Retest with connection pool changes

Gemfile

@@ -35,7 +35,7 @@ group :development, :test do
   gem 'rake'
   # Define `rake spec`.  Must be in development AND test so that its available by default as a rake test when the
   # environment is development
-  gem 'rspec-rails'
+  gem 'rspec-rails', '~> 7.0'
   gem 'rspec-rerun'
   # Required during CI as well local development
   gem 'rubocop'

Gemfile.lock

@@ -4,9 +4,9 @@ PATH
     metasploit-framework (6.4.37)
       aarch64
       abbrev
-      actionpack (~> 7.0.0)
-      activerecord (~> 7.0.0)
-      activesupport (~> 7.0.0)
+      actionpack (~> 7.1.0)
+      activerecord (~> 7.1.0)
+      activesupport (~> 7.1.0)
       aws-sdk-ec2
       aws-sdk-ec2instanceconnect
       aws-sdk-iam
@@ -95,7 +95,7 @@ PATH
       ruby_smb (~> 3.3.3)
       rubyntlm
       rubyzip
-      sinatra
+      sinatra (~> 3)
       sqlite3 (= 1.7.3)
       sshkey
       swagger-blocks
@@ -118,28 +118,40 @@ GEM
     aarch64 (2.1.0)
       racc (~> 1.6)
     abbrev (0.1.2)
-    actionpack (7.0.8.6)
-      actionview (= 7.0.8.6)
-      activesupport (= 7.0.8.6)
-      rack (~> 2.0, >= 2.2.4)
+    actionpack (7.1.5)
+      actionview (= 7.1.5)
+      activesupport (= 7.1.5)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.8.6)
-      activesupport (= 7.0.8.6)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actionview (7.1.5)
+      activesupport (= 7.1.5)
       builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activemodel (7.0.8.6)
-      activesupport (= 7.0.8.6)
-    activerecord (7.0.8.6)
-      activemodel (= 7.0.8.6)
-      activesupport (= 7.0.8.6)
-    activesupport (7.0.8.6)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activemodel (7.1.5)
+      activesupport (= 7.1.5)
+    activerecord (7.1.5)
+      activemodel (= 7.1.5)
+      activesupport (= 7.1.5)
+      timeout (>= 0.4.0)
+    activesupport (7.1.5)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
+      mutex_m
+      securerandom (>= 0.3)
       tzinfo (~> 2.0)
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
@@ -186,6 +198,7 @@ GEM
     base64 (0.2.0)
     bcrypt (3.1.20)
     bcrypt_pbkdf (1.1.1)
+    benchmark (0.4.0)
     bigdecimal (3.1.8)
     bindata (2.4.15)
     bootsnap (1.18.4)
@@ -196,6 +209,7 @@ GEM
     chunky_png (1.4.0)
     coderay (1.1.3)
     concurrent-ruby (1.3.4)
+    connection_pool (2.4.1)
     cookiejar (0.3.4)
     crass (1.0.6)
     csv (3.3.0)
@@ -380,22 +394,28 @@ GEM
     rack-protection (3.2.0)
       base64 (>= 0.1.0)
       rack (~> 2.2, >= 2.2.4)
+    rack-session (1.0.2)
+      rack (< 3)
     rack-test (2.1.0)
       rack (>= 1.3)
+    rackup (1.0.1)
+      rack (< 3)
+      webrick
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.0.8.6)
-      actionpack (= 7.0.8.6)
-      activesupport (= 7.0.8.6)
-      method_source
+    railties (7.1.5)
+      actionpack (= 7.1.5)
+      activesupport (= 7.1.5)
+      irb
+      rackup (>= 1.0.0)
       rake (>= 12.2)
-      thor (~> 1.0)
-      zeitwerk (~> 2.5)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
     rainbow (3.1.1)
     rake (13.2.1)
     rasn1 (0.13.0)
@@ -405,7 +425,7 @@ GEM
       nokogiri
     redcarpet (3.6.0)
     regexp_parser (2.9.2)
-    reline (0.5.10)
+    reline (0.5.11)
       io-console (~> 0.5)
     require_all (3.0.0)
     rex-arch (0.1.16)
@@ -470,7 +490,7 @@ GEM
     rspec-mocks (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-rails (7.0.1)
+    rspec-rails (7.1.0)
       actionpack (>= 7.0)
       activesupport (>= 7.0)
       railties (>= 7.0)
@@ -511,6 +531,7 @@ GEM
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
+    securerandom (0.3.2)
     simplecov (0.18.2)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -548,7 +569,7 @@ GEM
       macaddr (~> 1.0)
     warden (1.2.9)
       rack (>= 2.0.9)
-    webrick (1.8.2)
+    webrick (1.9.0)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -586,7 +607,7 @@ DEPENDENCIES
   pry-byebug
   rake
   redcarpet
-  rspec-rails
+  rspec-rails (~> 7.0)
   rspec-rerun
   rubocop
   ruby-prof (= 1.4.2)

