metasploit-framework/CONTRIBUTING.md

# Contributing to Metasploit

Thanks for your interest in making Metasploit -- and therefore, the
world -- a better place! What you see here in CONTRIBUTING.md is a
bullet-point list of the do's and don'ts of how to make sure *your*
valuable contributions actually make it into Metasploit's master branch.

If you care not to follow these rules, your contribution **will** be
closed (*Road House* style). Sorry!

Incidentally, this is a **short** list. The
[wiki](https://github.com/rapid7/metasploit-framework/wiki) is much more
exhaustive and reveals many mysteries. If you read nothing else, take a
look at the standard [development environment setup
guide](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment)
and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes).

## Code Contributions

* **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide).
* **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages.
* **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`.

### Pull Requests

* *Do* target your pull request to the **master branch**. Not staging, not develop, not release.
* **Do** specify a descriptive title to make searching for your pull request easier.
* **Do** include [console output](https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks), especially for witnessable effects in `msfconsole`.
* **Do** list [verification steps](https://help.github.com/articles/writing-on-github#task-lists) so your code is testable.
* **Don't** leave your pull request description blank.
* **Don't** abandon your pull request. Being responsive helps us land your code faster.

Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940) and [#3043](https://github.com/rapid7/metasploit-framework/pull/3043) are a couple good examples to follow.

#### New Modules

* **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up. Even better would be to set up `msftidy.rb` as a [pre-commit hook](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb).
* **Do** use the [many module mixin APIs](https://dev.metasploit.com/documents/api/). Wheel improvements are welcome; wheel reinventions, not so much.
* **Don't** include more than one module per pull request.

#### Library Code

* **Do** write [RSpec](http://rspec.info/) tests - even the smallest change in library land can thoroughly screw things up.
* **Do** follow [Better Specs](http://betterspecs.org/) - it's like the style guide for specs.
* **Do** write [YARD](http://yardoc.org/) documentation - this makes it easier for people to use your code.
* *Don't* fix a lot of things in one pull request. Small fixes are easier to validate.

#### Bug Fixes

* **Do** include reproduction steps in the form of verification steps.
* **Do** include a link to the corresponding [Redmine](https://dev.metasploit.com/redmine/projects/framework) issue in the format of `SeeRM #1234` in your commit description.

## Bug Reports

* **Do** report vulnerabilities in Rapid7 software to security@rapid7.com.
* **Do** create a Redmine account and report your bug there.
* **Do** write a detailed description of your bug and use a descriptive title.
* **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.
* **Don't** file duplicate reports - search for your bug before filing a new report.
* **Don't** report a bug on GitHub. Use [Redmine](https://dev.metasploit.com/redmine/projects/framework) instead.

Redmine issues [#8762](https://dev.metasploit.com/redmine/issues/8762) and [#8764](https://dev.metasploit.com/redmine/issues/8764) are a couple good examples to follow.

If you need some more guidance, talk to the main body of open
source contributors over on the [Freenode IRC channel](http://webchat.freenode.net/?channels=%23metasploit&uio=d4)
or e-mail us at [metasploit-hackers](https://lists.sourceforge.net/lists/listinfo/metasploit-hackers)
mailing list.

Also, **thank you** for taking the few moments to read this far! You're
already way ahead of the curve, so keep it up!
Link README to CONTRIBUTING 2012-11-07 10:18:58 +08:00			`# Contributing to Metasploit`

Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			`Thanks for your interest in making Metasploit -- and therefore, the`
			`world -- a better place! What you see here in CONTRIBUTING.md is a`
			`bullet-point list of the do's and don'ts of how to make sure your`
			`valuable contributions actually make it into Metasploit's master branch.`
Add new CONTRIBUTING.md 2014-02-25 01:57:38 +08:00
Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			`If you care not to follow these rules, your contribution will be`
			`closed (Road House style). Sorry!`
Add new CONTRIBUTING.md 2014-02-25 01:57:38 +08:00
Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			`Incidentally, this is a short list. The`
			`[wiki](https://github.com/rapid7/metasploit-framework/wiki) is much more`
Add a link to common coding mistakes 2014-03-05 04:06:34 +08:00			`exhaustive and reveals many mysteries. If you read nothing else, take a`
			`look at the standard [development environment setup`
			`guide](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment)`
			`and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes).`
Add new CONTRIBUTING.md 2014-02-25 01:57:38 +08:00
			`## Code Contributions`

Add missing period 2014-03-04 16:42:13 +08:00			`* Do stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide).`
Add note about the 50/72 rule 2014-03-05 02:46:42 +08:00			`* Do follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages.`
Add note about topic branches 2014-03-05 03:05:50 +08:00			* Do create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`.
Add new CONTRIBUTING.md 2014-02-25 01:57:38 +08:00
			`### Pull Requests`

