Add latest rubocop rules

.rubocop.yml

@@ -9,7 +9,8 @@
 # inherit_from: .rubocop_todo.yml
 
 AllCops:
-  TargetRubyVersion: 2.4
+  TargetRubyVersion: 2.5
+  SuggestExtensions: false
 
 require:
   - ./lib/rubocop/cop/layout/module_hash_on_new_line.rb
@@ -17,6 +18,101 @@ require:
   - ./lib/rubocop/cop/lint/module_disclosure_date_format.rb
   - ./lib/rubocop/cop/lint/module_disclosure_date_present.rb
 
+Layout/SpaceBeforeBrackets:
+  Description: >-
+    Disabled as it generates invalid code:
+      https://github.com/rubocop-hq/rubocop/issues/9499
+  Enabled: false
+
+Lint/AmbiguousAssignment:
+  Enabled: true
+
+Lint/DeprecatedConstants:
+  Enabled: true
+
+Lint/DuplicateBranch:
+  Description: >-
+    Disabled as it causes a lot of noise around our current exception/error handling
+  Enabled: false
+
+Lint/DuplicateRegexpCharacterClassElement:
+  Enabled: false
+
+Lint/EmptyBlock:
+  Enabled: false
+
+Lint/EmptyClass:
+  Enabled: false
+
+Lint/LambdaWithoutLiteralBlock:
+  Enabled: true
+
+Lint/NoReturnInBeginEndBlocks:
+  Enabled: true
+
+Lint/NumberedParameterAssignment:
+  Enabled: true
+
+Lint/OrAssignmentToConstant:
+  Enabled: true
+
+Lint/RedundantDirGlobSort:
+  Enabled: true
+
+Lint/SymbolConversion:
+  Enabled: true
+
+Lint/ToEnumArguments:
+  Enabled: true
+
+Lint/TripleQuotes:
+  Enabled: true
+
+Lint/UnexpectedBlockArity:
+  Enabled: true
+
+Lint/UnmodifiedReduceAccumulator:
+  Enabled: true
+
+Style/ArgumentsForwarding:
+  Enabled: true
+
+Style/CollectionCompact:
+  Enabled: true
+
+Style/DocumentDynamicEvalDefinition:
+  Enabled: false
+
+Style/EndlessMethod:
+  Enabled: true
+
+Style/HashExcept:
+  Enabled: true
+
+Style/IfWithBooleanLiteralBranches:
+  Description: >-
+    Most of the time this is a valid replacement. Although it can generate subtly different
+    rewrites that might break code:
+      2.7.2 :001 > foo = nil
+      => nil
+      2.7.2 :002 > (foo && foo['key'] == 'foo') ? true : false
+      => false
+      2.7.2 :003 > foo && foo['key'] == 'foo'
+      => nil
+  Enabled: false
+
+Style/NegatedIfElseCondition:
+  Enabled: false
+
+Style/NilLambda:
+  Enabled: true
+
+Style/RedundantArgument:
+  Enabled: false
+
+Style/SwapValues:
+  Enabled: false
+
 Layout/ModuleHashOnNewLine:
   Enabled: true
 
@@ -130,12 +226,11 @@ Style/TrailingCommaInArrayLiteral:
   Enabled: false
   Description: 'This is often a useful pattern, and is actually required by other languages. It does not hurt.'
 
-Metrics/LineLength:
+Layout/LineLength:
   Description: >-
     Metasploit modules often pattern match against very
     long strings when identifying targets.
-  Enabled: true
-  Max: 180
+  Enabled: false
 
 Metrics/BlockLength:
   Enabled: true
@@ -247,7 +342,3 @@ Style/SafeNavigation:
     This has been disabled as in some scenarios it produced invalid code, and disobeyed the 'AllowedMethods'
     configuration.
   Enabled: false
-
-Documentation:
-  Exclude:
-    - 'modules/**/*'

lib/msf/core/modules/external/shim.rb

@@ -82,7 +82,7 @@ class Msf::Modules::External::Shim
           [#{o['required']}, #{o['description'].dump}, #{o['default'].inspect}])"
       end
     end
-    options.reject! { |o| o.nil? }
+    options.compact!
     options.join(",\n          ")
   end
 

lib/msf/core/rpc/json/request.rb

@@ -55,9 +55,9 @@ module Msf::RPC::JSON
       @symbolize_names = symbolize_names
       @is_notification = is_notification
       @headers = {
-          'Accept': JSON_MEDIA_TYPE,
+          Accept: JSON_MEDIA_TYPE,
           'Content-Type': JSON_MEDIA_TYPE,
-          'Authorization': "Bearer #{@api_token}"
+          Authorization: "Bearer #{@api_token}"
       }
 
       absolute_method_name = @namespace.nil? ? method : "#{@namespace}.#{method}"

lib/rex/parser/fs/bitlocker.rb

@@ -200,8 +200,7 @@ module Rex
                                          'hash_count']
           (1..0x100000).each do |c|
             updated_hash = sha256.digest(btl_struct_raw)
-            btl_struct_raw = updated_hash + btl_struct_raw \
-                             [btl_struct.updated_hash.sizeof..(
+            btl_struct_raw = updated_hash + btl_struct_raw[btl_struct.updated_hash.sizeof..(
                              btl_struct_hash_count_offset - 1)] + [c].pack('Q')
             sha256.reset
           end

lib/rex/parser/nokogiri_doc_mixin.rb

@@ -137,7 +137,7 @@ module Parser
     # seem to be there just for debugging anyway.
     def db_report(table, data)
       raise "Data should be a hash" unless data.kind_of? Hash
-      nonempty_data = data.reject {|k,v| v.nil?}
+      nonempty_data = data.compact
       valid_attrs = db_valid_attributes(table)
       raise "Unknown table `#{table}'" if valid_attrs.empty?
       case table

modules/auxiliary/admin/aws/aws_launch_instances.rb

@@ -133,7 +133,7 @@ class MetasploitModule < Msf::Auxiliary
       sleep(15)
       doc = call_ec2(creds, 'Action' => action, 'InstanceId' => instance_id)
       doc = print_results(doc, action)
-      if doc ['instanceStatusSet'].nil?
+      if doc['instanceStatusSet'].nil?
         print_error("Error, could not get instance status, instance possibly terminated")
         break
       end

modules/auxiliary/admin/http/allegro_rompager_auth_bypass.rb

@@ -190,7 +190,7 @@ class MetasploitModule < Msf::Auxiliary
             {:name=>'ZyXEL', :model=>'P-660R-T3', :values=>[
                 [107369567, 21]
             ]},
-        :'ALL'=> # Used when `ForceAttempt` === true
+        ALL=> # Used when `ForceAttempt` === true
             {:name=>'Unknown', :model=>'Forced', :values=>[]
             },
     }
@@ -199,7 +199,7 @@ class MetasploitModule < Msf::Auxiliary
     known_devices.collect { |_, v| v[:values] }.each do |list|
       all_cookies += list
     end
-    known_devices[:'ALL'][:values] = all_cookies.uniq
+    known_devices[:ALL][:values] = all_cookies.uniq
     known_devices
   end
 
@@ -227,7 +227,7 @@ class MetasploitModule < Msf::Auxiliary
     model = check_response_fingerprint(res, Exploit::CheckCode::Detected)
     if model != Exploit::CheckCode::Detected
       devices = devices_list[model.to_sym]
-      devices = devices_list['ALL'.to_sym] if devices.nil? && datastore['ForceAttempt']
+      devices = devices_list[:ALL] if devices.nil? && datastore['ForceAttempt']
       if devices != nil
         print_good("Detected device:#{devices[:name]} #{devices[:model]}")
         devices[:values].each { |value|

modules/auxiliary/admin/http/ulterius_file_download.rb

@@ -52,7 +52,7 @@ class MetasploitModule < Msf::Auxiliary
   end
 
   def inflate_parse(data)
-    zi = Zlib::Inflate.new(window_bits =-15)
+    zi = Zlib::Inflate.new(-15)
     data_inflated = zi.inflate(data)
 
     parse_data = data_inflated[8...-1]

