Land #11113, fixes for vuln and credential APIs

2019-01-04 17:05:12 -05:00 · 2019-01-04 17:05:12 -05:00 · b5c4ac6af3
parent 9ac96b213f 1b29e17827
commit b5c4ac6af3
7 changed files with 43 additions and 52 deletions
--- a/documentation/api/v1/vuln_api_doc.rb
+++ b/documentation/api/v1/vuln_api_doc.rb
@ -15,10 +15,9 @@ module VulnApiDoc
  ORIGIN_ID_DESC = 'ID of the associated origin record.'
  ORIGIN_TYPE_DESC = 'The origin type of this vuln.'
  REFS_DESC = 'An array of public reference IDs for this vuln.'
-  REF_ID_DESC = 'The ID of the related Mdm::ModuleRef or Mdm::VulnRef associated with this vuln.'
+  REF_ID_DESC = 'The ID of the related Mdm::Ref associated with this vuln.'
  REF_NAME_DESC = 'Designation for external reference.  May include a prefix for the authority, such as \'CVE-\', in which case the rest of the name is the designation assigned by that authority.'
  REFS_EXAMPLE = ['CVE-2008-4250','OSVDB-49243','MSB-MS08-067']
-  MODULE_REF_DETAIL_ID_DESC = 'The ID of the Mdm::Module::Detail record this ModuleRef is associated with.'

 # Swagger documentation for vulns model
  swagger_schema :Vuln do
@ -32,24 +31,12 @@ module VulnApiDoc
    property :vuln_attempt_count, type: :integer, format: :int32, description: VULN_ATTEMPT_COUNT
    property :origin_id, type: :integer, format: :int32, description: ORIGIN_ID_DESC
    property :origin_type, type: :string, description: ORIGIN_TYPE_DESC
-    property :vuln_refs do
-      key :type, :array
-      items do
-        key :'$ref', :VulnRef
-      end
-    end
    property :refs do
      key :type, :array
      items do
        key :'$ref', :Ref
      end
    end
-    property :module_refs do
-      key :type, :array
-      items do
-        key :'$ref', :ModuleRef
-      end
-    end
    property :created_at, type: :string, format: :date_time, description: RootApiDoc::CREATED_AT_DESC
    property :updated_at, type: :string, format: :date_time, description: RootApiDoc::UPDATED_AT_DESC
  end
@ -63,21 +50,6 @@ module VulnApiDoc
    property :updated_at, type: :string, format: :date_time, description: RootApiDoc::UPDATED_AT_DESC
  end

-  swagger_schema :ModuleRef do
-    key :required, [:name]
-    property :id, type: :integer, format: :int32, description: RootApiDoc::ID_DESC
-    property :detail_id, type: :integer, format: :int32, description: MODULE_REF_DETAIL_ID_DESC
-    property :name, type: :string, required: true, description: REF_NAME_DESC
-  end
-
-  swagger_schema :VulnRef do
-    key :required, [:ref_id, :vuln_id]
-    property :id, type: :integer, format: :int32, description: RootApiDoc::ID_DESC
-    property :ref_id, type: :integer, format: :int32, description: RootApiDoc::CREATED_AT_DESC
-    property :vuln_id, type: :integer, format: :int32, description: RootApiDoc::UPDATED_AT_DESC
-  end
-
-
  swagger_path '/api/v1/vulns' do
    # Swagger documentation for /api/v1/vulns GET
    operation :get do
--- a/lib/metasploit/framework/data_service/remote/http/remote_credential_data_service.rb
+++ b/lib/metasploit/framework/data_service/remote/http/remote_credential_data_service.rb
@ -11,19 +11,19 @@ module RemoteCredentialDataService
    path = get_path_select(opts, CREDENTIAL_API_PATH)
    data = self.get_data(path, nil, opts)
    rv = json_to_mdm_object(data, CREDENTIAL_MDM_CLASS, [])
-    parsed_body = JSON.parse(data.response.body).symbolize_keys
+    parsed_body = JSON.parse(data.response.body, symbolize_names: true)
    data = parsed_body[:data]
    data.each do |cred|
-      if cred['public']
-        public_object = to_ar(cred['public']['type'].constantize, cred['public'])
+      if cred[:public]
+        public_object = to_ar(cred[:public][:type].constantize, cred[:public])
        rv[data.index(cred)].public = public_object
      end
-      if cred['private']
-        private_object = to_ar(cred['private']['type'].constantize, cred['private'])
+      if cred[:private]
+        private_object = to_ar(cred[:private][:type].constantize, cred[:private])
        rv[data.index(cred)].private = private_object
      end
-      if cred['origin']
-        origin_object = to_ar(cred['origin']['type'].constantize, cred['origin'])
+      if cred[:origin]
+        origin_object = to_ar(cred[:origin][:type].constantize, cred[:origin])
        rv[data.index(cred)].origin = origin_object
      end
    end
--- a/lib/metasploit/framework/data_service/remote/http/response_data_helper.rb
+++ b/lib/metasploit/framework/data_service/remote/http/response_data_helper.rb
@ -49,7 +49,7 @@ module ResponseDataHelper
      begin
        body = process_response(response_wrapper)
        if !body.nil? && !body.empty?
-          parsed_body = JSON.parse(body).symbolize_keys
+          parsed_body = JSON.parse(body, symbolize_names: true)
          data = Array.wrap(parsed_body[:data])
          rv = []
          data.each do |json_object|
@ -99,7 +99,7 @@ module ResponseDataHelper
  # @return [ActiveRecord::Base] A klass object, which inherits from ActiveRecord::Base.
  def to_ar(klass, val, base_object = nil)
    return nil unless val
-    data = val.class == Hash ? val.dup : JSON.parse(val)
+    data = val.class == Hash ? val.dup : JSON.parse(val, symbolize_names: true)
    obj = base_object || klass.new

    obj_associations = klass.reflect_on_all_associations(:has_many).reduce({}) do |reflection, i|
@ -107,7 +107,9 @@ module ResponseDataHelper
      reflection
    end