config/README.md

@@ -1,3 +1,12 @@
+# Metasploit Framework Config Folder
+
 Contains various files that help configure Metasploit. Most files here you'll never have to deal with, though
 `database.yml.example` might be useful for those looking to configure their database, and `openssl.conf`
-might be helpful for those trying to troubleshoot OpenSSL issues in Metasploit.
+might be helpful for those trying to troubleshoot OpenSSL issues in Metasploit.
+
+> [!IMPORTANT]
+> Because the behavior of Ruby on Rails changes between versions,
+> and code needs to be considered thread-safe when dealing with Ruby on Rails,
+> we ensure that the `reconnect: true` property is configured for our database
+> connection. This allows the console/framework to reconnect when a thread messes
+> up the connection pool.

config/application.rb

@@ -37,22 +37,53 @@ module Framework
     class Application < Rails::Application
       include Metasploit::Framework::CommonEngine
 
-      config.paths['log']             = "#{Msf::Config.log_directory}/#{Rails.env}.log"
+      config.paths['log'] = "#{Msf::Config.log_directory}/#{Rails.env}.log"
       config.paths['config/database'] = [Metasploit::Framework::Database.configurations_pathname.try(:to_path)]
+
       config.autoloader = :zeitwerk
 
-      case Rails.env
-      when "development"
-        config.eager_load = false
-      when "test"
-        config.eager_load = false
-      when "production"
-        config.eager_load = false
-      end
+      # Load the Rails 7.1 defaults.
+      config.load_defaults 7.1
+
+      # The cache behavior changed with Rails 7.1, and requires the desired version to be set.
+      config.active_support.cache_format_version = 7.1
+
+      # Timezone shenanigans
+      config.time_zone = 'UTC'
+
+      if config.respond_to?(:active_record)
+        # The default column serializer was YAML prior to Rails 7.1
+        config.active_record.default_column_serializer = ::YAML
+
+        # Timezone settings
+        config.active_record.default_timezone = :utc
 
-      if ActiveRecord.respond_to?(:legacy_connection_handling=)
-        ActiveRecord.legacy_connection_handling = false
+        # Partials inserts are disabled by default in Rails 7
+        # This only writes attributes that changed.
+        config.active_record.partial_inserts = true
+
+        # Foreign Key Validation - Belongs-to
+        # Was not enabled by default
+        config.active_record.belongs_to_required_validates_foreign_key = true
+
+        # This behavior changed in 7.1
+        config.active_record.commit_transaction_on_non_local_return = false
+
+        # Originally allowed but silently ignored, raises in 7.1
+        config.active_record.raise_on_assign_to_attr_readonly = false
+
+        # Rails originally ran the callbacks on the first commit change.
+        # In Rails 7.1 this is done on all models, so we need to retain the behavior for now.
+        config.active_record.run_commit_callbacks_on_first_saved_instances_in_transaction = true
+
+        # Rails 7.1 will execute after commit callbacks in order they are defined.
+        # Originally it was in reverse order.
+        config.active_record.run_after_transaction_callbacks_in_order_defined = false
       end
+
+      # We never eager load files.
+      config.eager_load = false
+      config.enable_reloading = ::Rails.env.test?
     end
   end
 end

config/database.yml.example

@@ -5,14 +5,16 @@
 # managing your database, which may be more convenient than rolling your own.
 