Add three more dos/donts to CONTRIBUTING.md I've seen a couple PRs targeting the wrong branch. Many projects have a workflow where PRs should hit `develop` or `release` or something, but Metasploit-Framework wants PRs targeted against `master`. Also, warn against fixing too much in one PR since those kinds of PRs are a) harder to validate and b) might be all wrong anyway. We don't want people committing a bunch of work when the fundamental approach isn't going to fly. 2014-04-06 05:07:10 +08:00			`* Do target your pull request to the master branch. Not staging, not develop, not release.`
Add note about PR titles 2014-03-05 02:44:12 +08:00			`* Do specify a descriptive title to make searching for your pull request easier.`
Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			* Do include [console output](https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks), especially for witnessable effects in `msfconsole`.
			`* Do list [verification steps](https://help.github.com/articles/writing-on-github#task-lists) so your code is testable.`
			`* Don't leave your pull request description blank.`
			`* Don't abandon your pull request. Being responsive helps us land your code faster.`
Add new CONTRIBUTING.md 2014-02-25 01:57:38 +08:00
Add more examples of good contributions 2014-03-05 02:19:34 +08:00			`Pull requests [#2940](https://github.com/rapid7/metasploit-framework/pull/2940) and [#3043](https://github.com/rapid7/metasploit-framework/pull/3043) are a couple good examples to follow.`
Add an example of a good PR 2014-03-04 16:38:47 +08:00
Add new CONTRIBUTING.md 2014-02-25 01:57:38 +08:00			`#### New Modules`

Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			* Do run `tools/msftidy.rb` against your module and fix any errors or warnings that come up. Even better would be to set up `msftidy.rb` as a [pre-commit hook](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb).
Add three more dos/donts to CONTRIBUTING.md I've seen a couple PRs targeting the wrong branch. Many projects have a workflow where PRs should hit `develop` or `release` or something, but Metasploit-Framework wants PRs targeted against `master`. Also, warn against fixing too much in one PR since those kinds of PRs are a) harder to validate and b) might be all wrong anyway. We don't want people committing a bunch of work when the fundamental approach isn't going to fly. 2014-04-06 05:07:10 +08:00			`* Do use the [many module mixin APIs](https://dev.metasploit.com/documents/api/). Wheel improvements are welcome; wheel reinventions, not so much.`
Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			`* Don't include more than one module per pull request.`
Add new CONTRIBUTING.md 2014-02-25 01:57:38 +08:00
			`#### Library Code`

Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			`* Do write [RSpec](http://rspec.info/) tests - even the smallest change in library land can thoroughly screw things up.`
			`* Do follow [Better Specs](http://betterspecs.org/) - it's like the style guide for specs.`
			`* Do write [YARD](http://yardoc.org/) documentation - this makes it easier for people to use your code.`
Add three more dos/donts to CONTRIBUTING.md I've seen a couple PRs targeting the wrong branch. Many projects have a workflow where PRs should hit `develop` or `release` or something, but Metasploit-Framework wants PRs targeted against `master`. Also, warn against fixing too much in one PR since those kinds of PRs are a) harder to validate and b) might be all wrong anyway. We don't want people committing a bunch of work when the fundamental approach isn't going to fly. 2014-04-06 05:07:10 +08:00			`* Don't fix a lot of things in one pull request. Small fixes are easier to validate.`
Add new CONTRIBUTING.md 2014-02-25 01:57:38 +08:00
			`#### Bug Fixes`

Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			`* Do include reproduction steps in the form of verification steps.`
			* Do include a link to the corresponding [Redmine](https://dev.metasploit.com/redmine/projects/framework) issue in the format of `SeeRM #1234` in your commit description.
Add new CONTRIBUTING.md 2014-02-25 01:57:38 +08:00
			`## Bug Reports`

Add note about reporting vulns 2014-03-04 16:27:06 +08:00			`* Do report vulnerabilities in Rapid7 software to security@rapid7.com.`
Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			`* Do create a Redmine account and report your bug there.`
Add note about descriptive titles in bug reports 2014-03-05 03:16:55 +08:00			`* Do write a detailed description of your bug and use a descriptive title.`
Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			`* Do include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.`
			`* Don't file duplicate reports - search for your bug before filing a new report.`
			`* Don't report a bug on GitHub. Use [Redmine](https://dev.metasploit.com/redmine/projects/framework) instead.`

Change HTTP link to HTTPS Doesn't redirect by default. 2014-03-05 02:22:14 +08:00			`Redmine issues [#8762](https://dev.metasploit.com/redmine/issues/8762) and [#8764](https://dev.metasploit.com/redmine/issues/8764) are a couple good examples to follow.`
Add more examples of good contributions 2014-03-05 02:19:34 +08:00
Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			`If you need some more guidance, talk to the main body of open`
			`source contributors over on the [Freenode IRC channel](http://webchat.freenode.net/?channels=%23metasploit&uio=d4)`
			`or e-mail us at [metasploit-hackers](https://lists.sourceforge.net/lists/listinfo/metasploit-hackers)`
			`mailing list.`
Add new CONTRIBUTING.md 2014-02-25 01:57:38 +08:00
Various and sundry text updates to CONTRIBUTING.md Namely, all sentences should end with periods. Other light changes. Please cover the rest of my comments mentioned on commit 30fec1af (or argue with them) then PR away! 2014-03-04 04:39:40 +08:00			`Also, thank you for taking the few moments to read this far! You're`
			`already way ahead of the curve, so keep it up!`