2014-08-15 00:20:19 +08:00
|
|
|
# This list was intially created by analyzing the last three months (51
|
|
|
|
# modules) committed to Metasploit Framework. Many, many older modules
|
|
|
|
# will have offenses, but this should at least provide a baseline for
|
|
|
|
# new modules.
|
|
|
|
#
|
|
|
|
# Updates to this file should include a 'Description' parameter for any
|
2021-01-30 01:59:14 +08:00
|
|
|
# explanation needed.
|
2014-08-15 00:20:19 +08:00
|
|
|
|
|
|
|
# inherit_from: .rubocop_todo.yml
|
|
|
|
|
2017-08-02 19:18:02 +08:00
|
|
|
AllCops:
|
2021-01-30 01:59:14 +08:00
|
|
|
TargetRubyVersion: 2.5
|
|
|
|
SuggestExtensions: false
|
2021-01-30 01:59:14 +08:00
|
|
|
NewCops: disable
|
2017-08-02 19:18:02 +08:00
|
|
|
|
2020-02-26 02:09:02 +08:00
|
|
|
require:
|
|
|
|
- ./lib/rubocop/cop/layout/module_hash_on_new_line.rb
|
|
|
|
- ./lib/rubocop/cop/layout/module_description_indentation.rb
|
2021-02-16 04:25:27 +08:00
|
|
|
- ./lib/rubocop/cop/layout/extra_spacing_with_bindata_ignored.rb
|
2020-10-02 08:22:32 +08:00
|
|
|
- ./lib/rubocop/cop/lint/module_disclosure_date_format.rb
|
|
|
|
- ./lib/rubocop/cop/lint/module_disclosure_date_present.rb
|
2020-02-26 02:09:02 +08:00
|
|
|
|
2021-01-30 01:59:14 +08:00
|
|
|
Layout/SpaceBeforeBrackets:
|
|
|
|
Description: >-
|
|
|
|
Disabled as it generates invalid code:
|
|
|
|
https://github.com/rubocop-hq/rubocop/issues/9499
|
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
Lint/AmbiguousAssignment:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/DeprecatedConstants:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/DuplicateBranch:
|
|
|
|
Description: >-
|
|
|
|
Disabled as it causes a lot of noise around our current exception/error handling
|
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
Lint/DuplicateRegexpCharacterClassElement:
|
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
Lint/EmptyBlock:
|
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
Lint/EmptyClass:
|
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
Lint/LambdaWithoutLiteralBlock:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/NoReturnInBeginEndBlocks:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/NumberedParameterAssignment:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/OrAssignmentToConstant:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/RedundantDirGlobSort:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/SymbolConversion:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/ToEnumArguments:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/TripleQuotes:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/UnexpectedBlockArity:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/UnmodifiedReduceAccumulator:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Style/ArgumentsForwarding:
|
|
|
|
Enabled: true
|
|
|
|
|
2021-02-16 21:56:50 +08:00
|
|
|
Style/BlockComments:
|
|
|
|
Description: >-
|
|
|
|
Disabled as multiline comments are great for embedded code snippets/payloads that can
|
|
|
|
be copy/pasted directly into a terminal etc.
|
|
|
|
Enabled: false
|
|
|
|
|
2021-02-25 04:24:57 +08:00
|
|
|
Style/CaseLikeIf:
|
|
|
|
Description: >-
|
|
|
|
This would cause a lot of noise, and potentially introduce subtly different code when
|
|
|
|
being auto fixed. Could potentially be enabled in isolation, but would require more
|
|
|
|
consideration.
