Add support for 'privileged' search

[nrathaus]

Resolves #18990

[cgranleese-r7]

Hi @nrathaus thanks for all the recent contributions 🚀

I thought I'd add a few things we like to do/see when contributing. It's super helpful for everyone involved if contributors follow the pull request template. Just a brief description of what the changes are and why they were needed, replication and verification steps for the testing you completed when verifying the change.

This is will help us work towards making sure all bases are covered in terms of testing path, and with the project being a long running open source project, it is also super helpful for future traveler's when changes are well documented with a good paper trail to reference back to.

[nrathaus]

Isn't linking to the original Issue sufficient here? @cgranleese-r7

[nrathaus]

@cgranleese-r7 how can I get the modules_metadata updated with the privileged attribute?

Is there a way to populate the JSON file?

[cgranleese-r7]

Isn't linking to the original Issue sufficient here? @cgranleese-r7

No, due to the points I have listed above it is much more beneficial to make use of our template.

@cgranleese-r7 how can I get the modules_metadata updated with the privileged attribute?
Is there a way to populate the JSON file?

If I'm understanding what you're asking, I believe that will be done automatically once the PR is merged.

[nrathaus]

@cgranleese-r7 The 'privileged' field information is read from the modules_metadata.json file that is either the version under ~/.msf4/store/ or the one shipped with the metasploit db/modules_metadata_base.json

[adfoster-r7]

Thanks for the PR! I think the code changes in isolation are good, but I think the privileged metadata that's exposed on our datamodel is ambiguous in its definition. It looks like it can mean one of two things:

  #
  # Returns whether or not the module requires or grants high privileges.
  #
  def privileged?
    privileged == true
  end

Because of this ambiguity in definition, i.e. the module either requiring or granting privileges, I'm not sure if exposing these values to the user is beneficial in its current state

I'm wondering if we might need to do some pre-requisite work to split this one value into two? i.e. privileges_required and grants_privileges or something? That might be useful so users could search for exactly what they want 🤔

[nrathaus]

1. We need to decide if we add support (non-ambiguous, or ambiguous privileged) or we don't

2. Then we need to decide non-ambiguous/ambiguous way

[github-actions]

Thanks for your contribution to Metasploit Framework! We've looked at this pull request, and we agree that it seems like a good addition to Metasploit, but it looks like it is not quite ready to land. We've labeled it attic and closed it for now.

What does this generally mean? It could be one or more of several things:

• It doesn't look like there has been any activity on this pull request in a while
• We may not have the proper access or equipment to test this pull request, or the contributor doesn't have time to work on it right now.
• Sometimes the implementation isn't quite right and a different approach is necessary.

We would love to land this pull request when it's ready. If you have a chance to address all comments, we would be happy to reopen and discuss how to merge this!