Land #7342, remove OSVDB links and references from library code - leave in modules
commit
b4b709d921
|
@ -182,7 +182,6 @@ module Msf::DBManager::Import::Nmap
|
||||||
:info => 'Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution',
|
:info => 'Microsoft Windows Server Service Crafted RPC Request Handling Unspecified Remote Code Execution',
|
||||||
:refs =>['CVE-2008-4250',
|
:refs =>['CVE-2008-4250',
|
||||||
'BID-31874',
|
'BID-31874',
|
||||||
'OSVDB-49243',
|
|
||||||
'CWE-94',
|
'CWE-94',
|
||||||
'MSFT-MS08-067',
|
'MSFT-MS08-067',
|
||||||
'MSF-Microsoft Server Service Relative Path Stack Corruption',
|
'MSF-Microsoft Server Service Relative Path Stack Corruption',
|
||||||
|
@ -204,8 +203,6 @@ module Msf::DBManager::Import::Nmap
|
||||||
'BID-18325',
|
'BID-18325',
|
||||||
'BID-18358',
|
'BID-18358',
|
||||||
'BID-18424',
|
'BID-18424',
|
||||||
'OSVDB-26436',
|
|
||||||
'OSVDB-26437',
|
|
||||||
'MSFT-MS06-025',
|
'MSFT-MS06-025',
|
||||||
'MSF-Microsoft RRAS Service RASMAN Registry Overflow',
|
'MSF-Microsoft RRAS Service RASMAN Registry Overflow',
|
||||||
'NSS-21689']
|
'NSS-21689']
|
||||||
|
@ -224,7 +221,6 @@ module Msf::DBManager::Import::Nmap
|
||||||
:info => 'Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution',
|
:info => 'Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution',
|
||||||
# Add more refs based on nessus/nexpose .. results
|
# Add more refs based on nessus/nexpose .. results
|
||||||
:refs =>['CVE-2007-1748',
|
:refs =>['CVE-2007-1748',
|
||||||
'OSVDB-34100',
|
|
||||||
'MSF-Microsoft DNS RPC Service extractQuotedChar()',
|
'MSF-Microsoft DNS RPC Service extractQuotedChar()',
|
||||||
'NSS-25168']
|
'NSS-25168']
|
||||||
}
|
}
|
||||||
|
|
|
@ -158,7 +158,6 @@ module Msf::DBManager::ModuleCache
|
||||||
# +edb+:: Matches modules with the given Exploit-DB ID.
|
# +edb+:: Matches modules with the given Exploit-DB ID.
|
||||||
# +name+:: Matches modules with the given full name or name.
|
# +name+:: Matches modules with the given full name or name.
|
||||||
# +os+, +platform+:: Matches modules with the given platform or target name.
|
# +os+, +platform+:: Matches modules with the given platform or target name.
|
||||||
# +osvdb+:: Matches modules with the given OSVDB ID.
|
|
||||||
# +ref+:: Matches modules with the given reference ID.
|
# +ref+:: Matches modules with the given reference ID.
|
||||||
# +type+:: Matches modules with the given type.
|
# +type+:: Matches modules with the given type.
|
||||||
#
|
#
|
||||||
|
@ -277,7 +276,7 @@ module Msf::DBManager::ModuleCache
|
||||||
|
|
||||||
query = query.includes(:refs).references(:refs)
|
query = query.includes(:refs).references(:refs)
|
||||||
union_conditions << Mdm::Module::Ref.arel_table[:name].matches_any(formatted_values)
|
union_conditions << Mdm::Module::Ref.arel_table[:name].matches_any(formatted_values)
|
||||||
when 'cve', 'bid', 'osvdb', 'edb'
|
when 'cve', 'bid', 'edb'
|
||||||
formatted_values = value_set.collect { |value|
|
formatted_values = value_set.collect { |value|
|
||||||
prefix = keyword.upcase
|
prefix = keyword.upcase
|
||||||
|
|
||||||
|
|
|
@ -77,7 +77,7 @@ class Msf::Module::SiteReference < Msf::Module::Reference
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initializes a site reference from an array. ary[0] is the site and
