From e144cc673822f2fde06b8aabd5cc7fa39e05ceb6 Mon Sep 17 00:00:00 2001
From: Matthew Kienow <matthew_kienow@rapid7.com>
Date: Tue, 23 Oct 2018 23:46:40 -0400
Subject: [PATCH] Move under Msf::WebServices namespace

---
 lib/msf/core/web_services/json_rpc_app.rb     | 106 +++++++++---------
 .../web_services/servlet/json_rpc_servlet.rb  |  54 ++++-----
 msf-json-rpc.ru                               |   2 +-
 3 files changed, 83 insertions(+), 79 deletions(-)

diff --git a/lib/msf/core/web_services/json_rpc_app.rb b/lib/msf/core/web_services/json_rpc_app.rb
index 096d1117af..d441539a71 100644
--- a/lib/msf/core/web_services/json_rpc_app.rb
+++ b/lib/msf/core/web_services/json_rpc_app.rb
@@ -8,60 +8,62 @@ require 'msf/core/web_services/servlet_helper'
 require 'msf/core/web_services/servlet/auth_servlet'
 require 'msf/core/web_services/servlet/json_rpc_servlet'
 
-class JsonRpcApp < Sinatra::Base
-  helpers ServletHelper
-  helpers Msf::RPC::JSON::DispatcherHelper
+module Msf::WebServices
+  class JsonRpcApp < Sinatra::Base
+    helpers ServletHelper
+    helpers Msf::RPC::JSON::DispatcherHelper
 
-  # Servlet registration
-  register AuthServlet
-  register JsonRpcServlet
+    # Servlet registration
+    register AuthServlet
+    register JsonRpcServlet
 
-  set :framework, Msf::Simple::Framework.create({})
-  set :dispatchers, {}
+    set :framework, Msf::Simple::Framework.create({})
+    set :dispatchers, {}
+
+    configure do
+      set :sessions, {key: 'msf-ws.session', expire_after: 300}
+      set :session_secret, ENV.fetch('MSF_WS_SESSION_SECRET') { SecureRandom.hex(16) }
+    end
+
+    before do
+      # store DBManager in request environment so that it is available to Warden
+      request.env['msf.db_manager'] = get_db
+      # store flag indicating whether authentication is initialized in the request environment
+      @@auth_initialized ||= get_db.users({}).count > 0
+      request.env['msf.auth_initialized'] = @@auth_initialized
+    end
+
+    use Warden::Manager do |config|
+      # failed authentication is handled by this application
+      config.failure_app = self
+      # don't intercept 401 responses since the app will provide custom failure messages
+      config.intercept_401 = false
+      config.default_scope = :api
+
+      config.scope_defaults :user,
+                            # whether to persist the result in the session or not
+                            store: true,
+                            # list of strategies to use
+                            strategies: [:password],
+                            # action (route) of the failure application
+                            action: "#{AuthServlet.api_unauthenticated_path}/user"
+
+      config.scope_defaults :api,
+                            # whether to persist the result in the session or not
+                            store: false,
+                            # list of strategies to use
+                            strategies: [:api_token],
+                            # action (route) of the failure application
+                            action: AuthServlet.api_unauthenticated_path
+
+      config.scope_defaults :admin_api,
+                            # whether to persist the result in the session or not
+                            store: false,
+                            # list of strategies to use
+                            strategies: [:admin_api_token],
+                            # action (route) of the failure application
+                            action: AuthServlet.api_unauthenticated_path
+    end
 
