Add namespace to identify.rb #17135
Add namespace to identify.rb #17135
Conversation
|
Namespace wise I think this may read better to move the file and set the namespace as Also as an optional but preferred patten, instead of including the modules I would prefer to see the methods and constants accessed directly: Metasploit::Framework::Hashes::JTR_NTLMV1
Metasploit::Framework::Hashes::JTR_NTLMV2
Metasploit::Framework::Hashes.identify_hash(hash_value)I think the quantity of file changes would still be similar, so more a preference than required guidance. |
This makes a lot of sense to me, it seems more resilient to be able to add more utility to the file if needed at a later date. I can definitely move it up one level and rename it |
|
@jmartin-r7 I've made the requested changes. I searched for the JTR constants being used but didn't find any, and this should contain all the files that were previously using identify_hash. Anywhere calling identify_hash should be accessed directly now rather than an include |
There was a problem hiding this comment.
Thanks for adjusting.
I see a few usages of the constants in the following files:
metasploit-framework/modules/auxiliary/server/capture/mssql.rb
Lines 234 to 251 in 49f3e0d
There was a problem hiding this comment.
This looks good to me although I would prefer to see this squashed to a smaller number of commits.
@cdelafuente-r7 you logged the original issue, any thoughts to add?
k0pak4
force-pushed
the
identify-hash-module
branch
from
014420d
to
1971556
Compare
|
@jmartin-r7 I squashed everything post review to a single commit. I wasn't sure if metasploit-framework uses squash commits on PR merges, but this at least makes it a bit more easy to read |
|
This is better and based on the number of files changed seems reasonable. We merge in as |
Modularize Identity.rb Include new module style Identify Update juniper.rb Fix inadvertent change Add new module to identify spec Put the require back Put back require line for juniper
Fix rubocop Move identify to hashes module up one layer, use full reference to identify_hash instead of full include Fix SMTP require Remove hashes require statement Remove hashes require statement Remove hashes require statement Remove hashes require statement Address remaining requested changes, reference constants directly Add all the missing direct references Co-Authored-By: Jeffrey Martin <jeffrey_martin@rapid7.com>
k0pak4
force-pushed
the
identify-hash-module
branch
from
1971556
to
1e50ba3
Compare
|
@jmartin-r7 thanks for the help and the details on how it's merged. I'll keep that in mind for future PRs to squash first 🤙 |
There was a problem hiding this comment.
I found a couple of instances that still need to be updated:
Also, @jmartin-r7 , I'm wondering if this mixin should be autoloaded when MSF starts? I noticed that any classes in lib/msf/core/auxiliary/ get autoloaded anyway and some of them already load metasploit/framework/hashes.
| @@ -17,8 +17,8 @@ def validate_smb_hash_capture_datastore(datastore, ntlm_provider) | |||
|
|
|||
| if datastore['JOHNPWFILE'] | |||
| print_status("JTR hashes will be split into two files depending on the hash format.") | |||
| print_status("#{build_jtr_file_name(JTR_NTLMV1)} for NTLMv1 hashes.") | |||
| print_status("#{build_jtr_file_name(JTR_NTLMV2)} for NTLMv2 hashes.") | |||
| print_status("#{build_jtr_file_name(Metasploit::Framework::Hashes::JTR_NTLMV1)} for NTLMv1 hashes.") | |||
There was a problem hiding this comment.
Just a heads up: this class does not require metasploit/framework/hashes and I believe it does not break because this module is already autoloaded in one of the lib/msf/core/auxiliary/ classes.
|
@cdelafuente-r7 |
|
@jmartin-r7 , thanks for the explanation. In this case, I don't think it is worth blocking this PR for this. I'm good to land it as it is right now. |
|
Thanks for your contribution @k0pak4. Everything looks good to me. I tested a couple of modules and make sure |
Release NotesThis adds proper namespace to the hash identification library to avoid any potential collision with the constants defined previously. |
This change addresses Issue 16515 to namespace the identify.rb file
There are a lot of small changes, mostly to include the new module after requiring it. I thought about changing it at a higher level for some (e.g. the Wordpress helper since like 10+ wordpress modules use it) but wasn't sure if the team had a specific location that might make more sense. It can also just be the way I changed it here, or any other suggested locations. There also were inconsistencies on where to put the require line (in the class, above it, top of file, etc.) I am happy to change it to what the current standard is, just let me know!
Verification
Load and attempt to run any of the modified modules. I searched for the old require line in order to find all affected modules. I absolutely would appreciate a second check on that, in case one was missed. There are tests that verify the module usage already, since they were failing when I first did not include it correctly.