Commit Graph

358 Commits (2dedaee9ca28cfc856063430daf5b0cd745fa15d)

Author SHA1 Message Date
Tod Beardsley 1d6524b4d9
Revert #4593, msftidy extraneous comma check
Fixes #4626 by ignoring the problem identified.

This reverts commit 7c3378b2e6, reversing
changes made to cb0257bec7.
2015-01-22 14:28:27 -06:00
William Vu cf7555447c
Land #4621, msftidy whitelist constant
Now I'm happy... almost.
2015-01-21 14:03:39 -06:00
William Vu bbe9fc208e
Update formatting (80 columns)
Piped to fmt -78 to account for the indent.
2015-01-21 14:01:44 -06:00
Tod Beardsley 264adf14d1
Add 'tnftp' software to the title whitelist 2015-01-21 11:52:39 -06:00
Tod Beardsley efebaae251
Make the title whitelist a constant 2015-01-21 11:50:50 -06:00
William Vu 7c3378b2e6
Land #4593, msftidy extraneous comma check 2015-01-18 00:46:39 -06:00
Christian Mehlmauer 596e956660
some changed 2015-01-16 17:53:06 +01:00
Christian Mehlmauer 3237dd8591
add comma check to msftidy 2015-01-16 00:13:55 +01:00
Christian Mehlmauer 56c1f74d70
modify msftidy regex 2015-01-09 22:07:21 +01:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
HD Moore 00590f9f26
Adds Java serialization support, lands #4327 2014-12-13 17:47:53 -06:00
Jon Hart 9bf55ef8f4
Minor improvements to datastore and http// checks in msftidy 2014-12-11 18:36:42 -08:00
Christian Mehlmauer be1440bcb9
more msftidy checks 2014-12-11 23:10:07 +01:00
jvazquez-r7 564da4446e Add print friendly to_s 2014-12-07 17:52:09 -06:00
jvazquez-r7 ff99669cfa Explain better error 2014-12-05 20:30:22 -06:00
jvazquez-r7 b80f6c34c0 Add tool to deserialize streams from files 2014-12-04 12:47:02 -06:00
Spencer McIntyre eefeb452b1 Fix two typos for payload specs 2014-11-18 08:50:06 -05:00
sinn3r 8da6e0bd5b Fix bugs 2014-11-05 15:26:00 -06:00
sinn3r 5b8d9e1221 Fix typo 2014-11-05 15:14:35 -06:00
sinn3r 98f5ebd475 Only show bad refs when using -c 2014-11-05 15:07:40 -06:00
sinn3r 3310342a95 Add save-as feature
The tool produces A LOT OF results so it's really painful to manually
copy and paste and to be able to use the data. So it should automatically
save.

Tagging the issue here because I forgot to do it:
Fix #4039
2014-11-05 10:58:41 -06:00
sinn3r f34ad57199 Check module references 2014-11-05 09:57:13 -06:00
Luke Imhoff c84febea5f
tools/missing-payload-tests.rb
MSP-11145

**NOTE: Failing specs**

Add a tool for reading `log/untested-payload.log` and
`framework.payloads` to determine `context`s to add
`spec/modules/payloads_spec.rb` to test the untested payloads.
2014-10-27 13:03:31 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Luke Imhoff b863978028
Remove fastlib
MSP-11368
MSP-11143

Remove fastlib as it slows down the code loading process.  From the
previous commit, the mean loading for
`METASPLOIT_FRAMEWORK_PROFILE=true msfconsole -q -x exit` was
27.9530±0.3485 seconds (N=10).  The mean after removal of fastlib
was 17.9820±0.6497 seconds (N=10).  This means an average 35.67%
reduction in boot time.
2014-09-18 15:24:21 -05:00
William Vu 48e098b172
Remove WVE references from msftidy 2014-09-05 19:28:27 -05:00
Tod Beardsley c045c9606c
Fix typo in PR #3712
Fixes the typo pointed out in
rapid7#3712#discussion_r16750554

Derp
2014-08-26 20:36:28 -05:00
Josh 073c668cd8 Merge pull request #12 from todb-r7/commit-hooks-should-only-check-modules
Land 12 from todb, only pre-commit-hook on actual modules
2014-08-26 16:47:23 -05:00
Tod Beardsley dbdb4afb8c
Add a top anchor to the file match regex. 2014-08-26 16:19:29 -05:00
Joshua Smith 622e8a7714 adds better exploit module detection to msftidy 2014-08-26 15:30:08 -05:00
Jon Hart bfa89bb3a5 Enforce binary encoding on non-modules, no encoding on modules 2014-08-25 13:12:29 -07:00
Tod Beardsley 47cb906408
Remove rubocop and msftidy touchpoints
Rubocop replaces the default YAML library which makes development
testing difficult. It does not cause problems on Travis, but according
to reports, it does cause instability with many individual dev
environments.

