From 3411d0bce206c7189f7499d42cea7eeaf54927cc Mon Sep 17 00:00:00 2001 From: James Barnett Date: Fri, 27 Jul 2018 13:59:17 -0500 Subject: [PATCH] Refactor error JSON responses to use a helper method --- documentation/api/v1/root_api_doc.rb | 12 ++++++++++- .../db_manager/http/servlet/auth_servlet.rb | 2 +- .../http/servlet/credential_servlet.rb | 8 ++++---- .../http/servlet/db_export_servlet.rb | 2 +- .../db_manager/http/servlet/event_servlet.rb | 10 +++++++--- .../db_manager/http/servlet/host_servlet.rb | 12 +++++------ .../db_manager/http/servlet/login_servlet.rb | 8 ++++---- .../db_manager/http/servlet/loot_servlet.rb | 6 +++--- .../db_manager/http/servlet/msf_servlet.rb | 8 ++++++-- .../db_manager/http/servlet/note_servlet.rb | 18 +++++++---------- .../http/servlet/service_servlet.rb | 6 +++--- .../http/servlet/session_event_servlet.rb | 14 +++++-------- .../http/servlet/session_servlet.rb | 4 ++-- .../db_manager/http/servlet/user_servlet.rb | 18 +++++++---------- .../http/servlet/vuln_attempt_servlet.rb | 20 ++++++++----------- .../db_manager/http/servlet/vuln_servlet.rb | 18 +++++++---------- .../http/servlet/workspace_servlet.rb | 8 ++++---- .../core/db_manager/http/servlet_helper.rb | 18 ++++++++++++----- 18 files changed, 99 insertions(+), 93 deletions(-) diff --git a/documentation/api/v1/root_api_doc.rb b/documentation/api/v1/root_api_doc.rb index afee535588..27a544d44a 100644 --- a/documentation/api/v1/root_api_doc.rb +++ b/documentation/api/v1/root_api_doc.rb @@ -10,6 +10,10 @@ module RootApiDoc WORKSPACE_POST_DESC = 'The name of the workspace where this record should be created.' WORKSPACE_POST_EXAMPLE = 'default' HOST_EXAMPLE = '127.0.0.1' + CODE_DESC = 'The error code that was generated.' + CODE_EXAMPLE = 500 + MESSAGE_DESC = 'A message describing the error that occurred.' + MESSAGE_EXAMPLE = 'Undefined method \'empty?\' for nil:NilClass' swagger_root do key :swagger, '2.0' @@ -110,9 +114,15 @@ module RootApiDoc swagger_schema :ErrorModel do key :required, [:message] property :error do + property :code do + key :type, :int32 + key :description, CODE_DESC + key :example, CODE_EXAMPLE + end property :message do key :type, :string - key :example, 'Undefined method \'empty?\' for nil:NilClass' + key :description, MESSAGE_DESC + key :example, MESSAGE_EXAMPLE end end end diff --git a/lib/msf/core/db_manager/http/servlet/auth_servlet.rb b/lib/msf/core/db_manager/http/servlet/auth_servlet.rb index c0f83197f7..7cf8d6ae35 100644 --- a/lib/msf/core/db_manager/http/servlet/auth_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/auth_servlet.rb @@ -99,7 +99,7 @@ module AuthServlet code: code, message: "#{!msg.nil? ? "#{msg} " : nil}Authenticate to access this resource." } - set_json_error_response(error: error, code: error[:code]) + set_json_error_response(response: error, code: error[:code]) } end diff --git a/lib/msf/core/db_manager/http/servlet/credential_servlet.rb b/lib/msf/core/db_manager/http/servlet/credential_servlet.rb index d5a1a0129f..8a9ccedb27 100644 --- a/lib/msf/core/db_manager/http/servlet/credential_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/credential_servlet.rb @@ -30,13 +30,13 @@ module CredentialServlet # This is normally pulled from a class method from the MetasploitCredential class response = [] data.each do |cred| - json = cred.as_json(include: includes).merge('private_class' => cred.private.class.to_s) + json = cred.as_json(include: includes).merge(private_class: cred.private.class.to_s) response << json end response = format_cred_json(data) set_json_data_response(response: response) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error retrieving credentials:', code: 500) end } end @@ -63,7 +63,7 @@ module CredentialServlet response = format_cred_json(data) set_json_response(response.first) rescue => e - set_error_on_response(e) + print_error_and_create_response(error: e, message: 'There was an error updating the credential:', code: 500) end } end @@ -75,7 +75,7 @@ module CredentialServlet data = get_db.delete_credentials(opts) set_json_response(data) rescue => e - set_error_on_response(e) + print_error_and_create_response(error: e, message: 'There was an error deleting the credential:', code: 500) end } end diff --git a/lib/msf/core/db_manager/http/servlet/db_export_servlet.rb b/lib/msf/core/db_manager/http/servlet/db_export_servlet.rb index 91c37de5b9..845f2a7438 100644 --- a/lib/msf/core/db_manager/http/servlet/db_export_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/db_export_servlet.rb @@ -26,7 +26,7 @@ module DbExportServlet response[:db_export_file] = encoded_file set_json_data_response(response: response) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error exporting the database:', code: 500) ensure # Ensure the temporary file gets cleaned up File.delete(opts[:path]) diff --git