# This list was intially created by analyzing the last three months (51 # modules) committed to Metasploit Framework. Many, many older modules # will have offenses, but this should at least provide a baseline for # new modules. # # Updates to this file should include a 'Description' parameter for any # explaination needed. # inherit_from: .rubocop_todo.yml AllCops: TargetRubyVersion: 2.4 require: - ./lib/rubocop/cop/layout/module_hash_on_new_line.rb - ./lib/rubocop/cop/layout/module_description_indentation.rb Layout/ModuleHashOnNewLine: Enabled: true Layout/ModuleDescriptionIndentation: Enabled: true Metrics/ClassLength: Description: 'Most Metasploit modules are quite large. This is ok.' Enabled: true Exclude: - 'modules/**/*' Style/ClassAndModuleChildren: Enabled: false Description: 'Forced nesting is harmful for grepping and general code comprehension' Metrics/AbcSize: Enabled: false Description: 'This is often a red-herring' Metrics/CyclomaticComplexity: Enabled: false Description: 'This is often a red-herring' Metrics/PerceivedComplexity: Enabled: false Description: 'This is often a red-herring' Style/TernaryParentheses: Enabled: false Description: 'This outright produces bugs' Style/FrozenStringLiteralComment: Enabled: false Description: 'We cannot support this yet without a lot of things breaking' Style/RedundantReturn: Description: 'This often looks weird when mixed with actual returns, and hurts nothing' Enabled: false Naming/VariableNumber: Description: 'To make it easier to use reference code, disable this cop' Enabled: false Style/NumericPredicate: Description: 'This adds no efficiency nor space saving' Enabled: false Style/Documentation: Enabled: true Description: 'Most Metasploit modules do not have class documentation.' Exclude: - 'modules/**/*' Layout/FirstArgumentIndentation: Enabled: true EnforcedStyle: consistent Description: 'Useful for the module hash to be indented consistently' Layout/ArgumentAlignment: Enabled: true EnforcedStyle: with_first_argument Description: 'Useful for the module hash to be indented consistently' Layout/FirstHashElementIndentation: Enabled: true EnforcedStyle: consistent Description: 'Useful for the module hash to be indented consistently' Layout/FirstHashElementLineBreak: Enabled: true Description: 'Enforce consistency by breaking hash elements on to new lines' Layout/SpaceInsideArrayLiteralBrackets: Enabled: false Description: 'Almost all module metadata have space in brackets' Style/GuardClause: Enabled: false Description: 'This often introduces bugs in tested code' Style/EmptyLiteral: Enabled: false Description: 'This looks awkward when you mix empty and non-empty literals' Style/NegatedIf: Enabled: false Description: 'This often introduces bugs in tested code' Style/ConditionalAssignment: Enabled: false Description: 'This is confusing for folks coming from other languages' Style/Encoding: Description: 'We prefer binary to UTF-8.' Enabled: false Style/ParenthesesAroundCondition: Enabled: false Description: 'This is used in too many places to discount, especially in ported code. Has little effect' Style/TrailingCommaInArrayLiteral: Enabled: false Description: 'This is often a useful pattern, and is actually required by other languages. It does not hurt.' Metrics/LineLength: Description: >- Metasploit modules often pattern match against very long strings when identifying targets. Enabled: true Max: 180 Metrics/BlockLength: Enabled: true Description: >- While the style guide suggests 10 lines, exploit definitions often exceed 200 lines. Max: 300 Metrics/MethodLength: Enabled: true Description: >- While the style guide suggests 10 lines, exploit definitions often exceed 200 lines. Max: 300 Naming/MethodParameterName: Enabled: true Description: 'Whoever made this requirement never looked at crypto methods, IV' MinNameLength: 2 # %q() is super useful for long strings split over multiple lines and # is very common in module constructors for things like descriptions Style/RedundantPercentQ: Enabled: false Style/NumericLiterals: Enabled: false Description: 'This often hurts readability for exploit-ish code.' Layout/FirstArrayElementLineBreak: Enabled: true Description: 'This cop checks for a line break before the first element in a multi-line array.' Layout/FirstArrayElementIndentation: Enabled: true EnforcedStyle: consistent Description: 'Useful to force values within the register_options array to have sane indentation' Layout/EmptyLinesAroundClassBody: Enabled: false Description: 'these are used to increase readability' Layout/EmptyLinesAroundMethodBody: Enabled: false Description: 'these are used to increase readability' Layout/ExtraSpacing: Description: 'Do not use unnecessary spacing.' Enabled: true # When true, allows most uses of extra spacing if the intent is to align # things with the previous or next line, not counting empty lines or comment # lines. AllowForAlignment: false # When true, allows things like 'obj.meth(arg) # comment', # rather than insisting on 'obj.meth(arg) # comment'. # If done for alignment, either this OR AllowForAlignment will allow it. AllowBeforeTrailingComments: false # When true, forces the alignment of `=` in assignments on consecutive lines. ForceEqualSignAlignment: false Style/For: Enabled: false Description: 'if a module is written with a for loop, it cannot always be logically replaced with each' Style/WordArray: Enabled: false Description: 'Metasploit prefers consistent use of []' Style/IfUnlessModifier: Enabled: false Description: 'This style might save a couple of lines, but often makes code less clear' Style/PercentLiteralDelimiters: Description: 'Use `%`-literal delimiters consistently.' Enabled: true # Specify the default preferred delimiter for all types with the 'default' key # Override individual delimiters (even with default specified) by specifying # an individual key PreferredDelimiters: default: () '%i': '[]' '%I': '[]' '%r': '{}' '%w': '[]' '%W': '[]' '%q': '{}' # Chosen for module descriptions as () are frequently used characters, whilst {} are rarely used VersionChanged: '0.48.1' Style/RedundantBegin: Exclude: # this pattern is very common and somewhat unavoidable # def run_host(ip) # begin # ... # rescue ... # ... # ensure # disconnect # end # end - 'modules/**/*' Style/SafeNavigation: Description: >- This cop transforms usages of a method call safeguarded by a check for the existence of the object to safe navigation (`&.`). This has been disabled as in some scenarios it produced invalid code, and disobeyed the 'AllowedMethods' configuration. Enabled: false Documentation: Exclude: - 'modules/**/*'