Merge pull request #20320 from rapid7/revert-20109-rails-7.2-upgrade

Revert "Bump rails version to 7.2"

Author: dwelch-r7

Gemfile.lock

@@ -4,9 +4,9 @@ PATH
     metasploit-framework (6.4.70)
       aarch64
       abbrev
-      actionpack (~> 7.2.0)
-      activerecord (~> 7.2.0)
-      activesupport (~> 7.2.0)
+      actionpack (~> 7.1.0)
+      activerecord (~> 7.1.0)
+      activesupport (~> 7.1.0)
       aws-sdk-ec2
       aws-sdk-ec2instanceconnect
       aws-sdk-iam
@@ -20,6 +20,7 @@ PATH
       bootsnap
       bson
       chunky_png
+      concurrent-ruby (= 1.3.4)
       csv
       dnsruby
       drb
@@ -37,7 +38,7 @@ PATH
       getoptlong
       hrr_rb_ssh-ed25519
       http-cookie
-      irb
+      irb (~> 1.7.4)
       jsobfu
       json
       metasm
@@ -122,41 +123,41 @@ GEM
     aarch64 (2.1.0)
       racc (~> 1.6)
     abbrev (0.1.2)
-    actionpack (7.2.2.1)
-      actionview (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
+    actionpack (7.1.5.1)
+      actionview (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
       nokogiri (>= 1.8.5)
       racc
-      rack (>= 2.2.4, < 3.2)
+      rack (>= 2.2.4)
       rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-      useragent (~> 0.16)
-    actionview (7.2.2.1)
-      activesupport (= 7.2.2.1)
+    actionview (7.1.5.1)
+      activesupport (= 7.1.5.1)
       builder (~> 3.1)
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
-    activemodel (7.2.2.1)
-      activesupport (= 7.2.2.1)
-    activerecord (7.2.2.1)
-      activemodel (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
+    activemodel (7.1.5.1)
+      activesupport (= 7.1.5.1)
+    activerecord (7.1.5.1)
+      activemodel (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
       timeout (>= 0.4.0)
-    activesupport (7.2.2.1)
+    activesupport (7.1.5.1)
       base64
       benchmark (>= 0.3)
       bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.3.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
       logger (>= 1.4.2)
       minitest (>= 5.1)
+      mutex_m
       securerandom (>= 0.3)
-      tzinfo (~> 2.0, >= 2.0.5)
+      tzinfo (~> 2.0)
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     afm (0.2.2)
@@ -219,9 +220,9 @@ GEM
     csv (3.3.2)
     daemons (1.4.1)
     date (3.4.1)
-    debug (1.10.0)
-      irb (~> 1.10)
-      reline (>= 0.3.8)
+    debug (1.8.0)
+      irb (>= 1.5.0)
+      reline (>= 0.3.1)
     diff-lcs (1.6.0)
     dnsruby (1.72.4)
       base64 (~> 0.2.0)
@@ -242,7 +243,6 @@ GEM
     em-socksify (0.3.3)
       base64
       eventmachine (>= 1.0.0.beta.4)
-    erb (5.0.1)
     erubi (1.13.1)
     eventmachine (1.2.7)
     factory_bot (6.5.1)
@@ -287,10 +287,8 @@ GEM
       concurrent-ruby (~> 1.0)
     io-console (0.8.0)
     ipaddr (1.2.7)
-    irb (1.15.2)
-      pp (>= 0.6.0)
-      rdoc (>= 4.0.0)
-      reline (>= 0.4.2)
+    irb (1.7.4)
+      reline (>= 0.3.6)
     jmespath (1.6.2)
     jsobfu (0.4.2)
       rkelly-remix
@@ -307,11 +305,9 @@ GEM
       nokogiri (>= 1.12.0)
     memory_profiler (1.1.0)
     metasm (1.0.5)
-    metasploit-concern (5.0.5)
+    metasploit-concern (5.0.4)
       activemodel (~> 7.0)
       activesupport (~> 7.0)
-      drb
-      mutex_m
       railties (~> 7.0)
       zeitwerk
     metasploit-credential (6.0.16)
@@ -328,12 +324,9 @@ GEM
       rex-socket
       rubyntlm
       rubyzip
-    metasploit-model (5.0.4)
+    metasploit-model (5.0.3)
       activemodel (~> 7.0)
       activesupport (~> 7.0)
-      bigdecimal
-      drb
-      mutex_m
       railties (~> 7.0)
     metasploit-payloads (2.0.221)
     metasploit_data_models (6.0.9)
@@ -402,19 +395,13 @@ GEM
       ruby-rc4
       ttfunk
     pg (1.5.9)
-    pp (0.6.2)
-      prettyprint
-    prettyprint (0.2.0)
     prism (1.4.0)
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
     pry-byebug (3.10.1)
       byebug (~> 11.0)
       pry (>= 0.13, < 0.15)
-    psych (5.2.6)
-      date
-      stringio
     public_suffix (6.0.1)
     puma (6.6.0)
       nio4r (~> 2.0)
@@ -437,10 +424,10 @@ GEM
     rails-html-sanitizer (1.6.2)
       loofah (~> 2.21)
       nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
-    railties (7.2.2.1)
-      actionpack (= 7.2.2.1)
-      activesupport (= 7.2.2.1)
-      irb (~> 1.13)
+    railties (7.1.5.1)
+      actionpack (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
+      irb
       rackup (>= 1.0.0)
       rake (>= 12.2)
       thor (~> 1.0, >= 1.2.2)
@@ -450,9 +437,6 @@ GEM
     rasn1 (0.14.0)
       strptime (~> 0.2.5)
     rb-readline (0.5.5)
-    rdoc (6.14.0)
-      erb
-      psych (>= 4.0.0)
     recog (3.1.14)
       nokogiri
     redcarpet (3.6.1)
@@ -529,10 +513,10 @@ GEM
     rspec-mocks (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-rails (8.0.0)
-      actionpack (>= 7.2)
-      activesupport (>= 7.2)
-      railties (>= 7.2)
+    rspec-rails (7.1.1)
+      actionpack (>= 7.0)
+      activesupport (>= 7.0)
+      railties (>= 7.0)
       rspec-core (~> 3.13)
       rspec-expectations (~> 3.13)
       rspec-mocks (~> 3.13)
@@ -556,8 +540,7 @@ GEM
       prism (~> 1.4)
     ruby-macho (4.1.0)
     ruby-mysql (4.2.0)
-    ruby-prof (1.7.2)
-      base64
+    ruby-prof (1.7.1)
     ruby-progressbar (1.13.0)
     ruby-rc4 (0.1.5)
     ruby2_keywords (0.0.5)
@@ -587,7 +570,6 @@ GEM
     sqlite3 (1.7.3)
       mini_portile2 (~> 2.8.0)
     sshkey (3.0.0)
-    stringio (3.1.7)
     strptime (0.2.5)
     swagger-blocks (3.0.0)
     test-prof (1.4.4)
@@ -609,7 +591,6 @@ GEM
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
     unix-crypt (1.3.1)
-    useragent (0.16.11)
     warden (1.2.9)
       rack (>= 2.0.9)
     webrick (1.9.1)

