RubyGems - ronin-db-activerecord - Versions diffs - 0.1.6 → 0.2.0.rc1 - Mend

ronin-db-activerecord 0.1.6 → 0.2.0.rc1

Files changed (102) hide show

checksums.yaml +4 -4
data/ChangeLog.md +91 -0
data/README.md +49 -1
data/db/migrate/0037_add_created_at_column_to_ronin_ports_table.rb +40 -0
data/db/migrate/0038_add_created_at_column_to_ronin_services_table.rb +40 -0
data/db/migrate/0039_create_ronin_cert_names_table.rb +37 -0
data/db/migrate/0040_create_ronin_cert_issuers_table.rb +52 -0
data/db/migrate/0041_create_ronin_cert_subjects_table.rb +54 -0
data/db/migrate/0042_create_ronin_cert_subject_alt_names_table.rb +42 -0
data/db/migrate/0043_create_ronin_certs_table.rb +61 -0
data/db/migrate/0044_add_cert_id_column_to_ronin_open_ports_table.rb +35 -0
data/db/migrate/0045_create_ronin_notes_table.rb +120 -0
data/db/migrate/0046_create_ronin_web_vulns_table.rb +61 -0
data/db/migrate/0047_create_ronin_phone_numbers_table.rb +47 -0
data/db/migrate/0048_create_ronin_street_addresses_table.rb +46 -0
data/db/migrate/0049_create_ronin_people_table.rb +48 -0
data/db/migrate/0050_create_ronin_personal_connections_table.rb +48 -0
data/db/migrate/0051_create_ronin_personal_phone_numbers_table.rb +48 -0
data/db/migrate/0052_create_ronin_personal_email_addresses_table.rb +45 -0
data/db/migrate/0053_create_ronin_personal_street_addresses_table.rb +47 -0
data/db/migrate/0054_add_type_column_to_ronin_organizations_table.rb +33 -0
data/db/migrate/0055_add_parent_id_column_to_ronin_organizations_table.rb +43 -0
data/db/migrate/0056_create_ronin_organization_departments_table.rb +59 -0
data/db/migrate/0057_create_ronin_organization_members_table.rb +62 -0
data/db/migrate/0058_create_ronin_organization_customers_table.rb +52 -0
data/db/migrate/0059_create_ronin_organization_phone_numbers_table.rb +47 -0
data/db/migrate/0060_create_ronin_organization_email_addresses_table.rb +45 -0
data/db/migrate/0061_create_ronin_organization_street_addresses_table.rb +47 -0
data/db/migrate/0062_add_source_ip_column_to_http_requests_table.rb +30 -0
data/db/migrate/0063_create_ronin_dns_queries_table.rb +41 -0
data/db/migrate/0064_create_ronin_dns_records_table.rb +42 -0
data/db/migrate/0065_create_ronin_organization_host_names_table.rb +43 -0
data/db/migrate/0066_create_ronin_organization_ip_addresses_table.rb +43 -0
data/gemspec.yml +1 -1
data/lib/ronin/db/address.rb +1 -1
data/lib/ronin/db/advisory.rb +66 -1
data/lib/ronin/db/arch.rb +1 -1
data/lib/ronin/db/asn.rb +15 -1
data/lib/ronin/db/cert.rb +501 -0
data/lib/ronin/db/cert_issuer.rb +78 -0
data/lib/ronin/db/cert_name.rb +107 -0
data/lib/ronin/db/cert_organization.rb +127 -0
data/lib/ronin/db/cert_subject.rb +81 -0
data/lib/ronin/db/cert_subject_alt_name.rb +88 -0
data/lib/ronin/db/credential.rb +10 -1
data/lib/ronin/db/dns_query.rb +98 -0
data/lib/ronin/db/dns_record.rb +76 -0
data/lib/ronin/db/email_address.rb +139 -1
data/lib/ronin/db/host_name.rb +45 -1
data/lib/ronin/db/host_name_ip_address.rb +1 -1
data/lib/ronin/db/http_header_name.rb +1 -1
data/lib/ronin/db/http_query_param.rb +1 -1
data/lib/ronin/db/http_query_param_name.rb +1 -1
data/lib/ronin/db/http_request.rb +13 -1
data/lib/ronin/db/http_request_header.rb +1 -1
data/lib/ronin/db/http_response.rb +1 -1
data/lib/ronin/db/http_response_header.rb +1 -1
data/lib/ronin/db/ip_address.rb +46 -1
data/lib/ronin/db/ip_address_mac_address.rb +1 -1
data/lib/ronin/db/mac_address.rb +28 -1