-    data.except(*obj.attributes.keys).each do |k, v|
+    obj_attribute_names = obj.attributes.transform_keys(&:to_sym).keys
+
+    data.except(*obj_attribute_names).each do |k, v|
      association = klass.reflect_on_association(k)
      next unless association

@ -133,7 +135,7 @@ module ResponseDataHelper
          end
      end
    end
-    obj.assign_attributes(data.slice(*obj.attributes.keys))
+    obj.assign_attributes(data.slice(*obj_attribute_names))

    obj.instance_eval do
      # prevent save
--- a/lib/msf/core/db_manager/ref.rb
+++ b/lib/msf/core/db_manager/ref.rb
@ -4,10 +4,16 @@ module Msf::DBManager::Ref
  #
  def find_or_create_ref(opts)
    ret = {}
-    ret[:ref] = get_ref(opts[:name])
-    return ret[:ref] if ret[:ref]

  ::ActiveRecord::Base.connection_pool.with_connection {
+    if opts[:id] && !opts[:id].to_s.empty?
+      return Mdm::Ref.find(opts[:id])
+    end
+
+    if opts[:ref]
+      return get_ref(opts[:name])
+    end
+
    ref = ::Mdm::Ref.where(name: opts[:name]).first_or_initialize

    begin
@ -20,7 +26,7 @@ module Msf::DBManager::Ref
    if ref and ref.changed?
      ref.save!
    end
-    ret[:ref] = ref
+    ref
  }
  end

@ -38,4 +44,4 @@ module Msf::DBManager::Ref
    Mdm::Ref.find_by_name(name)
  }
  end
-end
+end
--- a/lib/msf/core/db_manager/vuln.rb
+++ b/lib/msf/core/db_manager/vuln.rb
@ -262,8 +262,9 @@ module Msf::DBManager::Vuln
  ::ActiveRecord::Base.connection_pool.with_connection {
    wspace = Msf::Util::DBManager.process_opts_workspace(opts, framework, false)
    opts[:workspace] = wspace if wspace
-    id = opts.delete(:id)
-    Mdm::Vuln.update(id, opts)
+    v = Mdm::Vuln.find(opts.delete(:id))
+    v.update!(opts)
+    v
  }
  end

--- a/lib/msf/core/web_services/servlet/vuln_servlet.rb
+++ b/lib/msf/core/web_services/servlet/vuln_servlet.rb
@ -1,5 +1,7 @@
 module VulnServlet

+  JSON_INCLUDES = [:host, :refs, :module_refs]
+
  def self.api_path
    '/api/v1/vulns'
  end
@ -25,9 +27,8 @@ module VulnServlet
      begin
        sanitized_params = sanitize_params(params, env['rack.request.query_hash'])
        data = get_db.vulns(sanitized_params)
-        includes = [:host, :vulns_refs, :refs, :module_refs]
        data = data.first if is_single_object?(data, sanitized_params)
-        set_json_data_response(response: data, includes: includes)
+        set_json_data_response(response: data, includes: JSON_INCLUDES)
      rescue => e
        print_error_and_create_response(error: e, message: 'There was an error retrieving vulns:', code: 500)
      end
@ -51,8 +52,17 @@ module VulnServlet
        opts = parse_json_request(request, false)
        tmp_params = sanitize_params(params)
        opts[:id] = tmp_params[:id] if tmp_params[:id]
+        # update_vuln requires refs to be of type Mdm::Ref
+        # Find or create the Mdm::Ref object before moving on to the update
+        if opts[:refs]
+          refs = []
+          opts[:refs].each do |r|
+            refs << get_db.find_or_create_ref(r)
+          end
+          opts[:refs] = refs
+        end
        data = get_db.update_vuln(opts)
-        set_json_data_response(response: data)
+        set_json_data_response(response: data, includes: JSON_INCLUDES)
      rescue => e
        print_error_and_create_response(error: e, message: 'There was an error updating the vuln:', code: 500)
      end
@ -65,11 +75,11 @@ module VulnServlet
      begin
        opts = parse_json_request(request, false)
        data = get_db.delete_vuln(opts)
-        set_json_data_response(response: data)
+        set_json_data_response(response: data, includes: JSON_INCLUDES)
      rescue => e
        print_error_and_create_response(error: e, message: 'There was an error deleting the vulns:', code: 500)
      end
    }
  end

-end
+end
--- a/lib/msf/core/web_services/views/auth/login.erb
+++ b/lib/msf/core/web_services/views/auth/login.erb
@ -23,4 +23,4 @@
 </div>

 </body>
-</html>
+</html>