Module: Msf::WebServices::ServletHelper

Includes:

ResponseDataHelper

Defined in:

lib/msf/core/web_services/servlet_helper.rb

Constant Summary

@@console_printer =

Rex::Ui::Text::Output::Stdio.new

Instance Method Summary

• #create_error_response(error:, message:, code:) ⇒ Object
• #encode_loot_data(data) ⇒ Object
• #exec_report_job(request, includes = nil, &job) ⇒ Object
• #format_cred_json(data) ⇒ Object
• #get_db ⇒ Object
• #is_single_object?(data, params) ⇒ Bool

  Determines if this data set should be output as a single object instead of an array.

• #parse_json_request(request, strict = false) ⇒ Object
• #print_error(msg, exception = nil) ⇒ Object
• #print_error_and_create_response(error:, message:, code:) ⇒ Object
• #print_good(msg) ⇒ Object
• #print_line(msg) ⇒ Object
• #print_warning(msg) ⇒ Object
• #sanitize_params(params, query_hash = {}) ⇒ Hash

  Sinatra injects extra parameters for some reason: github.com/sinatra/sinatra/issues/453 This method cleans those up so we don’t have any unexpected values before passing on.

• #set_empty_response ⇒ Object
• #set_error_on_response(error) ⇒ Object
• #set_html_response(data) ⇒ Object
• #set_json_data_response(response:, includes: nil, code: 200) ⇒ Object
• #set_json_error_response(response:, code:) ⇒ Object
• #set_json_response(data, includes = nil, code = 200) ⇒ Object
• #set_raw_response(data, code: 200) ⇒ Object
• #warden ⇒ Warden::Proxy

  Get Warden::Proxy object from the Rack environment.

• #warden_options ⇒ Hash

  Get Warden options hash from the Rack environment.

Methods included from ResponseDataHelper

#json_to_hash, #json_to_mdm_object, #process_file, #to_ar

Instance Method Details

#create_error_response(error:, message:, code:) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 60

def create_error_response(error:, message:, code:)
  error_response = {
    code: code,
    message: "#{message} #{error.message}"
  }
  set_json_error_response(response: error_response, code: code)
end

#encode_loot_data(data) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 135

def encode_loot_data(data)
  Array.wrap(data).each do |loot|
    loot.data = Base64.urlsafe_encode64(loot.data) if loot.data && !loot.data.empty?
  end
  data
end

#exec_report_job(request, includes = nil, &job) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 68

def exec_report_job(request, includes = nil, &job)
  begin

    # report jobs always need data
    opts = parse_json_request(request, true)

    exec_async = opts.delete(:exec_async)
    if (exec_async)
      Msf::WebServices::JobProcessor.instance.submit_job(opts, &job)
      return set_empty_response
    else
      data = job.call(opts)
      return set_json_data_response(response: data, includes: includes)
    end

  rescue => e
    print_error_and_create_response(error: e, message: 'There was an error creating the record:', code: 500)
  end
end

#format_cred_json(data) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 121

def format_cred_json(data)
  includes = [:logins, :public, :private, :realm, :origin]

  response = []
  Array.wrap(data).each do |cred|
    json = cred.as_json(include: includes)
    json['origin'] = json['origin'].merge('type' => cred.origin.class.to_s) if cred.origin
    json['public'] = json['public'].merge('type' => cred.public.type) if cred.public
    json['private'] = json['private'].merge('type' => cred.private.type) if cred.private
    response << json
  end
  response
end

#get_db ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 88

def get_db
  Msf::WebServices::DBManagerProxy.instance.db
end

#is_single_object?(data, params) ⇒ Bool

Determines if this data set should be output as a single object instead of an array.

Parameters:

• data (Array) —

  Array containing the data to be returned to the user.

• params (Hash) —

  The parameters included in the request.

