# This list was intially created by analyzing the last three months (51 # modules) committed to Metasploit Framework. Many, many older modules # will have offenses, but this should at least provide a baseline for # new modules. # # Updates to this file should include a 'Description' parameter for any # explaination needed. # inherit_from: .rubocop_todo.yml AllCops: TargetRubyVersion: 2.4 Metrics/ClassLength: Description: 'Most Metasploit modules are quite large. This is ok.' Enabled: true Exclude: - 'modules/**/*' Style/ClassAndModuleChildren: Enabled: false Description: 'Forced nesting is harmful for grepping and general code comprehension' Metrics/AbcSize: Enabled: false Description: 'This is often a red-herring' Metrics/CyclomaticComplexity: Enabled: false Description: 'This is often a red-herring' Metrics/PerceivedComplexity: Enabled: false Description: 'This is often a red-herring' Style/TernaryParentheses: Enabled: false Description: 'This outright produces bugs' Style/FrozenStringLiteralComment: Enabled: false Description: 'We cannot support this yet without a lot of things breaking' Style/RedundantReturn: Description: 'This often looks weird when mixed with actual returns, and hurts nothing' Enabled: false Naming/VariableNumber: Description: 'To make it easier to use reference code, disable this cop' Enabled: false Style/NumericPredicate: Description: 'This adds no efficiency nor space saving' Enabled: false Style/Documentation: Enabled: true Description: 'Most Metasploit modules do not have class documentation.' Exclude: - 'modules/**/*' Layout/SpaceInsideArrayLiteralBrackets: Enabled: false Description: 'Almost all module metadata have space in brackets' Style/GuardClause: Enabled: false Description: 'This often introduces bugs in tested code' Style/EmptyLiteral: Enabled: false Description: 'This looks awkward when you mix empty and non-empty literals' Style/NegatedIf: Enabled: false Description: 'This often introduces bugs in tested code' Style/ConditionalAssignment: Enabled: false Description: 'This is confusing for folks coming from other languages' Style/Encoding: Description: 'We prefer binary to UTF-8.' Enabled: false Style/ParenthesesAroundCondition: Enabled: false Description: 'This is used in too many places to discount, especially in ported code. Has little effect' Style/TrailingCommaInArrayLiteral: Enabled: false Description: 'This is often a useful pattern, and is actually required by other languages. It does not hurt.' Metrics/LineLength: Description: >- Metasploit modules often pattern match against very long strings when identifying targets. Enabled: true Max: 180 Metrics/BlockLength: Enabled: true Description: >- While the style guide suggests 10 lines, exploit definitions often exceed 200 lines. Max: 300 Metrics/MethodLength: Enabled: true Description: >- While the style guide suggests 10 lines, exploit definitions often exceed 200 lines. Max: 300 Naming/UncommunicativeMethodParamName: Enabled: true Description: 'Whoever made this requirement never looked at crypto methods, IV' MinNameLength: 2 # %q() is super useful for long strings split over multiple lines and # is very common in module constructors for things like descriptions Style/UnneededPercentQ: Enabled: false Style/NumericLiterals: Enabled: false Description: 'This often hurts readability for exploit-ish code.' Layout/AlignHash: Enabled: false Description: 'aligning info hashes to match these rules is almost impossible to get right' Layout/EmptyLines: Enabled: false Description: 'these are used to increase readability' Layout/EmptyLinesAroundClassBody: Enabled: false Description: 'these are used to increase readability' Layout/EmptyLinesAroundMethodBody: Enabled: false Description: 'these are used to increase readability' Layout/AlignParameters: Enabled: true EnforcedStyle: 'with_fixed_indentation' Description: 'initialize method of every module has fixed indentation for Name, Description, etc' Style/For: Enabled: false Description: 'if a module is written with a for loop, it cannot always be logically replaced with each' Style/StringLiterals: Enabled: false Description: 'Single vs double quote fights are largely unproductive.' Style/WordArray: Enabled: false Description: 'Metasploit prefers consistent use of []' Style/IfUnlessModifier: Enabled: false Description: 'This style might save a couple of lines, but often makes code less clear' Style/RedundantBegin: Exclude: # this pattern is very common and somewhat unavoidable # def run_host(ip) # begin # ... # rescue ... # ... # ensure # disconnect # end # end - 'modules/**/*' Documentation: Exclude: - 'modules/**/*'