RubyGems - ronin-db-activerecord - Versions diffs - 0.1.6 → 0.2.0.rc1 - Mend

ronin-db-activerecord 0.1.6 → 0.2.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (102) hide show

checksums.yaml +4 -4
data/ChangeLog.md +91 -0
data/README.md +49 -1
data/db/migrate/0037_add_created_at_column_to_ronin_ports_table.rb +40 -0
data/db/migrate/0038_add_created_at_column_to_ronin_services_table.rb +40 -0
data/db/migrate/0039_create_ronin_cert_names_table.rb +37 -0
data/db/migrate/0040_create_ronin_cert_issuers_table.rb +52 -0
data/db/migrate/0041_create_ronin_cert_subjects_table.rb +54 -0
data/db/migrate/0042_create_ronin_cert_subject_alt_names_table.rb +42 -0
data/db/migrate/0043_create_ronin_certs_table.rb +61 -0
data/db/migrate/0044_add_cert_id_column_to_ronin_open_ports_table.rb +35 -0
data/db/migrate/0045_create_ronin_notes_table.rb +120 -0
data/db/migrate/0046_create_ronin_web_vulns_table.rb +61 -0
data/db/migrate/0047_create_ronin_phone_numbers_table.rb +47 -0
data/db/migrate/0048_create_ronin_street_addresses_table.rb +46 -0
data/db/migrate/0049_create_ronin_people_table.rb +48 -0
data/db/migrate/0050_create_ronin_personal_connections_table.rb +48 -0
data/db/migrate/0051_create_ronin_personal_phone_numbers_table.rb +48 -0
data/db/migrate/0052_create_ronin_personal_email_addresses_table.rb +45 -0
data/db/migrate/0053_create_ronin_personal_street_addresses_table.rb +47 -0
data/db/migrate/0054_add_type_column_to_ronin_organizations_table.rb +33 -0
data/db/migrate/0055_add_parent_id_column_to_ronin_organizations_table.rb +43 -0
data/db/migrate/0056_create_ronin_organization_departments_table.rb +59 -0
data/db/migrate/0057_create_ronin_organization_members_table.rb +62 -0
data/db/migrate/0058_create_ronin_organization_customers_table.rb +52 -0
data/db/migrate/0059_create_ronin_organization_phone_numbers_table.rb +47 -0
data/db/migrate/0060_create_ronin_organization_email_addresses_table.rb +45 -0
data/db/migrate/0061_create_ronin_organization_street_addresses_table.rb +47 -0
data/db/migrate/0062_add_source_ip_column_to_http_requests_table.rb +30 -0
data/db/migrate/0063_create_ronin_dns_queries_table.rb +41 -0
data/db/migrate/0064_create_ronin_dns_records_table.rb +42 -0
data/db/migrate/0065_create_ronin_organization_host_names_table.rb +43 -0
data/db/migrate/0066_create_ronin_organization_ip_addresses_table.rb +43 -0
data/gemspec.yml +1 -1
data/lib/ronin/db/address.rb +1 -1
data/lib/ronin/db/advisory.rb +66 -1
data/lib/ronin/db/arch.rb +1 -1
data/lib/ronin/db/asn.rb +15 -1
data/lib/ronin/db/cert.rb +501 -0
data/lib/ronin/db/cert_issuer.rb +78 -0
data/lib/ronin/db/cert_name.rb +107 -0
data/lib/ronin/db/cert_organization.rb +127 -0
data/lib/ronin/db/cert_subject.rb +81 -0
data/lib/ronin/db/cert_subject_alt_name.rb +88 -0
data/lib/ronin/db/credential.rb +10 -1
data/lib/ronin/db/dns_query.rb +98 -0
data/lib/ronin/db/dns_record.rb +76 -0
data/lib/ronin/db/email_address.rb +139 -1
data/lib/ronin/db/host_name.rb +45 -1
data/lib/ronin/db/host_name_ip_address.rb +1 -1
data/lib/ronin/db/http_header_name.rb +1 -1
data/lib/ronin/db/http_query_param.rb +1 -1
data/lib/ronin/db/http_query_param_name.rb +1 -1
data/lib/ronin/db/http_request.rb +13 -1
data/lib/ronin/db/http_request_header.rb +1 -1
data/lib/ronin/db/http_response.rb +1 -1
data/lib/ronin/db/http_response_header.rb +1 -1
data/lib/ronin/db/ip_address.rb +46 -1
data/lib/ronin/db/ip_address_mac_address.rb +1 -1
data/lib/ronin/db/mac_address.rb +28 -1
