The purpose of these functions is to be able to join file/dir paths
safely without trailing slashes, basically for the same reason as
normalize_uri. Some modules are really buggy when merging paths,
so instead of letting them do it, it's better to use these functions.
SEERM #4821
while looking into what it would take to fix bug 4821, I found that there are no specs
for any of the other methods in command dispatcher. I have attempted to add stubs for a
few of the methods and tested a few of the help outputs.
* Make @framework into a caching method instead
* Allow instantiating with streams for where payloads and comments
should go. This allows us to capture std{out,err} when running specs
* Specs are still woefully under-representative
* Get rid of all the calls to exit
Also adds some minimal testing... which is super slow because it doesn't
cache the framework object across tests.
Conflicts:
msfvenom
Hopefully picked up all the relevant fixes from #2027
PacketFu should be required from the gem, not from the shipped msf
library. Several modules depend on it being available, so this rspec
test mostly just ensures that Msf::Exploit::Capture mixin is still
around.
[#47720609]
Msf::PayloadSet#add_module does NOT return an annotated module class as
Msf::ModuleSet#add_module does because a payload module is defined as a
ruby Module instead of a ruby Class. Since add_module doesn't always
return an annotated_class, the logic in
Msf::ModuleManager#on_module_load needed to change to NOT use
annotated_class and create #add_module as return [void]. Thus, it is
necessary to pass in all the metasploit module metadata to
Msf::ModuleManager#cache_in_memory instead of assuming they can be
derived from the (payload) Module or (other) Class.
[#47720609]
Msf::ModuleManager#module_info_by_path was not being updated when a
module was loaded, so if a load_module was called again, say during
start up of prosvc, the module would reload even though there was no
change in the file because file_changed? couldn't find an entry for the
module's path in module_info_by_path.
[#47720609]
Fix some docs and variable names to make it clearer when methods are
expecting module instance and module classes. Change some 'name'
variables to 'reference_name' since that's the proper terminology.
[#50179803]
[SeeRM #7967]
[SeeRM #7870]
Because metasploit-framework runs migrations with the same process and
with the same connection as it later accesses the database, the column
information can become cached prematurely and be incorrect by the end of
the migrations. Fix the bad cache by automatically resetting the column
information for all model classes after the migrations have run.
[#50179803]
Move Msf::DBManager#migrate and the migrated attribute to
Msf::DBManager::Migration module to lower complexity of db_manager.rb
and in preparation for more migration related code on this branch.
[#49858419]
[SEERM #7958]
metasploit_data_models 0.14.3 relaxes the validation on
Mdm::Module::Detail#stance so it only needs to be in
Mdm::Module::Detail::STANCES if Mdm::Module::Detail#mtype is 'auxiliary'
or 'exploit' as framework only supplies a stance for those types when
using Mdm::Module::Detail.
Fixes deprecation warnings in newer rspec like these
WARNING: subject accessed in a `before(:all)` hook at:
/metasploit-framework/spec/lib/rex/post/meterpreter/packet_spec.rb:455:in `block (3 levels) in <top (required)>'
This is deprecated behavior that will not be supported in RSpec 3.
Also switches to using named subjects for easier reading.
[#47979793]
Multiple files define Msf::DBManager, but it's better to have one spec
for Msf::DBManager, so change spec structure to reflect module and class
hierarchy instead of file hierarchy of defining files.
[#47979793]
[#48414569]
Even though using Timecop locally on OS X makes the `should == <Time>`
work, it fails on travis-ci, so try using `should
be_within(1.second).of(<Time>)` instead.
[#46491831]
The root element was web_page in the source for example that tests that
import_msf_web_vuln_element creates an Mdm::WebVuln. The root element
name did not actually matter for the example, but it looked like an
error and was confusing to read the setup that root element was web_page
instead of the correct web_vuln.
[#46491831]
Move Msf::DBManager#import_msf_xml into
Msf::DBManager::ImportMsfXml#import_msf_xml and include
Msf::DBManager::ImportMsfXml to cut down size of the infamous db.rb.
Break up #import_msf_xml to have separate methods for parsing web_forms,
web_pages, and web_vulns. The method for
web_vulns, #import_msf_web_vuln_element is needed so that it can be overridden in
Pro to handle the Pro-only changes to Mdm::WebVuln.
[#46224565]
The following rake tasks are added and work similar to how they work in
rails apps:
* db:create
* db:drop
* db:migrate
* db:migrate:status
* db:rollback
* db:schema:dump
* db:schema:load
* db:seed (but no db seeds defined at this time)
* db:setup
* db:version
The hidden task db:test:prepare is also available, which means `rake
spec` can depend on it so that the test database is dropped and
recreated from the development database when running specs (Although
there are yet to be database tests, this branch is in preparation for
that work that will be split between multiple developers.)
the ubuntu sslv2 thing caused all kinds of issues with rspec
handling this by expecting those exceptions properly or doing away
with sslv2 where it isn't needed in the examples
They were identical except for a couple of extra bugs in set_cgi.
Also changes ```split("/")``` to ```split("/", -1)```, which behaves
correctly when the input has a seperator at the beginning or end.
In light ofi PR #1476, it would be nice to have some basic, modern,
maintained testing on Rex's HTTP Client proto library.
My rspec fu is quite weak, of course, but this should cover the very
basic cases. There are lots of pending holes, but hey, it's a start.
i lied, there's more. Adds two enumerators and methods to check for
specific ssl version support as well as a quick method to tell if the
server supports ssl at all.
Rubymine's code coverage tools separate collection from reporting so
that multiple runs can have their data merged. To separate, collecting
from reporting, SimpleCov.start is only run when not using Rubymine (as
indicated by a lack of the RM_INFO environment variable). This way,
`rake spec` will collect coverage info and generate the report as
before, but Rubymine will only collect coverage when using 'Run ... with
coverage enabled' button and will only generate a report when using
'Generate Coverage Report' as is the intended behavior in Rubymine.