data/lib/ronin/db/migrations.rb +1 -1
data/lib/ronin/db/model/has_name.rb +18 -1
data/lib/ronin/db/model/has_unique_name.rb +1 -1
data/lib/ronin/db/model/importable.rb +1 -1
data/lib/ronin/db/model/last_scanned_at.rb +1 -1
data/lib/ronin/db/model.rb +1 -1
data/lib/ronin/db/models.rb +44 -2
data/lib/ronin/db/note.rb +199 -0
data/lib/ronin/db/open_port.rb +104 -3
data/lib/ronin/db/organization.rb +237 -3
data/lib/ronin/db/organization_customer.rb +73 -0
data/lib/ronin/db/organization_department.rb +97 -0
data/lib/ronin/db/organization_email_address.rb +66 -0
data/lib/ronin/db/organization_host_name.rb +65 -0
data/lib/ronin/db/organization_ip_address.rb +65 -0
data/lib/ronin/db/organization_member.rb +158 -0
data/lib/ronin/db/organization_phone_number.rb +66 -0
data/lib/ronin/db/organization_street_address.rb +66 -0
data/lib/ronin/db/os.rb +35 -1
data/lib/ronin/db/os_guess.rb +1 -1
data/lib/ronin/db/password.rb +84 -1
data/lib/ronin/db/person.rb +455 -0
data/lib/ronin/db/personal_connection.rb +110 -0
data/lib/ronin/db/personal_email_address.rb +66 -0
data/lib/ronin/db/personal_phone_number.rb +76 -0
data/lib/ronin/db/personal_street_address.rb +66 -0
data/lib/ronin/db/phone_number.rb +330 -0
data/lib/ronin/db/port.rb +110 -1
data/lib/ronin/db/service.rb +130 -1
data/lib/ronin/db/service_credential.rb +1 -1
data/lib/ronin/db/software.rb +37 -1
data/lib/ronin/db/software_vendor.rb +1 -1
data/lib/ronin/db/street_address.rb +340 -0
data/lib/ronin/db/url.rb +37 -1
data/lib/ronin/db/url_query_param.rb +1 -1
data/lib/ronin/db/url_query_param_name.rb +9 -1
data/lib/ronin/db/url_scheme.rb +1 -1
data/lib/ronin/db/user_name.rb +58 -1
data/lib/ronin/db/vulnerability.rb +1 -1
data/lib/ronin/db/web_credential.rb +1 -1
data/lib/ronin/db/web_vuln.rb +348 -0
metadata +57 -2

data/lib/ronin/db/web_vuln.rb ADDED Viewed

@@ -0,0 +1,348 @@
+# frozen_string_literal: true
+#
+# ronin-db-activerecord - ActiveRecord backend for the Ronin Database.
+#
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-db-activerecord is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-db-activerecord is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-db-activerecord.  If not, see <https://www.gnu.org/licenses/>.
+#
+require 'ronin/db/model'
+require 'active_record'
+module Ronin
+  module DB
+    #
+    # Represents discovered web vulnerabilities.
+    #
+    class WebVuln < ActiveRecord::Base
+      include Model
+      # NOTE: disable STI so we can use the type column as an enum.
+      self.inheritance_column = nil
+      # @!attribute [rw] id
+      #   The primary key of the URL.
+      #
+      #   @return [Integer]
+      attribute :id, :integer
+      # @!attribute [rw] scheme
+      #   The scheme of the URL.
+      #
+      #   @return [URL]
+      belongs_to :url, required:   true,
+                       class_name: 'URL'
+      # @!attribute [rw] type
+      #   The type of vuln.
+      #
+      #   @return ["lfi", "rfi", "sqli", "ssti", "open_redirect", "reflected_xss", "command_injection"]
+      enum type: {
+        lfi:               'lfi',
+        rfi:               'rfi',
+        sqli:              'sqli',
+        ssti:              'ssti',
+        open_redirect:     'open_redirect',
+        reflected_xss:     'reflected_xss',
+        command_injection: 'command_injection'
+      }
+      validates :type, presence: true
+      # @!attribute [rw] query_param
+      #   The query param of the URL.
