bad5ccbc49
Remove msf/base requires
2021-01-05 14:59:46 +00:00
390b08d3d8
Fix namespacing for Route servlet
2020-12-18 11:00:55 +00:00
f4e0278125
Add remote data service support for autoroute
2020-12-18 11:00:55 +00:00
fb638e909a
Replace self with the explicit Module name
2020-12-11 11:44:39 +00:00
9e20bb5270
Add configurable logging to the console and support stdout sinks
2020-12-08 16:23:24 +00:00
1617b3ec9b
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
03a30d80ef
creds need web service to support request by :id
2020-10-01 11:13:38 -05:00
4918ecf826
replaced get_service calls with services calls
2020-09-16 12:29:15 +01:00
1e348e0a90
add root path of endpoints that accept :id in path
...
When requesting all records of a type :id is not supplied. A behavior change
in `sinatra` now report a `param` of the missing object with value `nil`.
Since this parameter would be used as a search term further down the stack and
most objects cannot have `:id` = `nil` exposing the additional path is needed.
2020-07-31 11:56:52 -05:00
07cbe426e2
Rails 5, all models inherit from ApplicationRecord
...
ApplicationRecord is a new superclass for all app models, analogous to app controllers subclassing ApplicationController instead of ActionController::Base. This gives apps a single spot to configure app-wide model behavior.
https://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html#active-record-models-now-inherit-from-applicationrecord-by-default
Deprecated Relation#uniq use Relation#distinct instead.
https://edgeguides.rubyonrails.org/5_0_release_notes.html#active-record-deprecations
2020-07-31 11:56:49 -05:00
bc74900a41
🐛 fix #13781 set token from environment var
2020-06-29 15:07:33 +08:00
8e3add3f5f
simplifies get host id, renames endpoints & clean
2020-04-28 13:33:54 +01:00
0bd43096f1
PRC return tags for del & add, simplified DB call
2020-04-23 17:01:32 +01:00
789b5dec00
adds tag functionality for hosts
2020-04-22 16:47:23 +01:00
9f76f3ef08
Use rpc specific job status tracker and add default no op tracker
2020-03-13 13:32:57 +00:00
dd12e65828
adds middleware and application error handlers
2020-03-04 11:56:32 +00:00
dfaba0a98e
Add endpoints for report_web_*
2019-11-15 16:33:28 +00:00
d670e31e34
Remove unnecessary requirement
2019-10-15 15:18:41 +01:00
e0c86b2423
Remove references to file based token provision
2019-10-08 14:29:25 +01:00
fe3ec50239
Set API token in env instead of file
2019-10-08 13:46:07 +01:00
fcfc78acc5
Use consistent API auth failure error handling
2019-10-08 11:14:23 +01:00
8697b424b2
Use consistent environment variable name
2019-10-08 11:09:04 +01:00
6d74fa2586
Load token config from yml instead of json
2019-10-08 11:03:24 +01:00
1f4649a97c
Remove redundant begin block
2019-10-07 15:23:27 +01:00
6e3acd6e9b
Refactor nested else if to elsif
2019-10-07 15:23:01 +01:00
e1d44e2ae3
Remove redundant braces around hash param
2019-10-07 15:22:27 +01:00
8f33804fe0
Add file based API token authentication
...
Provides a mechanism to specify an API token from a json file.
If the DB is not enabled then the JSON RPC server will check for the
presence of an environment variable (MSF_API_TOKEN_FILE) which should
point to the path of a JSON file. The JSON file should contain a single
key "token". The value of this token is used as the API token which is
required for all JSON RPC API calls.
2019-10-07 14:57:40 +01:00
0a4932a61c
Remove swagger-ui css files
2019-03-21 12:52:30 -05:00
822f5357a2
Land #10675 , DB manager for payloads: Resolve conflicts, add 'create!' to trigger database write
2019-03-04 14:58:03 -06:00
b98133cded
Dont assign unique file name when theres no file on disk
2019-01-25 16:36:17 -06:00
fd6527bac8
Prepend loot filenames with unique string
...
This should help prevent accidentally overwriting files with the same name
2019-01-16 15:20:41 -06:00
705c269d27
Handle empty data values for loot
2019-01-16 10:59:07 -06:00
dc7d611780
Base64 encode the data field for each loot operation
2019-01-15 18:01:43 -06:00
5c308b1448
Remove nested loot object from host JSON
...
The code on the framework side that was utilizing this was removed
a while ago. It was never actually being used anywhere, and was causing
issues with getting host objects back when the loot contained
non-UTF-8 characters
2019-01-15 16:45:04 -06:00
d18c6bd158
Land #11188 , Correct authentication logic in host and event servlets
2019-01-10 13:09:26 -06:00
f125526e09
Land #11207 , implement db_import for web service
2019-01-10 10:28:29 -06:00
d117e6a1d1
Land #11142 , use POST for API token generation
2019-01-08 11:59:30 -05:00
466b0004e1
Land #11163 , add API endpoint for retrieving Mdm::Events
2019-01-08 09:26:53 -06:00
69ee3a4a26
Land #11187 , Conform LoginServlet to API standards
2019-01-07 17:03:39 -06:00
f23142c19c
Land #11183 , add authentication to LoginServlet endpoints
2019-01-07 17:02:31 -06:00
6641c606b2
Add support for db import from remote data service
2019-01-07 14:32:27 -06:00
02fda8625a
Address code review comments.
...
- Fix CSS on submit button
- Dont generate a new token when logging in to web form
- Also added text to account page to send the user to the login page when not logged in
2019-01-07 13:52:01 -06:00
101fbb7aa5
Address code review comments
2019-01-04 15:23:24 -06:00
83267d08e0
Update jquery version and use SRI
2019-01-04 15:23:24 -06:00
4bbf84b949
Update login test page to use POST for generate-token
2019-01-04 15:22:32 -06:00
60681e4385
Use POST for token generation
2019-01-04 15:22:32 -06:00
b875d391fc
WIP: updating ref lookup based on code review comments
2019-01-04 15:10:20 -06:00
0281ddf78c
Remove vuln_refs from Vuln JSON schema
...
This object is just a pointer between Vulns and refs. We don't need to surface it
2019-01-04 15:10:20 -06:00
e9931fa70e
Fix bug when updating Mdm::Vuln.refs
2019-01-04 15:10:19 -06:00
4fc65b39a1
Make position of warden call the same as others
...
Minor correction for consistent usage since a previous refactoring moved
the authenticate call into the begin block.
2018-12-31 16:38:26 -05:00
dwelch-r7