Rework how match results get created
MSP-13119 * Create match result when we create vuln attemptbug/bundler_fix
parent
8ffcdbb3fd
commit
c7f15ca940
|
@ -153,6 +153,8 @@ module Msf::DBManager::ExploitAttempt
|
|||
attempt_info[:vuln_id] = vuln.id
|
||||
vuln.vuln_attempts.create(attempt_info)
|
||||
|
||||
create_match_result(vuln,opts)
|
||||
|
||||
# Correct the vuln's associated service if necessary
|
||||
if svc and vuln.service_id.nil?
|
||||
vuln.service = svc
|
||||
|
@ -176,4 +178,22 @@ module Msf::DBManager::ExploitAttempt
|
|||
}
|
||||
|
||||
end
|
||||
|
||||
def create_match_result(vuln, opts)
|
||||
match = vuln.matches.last
|
||||
if match
|
||||
run = MetasploitDataModels::AutomaticExploitation::Run.where(match_set_id: match.match_set_id).first
|
||||
if opts[:session_id]
|
||||
state = MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED
|
||||
else
|
||||
state = MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED
|
||||
end
|
||||
MetasploitDataModels::AutomaticExploitation::MatchResult.create!(
|
||||
match: match,
|
||||
run: run,
|
||||
state: state
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -92,14 +92,7 @@ module Msf::DBManager::Session
|
|||
wspace = s.workspace
|
||||
|
||||
if session
|
||||
if session.exploit.user_data_is_match?
|
||||
MetasploitDataModels::AutomaticExploitation::MatchResult.create!(
|
||||
match: session.exploit.user_data[:match],
|
||||
run: session.exploit.user_data[:run],
|
||||
state: MetasploitDataModels::AutomaticExploitation::MatchResult::SUCCEEDED,
|
||||
)
|
||||
infer_vuln_from_session(session, wspace)
|
||||
elsif session.via_exploit
|
||||
if session.via_exploit
|
||||
# This is a live session, we know the host is vulnerable to something.
|
||||
infer_vuln_from_session(session, wspace)
|
||||
end
|
||||
|
|
|
@ -1284,15 +1284,6 @@ class Exploit < Msf::Module
|
|||
end
|
||||
end
|
||||
|
||||
if user_data_is_match?
|
||||
MetasploitDataModels::AutomaticExploitation::MatchResult.create!(
|
||||
match: user_data[:match],
|
||||
run: user_data[:run],
|
||||
state: MetasploitDataModels::AutomaticExploitation::MatchResult::FAILED,
|
||||
)
|
||||
end
|
||||
|
||||
|
||||
framework.db.report_exploit_failure(info)
|
||||
end
|
||||
|
||||
|
|
|
@ -210,6 +210,7 @@ protected
|
|||
# Wait for session, but don't wait long.
|
||||
delay = 0.01
|
||||
end
|
||||
|
||||
exploit.handle_exception e
|
||||
end
|
||||
|
||||
|
|
|
@ -59,10 +59,6 @@ class Module
|
|||
# datastore, consumed by #replicant to allow clean override of MSF module methods.
|
||||
REPLICANT_EXTENSION_DS_KEY = 'ReplicantExtensions'
|
||||
|
||||
# The set of keys in {#user_data} that make {#user_data_is_match?} return
|
||||
# true
|
||||
MATCH_KEYS = Set.new([ :match, :match_set, :run ])
|
||||
|
||||
# Make include public so we can runtime extend
|
||||
public_class_method :include
|
||||
|
||||
|
@ -295,13 +291,6 @@ class Module
|
|||
raise RuntimeError, "#{reason.to_s}: #{msg}"
|
||||
end
|
||||
|
||||
# Whether {#user_data} contains everything necessary to make a
|
||||
# `MetasploitDataModels::AutomaticExploitation::MatchResult`
|
||||
#
|
||||
# @return [bool]
|
||||
def user_data_is_match?
|
||||
user_data.kind_of?(Hash) && Set.new(user_data.keys).superset?(MATCH_KEYS)
|
||||
end
|
||||
|
||||
##
|
||||
#
|
||||
|
@ -347,7 +336,6 @@ class Module
|
|||
# {Msf::Simple::Auxiliary#run_simple} for correlating where modules came
|
||||
# from.
|
||||
#
|
||||
# @see #user_data_is_match?
|
||||
attr_accessor :user_data
|
||||
|
||||
protected
|
||||
|
|
|
@ -46,17 +46,6 @@ describe Msf::Module do
|
|||
it { is_expected.to respond_to :is_usable }
|
||||
end
|
||||
|
||||
describe '#user_data_is_match?' do
|
||||
subject(:msf_module) {
|
||||
msf_module = described_class.new
|
||||
msf_module.user_data = { match: 'match', match_set: 'match_set', run: 'run' }
|
||||
msf_module
|
||||
}
|
||||
specify do
|
||||
expect(msf_module.user_data_is_match?).to eq(true)
|
||||
end
|
||||
end
|
||||
|
||||
describe "cloning modules into replicants" do
|
||||
module MsfExtensionTestFoo; def my_test1; true; end; end;
|
||||
module MsfExtensionTestBar; def my_test2; true; end; end;
|
||||
|
|
|
@ -46,7 +46,6 @@ shared_examples_for 'Msf::DBManager::Session' do
|
|||
framework: framework,
|
||||
name: name
|
||||
)
|
||||
allow(d).to receive(:user_data_is_match?).and_return(false)
|
||||
d
|
||||
end
|
||||
|
||||
|
@ -137,10 +136,6 @@ shared_examples_for 'Msf::DBManager::Session' do
|
|||
}
|
||||
end
|
||||
|
||||
before do
|
||||
allow(module_instance).to receive(:user_data_is_match?).and_return(true)
|
||||
end
|
||||
|
||||
it 'should make a MatchResult' do
|
||||
expect {
|
||||
report_session
|
||||
|
|
Loading…
Reference in New Issue