From 97b4c80c778a2099ced21d8c7c0303f9c7a62acd Mon Sep 17 00:00:00 2001 From: UncleSp1d3r Date: Tue, 11 Jun 2024 20:56:18 -0400 Subject: [PATCH] fix: Fixed rule list link Signed-off-by: UncleSp1d3r --- Gemfile | 6 +++-- Gemfile.lock | 9 ++++++- .../api/v1/client/tasks_controller.rb | 24 +++++++++---------- app/models/ability.rb | 11 +++++++++ app/models/agent.rb | 4 ++-- app/models/hash_list.rb | 2 +- app/views/rule_lists/index.html.erb | 4 ++-- db/migrate/20240505012055_init_schema.rb | 20 ++++++++-------- 8 files changed, 50 insertions(+), 30 deletions(-) diff --git a/Gemfile b/Gemfile index 989cbfbb..d8e296fc 100644 --- a/Gemfile +++ b/Gemfile @@ -20,7 +20,7 @@ gem "turbo-rails", ">= 2.0" gem "tzinfo-data", platforms: %i[windows jruby] # Restricting the version of the gem to avoid breaking changes -gem "rubocop", "~> 1.63", require: false +gem "rubocop", "~> 1.64", require: false group :development, :test do gem "brakeman", ">= 6.1", require: false @@ -42,16 +42,19 @@ group :development, :test do # Rubocop extensions gem "rswag-specs", ">= 2.13" + gem "rubocop-capybara", ">= 2.21", require: false gem "rubocop-factory_bot", ">= 2.25", require: false gem "rubocop-ordered_methods", ">= 0.11" gem "rubocop-rails-omakase", ">= 1.0" gem "rubocop-rake", ">= 0.6.0", require: false gem "rubocop-rspec", ">= 2.27", require: false + gem "rubocop-rspec_rails", ">= 2.30", require: false gem "rubocop-thread_safety", ">= 0.5.1", require: false end group :development do gem "annotate", ">= 3.2" + gem "database_consistency", ">= 1.7", require: false gem "dockerfile-rails", ">= 1.6" gem "htmlbeautifier", ">= 1.4" gem "rack-mini-profiler" @@ -71,7 +74,6 @@ gem "ar_lazy_preload", ">= 2.1" gem "audited", ">= 5.5" gem "aws-sdk-s3", ">= 1.151", groups: %i[production development] gem "cancancan", ">= 3.5" -gem "database_consistency", ">= 1.7", group: :development, require: false gem "devise", ">= 4.9" gem "dry-initializer", ">= 3.1" gem "fuubar", ">= 2.5" diff --git a/Gemfile.lock b/Gemfile.lock index d16da6bd..fa51bfd5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -426,6 +426,8 @@ GEM unicode-display_width (>= 2.4.0, < 3.0) rubocop-ast (1.31.3) parser (>= 3.3.1.0) + rubocop-capybara (2.21.0) + rubocop (~> 1.41) rubocop-factory_bot (2.26.1) rubocop (~> 1.61) rubocop-minitest (0.35.0) @@ -450,6 +452,9 @@ GEM rubocop (~> 1.0) rubocop-rspec (3.0.1) rubocop (~> 1.61) + rubocop-rspec_rails (2.30.0) + rubocop (~> 1.61) + rubocop-rspec (~> 3, >= 3.0.1) rubocop-thread_safety (0.5.1) rubocop (>= 0.90.0) ruby-next-core (1.0.3) @@ -619,12 +624,14 @@ DEPENDENCIES rspec_junit_formatter (>= 0.6.0) rswag (>= 2.13) rswag-specs (>= 2.13) - rubocop (~> 1.63) + rubocop (~> 1.64) + rubocop-capybara (>= 2.21) rubocop-factory_bot (>= 2.25) rubocop-ordered_methods (>= 0.11) rubocop-rails-omakase (>= 1.0) rubocop-rake (>= 0.6.0) rubocop-rspec (>= 2.27) + rubocop-rspec_rails (>= 2.30) rubocop-thread_safety (>= 0.5.1) selenium-webdriver (>= 4.19) sem_version (>= 2.0) diff --git a/app/controllers/api/v1/client/tasks_controller.rb b/app/controllers/api/v1/client/tasks_controller.rb index 6559565e..865ee6bf 100644 --- a/app/controllers/api/v1/client/tasks_controller.rb +++ b/app/controllers/api/v1/client/tasks_controller.rb @@ -21,7 +21,7 @@ def abandon return if @task.abandon - render json: @task.errors, status: :unprocessable_entity + render json: @task.errors, status: :unprocessable_content end def accept_task @@ -33,15 +33,15 @@ def accept_task return end if @task.completed? - render json: { error: "Task already completed" }, status: :unprocessable_entity + render json: { error: "Task already completed" }, status: :unprocessable_content return end - render json: @task.errors, status: :unprocessable_entity unless @task.accept + render json: @task.errors, status: :unprocessable_content unless @task.accept return if @task.attack.accept - render json: @task.errors, status: :unprocessable_entity + render json: @task.errors, status: :unprocessable_content end def exhausted @@ -50,10 +50,10 @@ def exhausted render status: :not_found return end - render json: @task.errors, status: :unprocessable_entity unless @task.exhaust + render json: @task.errors, status: :unprocessable_content unless @task.exhaust return if @task.attack.exhaust - render json: @task.errors, status: :unprocessable_entity + render json: @task.errors, status: :unprocessable_content end def submit_crack @@ -81,10 +81,10 @@ def submit_crack return end unless hash_item.update(plain_text: plain_text, cracked: true, cracked_time: timestamp) - render json: { error: hash_item.errors.full_messages }, status: :unprocessable_entity + render json: { error: hash_item.errors.full_messages }, status: :unprocessable_content return end - render json: { error: task.errors.full_messages }, status: :unprocessable_entity unless task.accept_crack + render json: { error: task.errors.full_messages }, status: :unprocessable_content unless task.accept_crack @message = "Hash cracked successfully, #{hash_list.uncracked_count} hashes remaining, task #{task.state}." return unless task.completed? @@ -127,7 +127,7 @@ def submit_status status.hashcat_guess = new_guess logger.debug "Guess: #{status.hashcat_guess.inspect}" else - render json: { errors: ["Guess not found"] }, status: :unprocessable_entity + render json: { errors: ["Guess not found"] }, status: :unprocessable_content return end @@ -149,12 +149,12 @@ def submit_status status.device_statuses << device_status end else - render json: { errors: ["Device Statuses not found"] }, status: :unprocessable_entity + render json: { errors: ["Device Statuses not found"] }, status: :unprocessable_content return end unless status.save - render json: { errors: status.errors.full_messages }, status: :unprocessable_entity + render json: { errors: status.errors.full_messages }, status: :unprocessable_content return end @@ -162,6 +162,6 @@ def submit_status return if @task.accept_status # If the state was not updated, return the task's errors - render json: @task.errors, status: :unprocessable_entity + render json: @task.errors, status: :unprocessable_content end end diff --git a/app/models/ability.rb b/app/models/ability.rb index 62abb430..d1a65e9f 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -39,6 +39,17 @@ def initialize(user) can :file_content, WordList, sensitive: false, processed: true can :file_content, WordList, projects: { id: project_ids }, processed: true # Wordlists that belong to the user's projects + # RuleList permissions + can :read, RuleList, sensitive: false, processed: true # Public Rule lists + can :read, RuleList, projects: { id: project_ids }, processed: true # Rule lists that belong to the user's projects + can :update, RuleList, projects: { id: project_ids } # Rule lists that belong to the user's projects + can :create, RuleList # Everyone can create Rule lists + can :destroy, RuleList, projects: { id: project_ids } # Rule lists that belong to the user's projects + can :view_file, RuleList, sensitive: false, processed: true + can :view_file, RuleList, projects: { id: project_ids }, processed: true # Rule lists that belong to the user's projects + can :file_content, RuleList, sensitive: false, processed: true + can :file_content, RuleList, projects: { id: project_ids }, processed: true # Rule lists that belong to the user's projects + # Attack permissions can :read, Attack, campaign: { project_id: project_ids } # Attacks that belong to the user's projects can :update, Attack, campaign: { project_id: project_ids } # Attacks that belong to the user's projects diff --git a/app/models/agent.rb b/app/models/agent.rb index 1f2c98cc..b16c4da0 100644 --- a/app/models/agent.rb +++ b/app/models/agent.rb @@ -131,7 +131,7 @@ def benchmarks # # If there are no benchmarks, it returns the date from a year ago. # - # @return [Date] The date of the last benchmark. + # @return [Date, ActiveSupport::TimeWithZone] The date of the last benchmark. def last_benchmark_date if hashcat_benchmarks.empty? # If there are no benchmarks, we'll just return the date from a year ago. @@ -170,7 +170,7 @@ def new_task incomplete_task = tasks.incomplete.where(agent_id: id).first # If the task is incomplete and there are no errors for the task, we'll return the task. - return incomplete_task if incomplete_task.present? && !agent_errors.where([task_id: incomplete_task.id, severity: AgentError.severities[:fatal]]).any? + return incomplete_task if incomplete_task.present? && !agent_errors.where(task_id: incomplete_task.id).any? end # Ok, so there's no existing tasks already assigned to the agent. diff --git a/app/models/hash_list.rb b/app/models/hash_list.rb index 867aa067..bed915e5 100644 --- a/app/models/hash_list.rb +++ b/app/models/hash_list.rb @@ -33,7 +33,7 @@ class HashList < ApplicationRecord audited unless Rails.env.test? has_one_attached :file belongs_to :project, touch: true - has_one :campaign, dependent: :destroy + has_one :campaign, dependent: :destroy, touch: true has_many :hash_items, dependent: :destroy belongs_to :hash_type diff --git a/app/views/rule_lists/index.html.erb b/app/views/rule_lists/index.html.erb index 210b28f8..28036807 100644 --- a/app/views/rule_lists/index.html.erb +++ b/app/views/rule_lists/index.html.erb @@ -31,10 +31,10 @@
