Support getting a workspace via id

Also implements a helper method to sanitize sinatra injected params since it was causing issues downstream. Updated each use of sinatra params to use this helper method.
2018-04-17 12:35:22 -05:00 · 2018-04-17 12:35:22 -05:00 · 82798424b2
parent b569498250
commit 82798424b2
9 changed files with 39 additions and 24 deletions
--- a/lib/metasploit/framework/data_service/remote/http/remote_workspace_data_service.rb
+++ b/lib/metasploit/framework/data_service/remote/http/remote_workspace_data_service.rb
@ -45,7 +45,7 @@ module RemoteWorkspaceDataService
      id = opts.delete(:id)
      path = "#{WORKSPACE_API_PATH}/#{id}"
    end
-    json_to_mdm_object(self.put_data(path, opts), WORKSPACE_MDM_CLASS, [])
+    json_to_mdm_object(self.put_data(path, opts), WORKSPACE_MDM_CLASS, []).first
  end

 end
--- a/lib/msf/core/db_manager/http/servlet/host_servlet.rb
+++ b/lib/msf/core/db_manager/http/servlet/host_servlet.rb
@ -23,7 +23,8 @@ module HostServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        data = get_db().hosts(params.symbolize_keys)
+        sanitized_params = sanitize_params(params)
+        data = get_db.hosts(sanitized_params)
        includes = [:loots]
        set_json_response(data, includes)
      rescue Exception => e
@ -36,7 +37,7 @@ module HostServlet
    lambda {
      begin
        job = lambda { |opts|
-          data = get_db().report_host(opts)
+          data = get_db.report_host(opts)
        }
        exec_report_job(request, &job)
      rescue Exception => e
@ -49,9 +50,9 @@ module HostServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        tmp_params = params.symbolize_keys
+        tmp_params = sanitize_params(params)
        opts[:id] = tmp_params[:id] if tmp_params[:id]
-        data = get_db().update_host(opts)
+        data = get_db.update_host(opts)
        set_json_response(data)
      rescue Exception => e
        set_error_on_response(e)
@ -63,7 +64,7 @@ module HostServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        data = get_db().delete_host(opts)
+        data = get_db.delete_host(opts)
        set_json_response(data)
      rescue Exception => e
        set_error_on_response(e)
--- a/lib/msf/core/db_manager/http/servlet/loot_servlet.rb
+++ b/lib/msf/core/db_manager/http/servlet/loot_servlet.rb
@ -23,7 +23,8 @@ module LootServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        data = get_db().loots(params.symbolize_keys)
+        sanitized_params = sanitize_params(params)
+        data = get_db.loots(sanitized_params)
        includes = [:host]
        data.each do |loot|
          loot.data = Base64.urlsafe_encode64(loot.data) if loot.data
@ -45,7 +46,7 @@ module LootServlet
          opts[:data] = Base64.urlsafe_decode64(opts[:data])
        end

