Merge branch 'staging/electro-release' into feature/MSP-10992/scanner-dry

Author: David Maloney

.gitignore

@@ -7,8 +7,6 @@ Gemfile.local.lock
 .sublime-project
 # RVM control file, keep this to avoid backdooring Metasploit
 .rvmrc
-.ruby-version
-.ruby-gemset
 # YARD cache directory
 .yardoc
 # Mac OS X files

.rubocop.yml

@@ -0,0 +1,19 @@
+LineLength:
+  Enabled: true
+  Max: 180
+
+MethodLength:
+  Enabled: true
+  Max: 100
+
+Style/ClassLength:
+  Exclude:
+    # Most modules are quite large and all contained in one class.  This is OK.
+    - 'modules/**/*'
+
+Style/NumericLiterals:
+  Enabled: false
+
+Documentation:
+  Exclude:
+    - 'modules/**/*'

.ruby-gemset

@@ -0,0 +1 @@
+metasploit-framework

.ruby-version

@@ -0,0 +1 @@
+1.9.3-p547

CONTRIBUTING.md

@@ -33,6 +33,7 @@ and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-f
 ## Code Contributions
 
 * **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide).
+* Similarly, **try** to get Rubocop passing or at least relatively quiet against the files added/modified as part of your contribution
 * **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages.
 * **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`.
 

Gemfile

@@ -7,14 +7,16 @@ group :db do
   # Needed for Msf::DbManager
   gem 'activerecord', '>= 3.0.0', '< 4.0.0'
   # Metasploit::Credential database models
-  gem 'metasploit-credential', '~>0.8.2'
+  gem 'metasploit-credential', '>= 0.8.6', '< 0.9'
   # Database models shared between framework and Pro.
   gem 'metasploit_data_models', '~> 0.19'
   # Needed for module caching in Mdm::ModuleDetails
   gem 'pg', '>= 0.11'
 end
 
 group :development do
+  # Style/sanity checking Ruby code
+  gem 'rubocop'
   # Markdown formatting for yard
   gem 'redcarpet'
   # generating documentation

Gemfile.lock

@@ -2,6 +2,7 @@ PATH
   remote: .
   specs:
     metasploit-framework (4.10.0.pre.dev)
+      actionpack (< 4.0.0)
       activesupport (>= 3.0.0, < 4.0.0)
       bcrypt
       json
@@ -44,6 +45,7 @@ GEM
     arel (3.0.3)
     arel-helpers (2.0.1)
       activerecord (>= 3.1.0, < 5)
+    ast (2.0.0)
     bcrypt (3.1.7)
     builder (3.0.4)
     coderay (1.1.0)
@@ -61,7 +63,7 @@ GEM
     json (1.8.1)
     metasploit-concern (0.1.1)
       activesupport (~> 3.0, >= 3.0.0)
-    metasploit-credential (0.8.3)
+    metasploit-credential (0.8.6)
       metasploit-concern (~> 0.1.0)
       metasploit-model (~> 0.26.1)
       metasploit_data_models (~> 0.19.4)
@@ -86,8 +88,12 @@ GEM
     nokogiri (1.6.3.1)
       mini_portile (= 0.6.0)
     packetfu (1.1.9)
+    parser (2.1.9)
+      ast (>= 1.1, < 3.0)
+      slop (~> 3.4, >= 3.4.5)
     pcaprub (0.11.3)
     pg (0.17.1)
+    powerpack (0.0.9)
     pry (0.10.0)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
@@ -106,6 +112,7 @@ GEM
       rake (>= 0.8.7)
       rdoc (~> 3.4)
       thor (>= 0.14.6, < 2.0)
+    rainbow (2.0.0)
     rake (10.3.2)
     rdoc (3.12.2)
       json (~> 1.4)
@@ -131,10 +138,17 @@ GEM
       rspec-core (~> 2.99.0)
       rspec-expectations (~> 2.99.0)
       rspec-mocks (~> 2.99.0)
+    rubocop (0.23.0)
+      json (>= 1.7.7, < 2)
+      parser (~> 2.1.9)
+      powerpack (~> 0.0.6)
+      rainbow (>= 1.99.1, < 3.0)
+      ruby-progressbar (~> 1.4)
+    ruby-progressbar (1.5.1)
+      activesupport (>= 3.0.0)
     rubyntlm (0.4.0)
     rubyzip (1.1.6)
     shoulda-matchers (2.6.2)
-      activesupport (>= 3.0.0)
     simplecov (0.5.4)
       multi_json (~> 1.0.3)
       simplecov-html (~> 0.5.3)
@@ -160,7 +174,7 @@ DEPENDENCIES
   factory_girl (>= 4.1.0)
   factory_girl_rails
   fivemat (= 1.2.1)
-  metasploit-credential (~> 0.8.2)
+  metasploit-credential (>= 0.8.6, < 0.9)
   metasploit-framework!
   metasploit_data_models (~> 0.19)
   network_interface (~> 0.0.1)
@@ -171,6 +185,7 @@ DEPENDENCIES
   redcarpet
   rspec (>= 2.12, < 3.0.0)
   rspec-rails (>= 2.12, < 3.0.0)
+  rubocop
   shoulda-matchers
   simplecov (= 0.5.4)
   timecop