data/lib/ronin/db/migrations.rb +1 -1
data/lib/ronin/db/model/has_name.rb +18 -1
data/lib/ronin/db/model/has_unique_name.rb +1 -1
data/lib/ronin/db/model/importable.rb +1 -1
data/lib/ronin/db/model/last_scanned_at.rb +1 -1
data/lib/ronin/db/model.rb +1 -1
data/lib/ronin/db/models.rb +44 -2
data/lib/ronin/db/note.rb +199 -0
data/lib/ronin/db/open_port.rb +104 -3
data/lib/ronin/db/organization.rb +237 -3
data/lib/ronin/db/organization_customer.rb +73 -0
data/lib/ronin/db/organization_department.rb +97 -0
data/lib/ronin/db/organization_email_address.rb +66 -0
data/lib/ronin/db/organization_host_name.rb +65 -0
data/lib/ronin/db/organization_ip_address.rb +65 -0
data/lib/ronin/db/organization_member.rb +158 -0
data/lib/ronin/db/organization_phone_number.rb +66 -0
data/lib/ronin/db/organization_street_address.rb +66 -0
data/lib/ronin/db/os.rb +35 -1
data/lib/ronin/db/os_guess.rb +1 -1
data/lib/ronin/db/password.rb +84 -1
data/lib/ronin/db/person.rb +455 -0
data/lib/ronin/db/personal_connection.rb +110 -0
data/lib/ronin/db/personal_email_address.rb +66 -0
data/lib/ronin/db/personal_phone_number.rb +76 -0
data/lib/ronin/db/personal_street_address.rb +66 -0
data/lib/ronin/db/phone_number.rb +330 -0
data/lib/ronin/db/port.rb +110 -1
data/lib/ronin/db/service.rb +130 -1
data/lib/ronin/db/service_credential.rb +1 -1
data/lib/ronin/db/software.rb +37 -1
data/lib/ronin/db/software_vendor.rb +1 -1
data/lib/ronin/db/street_address.rb +340 -0
data/lib/ronin/db/url.rb +37 -1
data/lib/ronin/db/url_query_param.rb +1 -1
data/lib/ronin/db/url_query_param_name.rb +9 -1
data/lib/ronin/db/url_scheme.rb +1 -1
data/lib/ronin/db/user_name.rb +58 -1
data/lib/ronin/db/vulnerability.rb +1 -1
data/lib/ronin/db/web_credential.rb +1 -1
data/lib/ronin/db/web_vuln.rb +348 -0
metadata +57 -2

data/lib/ronin/db/web_vuln.rb ADDED Viewed

@@ -0,0 +1,348 @@
+# frozen_string_literal: true
+#
+# ronin-db-activerecord - ActiveRecord backend for the Ronin Database.
+#
+# Copyright (c) 2022-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-db-activerecord is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-db-activerecord is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-db-activerecord.  If not, see <https://www.gnu.org/licenses/>.
+#
+require 'ronin/db/model'
+require 'active_record'
+module Ronin
+  module DB
+    #
+    # Represents discovered web vulnerabilities.
+    #
+    class WebVuln < ActiveRecord::Base
+      include Model
+      # NOTE: disable STI so we can use the type column as an enum.
+      self.inheritance_column = nil
+      # @!attribute [rw] id
+      #   The primary key of the URL.
+      #
+      #   @return [Integer]
+      attribute :id, :integer
+      # @!attribute [rw] scheme
+      #   The scheme of the URL.
+      #
+      #   @return [URL]
+      belongs_to :url, required:   true,
+                       class_name: 'URL'
+      # @!attribute [rw] type
+      #   The type of vuln.
+      #
+      #   @return ["lfi", "rfi", "sqli", "ssti", "open_redirect", "reflected_xss", "command_injection"]
+      enum type: {
+        lfi:               'lfi',
+        rfi:               'rfi',
+        sqli:              'sqli',
+        ssti:              'ssti',
+        open_redirect:     'open_redirect',
+        reflected_xss:     'reflected_xss',
+        command_injection: 'command_injection'
+      }
+      validates :type, presence: true
+      # @!attribute [rw] query_param
+      #   The query param of the URL.
