Merge branch 'master' into add-opnsense-login-scanner

Author: jheysel-r7

.github/workflows/ldap_acceptance.yml

@@ -33,6 +33,8 @@ on:
       - 'metsploit-framework.gemspec'
       - 'Gemfile.lock'
       - '**/**ldap**'
+      - 'lib/metasploit/framework/tcp/**'
+      - 'lib/metasploit/framework/login_scanner/**'
       - 'spec/acceptance/**'
       - 'spec/support/acceptance/**'
       - 'spec/acceptance_spec_helper.rb'

.github/workflows/postgres_acceptance.yml

@@ -33,6 +33,8 @@ on:
       - 'metsploit-framework.gemspec'
       - 'Gemfile.lock'
       - '**/**postgres**'
+      - 'lib/metasploit/framework/tcp/**'
+      - 'lib/metasploit/framework/login_scanner/**'
       - 'spec/acceptance/**'
       - 'spec/support/acceptance/**'
       - 'spec/acceptance_spec_helper.rb'

.github/workflows/shared_gem_verify.yml

@@ -0,0 +1,69 @@
+name: Shared Gem Verify
+on:
+  workflow_call:
+    inputs:
+      test_commands:
+        description: 'Test commands'
+        required: false
+        default: "bundle exec rspec"
+        type: string
+      dependencies:
+        description: 'Array of system dependencies to install'
+        required: false
+        default: "[]"
+        type: string
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 40
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - '3.2'
+          - '3.3'
+          - '3.4'
+        os:
+          - ubuntu-20.04
+          - ubuntu-22.04
+          - ubuntu-24.04
+          - ubuntu-latest
+          - windows-2019
+          - macos-13
+
+    env:
+      RAILS_ENV: test
+
+    name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
+    steps:
+      - name: Install system dependencies
+        if: ${{ inputs.dependencies != '[]' && !contains(matrix.os, 'macos') && !contains(matrix.os, 'windows') }}
+        run: |
+          dependencies=$(echo '${{ inputs.dependencies }}' | jq -r '.[]')
+          for dep in $dependencies; do
+            sudo apt-get -y --no-install-recommends install "$dep"
+          done
+        shell: bash
+
+      - name: Install system dependencies (Windows)
+        if: ${{ contains(matrix.os, 'windows') && inputs.dependencies != '[]' }}
+        run: |
+          $dependencies = (echo '${{ inputs.dependencies }}' | jq -r '.[]')
+          foreach ($dep in $dependencies) {
+            choco install $dep -y
+          }
+        shell: pwsh
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Test
+        run: ${{ inputs.test_commands }}

.github/workflows/shared_gem_verify_rails.yml

@@ -0,0 +1,90 @@
+name: Shared Gem Verify Rails/PostgreSQL
+on:
+  workflow_call:
+    inputs:
+      test_commands:
+        description: 'Test commands'
+        required: false
+        default: "bundle exec rspec"
+        type: string
+      dependencies:
+        description: 'Array of system dependencies to install'
+        required: false
+        default: "[]"
+        type: string
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 40
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - '3.2'
+          - '3.3'
+          - '3.4'
+        rails:
+          - '~> 7.0.0'
+          - '~> 7.1.0'
+          - '~> 7.2.0'
+        postgres:
+          - '9.6'
+          - '16.8'
+        os:
+          - ubuntu-latest
+
+    env:
+      RAILS_ENV: test
+
+    name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }} - Rails ${{ matrix.rails }} - PostgreSQL ${{ matrix.postgres }}
+    steps:
+      - name: Install system dependencies
+        run: |
+          dependencies=$(echo '${{ inputs.dependencies }}' | jq -r '.[]')
+          for dep in $dependencies; do
+            sudo apt-get -y --no-install-recommends install "$dep"
+          done
+        shell: bash
+
+      - name: Set up PostgreSQL service
+        run: |
+          docker run --name postgres -d -p 5432:5432 \
+            -e POSTGRES_USER=postgres \
+            -e POSTGRES_PASSWORD=postgres \
+            --health-cmd="pg_isready" \
+            --health-interval="10s" \
+            --health-timeout="5s" \
+            --health-retries=5 \
+            postgres:${{ matrix.postgres }}
+
+      - name: Wait for PostgreSQL to be healthy
+        run: |
+          docker exec postgres sh -c 'until pg_isready -U postgres; do echo waiting for postgres; sleep 2; done; echo postgres is ready'
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Update Rails version
+        run: |
+          # Add the gem explicitly if it doesn't exist
+          if ! grep -q "gem ['\"]rails['\"]" Gemfile; then
+            echo 'gem "rails"' >> Gemfile          
+          fi
+          
+          # Ensure the gem is on the latest version
+          ruby -pi -e "gsub(/gem ['\"]rails['\"](, *['\"].*['\"])?/, \"gem 'rails', '${{ matrix.rails }}'\")" Gemfile
+          bundle update
+          bundle install
+          bundle show rails
+        shell: bash
+
+      - name: Test
+        run: ${{ inputs.test_commands }}

