Parse msfconsole options before initializing Rails

MSP-10905

Author: limhoff-r7

config/application.rb

@@ -1,30 +1,7 @@
 require 'rails'
 require File.expand_path('../boot', __FILE__)
 
-# only the parts of 'rails/all' that metasploit-framework actually uses
-begin
-  require 'active_record/railtie'
-rescue LoadError
-  warn "activerecord not in the bundle, so database support will be disabled."
-  warn "Bundle installed '--without #{Bundler.settings.without.join(' ')}'"
-  warn "To clear the without option do `bundle install --without ''` " \
-       "(the --without flag with an empty string) or " \
-       "`rm -rf .bundle` to remove the .bundle/config manually and " \
-       "then `bundle install`"
-end
-
-all_environments = [
-    :development,
-    :production,
-    :test
-]
-
-Bundler.require(
-    *Rails.groups(
-        db: all_environments,
-        pcap: all_environments
-    )
-)
+Bundler.require(*Rails.groups)
 
 #
 # Project

lib/metasploit/framework/command.rb

@@ -0,0 +1,22 @@
+#
+# Gems
+#
+
+# have to be exact so minimum is loaded prior to parsing arguments which could influence loading.
+require 'active_support/dependencies/autoload'
+
+# @note Must use the nested declaration of the {Metasploit::Framework::Command} namespace because commands need to be
+# able to be required directly without any other part of metasploit-framework besides config/boot so that the commands
+# can parse arguments, setup RAILS_ENV, and load config/application.rb correctly.
+module Metasploit
+  module Framework
+    module Command
+      # Namespace for commands for metasploit-framework.  There are corresponding classes in the
+      # {Metasploit::Framework::ParsedOptions} namespace, which handle for parsing the options for each command.
+      extend ActiveSupport::Autoload
+
+      autoload :Base
+      autoload :Console
+    end
+  end
+end

lib/metasploit/framework/command/base.rb

@@ -0,0 +1,117 @@
+#
+# Gems
+#
+
+require 'active_support/core_ext/module/introspection'
+
+#
+# Project
+#
+
+require 'metasploit/framework/command'
+require 'metasploit/framework/parsed_options'
+
+# Based on pattern used for lib/rails/commands in the railties gem.
+class Metasploit::Framework::Command::Base
+  #
+  # Attributes
+  #
+
+  # @!attribute [r] application
+  #   The Rails application for metasploit-framework.
+  #
+  #   @return [Metasploit::Framework::Application]
+  attr_reader :application
+
+  # @!attribute [r] parsed_options
+  #   The parsed options from the command line.
+  #
+  #   @return (see parsed_options)
+  attr_reader :parsed_options
+
+  #
+  # Class Methods
+  #
+
+  # @note {require_environment!} should be called to load `config/application.rb` to so that the RAILS_ENV can be set
+  #   from the command line options in `ARGV` prior to `Rails.env` being set.
+  # @note After returning, `Rails.application` will be defined and configured.
+  #
+  # Parses `ARGV` for command line arguments to configure the `Rails.application`.
+  #
+  # @return (see parsed_options)
+  def self.require_environment!
+    parsed_options = self.parsed_options
+    # RAILS_ENV must be set before requiring 'config/application.rb'
+    parsed_options.environment!
+    ARGV.replace(parsed_options.positional)
+
+    # @see https://github.com/rails/rails/blob/v3.2.17/railties/lib/rails/commands.rb#L39-L40
+    require Pathname.new(__FILE__).parent.parent.parent.parent.parent.join('config', 'application')
+
+    # have to configure before requiring environment because config/environment.rb calls initialize! and the initializers
+    # will use the configuration from the parsed options.
+    parsed_options.configure(Rails.application)
+
+    # support disabling the database
+    unless parsed_options.options.database.disable
+      begin
+        require 'active_record/railtie'
+      rescue LoadError
+        warn "activerecord not in the bundle, so database support will be disabled."
+        warn "Bundle installed '--without #{Bundler.settings.without.join(' ')}'"
+        warn "To clear the without option do `bundle install --without ''` " \
+             "(the --without flag with an empty string) or " \
+             "`rm -rf .bundle` to remove the .bundle/config manually and " \
+             "then `bundle install`"
+      end
+
+      ENV['RAILS_GROUP'] = 'db,pcap'
+    end
+
+    Rails.application.require_environment!
+
+    parsed_options
+  end
+
+  def self.parsed_options
+    parsed_options_class.new
+  end
+
+  def self.parsed_options_class
+    @parsed_options_class ||= parsed_options_class_name.constantize
+  end
+
+  def self.parsed_options_class_name
+    @parsed_options_class_name ||= "#{parent.parent}::ParsedOptions::#{name.demodulize}"
+  end
+
+  def self.start
+    parsed_options = require_environment!
+    new(application: Rails.application, parsed_options: parsed_options).start
+  end
+
+  #
+  # Instance Methods
+  #
+
+  # @param attributes [Hash{Symbol => ActiveSupport::OrderedOptions,Rails::Application}]
+  # @option attributes [Rails::Application] :application
+  # @option attributes [ActiveSupport::OrderedOptions] :parsed_options
+  # @raise [KeyError] if :application is not given
+  # @raise [KeyError] if :parsed_options is not given
+  def initialize(attributes={})
+    @application = attributes.fetch(:application)
+    @parsed_options = attributes.fetch(:parsed_options)
+  end
+
+  # @abstract Use {#application} to start this command.
+  #
+  # Starts this command.
+  #
+  # @return [void]
+  # @raise [NotImplementedError]
+  def start
+    raise NotImplementedError
+  end
+end

