SEERM #4821
while looking into what it would take to fix bug 4821, I found that there are no specs
for any of the other methods in command dispatcher. I have attempted to add stubs for a
few of the methods and tested a few of the help outputs.
[#46491831]
Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns. The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
[Fixes#38426061, #38097411]
Msf::Modules::Loader::Directory#read_module_content may calculate a non-existent
module_path that gets passed to File.open causing an Errno::ENOENT exception
to be raised when using the module cache with a module that has been
moved to a new path (as is the case that originally found this bug) or
deleted. Now, the exception is rescued and read_module_content returns
an empty string (''), which load_module detects with
module_content.empty? and returns earlier without attempting to module
eval the (empty) content.
As having Msf::Modules::Loader::Directory#read_module_content rescue the
exception, meant there was another place that needed to log and error
and store an error in Msf::ModuleManager#module_load_error_by_path, I
refactored the error reporting to call
Msf::Modules::Loader::Base#load_error, which handles writing to the log
and setting the Hash, so the error reporting is consistent across the
loaders.
The exception hierarchy was also refactored so that
namespace_module.metasploit_class now has an error raising counter-part:
namespace_module.metasploit_class! that can be used with
Msf::Modules::Loader::Base#load_error as it requires an exception, and
not just a string so the exception class, message, and backtrace can be
logged.
James Lee
Meatballs
sinn3r
lsanchez-r7
Luke Imhoff