modules/auxiliary/dos/http/cable_haunt_websocket_dos.rb

@@ -76,16 +76,16 @@ class MetasploitModule < Msf::Auxiliary
             print_status('Sending payload')
             payload = Rex::Text.rand_text_alphanumeric(7000..8000)
             driver.send({
-              'jsonrpc': '2.0',
-              'method': 'Frontend::GetFrontendSpectrumData',
-              'params': {
-                'coreID': 0,
-                'fStartHz': payload,
-                'fStopHz': 1000000000,
-                'fftSize': 1024,
-                'gain': 1
+              jsonrpc: '2.0',
+              method: 'Frontend::GetFrontendSpectrumData',
+              params: {
+                coreID: 0,
+                fStartHz: payload,
+                fStopHz: 1000000000,
+                fftSize: 1024,
+                gain: 1
               },
-              'id': '0'
+              id: '0'
             }.to_json)
           rescue StandardError
             fail_with(Failure::Unreachable, 'Could not establish websocket connection')

modules/auxiliary/gather/chrome_debugger.rb

@@ -86,7 +86,7 @@ class MetasploitModule < Msf::Auxiliary
             'id' => id,
             'method' => 'Page.navigate',
             'params' => {
-              'url':  fetch_uri
+              url:  fetch_uri
             }
           }.to_json)
         end

modules/exploits/linux/http/cve_2019_1663_cisco_rmi_rce.rb

@@ -300,15 +300,15 @@ class MetasploitModule < Msf::Exploit::Remote
         'uri'     => '/login.cgi',
         'method'  => 'POST',
         'vars_post' => {
-              "submit_button": "login",
-              "submit_type": "",
-              "gui_action": "",
-              "wait_time": 0,
-              "change_action": "",
-              "enc": 1,
-              "user": rand_text_alpha_lower(5),
-              "pwd": buffer,
-              "sel_lang": "EN"
+              submit_button: "login",
+              submit_type: "",
+              gui_action: "",
+              wait_time: 0,
+              change_action: "",
+              enc: 1,
+              user: rand_text_alpha_lower(5),
+              pwd: buffer,
+              sel_lang: "EN"
           }
       })
     rescue ::Rex::ConnectionError

modules/exploits/multi/http/mantisbt_manage_proj_page_rce.rb

@@ -85,8 +85,8 @@ class MetasploitModule < Msf::Exploit::Remote
       'uri'       => normalize_uri(target_uri.path, 'login.php'),
       'method'    => 'POST',
       'vars_post' => {
-        'username': datastore['username'],
-        'password': datastore['password'],
+        username: datastore['username'],
+        password: datastore['password'],
       },
       'cookie'=> "PHPSESSID=#{res.get_cookies}"
     })
@@ -115,9 +115,9 @@ class MetasploitModule < Msf::Exploit::Remote
       'method'    => 'POST',
       'vars_post' => data,
       'headers' => {
-        'Connection': 'close',
-        'Cookie': cookie.to_s,
-        'Cmd': payload_b64
+        Connection: 'close',
+        Cookie: cookie.to_s,
+        Cmd: payload_b64
       }
     })
   end

modules/exploits/multi/http/solr_velocity_rce.rb

@@ -313,9 +313,9 @@ class MetasploitModule < Msf::Exploit::Remote
     # the new config in JSON format
     enable_params_resource_loader = {
       "#{verb}-queryresponsewriter": {
-        "startup": "lazy",
-        "name": "velocity",
-        "class": "solr.VelocityResponseWriter",
+        startup: "lazy",
+        name: "velocity",
+        class: "solr.VelocityResponseWriter",
         #"template.base.dir": "",
         #"solr.resource.loader.enabled": "true",
         "params.resource.loader.enabled": "true"

modules/exploits/multi/http/vbulletin_getindexablecontent.rb

@@ -169,7 +169,7 @@ class MetasploitModule < Msf::Exploit::Remote
       'method' => 'POST',
       'uri' => normalize_uri(target_uri.path, 'auth', 'ajax-login'),
       'vars_post' => {
-        'logintype': type.to_s,
+        logintype: type.to_s,
         'username' => user.to_s,
         'password' => pass.to_s,
         'securitytoken' => 'guest'