-  configure do
-    set :sessions, {key: 'msf-ws.session', expire_after: 300}
-    set :session_secret, ENV.fetch('MSF_WS_SESSION_SECRET') { SecureRandom.hex(16) }
   end
-
-  before do
-    # store DBManager in request environment so that it is available to Warden
-    request.env['msf.db_manager'] = get_db
-    # store flag indicating whether authentication is initialized in the request environment
-    @@auth_initialized ||= get_db.users({}).count > 0
-    request.env['msf.auth_initialized'] = @@auth_initialized
-  end
-
-  use Warden::Manager do |config|
-    # failed authentication is handled by this application
-    config.failure_app = self
-    # don't intercept 401 responses since the app will provide custom failure messages
-    config.intercept_401 = false
-    config.default_scope = :api
-
-    config.scope_defaults :user,
-                          # whether to persist the result in the session or not
-                          store: true,
-                          # list of strategies to use
-                          strategies: [:password],
-                          # action (route) of the failure application
-                          action: "#{AuthServlet.api_unauthenticated_path}/user"
-
-    config.scope_defaults :api,
-                          # whether to persist the result in the session or not
-                          store: false,
-                          # list of strategies to use
-                          strategies: [:api_token],
-                          # action (route) of the failure application
-                          action: AuthServlet.api_unauthenticated_path
-
-    config.scope_defaults :admin_api,
-                          # whether to persist the result in the session or not
-                          store: false,
-                          # list of strategies to use
-                          strategies: [:admin_api_token],
-                          # action (route) of the failure application
-                          action: AuthServlet.api_unauthenticated_path
-  end
-
 end
\ No newline at end of file
diff --git a/lib/msf/core/web_services/servlet/json_rpc_servlet.rb b/lib/msf/core/web_services/servlet/json_rpc_servlet.rb
index d9d7482f32..b13e7328d3 100644
--- a/lib/msf/core/web_services/servlet/json_rpc_servlet.rb
+++ b/lib/msf/core/web_services/servlet/json_rpc_servlet.rb
@@ -1,34 +1,36 @@
 require 'msf/core/rpc'
 
-module JsonRpcServlet
+module Msf::WebServices
+  module JsonRpcServlet
 
-  def self.api_path
-    '/api/:version/json-rpc'
-  end
+    def self.api_path
+      '/api/:version/json-rpc'
+    end
 
-  def self.registered(app)
-    app.post JsonRpcServlet.api_path, &post_rpc
-  end
+    def self.registered(app)
+      app.post JsonRpcServlet.api_path, &post_rpc
+    end
 
-  #######
-  private
-  #######
+    #######
+    private
+    #######
 
-  # Process JSON-RPC request
-  def self.post_rpc
-    lambda {
-      warden.authenticate!
-      begin
-        body = request.body.read
-        tmp_params = sanitize_params(params)
-        data = get_dispatcher(settings.dispatchers, tmp_params[:version].to_sym, settings.framework).process(body)
-        set_raw_response(data)
-      rescue => e
-        print_error("There was an error executing the RPC: #{e.message}.", e)
-        error = Msf::RPC::JSON::Dispatcher.create_error_response(Msf::RPC::JSON::InternalError.new(e))
-        data = Msf::RPC::JSON::Dispatcher.to_json(error)
-        set_raw_response(data, code: 500)
-      end
-    }
+    # Process JSON-RPC request
+    def self.post_rpc
+      lambda {
+        warden.authenticate!
+        begin
+          body = request.body.read
+          tmp_params = sanitize_params(params)
+          data = get_dispatcher(settings.dispatchers, tmp_params[:version].to_sym, framework).process(body)
+          set_raw_response(data)
+        rescue => e
+          print_error("There was an error executing the RPC: #{e.message}.", e)
+          error = Msf::RPC::JSON::Dispatcher.create_error_response(Msf::RPC::JSON::InternalError.new(e))
+          data = Msf::RPC::JSON::Dispatcher.to_json(error)
+          set_raw_response(data, code: 500)
+        end
+      }
+    end
   end
 end
\ No newline at end of file
diff --git a/msf-json-rpc.ru b/msf-json-rpc.ru
index 1bd93c2205..9cad349579 100644
--- a/msf-json-rpc.ru
+++ b/msf-json-rpc.ru
@@ -18,4 +18,4 @@ end
 # Note: setup Rails environment before calling require
 require 'msf/core/web_services/json_rpc_app'
 
-run JsonRpcApp
+run Msf::WebServices::JsonRpcApp