MSP-11605
The 'Msf::Framework#threads cleaner' shared context fails with a
RuntimeError if `framework.threads?` is false, which would indicate that
cleaning is unnecessary. This change stops 'Msf::Framework#threads
cleaner' from accessing `framework.threads`, which would create threads
only to immediately clean them up.
MSP-11605
`Msf::Framework#threads?` returns whether `Msf::Framework#threads` was
ever initialized. If `Msf::Framework#threads?` is true, then threads
need to be cleaned up, while if it is false then no threads need to be
cleaned up from the current framework.
MSP-11605
`Rex::ThreadFactory.provider` needs to be set in
`Msf::Framework#initialize`, but setting it directly to
`Msf::Framework#threads` eliminates the laziness of
`Msf::Framework#threads`. In order keep `framework.threads` lazy,
`framework` is wrapped in a
`Metasploit::Framework::ThreadFactoryProvider`, which responds to
`spawn`, which is needed by `Rex::ThreadFactory`, by calling
`framework.threads.spawn`, which lazily initialized `framework.threads`
when the first thread needs to be spawned.
MSP-11605
Switch `Msf:Framework#db` from being set in `#initialize` to a custom
method that uses `||=` to lazily initialize the `Msf::DBManager` inside
a `synchronize` block to make it thread safe.
MSP-11605
Store options `Hash` passed to `Msf::Framework#new` in `#options` so
that lazily initialized children, such as DBManager, have access to
those options.
MSP-11605
Switch `Msf::Framework#sessions` from being set in `#initialize` to a
custom method that uses `||=` to lazily initialize the
`Msf::SessionManager` inside a `synchronize` block to make it thread
safe.
#4184
* Appears to have been overlooked somehow in the pre-BlackHat crunch
* V5 will not support credentials
* We are implementing full-workspace zip import/export for credentials
MSP-11605
Switch Msf::Framework#threads to a custom method that uses `||=` to
lazily initialize the `Msf::ThreadManager` inside a `synchronize` block
to make it thread safe.
:metasploit-credential_public factory will randomly
return either a Username or BlankUsername and thus is
not appropriate for when you want tos et an explicit Username.
The :metasploit_credential_username factory should be used for this
instead
MSP-11609
MSP-11147
When using Rubymine's debugger, the tests would run and say there were
no tests and no break points would be hit. It was determined that this
was due the Rubymine's debugger injecting itself into RUBYOPTS and only
working if it's first in RUBYOPT, which means that
'metasploit:framework:spec:threads:suite' must inject '-Ilib
-rmetasploit/framework/spec/threads/logger' at the end of RUBOPT instead
of the beginning.
Actually fixes#3787 as well, since this is the last component needed to
fix that.
See rapid7/meterpreter#102
Also see
055eddeb18
as this brings the shipping binaries up to day with 055eddeb
The merge_check_key method (found in Msf::Module::ModuleInfo)) uses
respond_to? to check is our object includes a merge_info_description
method before merging descriptions. The respond_to? method in 2.1.4
by default no longer checks private and protected methods, and this
is breaking our merge_check_key method.
Fix#4163
MSP-11147
Tests currently use the real modules directory for test cases, so the
spec should be tagged with :content because it has same performance
issues as other content specs that can potentially load all the modules.
Christian Mehlmauer
Matt Buck
Julio Auto
Tod Beardsley
Luke Imhoff
Joe Vennix
sinn3r
Trevor Rosen
Samuel Huckins
David Maloney
Juan Escobar
jvazquez-r7
Jon Hart
Pedro Ribeiro
Fernando Arias