From e6aa840e64603569ba5646d170b937d023cdc151 Mon Sep 17 00:00:00 2001
From: dwelch-r7 <dean_welch@rapid7.com>
Date: Wed, 11 Mar 2020 12:56:22 +0000
Subject: [PATCH] Store results as json to prevent keeping references around

---
 lib/msf/base/simple/auxiliary.rb              |  4 +--
 lib/msf/base/simple/exploit.rb                |  4 +--
 .../core/rpc/v10/rpc_job_status_tracker.rb    | 28 ++++++++++++-------
 3 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/lib/msf/base/simple/auxiliary.rb b/lib/msf/base/simple/auxiliary.rb
index a32fc0c982..5b01bf326f 100644
--- a/lib/msf/base/simple/auxiliary.rb
+++ b/lib/msf/base/simple/auxiliary.rb
@@ -172,9 +172,9 @@ protected
         mod.setup
         mod.framework.events.on_module_run(mod)
         result = block.call(mod)
-        job_status_tracker.completed(run_uuid, result)
+        job_status_tracker.completed(run_uuid, result, mod)
       rescue ::Exception => e
-        job_status_tracker.failed(run_uuid, e)
+        job_status_tracker.failed(run_uuid, e, mod)
         raise
       end
     rescue Msf::Auxiliary::Complete
diff --git a/lib/msf/base/simple/exploit.rb b/lib/msf/base/simple/exploit.rb
index ac8807eef3..d660f1fb06 100644
--- a/lib/msf/base/simple/exploit.rb
+++ b/lib/msf/base/simple/exploit.rb
@@ -223,9 +223,9 @@ module Exploit
       job_status_tracker.start run_uuid
       mod.setup
       result = mod.has_check? ? mod.check : Msf::Exploit::CheckCode::Unsupported
-      job_status_tracker.completed(run_uuid, result)
+      job_status_tracker.completed(run_uuid, result, mod)
     rescue => e
-      job_status_tracker.failed(run_uuid, e)
+      job_status_tracker.failed(run_uuid, e, mod)
       mod.handle_exception e
     end
 
diff --git a/lib/msf/core/rpc/v10/rpc_job_status_tracker.rb b/lib/msf/core/rpc/v10/rpc_job_status_tracker.rb
index 7d1cb27622..17c2580ea9 100644
--- a/lib/msf/core/rpc/v10/rpc_job_status_tracker.rb
+++ b/lib/msf/core/rpc/v10/rpc_job_status_tracker.rb
@@ -20,12 +20,12 @@ class RpcJobStatusTracker
     ready.delete(id)
   end
 
-  def completed(id, result, ttl=nil)
-    add_result(id, {result: result}, ttl)
+  def completed(id, result, mod, ttl=nil)
+    add_result(id, {result: result}, mod, ttl)
   end
 
-  def failed(id, error, ttl=nil)
-    add_result( id,{error: error.to_s}, ttl)
+  def failed(id, error, mod, ttl=nil)
+    add_result( id,{error: error.to_s}, mod, ttl)
   end
 
   def running?(id)
@@ -41,7 +41,10 @@ class RpcJobStatusTracker
   end
 
   def result(id)
-    results.fetch(id)
+    result = results.fetch(id)
+    return unless result
+
+    JSON.parse(result).with_indifferent_access
   end
 
   def delete(id)
@@ -60,26 +63,31 @@ class RpcJobStatusTracker
     running.to_a
   end
 
+  def data
+    results.data
+  end
+
   alias :ack :delete
 
   private
 
-  def add_result(id, result, ttl=nil)
+  def add_result(id, result, mod, ttl=nil)
     begin
       # ttl of nil means it will take the default expiry time
-      results.write(id, result, ttl)
+      string = result.to_json
+      results.write(id, string, ttl)
     rescue Exception => e
       wlog("Job with id: #{id} finished but the result could not be stored")
       wlog("#{e.class}, #{e.message}")
-      add_fallback_result(id, ttl)
+      add_fallback_result(id, mod, ttl)
     ensure
       running.delete(id)
     end
   end
 
-  def add_fallback_result(id, ttl)
+  def add_fallback_result(id, mod, ttl)
     begin
-      results.write(id, {unexpected_error: 'Job finished but the result could not be stored'}, ttl)
+      results.write(id, {error: { message: 'Job finished but the result could not be stored'}, data: { mod: mod.fullname }}, ttl)
     rescue Exception => e
       wlog("Job with id: #{id} fallback result failed to be stored")
       wlog("#{e.class}, #{e.message}")