a/lib/msf/core/db_manager/http/servlet/event_servlet.rb b/lib/msf/core/db_manager/http/servlet/event_servlet.rb index 5515910004..8284d3225d 100644 --- a/lib/msf/core/db_manager/http/servlet/event_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/event_servlet.rb @@ -14,9 +14,13 @@ module EventServlet def self.report_event lambda { - warden.authenticate! - job = lambda { |opts| get_db.report_event(opts) } - exec_report_job(request, &job) + begin + warden.authenticate! + job = lambda { |opts| get_db.report_event(opts) } + exec_report_job(request, &job) + rescue => e + print_error_and_create_response(error: e, message: 'There was an error creating the event:', code: 500) + end } end end \ No newline at end of file diff --git a/lib/msf/core/db_manager/http/servlet/host_servlet.rb b/lib/msf/core/db_manager/http/servlet/host_servlet.rb index bb2a3eef5d..b801721e7b 100644 --- a/lib/msf/core/db_manager/http/servlet/host_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/host_servlet.rb @@ -33,7 +33,7 @@ module HostServlet includes = [:loots] set_json_data_response(response: data, includes: includes) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error getting hosts:', code: 500) end } end @@ -43,11 +43,11 @@ module HostServlet warden.authenticate! begin job = lambda { |opts| - data = get_db.report_host(opts) + get_db.report_host(opts) } exec_report_job(request, &job) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error creating the host:', code: 500) end } end @@ -62,7 +62,7 @@ module HostServlet data = get_db.update_host(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error updating the host:', code: 500) end } end @@ -75,7 +75,7 @@ module HostServlet data = get_db.delete_host(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error deleting hosts:', code: 500) end } end @@ -89,7 +89,7 @@ module HostServlet data = get_db.get_host(opts) set_json_data_response(response: data) rescue Exception => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error searching for hosts:', code: 500) end } end diff --git a/lib/msf/core/db_manager/http/servlet/login_servlet.rb b/lib/msf/core/db_manager/http/servlet/login_servlet.rb index bbf73d6a77..ca926671cd 100644 --- a/lib/msf/core/db_manager/http/servlet/login_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/login_servlet.rb @@ -26,7 +26,7 @@ module LoginServlet response = get_db.logins(sanitized_params) set_json_response(response) rescue => e - set_error_on_response(e) + print_error_and_create_response(error: e, message: 'There was an error retrieving logins:', code: 500) end } end @@ -40,7 +40,7 @@ module LoginServlet response = get_db.create_credential_login(opts) set_json_response(response) rescue => e - set_error_on_response(e) + print_error_and_create_response(error: e, message: 'There was an error creating the login:', code: 500) end } end @@ -54,7 +54,7 @@ module LoginServlet data = get_db.update_login(opts) set_json_response(data) rescue => e - set_error_on_response(e) + print_error_and_create_response(error: e, message: 'There was an error updating the login:', code: 500) end } end @@ -66,7 +66,7 @@ module LoginServlet data = get_db.delete_logins(opts) set_json_response(data) rescue => e - set_error_on_response(e) + print_error_and_create_response(error: e, message: 'There was an error deleting the logins:', code: 500) end } end diff --git a/lib/msf/core/db_manager/http/servlet/loot_servlet.rb b/lib/msf/core/db_manager/http/servlet/loot_servlet.rb index d92bef54ab..93b2fc3b7b 100644 --- a/lib/msf/core/db_manager/http/servlet/loot_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/loot_servlet.rb @@ -31,7 +31,7 @@ module LootServlet end set_json_data_response(response: data, includes: includes) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error retrieving the loot:', code: 500) end } end @@ -63,7 +63,7 @@ module LootServlet data = get_db.update_loot(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error updating the loot:', code: 500) end } end @@ -76,7 +76,7 @@ module LootServlet data = get_db.delete_loot(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error deleting the loot:', code: 500) end } end diff --git a/lib/msf/core/db_manager/http/servlet/msf_servlet.rb b/lib/msf/core/db_manager/http/servlet/msf_servlet.rb index cf2ca26a38..ba2a678895 100644 --- a/lib/msf/core/db_manager/http/servlet/msf_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/msf_servlet.rb @@ -18,8 +18,12 @@ module MsfServlet def self.get_msf_version lambda { - warden.authenticate! - set_json_data_response(response: { metasploit_version: Metasploit::Framework::VERSION }) + begin + warden.authenticate! + set_json_data_response(response: { metasploit_version: Metasploit::Framework::VERSION }) + rescue => e + print_error_and_create_response(error: e, message: 'There was an error retrieving the