# This list was intially created by analyzing the last three months (51 # modules) committed to Metasploit Framework. Many, many older modules # will have offenses, but this should at least provide a baseline for # new modules. # # Updates to this file should include a 'Description' parameter for any # explaination needed. # inherit_from: .rubocop_todo.yml AllCops: TargetRubyVersion: 2.4 Metrics/ClassLength: Description: 'Most Metasploit modules are quite large. This is ok.' Enabled: true Exclude: - 'modules/**/*' Style/ClassAndModuleChildren: Enabled: false Description: 'Forced nesting is harmful for grepping and general code comprehension' Metrics/AbcSize: Enabled: false Description: 'This is often a red-herring' Metrics/CyclomaticComplexity: Enabled: false Description: 'This is often a red-herring' Metrics/PerceivedComplexity: Enabled: false Description: 'This is often a red-herring' Style/TernaryParentheses: Enabled: false Description: 'This outright produces bugs' Style/FrozenStringLiteralComment: Enabled: false Description: 'We cannot support this yet without a lot of things breaking' Style/RedundantReturn: Description: 'This often looks weird when mixed with actual returns, and hurts nothing' Enabled: false Style/NumericPredicate: Description: 'This adds no efficiency nor space saving' Enabled: false Style/Documentation: Enabled: true Description: 'Most Metasploit modules do not have class documentation.' Exclude: - 'modules/**/*' Layout/IndentHeredoc: Enabled: false Description: 'We need to leave this disabled for Ruby 2.2 compat, remove in 2018' Style/GuardClause: Enabled: false Description: 'This often introduces bugs in tested code' Style/NegatedIf: Enabled: false Description: 'This often introduces bugs in tested code' Style/ConditionalAssignment: Enabled: false Description: 'This is confusing for folks coming from other languages' Style/Encoding: Enabled: true Description: 'We prefer binary to UTF-8.' EnforcedStyle: 'when_needed' Metrics/LineLength: Description: >- Metasploit modules often pattern match against very long strings when identifying targets. Enabled: true Max: 180 Metrics/MethodLength: Enabled: true Description: >- While the style guide suggests 10 lines, exploit definitions often exceed 200 lines. Max: 300 # Basically everything in metasploit needs binary encoding, not UTF-8. # Disable this here and enforce it through msftidy Style/Encoding: Enabled: false # %q() is super useful for long strings split over multiple lines and # is very common in module constructors for things like descriptions Style/UnneededPercentQ: Enabled: false Style/NumericLiterals: Enabled: false Description: 'This often hurts readability for exploit-ish code.' Layout/AlignParameters: Enabled: true EnforcedStyle: 'with_fixed_indentation' Description: 'initialize method of every module has fixed indentation for Name, Description, etc' Style/StringLiterals: Enabled: false Description: 'Single vs double quote fights are largely unproductive.' Style/WordArray: Enabled: false Description: 'Metasploit prefers consistent use of []' Style/IfUnlessModifier: Enabled: false Description: 'This style might save a couple of lines, but often makes code less clear' Style/RedundantBegin: Exclude: # this pattern is very common and somewhat unavoidable # def run_host(ip) # begin # ... # rescue ... # ... # ensure # disconnect # end # end - 'modules/**/*' Documentation: Exclude: - 'modules/**/*'