metasploit_data_models 5.0.5 → 5.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/.github/workflows/verify.yml +25 -2
- data/Gemfile +3 -2
- data/app/models/mdm/web_page.rb +1 -1
- data/lib/metasploit_data_models/base64_serializer.rb +1 -1
- data/lib/metasploit_data_models/serialized_prefs.rb +1 -1
- data/lib/metasploit_data_models/version.rb +1 -1
- data/lib/metasploit_data_models/yaml.rb +31 -0
- data/lib/metasploit_data_models.rb +1 -0
- data/metasploit_data_models.gemspec +1 -1
- data/spec/app/models/mdm/host_spec.rb +4 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/range_spec.rb +3 -3
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/list_spec.rb +4 -4
- data/spec/app/models/metasploit_data_models/ip_address/v4/segment/nmap/range_spec.rb +3 -3
- data/spec/dummy/config/application.rb +3 -1
- data.tar.gz.sig +0 -0
- metadata +7 -6
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 507d624327960ae9ad2055e39b92350caa4f5c1e045f4c72885b9ed4666206d8
|
4
|
+
data.tar.gz: 4d4910b9e92ae2c2b245b592c145104c957212c0782f7f64dc4db51d2a099264
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7559d185736e6efd66db60a061eeae9f231654cf43a794fe90f14078deffcf14f353b05e40449627e2a6b207c1db5e482c59491e2876c3a90b9800f64455a38e
|
7
|
+
data.tar.gz: 4edb158f27af03fcdbd76b62d25497966214fdcd4a1c3a7b4a4ec25a958f2ecbe78e0265dd46f4cb138dc5695910257c37a51685015b1cbc657aa30b2876661a
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
@@ -1,5 +1,21 @@
|
|
1
1
|
name: Verify
|
2
2
|
|
3
|
+
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
|
4
|
+
permissions:
|
5
|
+
actions: none
|
6
|
+
checks: none
|
7
|
+
contents: none
|
8
|
+
deployments: none
|
9
|
+
id-token: none
|
10
|
+
issues: none
|
11
|
+
discussions: none
|
12
|
+
packages: none
|
13
|
+
pages: none
|
14
|
+
pull-requests: none
|
15
|
+
repository-projects: none
|
16
|
+
security-events: none
|
17
|
+
statuses: none
|
18
|
+
|
3
19
|
on:
|
4
20
|
push:
|
5
21
|
branches:
|
@@ -10,7 +26,7 @@ on:
|
|
10
26
|
|
11
27
|
jobs:
|
12
28
|
test:
|
13
|
-
runs-on:
|
29
|
+
runs-on: ${{ matrix.os }}
|
14
30
|
timeout-minutes: 40
|
15
31
|
|
16
32
|
services:
|
@@ -34,11 +50,18 @@ jobs:
|
|
34
50
|
- 2.7
|
35
51
|
- 3.0
|
36
52
|
- 3.1
|
53
|
+
os:
|
54
|
+
- ubuntu-18.04
|
55
|
+
- ubuntu-22.04
|
56
|
+
exclude:
|
57
|
+
- { os: ubuntu-22.04, ruby: 2.6 }
|
58
|
+
- { os: ubuntu-22.04, ruby: 2.7 }
|
59
|
+
- { os: ubuntu-22.04, ruby: 3.0 }
|
37
60
|
|
38
61
|
env:
|
39
62
|
RAILS_ENV: test
|
40
63
|
|
41
|
-
name: Ruby ${{ matrix.ruby }}
|
64
|
+
name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
|
42
65
|
steps:
|
43
66
|
- name: Install system dependencies
|
44
67
|
run: sudo apt-get install libpcap-dev graphviz
|
data/Gemfile
CHANGED
@@ -3,7 +3,6 @@ source "https://rubygems.org"
|
|
3
3
|
# Specify your gem's dependencies in metasploit_data_models.gemspec
|
4
4
|
gemspec
|
5
5
|
|
6
|
-
|
7
6
|
group :development do
|
8
7
|
#gem 'metasploit-erd'
|
9
8
|
# embed ERDs on index, namespace Module and Class<ApplicationRecord> pages
|
@@ -13,7 +12,7 @@ end
|
|
13
12
|
# used by dummy application
|
14
13
|
group :development, :test do
|
15
14
|
# Upload coverage reports to coveralls.io
|
16
|
-
gem 'coveralls', require: false
|
15
|
+
gem 'coveralls', require: false
|
17
16
|
# supplies factories for producing model instance for specs
|
18
17
|
# Version 4.1.0 or newer is needed to support generate calls without the 'FactoryBot.' in factory definitions syntax.
|
19
18
|
gem 'factory_bot'
|
@@ -21,6 +20,8 @@ group :development, :test do
|
|
21
20
|
gem 'factory_bot_rails'
|
22
21
|
|
23
22
|
gem 'rails', '~> 6.0'
|
23
|
+
gem 'net-smtp', require: false
|
24
|
+
|
24
25
|
# Used to create fake data
|
25
26
|
gem "faker"
|
26
27
|
|
data/app/models/mdm/web_page.rb
CHANGED
@@ -27,7 +27,7 @@ class MetasploitDataModels::Base64Serializer
|
|
27
27
|
},
|
28
28
|
lambda { |serialized|
|
29
29
|
# Support legacy YAML encoding for existing data
|
30
|
-
YAML.