-        get_db().report_loot(opts)
+        get_db.report_loot(opts)
      }
      exec_report_job(request, &job)
    }
@ -55,9 +56,9 @@ module LootServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        tmp_params = params.symbolize_keys
+        tmp_params = sanitize_params(params)
        opts[:id] = tmp_params[:id] if tmp_params[:id]
-        data = get_db().update_loot(opts)
+        data = get_db.update_loot(opts)
        set_json_response(data)
      rescue Exception => e
        set_error_on_response(e)
@ -69,7 +70,7 @@ module LootServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        data = get_db().delete_loot(opts)
+        data = get_db.delete_loot(opts)
        set_json_response(data)
      rescue Exception => e
        set_error_on_response(e)
--- a/lib/msf/core/db_manager/http/servlet/note_servlet.rb
+++ b/lib/msf/core/db_manager/http/servlet/note_servlet.rb
@ -23,7 +23,8 @@ module NoteServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        data = get_db.notes(params.symbolize_keys)
+        sanitized_params = sanitize_params(params)
+        data = get_db.notes(sanitized_params)
        includes = [:host]
        set_json_response(data, includes)
      rescue Exception => e
@ -49,7 +50,7 @@ module NoteServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        tmp_params = params.symbolize_keys
+        tmp_params = sanitize_params(params)
        opts[:id] = tmp_params[:id] if tmp_params[:id]
        data = get_db.update_note(opts)
        set_json_response(data)
--- a/lib/msf/core/db_manager/http/servlet/service_servlet.rb
+++ b/lib/msf/core/db_manager/http/servlet/service_servlet.rb
@ -22,7 +22,7 @@ module ServiceServlet
  def self.get_services
    lambda {
      begin
-        opts = params.symbolize_keys
+        opts = sanitize_params(params)
        data = get_db.services(opts)
        includes = [:host]
        set_json_response(data, includes)
@ -44,7 +44,7 @@ module ServiceServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        tmp_params = params.symbolize_keys
+        tmp_params = sanitize_params(params)
        opts[:id] = tmp_params[:id] if tmp_params[:id]
        data = get_db.update_service(opts)
        set_json_response(data)
--- a/lib/msf/core/db_manager/http/servlet/vuln_servlet.rb
+++ b/lib/msf/core/db_manager/http/servlet/vuln_servlet.rb
@ -23,7 +23,8 @@ module VulnServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        data = get_db.vulns(params.symbolize_keys)
+        sanitized_params = sanitize_params(params)
+        data = get_db.vulns(sanitized_params)
        includes = [:host, :vulns_refs, :refs, :module_refs]
        set_json_response(data, includes)
      rescue Exception => e
@ -49,7 +50,7 @@ module VulnServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        tmp_params = params.symbolize_keys
+        tmp_params = sanitize_params(params)
        opts[:id] = tmp_params[:id] if tmp_params[:id]
        data = get_db.update_vuln(opts)
        set_json_response(data)
--- a/lib/msf/core/db_manager/http/servlet/workspace_servlet.rb
+++ b/lib/msf/core/db_manager/http/servlet/workspace_servlet.rb
@ -9,7 +9,7 @@ module WorkspaceServlet
    end

    def self.registered(app)
-      app.get WorkspaceServlet.api_path, &get_workspace
+      app.get WorkspaceServlet.api_path_with_id, &get_workspace
      app.post WorkspaceServlet.api_path, &add_workspace
      app.put WorkspaceServlet.api_path_with_id, &update_workspace
      app.delete WorkspaceServlet.api_path, &delete_workspace
@ -24,7 +24,8 @@ module WorkspaceServlet
        begin
          opts = parse_json_request(request, false)
          includes = nil
-          data = get_db.workspaces(params.symbolize_keys)
+          sanitized_params = sanitize_params(params)
+          data = get_db.workspaces(sanitized_params)

          set_json_response(data, includes)
        rescue Exception => e
@ -49,7 +50,7 @@ module WorkspaceServlet
    lambda {
      begin
        opts = parse_json_request(request, false)
-        tmp_params = params.symbolize_keys
+        tmp_params = sanitize_params(params)
        opts[:id] = tmp_params[:id] if tmp_params[:id]
        data = get_db.update_workspace(opts)
        set_json_response(data)
--- a/lib/msf/core/db_manager/http/servlet_helper.rb
+++ b/lib/msf/core/db_manager/http/servlet_helper.rb
@ -12,7 +12,7 @@ module ServletHelper
    [500, headers, error.message]
  end

-  def set_empty_response()
+  def set_empty_response
    [200,  '']
  end

@ -41,7 +41,7 @@ module ServletHelper
      exec_async = opts.delete(:exec_async)
      if (exec_async)
        JobProcessor.instance.submit_job(opts, &job)
-        return set_empty_response()
+        return set_empty_response
      else
        data = job.call(opts)
        return set_json_response(data, includes)
@ -52,10 +52,19 @@ module ServletHelper
    end
  end

-  def get_db()
+  def get_db
    DBManagerProxy.instance.db
  end

+  # Sinatra injects extra parameters for some reason: https://github.com/sinatra/sinatra/issues/453
+  # This method cleans those up so we don't have any unexpected values before passing on.
+  #
+  # @param [Hash] params Hash containing the parameters for the request.
+  # @return [Hash] Returns params with symbolized keys and the injected parameters removed.
+  def sanitize_params(params)
+    params.symbolize_keys.except(:captures, :splat)
+  end
+
  #######
  private
  #######
--- a/lib/msf/ui/console/command_dispatcher/db.rb
+++ b/lib/msf/ui/console/command_dispatcher/db.rb
@ -175,7 +175,8 @@ class Db
          name: names.last
      }
      begin
-        framework.db.update_workspace(opts)
+        updated_ws = framework.db.update_workspace(opts)
+        print_status("Renamed workspace: #{updated_ws.name}")
      rescue Exception => e
        print_error "In db.rb, error in the update #{e.message}"
        e.backtrace.each { |line| print_error "#{line}"}