app/concerns/metasploit/credential/core/to_credential.rb

@@ -13,7 +13,8 @@ def to_credential
         private:      private.try(:data), 
         private_type: private.try(:type).try(:demodulize).try(:underscore).try(:to_sym), 
         realm:        realm.try(:value), 
-        realm_key:    realm.try(:key) 
+        realm_key:    realm.try(:key),
+        parent:       self
       )
     end
 

config/application.rb

@@ -14,6 +14,13 @@
     )
 )
 
+#
+# Railties
+#
+
+# For compatibility with jquery-rails (and other engines that need action_view) in pro
+require 'action_view/railtie'
+
 #
 # Project
 #
@@ -26,11 +33,22 @@ module Framework
     class Application < Rails::Application
       include Metasploit::Framework::CommonEngine
 
-      user_config_root = Pathname.new(Msf::Config.get_config_root)
-      user_database_yaml = user_config_root.join('database.yml')
-
-      if user_database_yaml.exist?
-        config.paths['config/database'] = [user_database_yaml.to_path]
+      environment_database_yaml = ENV['MSF_DATABASE_CONFIG']
+
+      if environment_database_yaml
+        # DO NOT check if the path exists: if the environment variable is set, then the user meant to use this path
+        # and if it doesn't exist then an error should occur so the user knows the environment variable points to a
+        # non-existent file.
+        config.paths['config/database'] = environment_database_yaml
+      else
+        user_config_root = Pathname.new(Msf::Config.get_config_root)
+        user_database_yaml = user_config_root.join('database.yml')
+
+        # DO check if the path exists as in test environments there may be no config root, in which case the normal
+        # rails location, `config/database.yml`, should contain the database config.
+        if user_database_yaml.exist?
+          config.paths['config/database'] = [user_database_yaml.to_path]
+        end
       end
     end
   end

data/msfcrawler/basic.rb

@@ -13,7 +13,7 @@
 
 require 'rubygems'
 require 'pathname'
-require 'hpricot'
+require 'nokogiri'
 require 'uri'
 
 class CrawlerSimple < BaseParser
@@ -24,23 +24,20 @@ def parse(request,result)
       return
     end
 
-    doc = Hpricot(result.body.to_s)
-    doc.search('a').each do |link|
-
-    hr = link.attributes['href']
-
-    if hr and !hr.match(/^(\#|javascript\:)/)
-      begin
-        hreq = urltohash('GET',hr,request['uri'],nil)
-
-        insertnewpath(hreq)
-
-      rescue URI::InvalidURIError
-        #puts "Parse error"
-        #puts "Error: #{link[0]}"
+    # doc = Hpricot(result.body.to_s)
+    doc = Nokogiri::HTML(result.body.to_s)
+    doc.css('a').each do |anchor_tag|
+      hr = anchor_tag['href']
+      if hr && !hr.match(/^(\#|javascript\:)/)
+        begin
+          hreq = urltohash('GET', hr, request['uri'], nil)
+          insertnewpath(hreq)
+        rescue URI::InvalidURIError
+          #puts "Parse error"
+          #puts "Error: #{link[0]}"
+        end
       end
     end
-    end
   end
 end