Land #15247, add rubocop rule to enforce `Notes` in exploit module info
This commit is contained in:
commit
6abdeb1ac1
|
@ -20,6 +20,7 @@ require:
|
|||
- ./lib/rubocop/cop/lint/module_disclosure_date_format.rb
|
||||
- ./lib/rubocop/cop/lint/module_disclosure_date_present.rb
|
||||
- ./lib/rubocop/cop/lint/deprecated_gem_version.rb
|
||||
- ./lib/rubocop/cop/lint/module_enforce_notes.rb
|
||||
|
||||
Layout/SpaceBeforeBrackets:
|
||||
Description: >-
|
||||
|
@ -158,6 +159,13 @@ Lint/ModuleDisclosureDatePresent:
|
|||
# Only exploits require disclosure dates, but they can be present in auxiliary modules etc.
|
||||
- 'modules/exploits/**/*'
|
||||
|
||||
Lint/ModuleEnforceNotes:
|
||||
Include:
|
||||
# Only exploits and auxiliary modules require SideEffects to be listed.
|
||||
- 'modules/exploits/**/*'
|
||||
- 'modules/auxiliary/**/*'
|
||||
- 'modules/post/**/*'
|
||||
|
||||
Lint/DeprecatedGemVersion:
|
||||
Enabled: true
|
||||
Exclude:
|
||||
|
|
|
@ -0,0 +1,72 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module RuboCop
|
||||
module Cop
|
||||
module Lint
|
||||
class ModuleEnforceNotes < Base
|
||||
|
||||
NO_NOTES_MSG = 'Module is missing the Notes section which must include Stability, Reliability and SideEffects] - https://github.com/rapid7/metasploit-framework/wiki/Definition-of-Module-Reliability,-Side-Effects,-and-Stability'
|
||||
MISSING_KEY_MSG = 'Module is missing %s from the Notes section - https://github.com/rapid7/metasploit-framework/wiki/Definition-of-Module-Reliability,-Side-Effects,-and-Stability'
|
||||
REQUIRED_KEYS = %w[Stability Reliability SideEffects]
|
||||
|
||||
def_node_matcher :find_update_info_node, <<~PATTERN
|
||||
(def :initialize _args (begin (super $(send nil? {:update_info :merge_info} (lvar :info) (hash ...))) ...))
|
||||
PATTERN
|
||||
|
||||
def_node_matcher :find_nested_update_info_node, <<~PATTERN
|
||||
(def :initialize _args (super $(send nil? {:update_info :merge_info} (lvar :info) (hash ...)) ...))
|
||||
PATTERN
|
||||
|
||||
def on_def(node)
|
||||
update_info_node = find_update_info_node(node) || find_nested_update_info_node(node)
|
||||
return if update_info_node.nil?
|
||||
|
||||
hash = update_info_node.arguments.find { |argument| hash_arg?(argument) }
|
||||
notes_present = false
|
||||
last_key = nil
|
||||
notes = nil
|
||||
hash.each_pair do |key, value|
|
||||
if key.value == 'Notes'
|
||||
notes_present = true
|
||||
notes = value
|
||||
end
|
||||
last_key = key
|
||||
end
|
||||
|
||||
if notes_present
|
||||
check_for_required_keys(notes)
|
||||
else
|
||||
add_offense(last_key || hash, message: NO_NOTES_MSG)
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def check_for_required_keys(notes)
|
||||
last_key = nil
|
||||
keys_present = []
|
||||
notes.each_pair do |key, _value|
|
||||
if REQUIRED_KEYS.include? key.value
|
||||
keys_present << key.value
|
||||
end
|
||||
last_key = key
|
||||
end
|
||||
|
||||
missing_keys = REQUIRED_KEYS - keys_present
|
||||
unless missing_keys.empty?
|
||||
if missing_keys.length == 1
|
||||
msg = missing_keys[0]
|
||||
else
|
||||
msg = missing_keys[0...-1].join(', ') + ' and ' + missing_keys[-1]
|
||||
end
|
||||
add_offense(last_key || notes, message: MISSING_KEY_MSG % msg)
|
||||
end
|
||||
end
|
||||
|
||||
def hash_arg?(node)
|
||||
node.type == :hash
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,247 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
require 'rubocop/cop/lint/module_enforce_notes'
|
||||
|
||||
RSpec.describe RuboCop::Cop::Lint::ModuleEnforceNotes do
|
||||
subject(:cop) { described_class.new(config) }
|
||||
let(:config) { RuboCop::Config.new }
|
||||
|
||||
it 'requires Notes to be present when keys are present' do
|
||||
expect_offense(<<~RUBY)
|
||||
class DummyModule
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Simple module name',
|
||||
'Description' => 'Lorem ipsum dolor sit amet',
|
||||
'Author' => [ 'example1', 'example2' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86,
|
||||
^^^^^^ Module is missing the Notes section [...]
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
RUBY
|
||||
expect_no_corrections
|
||||
end
|
||||
|
||||
it 'requires Notes to be present when no keys are present' do
|
||||
expect_offense(<<~RUBY)
|
||||
class DummyModule
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
{}
|
||||
^^ Module is missing the Notes section [...]
