Land #15493, Rails 6.1 upgrade

Gemfile.lock

@@ -1,10 +1,10 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (6.0.57)
-      actionpack (~> 5.2.2)
-      activerecord (~> 5.2.2)
-      activesupport (~> 5.2.2)
+    metasploit-framework (6.1.0)
+      actionpack (~> 6.0)
+      activerecord (~> 6.0)
+      activesupport (~> 6.0)
       aws-sdk-ec2
       aws-sdk-iam
       aws-sdk-s3
@@ -20,17 +20,17 @@ PATH
       faraday
       faye-websocket
       filesize
-      hrr_rb_ssh (= 0.3.0.pre2)
+      hrr_rb_ssh-ed25519
       http-cookie
       irb
       jsobfu
       json
       metasm
-      metasploit-concern (~> 3.0.0)
-      metasploit-credential (~> 4.0.0)
-      metasploit-model (~> 3.1.0)
+      metasploit-concern
+      metasploit-credential
+      metasploit-model
       metasploit-payloads (= 2.0.50)
-      metasploit_data_models (~> 4.1.0)
+      metasploit_data_models
       metasploit_payloads-mettle (= 1.0.10)
       mqtt
       msgpack
@@ -94,34 +94,33 @@ GEM
   remote: https://rubygems.org/
   specs:
     Ascii85 (1.1.0)
-    actionpack (5.2.6)
-      actionview (= 5.2.6)
-      activesupport (= 5.2.6)
-      rack (~> 2.0, >= 2.0.8)
+    actionpack (6.1.3.2)
+      actionview (= 6.1.3.2)
+      activesupport (= 6.1.3.2)
+      rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.6)
-      activesupport (= 5.2.6)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (6.1.3.2)
+      activesupport (= 6.1.3.2)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activemodel (5.2.6)
-      activesupport (= 5.2.6)
-    activerecord (5.2.6)
-      activemodel (= 5.2.6)
-      activesupport (= 5.2.6)
-      arel (>= 9.0)
-    activesupport (5.2.6)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activemodel (6.1.3.2)
+      activesupport (= 6.1.3.2)
+    activerecord (6.1.3.2)
+      activemodel (= 6.1.3.2)
+      activesupport (= 6.1.3.2)
+    activesupport (6.1.3.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
     afm (0.2.2)
-    arel (9.0.0)
     arel-helpers (2.12.0)
       activerecord (>= 3.1.0, < 7)
     ast (2.4.2)
@@ -207,8 +206,10 @@ GEM
     filesize (0.2.0)
     fivemat (1.3.7)
     hashery (2.1.2)
-    hrr_rb_ssh (0.3.0.pre2)
+    hrr_rb_ssh (0.4.2)
+    hrr_rb_ssh-ed25519 (0.4.2)
       ed25519 (~> 1.2)
+      hrr_rb_ssh (>= 0.4)
     http-cookie (1.0.4)
       domain_name (~> 0.5)
     http_parser.rb (0.7.0)
@@ -226,33 +227,33 @@ GEM
       nokogiri (>= 1.5.9)
     memory_profiler (1.0.0)
     metasm (1.0.5)
-    metasploit-concern (3.0.2)
-      activemodel (~> 5.2.2)
-      activesupport (~> 5.2.2)
-      railties (~> 5.2.2)
-    metasploit-credential (4.0.5)
+    metasploit-concern (4.0.2)
+      activemodel (~> 6.0)
+      activesupport (~> 6.0)
+      railties (~> 6.0)
+    metasploit-credential (5.0.3)
       metasploit-concern
       metasploit-model
-      metasploit_data_models (>= 3.0.0)
+      metasploit_data_models (>= 5.0.0)
       net-ssh
       pg
       railties
       rex-socket
       rubyntlm
       rubyzip
-    metasploit-model (3.1.4)
-      activemodel (~> 5.2.2)
-      activesupport (~> 5.2.2)
-      railties (~> 5.2.2)
+    metasploit-model (4.0.2)
+      activemodel (~> 6.0)
+      activesupport (~> 6.0)
+      railties (~> 6.0)
     metasploit-payloads (2.0.50)
-    metasploit_data_models (4.1.4)
-      activerecord (~> 5.2.2)
-      activesupport (~> 5.2.2)
+    metasploit_data_models (5.0.3)
+      activerecord (~> 6.0)
+      activesupport (~> 6.0)
       arel-helpers
       metasploit-concern
       metasploit-model (>= 3.1)
       pg
-      railties (~> 5.2.2)
+      railties (~> 6.0)
       recog (~> 2.0)
       webrick
     metasploit_payloads-mettle (1.0.10)
@@ -313,12 +314,12 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (5.2.6)
-      actionpack (= 5.2.6)
-      activesupport (= 5.2.6)
+    railties (6.1.3.2)
+      actionpack (= 6.1.3.2)
+      activesupport (= 6.1.3.2)
       method_source
       rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
+      thor (~> 1.0)
     rainbow (3.0.0)
     rake (13.0.6)
     rb-readline (0.5.5)
@@ -447,12 +448,11 @@ GEM
       eventmachine (~> 1.0, >= 1.0.4)
       rack (>= 1, < 3)
     thor (1.1.0)
-    thread_safe (0.3.6)
     tilt (2.0.10)
     timecop (0.9.4)
     ttfunk (1.7.0)
-    tzinfo (1.2.9)
-      thread_safe (~> 0.1)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
     tzinfo-data (1.2021.1)
       tzinfo (>= 1.0.0)
     unf (0.1.4)

