2014-08-15 00:20:19 +08:00
|
|
|
# This list was intially created by analyzing the last three months (51
|
|
|
|
|
# modules) committed to Metasploit Framework. Many, many older modules
|
|
|
|
|
# will have offenses, but this should at least provide a baseline for
|
|
|
|
|
# new modules.
|
|
|
|
|
#
|
|
|
|
|
# Updates to this file should include a 'Description' parameter for any
|
|
|
|
|
# explaination needed.
|
|
|
|
|
|
|
|
|
|
# inherit_from: .rubocop_todo.yml
|
|
|
|
|
|
2017-08-02 19:18:02 +08:00
|
|
|
AllCops:
|
2019-03-06 11:01:33 +08:00
|
|
|
TargetRubyVersion: 2.4
|
2017-08-02 19:18:02 +08:00
|
|
|
|
2014-11-12 05:06:43 +08:00
|
|
|
Metrics/ClassLength:
|
2014-08-15 00:20:19 +08:00
|
|
|
Description: 'Most Metasploit modules are quite large. This is ok.'
|
|
|
|
|
Enabled: true
|
|
|
|
|
Exclude:
|
|
|
|
|
- 'modules/**/*'
|
|
|
|
|
|
2018-05-07 01:00:37 +08:00
|
|
|
Style/ClassAndModuleChildren:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'Forced nesting is harmful for grepping and general code comprehension'
|
|
|
|
|
|
2017-07-24 21:15:35 +08:00
|
|
|
Metrics/AbcSize:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This is often a red-herring'
|
|
|
|
|
|
|
|
|
|
Metrics/CyclomaticComplexity:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This is often a red-herring'
|
|
|
|
|
|
|
|
|
|
Metrics/PerceivedComplexity:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This is often a red-herring'
|
|
|
|
|
|
2018-05-01 07:40:07 +08:00
|
|
|
Style/TernaryParentheses:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This outright produces bugs'
|
|
|
|
|
|
2017-07-24 21:15:35 +08:00
|
|
|
Style/FrozenStringLiteralComment:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'We cannot support this yet without a lot of things breaking'
|
|
|
|
|
|
2017-08-14 11:29:29 +08:00
|
|
|
Style/RedundantReturn:
|
|
|
|
|
Description: 'This often looks weird when mixed with actual returns, and hurts nothing'
|
|
|
|
|
Enabled: false
|
|
|
|
|
|
2019-03-09 00:20:10 +08:00
|
|
|
Naming/VariableNumber:
|
|
|
|
|
Description: 'To make it easier to use reference code, disable this cop'
|
|
|
|
|
Enabled: false
|
|
|
|
|
|
2018-05-07 01:00:37 +08:00
|
|
|
Style/NumericPredicate:
|
|
|
|
|
Description: 'This adds no efficiency nor space saving'
|
|
|
|
|
Enabled: false
|
|
|
|
|
|
2014-08-15 00:20:19 +08:00
|
|
|
Style/Documentation:
|
|
|
|
|
Enabled: true
|
|
|
|
|
Description: 'Most Metasploit modules do not have class documentation.'
|
|
|
|
|
Exclude:
|
|
|
|
|
- 'modules/**/*'
|
|
|
|
|
|
2019-03-09 00:20:10 +08:00
|
|
|
Layout/SpaceInsideArrayLiteralBrackets:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'Almost all module metadata have space in brackets'
|
|
|
|
|
|
2017-08-02 03:44:22 +08:00
|
|
|
Style/GuardClause:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This often introduces bugs in tested code'
|
|
|
|
|
|
2019-03-09 00:20:10 +08:00
|
|
|
Style/EmptyLiteral:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This looks awkward when you mix empty and non-empty literals'
|
|
|
|
|
|
2017-08-03 13:26:04 +08:00
|
|
|
Style/NegatedIf:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This often introduces bugs in tested code'
|
|
|
|
|
|
2017-08-02 04:19:13 +08:00
|
|
|
Style/ConditionalAssignment:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This is confusing for folks coming from other languages'
|
|
|
|
|
|
2014-08-15 00:20:19 +08:00
|
|
|
Style/Encoding:
|
|
|
|
|
Description: 'We prefer binary to UTF-8.'
|
2019-03-09 00:20:10 +08:00
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
|
|
Style/ParenthesesAroundCondition:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This is used in too many places to discount, especially in ported code. Has little effect'
|
|
|
|
|
|
|
|
|
|
Style/TrailingCommaInArrayLiteral:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This is often a useful pattern, and is actually required by other languages. It does not hurt.'
