Open nrathaus opened 3 weeks ago
Hi @nrathaus thanks for all the recent contributions 🚀
I thought I'd add a few things we like to do/see when contributing. It's super helpful for everyone involved if contributors follow the pull request template. Just a brief description of what the changes are and why they were needed, replication and verification steps for the testing you completed when verifying the change.
This is will help us work towards making sure all bases are covered in terms of testing path, and with the project being a long running open source project, it is also super helpful for future traveler's when changes are well documented with a good paper trail to reference back to.
Isn't linking to the original Issue sufficient here? @cgranleese-r7
@cgranleese-r7 how can I get the modules_metadata updated with the privileged attribute?
Is there a way to populate the JSON file?
Isn't linking to the original Issue sufficient here? @cgranleese-r7
No, due to the points I have listed above it is much more beneficial to make use of our template.
@cgranleese-r7 how can I get the modules_metadata updated with the privileged attribute? Is there a way to populate the JSON file?
If I'm understanding what you're asking, I believe that will be done automatically once the PR is merged.
@cgranleese-r7 The 'privileged' field information is read from the modules_metadata.json
file that is either the version under ~/.msf4/store/
or the one shipped with the metasploit db/modules_metadata_base.json
Thanks for the PR! I think the code changes in isolation are good, but I think the privileged
metadata that's exposed on our datamodel is ambiguous in its definition. It looks like it can mean one of two things:
#
# Returns whether or not the module requires or grants high privileges.
#
def privileged?
privileged == true
end
Because of this ambiguity in definition, i.e. the module either requiring or granting privileges, I'm not sure if exposing these values to the user is beneficial in its current state
I'm wondering if we might need to do some pre-requisite work to split this one value into two? i.e. privileges_required
and grants_privileges
or something? That might be useful so users could search for exactly what they want 🤔
We need to decide if we add support (non-ambiguous, or ambiguous privileged) or we don't
Then we need to decide non-ambiguous/ambiguous way
Resolves https://github.com/rapid7/metasploit-framework/issues/18990