|
|
|
|
Enabled: false
|
|
|
|
|
2021-01-30 01:59:14 +08:00
|
|
|
Style/CollectionCompact:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Style/DocumentDynamicEvalDefinition:
|
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
Style/EndlessMethod:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Style/HashExcept:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Style/IfWithBooleanLiteralBranches:
|
|
|
|
Description: >-
|
|
|
|
Most of the time this is a valid replacement. Although it can generate subtly different
|
|
|
|
rewrites that might break code:
|
|
|
|
2.7.2 :001 > foo = nil
|
|
|
|
=> nil
|
|
|
|
2.7.2 :002 > (foo && foo['key'] == 'foo') ? true : false
|
|
|
|
=> false
|
|
|
|
2.7.2 :003 > foo && foo['key'] == 'foo'
|
|
|
|
=> nil
|
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
Style/NegatedIfElseCondition:
|
|
|
|
Enabled: false
|
|
|
|
|
2021-02-16 21:56:50 +08:00
|
|
|
Style/MultipleComparison:
|
|
|
|
Description: >-
|
|
|
|
Disabled as it generates invalid code:
|
|
|
|
https://github.com/rubocop-hq/rubocop/issues/9520
|
|
|
|
It may also introduce subtle semantic issues if automatically applied to the
|
|
|
|
entire codebase without rigorous testing.
|
|
|
|
Enabled: false
|
|
|
|
|
2021-01-30 01:59:14 +08:00
|
|
|
Style/NilLambda:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Style/RedundantArgument:
|
|
|
|
Enabled: false
|
|
|
|
|
2021-02-16 21:56:50 +08:00
|
|
|
Style/RedundantAssignment:
|
|
|
|
Description: >-
|
|
|
|
Disabled as it sometimes improves the readability of code having an explicitly named
|
|
|
|
response object, it also makes it easier to put a breakpoint between the assignment
|
|
|
|
and return expression
|
|
|
|
Enabled: false
|
|
|
|
|
2021-01-30 01:59:14 +08:00
|
|
|
Style/SwapValues:
|
|
|
|
Enabled: false
|
|
|
|
|
2020-02-26 02:09:02 +08:00
|
|
|
Layout/ModuleHashOnNewLine:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Layout/ModuleDescriptionIndentation:
|
|
|
|
Enabled: true
|
|
|
|
|
2020-10-02 08:22:32 +08:00
|
|
|
Lint/ModuleDisclosureDateFormat:
|
|
|
|
Enabled: true
|
|
|
|
|
|
|
|
Lint/ModuleDisclosureDatePresent:
|
|
|
|
Include:
|
|
|
|
# Only exploits require disclosure dates, but they can be present in auxiliary modules etc.
|
|
|
|
- 'modules/exploits/**/*'
|
|
|
|
|
2014-11-12 05:06:43 +08:00
|
|
|
Metrics/ClassLength:
|
2014-08-15 00:20:19 +08:00
|
|
|
Description: 'Most Metasploit modules are quite large. This is ok.'
|
|
|
|
Enabled: true
|
|
|
|
Exclude:
|
|
|
|
- 'modules/**/*'
|
|
|
|
|
2018-05-07 01:00:37 +08:00
|
|
|
Style/ClassAndModuleChildren:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'Forced nesting is harmful for grepping and general code comprehension'
|
|
|
|
|
2017-07-24 21:15:35 +08:00
|
|
|
Metrics/AbcSize:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This is often a red-herring'
|
|
|
|
|
|
|
|
Metrics/CyclomaticComplexity:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This is often a red-herring'
|
|
|
|
|
|
|
|
Metrics/PerceivedComplexity:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This is often a red-herring'
|
|
|
|
|
2021-02-25 04:24:57 +08:00
|
|
|
Metrics/BlockNesting:
|
|
|
|
Description: >-
|
|
|
|
This is a good rule to follow, but will cause a lot of overhead introducing this rule.
|
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
Metrics/ParameterLists:
|
|
|
|
Description: >-
|
|
|
|
This is a good rule to follow, but will cause a lot of overhead introducing this rule.
|
|
|
|
Increasing the max count for now
|
|
|
|
Max: 8
|
|
|
|
|
2018-05-01 07:40:07 +08:00
|
|
|
Style/TernaryParentheses:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This outright produces bugs'
|
|
|
|
|
2017-07-24 21:15:35 +08:00
|
|
|
Style/FrozenStringLiteralComment:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'We cannot support this yet without a lot of things breaking'
|
|
|
|
|
2017-08-14 11:29:29 +08:00
|
|
|
Style/RedundantReturn:
|
|
|
|
Description: 'This often looks weird when mixed with actual returns, and hurts nothing'
|
|
|
|
Enabled: false
|
|
|
|
|
2021-02-25 04:24:57 +08:00
|
|
|
Naming/HeredocDelimiterNaming:
|
|
|
|
Description: >-
|
|
|
|
Could be enabled in isolation with additional effort.
