dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Land #15247, add rubocop rule to enforce `Notes` in exploit module info

This commit is contained in:
adfoster-r7 2021-06-11 10:45:38 +01:00 committed by GitHub
parent e07561c904 6abd30522e
commit 6abdeb1ac1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 327 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.rubocop.yml
View File

@ -20,6 +20,7 @@ require:
- ./lib/rubocop/cop/lint/module_disclosure_date_format.rb
- ./lib/rubocop/cop/lint/module_disclosure_date_present.rb
- ./lib/rubocop/cop/lint/deprecated_gem_version.rb
- ./lib/rubocop/cop/lint/module_enforce_notes.rb
Layout/SpaceBeforeBrackets:
Description: >-
@ -158,6 +159,13 @@ Lint/ModuleDisclosureDatePresent:
# Only exploits require disclosure dates, but they can be present in auxiliary modules etc.
- 'modules/exploits/**/*'
Lint/ModuleEnforceNotes:
Include:
# Only exploits and auxiliary modules require SideEffects to be listed.
- 'modules/exploits/**/*'
- 'modules/auxiliary/**/*'
- 'modules/post/**/*'
Lint/DeprecatedGemVersion:
Enabled: true
Exclude:

72
lib/rubocop/cop/lint/module_enforce_notes.rb Normal file
View File

@ -0,0 +1,72 @@
# frozen_string_literal: true
module RuboCop
module Cop
module Lint
class ModuleEnforceNotes < Base
NO_NOTES_MSG = 'Module is missing the Notes section which must include Stability, Reliability and SideEffects] - https://github.com/rapid7/metasploit-framework/wiki/Definition-of-Module-Reliability,-Side-Effects,-and-Stability'
MISSING_KEY_MSG = 'Module is missing %s from the Notes section - https://github.com/rapid7/metasploit-framework/wiki/Definition-of-Module-Reliability,-Side-Effects,-and-Stability'
REQUIRED_KEYS = %w[Stability Reliability SideEffects]
def_node_matcher :find_update_info_node, <<~PATTERN
(def :initialize _args (begin (super $(send nil? {:update_info :merge_info} (lvar :info) (hash ...))) ...))
PATTERN
def_node_matcher :find_nested_update_info_node, <<~PATTERN
(def :initialize _args (super $(send nil? {:update_info :merge_info} (lvar :info) (hash ...)) ...))
PATTERN
def on_def(node)
update_info_node = find_update_info_node(node) || find_nested_update_info_node(node)
return if update_info_node.nil?
hash = update_info_node.arguments.find { |argument| hash_arg?(argument) }
notes_present = false
last_key = nil
notes = nil
hash.each_pair do |key, value|
if key.value == 'Notes'
notes_present = true
notes = value
end
last_key = key
end
if notes_present
check_for_required_keys(notes)
else
add_offense(last_key || hash, message: NO_NOTES_MSG)
end
end
private
def check_for_required_keys(notes)
last_key = nil
keys_present = []
notes.each_pair do |key, _value|
if REQUIRED_KEYS.include? key.value
keys_present << key.value
end
last_key = key
end
missing_keys = REQUIRED_KEYS - keys_present
unless missing_keys.empty?
if missing_keys.length == 1
msg = missing_keys[0]
else
msg = missing_keys[0...-1].join(', ') + ' and ' + missing_keys[-1]
end
add_offense(last_key || notes, message: MISSING_KEY_MSG % msg)
end
end
def hash_arg?(node)
node.type == :hash
end
end
end
end
end