While I would love to have a more solid source of this bug report, right
now this was an oral report from @shuckins-r7 (who I tend to believe a
lot).
2014-08-12 10:37:58 -05:00
Tod Beardsley ffafd4c01f
Add NTP fuzzer from @jhart-r7
Looks good to me!
2014-07-21 12:38:12 -05:00
Jon Hart 17b0560dff Add rubygems check to msftidy. remove rubygems. 2014-07-17 09:29:13 -07:00
William Vu a07656fec6
Land #3536, msftidy INFO messages aren't blockers 2014-07-16 17:57:48 -05:00
Tod Beardsley 58558e8dfa
Allow INFO msftidy messages
INFO level messages should not block commits or be complained about on
merges. They should merely inform the user.
2014-07-16 15:29:23 -05:00
William Vu ff6c8bd5de
Land #3479, broken sock.get fix 2014-07-16 14:57:32 -05:00
Tod Beardsley 68980157c8
Just skip if info is suppressed. 2014-07-16 11:20:40 -05:00
Tod Beardsley 81a98081d9
Rubocop checks are optional and info only
I like the change but it means that basically everything will fail
forever until we tweak up the config.
2014-07-16 10:26:35 -05:00
Jon Hart ab73c16d0d Add Rubocop to msftidy. You now have 15 seconds to comply. You are in direct violation of Penal Code 1.13, Section 9. 2014-07-15 17:11:04 -07:00
William Vu 4904426164
Fix @source and prefer && 2014-07-14 14:36:08 -05:00
HD Moore 6e8415143c Fix msftidy and tweak a few modules missing timeouts 2014-06-30 00:46:28 -05:00
HD Moore a279db7710 Check for sock.get / udp_sock.get issues 2014-06-30 00:40:06 -05:00
William Vu 56c71c7b85
Land #3457, newline check for msftidy 2014-06-17 14:20:53 -05:00
Christian Mehlmauer 3c00388f87
Add check for newline at end of file 2014-06-17 15:44:43 +02:00
William Vu 7f2b173130
Fix misspelled constant in msftidy 2014-06-12 13:47:44 -05:00
William Vu 3a9f7fb7f9
Land #3405, improved Nokogiri check for msftidy 2014-05-29 16:21:26 -05:00
William Vu 17fb48eaa3
Refactor check_nokogiri in msftidy 2014-05-29 13:20:23 -05:00
Tod Beardsley 2ce6f325f5
Be more specific with Nokogiri check
There are still strong reservations about using Nokogiri to parse
untrusted XML data.

http://www.wireharbor.com/hidden-security-risks-of-xml-parsing-xxe-attack/

It is also believed that many desktop operating systems are still
shipping out-of-date and vulnerable libxml2 libraries, which become
exposed via Nokogiri. For example:

http://stackoverflow.com/questions/18627075/nokogiri-1-6-0-still-pulls-in-wrong-version-of-libxml-on-os-x

While this isn't a problem for binary builds of Metasploit (Metasploit
Community, Express, or Pro) it can be a problem for development
versions or Kali's / Backtrack's version.

So, the compromise here is to allow for modules that don't directly
expose XML parsing. I can't say for sure that the various libxml2
vulnerabilities (current and future) aren't also exposed via
`Nokogiri::HTML` but I also can't come up with a reasonable demo.

Metasploit committers should still look at any module that relies on
Nokogiri very carefully, and suggest alternatives if there are any. But,
it's sometimes going to be required for complex HTML parsing.

tl;dr: Use REXML for XML parsing, and Nokogiri for HTML parsing if you
absolutely must.
2014-05-29 11:52:17 -05:00
Tod Beardsley d9fbf861d2
Add an environment option to suppress info msgs
It's often you want counts of just WARN and ERROR messages, and don't
want to spam yourself with INFO messages that you don't intend to
address anyway. This is most often the case with CI, such as with

https://travis-ci.org/todb-r7/metasploit-framework
2014-05-21 16:20:57 -05:00