app/models/application_record.rb

@@ -1,3 +1,5 @@
 class ApplicationRecord < ActiveRecord::Base
   self.abstract_class = true
+  include ArelHelpers::ArelTable
+  include ArelHelpers::JoinAssociation
 end

app/validators/metasploit/framework/executable_path_validator.rb

@@ -7,7 +7,7 @@ class ExecutablePathValidator < ActiveModel::EachValidator
 
       def validate_each(record, attribute, value)
         unless ::File.executable? value
-          record.errors[attribute] << (options[:message] || "is not a valid path to an executable file")
+          record.errors.add(attribute, (options[:message] || "is not a valid path to an executable file"))
         end
       end
     end

app/validators/metasploit/framework/file_path_validator.rb

@@ -7,7 +7,7 @@ class FilePathValidator < ActiveModel::EachValidator
 
       def validate_each(record, attribute, value)
         unless value && ::File.file?(value)
-          record.errors[attribute] << (options[:message] || "is not a valid path to a regular file")
+          record.errors.add(attribute, (options[:message] || "is not a valid path to a regular file"))
         end
       end
     end

config/application.rb

@@ -36,6 +36,7 @@ class Application < Rails::Application
 
       config.paths['log']             = "#{Msf::Config.log_directory}/#{Rails.env}.log"
       config.paths['config/database'] = [Metasploit::Framework::Database.configurations_pathname.try(:to_path)]
+      config.autoloader = :zeitwerk
 
       case Rails.env
       when "development"
@@ -51,4 +52,4 @@ class Application < Rails::Application
 
 # Silence warnings about this defaulting to true
 I18n.enforce_available_locales = true
-require 'msfenv'
+require 'msfenv'

db/schema.rb

@@ -2,11 +2,11 @@
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
-# Note that this schema.rb definition is the authoritative source for your
-# database schema. If you need to create the application database on another
-# system, you should be using db:schema:load, not running all the migrations
-# from scratch. The latter is a flawed and unsustainable approach (the more migrations
-# you'll amass, the slower it'll run and the greater likelihood for issues).
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
 #
 # It's strongly recommended that you check this file into your version control system.
 

lib/metasploit/framework/command/base.rb

@@ -74,7 +74,7 @@ def self.parsed_options_class
   end
 
   def self.parsed_options_class_name
-    @parsed_options_class_name ||= "#{parent.parent}::ParsedOptions::#{name.demodulize}"
+    @parsed_options_class_name ||= "#{module_parent.module_parent}::ParsedOptions::#{name.demodulize}"
   end
 
   def self.start

lib/metasploit/framework/rails_version_constraint.rb

@@ -3,7 +3,7 @@
 module Metasploit
   module Framework
     module RailsVersionConstraint
-      RAILS_VERSION =  '~> 5.2.2'
+      RAILS_VERSION =  '~> 6.0'
     end
   end
 end

lib/metasploit/framework/version.rb

@@ -30,7 +30,7 @@ def self.get_hash
         end
       end
 
-      VERSION = "6.0.57"
+      VERSION = "6.1.0"
       MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
       PRERELEASE = 'dev'
       HASH = get_hash

lib/msf/core/db_manager/adapter.rb

@@ -29,7 +29,7 @@ def drivers
   def initialize_adapter
     ApplicationRecord.default_timezone = :utc
 
