Update match result creation logic

MSP-13119 * Look up match on match set for the run * If no match exists in the match set for the vuln, attempt to create a match for the vuln
2015-09-22 00:24:38 -05:00 · 2015-09-22 00:24:38 -05:00 · 9230b04674
parent 359306a1a4
commit 9230b04674
1 changed files with 19 additions and 28 deletions
--- a/lib/msf/core/db_manager/exploit_attempt.rb
+++ b/lib/msf/core/db_manager/exploit_attempt.rb
@ -183,17 +183,17 @@ module Msf::DBManager::ExploitAttempt
  # @option opts [Integer] :run_id
  # @return [void]
  def create_match_result_for_vuln(vuln, opts)
-    run_id    = opts[:run_id]
-    match = MetasploitDataModels::AutomaticExploitation::Match.by_run_id(run_id).last
+    run = MetasploitDataModels::AutomaticExploitation::Run.where(id:opts[:run_id]).last

-    # If no match found for run, create a run if a vuln has a match
-    unless match.present?
-      match, run = create_run_for_vuln(vuln,opts)
-    end
+    if run.present?
+      match = MetasploitDataModels::AutomaticExploitation::Match.by_run_and_vuln(run,vuln).last
+
+
+      # If no match found
+      unless match.present?
+        match = create_match_for_vuln(vuln,opts.merge(run:run))
+      end

-    # Only create a match result if a match exists
-    if match.present?
-      run ||= MetasploitDataModels::AutomaticExploitation::Run.find(run_id)
      create_match_result(opts.merge(match:match,run:run))
    end
  end
@ -216,30 +216,21 @@ module Msf::DBManager::ExploitAttempt
    )
  end

-  # Create a MetasploitDataModels::AutomaticExploitation::Run for the given vuln
+  # Create a MetasploitDataModels::AutomaticExploitation::Match for the given vuln
  # @option vuln [Mdm::Vuln] :vuln
  # @option opts [Mdm::Workspace] :workspace
  # @option opts [String] :username
  # @return [ MetasploitDataModels::AutomaticExploitation::Match, MetasploitDataModels::AutomaticExploitation::Run]
-  def create_run_for_vuln(vuln,opts)
-    wspace    = opts[:workspace] || workspace
-    username  = opts[:username]
+  def create_match_for_vuln(vuln,opts)
+    wspace  = opts[:workspace] || workspace
+    run     = opts[:run]
+    module_fullname  = opts[:module]

-    match = vuln.matches.last
-
-    #Only create a run if the vuln has a match
-    if match.present?
-      match_set = match.match_set
-
-      user                                 = Mdm::User.where(username: username).first
-      automatic_exploitation_run           = MetasploitDataModels::AutomaticExploitation::Run.new
-      automatic_exploitation_run.workspace = wspace
-      automatic_exploitation_run.user      = user
-      match_set.runs << automatic_exploitation_run
-
-      automatic_exploitation_run.save!
-      [match, automatic_exploitation_run]
-    end
+    run.match_set.create_match_for_vuln(
+      vuln,
+      workspace: wspace,
+      module_fullname: module_fullname
+    )
  end

 end