<%= link_to icon("eye"), rule_list, class: "btn btn-primary btn-sm" if can? :read, rule_list %> - <%= link_to icon("pencil"), edit_word_list_path(rule_list), + <%= link_to icon("pencil"), edit_rule_list_path(rule_list), class: "btn btn-warning btn-sm" if can? :update, rule_list %> <%= button_to icon("trash"), rule_list, method: :delete, data: { confirm: "Are you sure?" }, - class: "btn btn-danger btn-sm" if can? :destroy, rule_list %> + class: "btn btn-danger btn-sm" if can? :destroy, rule_list %>
diff --git a/db/migrate/20240505012055_init_schema.rb b/db/migrate/20240505012055_init_schema.rb index 4aed030e..806c66d3 100644 --- a/db/migrate/20240505012055_init_schema.rb +++ b/db/migrate/20240505012055_init_schema.rb @@ -18,7 +18,7 @@ def up t.bigint "blob_id", null: false t.datetime "created_at", null: false t.index ["blob_id"], name: "index_active_storage_attachments_on_blob_id" - t.index ["record_type", "record_id", "name", "blob_id"], name: "index_active_storage_attachments_uniqueness", unique: true + t.index %w[record_type record_id name blob_id], name: "index_active_storage_attachments_uniqueness", unique: true end create_table "active_storage_blobs" do |t| t.string "key", null: false @@ -34,7 +34,7 @@ def up create_table "active_storage_variant_records" do |t| t.bigint "blob_id", null: false t.string "variation_digest", null: false - t.index ["blob_id", "variation_digest"], name: "index_active_storage_variant_records_uniqueness", unique: true + t.index %w[blob_id variation_digest], name: "index_active_storage_variant_records_uniqueness", unique: true end create_table "agents" do |t| t.text "client_signature", comment: "The signature of the agent" @@ -92,7 +92,7 @@ def up t.datetime "start_time", comment: "The time the attack started." t.datetime "end_time", comment: "The time the attack ended." t.index ["attack_mode"], name: "index_attacks_on_attack_mode" - t.index ["campaign_id", "position"], name: "index_attacks_on_campaign_id_and_position", unique: true + t.index %w[campaign_id position], name: "index_attacks_on_campaign_id_and_position", unique: true t.index ["campaign_id"], name: "index_attacks_on_campaign_id" t.index ["state"], name: "index_attacks_on_state" end @@ -119,11 +119,11 @@ def up t.string "remote_address" t.string "request_uuid" t.datetime "created_at" - t.index ["associated_type", "associated_id"], name: "associated_index" - t.index ["auditable_type", "auditable_id", "version"], name: "auditable_index" + t.index %w[associated_type associated_id], name: "associated_index" + t.index %w[auditable_type auditable_id version], name: "auditable_index" t.index ["created_at"], name: "index_audits_on_created_at" t.index ["request_uuid"], name: "index_audits_on_request_uuid" - t.index ["user_id", "user_type"], name: "user_index" + t.index %w[user_id user_type], name: "user_index" end create_table "campaigns" do |t| t.string "name" @@ -177,7 +177,7 @@ def up t.datetime "updated_at", null: false t.index ["cracked"], name: "index_hash_items_on_cracked" t.index ["hash_list_id"], name: "index_hash_items_on_hash_list_id" - t.index ["hash_value", "salt", "hash_list_id"], name: "index_hash_items_on_hash_value_and_salt_and_hash_list_id", unique: true + t.index %w[hash_value salt hash_list_id], name: "index_hash_items_on_hash_value_and_salt_and_hash_list_id", unique: true end create_table "hash_lists" do |t| t.string "name", null: false, comment: "Name of the hash list" @@ -217,7 +217,7 @@ def up t.integer "device", comment: "The device used for the benchmark." t.float "hash_speed", comment: "The speed of the benchmark. In hashes per second." t.float "runtime", comment: "The time taken to complete the benchmark. In seconds." - t.index ["agent_id", "benchmark_date", "hash_type"], name: "idx_on_agent_id_benchmark_date_hash_type_a667ecb9be", unique: true + t.index %w[agent_id benchmark_date hash_type], name: "idx_on_agent_id_benchmark_date_hash_type_a667ecb9be", unique: true t.index ["agent_id"], name: "index_hashcat_benchmarks_on_agent_id" end create_table "hashcat_guesses" do |t| @@ -285,8 +285,8 @@ def up create_table "projects_word_lists", id: false do |t| t.bigint "project_id", null: false t.bigint "word_list_id", null: false - t.index ["project_id", "word_list_id"], name: "index_projects_word_lists_on_project_id_and_word_list_id" - t.index ["word_list_id", "project_id"], name: "index_projects_word_lists_on_word_list_id_and_project_id" + t.index %w[project_id word_list_id], name: "index_projects_word_lists_on_project_id_and_word_list_id" + t.index %w[word_list_id project_id], name: "index_projects_word_lists_on_word_list_id_and_project_id" end create_table "rule_lists" do |t| t.string "name", null: false, comment: "Name of the rule list"