metasploit_data_models 5.0.5 → 5.0.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 00bd68f8a0e9727e8a61a8ef62c77265a527b86c39e700e0244e9974e7db1039
4
- data.tar.gz: 323300caafddc850752818a075abd7fd998e16591f2d42f7d23ba5797bbae77d
3
+ metadata.gz: 507d624327960ae9ad2055e39b92350caa4f5c1e045f4c72885b9ed4666206d8
4
+ data.tar.gz: 4d4910b9e92ae2c2b245b592c145104c957212c0782f7f64dc4db51d2a099264
5
5
  SHA512:
6
- metadata.gz: 15f22b13afb57fc18fad9a19f7ebb6b18bab95b13cb6f5f562dae9578fd411e81b3ff1692d2349ecad5991ee99183191730e5aa8f5a255957ec17901d31a64bf
7
- data.tar.gz: 0e43b630f2a3c3207795eb22de079c2fc0a09a36d70c71d0dc0b831dd22f1531d9f3f4fff22d83a0af2153de4392b4374c8168d25ca87482feb8fb7ede13d458
6
+ metadata.gz: 7559d185736e6efd66db60a061eeae9f231654cf43a794fe90f14078deffcf14f353b05e40449627e2a6b207c1db5e482c59491e2876c3a90b9800f64455a38e
7
+ data.tar.gz: 4edb158f27af03fcdbd76b62d25497966214fdcd4a1c3a7b4a4ec25a958f2ecbe78e0265dd46f4cb138dc5695910257c37a51685015b1cbc657aa30b2876661a
checksums.yaml.gz.sig CHANGED
Binary file
@@ -1,5 +1,21 @@
1
1
  name: Verify
2
2
 
3
+ # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
4
+ permissions:
5
+ actions: none
6
+ checks: none
7
+ contents: none
8
+ deployments: none
9
+ id-token: none
10
+ issues: none
11
+ discussions: none
12
+ packages: none
13
+ pages: none
14
+ pull-requests: none
15
+ repository-projects: none
16
+ security-events: none
17
+ statuses: none
18
+
3
19
  on:
4
20
  push:
5
21
  branches:
@@ -10,7 +26,7 @@ on:
10
26
 
11
27
  jobs:
12
28
  test:
13
- runs-on: ubuntu-18.04
29
+ runs-on: ${{ matrix.os }}
14
30
  timeout-minutes: 40
15
31
 
16
32
  services:
@@ -34,11 +50,18 @@ jobs:
34
50
  - 2.7
35
51
  - 3.0
36
52
  - 3.1
53
+ os:
54
+ - ubuntu-18.04
55
+ - ubuntu-22.04
56
+ exclude:
57
+ - { os: ubuntu-22.04, ruby: 2.6 }
58
+ - { os: ubuntu-22.04, ruby: 2.7 }
59
+ - { os: ubuntu-22.04, ruby: 3.0 }
37
60
 
38
61
  env:
39
62
  RAILS_ENV: test
40
63
 
41
- name: Ruby ${{ matrix.ruby }}
64
+ name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
42
65
  steps:
43
66
  - name: Install system dependencies
44
67
  run: sudo apt-get install libpcap-dev graphviz
data/Gemfile CHANGED
@@ -3,7 +3,6 @@ source "https://rubygems.org"
3
3
  # Specify your gem's dependencies in metasploit_data_models.gemspec
4
4
  gemspec
5
5
 
6
-
7
6
  group :development do
8
7
  #gem 'metasploit-erd'
9
8
  # embed ERDs on index, namespace Module and Class<ApplicationRecord> pages
@@ -13,7 +12,7 @@ end
13
12
  # used by dummy application
14
13
  group :development, :test do
15
14
  # Upload coverage reports to coveralls.io
16
- gem 'coveralls', require: false
15
+ gem 'coveralls', require: false
17
16
  # supplies factories for producing model instance for specs
18
17
  # Version 4.1.0 or newer is needed to support generate calls without the 'FactoryBot.' in factory definitions syntax.
19
18
  gem 'factory_bot'
@@ -21,6 +20,8 @@ group :development, :test do
21
20
  gem 'factory_bot_rails'
22
21
 
23
22
  gem 'rails', '~> 6.0'
23
+ gem 'net-smtp', require: false
24
+
24
25
  # Used to create fake data
25
26
  gem "faker"
26
27
 
