Class: Mdm::Workspace

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Mdm::Workspace

Defined in:

app/models/mdm/workspace.rb

Constant Summary

DEFAULT =

CONSTANTS

'default'

Class Method Summary

• .default ⇒ Object

Instance Method Summary

• #allow_actions_on?(ips) ⇒ Boolean

  If limit_to_network is disabled, this will always return true.

• #boundary_must_be_ip_range ⇒ Object
• #creds ⇒ Object
• #default? ⇒ Boolean
• #each_cred(&block) ⇒ Object

  This method iterates the creds table calling the supplied block with the cred instance of each entry.

• #each_host_tag(&block) ⇒ Object
• #host_tags ⇒ Object
• #unique_web_forms ⇒ Object
• #web_forms ⇒ Object
• #web_pages ⇒ Object
• #web_sites ⇒ Object
• #web_unique_forms(addrs = nil) ⇒ Object
• #web_vulns ⇒ Object

Class Method Details

.default ⇒ Object

# File 'app/models/mdm/workspace.rb', line 81

def self.default
  find_or_create_by_name(DEFAULT)
end

Instance Method Details

#allow_actions_on?(ips) ⇒ Boolean

If limit_to_network is disabled, this will always return true. Otherwise, return true only if all of the given IPs are within the project boundaries.

Returns:

• (Boolean)

# File 'app/models/mdm/workspace.rb', line 53

def allow_actions_on?(ips)
  return true unless limit_to_network
  return true unless boundary
  return true if boundary.empty?
  boundaries = Shellwords.split(boundary)
  return true if boundaries.empty? # It's okay if there is no boundary range after all
  given_range = Rex::Socket::RangeWalker.new(ips)
  return false unless given_range # Can't do things to nonexistant IPs
  allowed = false
  boundaries.each do |boundary_range|
    ok_range = Rex::Socket::RangeWalker.new(boundary)
    allowed = true if ok_range.include_range? given_range
  end
  return allowed
end

#boundary_must_be_ip_range ⇒ Object

# File 'app/models/mdm/workspace.rb', line 69

def boundary_must_be_ip_range
  errors.add(:boundary, "must be a valid IP range") unless valid_ip_or_range?(boundary)
end

#creds ⇒ Object

# File 'app/models/mdm/workspace.rb', line 73

def creds
  Mdm::Cred.find(
      :all,
      :include => {:service => :host},
      :conditions => ["hosts.workspace_id = ?", self.id]
  )
end

#default? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/mdm/workspace.rb', line 85

def default?
  name == DEFAULT
end

#each_cred(&block) ⇒ Object

This method iterates the creds table calling the supplied block with the cred instance of each entry.

# File 'app/models/mdm/workspace.rb', line 93

def each_cred(&block)
  creds.each do |cred|
    block.call(cred)
  end
end

#each_host_tag(&block) ⇒ Object

# File 'app/models/mdm/workspace.rb', line 99

def each_host_tag(&block)
  host_tags.each do |host_tag|
    block.call(host_tag)
  end
end

#host_tags ⇒ Object

# File 'app/models/mdm/workspace.rb', line 105

def host_tags
  Mdm::Tag.find(
      :all,
      :include => :hosts,
      :conditions => ["hosts.workspace_id = ?", self.id]
  )
end

#unique_web_forms ⇒ Object

# File 'app/models/mdm/workspace.rb', line 160

def unique_web_forms
  query = <<-EOQ
        SELECT DISTINCT web_forms.web_site_id, web_forms.path, web_forms.method, web_forms.query  
          FROM hosts, services, web_sites, web_forms  
          WHERE hosts.workspace_id = #{id} AND        
          services.host_id = hosts.id AND         
          web_sites.service_id = services.id AND  
          web_forms.web_site_id = web_sites.id
  EOQ
  Mdm::WebForm.find_by_sql(query)
end

#web_forms ⇒ Object

# File 'app/models/mdm/workspace.rb', line 113

def web_forms
  query = <<-EOQ
        SELECT DISTINCT web_forms.*
        FROM hosts, services, web_sites, web_forms
        WHERE hosts.workspace_id = #{id} AND
          services.host_id = hosts.id AND
          web_sites.service_id = services.id AND
          web_forms.web_site_id = web_sites.id
  EOQ
  Mdm::WebForm.find_by_sql(query)
end

#web_pages ⇒ Object

# File 'app/models/mdm/workspace.rb', line 125

def web_pages
  query = <<-EOQ
        SELECT DISTINCT web_pages.*
          FROM hosts, services, web_sites, web_pages
          WHERE hosts.workspace_id = #{id} AND
          services.host_id = hosts.id AND
          web_sites.service_id = services.id AND
          web_pages.web_site_id = web_sites.id
  EOQ
  Mdm::WebPage.find_by_sql(query)
end

#web_sites ⇒ Object

# File 'app/models/mdm/workspace.rb', line 137

def web_sites
  query = <<-EOQ
        SELECT DISTINCT web_sites.*
          FROM hosts, services, web_sites
          WHERE hosts.workspace_id = #{id} AND
          services.host_id = hosts.id AND
          web_sites.service_id = services.id
  EOQ
  Mdm::WebSite.find_by_sql(query)
end

#web_unique_forms(addrs = nil) ⇒ Object

# File 'app/models/mdm/workspace.rb', line 172

def web_unique_forms(addrs=nil)
  forms = unique_web_forms
  if addrs
    forms.reject!{|f| not addrs.include?( f.web_site.service.host.address ) }
  end
  forms
end

#web_vulns ⇒ Object

# File 'app/models/mdm/workspace.rb', line 148

def web_vulns
  query = <<-EOQ
        SELECT DISTINCT web_vulns.*
        FROM hosts, services, web_sites, web_vulns
          WHERE hosts.workspace_id = #{id} AND
          services.host_id = hosts.id AND
          web_sites.service_id = services.id AND
          web_vulns.web_site_id = web_sites.id
  EOQ
  Mdm::WebVuln.find_by_sql(query)
end