Rails 7.1 upgrade

Gemfile.lock

@@ -4,9 +4,9 @@ PATH
     metasploit-framework (6.4.57)
       aarch64
       abbrev
-      actionpack (~> 7.0.0)
-      activerecord (~> 7.0.0)
-      activesupport (~> 7.0.0)
+      actionpack (~> 7.1.0)
+      activerecord (~> 7.1.0)
+      activesupport (~> 7.1.0)
       aws-sdk-ec2
       aws-sdk-ec2instanceconnect
       aws-sdk-iam
@@ -46,7 +46,7 @@ PATH
       metasploit-credential
       metasploit-model
       metasploit-payloads (= 2.0.189)
-      metasploit_data_models
+      metasploit_data_models (>= 6.0.7)
       metasploit_payloads-mettle (= 1.0.35)
       mqtt
       msgpack (~> 1.6.0)
@@ -123,28 +123,40 @@ GEM
     aarch64 (2.1.0)
       racc (~> 1.6)
     abbrev (0.1.2)
-    actionpack (7.0.8.7)
-      actionview (= 7.0.8.7)
-      activesupport (= 7.0.8.7)
-      rack (~> 2.0, >= 2.2.4)
+    actionpack (7.1.5.1)
+      actionview (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.8.7)
-      activesupport (= 7.0.8.7)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actionview (7.1.5.1)
+      activesupport (= 7.1.5.1)
       builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activemodel (7.0.8.7)
-      activesupport (= 7.0.8.7)
-    activerecord (7.0.8.7)
-      activemodel (= 7.0.8.7)
-      activesupport (= 7.0.8.7)
-    activesupport (7.0.8.7)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activemodel (7.1.5.1)
+      activesupport (= 7.1.5.1)
+    activerecord (7.1.5.1)
+      activemodel (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
+      timeout (>= 0.4.0)
+    activesupport (7.1.5.1)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
+      mutex_m
+      securerandom (>= 0.3)
       tzinfo (~> 2.0)
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
@@ -202,6 +214,7 @@ GEM
     chunky_png (1.4.0)
     coderay (1.1.3)
     concurrent-ruby (1.3.4)
+    connection_pool (2.5.0)
     cookiejar (0.3.4)
     crass (1.0.6)
     csv (3.3.2)
@@ -391,22 +404,28 @@ GEM
     rack-protection (3.2.0)
       base64 (>= 0.1.0)
       rack (~> 2.2, >= 2.2.4)
+    rack-session (1.0.2)
+      rack (< 3)
     rack-test (2.2.0)
       rack (>= 1.3)
+    rackup (1.0.1)
+      rack (< 3)
+      webrick
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.6.2)
       loofah (~> 2.21)
       nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
-    railties (7.0.8.7)
-      actionpack (= 7.0.8.7)
-      activesupport (= 7.0.8.7)
-      method_source
+    railties (7.1.5.1)
+      actionpack (= 7.1.5.1)
+      activesupport (= 7.1.5.1)
+      irb
+      rackup (>= 1.0.0)
       rake (>= 12.2)
-      thor (~> 1.0)
-      zeitwerk (~> 2.5)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
     rainbow (3.1.1)
     rake (13.2.1)
     rasn1 (0.14.0)
@@ -527,6 +546,7 @@ GEM
     sawyer (0.9.2)
       addressable (>= 2.3.5)
       faraday (>= 0.17.3, < 3)
+    securerandom (0.4.1)
     simplecov (0.18.2)
       docile (~> 1.1)
       simplecov-html (~> 0.11)

config/application.rb

@@ -41,18 +41,9 @@ class Application < Rails::Application
       config.paths['config/database'] = [Metasploit::Framework::Database.configurations_pathname.try(:to_path)]
       config.autoloader = :zeitwerk
 