247
spec/rubocop/cop/lint/module_enforce_notes_spec.rb Normal file
View File

@ -0,0 +1,247 @@
# frozen_string_literal: true
require 'spec_helper'
require 'rubocop/cop/lint/module_enforce_notes'
RSpec.describe RuboCop::Cop::Lint::ModuleEnforceNotes do
subject(:cop) { described_class.new(config) }
let(:config) { RuboCop::Config.new }
it 'requires Notes to be present when keys are present' do
expect_offense(<<~RUBY)
class DummyModule
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Simple module name',
'Description' => 'Lorem ipsum dolor sit amet',
'Author' => [ 'example1', 'example2' ],
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
^^^^^^ Module is missing the Notes section [...]
)
)
end
end
RUBY
expect_no_corrections
end
it 'requires Notes to be present when no keys are present' do
expect_offense(<<~RUBY)
class DummyModule
def initialize(info = {})
super(
update_info(
info,
{}
^^ Module is missing the Notes section [...]
)
)
end
end
RUBY
expect_no_corrections
end
it 'requires Stability, Reliability and SideEffects to be present when no keys are present' do
expect_offense(<<~RUBY)
class DummyModule
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Simple module name',
'Description' => 'Lorem ipsum dolor sit amet',
'Author' => [ 'example1', 'example2' ],
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Notes' => {}
^^ Module is missing Stability, Reliability and SideEffects [...]
)
)
end
end
RUBY
expect_no_corrections
end
it 'requires Stability, Reliability and SideEffects to be present when keys are present' do
expect_offense(<<~RUBY)
class DummyModule
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Simple module name',
'Description' => 'Lorem ipsum dolor sit amet',
'Author' => [ 'example1', 'example2' ],
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Notes' => {'SomeKey' => [some_value],}
^^^^^^^^^ Module is missing Stability, Reliability and SideEffects [...]
)
)
end
end
RUBY
expect_no_corrections
end
it 'requires Stability to be present even when SideEffects and Reliability are present' do
expect_offense(<<~RUBY)
class DummyModule
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Simple module name',
'Description' => 'Lorem ipsum dolor sit amet',
'Author' => [ 'example1', 'example2' ],
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Notes' => {
'SideEffects' => [IOC_IN_LOGS],
'Reliability' => [FIRST_ATTEMPT_FAIL]
^^^^^^^^^^^^^ Module is missing Stability [...]
}
)
)
end
end
RUBY
expect_no_corrections
end
it 'requires SideEffects to be present even when Stability and Reliability are present' do
expect_offense(<<~RUBY)
class DummyModule
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Simple module name',
'Description' => 'Lorem ipsum dolor sit amet',
'Author' => [ 'example1', 'example2' ],
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Notes' => {
'Stability' => [CRASH_SAFE],
'Reliability' => [FIRST_ATTEMPT_FAIL]
^^^^^^^^^^^^^ Module is missing SideEffects [...]
}
)
)
end
end
RUBY
expect_no_corrections
end
it 'requires Reliability to be present even when Stability and SideEffects are present' do
expect_offense(<<~RUBY)
class DummyModule
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Simple module name',
'Description' => 'Lorem ipsum dolor sit amet',
'Author' => [ 'example1', 'example2' ],
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Notes' => {
'Stability' => [CRASH_SAFE],
'SideEffects' => [IOC_IN_LOGS],
^^^^^^^^^^^^^ Module is missing Reliability [...]
}
)
)
end
end
RUBY
expect_no_corrections
end
it 'Stability, Reliability and SideEffects can be empty arrays' do
expect_no_offenses(<<~RUBY)
class DummyModule
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Simple module name',
'Description' => 'Lorem ipsum dolor sit amet',
'Author' => [ 'example1', 'example2' ],
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Notes' => {
'Stability' => [],
'SideEffects' => [],
'Reliability' => []
}
)
)
end
end
RUBY
end
it 'Stability, Reliability and SideEffects can be a single item in an array' do
expect_no_offenses(<<~RUBY)
class DummyModule
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Simple module name',
'Description' => 'Lorem ipsum dolor sit amet',
'Author' => [ 'example1', 'example2' ],
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Notes' => {
'Stability' => [CRASH_SAFE],
'SideEffects' => [IOC_IN_LOGS],
'Reliability' => [FIRST_ATTEMPT_FAIL]
}
)
)
end
end
RUBY
end
it 'Stability, Reliability and SideEffects can be a multiple items in an array' do
expect_no_offenses(<<~RUBY)
class DummyModule
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Simple module name',
'Description' => 'Lorem ipsum dolor sit amet',
'Author' => [ 'example1', 'example2' ],
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => ARCH_X86,
'Notes' => {
'Stability' => [CRASH_SAFE, SECOND_ITEM],
'SideEffects' => [IOC_IN_LOGS, ACCOUNT_LOCKOUTS],
'Reliability' => [FIRST_ATTEMPT_FAIL, SECOND_ITEM]
}
)
)
end
end
RUBY
end
end