary/scanner/ssh/ssh_login'
+            module_run.module_detail = FactoryBot.create(:mdm_module_detail, fullname: 'auxiliary/scanner/ssh/ssh_login')
           end
 
           it { is_expected.to be_valid }

data/spec/dummy/config/application.rb

@@ -51,6 +51,9 @@ module Dummy
     # like if you have constraints or database-specific column types
     config.active_record.schema_format = :sql
 
+    # 5.x change to belongs_to
+    config.active_record.belongs_to_required_by_default = true
+
     # Enable the asset pipeline
     config.assets.enabled = false
 

data/spec/factories/mdm/sessions.rb

@@ -4,6 +4,7 @@ FactoryBot.define do
     # Associations
     #
     association :host, :factory => :mdm_host
+    association :originating_module_run, :factory => :metasploit_data_models_module_run
 
     #
     # Attributes

data/spec/factories/mdm/tags.rb

@@ -1,5 +1,6 @@
 FactoryBot.define do
   factory :mdm_tag, :class => Mdm::Tag do
+    association :user, factory: :mdm_user
     desc { generate :mdm_tag_desc }
     name { generate :mdm_tag_name }
   end

data/spec/factories/mdm/vuln_refs.rb

@@ -1,4 +1,6 @@
 FactoryBot.define do
   factory :mdm_vuln_ref, :class => Mdm::VulnRef do
+    association :ref, factory: :mdm_ref
+    association :vuln, factory: :mdm_vuln
   end
 end

data/spec/factories/metasploit_data_models/automatic_exploitation/runs.rb

@@ -2,5 +2,6 @@ FactoryBot.define do
   factory :automatic_exploitation_run, :class => MetasploitDataModels::AutomaticExploitation::Run do
     association :workspace, factory: :mdm_workspace
     association :user, factory: :mdm_user
+    association :match_set, factory: :automatic_exploitation_match_set
   end
 end

data/spec/factories/module_runs.rb

@@ -4,6 +4,8 @@ FactoryBot.define do
   factory :metasploit_data_models_module_run, class: MetasploitDataModels::ModuleRun do
 
     association :user, factory: :mdm_user
+    association :module_detail, factory: :mdm_module_detail
+    association :trackable, factory: :mdm_host
 
     trait :failed do
       status { MetasploitDataModels::ModuleRun::FAIL }
@@ -18,13 +20,11 @@ FactoryBot.define do
     end
 
     attempted_at { Time.now }
-    session_id { 1 }
     port { generate :port }
     proto { "tcp" }
     fail_detail { generate :module_run_fail_detail }
     status { MetasploitDataModels::ModuleRun::SUCCEED }
     username { "joefoo" }
-    module_fullname { generate :module_run_module_fullname }
   end
 
   sequence :module_run_module_fullname do |n|

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: metasploit_data_models
 version: !ruby/object:Gem::Version
-  version: 5.0.1
+  version: 5.0.2
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2021-05-11 00:00:00.000000000 Z
+date: 2021-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: metasploit-yard