+      #
+      #   @return [String, nil]
+      attribute :query_param, :string
+      # @!attribute [rw] header_name
+      #   The header name string part of the URL.
+      #
+      #   @return [String, nil]
+      attribute :header_name, :string
+      # @!attribute [rw] cookie_param
+      #   The cookie param of the URL.
+      #
+      #   @return [String, nil]
+      attribute :cookie_param, :string
+      # @!attribute [rw] form_param
+      #   The form param of the URL.
+      #
+      #   @return [String, nil]
+      attribute :form_param, :string
+      validate :param_validation
+      # @!attribute [rw] request_method
+      #   The request method for the URL.
+      #
+      #   @return ["copy", "delete", "get", "head", "lock", "mkcol", "move", "options", "patch", "post", "propfind", "proppatch", "put", "trace", "unlock"]
+      enum request_method: {
+        copy:      'COPY',
+        delete:    'DELETE',
+        get:       'GET',
+        head:      'HEAD',
+        lock:      'LOCK',
+        mkcol:     'MKCOL',
+        move:      'MOVE',
+        options:   'OPTIONS',
+        patch:     'PATCH',
+        post:      'POST',
+        propfind:  'PROPFIND',
+        proppatch: 'PROPPATCH',
+        put:       'PUT',
+        trace:     'TRACE',
+        unlock:    'UNLOCK'
+      }, _suffix: :request
+      # @!attribute [rw] lfi_os
+      #   The LFI os.
+      #
+      #   @return [:unix, :windows, nil]
+      enum lfi_os: {
+        unix:    'unix',
+        windows: 'windows'
+      }, _prefix: true
+      # @!attribute [rw] lfi_depth
+      #   The LFI depth.
+      #
+      #   @return [Integer, nil]
+      attribute :lfi_depth, :integer
+      # @!attribute [rw] lfi_filter_bypass
+      #   The LFI filter bypass.
+      #
+      #   @return [:null_byte, :base64, :rot13, :zlib, nil]
+      enum lfi_filter_bypass: {
+        null_byte: 'null_byte',
+        base64:    'base64',
+        rot13:     'rot13',
+        zlib:      'zlib'
+      }, _prefix: true
+      # @!attribute [rw] rfi_script_lang
+      #   The RFI script lang.
+      #
+      #   @return [:asp, :asp_net, :cold_fusion, :jsp, :php, :perl, nil]
+      enum rfi_script_lang: {
+        asp:         'asp',
+        asp_net:     'asp_net',
+        cold_fusion: 'cold_fusion',
+        jsp:         'jsp',
+        php:         'php',
+        perl:        'perl'
+      }, _prefix: true
+      # @!attribute [rw] rfi_filter_bypass
+      #   The RFI filter bypass.
+      #
+      #   @return [:null_byte, :double_encode, nil]
+      enum rfi_filter_bypass: {
+        null_byte:     'null_byte',
+        double_encode: 'double_encode'
+      }, _prefix: true
+      # @!attribute [rw] ssti_escape_type
+      #   The SSTI escape type.
+      #
+      #   @return [:double_curly_braces, :dollar_curly_braces, :dollar_double_curly_braces, :pound_curly_braces, :angle_brackets_percent, :custom, nil]
+      enum ssti_escape_type: {
+        double_curly_braces:        'double_curly_braces',
+        dollar_curly_braces:        'dollar_curly_braces',
+        dollar_double_curly_braces: 'dollar_double_curly_braces',
+        pound_curly_braces:         'pound_curly_braces',
+        angle_brackets_percent:     'angle_brackets_percent',
+        custom:                     'custom'
+      }, _prefix: true
+      # @!attribute [rw] sqli_escape_quote
+      #   The SQLi escape quote.
+      #
+      #   @return [Boolean, nil]
+      attribute :sqli_escape_quote, :boolean
+      # @!attribute [rw] sqli_escape_parens
+      #   The SQLi escape parens.
+      #
+      #   @return [Boolean, nil]
+      attribute :sqli_escape_parens, :boolean
+      # @!attribute [rw] sqli_terminate
+      #   The SQLi terminate.