|
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
Naming/AccessorMethodName:
|
|
|
|
Description: >-
|
|
|
|
Disabled for now, as this naming convention is used in a lot of core library files.
|
|
|
|
Could be enabled in isolation with additional effort.
|
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
Naming/ConstantName:
|
|
|
|
Description: >-
|
|
|
|
Disabled for now, Metasploit is unfortunately too inconsistent with its naming to introduce
|
|
|
|
this. Definitely possible to enforce this in the future if need be.
|
|
|
|
|
|
|
|
Examples:
|
|
|
|
ManualRanking, LowRanking, etc.
|
|
|
|
NERR_ClientNameNotFound
|
|
|
|
HttpFingerprint
|
|
|
|
CachedSize
|
|
|
|
ErrUnknownTransferId
|
|
|
|
Enabled: false
|
|
|
|
|
2019-03-09 00:20:10 +08:00
|
|
|
Naming/VariableNumber:
|
|
|
|
Description: 'To make it easier to use reference code, disable this cop'
|
|
|
|
Enabled: false
|
|
|
|
|
2018-05-07 01:00:37 +08:00
|
|
|
Style/NumericPredicate:
|
|
|
|
Description: 'This adds no efficiency nor space saving'
|
|
|
|
Enabled: false
|
|
|
|
|
2014-08-15 00:20:19 +08:00
|
|
|
Style/Documentation:
|
|
|
|
Enabled: true
|
|
|
|
Description: 'Most Metasploit modules do not have class documentation.'
|
|
|
|
Exclude:
|
|
|
|
- 'modules/**/*'
|
2021-01-30 01:59:14 +08:00
|
|
|
- 'spec/file_fixtures/modules/**/*'
|
2014-08-15 00:20:19 +08:00
|
|
|
|
2020-02-26 02:09:02 +08:00
|
|
|
Layout/FirstArgumentIndentation:
|
|
|
|
Enabled: true
|
|
|
|
EnforcedStyle: consistent
|
|
|
|
Description: 'Useful for the module hash to be indented consistently'
|
|
|
|
|
|
|
|
Layout/ArgumentAlignment:
|
|
|
|
Enabled: true
|
|
|
|
EnforcedStyle: with_first_argument
|
|
|
|
Description: 'Useful for the module hash to be indented consistently'
|
|
|
|
|
|
|
|
Layout/FirstHashElementIndentation:
|
|
|
|
Enabled: true
|
|
|
|
EnforcedStyle: consistent
|
|
|
|
Description: 'Useful for the module hash to be indented consistently'
|
|
|
|
|
|
|
|
Layout/FirstHashElementLineBreak:
|
|
|
|
Enabled: true
|
|
|
|
Description: 'Enforce consistency by breaking hash elements on to new lines'
|
|
|
|
|
2019-03-09 00:20:10 +08:00
|
|
|
Layout/SpaceInsideArrayLiteralBrackets:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'Almost all module metadata have space in brackets'
|
|
|
|
|
2017-08-02 03:44:22 +08:00
|
|
|
Style/GuardClause:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This often introduces bugs in tested code'
|
|
|
|
|
2019-03-09 00:20:10 +08:00
|
|
|
Style/EmptyLiteral:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This looks awkward when you mix empty and non-empty literals'
|
|
|
|
|
2017-08-03 13:26:04 +08:00
|
|
|
Style/NegatedIf:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This often introduces bugs in tested code'
|
|
|
|
|
2017-08-02 04:19:13 +08:00
|
|
|
Style/ConditionalAssignment:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This is confusing for folks coming from other languages'
|
|
|
|
|
2014-08-15 00:20:19 +08:00
|
|
|
Style/Encoding:
|
|
|
|
Description: 'We prefer binary to UTF-8.'
