Adds validation for arch values

Author: cgranleese-r7

spec/module_validation_spec.rb

@@ -25,6 +25,7 @@
       file_path: 'modules/exploits/windows/smb/cve_2020_0796_smbghost.rb',
       type: 'exploit',
       platform: Msf::Module::PlatformList.new(Msf::Module::Platform::Windows),
+      arch: [Rex::Arch::ARCH_X86],
       targets: [Msf::Module::Target.new('Windows 10 v1903-1909 x64', { 'Platform' => 'win', 'Arch' => ['x64'] })],
       description: %q{
           A vulnerability exists within the Microsoft Server Message Block 3.1.1 (SMBv3) protocol that can be leveraged to
@@ -234,6 +235,22 @@
       end
     end
 
+    context 'when the arch array contains a valid value' do
+      it 'has no errors' do
+        expect(subject.errors.full_messages).to be_empty
+      end
+    end
+
+    context 'when the arch array contains an invalid value' do
+      let(:mod_options) do
+        super().merge(arch: ["Rex::Arch::ARCH_X86"])
+      end
+
+      it 'has errors' do
+        expect(subject.errors.full_messages).to eq ["Arch contains invalid values [\"Rex::Arch::ARCH_X86\"] - only [\"x86\", \"x86_64\", \"x64\", \"mips\", \"mipsle\", \"mipsbe\", \"mips64\", \"mips64le\", \"ppc\", \"ppce500v2\", \"ppc64\", \"ppc64le\", \"cbea\", \"cbea64\", \"sparc\", \"sparc64\", \"armle\", \"armbe\", \"aarch64\", \"cmd\", \"php\", \"tty\", \"java\", \"ruby\", \"dalvik\", \"python\", \"nodejs\", \"firefox\", \"zarch\", \"r\", \"riscv32be\", \"riscv32le\", \"riscv64be\", \"riscv64le\", \"loongarch64\"] is allowed"]
+      end
+    end
+
     context 'when the platform is missing and targets does not contain platform values' do
       let(:mod_options) do
         super().merge(platform: nil, targets: [Msf::Module::Target.new('Windows 10 v1903-1909 x64', { 'Arch' => ['x64'] })])
@@ -279,7 +296,7 @@
         super().merge(new_module_options, rank: Msf::GreatRanking, rank_to_s: 'great')
       end
 
-      it 'has no errors' do
+      it 'has errors' do
         expect(subject.errors.full_messages).to eq [
           "Stability contains invalid values [[\"unknown-stability\"]] - only [\"crash-safe\", \"crash-service-restarts\", \"crash-service-down\", \"crash-os-restarts\", \"crash-os-down\", \"service-resource-loss\", \"os-resource-loss\"] is allowed",
           "Side effects contains invalid values [[\"unknown-side-effects\"]] - only [\"artifacts-on-disk\", \"config-changes\", \"ioc-in-logs\", \"account-lockouts\", \"account-logout\", \"screen-effects\", \"audio-effects\", \"physical-effects\"] is allowed",

spec/support/lib/module_validation.rb

@@ -9,6 +9,10 @@ def validate_each(record, attribute, value)
         return
       end
 
+      # Special cases for modules/exploits/bsd/finger/morris_fingerd_bof.rb which has a one-off architecture defined in
+      # the module itself, and that value is not included in the valid list of architectures.
+      # https://github.com/rapid7/metasploit-framework/blob/389d84cbf0d7c58727846466d9a9f6a468f32c61/modules/exploits/bsd/finger/morris_fingerd_bof.rb#L11
+      return if attribute == :arch && value == ["vax"] && record.fullname == "exploit/bsd/finger/morris_fingerd_bof"
       return if value == options[:sentinel_value]
 
       invalid_options = value - options[:in]
@@ -187,6 +191,9 @@ def validate_name_does_not_contain_non_printable_chars
                     'module_validation/array_inclusion': { in: VALID_RELIABILITY_VALUES, sentinel_value: Msf::UNKNOWN_RELIABILITY }
     end
 
+    validates :arch,
+              'module_validation/array_inclusion': { in: Rex::Arch::ARCH_TYPES }
+
     validates :license,
               presence: true,
               inclusion: { in: LICENSES, message: 'must include a valid license' }