f41eda1128
Add GHSA and OSV reference type support
...
Add support for GHSA (GitHub Security Advisories) and OSV (Open Source
Vulnerabilities) as structured reference types in Metasploit modules.
Convert 49 hardcoded GHSA URLs to structured ['GHSA', 'GHSA-xxxx'] format
across existing modules, and add support for repository-specific GHSA
references with an optional third parameter ['GHSA', 'GHSA-xxxx', 'repo'].
Update reference validation, module validator, and info_fixups to handle
the new reference types correctly.
2026-02-09 15:17:23 +01:00
d727302de6
Pass all the files to msftidy to speed things up
2025-10-07 13:59:13 -04:00
ed5c959fab
Update msftidy logging for older modules
2024-07-24 16:45:43 +01:00
a7c547542f
fix spelling in tools folder
2024-01-07 13:28:13 -05:00
b8be080615
msftidy: Prefer CVE references over cve.mitre.org URL references
2022-04-19 20:35:21 +00:00
639bf9ffb0
Only warn about missing CVEs in exploit modules
2021-11-04 07:18:27 -04:00
1624e2c024
Fix bug where refs are not checked if the notes section is before refs
2021-10-05 14:44:40 -05:00
b06c5c12aa
Rubocop recently landed modules continued
2021-02-25 14:13:40 +00:00
260527076c
Require rubocop for new modules
2021-02-23 23:05:48 +00:00
f4c37bd446
msftidy: Add info check for exploit module notes
2021-02-15 11:01:01 +00:00
a1c316c679
msftidy: Fix exploit module checks for author and stack buffer overflow
2021-02-13 04:10:13 +00:00
1af4aaeb91
update WPVDB link type
2021-02-06 12:20:03 +01:00
b5d746cc44
msftidy: Add check for module description
2021-01-22 23:29:16 +00:00
b4b2ae44c1
add heredoc awareness to msftidy
2020-11-17 18:06:17 +08:00
68c9cfb593
ZDI Public numbers should be limited to 4 digits
...
to avoid false negatives per the discussion at #13311
2020-04-28 18:48:10 -05:00
21653f09c2
Fix bad regex in ZDI reference check for msftidy
2020-04-23 00:47:52 -05:00
2c80859564
ZDI Public Numbers can be 4 digits, ZDI-19-1045
...
Also, technically, ZDI Public Numbers will always have a min of 3 digits.
The number is essentially `"num_as_string".ljust(3, '0')`, so this should be {3,4}
or {3,5} if they ever get that high ;) I could find no ZDI- references or similar that
only had 2 digits in the last number part
references:
https://www.zerodayinitiative.com/advisories/ZDI-19-1045/
https://www.zerodayinitiative.com/advisories/ZDI-05-001/
2020-04-22 14:46:21 -05:00
ddf9cf71ab
Add check_executable check to msftidy
2019-11-30 07:25:27 +00:00
0308f80c0e
fix Failure scoping (needed for libraries)
2019-04-08 09:57:22 -05:00
c1758037b9
Include only common module types in Authors check
2019-03-29 10:44:22 -05:00
20f868c15c
Complain loudly if module has no 'Author' metadata.
2019-03-26 13:27:57 -05:00
8cc3070cc8
don't require whitespace
2019-02-25 11:24:30 -06:00
c09c15649f
SideEffects Stability Reliability check
2019-02-21 12:38:26 -06:00
46d7ab9795
don't refer to non-existent idx
2019-02-07 00:42:28 -06:00
d38e12c124
Add URL scheme and Base64.encode64 checks to msftdiy
2019-02-04 21:16:01 +00:00
2b231d33e5
Add comment clarifying why we need the day for ISO
2018-11-16 13:25:01 -06:00
2302acaab7
Accept ISO 8601 DisclosureDate with compatibility
...
Zalgo.
2018-11-16 12:03:01 -06:00
f25d7dbaa8
Revert Date.parse check for DisclosureDate
...
An approximation of https://en.wikipedia.org/wiki/Robustness_principle .
2018-11-16 11:48:44 -06:00
d65ba41e31
Use non-greedy regex against DisclosureDate
...
Zalgo. He comes.
wvu@kharak:~/metasploit-framework:bug/msftidy$ tools/dev/msftidy.rb modules/exploits/unix/webapp/jquery_file_upload.rb
"Oct 9 2018', # Larry"
wvu@kharak:~/metasploit-framework:bug/msftidy$
2018-11-16 11:40:12 -06:00
3dd47b34b0
Rework DisclosureDate check to match core code
...
Framework core uses Date.parse, so many date formats are valid.
There is no reason we shouldn't be using ISO 8601 dates.
2018-11-16 11:05:47 -06:00
a30403dbfe
Improve DisclosureDate regex
2018-11-16 03:46:51 -06:00
02bb2d45d3
Make day in DisclosureDate optional for msftidy
...
Defaults to the first day of the month.
2018-11-16 03:00:39 -06:00
0b8926715e
Reactively check for invalid module names
2018-10-10 14:33:59 -05:00
b012fa1275
Update msftidy
2018-10-06 15:59:05 -05:00
2186322134
Stop being an idiot about the regex and rewrite it
...
There was no reason to shoehorn in zero-length assertions.
2018-10-05 13:50:19 -05:00
05ac3875bc
Improve check_snake_case_filename check in msftidy
...
We also remove the separator, since the file is basenamed.
2018-10-05 11:55:17 -05:00
e753eddb6b
Ignore 'No CVE' warning if NOCVE reason was provided in notes
2018-08-31 16:53:44 -05:00
69d321000e
check double quotes
2018-08-29 06:49:37 +02:00
31d4d4f5ff
expand check
2018-08-29 06:42:01 +02:00
7431ae401b
fix more errors
2018-08-28 13:49:31 +02:00
a66556b436
fix msftidy errors
2018-08-28 13:12:43 +02:00
1381e1f3e0
also check https
2018-08-27 21:44:42 +02:00
9725e90ba7
Fix msftdiy EDB link check
2018-08-26 04:18:38 +00:00
0b0a9bfd32
Remove check_sock_get from run_checks
2018-07-18 09:47:17 -05:00
b78a0878b8
Upgrade info checks to warning
...
Also nix get vs. get_once check, since it's inconsistent in practice.
2018-07-18 00:05:48 -05:00
ae9677c1c2
Rework msftidy retvals
...
INFO should not be an error. Also prevent retval overflow.
2018-07-17 18:11:16 -05:00
d355f51969
Switch warn to info
...
Nothing to warn about, just something to note and check.
2018-07-13 14:55:17 -05:00
b8bdceccb8
Add missing CVE check to msftidy
2018-07-13 14:19:00 -05:00
226ef160ff
Land #9748 , Convert the smbloris DoS into an external module
...
Help reliability and performance. This some Ruby-specific external module
tooling as a result as well.
2018-04-02 23:25:10 -05:00
71149e9c68
Remove executable Ruby files from classic loading
2018-03-23 14:49:06 -05:00
Valentin Lobstein