|
# Initializes a site reference from an array. ary[0] is the site and
|
||||||
# ary[1] is the site context identifier, such as OSVDB.
|
# ary[1] is the site context identifier, such as CVE.
|
||||||
#
|
#
|
||||||
def self.from_a(ary)
|
def self.from_a(ary)
|
||||||
return nil if (ary.length < 2)
|
return nil if (ary.length < 2)
|
||||||
|
@ -95,9 +95,7 @@ class Msf::Module::SiteReference < Msf::Module::Reference
|
||||||
self.ctx_id = in_ctx_id
|
self.ctx_id = in_ctx_id
|
||||||
self.ctx_val = in_ctx_val
|
self.ctx_val = in_ctx_val
|
||||||
|
|
||||||
if (in_ctx_id == 'OSVDB')
|
if (in_ctx_id == 'CVE')
|
||||||
self.site = "http://www.osvdb.org/#{in_ctx_val}"
|
|
||||||
elsif (in_ctx_id == 'CVE')
|
|
||||||
self.site = "http://cvedetails.com/cve/#{in_ctx_val}/"
|
self.site = "http://cvedetails.com/cve/#{in_ctx_val}/"
|
||||||
elsif (in_ctx_id == 'CWE')
|
elsif (in_ctx_id == 'CWE')
|
||||||
self.site = "https://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"
|
self.site = "https://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"
|
||||||
|
@ -150,7 +148,7 @@ class Msf::Module::SiteReference < Msf::Module::Reference
|
||||||
#
|
#
|
||||||
attr_reader :site
|
attr_reader :site
|
||||||
#
|
#
|
||||||
# The context identifier of the site, such as OSVDB.
|
# The context identifier of the site, such as CVE.
|
||||||
#
|
#
|
||||||
attr_reader :ctx_id
|
attr_reader :ctx_id
|
||||||
#
|
#
|
||||||
|
|
|
@ -86,8 +86,6 @@ module Msf::Module::Search
|
||||||
match = [t,w] if refs.any? { |ref| ref =~ /^cve\-/i and ref =~ r }
|
match = [t,w] if refs.any? { |ref| ref =~ /^cve\-/i and ref =~ r }
|
||||||
when 'bid'
|
when 'bid'
|
||||||
match = [t,w] if refs.any? { |ref| ref =~ /^bid\-/i and ref =~ r }
|
match = [t,w] if refs.any? { |ref| ref =~ /^bid\-/i and ref =~ r }
|
||||||
when 'osvdb'
|
|
||||||
match = [t,w] if refs.any? { |ref| ref =~ /^osvdb\-/i and ref =~ r }
|
|
||||||
when 'edb'
|
when 'edb'
|
||||||
match = [t,w] if refs.any? { |ref| ref =~ /^edb\-/i and ref =~ r }
|
match = [t,w] if refs.any? { |ref| ref =~ /^edb\-/i and ref =~ r }
|
||||||
end
|
end
|
||||||
|
|
|
@ -1614,7 +1614,6 @@ class Core
|
||||||
'cve' => 'Modules with a matching CVE ID',
|
'cve' => 'Modules with a matching CVE ID',
|
||||||
'edb' => 'Modules with a matching Exploit-DB ID',
|
'edb' => 'Modules with a matching Exploit-DB ID',
|
||||||
'name' => 'Modules with a matching descriptive name',
|
'name' => 'Modules with a matching descriptive name',
|
||||||
'osvdb' => 'Modules with a matching OSVDB ID',
|
|
||||||
'platform' => 'Modules affecting this platform',
|
'platform' => 'Modules affecting this platform',
|
||||||
'ref' => 'Modules with a matching ref',
|
'ref' => 'Modules with a matching ref',
|
||||||
'type' => 'Modules of a specific type (exploit, auxiliary, or post)',
|
'type' => 'Modules of a specific type (exploit, auxiliary, or post)',
|
||||||
|
|
|
@ -301,8 +301,6 @@ RSpec.shared_examples_for 'Msf::DBManager::ModuleCache' do
|
||||||
|
|
||||||
it_should_behave_like 'Msf::DBManager#search_modules Mdm::Module::Platform#name or Mdm::Module::Target#name keyword', :os