modules/exploits/multi/misc/java_jmx_server.rb

@@ -64,7 +64,7 @@ class MetasploitModule < Msf::Exploit::Remote
   def on_request_uri(cli, request)
     if @jar.nil?
       p = regenerate_payload(cli)
-      @jar = p.encoded_jar({"random":true})
+      @jar = p.encoded_jar({random:true})
       paths = [
         ["metasploit", "JMXPayloadMBean.class"],
         ["metasploit", "JMXPayload.class"],

modules/exploits/unix/dhcp/rhel_dhcp_client_command_injection.rb

@@ -33,7 +33,7 @@ class MetasploitModule < Msf::Exploit::Remote
       'References'     =>
         [
           ['CVE', '2018-1111'],
-          ['EDB': '44652'],
+          ['EDB', '44652'],
           ['URL', 'https://github.com/kkirsche/CVE-2018-1111'],
           ['URL', 'https://twitter.com/_fel1x/status/996388421273882626?lang=en'],
           ['URL', 'https://access.redhat.com/security/vulnerabilities/3442151'],

modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb

@@ -96,7 +96,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
   def change_password
     print_status("#{peer} - Attempt to change the root password...")
-    post = {"enable": true, "passwd": new_password, "userid": "root"}.to_json
+    post = {enable: true, passwd: new_password, userid: "root"}.to_json
 
     login = send_request_cgi({
       'method' => 'POST',

modules/exploits/unix/webapp/openmediavault_rpc_rce.rb

@@ -72,13 +72,13 @@ class MetasploitModule < Msf::Exploit::Remote
       'method' => 'POST',
       'ctype' => 'application/json',
       'data' => {
-        "service": 'Session',
-        "method": 'login',
-        "params": {
-          "username": user.to_s,
-          "password": pass.to_s
+        service: 'Session',
+        method: 'login',
+        params: {
+          username: user.to_s,
+          password: pass.to_s
         },
-        "options": nil
+        options: nil
       }.to_json
     })
     unless res
@@ -103,11 +103,11 @@ class MetasploitModule < Msf::Exploit::Remote
       'method' => 'POST',
       'cookie' => @cookie.to_s,
       'data' => {
-        "service": 'System',
-        "method": 'getInformation',
-        "params": nil,
-        "options": {
-          "updatelastaccess": false
+        service: 'System',
+        method: 'getInformation',
+        params: nil,
+        options: {
+          updatelastaccess: false
         }
       }.to_json
     })
@@ -137,16 +137,16 @@ class MetasploitModule < Msf::Exploit::Remote
       'method' => 'POST',
       'cookie' => @cookie.to_s,
       'data' => {
-        "service": 'LogFile',
-        "method": 'getList',
-        "params": {
-          "id": 'apt_history',
-          "start": 0,
-          "limit": 50,
-          "sortfield": "'.exec(\"#{cmd}\").'",
-          "sortdir": 'DESC'
+        service: 'LogFile',
+        method: 'getList',
+        params: {
+          id: 'apt_history',
+          start: 0,
+          limit: 50,
+          sortfield: "'.exec(\"#{cmd}\").'",
+          sortdir: 'DESC'
         },
-        "options": nil
+        options: nil
       }.to_json
     })
   rescue ::Rex::ConnectionError

modules/exploits/windows/smb/ms17_010_eternalblue.rb

@@ -321,7 +321,7 @@ class MetasploitModule < Msf::Exploit::Remote
     end
   end
 
-  '''
+  '
   #
   # Increase the default delay by five seconds since some kernel-mode
   # payloads may not run immediately.
@@ -329,7 +329,7 @@ class MetasploitModule < Msf::Exploit::Remote
   def wfs_delay
     super + 5
   end
-  '''
+  '
 
   def smb2_grooms(grooms, payload_hdr_pkt)
     grooms.times do |_groom_id|

modules/post/windows/gather/credentials/vnc.rb

@@ -74,7 +74,7 @@ class MetasploitModule < Msf::Post
 
   def run
 
-  '''
+  '
   Hash format
     :name,
     :check_file,
@@ -87,7 +87,7 @@ class MetasploitModule < Msf::Post
     :viewonly_variable,
     :viewonly_hash,
     :viewonly_pass
-  '''
+  '
 
     locations = []