+      #
+      #   @return [String, nil]
+      attribute :query_param, :string
+      # @!attribute [rw] header_name
+      #   The header name string part of the URL.
+      #
+      #   @return [String, nil]
+      attribute :header_name, :string
+      # @!attribute [rw] cookie_param
+      #   The cookie param of the URL.
+      #
+      #   @return [String, nil]
+      attribute :cookie_param, :string
+      # @!attribute [rw] form_param
+      #   The form param of the URL.
+      #
+      #   @return [String, nil]
+      attribute :form_param, :string
+      validate :param_validation
+      # @!attribute [rw] request_method
+      #   The request method for the URL.
+      #
+      #   @return ["copy", "delete", "get", "head", "lock", "mkcol", "move", "options", "patch", "post", "propfind", "proppatch", "put", "trace", "unlock"]
+      enum request_method: {
+        copy:      'COPY',
+        delete:    'DELETE',
+        get:       'GET',
+        head:      'HEAD',
+        lock:      'LOCK',
+        mkcol:     'MKCOL',
+        move:      'MOVE',
+        options:   'OPTIONS',
+        patch:     'PATCH',
+        post:      'POST',
+        propfind:  'PROPFIND',
+        proppatch: 'PROPPATCH',
+        put:       'PUT',
+        trace:     'TRACE',
+        unlock:    'UNLOCK'
+      }, _suffix: :request
+      # @!attribute [rw] lfi_os
+      #   The LFI os.
+      #
+      #   @return [:unix, :windows, nil]
+      enum lfi_os: {
+        unix:    'unix',
+        windows: 'windows'
+      }, _prefix: true
+      # @!attribute [rw] lfi_depth
+      #   The LFI depth.
+      #
+      #   @return [Integer, nil]
+      attribute :lfi_depth, :integer
+      # @!attribute [rw] lfi_filter_bypass
+      #   The LFI filter bypass.
+      #
+      #   @return [:null_byte, :base64, :rot13, :zlib, nil]
+      enum lfi_filter_bypass: {
+        null_byte: 'null_byte',
+        base64:    'base64',
+        rot13:     'rot13',
+        zlib:      'zlib'
+      }, _prefix: true
+      # @!attribute [rw] rfi_script_lang
+      #   The RFI script lang.
+      #
+      #   @return [:asp, :asp_net, :cold_fusion, :jsp, :php, :perl, nil]
+      enum rfi_script_lang: {
+        asp:         'asp',
+        asp_net:     'asp_net',
+        cold_fusion: 'cold_fusion',
+        jsp:         'jsp',
+        php:         'php',
+        perl:        'perl'
+      }, _prefix: true
+      # @!attribute [rw] rfi_filter_bypass
+      #   The RFI filter bypass.
+      #
+      #   @return [:null_byte, :double_encode, nil]
+      enum rfi_filter_bypass: {
+        null_byte:     'null_byte',
+        double_encode: 'double_encode'
+      }, _prefix: true
+      # @!attribute [rw] ssti_escape_type
+      #   The SSTI escape type.
+      #
+      #   @return [:double_curly_braces, :dollar_curly_braces, :dollar_double_curly_braces, :pound_curly_braces, :angle_brackets_percent, :custom, nil]
+      enum ssti_escape_type: {
+        double_curly_braces:        'double_curly_braces',
+        dollar_curly_braces:        'dollar_curly_braces',
+        dollar_double_curly_braces: 'dollar_double_curly_braces',
+        pound_curly_braces:         'pound_curly_braces',
+        angle_brackets_percent:     'angle_brackets_percent',
+        custom:                     'custom'
+      }, _prefix: true
+      # @!attribute [rw] sqli_escape_quote
+      #   The SQLi escape quote.
+      #
+      #   @return [Boolean, nil]
+      attribute :sqli_escape_quote, :boolean
+      # @!attribute [rw] sqli_escape_parens
+      #   The SQLi escape parens.
+      #
+      #   @return [Boolean, nil]
+      attribute :sqli_escape_parens, :boolean
+      # @!attribute [rw] sqli_terminate
+      #   The SQLi terminate.
+      #
+      #   @return [Boolean, nil]
+      attribute :sqli_terminate, :boolean
+      # @!attribute [rw] command_injection_escape_quote
+      #   The Command Injection escape quote character.
+      #
+      #   @return [String, nil]
+      attribute :command_injection_escape_quote, :string
+      # @!attribute [rw] command_injection_escape_operator
+      #   The Command Injection escape operator character.
+      #
+      #   @return [String, nil]
+      attribute :command_injection_escape_operator, :string
+      # @!attribute [rw] command_injection_terminator
+      #   The Command Injection terminator character.
+      #
+      #   @return [String, nil]
+      attribute :command_injection_terminator, :string
+      # @!attribute [r] created_at
+      #   Defines the created_at timestamp
+      #
+      #   @return [Time]
+      attribute :created_at, :datetime
+      #
+      # Queries all web vulnerabilities belonging to the given host name.
+      #
+      # @param [String] host_name
+      #   The host name to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.for_host(host_name)
+        joins(url: [:host_name]).where(
+          url: {
+            ronin_host_names: {name: host_name}
+          }
+        )
+      end
+      #
+      # Queries all web vulnerabilities belonging to the given domain name.
+      #
+      # @param [String] domain
+      #   The domain to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.for_domain(domain)
+        joins(url: [:host_name]).merge(HostName.with_domain(domain))
+      end
+      #
+      # Queries all web vulnerabilities with the matching URL path.
+      #
+      # @param [String] path
+      #   The URL path to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.for_path(path)
+        joins(:url).where(url: {path: path})
+      end
+      #
+      # Queries all web vulnerabilities of the given type.
+      #
+      # @param [:lfi, :rfi, :sqli, :ssti, :open_redirect, :reflected_xss, :command_injection] type
+      #   The web vulnerability type to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_type(type)
+        where(type: type)
+      end
+      #
+      # Queries all web vulnerabilities effecting the given query param name.
+      #
+      # @param [String] name
+      #   The query param name to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_query_param(name)
+        where(query_param: name)
+      end
+      #
+      # Queries all web vulnerabilities effecting the given header name.
+      #
+      # @param [String] name
+      #   The header name to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_header_name(name)
+        where(header_name: name)
+      end
+      #
+      # Queries all web vulnerabilities effecting the given cookie param name.
+      #
+      # @param [String] name
+      #   The cookie param name to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_cookie_param(name)
+        where(cookie_param: name)
+      end
+      #
+      # Queries all web vulnerabilities effecting the given form param name.
+      #
+      # @param [String] name
+      #   The form param name to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_form_param(name)
+        where(form_param: name)
+      end
+      #
+      # Queries all web vulnerabilities with the given request method.
+      #
+      # @param [String] request_method
+      #   The request method to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_request_method(request_method)
+        where(request_method: request_method)
+      end
+      #
+      # Validates presence of at least one param fields.
+      #
+      def param_validation
+        unless (query_param || header_name || cookie_param || form_param)
+          self.errors.add(:base, "query_param, header_name, cookie_param or from_param must be present")
+        end
+      end
+    end
+  end
+end
+require 'ronin/db/url'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ronin-db-activerecord
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.2.0.rc1
 platform: ruby
 authors:
 - Postmodern
