[#49858419]
[SEERM #7958]
metasploit_data_models 0.14.3 relaxes the validation on
Mdm::Module::Detail#stance so it only needs to be in
Mdm::Module::Detail::STANCES if Mdm::Module::Detail#mtype is 'auxiliary'
or 'exploit' as framework only supplies a stance for those types when
using Mdm::Module::Detail.
Some users are having trouble installing pcap. Others want postgres to
remain optional. The move to requiring bundler in a git environment has
made this hard.
This commit provides a path for these users. By default, bundler will
install all gems, including postgres and pcaprub. If it fails to
install some, Metasploit will not function. But there is hope. Users
can explicitly exclude the gem groups they don't want.
For example:
bundle install --without db pcap
will exclude the pcap and postgres gems (and their depedencies).
bundle install --without db pcap development test
will exclude all non-essential gems.
The good news is that the user only needs to use the `--without` option
once. Bundler will remember it. So future runs can still do `bundle
install` (or simply `bundle`) and the gems will still be excluded. And
if the user changes their mind and wants the optional gems, they can
remove their stored *without* preference using:
bundle config --delete without
[FIXRM #7891]
[#46491831]
Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns. The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
[#45771305]
MetasploitDataModels 0.6.1 adds a re-usable yard.rake so that all
Metasploit project don't have to define their own. It also adds guards
so that the YARD tasks aren't defined (and don't cause errors) if YARD
is not available.
This also adds support for making the Rakefile work with `bundle install
--without development test` so it still functions in the bundle building
environment for Pro.
[#44034071]
metasploit_data_models version 0.5.0 copied the migrations from
metasploit-framework/data/sql/migrate to
metasploit_data_models/db/migrate so that specs could be written the Mdm
models in metasploit_data_models. As part of the specs, :null => false
columns that should be :null => true were discovered, so a new migration
was added, but to metasploit_data_models/db/migrate, so it could be
tested. Instead of replicating migrations back and forth, I'm removing
the migrations completely from metasploit-framework and changing the
default migration path in Msf::DbManager#migration_paths to
MetasploitDataModels.root.join('db', 'migrate').
[#41837027]
Mdm::CredFile is only used in Pro, so for metasploit_data_models 0.4.0,
Mdm::CredFiles has been moved to Pro, so the migration has been moved to
Pro too.
[#38274165]
metasploit_data_models already declares pg as a runtime dependency in
its gemspec, so there is no need to add pg as a direct dependency of
metasploit-framework, since metasploit-framework only needs pg for
metasploit_data_models.
I missed a spot where I referenced the nested_paths as nested_pathnams
after I renamed the variable. Now, Msf::ModuleManager#add_module_paths
has rspec tests.
Rspec can be invoked with `rake` as the default task or `rake spec`
explicitly.
I changed RuntimeError to ArgumentError since that error was more
specific to having a bad argument error. I adding missing dependencies
to the Gemfile and a require to msf/core/db_manager.rb where it errored
out trying to access Msf::Config when I just did require 'msf/core' in
the spec.
[#36737359]
Refactor the behavior of loading symbolic modules from cache by renaming
methods so it's clearer what they do and ensure that cached modules from
Fastlibs and directories can both be loaded, which was not previously
possible since the demand_load_module only called load_module_from_file.
[#36737359]
When starting msfconsole, 'bundler/setup' is not required, the
'msf/env/gemcache' is required instead. Unlike 'bundler/setup' the
msf/env gemcache does not do the automatic requires for gems in the
cache, so explicit requires on 'active_support/concern' is needed to get
ActiveSupport::Concern defined. (I could have done require
'active_support' to match the behavior of 'bundler/setup', but a smaller
require seemed more appropriate.
[Fixes#36737359]
Refactor Msf::ModuleManager into concerns so its easier to understand and
duplicate code can be made DRY. The refactoring also ensures that when
loading from directories, Fastlibs, or reloading, the wrapper module will
always be named so that activesupport/dependencies will function.