Fixed ARE REST rule lookups

[Squigilum]

Pull Request

Category

e.g. Bug, Module, Extension, Core Functionality, Documentation, Tests
Bug

Feature/Issue Description

Q: Please give a brief summary of your feature/fix
A: This fixes the issues reported in the ARE REST API described in issue #2019

Q: Give a technical rundown of what you have changed (if applicable)
A: In commit 0574bdf, the autorun engine models were moved from core/main/autorun_engine/models to core/main/models. However the code for the ARE REST API that iterates through the rules was not updated to reflect this. This will cause an exception if the REST API is used to list/delete rules. This commit updates the three places where a rule access was performed during list/delete API calls to reflect the restructured code.

Test Cases

Q: Describe your test cases, what you have covered and if there are any use cases that still need addressing.
A: This can be tested with the curl commands provided in the ARE REST API documentation, e.g. curl http://<BeEF IP>:3000/api/autorun/rule/list/all?token=<token>

Wiki Page

If you are adding a new feature that is not easily understood without context, please draft a section to be added to the Wiki below.
N/A

[bcoles]

Thanks. This fixes the REST API.

There's probably some more instances that need to be reviewed.

# grep -rn BeEF::Core::AutorunEngine:: core/
core/main/network_stack/websocket/websocket.rb:122:                      BeEF::Core::AutorunEngine::Engine.instance.run(hooked_browser.id, browser_name, browser_version, os_name, os_version)
core/main/rest/handlers/autorun_engine.rb:28:            rloader = BeEF::Core::AutorunEngine::RuleLoader.instance
core/main/rest/handlers/autorun_engine.rb:57:            are = BeEF::Core::AutorunEngine::Engine.instance
core/main/handlers/browserdetails.rb:525:            BeEF::Core::AutorunEngine::Engine.instance.run(zombie.id, browser_name, browser_version, os_name, os_version)
core/main/autorun_engine/engine.rb:28:        # stored in the BeEF::Core::AutorunEngine::Models::Rule database table
core/main/autorun_engine/engine.rb:31:          are = BeEF::Core::AutorunEngine::Engine.instance
core/main/autorun_engine/rule_loader.rb:34:            parser_result = BeEF::Core::AutorunEngine::Parser.instance.parse(

[bcoles]

This looks good to me.

I notice you've replaced with get with find (find is also used elsewhere in this file).

I think get is more appropriate. Also not sure if find allows filtering/queries which may leas to SQL injection. Not much of an issue considered it's an authenticated request.

@jcrew99 can you review?

[jcrew99]

Awesome work, I will be able to review tomorrow. Great pull request!

[wheatley]

@jcrew99 - I can review this PR if you need me

[wheatley]

closing as this PR is stale, reopen if it's required to merge.

[bcoles]

Thanks for the PR. I'm not sure why it was not merged.