|
30
|
+
YAML.safe_load(serialized, permitted_classes: Rails.application.config.active_record.yaml_column_permitted_classes)
|
31
31
|
},
|
32
32
|
lambda { |serialized|
|
33
33
|
# Fall back to string decoding
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# Namespace for YAML configuration
|
2
|
+
class MetasploitDataModels::YAML
|
3
|
+
#
|
4
|
+
# CONSTANTS
|
5
|
+
#
|
6
|
+
|
7
|
+
# List of supported classes when deserializing YAML classes
|
8
|
+
# See: https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
|
9
|
+
#
|
10
|
+
PERMITTED_CLASSES = [
|
11
|
+
Range,
|
12
|
+
Set,
|
13
|
+
Symbol,
|
14
|
+
Time,
|
15
|
+
'WEBrick::Cookie'.to_sym,
|
16
|
+
'ActionController::Parameters'.to_sym,
|
17
|
+
'ActiveModel::Attribute::FromDatabase'.to_sym,
|
18
|
+
'ActiveModel::Attribute::FromUser'.to_sym,
|
19
|
+
'ActiveModel::Attribute::WithCastValue'.to_sym,
|
20
|
+
'ActiveModel::Type::Boolean'.to_sym,
|
21
|
+
'ActiveModel::Type::Integer'.to_sym,
|
22
|
+
'ActiveModel::Type::String'.to_sym,
|
23
|
+
'ActiveRecord::Coders::JSON'.to_sym,
|
24
|
+
'ActiveSupport::TimeWithZone'.to_sym,
|
25
|
+
'ActiveSupport::TimeZone'.to_sym,
|
26
|
+
'ActiveRecord::Type::Serialized'.to_sym,
|
27
|
+
'ActiveRecord::Type::Text'.to_sym,
|
28
|
+
'ActiveSupport::HashWithIndifferentAccess'.to_sym,
|
29
|
+
'Mdm::Workspace'.to_sym
|
30
|
+
].freeze
|
31
|
+
end
|
@@ -41,7 +41,7 @@ Gem::Specification.new do |s|
|
|
41
41
|
s.add_runtime_dependency 'webrick'
|
42
42
|
|
43
43
|
# os fingerprinting
|
44
|
-
s.add_runtime_dependency 'recog'
|
44
|
+
s.add_runtime_dependency 'recog'
|
45
45
|
|
46
46
|
# arel-helpers: Useful tools to help construct database queries with ActiveRecord and Arel.
|
47
47
|
s.add_runtime_dependency 'arel-helpers'
|
@@ -547,14 +547,14 @@ RSpec.describe Mdm::Host, type: :model do
|
|
547
547
|
it "when the string contains 'ppc'" do
|
548
548
|
expect(host.send(:get_arch_from_string, 'blahppcblah')).to eq('PowerPC')
|
549
549
|
end
|
550
|
-
end
|
551
550
|
|
552
|
-
context 'should return nil' do
|
553
551
|
it 'when PowerPC is cased incorrectly' do
|
554
|
-
expect(host.send(:get_arch_from_string, 'powerPC')).to eq(
|
555
|
-
expect(host.send(:get_arch_from_string, 'Powerpc')).to eq(
|
552
|
+
expect(host.send(:get_arch_from_string, 'powerPC')).to eq('PowerPC')
|
553
|
+
expect(host.send(:get_arch_from_string, 'Powerpc')).to eq('PowerPC')
|
556
554
|
end
|
555
|
+
end
|
557
556
|
|
557
|
+
context 'should return nil' do
|
558
558
|
it 'when no recognized arch string is present' do
|
559
559
|
expect(host.send(:get_arch_from_string, 'blahblah')).to eq(nil)
|
560
560
|
end
|
@@ -185,7 +185,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Range, type: :model do
|
|
185
185
|
end
|
186
186
|
|
187
187
|
context '#to_s' do
|
188
|
-
subject(:
|
188
|
+
subject(:to_s_result) {
|
189
189
|
range.to_s
|
190
190
|
}
|
191
191
|
|
@@ -195,7 +195,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Range, type: :model do
|
|
195
195
|
}
|
196
196
|
|
197
197
|
it 'equals the original formatted value' do
|
198
|
-
expect(
|
198
|
+
expect(to_s_result).to eq(formatted_value)
|
199
199
|
end
|
200
200
|
end
|
201
201
|
|
@@ -295,4 +295,4 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Range, type: :model do
|
|
295
295
|
it { is_expected.not_to be_a Range }
|
296
296
|
end
|
297
297
|
end
|
298
|
-
end
|
298
|
+
end
|
@@ -135,7 +135,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
|
|
135
135
|
end
|
136
136
|
|
137
137
|
context '#to_s' do
|
138
|
-
subject(:
|
138
|
+
subject(:to_s_value) do
|
139
139
|
nmap.to_s
|
140
140
|
end
|
141
141
|
|
@@ -145,7 +145,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
|
|
145
145
|
}
|
146
146
|
|
147
147
|
it 'returns a string equal to the original formatted value' do
|
148
|
-
expect(
|
148
|
+
expect(to_s_value).to eq(formatted_value)
|
149
149
|
end
|
150
150
|
end
|
151
151
|
|
@@ -155,7 +155,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
|
|
155
155
|
}
|
156
156
|
|
157
157
|
it 'returned the formatted value as a string' do
|
158
|
-
expect(
|
158
|
+
expect(to_s_value).to eq(formatted_value.to_s)
|
159
159
|
end
|
160
160
|
end
|
161
161
|
end
|
@@ -273,4 +273,4 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
|
|
273
273
|
end
|
274
274
|
end
|
275
275
|
end
|
276
|
-
end
|
276
|
+
end
|
@@ -185,7 +185,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::Range, type:
|
|
185
185
|
end
|
186
186
|
|
187
187
|
context '#to_s' do
|
188
|
-
subject(:
|
188
|
+
subject(:to_s_result) {
|
189
189
|
range.to_s
|
190
190
|
}
|
191
191
|
|
@@ -195,7 +195,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::Range, type:
|
|
195
195
|
}
|
196
196
|
|
197
197
|
it 'equals the original formatted value' do
|
198
|
-
expect(
|
198
|
+
expect(to_s_result).to eq(formatted_value)
|
199
199
|
end
|
200
200
|
end
|
201
201
|
|
@@ -299,4 +299,4 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::Range, type:
|
|
299
299
|
it { is_expected.not_to be_a Range }
|
300
300
|
end
|
301
301
|
end
|
302
|
-
end
|
302
|
+
end
|
@@ -39,13 +39,15 @@ module Dummy
|
|
39
39
|
|
40
40
|
# Configure sensitive parameters which will be filtered from the log file.
|
41
41
|
config.filter_parameters += [:password]
|
42
|
-
|
42
|
+
|
43
43
|
# Raise deprecations as errors
|
44
44
|
config.active_support.deprecation = :raise
|
45
45
|
|
46
46
|
# Enable escaping HTML in JSON.
|
47
47
|
config.active_support.escape_html_entities_in_json = true
|
48
48
|
|
49
|
+
config.active_record.yaml_column_permitted_classes = MetasploitDataModels::YAML::PERMITTED_CLASSES
|
50
|
+
|
49
51
|
# Use SQL instead of Active Record's schema dumper when creating the database.
|
50
52
|
# This is necessary if your schema can't be completely dumped by the schema dumper,
|
51
53
|
# like if you have constraints or database-specific column types
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: metasploit_data_models
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.0.
|
4
|
+
version: 5.0.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -93,7 +93,7 @@ cert_chain:
|
|
93
93
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
94
94
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
95
95
|
-----END CERTIFICATE-----
|
96
|
-
date: 2022-
|
96
|
+
date: 2022-11-01 00:00:00.000000000 Z
|
97
97
|
dependencies:
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: metasploit-yard
|
@@ -267,16 +267,16 @@ dependencies:
|
|
267
267
|
name: recog
|
268
268
|
requirement: !ruby/object:Gem::Requirement
|
269
269
|
requirements:
|
270
|
-
- - "
|
270
|
+
- - ">="
|
271
271
|
- !ruby/object:Gem::Version
|
272
|
-
version: '
|
272
|
+
version: '0'
|
273
273
|
type: :runtime
|
274
274
|
prerelease: false
|
275
275
|
version_requirements: !ruby/object:Gem::Requirement
|
276
276
|
requirements:
|
277
|
-
- - "
|
277
|
+
- - ">="
|
278
278
|
- !ruby/object:Gem::Version
|
279
|
-
version: '
|
279
|
+
version: '0'
|
280
280
|
- !ruby/object:Gem::Dependency
|
281
281
|
name: arel-helpers
|
282
282
|
requirement: !ruby/object:Gem::Requirement
|
@@ -576,6 +576,7 @@ files:
|
|
576
576
|
- lib/metasploit_data_models/search/visitor.rb
|
577
577
|
- lib/metasploit_data_models/serialized_prefs.rb
|
578
578
|
- lib/metasploit_data_models/version.rb
|
579
|
+
- lib/metasploit_data_models/yaml.rb
|
579
580
|
- metasploit_data_models.gemspec
|
580
581
|
- script/rails
|
581
582
|
- spec/app/models/mdm/api_key_spec.rb
|
metadata.gz.sig
CHANGED
Binary file
|