2014-04-18 10:01:54 -05:00
# Hello, World!
2012-11-06 20:18:58 -06:00
2014-03-03 14:39:40 -06:00
Thanks for your interest in making Metasploit -- and therefore, the
2014-04-18 10:01:54 -05:00
world -- a better place!
Are you about to report a bug? If so, please use our [Redmine Bug
Tracker ](https://dev.metasploit.com/redmine/projects/framework ). An
account is required but it only takes a minute or two.
Are you about to report a security vulnerability in Metasploit?
If so, please take a look at Rapid's [Vulnerability
Disclosure Policy ](https://www.rapid7.com/disclosure.jsp ) policy.
Are you about to contribute some new functionality, a bug fix, or a new
Metasploit module? If so, read on...
# Contributing to Metasploit
What you see here in CONTRIBUTING.md is a bullet-point list of the do's
and don'ts of how to make sure * your * valuable contributions actually
make it into Metasploit's master branch.
2014-02-24 11:57:38 -06:00
2014-03-03 14:39:40 -06:00
If you care not to follow these rules, your contribution **will ** be
closed (*Road House* style). Sorry!
2014-02-24 11:57:38 -06:00
2014-04-18 10:01:54 -05:00
This is intended to be a **short ** list. The
2014-03-03 14:39:40 -06:00
[wiki ](https://github.com/rapid7/metasploit-framework/wiki ) is much more
2014-03-04 14:06:34 -06:00
exhaustive and reveals many mysteries. If you read nothing else, take a
look at the standard [development environment setup
guide ](https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment )
and Metasploit's [Common Coding Mistakes ](https://github.com/rapid7/metasploit-framework/wiki/Common-Metasploit-Module-Coding-Mistakes ).
2014-02-24 11:57:38 -06:00
## Code Contributions
2014-03-04 02:42:13 -06:00
* **Do** stick to the [Ruby style guide ](https://github.com/bbatsov/ruby-style-guide ).
2014-03-04 12:46:42 -06:00
* **Do** follow the [50/72 rule ](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html ) for Git commit messages.
2014-03-04 13:05:50 -06:00
* **Do** create a [topic branch ](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches ) to work on instead of working directly on `master` .
2014-02-24 11:57:38 -06:00
### Pull Requests
2014-04-05 22:21:44 -05:00
* **Do** target your pull request to the **master branch ** . Not staging, not develop, not release.
2014-03-04 12:44:12 -06:00
* **Do** specify a descriptive title to make searching for your pull request easier.
2014-03-03 14:39:40 -06:00
* **Do** include [console output ](https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks ), especially for witnessable effects in `msfconsole` .
* **Do** list [verification steps ](https://help.github.com/articles/writing-on-github#task-lists ) so your code is testable.
* **Don't** leave your pull request description blank.
* **Don't** abandon your pull request. Being responsive helps us land your code faster.
2014-02-24 11:57:38 -06:00
2014-03-04 12:19:34 -06:00
Pull requests [#2940 ](https://github.com/rapid7/metasploit-framework/pull/2940 ) and [#3043 ](https://github.com/rapid7/metasploit-framework/pull/3043 ) are a couple good examples to follow.
2014-03-04 02:38:47 -06:00
2014-02-24 11:57:38 -06:00
#### New Modules
2014-03-03 14:39:40 -06:00
* **Do** run `tools/msftidy.rb` against your module and fix any errors or warnings that come up. Even better would be to set up `msftidy.rb` as a [pre-commit hook ](https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb ).
2014-06-02 22:37:20 +02:00
* **Do** use the [many module mixin APIs ](https://dev.metasploit.com/api/ ). Wheel improvements are welcome; wheel reinventions, not so much.
2014-03-03 14:39:40 -06:00
* **Don't** include more than one module per pull request.
2014-02-24 11:57:38 -06:00
#### Library Code
2014-03-03 14:39:40 -06:00
* **Do** write [RSpec ](http://rspec.info/ ) tests - even the smallest change in library land can thoroughly screw things up.
* **Do** follow [Better Specs ](http://betterspecs.org/ ) - it's like the style guide for specs.
* **Do** write [YARD ](http://yardoc.org/ ) documentation - this makes it easier for people to use your code.
2014-04-05 22:21:44 -05:00
* **Don't** fix a lot of things in one pull request. Small fixes are easier to validate.
2014-02-24 11:57:38 -06:00
#### Bug Fixes
2014-03-03 14:39:40 -06:00
* **Do** include reproduction steps in the form of verification steps.
* **Do** include a link to the corresponding [Redmine ](https://dev.metasploit.com/redmine/projects/framework ) issue in the format of `SeeRM #1234` in your commit description.
2014-02-24 11:57:38 -06:00
## Bug Reports
2014-04-18 10:01:54 -05:00
* **Do** report vulnerabilities in Rapid7 software directly to security@rapid7 .com.
* **Do** create a Redmine account and report your non-vulnerability bugs there.
2014-03-04 13:16:55 -06:00
* **Do** write a detailed description of your bug and use a descriptive title.
2014-03-03 14:39:40 -06:00
* **Do** include reproduction steps, stack traces, and anything else that might help us verify and fix your bug.
* **Don't** file duplicate reports - search for your bug before filing a new report.
* **Don't** report a bug on GitHub. Use [Redmine ](https://dev.metasploit.com/redmine/projects/framework ) instead.
2014-03-04 12:22:14 -06:00
Redmine issues [#8762 ](https://dev.metasploit.com/redmine/issues/8762 ) and [#8764 ](https://dev.metasploit.com/redmine/issues/8764 ) are a couple good examples to follow.
2014-03-04 12:19:34 -06:00
2014-03-03 14:39:40 -06:00
If you need some more guidance, talk to the main body of open
source contributors over on the [Freenode IRC channel ](http://webchat.freenode.net/?channels=%23metasploit&uio=d4 )
or e-mail us at [metasploit-hackers ](https://lists.sourceforge.net/lists/listinfo/metasploit-hackers )
mailing list.
2014-02-24 11:57:38 -06:00
2014-03-03 14:39:40 -06:00
Also, **thank you ** for taking the few moments to read this far! You're
already way ahead of the curve, so keep it up!
