1
# -*- coding: binary -*-
2

3
###
4
#
5
# A reference to some sort of information.  This is typically a URL, but could
6
# be any type of referential value that people could use to research a topic.
7
#
8
###
9
class Msf::Module::Reference
10

11
  #
12
  # Serialize a reference from a string.
13
  #
14
  def self.from_s(str)
15
    return self.new(str)
16
  end
17

18
  #
19
  # Initializes a reference from a string.
20
  #
21
  def initialize(in_str)
22
    self.str = in_str
23
  end
24

25
  #
26
  # Compares references to see if they're equal.
27
  #
28
  def ==(tgt)
29
    return (tgt.to_s == to_s)
30
  end
31

32
  #
33
  # Returns the reference as a string.
34
  #
35
  def to_s
36
    return self.str
37
  end
38

39
  #
40
  # Serializes the reference instance from a string.
41
  #
42
  def from_s(in_str)
43
    self.str = in_str
44
  end
45

46
  #
47
  # The reference string.
48
  #
49
  attr_reader :str
50

51
protected
52

53
  attr_writer :str # :nodoc:
54

55
end
56

57
###
58
#
59
# A reference to a website.
60
#
61
###
62
class Msf::Module::SiteReference < Msf::Module::Reference
63

64
  #
65
  # Class method that translates a URL into a site reference instance.
66
  #
67
  def self.from_s(str)
68
    instance = self.new
69

70
    if (instance.from_s(str) == false)
71
      return nil
72
    end
73

74
    return instance
75
  end
76

77
  #
78
  # Initializes a site reference from an array.  ary[0] is the site and
79
  # ary[1] is the site context identifier, such as CVE.
80
  # ary[2] is optional and can be used for additional context (e.g., repo for GHSA)
81
  #
82
  def self.from_a(ary)
83
    return nil if (ary.length < 2)
84
    # Reject if first element is an array (nested array structure)
85
    return nil if ary[0].kind_of?(Array)
86

87
    self.new(ary[0], ary[1], ary[2])
88
  end
89

90
  #
91
  # Initialize the site reference.
92
  # If you're updating the references, please also update:
93
  # * tools/module_reference.rb
94
  # * https://docs.metasploit.com/docs/development/developing-modules/module-metadata/module-reference-identifiers.html
95
  #
96
  def initialize(in_ctx_id = 'Unknown', in_ctx_val = '', in_ctx_repo = nil)
97
    # Ensure ctx_id and ctx_val are strings (handle constants like ATT&CK techniques)
98
    in_ctx_id = in_ctx_id.to_s if in_ctx_id.respond_to?(:to_s) && !in_ctx_id.is_a?(String)
99
    in_ctx_val = in_ctx_val.to_s if in_ctx_val.respond_to?(:to_s) && !in_ctx_val.is_a?(String)
100
    
101
    self.ctx_id  = in_ctx_id
102
    self.ctx_val = in_ctx_val
103
    self.ctx_repo = in_ctx_repo
104

105
    if in_ctx_id == 'CVE'
106
      self.site = "https://nvd.nist.gov/vuln/detail/CVE-#{in_ctx_val}"
107
    elsif in_ctx_id == 'CWE'
108
      self.site = "https://cwe.mitre.org/data/definitions/#{in_ctx_val}.html"
109
    elsif in_ctx_id == 'BID'
110
      self.site = "http://www.securityfocus.com/bid/#{in_ctx_val}"
111
    elsif in_ctx_id == 'MSB'
112
      year = in_ctx_val[2..3]
113
      century = year[0] == '9' ? '19' : '20'
114
      self.site = "https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/#{century}#{year}/#{in_ctx_val}"
115
    elsif in_ctx_id == 'EDB'
116
      self.site = "https://www.exploit-db.com/exploits/#{in_ctx_val}"
117
    elsif in_ctx_id == 'US-CERT-VU'
118
      self.site = "https://www.kb.cert.org/vuls/id/#{in_ctx_val}"
119
    elsif in_ctx_id == 'ZDI'
120
      self.site = "http://www.zerodayinitiative.com/advisories/ZDI-#{in_ctx_val}"
121
    elsif in_ctx_id == 'WPVDB'
122
      self.site = "https://wpscan.com/vulnerability/#{in_ctx_val}"
123
    elsif in_ctx_id == 'PACKETSTORM'
124
      self.site = "https://packetstormsecurity.com/files/#{in_ctx_val}"
125
    elsif in_ctx_id == 'GHSA'
126
      # Handle both formats: with or without GHSA- prefix
127
      ghsa_id = in_ctx_val.start_with?('GHSA-') ? in_ctx_val : "GHSA-#{in_ctx_val}"
128
      # Use repo-specific URL if repo is provided, otherwise use global format
129
      if in_ctx_repo && !in_ctx_repo.empty?
130
        self.site = "https://github.com/#{in_ctx_repo}/security/advisories/#{ghsa_id}"
131
      else
132
        self.site = "https://github.com/advisories/#{ghsa_id}"
133
      end
134
    elsif in_ctx_id == 'OSV'
135
      self.site = "https://osv.dev/vulnerability/#{in_ctx_val}"
136
    elsif in_ctx_id == 'URL'
137
      self.site = in_ctx_val.to_s
138
    elsif in_ctx_id == 'LOGO'
139
      self.site = "Logo: #{in_ctx_val}"
140
    elsif in_ctx_id == 'SOUNDTRACK'
141
      self.site = "Soundtrack: #{in_ctx_val}"
142
    elsif in_ctx_id == 'ATT&CK'
143
      match = in_ctx_val.match(/\A(?<category>[A-Z]+)(?<id>[\d.]+)\z/)
144
      path = Msf::Mitre::Attack::Categories::PATHS[match[:category]]
145
      id_path = match[:id].gsub('.', '/')
146
      self.site = "https://attack.mitre.org/#{path}/#{match[:category]}#{id_path}/"
147
    else
148
      self.site  = in_ctx_id
149
      self.site += " (#{in_ctx_val})" if (in_ctx_val)
150
    end
151
  end
152

153
  #
154
  # Returns the absolute site URL.
155
  #
156
  def to_s
157
    return site || ''
158
  end
159

160
  #
161
  # Serializes a site URL string.
162
  #
163
  def from_s(str)
164
    if (/(http:\/\/|https:\/\/|ftp:\/\/)/.match(str))
165
      self.site = str
166
      self.ctx_id  = 'URL'
167
      self.ctx_val = self.site
168
    else
169
      return false
170
    end
171

172
    return true
173
  end
174

175
  #
176
  # The site being referenced.
177
  #
178
  attr_reader :site
179
  #
180
  # The context identifier of the site, such as CVE.
181
  #
182
  attr_reader :ctx_id
183
  #
184
  # The context value of the reference, such as MS02-039
185
  #
186
  attr_reader :ctx_val
187
  #
188
  # The context repository for GHSA references (optional)
189
  #
190
  attr_reader :ctx_repo
191

192
protected
193

194
  attr_writer :site, :ctx_id, :ctx_val, :ctx_repo
195

196
end
197

198