+      #
+      #   @return [Boolean, nil]
+      attribute :sqli_terminate, :boolean
+      # @!attribute [rw] command_injection_escape_quote
+      #   The Command Injection escape quote character.
+      #
+      #   @return [String, nil]
+      attribute :command_injection_escape_quote, :string
+      # @!attribute [rw] command_injection_escape_operator
+      #   The Command Injection escape operator character.
+      #
+      #   @return [String, nil]
+      attribute :command_injection_escape_operator, :string
+      # @!attribute [rw] command_injection_terminator
+      #   The Command Injection terminator character.
+      #
+      #   @return [String, nil]
+      attribute :command_injection_terminator, :string
+      # @!attribute [r] created_at
+      #   Defines the created_at timestamp
+      #
+      #   @return [Time]
+      attribute :created_at, :datetime
+      #
+      # Queries all web vulnerabilities belonging to the given host name.
+      #
+      # @param [String] host_name
+      #   The host name to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.for_host(host_name)
+        joins(url: [:host_name]).where(
+          url: {
+            ronin_host_names: {name: host_name}
+          }
+        )
+      end
+      #
+      # Queries all web vulnerabilities belonging to the given domain name.
+      #
+      # @param [String] domain
+      #   The domain to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.for_domain(domain)
+        joins(url: [:host_name]).merge(HostName.with_domain(domain))
+      end
+      #
+      # Queries all web vulnerabilities with the matching URL path.
+      #
+      # @param [String] path
+      #   The URL path to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.for_path(path)
+        joins(:url).where(url: {path: path})
+      end
+      #
+      # Queries all web vulnerabilities of the given type.
+      #
+      # @param [:lfi, :rfi, :sqli, :ssti, :open_redirect, :reflected_xss, :command_injection] type
+      #   The web vulnerability type to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_type(type)
+        where(type: type)
+      end
+      #
+      # Queries all web vulnerabilities effecting the given query param name.
+      #
+      # @param [String] name
+      #   The query param name to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_query_param(name)
+        where(query_param: name)
+      end
+      #
+      # Queries all web vulnerabilities effecting the given header name.
+      #
+      # @param [String] name
+      #   The header name to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_header_name(name)
+        where(header_name: name)
+      end
+      #
+      # Queries all web vulnerabilities effecting the given cookie param name.
+      #
+      # @param [String] name
+      #   The cookie param name to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_cookie_param(name)
+        where(cookie_param: name)
+      end
+      #
+      # Queries all web vulnerabilities effecting the given form param name.
+      #
+      # @param [String] name
+      #   The form param name to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_form_param(name)
+        where(form_param: name)
+      end
+      #
+      # Queries all web vulnerabilities with the given request method.
+      #
+      # @param [String] request_method
+      #   The request method to search for.
+      #
+      # @return [Array<WebVuln>]
+      #   The matching web vulnerabilities.
+      #
+      def self.with_request_method(request_method)
+        where(request_method: request_method)
+      end
+      #
+      # Validates presence of at least one param fields.
+      #
+      def param_validation
+        unless (query_param || header_name || cookie_param || form_param)
+          self.errors.add(:base, "query_param, header_name, cookie_param or from_param must be present")
+        end
+      end
+    end
+  end
+end
+require 'ronin/db/url'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ronin-db-activerecord
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.2.0.rc1