Returns:

• (Bool) —

  true if the data should be printed as a single object, false otherwise

# File 'lib/msf/core/web_services/servlet_helper.rb', line 114

def is_single_object?(data, params)
  # Check to see if the ID parameter was present. If so, print as a single object.
  # Note that ID is not valid as a query parameter, so we assume that the user
  # used <resource>/{ID} notation if ID is present in params.
  !params[:id].nil? && data.count == 1
end

#parse_json_request(request, strict = false) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 44

def parse_json_request(request, strict = false)
  body = request.body.read
  if (body.nil? || body.empty?)
    raise 'Invalid body, expected data' if strict
    return {}
  end

  hash = JSON.parse(body)
  hash.deep_symbolize_keys
end

#print_error(msg, exception = nil) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 166

def print_error(msg, exception = nil)
  unless exception.nil?
    msg += "\n    Call Stack:"
    exception.backtrace.each {|line|
      msg += "\n"
      msg += "\t #{line}"
    }
  end

  @@console_printer.print_error(msg)
end

#print_error_and_create_response(error:, message:, code:) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 55

def print_error_and_create_response(error: , message:, code:)
  print_error "Error handling request: #{error.message}.", error
  create_error_response(error: error, message: message, code: code)
end

#print_good(msg) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 162

def print_good(msg)
  @@console_printer.print_good(msg)
end

#print_line(msg) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 154

def print_line(msg)
  @@console_printer.print_line(msg)
end

#print_warning(msg) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 158

def print_warning(msg)
  @@console_printer.print_warning(msg)
end

#sanitize_params(params, query_hash = {}) ⇒ Hash

Sinatra injects extra parameters for some reason: github.com/sinatra/sinatra/issues/453 This method cleans those up so we don’t have any unexpected values before passing on. It also inspects the query string for any invalid parameters.

Parameters:

• params (Hash) —

  Hash containing the parameters for the request.

• query_hash (Hash) (defaults to: {}) —

  The query_hash variable from the rack request.

Returns:

• (Hash) —

  Returns params with symbolized keys and the injected parameters removed.

# File 'lib/msf/core/web_services/servlet_helper.rb', line 99

def sanitize_params(params, query_hash = {})
  # Reject id passed as a query parameter for GET requests.
  # API standards say path ID should be used for single records.
  if query_hash.key?('id')
    raise ArgumentError, ("'id' is not a valid query parameter. Please use /api/v1/<resource>/{ID} instead.")
  end
  params.symbolize_keys.except(:captures, :splat).to_h.symbolize_keys
end

#set_empty_response ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 15

def set_empty_response
  set_json_data_response(response: '')
end

#set_error_on_response(error) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 9

def set_error_on_response(error)
  print_error "Error handling request: #{error.message}", error
  headers = {'Content-Type' => 'text/plain'}
  [500, headers, error.message]
end

#set_html_response(data) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 39

def set_html_response(data)
  headers = {'Content-Type' => 'text/html'}
  [200, headers, data]
end

#set_json_data_response(response:, includes: nil, code: 200) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 29

def set_json_data_response(response:, includes: nil, code: 200)
  data_response = { data: response }
  set_json_response(data_response, includes = includes, code = code)
end

#set_json_error_response(response:, code:) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 34

def set_json_error_response(response:, code:)
  error_response = { error: response }
  set_json_response(error_response, nil, code = code)
end

#set_json_response(data, includes = nil, code = 200) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 24

def set_json_response(data, includes = nil, code = 200)
  headers = { 'Content-Type' => 'application/json' }
  [code, headers, to_json(data, includes)]
end

#set_raw_response(data, code: 200) ⇒ Object

# File 'lib/msf/core/web_services/servlet_helper.rb', line 19

def set_raw_response(data, code: 200)
  headers = { 'Content-Type' => 'application/json' }
  [code, headers, data]
end

#warden ⇒ Warden::Proxy

Get Warden::Proxy object from the Rack environment.

Returns:

• (Warden::Proxy) —

  The Warden::Proxy object from the Rack environment.

# File 'lib/msf/core/web_services/servlet_helper.rb', line 144

def warden
  env['warden']
end

#warden_options ⇒ Hash

Get Warden options hash from the Rack environment.

Returns:

• (Hash) —

  The Warden options hash from the Rack environment.

# File 'lib/msf/core/web_services/servlet_helper.rb', line 150

def warden_options
  env['warden.options']
end