|
it_should_behave_like 'Msf::DBManager#search_modules Mdm::Module::Platform#name or Mdm::Module::Target#name keyword', :os
|
||||||
|
|
||||||
it_should_behave_like 'Msf::DBManager#search_modules Mdm::Module::Ref#name keyword', :osvdb
|
|
||||||
|
|
||||||
it_should_behave_like 'Msf::DBManager#search_modules Mdm::Module::Platform#name or Mdm::Module::Target#name keyword', :platform
|
it_should_behave_like 'Msf::DBManager#search_modules Mdm::Module::Platform#name or Mdm::Module::Target#name keyword', :platform
|
||||||
|
|
||||||
context 'with ref keyword' do
|
context 'with ref keyword' do
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
RSpec.shared_examples_for 'Msf::Module::Search' do
|
RSpec.shared_examples_for 'Msf::Module::Search' do
|
||||||
describe '#search_filter' do
|
describe '#search_filter' do
|
||||||
REF_TYPES = %w(CVE BID OSVDB EDB)
|
REF_TYPES = %w(CVE BID EDB)
|
||||||
|
|
||||||
shared_examples "search_filter" do |opts|
|
shared_examples "search_filter" do |opts|
|
||||||
accept = opts[:accept] || []
|
accept = opts[:accept] || []
|
||||||
|
|
|
@ -178,8 +178,6 @@ class Msftidy
|
||||||
case identifier
|
case identifier
|
||||||
when 'CVE'
|
when 'CVE'
|
||||||
warn("Invalid CVE format: '#{value}'") if value !~ /^\d{4}\-\d{4,}$/
|
warn("Invalid CVE format: '#{value}'") if value !~ /^\d{4}\-\d{4,}$/
|
||||||
when 'OSVDB'
|
|
||||||
warn("Invalid OSVDB format: '#{value}'") if value !~ /^\d+$/
|
|
||||||
when 'BID'
|
when 'BID'
|
||||||
warn("Invalid BID format: '#{value}'") if value !~ /^\d+$/
|
warn("Invalid BID format: '#{value}'") if value !~ /^\d+$/
|
||||||
when 'MSB'
|
when 'MSB'
|
||||||
|
@ -197,9 +195,7 @@ class Msftidy
|
||||||
when 'PACKETSTORM'
|
when 'PACKETSTORM'
|
||||||
warn("Invalid PACKETSTORM reference") if value !~ /^\d+$/
|
warn("Invalid PACKETSTORM reference") if value !~ /^\d+$/
|
||||||
when 'URL'
|
when 'URL'
|
||||||
if value =~ /^http:\/\/www\.osvdb\.org/
|
if value =~ /^http:\/\/cvedetails\.com\/cve/
|
||||||
warn("Please use 'OSVDB' for '#{value}'")
|
|
||||||
elsif value =~ /^http:\/\/cvedetails\.com\/cve/
|
|
||||||
warn("Please use 'CVE' for '#{value}'")
|
warn("Please use 'CVE' for '#{value}'")
|
||||||
elsif value =~ /^http:\/\/www\.securityfocus\.com\/bid\//
|
elsif value =~ /^http:\/\/www\.securityfocus\.com\/bid\//
|
||||||
warn("Please use 'BID' for '#{value}'")
|
warn("Please use 'BID' for '#{value}'")
|
||||||
|
|
|
@ -24,7 +24,6 @@ require 'uri'
|
||||||
def types
|
def types
|
||||||
{
|
{
|
||||||
'ALL' => '',
|
'ALL' => '',
|
||||||
'OSVDB' => 'http://www.osvdb.org/#{in_ctx_val}',
|
|
||||||
'CVE' => 'http://cvedetails.com/cve/#{in_ctx_val}/',
|
'CVE' => 'http://cvedetails.com/cve/#{in_ctx_val}/',
|
||||||
'CWE' => 'http://cwe.mitre.org/data/definitions/#{in_ctx_val}.html',
|
'CWE' => 'http://cwe.mitre.org/data/definitions/#{in_ctx_val}.html',
|
||||||
'BID' => 'http://www.securityfocus.com/bid/#{in_ctx_val}',
|
'BID' => 'http://www.securityfocus.com/bid/#{in_ctx_val}',
|
||||||
|
|
Loading…
Reference in New Issue