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
RUBY
|
||||
expect_no_corrections
|
||||
end
|
||||
|
||||
it 'requires Stability, Reliability and SideEffects to be present when no keys are present' do
|
||||
expect_offense(<<~RUBY)
|
||||
class DummyModule
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Simple module name',
|
||||
'Description' => 'Lorem ipsum dolor sit amet',
|
||||
'Author' => [ 'example1', 'example2' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86,
|
||||
'Notes' => {}
|
||||
^^ Module is missing Stability, Reliability and SideEffects [...]
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
RUBY
|
||||
expect_no_corrections
|
||||
end
|
||||
|
||||
it 'requires Stability, Reliability and SideEffects to be present when keys are present' do
|
||||
expect_offense(<<~RUBY)
|
||||
class DummyModule
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Simple module name',
|
||||
'Description' => 'Lorem ipsum dolor sit amet',
|
||||
'Author' => [ 'example1', 'example2' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86,
|
||||
'Notes' => {'SomeKey' => [some_value],}
|
||||
^^^^^^^^^ Module is missing Stability, Reliability and SideEffects [...]
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
RUBY
|
||||
expect_no_corrections
|
||||
end
|
||||
|
||||
it 'requires Stability to be present even when SideEffects and Reliability are present' do
|
||||
expect_offense(<<~RUBY)
|
||||
class DummyModule
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Simple module name',
|
||||
'Description' => 'Lorem ipsum dolor sit amet',
|
||||
'Author' => [ 'example1', 'example2' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86,
|
||||
'Notes' => {
|
||||
'SideEffects' => [IOC_IN_LOGS],
|
||||
'Reliability' => [FIRST_ATTEMPT_FAIL]
|
||||
^^^^^^^^^^^^^ Module is missing Stability [...]
|
||||
}
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
RUBY
|
||||
expect_no_corrections
|
||||
end
|
||||
|
||||
it 'requires SideEffects to be present even when Stability and Reliability are present' do
|
||||
expect_offense(<<~RUBY)
|
||||
class DummyModule
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Simple module name',
|
||||
'Description' => 'Lorem ipsum dolor sit amet',
|
||||
'Author' => [ 'example1', 'example2' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86,
|
||||
'Notes' => {
|
||||
'Stability' => [CRASH_SAFE],
|
||||
'Reliability' => [FIRST_ATTEMPT_FAIL]
|
||||
^^^^^^^^^^^^^ Module is missing SideEffects [...]
|
||||
}
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
RUBY
|
||||
expect_no_corrections
|
||||
end
|
||||
|
||||
it 'requires Reliability to be present even when Stability and SideEffects are present' do
|
||||
expect_offense(<<~RUBY)
|
||||
class DummyModule
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Simple module name',
|
||||
'Description' => 'Lorem ipsum dolor sit amet',
|
||||
'Author' => [ 'example1', 'example2' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86,
|
||||
'Notes' => {
|
||||
'Stability' => [CRASH_SAFE],
|
||||
'SideEffects' => [IOC_IN_LOGS],
|
||||
^^^^^^^^^^^^^ Module is missing Reliability [...]
|
||||
}
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
RUBY
|
||||
expect_no_corrections
|
||||
end
|
||||
|
||||
it 'Stability, Reliability and SideEffects can be empty arrays' do
|
||||
expect_no_offenses(<<~RUBY)
|
||||
class DummyModule
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Simple module name',
|
||||
'Description' => 'Lorem ipsum dolor sit amet',
|
||||
'Author' => [ 'example1', 'example2' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86,
|
||||
'Notes' => {
|
||||
'Stability' => [],
|
||||
'SideEffects' => [],
|
||||
'Reliability' => []
|
||||
}
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
RUBY
|
||||
end
|
||||
|
||||
it 'Stability, Reliability and SideEffects can be a single item in an array' do
|
||||
expect_no_offenses(<<~RUBY)
|
||||
class DummyModule
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Simple module name',
|
||||
'Description' => 'Lorem ipsum dolor sit amet',
|
||||
'Author' => [ 'example1', 'example2' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86,
|
||||
'Notes' => {
|
||||
'Stability' => [CRASH_SAFE],
|
||||
'SideEffects' => [IOC_IN_LOGS],
|
||||
'Reliability' => [FIRST_ATTEMPT_FAIL]
|
||||
}
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
RUBY
|
||||
end
|
||||
|
||||
it 'Stability, Reliability and SideEffects can be a multiple items in an array' do
|
||||
expect_no_offenses(<<~RUBY)
|
||||
class DummyModule
|
||||
def initialize(info = {})
|
||||
super(
|
||||
update_info(
|
||||
info,
|
||||
'Name' => 'Simple module name',
|
||||
'Description' => 'Lorem ipsum dolor sit amet',
|
||||
'Author' => [ 'example1', 'example2' ],
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86,
|
||||
'Notes' => {
|
||||
'Stability' => [CRASH_SAFE, SECOND_ITEM],
|
||||
'SideEffects' => [IOC_IN_LOGS, ACCOUNT_LOCKOUTS],
|
||||
'Reliability' => [FIRST_ATTEMPT_FAIL, SECOND_ITEM]
|
||||
}
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
RUBY
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue