Address code review comments and bug

2018-03-21 17:42:54 -05:00 · 2018-03-21 17:42:54 -05:00 · eee24366c9
parent f6fddb3113
commit eee24366c9
6 changed files with 36 additions and 31 deletions
--- a/lib/metasploit/framework/data_service/proxy/db_export_data_proxy.rb
+++ b/lib/metasploit/framework/data_service/proxy/db_export_data_proxy.rb
@ -1,13 +1,14 @@
 module DbExportDataProxy
  def run_db_export(path, format)
    begin
-      data_service = self.get_data_service()
-      opts = {}
-      opts[:path] = path
-      opts[:format] = format
+      data_service = self.get_data_service
+      opts = {
+          path: path,
+          format: format
+      }
      data_service.run_db_export(opts)
    rescue Exception => e
      self.log_error(e, "Problem generating DB Export")
    end
  end
-end
+end
--- a/lib/metasploit/framework/data_service/remote/http/remote_db_export_data_service.rb
+++ b/lib/metasploit/framework/data_service/remote/http/remote_db_export_data_service.rb
@ -3,11 +3,11 @@ require 'metasploit/framework/data_service/remote/http/response_data_helper'
 module RemoteDbExportDataService
  include ResponseDataHelper

-  DB_EXPORT_API_PATH = '/api/v1/db_export'
+  DB_EXPORT_API_PATH = '/api/v1/db-export'

  def run_db_export(opts)
    response = json_to_hash(self.get_data(DB_EXPORT_API_PATH, nil, opts))

-    process_file(response[:db_export_file], "#{opts[:path]}")
+    process_file(response[:db_export_file], opts[:path])
  end
-end
+end
--- a/lib/metasploit/framework/data_service/remote/http/response_data_helper.rb
+++ b/lib/metasploit/framework/data_service/remote/http/response_data_helper.rb
@ -10,7 +10,7 @@ module ResponseDataHelper
  # Converts an HTTP response to a Hash
  #
  # @param [ResponseWrapper] A wrapped HTTP response containing a JSON body.
-  # @return [Hash] An object of type mdm_class, which inherits from ActiveRecord::Base
+  # @return [Hash] A Hash interpretation of the JSON body.
  #
  def json_to_hash(response_wrapper)
    begin
@ -155,4 +155,4 @@ module ResponseDataHelper
    OpenStruct.new(hash)
  end

-end
+end
--- a/lib/msf/core/db_export.rb
+++ b/lib/msf/core/db_export.rb
@ -11,6 +11,9 @@ class Export

  attr_accessor :workspace

+  STATUS_START = "start"
+  STATUS_COMPLETE = "complete"
+
  def initialize(workspace)
    self.workspace = workspace
  end
@ -31,7 +34,7 @@ class Export

  # Performs an export of the workspace's `Metasploit::Credential::Login` objects in pwdump format
  # @param path [String] the path on the local filesystem where the exported data will be written
-  # @return [void]
+  # @return [String] The path to the location of the written file.
  def to_pwdump_file(path, &block)
    exporter = Metasploit::Credential::Exporter::Pwdump.new(workspace: workspace)

@ -41,10 +44,12 @@ class Export
    output_file.path
  end

-
+  # Performs an export of the workspace's `Metasploit::Credential::Login` objects in XML format
+  # @param path [String] the path on the local filesystem where the exported data will be written
+  # @return [String] The path to the location of the written file.
  def to_xml_file(path, &block)

-    yield(:status, "start", "report") if block_given?
+    yield(:status, STATUS_START, "report") if block_given?
    extract_target_entries
    report_file = ::File.open(path, "wb")

@ -52,49 +57,49 @@ class Export
    report_file.write %Q|<MetasploitV5>\n|
    report_file.write %Q|<generated time="#{Time.now.utc}" user="#{myusername}" project="#{myworkspace.name.gsub(/[^A-Za-z0-9\x20]/n,"_")}" product="framework"/>\n|

-    yield(:status, "start", "hosts") if block_given?
+    yield(:status, STATUS_START, "hosts") if block_given?
    report_file.write %Q|<hosts>\n|
    report_file.flush
    extract_host_info(report_file)
    report_file.write %Q|</hosts>\n|

