make search work on tables for analysis pages

MSP-13273 * host name search scope added to notes * host name search scope added to services * address search scope added to vulns * host name search scope added to loots
rapid7 · Oct 21, 2015 · 3d86978 · 3d86978
1 parent 7e04398
commit 3d86978
Show file tree

Hide file tree

Showing 9 changed files with 67 additions and 32 deletions.
diff --git a/app/models/mdm/loot.rb b/app/models/mdm/loot.rb
@@ -122,16 +122,15 @@ class Mdm::Loot < ActiveRecord::Base
   #
 
   scope :search, lambda { |*args|
-    # @todo replace with AREL
-    terms = RELATIVE_SEARCH_FIELDS.collect { |relative_field|
-      "loots.#{relative_field} ILIKE ?"
-    }
-    disjunction = terms.join(' OR ')
-    formatted_parameter = "%#{args[0]}%"
-    parameters = [formatted_parameter] * RELATIVE_SEARCH_FIELDS.length
-    conditions = [disjunction] + parameters
-
-    where(conditions)
+    joins(:host).
+      where(
+        'loots.ltype ILIKE ? ' +
+          'OR loots.name ILIKE ? ' +
+          'OR loots.info ILIKE ? ' +
+          'OR loots.data ILIKE ? ' +
+          'OR COALESCE(hosts.name, CAST(hosts.address AS TEXT)) ILIKE ?',
+        "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%"
+      )
   }
 
   #

diff --git a/app/models/mdm/note.rb b/app/models/mdm/note.rb
@@ -90,11 +90,14 @@ class Mdm::Note < ActiveRecord::Base
   scope :visible, -> { where(Mdm::Note[:ntype].not_in(['web.form', 'web.url', 'web.vuln'])) }
 
   scope :search, lambda { |*args|
-    where(["(data NOT ILIKE 'BAh7%' AND data LIKE ?)" +
-               "OR (data ILIKE 'BAh7%' AND decode(data, 'base64') LIKE ?)" +
-               "OR ntype ILIKE ?",
-           "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%"
-          ])
+    joins(:host).
+      where(
+        "(notes.data NOT ILIKE 'BAh7%' AND notes.data LIKE ?) " +
+          "OR (notes.data ILIKE 'BAh7%' AND decode(notes.data, 'base64') LIKE ?) " +
+          'OR notes.ntype ILIKE ? ' +
+          'OR COALESCE(hosts.name, CAST(hosts.address AS TEXT)) ILIKE ?',
+        "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%"
+      )
   }
 
   #

diff --git a/app/models/mdm/service.rb b/app/models/mdm/service.rb
@@ -170,13 +170,15 @@ class Mdm::Service < ActiveRecord::Base
   scope :inactive, -> { where("services.state != 'open'") }
   scope :with_state, lambda { |a_state|  where("services.state = ?", a_state)}
   scope :search, lambda { |*args|
-    where([
-              "services.name ILIKE ? OR " +
-                  "services.info ILIKE ? OR " +
-                  "services.proto ILIKE ? OR " +
-                  "services.port = ? ",
-              "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", (args[0].to_i > 0) ? args[0].to_i : 99999
-          ])
+    joins(:host).
+      where(
+        'services.name ILIKE ? OR ' +
+          'services.info ILIKE ? OR ' +
+          'services.proto ILIKE ? OR ' +
+          'services.port = ? OR ' +
+          'COALESCE(hosts.name, CAST(hosts.address AS TEXT)) ILIKE ?',
+         "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", (args[0].to_i > 0) ? args[0].to_i : 99999, "%#{args[0]}%"
+      )
   }
 
