adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

77 Commits

Author SHA1 Message Date
h00die a7c547542f fix spelling in tools folder 2024-01-07 13:28:13 -05:00
Brendan Coles b8be080615 msftidy: Prefer CVE references over cve.mitre.org URL references 2022-04-19 20:35:21 +00:00
Spencer McIntyre 639bf9ffb0 Only warn about missing CVEs in exploit modules 2021-11-04 07:18:27 -04:00
bwatters 1624e2c024 Fix bug where refs are not checked if the notes section is before refs 2021-10-05 14:44:40 -05:00
Alan Foster b06c5c12aa Rubocop recently landed modules continued 2021-02-25 14:13:40 +00:00
Alan Foster 260527076c Require rubocop for new modules 2021-02-23 23:05:48 +00:00
Brendan Coles f4c37bd446 msftidy: Add info check for exploit module notes 2021-02-15 11:01:01 +00:00
Brendan Coles a1c316c679 msftidy: Fix exploit module checks for author and stack buffer overflow 2021-02-13 04:10:13 +00:00
firefart 1af4aaeb91 update WPVDB link type 2021-02-06 12:20:03 +01:00
Brendan Coles b5d746cc44 msftidy: Add check for module description 2021-01-22 23:29:16 +00:00
Tim W b4b2ae44c1 add heredoc awareness to msftidy 2020-11-17 18:06:17 +08:00
Josh 68c9cfb593 ZDI Public numbers should be limited to 4 digits 
to avoid false negatives per the discussion at #13311
 2020-04-28 18:48:10 -05:00
William Vu 21653f09c2 Fix bad regex in ZDI reference check for msftidy 2020-04-23 00:47:52 -05:00
Josh 2c80859564 ZDI Public Numbers can be 4 digits, ZDI-19-1045 
Also, technically, ZDI Public Numbers will always have a min of 3 digits.
The number is essentially `"num_as_string".ljust(3, '0')`, so this should be {3,4}
or {3,5} if they ever get that high ;) I could find no ZDI- references or similar that
only had 2 digits in the last number part

references:
https://www.zerodayinitiative.com/advisories/ZDI-19-1045/
https://www.zerodayinitiative.com/advisories/ZDI-05-001/
 2020-04-22 14:46:21 -05:00
Brendan Coles ddf9cf71ab Add check_executable check to msftidy 2019-11-30 07:25:27 +00:00
Brent Cook 0308f80c0e fix Failure scoping (needed for libraries) 2019-04-08 09:57:22 -05:00
William Vu c1758037b9 Include only common module types in Authors check 2019-03-29 10:44:22 -05:00
Pearce Barry 20f868c15c Complain loudly if module has no 'Author' metadata. 2019-03-26 13:27:57 -05:00
Brent Cook 8cc3070cc8 don't require whitespace 2019-02-25 11:24:30 -06:00
Jacob Robles c09c15649f SideEffects Stability Reliability check 2019-02-21 12:38:26 -06:00
Brent Cook 46d7ab9795 don't refer to non-existent idx 2019-02-07 00:42:28 -06:00
Brendan Coles d38e12c124 Add URL scheme and Base64.encode64 checks to msftdiy 2019-02-04 21:16:01 +00:00
William Vu 2b231d33e5 Add comment clarifying why we need the day for ISO 2018-11-16 13:25:01 -06:00
William Vu 2302acaab7 Accept ISO 8601 DisclosureDate with compatibility 
Zalgo.
 2018-11-16 12:03:01 -06:00
William Vu f25d7dbaa8 Revert Date.parse check for DisclosureDate 
An approximation of https://en.wikipedia.org/wiki/Robustness_principle.
 2018-11-16 11:48:44 -06:00
William Vu d65ba41e31 Use non-greedy regex against DisclosureDate 
Zalgo. He comes.

wvu@kharak:~/metasploit-framework:bug/msftidy$ tools/dev/msftidy.rb modules/exploits/unix/webapp/jquery_file_upload.rb
"Oct 9 2018', # Larry"
wvu@kharak:~/metasploit-framework:bug/msftidy$
 2018-11-16 11:40:12 -06:00
William Vu 3dd47b34b0 Rework DisclosureDate check to match core code 
Framework core uses Date.parse, so many date formats are valid.

There is no reason we shouldn't be using ISO 8601 dates.
 2018-11-16 11:05:47 -06:00
William Vu a30403dbfe Improve DisclosureDate regex 2018-11-16 03:46:51 -06:00
William Vu 02bb2d45d3 Make day in DisclosureDate optional for msftidy 
Defaults to the first day of the month.
 2018-11-16 03:00:39 -06:00
William Vu 0b8926715e Reactively check for invalid module names 2018-10-10 14:33:59 -05:00
Wei Chen b012fa1275 Update msftidy 2018-10-06 15:59:05 -05:00
William Vu 2186322134 Stop being an idiot about the regex and rewrite it 
There was no reason to shoehorn in zero-length assertions.
 2018-10-05 13:50:19 -05:00
William Vu 05ac3875bc Improve check_snake_case_filename check in msftidy 
We also remove the separator, since the file is basenamed.
 2018-10-05 11:55:17 -05:00
Erin Bleiweiss e753eddb6b Ignore 'No CVE' warning if NOCVE reason was provided in notes 2018-08-31 16:53:44 -05:00
Christian Mehlmauer 69d321000e check double quotes 2018-08-29 06:49:37 +02:00
Christian Mehlmauer 31d4d4f5ff expand check 2018-08-29 06:42:01 +02:00
Christian Mehlmauer 7431ae401b fix more errors 2018-08-28 13:49:31 +02:00
Christian Mehlmauer a66556b436 fix msftidy errors 2018-08-28 13:12:43 +02:00
Christian Mehlmauer 1381e1f3e0 also check https 2018-08-27 21:44:42 +02:00
Brendan Coles 9725e90ba7 Fix msftdiy EDB link check 2018-08-26 04:18:38 +00:00
William Vu 0b0a9bfd32 Remove check_sock_get from run_checks 2018-07-18 09:47:17 -05:00
William Vu b78a0878b8 Upgrade info checks to warning 
Also nix get vs. get_once check, since it's inconsistent in practice.
 2018-07-18 00:05:48 -05:00
William Vu ae9677c1c2 Rework msftidy retvals 
INFO should not be an error. Also prevent retval overflow.
 2018-07-17 18:11:16 -05:00
William Vu d355f51969 Switch warn to info 
Nothing to warn about, just something to note and check.
 2018-07-13 14:55:17 -05:00
William Vu b8bdceccb8 Add missing CVE check to msftidy 2018-07-13 14:19:00 -05:00
Brent Cook 226ef160ff Land #9748, Convert the smbloris DoS into an external module 
Help reliability and performance. This some Ruby-specific external module
tooling as a result as well.
 2018-04-02 23:25:10 -05:00
Adam Cammack 71149e9c68 Remove executable Ruby files from classic loading 2018-03-23 14:49:06 -05:00
g0tmi1k 8463ed99b0 Add standardised header comments 2018-03-20 11:33:34 +00:00
Brent Cook 6aebc1fdbd remove more checks 2018-01-22 16:40:30 -06:00
Brent Cook 387f78c6a3 allow UTF-8 module names and authors 2018-01-12 01:51:05 -05:00