-      case Rails.env
-      when "development"
-        config.eager_load = false
-      when "test"
-        config.eager_load = false
-      when "production"
-        config.eager_load = false
-      end
-
-      if ActiveRecord.respond_to?(:legacy_connection_handling=)
-        ActiveRecord.legacy_connection_handling = false
-      end
+      config.load_defaults 7.1
+
+      config.eager_load = false
     end
   end
 end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2025_02_04_172657) do
+ActiveRecord::Schema[7.1].define(version: 2025_02_04_172657) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 

lib/metasploit/framework/common_engine.rb

@@ -40,10 +40,6 @@ module Metasploit::Framework::CommonEngine
 
     config.active_support.deprecation = :stderr
 
-    if ActiveRecord.respond_to?(:legacy_connection_handling=)
-      ActiveRecord.legacy_connection_handling = false
-    end
-
     # @see https://github.com/rapid7/metasploit_data_models/blob/54a17149d5ccd0830db742d14c4987b48399ceb7/lib/metasploit_data_models/yaml.rb#L10
     # @see https://github.com/rapid7/metasploit_data_models/blob/54a17149d5ccd0830db742d14c4987b48399ceb7/lib/metasploit_data_models/base64_serializer.rb#L28-L31
     ActiveRecord.yaml_column_permitted_classes = (ActiveRecord.yaml_column_permitted_classes + MetasploitDataModels::YAML::PERMITTED_CLASSES).uniq

lib/metasploit/framework/rails_version_constraint.rb

@@ -3,7 +3,7 @@
 module Metasploit
   module Framework
     module RailsVersionConstraint
-      RAILS_VERSION =  '~> 7.0.0'
+      RAILS_VERSION = '~> 7.1.0'
     end
   end
 end

lib/msf/core/db_manager/connection.rb

@@ -116,9 +116,11 @@ def create_db(opts)
   def connection_established?
     begin
       # use with_connection so the connection doesn't stay pinned to the thread.
-      ApplicationRecord.connection_pool.with_connection {
-        ApplicationRecord.connection.active?
-      }
+      ApplicationRecord.connection_pool.with_connection do
+        # There's a bug in Rails 7.1 where ApplicationRecord.connection.active? returns false even though we can get a connection
+        # calling `verify!` instead will ensure we are connected even if `active?` incorrectly returns false
+        ApplicationRecord.connection.verify!
+      end
     rescue ActiveRecord::ConnectionNotEstablished, PG::ConnectionBad => error
       false
     end

lib/msf/core/db_manager/migration.rb

@@ -69,11 +69,6 @@ def with_migration_context
     yield ActiveRecord::MigrationContext.new(gather_engine_migration_paths)
   end
 
-  # @return [ActiveRecord::MigrationContext]
-  def default_migration_context
-    ActiveRecord::MigrationContext.new(gather_engine_migration_paths, ActiveRecord::SchemaMigration)
-  end
-
   # Loads gathers migration paths from all loaded Rails engines.
   #
   # @return Array[String]

lib/msf/core/thread_manager.rb

@@ -111,16 +111,6 @@ def spawn(name, crit, *args, &block)
               error: e
           )
           raise e
-        ensure
-          if framework.db && framework.db.active && framework.db.is_local?
-            # NOTE: despite the Deprecation Warning's advice, this should *NOT*
-            # be ApplicationRecord.connection.close which causes unrelated
-            # threads to raise ActiveRecord::StatementInvalid exceptions at
-            # some point in the future, presumably due to the pool manager
-            # believing that the connection is still usable and handing it out
-            # to another thread.
-            ::ApplicationRecord.connection_pool.release_connection
-          end
         end
       end
     else

metasploit-framework.gemspec

@@ -69,7 +69,7 @@ Gem::Specification.new do |spec|
   # Metasploit::Credential database models
   spec.add_runtime_dependency 'metasploit-credential'
   # Database models shared between framework and Pro.
-  spec.add_runtime_dependency 'metasploit_data_models'
+  spec.add_runtime_dependency 'metasploit_data_models', '>= 6.0.7'
   # Things that would normally be part of the database model, but which
   # are needed when there's no database
   spec.add_runtime_dependency 'metasploit-model'

spec/allure_config.rb

@@ -1,4 +1,6 @@
 require "allure-rspec"
+require "active_support"
+require "active_support/core_ext/object"
 
 AllureRspec.configure do |config|
   config.results_directory = "tmp/allure-raw-data"