version:', code: 500) + end } end diff --git a/lib/msf/core/db_manager/http/servlet/note_servlet.rb b/lib/msf/core/db_manager/http/servlet/note_servlet.rb index d20b628af9..a90f5966fa 100644 --- a/lib/msf/core/db_manager/http/servlet/note_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/note_servlet.rb @@ -28,7 +28,7 @@ module NoteServlet includes = [:host] set_json_data_response(response: data, includes: includes) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error retrieving notes:', code: 500) end } end @@ -36,14 +36,10 @@ module NoteServlet def self.report_note lambda { warden.authenticate! - begin - job = lambda { |opts| - get_db.report_note(opts) - } - exec_report_job(request, &job) - rescue => e - set_json_error_response(error: e, code: 500) - end + job = lambda { |opts| + get_db.report_note(opts) + } + exec_report_job(request, &job) } end @@ -57,7 +53,7 @@ module NoteServlet data = get_db.update_note(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error updating the note:', code: 500) end } end @@ -70,7 +66,7 @@ module NoteServlet data = get_db.delete_note(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error deleting the note:', code: 500) end } end diff --git a/lib/msf/core/db_manager/http/servlet/service_servlet.rb b/lib/msf/core/db_manager/http/servlet/service_servlet.rb index cd2944f26e..11d7a8b62b 100644 --- a/lib/msf/core/db_manager/http/servlet/service_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/service_servlet.rb @@ -28,7 +28,7 @@ module ServiceServlet includes = [:host] set_json_data_response(response: data, includes: includes) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error retrieving services:', code: 500) end } end @@ -52,7 +52,7 @@ module ServiceServlet data = get_db.update_service(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error updating the service:', code: 500) end } end @@ -65,7 +65,7 @@ module ServiceServlet data = get_db.delete_service(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error deleting the service:', code: 500) end } end diff --git a/lib/msf/core/db_manager/http/servlet/session_event_servlet.rb b/lib/msf/core/db_manager/http/servlet/session_event_servlet.rb index 3cfaac2d20..5b7e78eec0 100644 --- a/lib/msf/core/db_manager/http/servlet/session_event_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/session_event_servlet.rb @@ -25,7 +25,7 @@ module SessionEventServlet data = get_db.session_events(sanitized_params) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error retrieving session events:', code: 500) end } end @@ -33,14 +33,10 @@ module SessionEventServlet def self.report_session_event lambda { warden.authenticate! - begin - job = lambda { |opts| - get_db.report_session_event(opts) - } - exec_report_job(request, &job) - rescue => e - set_json_error_response(error: e, code: 500) - end + job = lambda { |opts| + get_db.report_session_event(opts) + } + exec_report_job(request, &job) } end end \ No newline at end of file diff --git a/lib/msf/core/db_manager/http/servlet/session_servlet.rb b/lib/msf/core/db_manager/http/servlet/session_servlet.rb index cbfdd492ba..f54cebc32c 100644 --- a/lib/msf/core/db_manager/http/servlet/session_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/session_servlet.rb @@ -26,7 +26,7 @@ module SessionServlet includes = [:host] set_json_data_response(response: data, includes: includes) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error retrieving sessions:', code: 500) end } end @@ -44,7 +44,7 @@ module SessionServlet } exec_report_job(request, &job) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error creating the session:', code: 500) end } end diff --git a/lib/msf/core/db_manager/http/servlet/user_servlet.rb b/lib/msf/core/db_manager/http/servlet/user_servlet.rb index c1ceff26ec..5804a8ac8c 100644 --- a/lib/msf/core/db_manager/http/servlet/user_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/user_servlet.rb @@ -27,7 +27,7 @@ module UserServlet data = get_db.users(sanitized_params) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error retrieving users:', code: 500) end } end @@ -35,14 +35,10 @@ module UserServlet def self.report_user lambda { warden.authenticate!