 platform: ruby
 authors:
 - Postmodern
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-20 00:00:00.000000000 Z
+date: 2024-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: uri-query_params
@@ -110,12 +110,50 @@ files:
 - db/migrate/0034_create_ronin_service_credentials_table.rb
 - db/migrate/0035_create_ronin_web_credentials_table.rb
 - db/migrate/0036_add_software_id_column_to_open_ports_table.rb
+- db/migrate/0037_add_created_at_column_to_ronin_ports_table.rb
+- db/migrate/0038_add_created_at_column_to_ronin_services_table.rb
+- db/migrate/0039_create_ronin_cert_names_table.rb
+- db/migrate/0040_create_ronin_cert_issuers_table.rb
+- db/migrate/0041_create_ronin_cert_subjects_table.rb
+- db/migrate/0042_create_ronin_cert_subject_alt_names_table.rb
+- db/migrate/0043_create_ronin_certs_table.rb
+- db/migrate/0044_add_cert_id_column_to_ronin_open_ports_table.rb
+- db/migrate/0045_create_ronin_notes_table.rb
+- db/migrate/0046_create_ronin_web_vulns_table.rb
+- db/migrate/0047_create_ronin_phone_numbers_table.rb
+- db/migrate/0048_create_ronin_street_addresses_table.rb
+- db/migrate/0049_create_ronin_people_table.rb
+- db/migrate/0050_create_ronin_personal_connections_table.rb
+- db/migrate/0051_create_ronin_personal_phone_numbers_table.rb
+- db/migrate/0052_create_ronin_personal_email_addresses_table.rb
+- db/migrate/0053_create_ronin_personal_street_addresses_table.rb
+- db/migrate/0054_add_type_column_to_ronin_organizations_table.rb
+- db/migrate/0055_add_parent_id_column_to_ronin_organizations_table.rb
+- db/migrate/0056_create_ronin_organization_departments_table.rb
+- db/migrate/0057_create_ronin_organization_members_table.rb
+- db/migrate/0058_create_ronin_organization_customers_table.rb
+- db/migrate/0059_create_ronin_organization_phone_numbers_table.rb
+- db/migrate/0060_create_ronin_organization_email_addresses_table.rb
+- db/migrate/0061_create_ronin_organization_street_addresses_table.rb
+- db/migrate/0062_add_source_ip_column_to_http_requests_table.rb
+- db/migrate/0063_create_ronin_dns_queries_table.rb
+- db/migrate/0064_create_ronin_dns_records_table.rb
+- db/migrate/0065_create_ronin_organization_host_names_table.rb
+- db/migrate/0066_create_ronin_organization_ip_addresses_table.rb
 - gemspec.yml
 - lib/ronin/db/address.rb
 - lib/ronin/db/advisory.rb
 - lib/ronin/db/arch.rb
 - lib/ronin/db/asn.rb
+- lib/ronin/db/cert.rb
+- lib/ronin/db/cert_issuer.rb
+- lib/ronin/db/cert_name.rb
+- lib/ronin/db/cert_organization.rb
+- lib/ronin/db/cert_subject.rb
+- lib/ronin/db/cert_subject_alt_name.rb
 - lib/ronin/db/credential.rb
+- lib/ronin/db/dns_query.rb
+- lib/ronin/db/dns_record.rb
 - lib/ronin/db/email_address.rb
 - lib/ronin/db/host_name.rb
 - lib/ronin/db/host_name_ip_address.rb
@@ -136,16 +174,32 @@ files:
 - lib/ronin/db/model/importable.rb
 - lib/ronin/db/model/last_scanned_at.rb
 - lib/ronin/db/models.rb
+- lib/ronin/db/note.rb
 - lib/ronin/db/open_port.rb
 - lib/ronin/db/organization.rb
+- lib/ronin/db/organization_customer.rb
+- lib/ronin/db/organization_department.rb
+- lib/ronin/db/organization_email_address.rb
+- lib/ronin/db/organization_host_name.rb
+- lib/ronin/db/organization_ip_address.rb
+- lib/ronin/db/organization_member.rb
+- lib/ronin/db/organization_phone_number.rb
+- lib/ronin/db/organization_street_address.rb
 - lib/ronin/db/os.rb
 - lib/ronin/db/os_guess.rb
 - lib/ronin/db/password.rb
+- lib/ronin/db/person.rb
+- lib/ronin/db/personal_connection.rb
+- lib/ronin/db/personal_email_address.rb
+- lib/ronin/db/personal_phone_number.rb
+- lib/ronin/db/personal_street_address.rb
+- lib/ronin/db/phone_number.rb
 - lib/ronin/db/port.rb
 - lib/ronin/db/service.rb
 - lib/ronin/db/service_credential.rb
 - lib/ronin/db/software.rb
 - lib/ronin/db/software_vendor.rb
+- lib/ronin/db/street_address.rb
 - lib/ronin/db/url.rb
 - lib/ronin/db/url_query_param.rb
 - lib/ronin/db/url_query_param_name.rb
@@ -153,6 +207,7 @@ files:
 - lib/ronin/db/user_name.rb
 - lib/ronin/db/vulnerability.rb
 - lib/ronin/db/web_credential.rb
+- lib/ronin/db/web_vuln.rb
 - ronin-db-activerecord.gemspec
 homepage: https://ronin-rb.dev/
 licenses: