lib/msf/core/module/reference.rb

# -*- coding: binary -*-

###
#
# A reference to some sort of information.  This is typically a URL, but could
# be any type of referential value that people could use to research a topic.
#
###
class Msf::Module::Reference

  #
  # Serialize a reference from a string.
  #
  def self.from_s(str)
    return self.new(str)
  end

  #
  # Initializes a reference from a string.
  #
  def initialize(in_str)
    self.str = in_str
  end

  #
  # Compares references to see if they're equal.
  #
  def ==(tgt)
    return (tgt.to_s == to_s)
  end

  #
  # Returns the reference as a string.
  #
  def to_s
    return self.str
  end

  #
  # Serializes the reference instance from a string.
  #
  def from_s(in_str)
    self.str = in_str
  end

  #
  # The reference string.
  #
  attr_reader :str

protected

  attr_writer :str # :nodoc:

end

###
#
# A reference to a website.
#
###
class Msf::Module::SiteReference < Msf::Module::Reference

  #
  # Class method that translates a URL into a site reference instance.
  #
  def self.from_s(str)
    instance = self.new

    if (instance.from_s(str) == false)
      return nil
    end

    return instance
  end

  #
  # Initializes a site reference from an array.  ary[0] is the site and
  # ary[1] is the site context identifier, such as CVE.
  #
  def self.from_a(ary)
    return nil if (ary.length < 2)

    self.new(ary[0], ary[1])
  end

  #
  # Initialize the site reference.
  # If you're updating the references, please also update:
  # * tools/module_reference.rb
  # * https://docs.metasploit.com/docs/development/developing-modules/module-metadata/module-reference-identifiers.html
  #
  def initialize(in_ctx_id = 'Unknown', in_ctx_val = '')
    self.ctx_id  = in_ctx_id
    self.ctx_val = in_ctx_val

    if in_ctx_id == 'CVE'
      self.site = "https://nvd.nist.gov/vuln/detail/CVE-#{in_ctx_val}"
    elsif in_ctx_id == 'CWE'
      self.site = "https://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"
    elsif in_ctx_id == 'BID'
      self.site = "http://www.securityfocus.com/bid/#{in_ctx_val}"
    elsif in_ctx_id == 'MSB'
      year = in_ctx_val[2..3]
      century = year[0] == '9' ? '19' : '20'
      self.site = "https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/#{century}#{year}/#{in_ctx_val}"
    elsif in_ctx_id == 'EDB'
      self.site = "https://www.exploit-db.com/exploits/#{in_ctx_val}"
    elsif in_ctx_id == 'US-CERT-VU'
      self.site = "https://www.kb.cert.org/vuls/id/#{in_ctx_val}"
    elsif in_ctx_id == 'ZDI'
      self.site = "http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}"
    elsif in_ctx_id == 'WPVDB'
      self.site = "https://wpscan.com/vulnerability/#{in_ctx_val}"
    elsif in_ctx_id == 'PACKETSTORM'
      self.site = "https://packetstormsecurity.com/files/#{in_ctx_val}"
    elsif in_ctx_id == 'URL'
      self.site = in_ctx_val.to_s
    elsif in_ctx_id == 'LOGO'
      self.site = "Logo: #{in_ctx_val}"
    elsif in_ctx_id == 'SOUNDTRACK'
      self.site = "Soundtrack: #{in_ctx_val}"
    else
      self.site  = in_ctx_id
      self.site += " (#{in_ctx_val})" if (in_ctx_val)
    end
  end

  #
  # Returns the absolute site URL.
  #
  def to_s
    return site || ''
  end

  #
  # Serializes a site URL string.
  #
  def from_s(str)
    if (/(http:\/\/|https:\/\/|ftp:\/\/)/.match(str))
      self.site = str
      self.ctx_id  = 'URL'
      self.ctx_val = self.site
    else
      return false
    end

    return true
  end

  #
  # The site being referenced.
  #
  attr_reader :site
  #
  # The context identifier of the site, such as CVE.
  #
  attr_reader :ctx_id
  #
  # The context value of the reference, such as MS02-039
  #
  attr_reader :ctx_val

protected

  attr_writer :site, :ctx_id, :ctx_val

end
Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00			`# -- coding: binary --`
moved data types around 2005-06-05 00:03:23 +00:00
			`###`
			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# A reference to some sort of information. This is typically a URL, but could`
			`# be any type of referential value that people could use to research a topic.`
moved data types around 2005-06-05 00:03:23 +00:00			`#`
			`###`
			`class Msf::Module::Reference`

last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`#`
			`# Serialize a reference from a string.`
			`#`
moved data types around 2005-06-05 00:03:23 +00:00			`def self.from_s(str)`
			`return self.new(str)`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`#`
			`# Initializes a reference from a string.`
			`#`
moved data types around 2005-06-05 00:03:23 +00:00			`def initialize(in_str)`
			`self.str = in_str`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
made merging of info better 2005-07-10 00:16:48 +00:00			`#`
Build json correctly for new notes field 2018-08-27 12:03:54 -05:00			`# Compares references to see if they're equal.`
made merging of info better 2005-07-10 00:16:48 +00:00			`#`
			`def ==(tgt)`
			`return (tgt.to_s == to_s)`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`#`
			`# Returns the reference as a string.`
			`#`
moved data types around 2005-06-05 00:03:23 +00:00			`def to_s`
			`return self.str`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`#`
			`# Serializes the reference instance from a string.`
			`#`
moved data types around 2005-06-05 00:03:23 +00:00			`def from_s(in_str)`
			`self.str = in_str`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`#`
			`# The reference string.`
			`#`
moved data types around 2005-06-05 00:03:23 +00:00			`attr_reader :str`

			`protected`

last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`attr_writer :str # :nodoc:`
moved data types around 2005-06-05 00:03:23 +00:00
			`end`

			`###`
			`#`
			`# A reference to a website.`
			`#`
			`###`
			`class Msf::Module::SiteReference < Msf::Module::Reference`

			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Class method that translates a URL into a site reference instance.`
moved data types around 2005-06-05 00:03:23 +00:00			`#`
			`def self.from_s(str)`
			`instance = self.new`
Retab lib 2013-08-30 16:28:33 -05:00
moved data types around 2005-06-05 00:03:23 +00:00			`if (instance.from_s(str) == false)`
			`return nil`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
moved data types around 2005-06-05 00:03:23 +00:00			`return instance`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`#`
			`# Initializes a site reference from an array. ary[0] is the site and`
remove osvdb links 2016-09-20 14:27:59 -05:00			`# ary[1] is the site context identifier, such as CVE.`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`#`
unit testage 2005-06-05 00:33:38 +00:00			`def self.from_a(ary)`
			`return nil if (ary.length < 2)`
Retab lib 2013-08-30 16:28:33 -05:00
unit testage 2005-06-05 00:33:38 +00:00			`self.new(ary[0], ary[1])`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
moved data types around 2005-06-05 00:03:23 +00:00			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Initialize the site reference.`
Check module references 2014-11-05 09:57:13 -06:00			`# If you're updating the references, please also update:`
			`# * tools/module_reference.rb`
Update all links from Wiki site to new docs site. 2022-12-30 12:29:14 -06:00			`# * https://docs.metasploit.com/docs/development/developing-modules/module-metadata/module-reference-identifiers.html`
moved data types around 2005-06-05 00:03:23 +00:00			`#`
Fixed to NOP vs Nop, Encoder vs ENCODER, setting the preferred NOP 2006-01-17 04:09:40 +00:00			`def initialize(in_ctx_id = 'Unknown', in_ctx_val = '')`
			`self.ctx_id = in_ctx_id`
			`self.ctx_val = in_ctx_val`
Retab lib 2013-08-30 16:28:33 -05:00
add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:48:48 -04:00			`if in_ctx_id == 'CVE'`
Change CVE reference to NVD and add AKB reference 2021-04-03 12:56:26 -05:00			`self.site = "https://nvd.nist.gov/vuln/detail/CVE-#{in_ctx_val}"`
add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:48:48 -04:00			`elsif in_ctx_id == 'CWE'`
Initial commit 2015-05-02 10:11:17 -05:00			`self.site = "https://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"`
add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:48:48 -04:00			`elsif in_ctx_id == 'BID'`
Added wpvulndb links 2014-10-02 23:03:31 +02:00			`self.site = "http://www.securityfocus.com/bid/#{in_ctx_val}"`
add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:48:48 -04:00			`elsif in_ctx_id == 'MSB'`
Update MSB reference 2019-05-23 07:00:23 -05:00			`year = in_ctx_val[2..3]`
			`century = year[0] == '9' ? '19' : '20'`
			`self.site = "https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/#{century}#{year}/#{in_ctx_val}"`
add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:48:48 -04:00			`elsif in_ctx_id == 'EDB'`
Initial commit 2015-05-02 10:11:17 -05:00			`self.site = "https://www.exploit-db.com/exploits/#{in_ctx_val}"`
add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:48:48 -04:00			`elsif in_ctx_id == 'US-CERT-VU'`
Fix broken CVE reference and update links 2017-01-01 21:26:01 -06:00			`self.site = "https://www.kb.cert.org/vuls/id/#{in_ctx_val}"`
add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:48:48 -04:00			`elsif in_ctx_id == 'ZDI'`
Added wpvulndb links 2014-10-02 23:03:31 +02:00			`self.site = "http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}"`
add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:48:48 -04:00			`elsif in_ctx_id == 'WPVDB'`
update more references 2021-02-08 17:48:54 +01:00			`self.site = "https://wpscan.com/vulnerability/#{in_ctx_val}"`
add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:48:48 -04:00			`elsif in_ctx_id == 'PACKETSTORM'`
Added PacketStorm (PKT) in References Display 2015-08-20 00:36:27 -03:00			`self.site = "https://packetstormsecurity.com/files/#{in_ctx_val}"`
add 'Also known as', AKA 'AKA', to module references 2017-06-28 15:48:48 -04:00			`elsif in_ctx_id == 'URL'`
Fixed to NOP vs Nop, Encoder vs ENCODER, setting the preferred NOP 2006-01-17 04:09:40 +00:00			`self.site = in_ctx_val.to_s`
Add support for SOUNDTRACK and LOGO to module refs 2018-07-10 17:23:07 +00:00			`elsif in_ctx_id == 'LOGO'`
			`self.site = "Logo: #{in_ctx_val}"`
Clean up some things 2018-07-17 19:10:30 -05:00			`elsif in_ctx_id == 'SOUNDTRACK'`
			`self.site = "Soundtrack: #{in_ctx_val}"`
moved data types around 2005-06-05 00:03:23 +00:00			`else`
Fixed to NOP vs Nop, Encoder vs ENCODER, setting the preferred NOP 2006-01-17 04:09:40 +00:00			`self.site = in_ctx_id`
Remove "#{xxx.to_s}" redundancies ('s/\(#{[^}]*\)\.to_s}/\1}/g') 2008-12-19 07:11:08 +00:00			`self.site += " (#{in_ctx_val})" if (in_ctx_val)`
moved data types around 2005-06-05 00:03:23 +00:00			`end`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
moved data types around 2005-06-05 00:03:23 +00:00			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Returns the absolute site URL.`
moved data types around 2005-06-05 00:03:23 +00:00			`#`
			`def to_s`
			`return site \|\| ''`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
moved data types around 2005-06-05 00:03:23 +00:00			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Serializes a site URL string.`
moved data types around 2005-06-05 00:03:23 +00:00			`#`
			`def from_s(str)`
			`if (/(http:\/\/\|https:\/\/\|ftp:\/\/)/.match(str))`
			`self.site = str`
See #339 . Massive cleanup of author names, make them consistent across modules 2009-09-27 21:30:45 +00:00			`self.ctx_id = 'URL'`
			`self.ctx_val = self.site`
moved data types around 2005-06-05 00:03:23 +00:00			`else`
			`return false`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
moved data types around 2005-06-05 00:03:23 +00:00			`return true`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`#`
			`# The site being referenced.`
			`#`
			`attr_reader :site`
			`#`
remove osvdb links 2016-09-20 14:27:59 -05:00			`# The context identifier of the site, such as CVE.`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`#`
			`attr_reader :ctx_id`
Fixed to NOP vs Nop, Encoder vs ENCODER, setting the preferred NOP 2006-01-17 04:09:40 +00:00			`#`
			`# The context value of the reference, such as MS02-039`
			`#`
			`attr_reader :ctx_val`
moved data types around 2005-06-05 00:03:23 +00:00
			`protected`

Fixed to NOP vs Nop, Encoder vs ENCODER, setting the preferred NOP 2006-01-17 04:09:40 +00:00			`attr_writer :site, :ctx_id, :ctx_val`
moved data types around 2005-06-05 00:03:23 +00:00
See #339 . Massive cleanup of author names, make them consistent across modules 2009-09-27 21:30:45 +00:00			`end`