-    if connection_established? && ApplicationRecord.connection_config[:adapter] == ADAPTER
+    if connection_established? && ApplicationRecord.connection_db_config.configuration_hash[:adapter] == ADAPTER
       dlog("Already established connection to #{ADAPTER}, so reusing active connection.")
       self.drivers << ADAPTER
       self.driver = ADAPTER

lib/msf/core/db_manager/migration.rb

@@ -34,7 +34,7 @@ def migrate(config=nil, verbose=false)
     ActiveRecord::Migration.verbose = verbose
     ActiveRecord::Base.connection_pool.with_connection do
       begin
-        context = ActiveRecord::MigrationContext.new(gather_engine_migration_paths)
+        context = ActiveRecord::MigrationContext.new(gather_engine_migration_paths, ActiveRecord::SchemaMigration)
         if context.needs_migration?
           ran = context.migrate
         end

lib/msf/core/handler/reverse_ssh.rb

@@ -37,7 +37,7 @@ def initialize(info = {})
             OptString.new('Ssh::Version', [
               true,
               'The SSH version string to provide',
-              Rex::Proto::Ssh::Connection.default_options['local_version']
+              default_version_string
             ])
           ], Msf::Handler::ReverseSsh
         )
@@ -139,6 +139,17 @@ def wfs_delay
         datastore['WfsDelay'] > 4 ? datastore['WfsDelay'] : 5
       end
       attr_accessor :service # :nodoc:
+
+      private
+
+      def default_version_string
+        require 'rex/proto/ssh/connection'
+        Rex::Proto::Ssh::Connection.default_options['local_version']
+      rescue LoadError => e
+        print_error("This handler requires PTY access not available on all platforms.")
+        elog(e)
+        'SSH-2.0-OpenSSH_5.3p1'
+      end
     end
   end
 end

lib/msf/core/module_manager/cache.rb

@@ -52,7 +52,7 @@ def cache_in_memory(class_or_module, options={})
       log_message = log_lines.join("\n")
       elog(log_message)
     else
-      parent_path = class_or_module.parent.parent_path
+      parent_path = class_or_module.module_parent.parent_path
       reference_name = options.fetch(:reference_name)
       type = options.fetch(:type)
 

lib/msf/core/module_manager/reloading.rb

@@ -20,7 +20,7 @@ def reload_module(mod)
       self.inv_aliases.delete metasploit_class.fullname
     end
 
-    namespace_module = metasploit_class.parent
+    namespace_module = metasploit_class.module_parent
     loader = namespace_module.loader
     loader.reload_module(mod)
   end

lib/msf/core/modules/loader/base.rb

@@ -279,7 +279,7 @@ def reload_module(original_metasploit_class_or_instance)
       original_metasploit_class = original_metasploit_class_or_instance
     end
 
-    namespace_module = original_metasploit_class.parent
+    namespace_module = original_metasploit_class.module_parent
     parent_path = namespace_module.parent_path
 
     type = original_metasploit_class.type
@@ -535,7 +535,7 @@ def namespace_module_transaction(module_full_name, options={}, &block)
     relative_name = namespace_module_names.last
 
     if previous_namespace_module
-      parent_module = previous_namespace_module.parent
+      parent_module = previous_namespace_module.module_parent
       # remove_const is private, so use send to bypass
       parent_module.send(:remove_const, relative_name)
     end
@@ -544,7 +544,7 @@ def namespace_module_transaction(module_full_name, options={}, &block)
     # Get the parent module from the created module so that
     # restore_namespace_module can remove namespace_module's constant if
     # needed.
-    parent_module = namespace_module.parent
+    parent_module = namespace_module.module_parent
 
     begin
       loaded = block.call(namespace_module)

lib/msf/core/web_services/authentication/strategies.rb

@@ -1,7 +1,9 @@
+require 'warden'
+
 module Msf::WebServices::Authentication
   module Strategies
     Warden::Strategies.add(:api_token, Msf::WebServices::Authentication::Strategies::ApiToken)
     Warden::Strategies.add(:admin_api_token, Msf::WebServices::Authentication::Strategies::AdminApiToken)
     Warden::Strategies.add(:password, Msf::WebServices::Authentication::Strategies::UserPassword)
   end
-end
+end

documentation/api/v1/auth_api_doc.rb → lib/msf/core/web_services/documentation/api/v1/auth_api_doc.rb

@@ -1,6 +1,6 @@
 require 'swagger/blocks'
 
-module AuthApiDoc
+module Msf::WebServices::Documentation::Api::V1::AuthApiDoc
   include Swagger::Blocks
 
   MESSAGE_DESC = 'The status of the authentication request.'
@@ -42,14 +42,14 @@ module AuthApiDoc
       end
 
       response 401 do
-        key :description, 'Invalid username or password. ' + RootApiDoc::DEFAULT_RESPONSE_401
+        key :description, 'Invalid username or password. ' + Msf::WebServices::Documentation::Api::V1::RootApiDoc::DEFAULT_RESPONSE_401
         schema do
           key :'$ref', :AuthErrorModel
         end
       end
 
       response 500 do
-        key :description, RootApiDoc::DEFAULT_RESPONSE_500
+        key :description, Msf::WebServices::Documentation::Api::V1::RootApiDoc::DEFAULT_RESPONSE_500
         schema do
           key :'$ref', :ErrorModel
         end