@@ -1,6 +1,6 @@
1
1
  # Web page requested from a {#web_site}.
2
2
  class Mdm::WebPage < ApplicationRecord
3
-
3
+
4
4
  #
5
5
  # Associations
6
6
  #
@@ -27,7 +27,7 @@ class MetasploitDataModels::Base64Serializer
27
27
  },
28
28
  lambda { |serialized|
29
29
  # Support legacy YAML encoding for existing data
30
- YAML.load(serialized)
30
+ YAML.safe_load(serialized, permitted_classes: Rails.application.config.active_record.yaml_column_permitted_classes)
31
31
  },
32
32
  lambda { |serialized|
33
33
  # Fall back to string decoding
@@ -24,4 +24,4 @@ module MetasploitDataModels::SerializedPrefs
24
24
  class_eval method_declarations, __FILE__, __LINE__
25
25
  end
26
26
  end
27
- end
27
+ end
@@ -1,6 +1,6 @@
1
1
  module MetasploitDataModels
2
2
  # VERSION is managed by GemRelease
3
- VERSION = '5.0.5'
3
+ VERSION = '5.0.6'
4
4
 
5
5
  # @return [String]
6
6
  #
@@ -0,0 +1,31 @@
1
+ # Namespace for YAML configuration
2
+ class MetasploitDataModels::YAML
3
+ #
4
+ # CONSTANTS
5
+ #
6
+
7
+ # List of supported classes when deserializing YAML classes
8
+ # See: https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
9
+ #
10
+ PERMITTED_CLASSES = [
11
+ Range,
12
+ Set,
13
+ Symbol,
14
+ Time,
15
+ 'WEBrick::Cookie'.to_sym,
16
+ 'ActionController::Parameters'.to_sym,
17
+ 'ActiveModel::Attribute::FromDatabase'.to_sym,
18
+ 'ActiveModel::Attribute::FromUser'.to_sym,
19
+ 'ActiveModel::Attribute::WithCastValue'.to_sym,
20
+ 'ActiveModel::Type::Boolean'.to_sym,
21
+ 'ActiveModel::Type::Integer'.to_sym,
22
+ 'ActiveModel::Type::String'.to_sym,
23
+ 'ActiveRecord::Coders::JSON'.to_sym,
24
+ 'ActiveSupport::TimeWithZone'.to_sym,
25
+ 'ActiveSupport::TimeZone'.to_sym,
26
+ 'ActiveRecord::Type::Serialized'.to_sym,
27
+ 'ActiveRecord::Type::Text'.to_sym,
28
+ 'ActiveSupport::HashWithIndifferentAccess'.to_sym,
29
+ 'Mdm::Workspace'.to_sym
30
+ ].freeze
31
+ end
@@ -39,6 +39,7 @@ module MetasploitDataModels
39
39
  autoload :ModuleRun
40
40
  autoload :Search
41
41
  autoload :SerializedPrefs
42
+ autoload :YAML
42
43
 
43
44
  # The root directory of `metasploit_data_models` gem in both development and gem installs.
44
45
  #
@@ -41,7 +41,7 @@ Gem::Specification.new do |s|
41
41
  s.add_runtime_dependency 'webrick'
42
42
 
43
43
  # os fingerprinting
44
- s.add_runtime_dependency 'recog', '~> 2.0'
44
+ s.add_runtime_dependency 'recog'
45
45
 
46
46
  # arel-helpers: Useful tools to help construct database queries with ActiveRecord and Arel.
47
47
  s.add_runtime_dependency 'arel-helpers'
@@ -547,14 +547,14 @@ RSpec.describe Mdm::Host, type: :model do
547
547
  it "when the string contains 'ppc'" do
548
548
  expect(host.send(:get_arch_from_string, 'blahppcblah')).to eq('PowerPC')
549
549
  end
550
- end
551
550
 
552
- context 'should return nil' do
553
551
  it 'when PowerPC is cased incorrectly' do
554
- expect(host.send(:get_arch_from_string, 'powerPC')).to eq(nil)
555
- expect(host.send(:get_arch_from_string, 'Powerpc')).to eq(nil)
552
+ expect(host.send(:get_arch_from_string, 'powerPC')).to eq('PowerPC')
553
+ expect(host.send(:get_arch_from_string, 'Powerpc')).to eq('PowerPC')
556
554
  end
555
+ end
557
556
 
557
+ context 'should return nil' do
558
558
  it 'when no recognized arch string is present' do
559
559
  expect(host.send(:get_arch_from_string, 'blahblah')).to eq(nil)
560
560
  end
@@ -185,7 +185,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Range, type: :model do
185
185
  end
186
186
 
187
187
  context '#to_s' do
188
- subject(:to_s) {
188
+ subject(:to_s_result) {
189
189
  range.to_s
190
190
  }
191
191
 
@@ -195,7 +195,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Range, type: :model do
195
195
  }
196
196
 
