Move under Msf::WebServices namespace

2024-09-11 17:08:02 +02:00 · 2018-10-23 23:46:40 -04:00 · 2018-10-23 23:46:40 -04:00 · e144cc6738
commit e144cc6738
parent 1cb23301a6
3 changed files with 83 additions and 79 deletions
--- a/lib/msf/core/web_services/json_rpc_app.rb
+++ b/lib/msf/core/web_services/json_rpc_app.rb
@ -8,60 +8,62 @@ require 'msf/core/web_services/servlet_helper'
 require 'msf/core/web_services/servlet/auth_servlet'
 require 'msf/core/web_services/servlet/json_rpc_servlet'

-class JsonRpcApp < Sinatra::Base
-  helpers ServletHelper
-  helpers Msf::RPC::JSON::DispatcherHelper
+module Msf::WebServices
+  class JsonRpcApp < Sinatra::Base
+    helpers ServletHelper
+    helpers Msf::RPC::JSON::DispatcherHelper

-  # Servlet registration
-  register AuthServlet
-  register JsonRpcServlet
+    # Servlet registration
+    register AuthServlet
+    register JsonRpcServlet

-  set :framework, Msf::Simple::Framework.create({})
-  set :dispatchers, {}
+    set :framework, Msf::Simple::Framework.create({})
+    set :dispatchers, {}
+
+    configure do
+      set :sessions, {key: 'msf-ws.session', expire_after: 300}
+      set :session_secret, ENV.fetch('MSF_WS_SESSION_SECRET') { SecureRandom.hex(16) }
+    end
+
+    before do
+      # store DBManager in request environment so that it is available to Warden
+      request.env['msf.db_manager'] = get_db
+      # store flag indicating whether authentication is initialized in the request environment
+      @@auth_initialized ||= get_db.users({}).count > 0
+      request.env['msf.auth_initialized'] = @@auth_initialized
+    end
+
+    use Warden::Manager do |config|
+      # failed authentication is handled by this application
+      config.failure_app = self
+      # don't intercept 401 responses since the app will provide custom failure messages
+      config.intercept_401 = false
+      config.default_scope = :api
+
+      config.scope_defaults :user,
+                            # whether to persist the result in the session or not
+                            store: true,
+                            # list of strategies to use
+                            strategies: [:password],
+                            # action (route) of the failure application
+                            action: "#{AuthServlet.api_unauthenticated_path}/user"
+
+      config.scope_defaults :api,
+                            # whether to persist the result in the session or not
+                            store: false,
+                            # list of strategies to use
+                            strategies: [:api_token],
+                            # action (route) of the failure application
+                            action: AuthServlet.api_unauthenticated_path
+
+      config.scope_defaults :admin_api,
+                            # whether to persist the result in the session or not
+                            store: false,
+                            # list of strategies to use
+                            strategies: [:admin_api_token],
+                            # action (route) of the failure application
+                            action: AuthServlet.api_unauthenticated_path
+    end

-  configure do
-    set :sessions, {key: 'msf-ws.session', expire_after: 300}
-    set :session_secret, ENV.fetch('MSF_WS_SESSION_SECRET') { SecureRandom.hex(16) }
  end
-
-  before do
-    # store DBManager in request environment so that it is available to Warden
-    request.env['msf.db_manager'] = get_db
-    # store flag indicating whether authentication is initialized in the request environment
-    @@auth_initialized ||= get_db.users({}).count > 0
-    request.env['msf.auth_initialized'] = @@auth_initialized
-  end
-
-  use Warden::Manager do |config|
-    # failed authentication is handled by this application
-    config.failure_app = self
-    # don't intercept 401 responses since the app will provide custom failure messages
-    config.intercept_401 = false
-    config.default_scope = :api
-
-    config.scope_defaults :user,
-                          # whether to persist the result in the session or not
-                          store: true,
-                          # list of strategies to use
-                          strategies: [:password],
-                          # action (route) of the failure application
-                          action: "#{AuthServlet.api_unauthenticated_path}/user"
-
-    config.scope_defaults :api,
-                          # whether to persist the result in the session or not
-                          store: false,
-                          # list of strategies to use
-                          strategies: [:api_token],
-                          # action (route) of the failure application
-                          action: AuthServlet.api_unauthenticated_path
-
-    config.scope_defaults :admin_api,
-                          # whether to persist the result in the session or not
-                          store: false,
-                          # list of strategies to use
-                          strategies: [:admin_api_token],
-                          # action (route) of the failure application
-                          action: AuthServlet.api_unauthenticated_path
-  end
-
 end
--- a/lib/msf/core/web_services/servlet/json_rpc_servlet.rb
+++ b/lib/msf/core/web_services/servlet/json_rpc_servlet.rb
@ -1,34 +1,36 @@
 require 'msf/core/rpc'

-module JsonRpcServlet
+module Msf::WebServices
+  module JsonRpcServlet

-  def self.api_path
-    '/api/:version/json-rpc'
-  end
+    def self.api_path
+      '/api/:version/json-rpc'
+    end

-  def self.registered(app)
-    app.post JsonRpcServlet.api_path, &post_rpc
-  end
+    def self.registered(app)
+      app.post JsonRpcServlet.api_path, &post_rpc
+    end

-  #######
-  private
-  #######
+    #######
+    private
+    #######

-  # Process JSON-RPC request
-  def self.post_rpc
-    lambda {
-      warden.authenticate!
-      begin
-        body = request.body.read
-        tmp_params = sanitize_params(params)
-        data = get_dispatcher(settings.dispatchers, tmp_params[:version].to_sym, settings.framework).process(body)
-        set_raw_response(data)
-      rescue => e
-        print_error("There was an error executing the RPC: #{e.message}.", e)
-        error = Msf::RPC::JSON::Dispatcher.create_error_response(Msf::RPC::JSON::InternalError.new(e))
-        data = Msf::RPC::JSON::Dispatcher.to_json(error)
-        set_raw_response(data, code: 500)
-      end
-    }
+    # Process JSON-RPC request
+    def self.post_rpc
+      lambda {
+        warden.authenticate!
+        begin
+          body = request.body.read
+          tmp_params = sanitize_params(params)
+          data = get_dispatcher(settings.dispatchers, tmp_params[:version].to_sym, framework).process(body)
+          set_raw_response(data)
+        rescue => e
+          print_error("There was an error executing the RPC: #{e.message}.", e)
+          error = Msf::RPC::JSON::Dispatcher.create_error_response(Msf::RPC::JSON::InternalError.new(e))
+          data = Msf::RPC::JSON::Dispatcher.to_json(error)
+          set_raw_response(data, code: 500)
+        end
+      }
+    end
  end
 end
--- a/msf-json-rpc.ru
+++ b/msf-json-rpc.ru
@ -18,4 +18,4 @@ end
 # Note: setup Rails environment before calling require
 require 'msf/core/web_services/json_rpc_app'

-run JsonRpcApp
+run Msf::WebServices::JsonRpcApp