CONTRIBUTING.md

@@ -22,6 +22,8 @@ Once you have finished your new module and tested it locally to ensure it's work
 Finally, follow our short list of do's and don'ts below to make sure your valuable contributions actually make it into Metasploit's master branch! We try to consider all our pull requests fairly and in detail, but if you do not follow these rules, your contribution
 will be closed. We need to ensure the code we're adding to master is written to a high standard.
 
+## Expedited Module Creation Process
+We strive to respect the community that has given us so much, so in the odd situation where we get multiple submissions for the same vulnerability, generally we will work with the first person who assigns themselves to the issue or the first person that submits a good-faith PR.  A good-faith PR might not even work, but it will show that the author is working their way toward a solution.  Despite this general rule, there are rare circumstances where we may ask a contributor to step aside or allow a committer to take the lead on the creation of a new module if a complete and working module with documents has not already been submitted.  This kind of expedited module creation process comes up infrequently, and usually it involves high-profile or high priority modules that we have marked internally as time-critical: think KEV list, active exploitation campaigns, CISA announcements, etc.  In those cases, we may ask a contributor that is assigned to the issue or who has submitted an incomplete module to allow a committer to take over an issue or a module PR in the interest of getting a module out quickly.  If a contributor has submitted an incomplete module, they will remain as a co-author of the module and we may build directly onto the PR they submitted, leaving the original commits in the tree.  We sincerely hope that the original author will remain involved in this expedited module creation process.  We would appreciate testing, critiquing, and any assistance that can be offered.  If the module is complete but requires minor changes, we may ask the contributor to allow us to take over testing/verification and make these minor changes without asking so we can land the module as quickly as possible.  In these cases of minor code changes, the authorship of the module will remain unchanged.  We hope everyone involved in this expedited module creation process continues to feel valued and appreciated.
 
 ### Code Contribution Do's & Don'ts:
 
@@ -40,13 +42,18 @@ Keeping the following in mind gives your contribution the best chance of landing
 * **Do** target your pull request to the **master branch**.
 * **Do** specify a descriptive title to make searching for your pull request easier.
 * **Do** include [console output], especially for effects that can be witnessed in the  `msfconsole`.
-* **Do** list [verification steps] so your code is testable.
+* **Do** test your code.
+* **Do** list [verification steps] so committers can test your code.
 * **Do** [reference associated issues] in your pull request description.
 * **Don't** leave your pull request description blank.
+* **Don't** include sensitive information in your PR (including externally-routable IP addresses in documentation).
+* **Don't** PR untested/unvalidated code you copy/pasted from the internet.
+* **Don't** PR untested/unvalidated code you copy/pasted from AI or LLM.
 * **Don't** abandon your pull request. Being responsive helps us land your code faster.
 * **Don't** post questions in older closed PRs.
 
 #### <u>New Modules</u>
+* **Do** check the issue tracker to see if there is a `suggestion-module` issue for the module you want to write, and assign yourself to it if there is.
 * **Do** license your code as BSD 3-clause, BSD 2-clause, or MIT.
 * **Do** stick to the [Ruby style guide] and use [Rubocop] to find common style issues.
 * **Do** set up `msftidy` to fix any errors or warnings that come up as a [pre-commit hook].

Dockerfile

@@ -1,7 +1,7 @@
 FROM ruby:3.2.5-alpine3.20 AS builder
 LABEL maintainer="Rapid7"
 
-ARG BUNDLER_CONFIG_ARGS="set no-cache 'true' set system 'true' set without 'development test coverage'"
+ARG BUNDLER_CONFIG_ARGS="set force_ruby_platform 'true' set no-cache 'true' set system 'true' set without 'development test coverage'"
 ARG BUNDLER_FORCE_CLEAN="true"
 ENV APP_HOME=/usr/src/metasploit-framework
 ENV TOOLS_HOME=/usr/src/tools