 development: &pgsql
+  allow_concurrency: true
   adapter: postgresql
   database: metasploit_framework_development
   username: metasploit_framework_development
   password: __________________________________
   host: localhost
   port: 5432
-  pool: 200
+  pool: 10
   timeout: 5
+  reconnect: true
 
 # You will often want to seperate your databases between dev
 # mode and prod mode. Absent a production db, though, defaulting

config/database.yml.github_actions

@@ -7,13 +7,16 @@
 #   # update password fields for each environment's user
 
 development: &pgsql
+  allow_concurrency: true
   adapter: postgresql
   database: metasploit_framework_development
+  port: 5432
   host: localhost
   username: postgres
   password: postgres
-  pool: 25
+  pool: 10
   timeout: 5
+  reconnect: true
 
 # Warning: The database defined as "test" will be erased and
 # re-generated from your development database when you run "rake".

config/database.yml.vagrant

@@ -1,12 +1,14 @@
 development: &pgsql
+  allow_concurrency: true
   adapter: postgresql
   database: msf_dev_db
   username: vagrant
   password: vagrant
   host: localhost
   port: 5432
-  pool: 200
+  pool: 10
   timeout: 5
+  reconnect: true
 
 production: &production
   <<: *pgsql

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2022_12_09_005658) do
+ActiveRecord::Schema[7.1].define(version: 2022_12_09_005658) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 

docker-compose.override.yml

@@ -7,6 +7,6 @@ services:
         BUNDLER_ARGS: --jobs=8
     image: metasploit:dev
     environment:
-      DATABASE_URL: postgres://postgres@db:5432/msf_dev?pool=200&timeout=5
+      DATABASE_URL: postgres://postgres@db:5432/msf_dev?pool=100&timeout=5&reconnect=true&allow_concurrency=true
     volumes:
       - .:/usr/src/metasploit-framework

docker-compose.yml

@@ -2,7 +2,7 @@ services:
   ms:
     image: metasploitframework/metasploit-framework:latest
     environment:
-      DATABASE_URL: postgres://postgres@db:5432/msf?pool=200&timeout=5
+      DATABASE_URL: postgres://postgres@db:5432/msf?pool=10&timeout=5&reconnect=true&allow_concurrency=true
     links:
       - db
     ports:
@@ -11,7 +11,7 @@ services:
       - $HOME/.msf4:/home/msf/.msf4
 
   db:
-    image: postgres:10-alpine
+    image: postgres:14-alpine
     volumes:
       - pg_data:/var/lib/postgresql/data
     environment:

docs/metasploit-framework.wiki/Work-needed-to-allow-msfdb-to-use-postgresql-common.md

@@ -104,7 +104,7 @@ development: &pgsql
   password: Password123
   host: 127.0.0.1
   port: 5433
-  pool: 200
+  pool: 10
 
 production: &production
   <<: *pgsql

lib/metasploit/framework/common_engine.rb

@@ -40,10 +40,6 @@ module Metasploit::Framework::CommonEngine
 
     config.active_support.deprecation = :stderr
 
-    if ActiveRecord.respond_to?(:legacy_connection_handling=)
-      ActiveRecord.legacy_connection_handling = false
-    end
-
     # @see https://github.com/rapid7/metasploit_data_models/blob/54a17149d5ccd0830db742d14c4987b48399ceb7/lib/metasploit_data_models/yaml.rb#L10
     # @see https://github.com/rapid7/metasploit_data_models/blob/54a17149d5ccd0830db742d14c4987b48399ceb7/lib/metasploit_data_models/base64_serializer.rb#L28-L31
     ActiveRecord.yaml_column_permitted_classes = (ActiveRecord.yaml_column_permitted_classes + MetasploitDataModels::YAML::PERMITTED_CLASSES).uniq

lib/metasploit/framework/rails_version_constraint.rb

@@ -3,7 +3,7 @@
 module Metasploit
   module Framework
     module RailsVersionConstraint
-      RAILS_VERSION =  '~> 7.0.0'
+      RAILS_VERSION =  '~> 7.1.0'
     end
   end
 end