-    yield(:status, "start", "events") if block_given?
+    yield(:status, STATUS_START, "events") if block_given?
    report_file.write %Q|<events>\n|
    report_file.flush
    extract_event_info(report_file)
    report_file.write %Q|</events>\n|

-    yield(:status, "start", "services") if block_given?
+    yield(:status, STATUS_START, "services") if block_given?
    report_file.write %Q|<services>\n|
    report_file.flush
    extract_service_info(report_file)
    report_file.write %Q|</services>\n|

-    yield(:status, "start", "web sites") if block_given?
+    yield(:status, STATUS_START, "web sites") if block_given?
    report_file.write %Q|<web_sites>\n|
    report_file.flush
    extract_web_site_info(report_file)
    report_file.write %Q|</web_sites>\n|

-    yield(:status, "start", "web pages") if block_given?
+    yield(:status, STATUS_START, "web pages") if block_given?
    report_file.write %Q|<web_pages>\n|
    report_file.flush
    extract_web_page_info(report_file)
    report_file.write %Q|</web_pages>\n|

-    yield(:status, "start", "web forms") if block_given?
+    yield(:status, STATUS_START, "web forms") if block_given?
    report_file.write %Q|<web_forms>\n|
    report_file.flush
    extract_web_form_info(report_file)
    report_file.write %Q|</web_forms>\n|

-    yield(:status, "start", "web vulns") if block_given?
+    yield(:status, STATUS_START, "web vulns") if block_given?
    report_file.write %Q|<web_vulns>\n|
    report_file.flush
    extract_web_vuln_info(report_file)
    report_file.write %Q|</web_vulns>\n|

-    yield(:status, "start", "module details") if block_given?
+    yield(:status, STATUS_START, "module details") if block_given?
    report_file.write %Q|<module_details>\n|
    report_file.flush
    extract_module_detail_info(report_file)
@ -105,7 +110,7 @@ class Export
    report_file.flush
    report_file.close

-    yield(:status, "complete", "report") if block_given?
+    yield(:status, STATUS_COMPLETE, "report") if block_given?

    report_file.path
  end
@ -543,4 +548,3 @@ class Export
 end
 end
 end
-
--- a/lib/msf/core/db_manager/db_export.rb
+++ b/lib/msf/core/db_manager/db_export.rb
@ -1,15 +1,15 @@
 require 'msf/core/db_export'

 module Msf::DBManager::DbExport
-  def run_db_export(path, format)
+  def run_db_export(opts)
    exporter = Msf::DBManager::Export.new(framework.db.workspace)

-    output_file = exporter.send("to_#{format}_file".intern, path) do |mtype, mstatus, mname|
+    output_file = exporter.send("to_#{opts[:format]}_file".intern, opts[:path]) do |mtype, mstatus, mname|
      if mtype == :status
-        if mstatus == "start"
+        if mstatus == Msf::DBManager::Export::STATUS_START
          puts("    >> Starting export of #{mname}")
        end
-        if mstatus == "complete"
+        if mstatus == Msf::DBManager::Export::STATUS_COMPLETE
          puts("    >> Finished export of #{mname}")
        end
      end
@ -17,4 +17,4 @@ module Msf::DBManager::DbExport

    File.expand_path(output_file)
  end
-end
+end
--- a/lib/msf/core/db_manager/http/servlet/db_export_servlet.rb
+++ b/lib/msf/core/db_manager/http/servlet/db_export_servlet.rb
@ -1,7 +1,7 @@
 module DbExportServlet

  def self.api_path
-    '/api/v1/db_export'
+    '/api/v1/db-export'
  end

  def self.registered(app)
@ -16,9 +16,9 @@ module DbExportServlet
    lambda {
      begin
        opts = params.symbolize_keys
-	      file_name = File.basename(opts[:path])
+	      opts[:path] = File.join(Msf::Config.local_directory, File.basename(opts[:path]))

-        output_file = get_db.run_db_export(File.join(Msf::Config.local_directory, file_name), opts[:format])
+        output_file = get_db.run_db_export(opts)

        encoded_file = Base64.urlsafe_encode64(File.read(File.expand_path(output_file)))
        response = {}