   #

diff --git a/app/models/mdm/vuln.rb b/app/models/mdm/vuln.rb
@@ -1,6 +1,6 @@
 # A vulnerability found on a {#host} or {#service}.
 class Mdm::Vuln < ActiveRecord::Base
-  
+
   #
   # Associations
   #
@@ -169,15 +169,16 @@ class Mdm::Vuln < ActiveRecord::Base
 
   scope :search, lambda { |query|
     formatted_query = "%#{query}%"
-
     where(
-        arel_table[:name].matches(formatted_query).or(
-            arel_table[:info].matches(formatted_query)
-        ).or(
-            Mdm::Ref.arel_table[:name].matches(formatted_query)
-        )
+      arel_table[:name].matches(formatted_query).or(
+        arel_table[:info].matches(formatted_query)
+      ).or(
+        Mdm::Ref.arel_table[:name].matches(formatted_query)
+      ).or(
+        Arel::Nodes::NamedFunction.new('CAST', [Mdm::Host.arel_table[:address].as('TEXT')]).matches(formatted_query)
+      )
     ).includes(
-        :refs
+      :refs, :host
     )
   }
 

diff --git a/lib/metasploit_data_models/version.rb b/lib/metasploit_data_models/version.rb
@@ -12,6 +12,7 @@ module Version
     # The patch version number, scoped to the {MAJOR} and {MINOR} version numbers.
     PATCH = 7
 
+    PRERELEASE = 'search-analysis-tab'
 
     #
     # Module Methods

diff --git a/spec/app/models/mdm/loot_spec.rb b/spec/app/models/mdm/loot_spec.rb
@@ -63,6 +63,12 @@
         myloot = FactoryGirl.create(:mdm_loot, :info => 'Find This')
         expect(Mdm::Loot.search('Find This')).to include(myloot)
       end
+
+      it 'should match on hostname' do
+        myloot = FactoryGirl.create(:mdm_loot, :info => 'Find This')
+        host_name = myloot.host.name
+        expect(Mdm::Loot.search(host_name)).to include(myloot)
+      end
     end
   end
 

diff --git a/spec/app/models/mdm/note_spec.rb b/spec/app/models/mdm/note_spec.rb
@@ -80,6 +80,12 @@
         flagged_note = FactoryGirl.create(:mdm_note, :ntype => 'flag.me', :critical => true, :seen => false)
         expect(Mdm::Note.search('flag.me')).to include(flagged_note)
       end
+
+      it 'should match on host name' do
+        flagged_note = FactoryGirl.create(:mdm_note, :seen => false)
+        host_name = flagged_note.host.name
+        expect(Mdm::Note.search(host_name)).to include(flagged_note)
+      end
     end
   end
 end
diff --git a/spec/app/models/mdm/service_spec.rb b/spec/app/models/mdm/service_spec.rb
@@ -53,14 +53,20 @@
       end
     end
 
-    context "search for 'tcp'" do
-      it "should find only services that match" do
+    context 'search' do
+      it 'should find only services that match for \'tcp\'' do
         tcp_service   = FactoryGirl.create(:mdm_service, proto: 'tcp')
         udp_service    =  FactoryGirl.create(:mdm_service, proto: 'udp')
         search_results = Mdm::Service.search('tcp')
         expect(search_results).to     include(tcp_service)
         expect(search_results).not_to include(udp_service)
       end
+
+      it 'should query host name of services' do
+        service = FactoryGirl.create(:mdm_service)
+        host_name = service.host.name
+        expect(Mdm::Service.search(host_name)).to include(service)
+      end
     end
   end
 

diff --git a/spec/app/models/mdm/vuln_spec.rb b/spec/app/models/mdm/vuln_spec.rb
@@ -256,6 +256,17 @@
             end
           end
         end
+
+        context 'with Mdm::Host' do
+          context 'with query matching Mdm::Host address' do
+            let(:vuln_with_host) { FactoryGirl.create(:mdm_vuln, :host)}
+            let(:query) { vuln_with_host.host.address}
+
+            it 'should match Mdm::Vuln' do
+              expect(results).to match_array [vuln_with_host]
+            end
+          end
+        end
       end
     end
   end