Updates module validation to check description and name for non-printable chars

Author: cgranleese-r7

spec/module_validation_spec.rb

@@ -184,6 +184,16 @@
       end
     end
 
+    context 'when the name has non-printable ascii characters' do
+      let(:mod_options) do
+        super().merge(name: 'Testing human-readable printable ascii characters ≤')
+      end
+
+      it 'has errors' do
+        expect(subject.errors.full_messages).to eq ['Name must only contain human-readable printable ascii characters']
+      end
+    end
+
     context 'when the module file path is not snake case' do
       let(:mod_options) do
         super().merge(file_path: 'modules/exploits/windows/smb/CVE_2020_0796_smbghost.rb')
@@ -204,6 +214,16 @@
       end
     end
 
+    context 'when the description has non-printable ascii characters' do
+      let(:mod_options) do
+        super().merge(description: "Testing human-readable printable ascii characters ≤\n\tand newlines/tabs")
+      end
+
+      it 'has errors' do
+        expect(subject.errors.full_messages).to eq ['Description must only contain human-readable printable ascii characters, including newlines and tabs']
+      end
+    end
+
     context 'when the platform value is invalid', skip_before: true do
       let(:mod_options) do
         super().merge(platform: Msf::Module::PlatformList.new('foo'))

spec/support/lib/module_validation.rb

@@ -28,6 +28,8 @@ class Validator < SimpleDelegator
     validate :validate_reference_ctx_id
     validate :validate_author_bad_chars
     validate :validate_target_platforms
+    validate :validate_description_does_not_contain_non_printable_chars
+    validate :validate_name_does_not_contain_non_printable_chars
 
     attr_reader :mod
 
@@ -153,6 +155,22 @@ def has_notes?
       !notes.empty?
     end
 
+    def validate_description_does_not_contain_non_printable_chars
+      unless description&.match?(/\A[ -~\t\n]*\z/)
+        # Blank descriptions are validated elsewhere, so we will return early to not also add this error
+        # and cause unnecessary confusion.
+        return if description.nil?
+
+        errors.add :description, 'must only contain human-readable printable ascii characters, including newlines and tabs'
+      end
+    end
+
+    def validate_name_does_not_contain_non_printable_chars
+      unless name&.match?(/\A[ -~]+\z/)
+        errors.add :name, 'must only contain human-readable printable ascii characters'
+      end
+    end
+
     validates :mod, presence: true
 
     with_options if: :has_notes? do |mod|