|
2019-03-09 00:20:10 +08:00
|
|
|
Enabled: false
|
|
|
|
|
|
|
|
Style/ParenthesesAroundCondition:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This is used in too many places to discount, especially in ported code. Has little effect'
|
|
|
|
|
2021-02-26 04:10:58 +08:00
|
|
|
Style/StringConcatenation:
|
|
|
|
Enabled: false
|
|
|
|
Description: >-
|
|
|
|
Disabled for now as it changes escape sequences when auto corrected:
|
|
|
|
https://github.com/rubocop/rubocop/issues/9543
|
|
|
|
|
|
|
|
Additionally seems to break with multiline string concatenation with trailing comments, example:
|
|
|
|
payload = "\x12" + # Size
|
|
|
|
"\x34" + # eip
|
|
|
|
"\x56" # etc
|
|
|
|
With `rubocop -A` this will become:
|
|
|
|
payload = "\u00124V" # etc
|
|
|
|
|
2019-03-09 00:20:10 +08:00
|
|
|
Style/TrailingCommaInArrayLiteral:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This is often a useful pattern, and is actually required by other languages. It does not hurt.'
|
2014-08-15 00:20:19 +08:00
|
|
|
|
2021-01-30 01:59:14 +08:00
|
|
|
Layout/LineLength:
|
2014-08-15 00:20:19 +08:00
|
|
|
Description: >-
|
2020-02-26 02:09:02 +08:00
|
|
|
Metasploit modules often pattern match against very
|
|
|
|
long strings when identifying targets.
|
2021-01-30 01:59:14 +08:00
|
|
|
Enabled: false
|
2014-08-15 00:20:19 +08:00
|
|
|
|
2019-03-09 00:20:10 +08:00
|
|
|
Metrics/BlockLength:
|
|
|
|
Enabled: true
|
|
|
|
Description: >-
|
2020-02-26 02:09:02 +08:00
|
|
|
While the style guide suggests 10 lines, exploit definitions
|
|
|
|
often exceed 200 lines.
|
2019-03-09 00:20:10 +08:00
|
|
|
Max: 300
|
|
|
|
|
2014-11-12 05:06:43 +08:00
|
|
|
Metrics/MethodLength:
|
2014-08-15 00:20:19 +08:00
|
|
|
Enabled: true
|
|
|
|
Description: >-
|
2020-02-26 02:09:02 +08:00
|
|
|
While the style guide suggests 10 lines, exploit definitions
|
|
|
|
often exceed 200 lines.
|
2014-08-15 00:20:19 +08:00
|
|
|
Max: 300
|
|
|
|
|
2020-02-26 02:09:02 +08:00
|
|
|
Naming/MethodParameterName:
|
2019-03-09 00:20:10 +08:00
|
|
|
Enabled: true
|
|
|
|
Description: 'Whoever made this requirement never looked at crypto methods, IV'
|
|
|
|
MinNameLength: 2
|
2014-07-22 05:22:15 +08:00
|
|
|
|
2014-11-12 05:06:43 +08:00
|
|
|
# %q() is super useful for long strings split over multiple lines and
|
|
|
|
# is very common in module constructors for things like descriptions
|
2019-11-13 15:45:01 +08:00
|
|
|
Style/RedundantPercentQ:
|
2014-11-12 05:06:43 +08:00
|
|
|
Enabled: false
|
|
|
|
|
2014-08-15 00:20:19 +08:00
|
|
|
Style/NumericLiterals:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This often hurts readability for exploit-ish code.'
|
|
|
|
|
2020-04-16 09:04:17 +08:00
|
|
|
Layout/FirstArrayElementLineBreak:
|
|
|
|
Enabled: true
|
|
|
|
Description: 'This cop checks for a line break before the first element in a multi-line array.'
|
|
|
|
|
2020-02-26 02:09:02 +08:00
|
|
|
Layout/FirstArrayElementIndentation:
|
|
|
|
Enabled: true
|
|
|
|
EnforcedStyle: consistent
|
|
|
|
Description: 'Useful to force values within the register_options array to have sane indentation'
|
2019-03-09 00:20:10 +08:00
|
|
|
|
|
|
|
Layout/EmptyLinesAroundClassBody:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'these are used to increase readability'
|
|
|
|
|
|
|
|
Layout/EmptyLinesAroundMethodBody:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'these are used to increase readability'
|
|
|
|
|
2021-02-16 04:25:27 +08:00
|
|
|
Layout/ExtraSpacingWithBinDataIgnored:
|
2020-02-26 02:09:02 +08:00
|
|
|
Description: 'Do not use unnecessary spacing.'