197
197
  it 'equals the original formatted value' do
198
- expect(to_s).to eq(formatted_value)
198
+ expect(to_s_result).to eq(formatted_value)
199
199
  end
200
200
  end
201
201
 
@@ -295,4 +295,4 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Range, type: :model do
295
295
  it { is_expected.not_to be_a Range }
296
296
  end
297
297
  end
298
- end
298
+ end
@@ -135,7 +135,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
135
135
  end
136
136
 
137
137
  context '#to_s' do
138
- subject(:to_s) do
138
+ subject(:to_s_value) do
139
139
  nmap.to_s
140
140
  end
141
141
 
@@ -145,7 +145,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
145
145
  }
146
146
 
147
147
  it 'returns a string equal to the original formatted value' do
148
- expect(to_s).to eq(formatted_value)
148
+ expect(to_s_value).to eq(formatted_value)
149
149
  end
150
150
  end
151
151
 
@@ -155,7 +155,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
155
155
  }
156
156
 
157
157
  it 'returned the formatted value as a string' do
158
- expect(to_s).to eq(formatted_value.to_s)
158
+ expect(to_s_value).to eq(formatted_value.to_s)
159
159
  end
160
160
  end
161
161
  end
@@ -273,4 +273,4 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::List, type: :
273
273
  end
274
274
  end
275
275
  end
276
- end
276
+ end
@@ -185,7 +185,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::Range, type:
185
185
  end
186
186
 
187
187
  context '#to_s' do
188
- subject(:to_s) {
188
+ subject(:to_s_result) {
189
189
  range.to_s
190
190
  }
191
191
 
@@ -195,7 +195,7 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::Range, type:
195
195
  }
196
196
 
197
197
  it 'equals the original formatted value' do
198
- expect(to_s).to eq(formatted_value)
198
+ expect(to_s_result).to eq(formatted_value)
199
199
  end
200
200
  end
201
201
 
@@ -299,4 +299,4 @@ RSpec.describe MetasploitDataModels::IPAddress::V4::Segment::Nmap::Range, type:
299
299
  it { is_expected.not_to be_a Range }
300
300
  end
301
301
  end
302
- end
302
+ end
@@ -39,13 +39,15 @@ module Dummy
39
39
 
40
40
  # Configure sensitive parameters which will be filtered from the log file.
41
41
  config.filter_parameters += [:password]
42
-
42
+
43
43
  # Raise deprecations as errors
44
44
  config.active_support.deprecation = :raise
45
45
 
46
46
  # Enable escaping HTML in JSON.
47
47
  config.active_support.escape_html_entities_in_json = true
48
48
 
49
+ config.active_record.yaml_column_permitted_classes = MetasploitDataModels::YAML::PERMITTED_CLASSES
50
+
49
51
  # Use SQL instead of Active Record's schema dumper when creating the database.
50
52
  # This is necessary if your schema can't be completely dumped by the schema dumper,
51
53
  # like if you have constraints or database-specific column types
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: metasploit_data_models
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.5
4
+ version: 5.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Metasploit Hackers
@@ -93,7 +93,7 @@ cert_chain:
93
93
  EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
94
94
  9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
95
95
  -----END CERTIFICATE-----
96
- date: 2022-04-07 00:00:00.000000000 Z
96
+ date: 2022-11-01 00:00:00.000000000 Z
97
97
  dependencies:
98
98
  - !ruby/object:Gem::Dependency
99
99
  name: metasploit-yard
@@ -267,16 +267,16 @@ dependencies:
267
267
  name: recog
268
268
  requirement: !ruby/object:Gem::Requirement
269
269
  requirements:
270
- - - "~>"
270
+ - - ">="
271
271
  - !ruby/object:Gem::Version
272
- version: '2.0'
272
+ version: '0'
273
273
  type: :runtime
274
274
  prerelease: false
275
275
  version_requirements: !ruby/object:Gem::Requirement
276
276
  requirements:
277
- - - "~>"
277
+ - - ">="
278
278
  - !ruby/object:Gem::Version
279
- version: '2.0'
279
+ version: '0'
280
280
  - !ruby/object:Gem::Dependency
281
281
  name: arel-helpers
282
282
  requirement: !ruby/object:Gem::Requirement
@@ -576,6 +576,7 @@ files:
576
576
  - lib/metasploit_data_models/search/visitor.rb
577
577
  - lib/metasploit_data_models/serialized_prefs.rb
578
578
  - lib/metasploit_data_models/version.rb
579
+ - lib/metasploit_data_models/yaml.rb
579
580
  - metasploit_data_models.gemspec
580
581
  - script/rails
581
582
  - spec/app/models/mdm/api_key_spec.rb
metadata.gz.sig CHANGED
Binary file