|
2014-08-15 00:20:19 +08:00
|
|
|
|
2014-11-12 05:06:43 +08:00
|
|
|
Metrics/LineLength:
|
2014-08-15 00:20:19 +08:00
|
|
|
Description: >-
|
|
|
|
|
Metasploit modules often pattern match against very
|
|
|
|
|
long strings when identifying targets.
|
|
|
|
|
Enabled: true
|
|
|
|
|
Max: 180
|
|
|
|
|
|
2019-03-09 00:20:10 +08:00
|
|
|
Metrics/BlockLength:
|
|
|
|
|
Enabled: true
|
|
|
|
|
Description: >-
|
|
|
|
|
While the style guide suggests 10 lines, exploit definitions
|
|
|
|
|
often exceed 200 lines.
|
|
|
|
|
Max: 300
|
|
|
|
|
|
2014-11-12 05:06:43 +08:00
|
|
|
Metrics/MethodLength:
|
2014-08-15 00:20:19 +08:00
|
|
|
Enabled: true
|
|
|
|
|
Description: >-
|
|
|
|
|
While the style guide suggests 10 lines, exploit definitions
|
|
|
|
|
often exceed 200 lines.
|
|
|
|
|
Max: 300
|
|
|
|
|
|
2019-12-07 01:36:10 +08:00
|
|
|
Naming/MethodParameterName:
|
2019-03-09 00:20:10 +08:00
|
|
|
Enabled: true
|
|
|
|
|
Description: 'Whoever made this requirement never looked at crypto methods, IV'
|
|
|
|
|
MinNameLength: 2
|
2014-07-22 05:22:15 +08:00
|
|
|
|
2014-11-12 05:06:43 +08:00
|
|
|
# %q() is super useful for long strings split over multiple lines and
|
|
|
|
|
# is very common in module constructors for things like descriptions
|
2019-11-13 15:45:01 +08:00
|
|
|
Style/RedundantPercentQ:
|
2014-11-12 05:06:43 +08:00
|
|
|
Enabled: false
|
|
|
|
|
|
2014-08-15 00:20:19 +08:00
|
|
|
Style/NumericLiterals:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This often hurts readability for exploit-ish code.'
|
|
|
|
|
|
2019-12-07 01:36:10 +08:00
|
|
|
Layout/HashAlignment:
|
2019-03-09 00:20:10 +08:00
|
|
|
Enabled: false
|
|
|
|
|
Description: 'aligning info hashes to match these rules is almost impossible to get right'
|
|
|
|
|
|
|
|
|
|
Layout/EmptyLines:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'these are used to increase readability'
|
|
|
|
|
|
|
|
|
|
Layout/EmptyLinesAroundClassBody:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'these are used to increase readability'
|
|
|
|
|
|
|
|
|
|
Layout/EmptyLinesAroundMethodBody:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'these are used to increase readability'
|
|
|
|
|
|
2019-12-07 01:36:10 +08:00
|
|
|
Layout/ParameterAlignment:
|
2018-03-13 14:46:52 +08:00
|
|
|
Enabled: true
|
|
|
|
|
EnforcedStyle: 'with_fixed_indentation'
|
|
|
|
|
Description: 'initialize method of every module has fixed indentation for Name, Description, etc'
|
2014-08-15 00:20:19 +08:00
|
|
|
|
2019-03-09 00:20:10 +08:00
|
|
|
Style/For:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'if a module is written with a for loop, it cannot always be logically replaced with each'
|
|
|
|
|
|
2014-08-15 00:20:19 +08:00
|
|
|
Style/StringLiterals:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'Single vs double quote fights are largely unproductive.'
|
|
|
|
|
|
|
|
|
|
Style/WordArray:
|
|
|
|
|
Enabled: false
|
2014-07-19 01:26:55 +08:00
|
|
|
Description: 'Metasploit prefers consistent use of []'
|
|
|
|
|
|
2018-05-07 01:00:37 +08:00
|
|
|
Style/IfUnlessModifier:
|
|
|
|
|
Enabled: false
|
|
|
|
|
Description: 'This style might save a couple of lines, but often makes code less clear'
|
|
|
|
|
|
2014-07-19 01:26:55 +08:00
|
|
|
Style/RedundantBegin:
|
|
|
|
|
Exclude:
|
|
|
|
|
# this pattern is very common and somewhat unavoidable
|
|
|
|
|
# def run_host(ip)
|
|
|
|
|
# begin
|
|
|
|
|
# ...
|
|
|
|
|
# rescue ...
|
|
|
|
|
# ...
|
|
|
|
|
# ensure
|
|
|
|
|
# disconnect
|
|
|
|
|
# end
|
|
|
|
|
# end
|
|
|
|
|
- 'modules/**/*'
|
|
|
|
|
|
|
|
|
|
Documentation:
|
|
|
|
|
Exclude:
|
|
|
|
|
- 'modules/**/*'
|