|
2018-03-13 14:46:52 +08:00
|
|
|
Enabled: true
|
2020-02-26 02:09:02 +08:00
|
|
|
# When true, allows most uses of extra spacing if the intent is to align
|
|
|
|
# things with the previous or next line, not counting empty lines or comment
|
|
|
|
# lines.
|
|
|
|
AllowForAlignment: false
|
|
|
|
# When true, allows things like 'obj.meth(arg) # comment',
|
|
|
|
# rather than insisting on 'obj.meth(arg) # comment'.
|
|
|
|
# If done for alignment, either this OR AllowForAlignment will allow it.
|
2021-01-26 08:08:08 +08:00
|
|
|
AllowBeforeTrailingComments: true
|
2020-02-26 02:09:02 +08:00
|
|
|
# When true, forces the alignment of `=` in assignments on consecutive lines.
|
|
|
|
ForceEqualSignAlignment: false
|
2014-08-15 00:20:19 +08:00
|
|
|
|
2019-03-09 00:20:10 +08:00
|
|
|
Style/For:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'if a module is written with a for loop, it cannot always be logically replaced with each'
|
|
|
|
|
2014-08-15 00:20:19 +08:00
|
|
|
Style/WordArray:
|
|
|
|
Enabled: false
|
2014-07-19 01:26:55 +08:00
|
|
|
Description: 'Metasploit prefers consistent use of []'
|
|
|
|
|
2018-05-07 01:00:37 +08:00
|
|
|
Style/IfUnlessModifier:
|
|
|
|
Enabled: false
|
|
|
|
Description: 'This style might save a couple of lines, but often makes code less clear'
|
|
|
|
|
2020-02-26 02:09:02 +08:00
|
|
|
Style/PercentLiteralDelimiters:
|
|
|
|
Description: 'Use `%`-literal delimiters consistently.'
|
|
|
|
Enabled: true
|
|
|
|
# Specify the default preferred delimiter for all types with the 'default' key
|
|
|
|
# Override individual delimiters (even with default specified) by specifying
|
|
|
|
# an individual key
|
|
|
|
PreferredDelimiters:
|
|
|
|
default: ()
|
|
|
|
'%i': '[]'
|
|
|
|
'%I': '[]'
|
|
|
|
'%r': '{}'
|
|
|
|
'%w': '[]'
|
|
|
|
'%W': '[]'
|
|
|
|
'%q': '{}' # Chosen for module descriptions as () are frequently used characters, whilst {} are rarely used
|
|
|
|
VersionChanged: '0.48.1'
|
|
|
|
|
2014-07-19 01:26:55 +08:00
|
|
|
Style/RedundantBegin:
|
|
|
|
Exclude:
|
|
|
|
# this pattern is very common and somewhat unavoidable
|
|
|
|
# def run_host(ip)
|
|
|
|
# begin
|
|
|
|
# ...
|
|
|
|
# rescue ...
|
|
|
|
# ...
|
|
|
|
# ensure
|
|
|
|
# disconnect
|
|
|
|
# end
|
|
|
|
# end
|
|
|
|
- 'modules/**/*'
|
|
|
|
|
2020-04-28 01:04:33 +08:00
|
|
|
Style/SafeNavigation:
|
|
|
|
Description: >-
|
|
|
|
This cop transforms usages of a method call safeguarded by
|
|
|
|
a check for the existence of the object to
|
|
|
|
safe navigation (`&.`).
|
|
|
|
|
|
|
|
This has been disabled as in some scenarios it produced invalid code, and disobeyed the 'AllowedMethods'
|
|
|
|
configuration.
|
|
|
|
Enabled: false
|
2021-02-16 21:56:50 +08:00
|
|
|
|
|
|
|
Style/UnpackFirst:
|
|
|
|
Description: >-
|
|
|
|
Disabling to make it easier to copy/paste `unpack('h*')` expressions from code
|
|
|
|
into a debugging REPL.
|
|
|
|
Enabled: false
|