Add support for Ruby 3.0.0

[adfoster-r7]

Summary

Update Metasploit framework to support Ruby 3.0.0

Motivation

Ruby 2.x will eventually EOL and stop receiving security upgrades
Kali etc will most likely ship with Ruby 3.0.0, which Metasploit currently does not work with

Required work

1. Updating pcaprub

pcaprub does not currently install as a dependency, related pull request: pcaprub/pcaprub#58

Fetching gem metadata from https://rubygems.org/.........
pcaprub-0.13.0 requires ruby version ~> 2.0, which is incompatible with the current version, ruby 3.0.0p0

Current work around within Gemfile:

# Note: Additionally requires a `bundle` in framework, and compiling pcaprub manually: `cd $(bundle info --path pcaprub) && rake compile`
gem 'pcaprub', '0.13.1',
    git: 'https://github.com/pcaprub/pcaprub',
    branch: 'ruby3',
    require: false

And for the eventmachine compilation issue on mac:

gem install eventmachine -- --with-openssl-dir=/usr/local/opt/openssl@1.1

2. Update rex-core to explicitly depend on webrick

Metasploit data models has an implicit dependency on webrick here
which breaks and must be updated to work:

+#/Users/user/.rvm/gems/ruby-3.0.0@metasploit-framework/gems/metasploit_data_models-4.1.1/lib/metasploit_data_models.rb:6:in `require': cannot load such file -- webrick (LoadError)

Webrick is no longer included in Ruby 3.0.0 by default:
https://www.ruby-lang.org/en/news/2020/12/25/ruby-3-0-0-released/

The following libraries are no longer bundled gems or standard libraries. Install the corresponding gems to use these features.

• sdbm
• webrick
• net-telnet
• xmlrpc

3. Upgrade to Rails 6

Ruby 3.0.0 stops Metasploit console from starting up due to currently being on Rails 5.2

4. Update uses of rexml

Continuation of point 1, the rex-exploitation gem uses rexml

Fix Ruby deprecation issues

1. SQLite3 deprecation warning

/usr/share/metasploit-framework/modules/post/windows/gather/enum_chrome.rb:144: warning: rb_check_safe_obj will be removed in Ruby 3.0

Looks like this is fixed by in sqlite3-ruby 1.4.2:

https://github.com/sparklemotion/sqlite3-ruby/blame/d94c42b0b8e5005ee28cde75a58e15ea5670d1c4/CHANGELOG.rdoc#L1-L6

However we're currently pinned to an older version: #11363

2. Remove tainted calls from rex-core

rapid7/rex-core#11

[adfoster-r7]

@sbrun Would you happen to know when Kali plans to use Ruby 3.0.0? We would like to aim for Metasploit being fully updated before that date, so any insight would be appreciated 👍

[sbrun]

@adfoster-r7 Kali follows Debian Testing and Debian plans to use Ruby 3.0.0 after the Bullseye release (the freeze started). No date is set, Debian release is done when "it's ready". I think it will be around this summer.

[anthraxx]

The time has come, Ruby 3.0 is arriving in Arch Linux, which now hits this issue unfortunately. 🐈

[ilovesusu]

2021-08-14 debian 11 Release, Ruby3.0 about to happen

[adfoster-r7]

The final pull request for Ruby 3 support is here #15537, hoping to get that out for next week's framework release. Note that there's a bug in Ruby itself which will require at least Ruby 3.0.1 to work with framework.

[jeffmcjunkin]

Just checking, is Ruby 3.0.1 now supported in the nightly builds? I'm getting caught on #14763 again, and insert_all API sounds like it'd result in some big speed increases, which depends on Ruby 3.0.

FWIW I'm seeing slowdowns (and imports stopping entirely) on moderately-sized masscan XML imports (~5000 hosts) as well. A quick profile of postgres shows the excessive SELECT statements.

[adfoster-r7]

@jeffmcjunkin The insert_all API is available now as part of our Rails 6.1 upgrade, which was a separate effort to the Ruby 3.x support. We should revisit the slow db_import functionality again, thanks for the heads up 👍

[adfoster-r7]

Closing this issue as Metasploit should now support Ruby 3.0.1