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-20 00:00:00.000000000 Z
+date: 2024-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: uri-query_params
@@ -110,12 +110,50 @@ files:
 - db/migrate/0034_create_ronin_service_credentials_table.rb
 - db/migrate/0035_create_ronin_web_credentials_table.rb
 - db/migrate/0036_add_software_id_column_to_open_ports_table.rb
+- db/migrate/0037_add_created_at_column_to_ronin_ports_table.rb
+- db/migrate/0038_add_created_at_column_to_ronin_services_table.rb
+- db/migrate/0039_create_ronin_cert_names_table.rb
+- db/migrate/0040_create_ronin_cert_issuers_table.rb
+- db/migrate/0041_create_ronin_cert_subjects_table.rb
+- db/migrate/0042_create_ronin_cert_subject_alt_names_table.rb
+- db/migrate/0043_create_ronin_certs_table.rb
+- db/migrate/0044_add_cert_id_column_to_ronin_open_ports_table.rb
+- db/migrate/0045_create_ronin_notes_table.rb
+- db/migrate/0046_create_ronin_web_vulns_table.rb
+- db/migrate/0047_create_ronin_phone_numbers_table.rb
+- db/migrate/0048_create_ronin_street_addresses_table.rb
+- db/migrate/0049_create_ronin_people_table.rb
+- db/migrate/0050_create_ronin_personal_connections_table.rb
+- db/migrate/0051_create_ronin_personal_phone_numbers_table.rb
+- db/migrate/0052_create_ronin_personal_email_addresses_table.rb
+- db/migrate/0053_create_ronin_personal_street_addresses_table.rb
+- db/migrate/0054_add_type_column_to_ronin_organizations_table.rb
+- db/migrate/0055_add_parent_id_column_to_ronin_organizations_table.rb
+- db/migrate/0056_create_ronin_organization_departments_table.rb
+- db/migrate/0057_create_ronin_organization_members_table.rb
+- db/migrate/0058_create_ronin_organization_customers_table.rb
+- db/migrate/0059_create_ronin_organization_phone_numbers_table.rb
+- db/migrate/0060_create_ronin_organization_email_addresses_table.rb
+- db/migrate/0061_create_ronin_organization_street_addresses_table.rb
+- db/migrate/0062_add_source_ip_column_to_http_requests_table.rb
+- db/migrate/0063_create_ronin_dns_queries_table.rb
+- db/migrate/0064_create_ronin_dns_records_table.rb
+- db/migrate/0065_create_ronin_organization_host_names_table.rb
+- db/migrate/0066_create_ronin_organization_ip_addresses_table.rb
 - gemspec.yml
 - lib/ronin/db/address.rb
 - lib/ronin/db/advisory.rb
 - lib/ronin/db/arch.rb
 - lib/ronin/db/asn.rb
+- lib/ronin/db/cert.rb
+- lib/ronin/db/cert_issuer.rb
+- lib/ronin/db/cert_name.rb
+- lib/ronin/db/cert_organization.rb
+- lib/ronin/db/cert_subject.rb
+- lib/ronin/db/cert_subject_alt_name.rb
 - lib/ronin/db/credential.rb
+- lib/ronin/db/dns_query.rb
+- lib/ronin/db/dns_record.rb
 - lib/ronin/db/email_address.rb
 - lib/ronin/db/host_name.rb
 - lib/ronin/db/host_name_ip_address.rb
@@ -136,16 +174,32 @@ files:
 - lib/ronin/db/model/importable.rb
 - lib/ronin/db/model/last_scanned_at.rb
 - lib/ronin/db/models.rb
+- lib/ronin/db/note.rb
 - lib/ronin/db/open_port.rb
 - lib/ronin/db/organization.rb
+- lib/ronin/db/organization_customer.rb
+- lib/ronin/db/organization_department.rb
+- lib/ronin/db/organization_email_address.rb
+- lib/ronin/db/organization_host_name.rb
+- lib/ronin/db/organization_ip_address.rb
+- lib/ronin/db/organization_member.rb
+- lib/ronin/db/organization_phone_number.rb
+- lib/ronin/db/organization_street_address.rb
 - lib/ronin/db/os.rb
 - lib/ronin/db/os_guess.rb
 - lib/ronin/db/password.rb
+- lib/ronin/db/person.rb
+- lib/ronin/db/personal_connection.rb
+- lib/ronin/db/personal_email_address.rb
+- lib/ronin/db/personal_phone_number.rb
+- lib/ronin/db/personal_street_address.rb
+- lib/ronin/db/phone_number.rb
 - lib/ronin/db/port.rb
 - lib/ronin/db/service.rb
 - lib/ronin/db/service_credential.rb
 - lib/ronin/db/software.rb
 - lib/ronin/db/software_vendor.rb
+- lib/ronin/db/street_address.rb
 - lib/ronin/db/url.rb
 - lib/ronin/db/url_query_param.rb
 - lib/ronin/db/url_query_param_name.rb
@@ -153,6 +207,7 @@ files:
 - lib/ronin/db/user_name.rb
 - lib/ronin/db/vulnerability.rb
 - lib/ronin/db/web_credential.rb
+- lib/ronin/db/web_vuln.rb
 - ronin-db-activerecord.gemspec
 homepage: https://ronin-rb.dev/
 licenses: