Land #19211, update db manager to no longer default updated_at to cre…

…ated_at value
rapid7 · Jun 3, 2024 · 36e2953 · 36e2953
2 parents a92e37e + cf97b36
commit 36e2953
Show file tree

Hide file tree

Showing 32 changed files with 153 additions and 100 deletions.
diff --git a/lib/msf/core/db_manager/cred.rb b/lib/msf/core/db_manager/cred.rb
@@ -211,7 +211,7 @@ def report_auth_info(opts={})
 
     # Update the timestamp
     if cred.changed?
-      msf_import_timestamps(opts,cred)
+      msf_assign_timestamps(opts, cred)
       cred.save!
     end
 

diff --git a/lib/msf/core/db_manager/host.rb b/lib/msf/core/db_manager/host.rb
@@ -274,7 +274,7 @@ def report_host(opts)
       host_state_changed(host, ostate) if host.state != ostate
 
       if host.changed?
-        msf_import_timestamps(opts, host)
+        msf_assign_timestamps(opts, host)
         host.save!
       end
     rescue ActiveRecord::RecordNotUnique, ActiveRecord::RecordInvalid

diff --git a/lib/msf/core/db_manager/import.rb b/lib/msf/core/db_manager/import.rb
@@ -480,23 +480,84 @@ def import_filetype_detect(data)
     raise Msf::DBImportError.new("Could not automatically determine file type")
   end
 
-  # Handles timestamps from Metasploit Express/Pro imports.
-  def msf_import_timestamps(opts,obj)
+  def msf_import_service(opts)
+    normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
+    report_service(normalised_import_timestamp_opts)
+  end
+
+  def msf_import_vuln(opts)
+    normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
+    report_vuln(normalised_import_timestamp_opts)
+  end
+
+  def msf_import_note(opts)
+    normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
+    report_note(normalised_import_timestamp_opts)
+  end
+
+  def msf_import_host(opts)
+    normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
+    report_host(normalised_import_timestamp_opts)
+  end
+
+  def msf_import_task(opts)
+    normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
+    report_task(normalised_import_timestamp_opts)
+  end
+
+  def msf_import_user(opts)
+    normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
+    report_user(normalised_import_timestamp_opts)
+  end
+
+  def msf_import_loot(opts)
+    normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
+    report_loot(normalised_import_timestamp_opts)
+  end
+
+  def msf_import_web_site(opts)
+    normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
+    report_web_site(normalised_import_timestamp_opts)
+  end
+
+  def msf_import_web_page(opts)
+    normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
+    report_web_page(normalised_import_timestamp_opts)
+  end
+
+  def msf_import_web_vuln(opts)
+    normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
+    report_web_vuln(normalised_import_timestamp_opts)
+  end
+
+  def msf_import_artifact(opts)
+    normalised_import_timestamp_opts = msf_normalise_import_timestamps(opts)
+    report_artifact(normalised_import_timestamp_opts)
+  end
+
+  # Assigns created_at and updated_at time stamps to an object.
+  def msf_assign_timestamps(opts,obj)
     obj.created_at = opts["created_at"] if opts["created_at"]
     obj.created_at = opts[:created_at] if opts[:created_at]
-    obj.updated_at = opts["updated_at"] ? opts["updated_at"] : obj.created_at
-    obj.updated_at = opts[:updated_at] ? opts[:updated_at] : obj.created_at
-    return obj
+    obj.updated_at = opts["updated_at"] if opts["updated_at"]
+    obj.updated_at = opts[:updated_at] if opts[:updated_at]
+  end
+
+  # Handles timestamps from Metasploit Express/Pro imports.
+  def msf_normalise_import_timestamps(opts)
+    opts[:created_at] ||= (opts["created_at"] || ::Time.now.utc)
+    opts[:updated_at] ||= (opts["updated_at"] || opts[:created_at])
+    opts
   end
 
   def report_import_note(wspace,addr)
     if @import_filedata.kind_of?(Hash) && @import_filedata[:filename] && @import_filedata[:filename] !~ /msfe-nmap[0-9]{8}/
-    report_note(
-      :workspace => wspace,
-      :host => addr,
-      :type => 'host.imported',
-      :data => @import_filedata.merge(:time=> Time.now.utc)
-    )
+      msf_import_note(
+        :workspace => wspace,
+        :host => addr,
+        :type => 'host.imported',
+        :data => @import_filedata.merge(:time=> Time.now.utc)
+      )
     end
   end
 

diff --git a/lib/msf/core/db_manager/import/gpp.rb b/lib/msf/core/db_manager/import/gpp.rb
@@ -27,7 +27,7 @@ def import_gpp_xml(args = {}, &block)
     end
 
     # Store entire file as loot, including metadata
-    report_loot(
+    msf_import_loot(
       workspace: wspace,
       path:      args[:filename],
       name:      File.basename(args[:filename]),

diff --git a/lib/msf/core/db_manager/import/ip360/v3.rb b/lib/msf/core/db_manager/import/ip360/v3.rb
@@ -83,11 +83,11 @@ def import_ip360_xml_v3(args={}, &block)
       host_hash[:name] = hname.to_s.strip if hname
       host_hash[:mac]  = mac.to_s.strip.upcase if mac
 
-      hobj = report_host(host_hash)
+      hobj = msf_import_host(host_hash)
 
       yield(:os, os) if block
       if os
-        report_note(
+        msf_import_note(
           :workspace => wspace,
           :task => args[:task],
           :host => hobj,
@@ -131,15 +131,15 @@ def import_ip360_xml_v3(args={}, &block)
   # IP360 v3 svc
   def handle_ip360_v3_svc(wspace,hobj,port,proto,hname,task=nil)
     addr = hobj.address
-    report_host(:workspace => wspace, :host => hobj, :state => Msf::HostState::Alive, :task => task)
+    msf_import_host(:workspace => wspace, :host => hobj, :state => Msf::HostState::Alive, :task => task)
 
     info = { :workspace => wspace, :host => hobj, :port => port, :proto => proto, :task => task }
     if hname != "unknown" and hname[-1,1] != "?"
       info[:name] = hname
     end
 
     if port.to_i != 0
-      report_service(info)
+      msf_import_service(info)
     end
   end
 
@@ -153,7 +153,7 @@ def handle_ip360_v3_vuln(wspace,hobj,port,proto,hname,vulnid,vulnname,cves,bids,
     end
 
     if port.to_i != 0
-      report_service(info)
+      msf_import_service(info)
     end
 
     refs = []
@@ -181,6 +181,6 @@ def handle_ip360_v3_vuln(wspace,hobj,port,proto,hname,vulnid,vulnname,cves,bids,
       vuln[:proto] = proto
     end
 
-    report_vuln(vuln)
+    msf_import_vuln(vuln)
   end
 end
diff --git a/lib/msf/core/db_manager/import/libpcap.rb b/lib/msf/core/db_manager/import/libpcap.rb
@@ -35,7 +35,7 @@ def import_libpcap(args={}, &block)
       unless( bl.include?(saddr) || rfc3330_reserved(saddr))
         yield(:address,saddr) if block and !seen_hosts.keys.include?(saddr)
         unless seen_hosts[saddr]
-          report_host(
+          msf_import_host(
               :workspace => wspace,
               :host      => saddr,
               :state     => Msf::HostState::Alive,
@@ -48,7 +48,7 @@ def import_libpcap(args={}, &block)
       unless( bl.include?(daddr) || rfc3330_reserved(daddr))
         yield(:address,daddr) if block and !seen_hosts.keys.include?(daddr)
         unless seen_hosts[daddr]
-          report_host(
+          msf_import_host(
               :workspace => wspace,
               :host      => daddr,
               :state     => Msf::HostState::Alive,
@@ -63,7 +63,7 @@ def import_libpcap(args={}, &block)
           pkt.tcp_src < 1024 # If it's a low port, assume it's a proper service.
           if seen_hosts[saddr]
             unless seen_hosts[saddr].include? [pkt.tcp_src,"tcp"]
-              report_service(
+              msf_import_service(
                   :workspace => wspace, :host => saddr,
                   :proto     => "tcp", :port => pkt.tcp_src,
                   :state     => Msf::ServiceState::Open,
@@ -79,7 +79,7 @@ def import_libpcap(args={}, &block)
           [saddr,daddr].each do |xaddr|
             if seen_hosts[xaddr]
               unless seen_hosts[xaddr].include? [pkt.udp_src,"udp"]
-                report_service(
+                msf_import_service(
                     :workspace => wspace, :host => xaddr,
                     :proto     => "udp", :port => pkt.udp_src,
                     :state     => Msf::ServiceState::Open,
@@ -93,7 +93,7 @@ def import_libpcap(args={}, &block)
         elsif pkt.udp_src < 1024 # Probably a service
           if seen_hosts[saddr]
             unless seen_hosts[saddr].include? [pkt.udp_src,"udp"]
-              report_service(
+              msf_import_service(
                   :workspace => wspace, :host => saddr,
                   :proto     => "udp", :port => pkt.udp_src,
                   :state     => Msf::ServiceState::Open,
@@ -142,7 +142,7 @@ def inspect_single_packet_http(pkt,wspace,args)
       if pkt.payload =~ /^HTTP\x2f1\x2e[01]/n
         http_server_match = pkt.payload.match(/\nServer:\s+([^\r\n]+)[\r\n]/n)
         if http_server_match.kind_of?(MatchData) and http_server_match[1]
-          report_service(
+          msf_import_service(
               :workspace => wspace,
               :host      => pkt.ip_saddr,
               :port      => pkt.tcp_src,
@@ -172,7 +172,7 @@ def inspect_single_packet_http(pkt,wspace,args)
         # this point, we'll just believe everything the packet says -- validation ought
         # to come later.
         user,pass = b64_cred.unpack("m*").first.split(/:/,2)
-        report_service(
+        msf_import_service(
             :workspace => wspace,
             :host      => pkt.ip_daddr,
             :port      => pkt.tcp_dst,

diff --git a/lib/msf/core/db_manager/import/metasploit_framework/xml.rb b/lib/msf/core/db_manager/import/metasploit_framework/xml.rb
@@ -85,7 +85,7 @@ def import_msf_note_element(note, allow_yaml, note_data={})
         note_data[datum.gsub("-","_")] = nils_for_nulls(note.at(datum).text.to_s.strip)
       end
     }
-    report_note(note_data)
+    msf_import_note(note_data)
   end
 
   # Imports web_form element using Msf::DBManager#report_web_form.
@@ -294,7 +294,7 @@ def parse_web_site(web, wspace, allow_yaml, &block)
       end
     }
 
-    report_web_site(info)
+    msf_import_web_site(info)
     yield(:web_site, "#{info[:host]}:#{info[:port]} (#{info[:vhost]})") if block
   end
 
@@ -331,7 +331,7 @@ def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block)
       end
     }
     host_address = host_data[:host].dup # Preserve after report_host() deletes
-    hobj = report_host(host_data)
+    hobj = msf_import_host(host_data)
 
     host.xpath("host_details/host_detail").each do |hdet|
       hdet_data = {}
@@ -371,7 +371,7 @@ def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block)
           end
         end
       }
-      report_service(service_data)
+      msf_import_service(service_data)
     end
 
     host.xpath('notes/note').each do |note|
@@ -417,7 +417,7 @@ def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block)
         end
       end
 
-      vobj = report_vuln(vuln_data)
+      vobj = msf_import_vuln(vuln_data)
 
       vuln.xpath("notes/note").each do |note|
         note_data = {}

diff --git a/lib/msf/core/db_manager/import/metasploit_framework/zip.rb b/lib/msf/core/db_manager/import/metasploit_framework/zip.rb
@@ -144,7 +144,7 @@ def parse_zip_task(task, wspace, bl, allow_yaml, btag, args, basedir, host_info,
       if ::File.exist?(new_task)
         ::File.unlink new_task # Delete it, and don't report it.
       else
-        report_task(task_info) # It's new, so report it.
+        msf_import_task(task_info) # It's new, so report it.
       end
       ::FileUtils.copy(task_info[:orig_path], new_task)
       yield(:msf_task, new_task) if block

diff --git a/lib/msf/core/db_manager/import/nessus.rb b/lib/msf/core/db_manager/import/nessus.rb
@@ -30,7 +30,7 @@ def handle_nessus(wspace, hobj, port, nasl, plugin_name, severity, data,task=nil
     if name and name != "unknown" and name[-1,1] != "?"
       info[:name] = name
     end
-    report_service(info)
+    msf_import_service(info)
 
     if nasl.nil? || nasl.empty? || nasl == 0 || nasl == "0"
       return
@@ -78,6 +78,6 @@ def handle_nessus(wspace, hobj, port, nasl, plugin_name, severity, data,task=nil
       :refs => refs,
       :task => task,
     }
-    report_vuln(vuln_info)
+    msf_import_vuln(vuln_info)
   end
 end
diff --git a/lib/msf/core/db_manager/import/nessus/nbe.rb b/lib/msf/core/db_manager/import/nessus/nbe.rb
@@ -45,7 +45,7 @@ def import_nessus_nbe(args={}, &block)
         yield(:address,addr) if block
       end
 
-      hobj_map[ addr ] ||= report_host(:host => addr, :workspace => wspace, :task => args[:task])
+      hobj_map[ addr ] ||= msf_import_host(:host => addr, :workspace => wspace, :task => args[:task])
 
       # Match the NBE types with the XML severity ratings
       case type
@@ -61,7 +61,7 @@ def import_nessus_nbe(args={}, &block)
       end
       if nasl == "11936"
         os = data.match(/The remote host is running (.*)\\n/)[1]
-        report_note(
+        msf_import_note(
           :workspace => wspace,
           :task => args[:task],
           :host => hobj_map[ addr ],

diff --git a/lib/msf/core/db_manager/import/nessus/xml/v1.rb b/lib/msf/core/db_manager/import/nessus/xml/v1.rb
@@ -34,13 +34,13 @@ def import_nessus_xml(args={}, &block)
 
       # Record the hostname
       hinfo.merge!(:name => hname.to_s.strip) if hname
-      hobj = report_host(hinfo)
+      hobj = msf_import_host(hinfo)
       report_import_note(wspace,hobj)
 
       # Record the OS
       os ||= host.elements["os_name"]
       if os
-        report_note(
+        msf_import_note(
           :workspace => wspace,
           :task => args[:task],
           :host => hobj,

diff --git a/lib/msf/core/db_manager/import/nessus/xml/v2.rb b/lib/msf/core/db_manager/import/nessus/xml/v2.rb
@@ -50,13 +50,13 @@ def import_nessus_xml_v2(args={}, &block)
       # We can't use them anyway, so take just the first.
       host_info[:mac]  = mac.to_s.strip.upcase.split(/\s+/).first if mac
 
-      hobj = report_host(host_info)
+      hobj = msf_import_host(host_info)
       report_import_note(wspace,hobj)
 
       os = host['os']
       yield(:os,os) if block
       if os
-        report_note(
+        msf_import_note(
           :workspace => wspace,
           :task => args[:task],
           :host => hobj,
@@ -110,7 +110,7 @@ def handle_nessus_v2(wspace,hobj,port,proto,name,nasl,nasl_name,severity,descrip
     end
 
     if port.to_i != 0
-      report_service(info)
+      msf_import_service(info)
     end
 
     if nasl.nil? || nasl.empty? || nasl == 0 || nasl == "0"
@@ -159,6 +159,6 @@ def handle_nessus_v2(wspace,hobj,port,proto,name,nasl,nasl_name,severity,descrip
       vuln[:proto] = proto
     end
 
-    report_vuln(vuln)
+    msf_import_vuln(vuln)
   end
 end
diff --git a/lib/msf/core/db_manager/import/netsparker.rb b/lib/msf/core/db_manager/import/netsparker.rb
@@ -92,7 +92,7 @@ def import_netsparker_xml(args={}, &block)
           end
 
           # Report the web page to the database
-          report_web_page(info)
+          msf_import_web_page(info)
 
           yield(:web_page, url) if block
         end
@@ -145,7 +145,7 @@ def import_netsparker_xml(args={}, &block)
 
       next if vuln['type'].to_s.empty?
 
-      report_web_vuln(info)
+      msf_import_web_vuln(info)
       yield(:web_vuln, url) if block
     end