lib/metasploit/framework/command/console.rb

@@ -0,0 +1,58 @@
+#
+# Project
+#
+
+require 'metasploit/framework/command'
+require 'metasploit/framework/command/base'
+
+# Based on pattern used for lib/rails/commands in the railties gem.
+class Metasploit::Framework::Command::Console < Metasploit::Framework::Command::Base
+  def start
+    driver.run
+  end
+
+  private
+
+  # The console UI driver.
+  #
+  # @return [Msf::Ui::Console::Driver]
+  def driver
+    unless @driver
+      # require here so minimum loading is done before {start} is called.
+      require 'msf/ui'
+
+      @driver = Msf::Ui::Console::Driver.new(
+          Msf::Ui::Console::Driver::DefaultPrompt,
+          Msf::Ui::Console::Driver::DefaultPromptChar,
+          driver_options
+      )
+    end
+
+    @driver
+  end
+
+  def driver_options
+    unless @driver_options
+      options = parsed_options.options
+
+      driver_options = {}
+      driver_options['Config'] = options.framework.config
+      driver_options['DatabaseEnv'] = options.environment
+      driver_options['DatabaseMigrationPaths'] = options.database.migrations_paths
+      driver_options['DatabaseYAML'] = options.database.config
+      driver_options['Defanged'] = options.console.defanged
+      driver_options['DisableBanner'] = options.console.quiet
+      driver_options['DisableDatabase'] = options.database.disable
+      driver_options['LocalOutput'] = options.console.local_output
+      driver_options['ModulePath'] = options.modules.path
+      driver_options['Plugins'] = options.console.plugins
+      driver_options['RealReadline'] = options.console.real_readline
+      driver_options['Resource'] = options.console.resource
+      driver_options['XCommands'] = options.console.commands
+
+      @driver_options = driver_options
+    end
+
+    @driver_options
+  end
+end

lib/metasploit/framework/parsed_options.rb

@@ -0,0 +1,24 @@
+#
+# Gems
+#
+
+require 'active_support/dependencies/autoload'
+
+# # @note Must use the nested declaration of the {Metasploit::Framework::ParsedOptions} namespace because commands,
+# which use parsed options, need to be able to be required directly without any other part of metasploit-framework
+# besides config/boot so that the commands can parse arguments, setup RAILS_ENV, and load config/application.rb
+# correctly.
+module Metasploit
+  module Framework
+    # Namespace for parsed options for {Metasploit::Framework::Command commands}.  The names of `Class`es in this
+    # namespace correspond to the name of the `Class` in the {Metasploit::Framework::Command} namespace for which this
+    # namespace's `Class` parses options.
+    module ParsedOptions
+      extend ActiveSupport::Autoload
+
+      autoload :Base
+      autoload :Console
+    end
+  end
+end
+