Update match result creation logic
MSP-13119 * Look up match on match set for the run * If no match exists in the match set for the vuln, attempt to create a match for the vulnbug/bundler_fix
parent
359306a1a4
commit
9230b04674
|
@ -183,17 +183,17 @@ module Msf::DBManager::ExploitAttempt
|
||||||
# @option opts [Integer] :run_id
|
# @option opts [Integer] :run_id
|
||||||
# @return [void]
|
# @return [void]
|
||||||
def create_match_result_for_vuln(vuln, opts)
|
def create_match_result_for_vuln(vuln, opts)
|
||||||
run_id = opts[:run_id]
|
run = MetasploitDataModels::AutomaticExploitation::Run.where(id:opts[:run_id]).last
|
||||||
match = MetasploitDataModels::AutomaticExploitation::Match.by_run_id(run_id).last
|
|
||||||
|
|
||||||
# If no match found for run, create a run if a vuln has a match
|
if run.present?
|
||||||
unless match.present?
|
match = MetasploitDataModels::AutomaticExploitation::Match.by_run_and_vuln(run,vuln).last
|
||||||
match, run = create_run_for_vuln(vuln,opts)
|
|
||||||
end
|
|
||||||
|
# If no match found
|
||||||
|
unless match.present?
|
||||||
|
match = create_match_for_vuln(vuln,opts.merge(run:run))
|
||||||
|
end
|
||||||
|
|
||||||
# Only create a match result if a match exists
|
|
||||||
if match.present?
|
|
||||||
run ||= MetasploitDataModels::AutomaticExploitation::Run.find(run_id)
|
|
||||||
create_match_result(opts.merge(match:match,run:run))
|
create_match_result(opts.merge(match:match,run:run))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -216,30 +216,21 @@ module Msf::DBManager::ExploitAttempt
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
# Create a MetasploitDataModels::AutomaticExploitation::Run for the given vuln
|
# Create a MetasploitDataModels::AutomaticExploitation::Match for the given vuln
|
||||||
# @option vuln [Mdm::Vuln] :vuln
|
# @option vuln [Mdm::Vuln] :vuln
|
||||||
# @option opts [Mdm::Workspace] :workspace
|
# @option opts [Mdm::Workspace] :workspace
|
||||||
# @option opts [String] :username
|
# @option opts [String] :username
|
||||||
# @return [ MetasploitDataModels::AutomaticExploitation::Match, MetasploitDataModels::AutomaticExploitation::Run]
|
# @return [ MetasploitDataModels::AutomaticExploitation::Match, MetasploitDataModels::AutomaticExploitation::Run]
|
||||||
def create_run_for_vuln(vuln,opts)
|
def create_match_for_vuln(vuln,opts)
|
||||||
wspace = opts[:workspace] || workspace
|
wspace = opts[:workspace] || workspace
|
||||||
username = opts[:username]
|
run = opts[:run]
|
||||||
|
module_fullname = opts[:module]
|
||||||
|
|
||||||
match = vuln.matches.last
|
run.match_set.create_match_for_vuln(
|
||||||
|
vuln,
|
||||||
#Only create a run if the vuln has a match
|
workspace: wspace,
|
||||||
if match.present?
|
module_fullname: module_fullname
|
||||||
match_set = match.match_set
|
)
|
||||||
|
|
||||||
user = Mdm::User.where(username: username).first
|
|
||||||
automatic_exploitation_run = MetasploitDataModels::AutomaticExploitation::Run.new
|
|
||||||
automatic_exploitation_run.workspace = wspace
|
|
||||||
automatic_exploitation_run.user = user
|
|
||||||
match_set.runs << automatic_exploitation_run
|
|
||||||
|
|
||||||
automatic_exploitation_run.save!
|
|
||||||
[match, automatic_exploitation_run]
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue