From 503a2276f27642ef9aaad53daa6c9893d926cf90 Mon Sep 17 00:00:00 2001 From: James Barnett Date: Tue, 24 Jul 2018 15:25:48 -0500 Subject: [PATCH] Convert creds to use new format --- .../http/remote_credential_data_service.rb | 17 +++++++++-------- .../remote/http/response_data_helper.rb | 7 ++++--- .../http/servlet/credential_servlet.rb | 4 ++-- 3 files changed, 15 insertions(+), 13 deletions(-) diff --git a/lib/metasploit/framework/data_service/remote/http/remote_credential_data_service.rb b/lib/metasploit/framework/data_service/remote/http/remote_credential_data_service.rb index 273a023e89..6feded4784 100644 --- a/lib/metasploit/framework/data_service/remote/http/remote_credential_data_service.rb +++ b/lib/metasploit/framework/data_service/remote/http/remote_credential_data_service.rb @@ -10,15 +10,16 @@ module RemoteCredentialDataService def creds(opts = {}) data = self.get_data(CREDENTIAL_API_PATH, nil, opts) rv = json_to_mdm_object(data, CREDENTIAL_MDM_CLASS, []) - parsed_body = JSON.parse(data.response.body) - parsed_body.each do |cred| - if cred['private'] - private_object = to_ar(cred['private']['type'].constantize, cred['private']) - rv[parsed_body.index(cred)].private = private_object + parsed_body = JSON.parse(data.response.body).deep_symbolize_keys + data = parsed_body[:data] + data.each do |cred| + if cred[:private] + private_object = to_ar(cred[:private][:type].constantize, cred[:private]) + rv[data.index(cred)].private = private_object end - if cred['origin'] - origin_object = to_ar(cred['origin']['type'].constantize, cred['origin']) - rv[parsed_body.index(cred)].origin = origin_object + if cred[:origin] + origin_object = to_ar(cred[:origin][:type].constantize, cred[:origin]) + rv[data.index(cred)].origin = origin_object end end rv diff --git a/lib/metasploit/framework/data_service/remote/http/response_data_helper.rb b/lib/metasploit/framework/data_service/remote/http/response_data_helper.rb index 79f9816750..4d7eccc4ac 100644 --- a/lib/metasploit/framework/data_service/remote/http/response_data_helper.rb +++ b/lib/metasploit/framework/data_service/remote/http/response_data_helper.rb @@ -27,7 +27,8 @@ module ResponseDataHelper begin body = process_response(response_wrapper) unless body.nil? || body.empty? - return JSON.parse(body).symbolize_keys + parsed_body = JSON.parse(body).deep_symbolize_keys + return parsed_body[:data] end rescue => e elog "Error parsing response as JSON: #{e.message}" @@ -46,7 +47,7 @@ module ResponseDataHelper def json_to_mdm_object(response_wrapper, mdm_class, returns_on_error = nil) if response_wrapper.expected begin - body = response_wrapper.response.body + body = process_response(response_wrapper) if !body.nil? || !body.empty? parsed_body = JSON.parse(body).symbolize_keys data = Array.wrap(parsed_body[:data]) @@ -58,7 +59,7 @@ module ResponseDataHelper end rescue => e elog "Mdm Object conversion failed #{e.message}" - e.backtrace.each { |line| elog "#{line}\n" } + e.backtrace.each { |line| elog "#{line}" } end end diff --git a/lib/msf/core/db_manager/http/servlet/credential_servlet.rb b/lib/msf/core/db_manager/http/servlet/credential_servlet.rb index bd6de17478..d5a1a0129f 100644 --- a/lib/msf/core/db_manager/http/servlet/credential_servlet.rb +++ b/lib/msf/core/db_manager/http/servlet/credential_servlet.rb @@ -25,7 +25,7 @@ module CredentialServlet begin sanitized_params = sanitize_params(params) data = get_db.creds(sanitized_params) - + includes = [:logins, :public, :private, :realm] # Need to append the human attribute into the private sub-object before converting to json # This is normally pulled from a class method from the MetasploitCredential class response = [] @@ -34,7 +34,7 @@ module CredentialServlet response << json end response = format_cred_json(data) - set_json_response(response) + set_json_data_response(response: response) rescue => e set_json_error_response(error: e, code: 500) end