(scope: :admin_api) - begin - job = lambda { |opts| - get_db.report_user(opts) - } - exec_report_job(request, &job) - rescue => e - set_json_error_response(error: e, code: 500) - end + job = lambda { |opts| + get_db.report_user(opts) + } + exec_report_job(request, &job) } end @@ -56,7 +52,7 @@ module UserServlet data = get_db.update_user(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error creating the user:', code: 500) end } end @@ -69,7 +65,7 @@ module UserServlet data = get_db.delete_user(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error deleting the users:', code: 500) end } end diff --git a/lib/msf/core/db_manager/http/servlet/vuln_attempt_servlet.rb b/lib/msf/core/db_manager/http/servlet/vuln_attempt_servlet.rb index ae6f64cfa6..4e350a4e98 100644 --- a/lib/msf/core/db_manager/http/servlet/vuln_attempt_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/vuln_attempt_servlet.rb @@ -25,7 +25,7 @@ module VulnAttemptServlet data = get_db.vuln_attempts(sanitized_params) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error retrieving vuln attempts:', code: 500) end } end @@ -33,17 +33,13 @@ module VulnAttemptServlet def self.report_vuln_attempt lambda { warden.authenticate! - begin - job = lambda { |opts| - vuln_id = opts.delete(:vuln_id) - wspace = opts.delete(:workspace) - vuln = get_db.vulns(id: vuln_id, workspace: wspace).first - get_db.report_vuln_attempt(vuln, opts) - } - exec_report_job(request, &job) - rescue => e - set_json_error_response(error: e, code: 500) - end + job = lambda { |opts| + vuln_id = opts.delete(:vuln_id) + wspace = opts.delete(:workspace) + vuln = get_db.vulns(id: vuln_id, workspace: wspace).first + get_db.report_vuln_attempt(vuln, opts) + } + exec_report_job(request, &job) } end end \ No newline at end of file diff --git a/lib/msf/core/db_manager/http/servlet/vuln_servlet.rb b/lib/msf/core/db_manager/http/servlet/vuln_servlet.rb index 85f0b878c8..26b5615a76 100644 --- a/lib/msf/core/db_manager/http/servlet/vuln_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/vuln_servlet.rb @@ -28,7 +28,7 @@ module VulnServlet includes = [:host, :vulns_refs, :refs, :module_refs] set_json_data_response(response: data, includes: includes) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error retrieving vulns:', code: 500) end } end @@ -36,14 +36,10 @@ module VulnServlet def self.report_vuln lambda { warden.authenticate! - begin - job = lambda { |opts| - get_db.report_vuln(opts) - } - exec_report_job(request, &job) - rescue => e - set_json_error_response(error: e, code: 500) - end + job = lambda { |opts| + get_db.report_vuln(opts) + } + exec_report_job(request, &job) } end @@ -57,7 +53,7 @@ module VulnServlet data = get_db.update_vuln(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error updating the vuln:', code: 500) end } end @@ -70,7 +66,7 @@ module VulnServlet data = get_db.delete_vuln(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error deleting the vulns:', code: 500) end } end diff --git a/lib/msf/core/db_manager/http/servlet/workspace_servlet.rb b/lib/msf/core/db_manager/http/servlet/workspace_servlet.rb index b45ab923b8..673ae222f4 100644 --- a/lib/msf/core/db_manager/http/servlet/workspace_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/workspace_servlet.rb @@ -30,7 +30,7 @@ module WorkspaceServlet set_json_data_response(response: data, includes: includes) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error retrieving workspaces:', code: 500) end } end @@ -43,7 +43,7 @@ module WorkspaceServlet data = get_db.add_workspace(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error creating the workspace:', code: 500) end } end @@ -58,7 +58,7 @@ module WorkspaceServlet data = get_db.update_workspace(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error updating the workspace:', code: 500) end } end @@ -71,7 +71,7 @@ module WorkspaceServlet data = get_db.delete_workspaces(opts) set_json_data_response(response: data) rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error deleting the workspaces:', code: 500) end } end diff --git a/lib/msf/core/db_manager/http/servlet_helper.rb b/lib/msf/core/db_manager/http/servlet_helper.rb index 069b8325e2..d2e2b6f640 100644 --- a/lib/msf/core/db_manager/http/servlet_helper.rb +++ b/lib/msf/core/db_manager/http/servlet_helper.rb @@ -26,10 +26,9 @@ module ServletHelper set_json_response(data_response, includes = includes, code = code) end - def set_json_error_response(error:, includes: nil, code:) - print_error "Error handling request: #{error.message}", error - error_response = { error: { message: error.message } } - set_json_response(error_response, includes = includes, code = code) + def set_json_error_response(response:, code:) + error_response = { error: response } + set_json_response(error_response, nil, code = code) end def set_html_response(data) @@ -48,6 +47,15 @@ module ServletHelper hash.deep_symbolize_keys end + def print_error_and_create_response(error: , message:, code:) + print_error "Error handling request: #{error.message}.", error + error_response = { + code: code, + message: "#{message} #{error.message}" + } + set_json_error_response(response: error_response, code: code) + end + def exec_report_job(request, includes = nil, &job) begin @@ -64,7 +72,7 @@ module ServletHelper end rescue => e - set_json_error_response(error: e, code: 500) + print_error_and_create_response(error: e, message: 'There was an error creating the record:', code: 500) end end