config/application.rb

@@ -41,7 +41,7 @@ class Application < Rails::Application
       config.paths['config/database'] = [Metasploit::Framework::Database.configurations_pathname.try(:to_path)]
       config.autoloader = :zeitwerk
 
-      config.load_defaults 7.2
+      config.load_defaults 7.1
 
       config.eager_load = false
     end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.2].define(version: 2025_02_04_172657) do
+ActiveRecord::Schema[7.1].define(version: 2025_02_04_172657) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
@@ -803,4 +803,5 @@
     t.boolean "limit_to_network", default: false, null: false
     t.boolean "import_fingerprint", default: false
   end
+
 end

lib/metasploit/framework/rails_version_constraint.rb

@@ -3,7 +3,7 @@
 module Metasploit
   module Framework
     module RailsVersionConstraint
-      RAILS_VERSION = '~> 7.2.0'
+      RAILS_VERSION = '~> 7.1.0'
     end
   end
 end

lib/msf/core/db_manager/cred.rb

@@ -16,7 +16,7 @@ def creds(opts)
       query = query.includes(logins: [ :service, { service: :host } ])
 
       if opts[:type].present?
-        query = query.where('"metasploit_credential_privates"."type" = ?', opts[:type].to_s)
+        query = query.where('"metasploit_credential_privates"."type" = ?', opts[:type])
       end
 
       if opts[:jtr_format].present?

lib/msf/core/exploit/remote/mysql.rb

@@ -43,7 +43,7 @@ def mysql_login(user='root', pass='', db=nil)
     begin
       self.mysql_conn = ::Rex::Proto::MySQL::Client.connect(rhost, user, pass, db, rport, io: self.sock)
       # Deprecating this in favor off `mysql_conn`
-      @mysql_handle = ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new(self, :mysql_conn, :@mysql_handle, deprecator: ActiveSupport::Deprecation.new)
+      @mysql_handle = ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new(self, :mysql_conn, :@mysql_handle, ActiveSupport::Deprecation.new)
 
     rescue Errno::ECONNREFUSED
       print_error("Connection refused")

metasploit-framework.gemspec

@@ -219,7 +219,7 @@ Gem::Specification.new do |spec|
   # SSH server library with ed25519
   spec.add_runtime_dependency 'hrr_rb_ssh-ed25519'
   # Needed for irb internal command
-  spec.add_runtime_dependency 'irb'
+  spec.add_runtime_dependency 'irb', '~> 1.7.4'
 
   # AWS enumeration modules
   spec.add_runtime_dependency 'aws-sdk-s3'
@@ -248,6 +248,10 @@ Gem::Specification.new do |spec|
   # to generate PNG files, not to parse untrusted PNG files.
   spec.add_runtime_dependency 'chunky_png'
 
+  # Temporary, remove once the Rails 7.1 update is complete
+  # see: https://stackoverflow.com/questions/79360526/uninitialized-constant-activesupportloggerthreadsafelevellogger-nameerror
+  spec.add_runtime_dependency 'concurrent-ruby', '1.3.4'
+
   # Needed for multiline REPL support for interactive SQL sessions
   spec.add_runtime_dependency 'reline'
 

modules/post/windows/gather/win_privs.rb

@@ -54,7 +54,7 @@ def run
 
     usr_tbl << [
       is_admin?.to_s.capitalize,
-      is_system?.to_s.capitalize,
+      system?.to_s.capitalize,
       is_in_admin_group?.to_s.capitalize,
       is_uac_enabled?.to_s.capitalize,
       fid,

modules/post/windows/manage/make_token.rb

@@ -35,7 +35,7 @@ def initialize(info = {})
           'Meterpreter' => {
             'Commands' => %w[
               stdapi_railgun_api
-              stdapi_sys_config_rev2self
+              stdapi_sys_config_revert_to_self
               stdapi_sys_config_update_token
             ]
           }