Skip to content

Add checkcode details to vuln attempt#226

Merged
adfoster-r7 merged 1 commit intorapid7:masterfrom
adfoster-r7:add-checkcode-details-to-vuln-attempt
Apr 17, 2026
Merged

Add checkcode details to vuln attempt#226
adfoster-r7 merged 1 commit intorapid7:masterfrom
adfoster-r7:add-checkcode-details-to-vuln-attempt

Conversation

@adfoster-r7
Copy link
Copy Markdown
Contributor

@adfoster-r7 adfoster-r7 commented Apr 15, 2026
edited
Loading

Needed by rapid7/metasploit-framework#21307

Add check code details to the VulnAttempt model, so that these can be shown to the user:

msf > vulns -v

Vulnerabilities
===============
  0. Vuln ID: 10
     Timestamp: 2026-04-15 00:05:25 UTC
     Host: 10.140.113.233
     Name: ElasticSearch Snapshot API Directory Traversal
     References: CVE-2015-5531,PACKETSTORM-132721
     Information: Vulnerability confirmed by check of auxiliary/scanner/http/elasticsearch_traversal.
     Resource: {}
     Service:
     Vuln attempts:
     0. ID: 28
        Vuln ID: 10
        Timestamp: 2026-04-15 00:05:25 UTC
        Exploit: false
        Fail reason: none
        Username: foo
        Module: auxiliary/scanner/http/elasticsearch_traversal
        Session ID: nil
        Loot ID: nil
        Fail Detail: nil
        Check Code: appears
        Check Detail: Successfully created snapshot repositories, suggesting the Snapshot API is vulnerable to CVE-2015-5531.

@adfoster-r7 adfoster-r7 requested a review from Copilot April 15, 2026 14:14
Copilot AI reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds persistence support for Metasploit module check results on vulnerability attempts so downstream consumers (e.g., console/UI) can display both the check outcome and its explanatory message.

Changes:

  • Adds check_code (string) and check_detail (text) columns to vuln_attempts.
  • Documents the new attributes on Mdm::VulnAttempt.
  • Updates the dummy app’s structure.sql to reflect the schema change.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
spec/dummy/db/structure.sql Updates dummy DB schema dump to include check_code/check_detail (but also introduces \\restrict/\\unrestrict directives).
db/migrate/20260411000000_add_check_code_to_vuln_attempts.rb Migration adding the two new columns to vuln_attempts.
app/models/mdm/vuln_attempt.rb YARD documentation for the new check_code and check_detail fields.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread db/migrate/20260411000000_add_check_code_to_vuln_attempts.rb
Comment thread spec/dummy/db/structure.sql Outdated
Comment thread spec/dummy/db/structure.sql Outdated
@adfoster-r7 adfoster-r7 force-pushed the add-checkcode-details-to-vuln-attempt branch from 17b1097 to ce77064 Compare April 15, 2026 14:52
@adfoster-r7 adfoster-r7 requested a review from Copilot April 15, 2026 14:54
Copilot AI reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@adfoster-r7 adfoster-r7 merged commit 40c8fdd into rapid7:master Apr 17, 2026
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dwelch-r7 dwelch-r7 dwelch-r7 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adfoster-r7 @dwelch-r7