Merge pull request #1 from bwatters-r7/prep-8509

bypassuac_injection_winsxs updates and documents

Author: L3cr0f

.dockerignore

@@ -90,7 +90,7 @@ data/java
 
 # Avoid checking in Meterpreter libs that are built from
 # private source. If you're interested in this functionality,
-# check out Metasploit Pro: http://metasploit.com/download
+# check out Metasploit Pro: https://metasploit.com/download
 data/meterpreter/ext_server_pivot.*.dll
 
 # Avoid checking in metakitty, the source for

.gitignore

@@ -78,7 +78,7 @@ data/java
 
 # Avoid checking in Meterpreter libs that are built from
 # private source. If you're interested in this functionality,
-# check out Metasploit Pro: http://metasploit.com/download
+# check out Metasploit Pro: https://metasploit.com/download
 data/meterpreter/ext_server_pivot.*.dll
 
 # Avoid checking in metakitty, the source for
@@ -91,3 +91,4 @@ docker-compose.local*
 
 # Ignore python bytecode
 *.pyc
+rspec.failures

.rubocop.yml

@@ -8,18 +8,57 @@
 
 # inherit_from: .rubocop_todo.yml
 
+AllCops:
+  TargetRubyVersion: 2.2
+
 Metrics/ClassLength:
   Description: 'Most Metasploit modules are quite large. This is ok.'
   Enabled: true
   Exclude:
     - 'modules/**/*'
 
+Metrics/AbcSize:
+  Enabled: false
+  Description: 'This is often a red-herring'
+
+Metrics/CyclomaticComplexity:
+  Enabled: false
+  Description: 'This is often a red-herring'
+
+Metrics/PerceivedComplexity:
+  Enabled: false
+  Description: 'This is often a red-herring'
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+  Description: 'We cannot support this yet without a lot of things breaking'
+
+Style/RedundantReturn:
+  Description: 'This often looks weird when mixed with actual returns, and hurts nothing'
+  Enabled: false
+
 Style/Documentation:
   Enabled: true
   Description: 'Most Metasploit modules do not have class documentation.'
   Exclude:
     - 'modules/**/*'
 
+Layout/IndentHeredoc:
+  Enabled: false
+  Description: 'We need to leave this disabled for Ruby 2.2 compat, remove in 2018'
+
+Style/GuardClause:
+  Enabled: false
+  Description: 'This often introduces bugs in tested code'
+
+Style/NegatedIf:
+  Enabled: false
+  Description: 'This often introduces bugs in tested code'
+
+Style/ConditionalAssignment:
+  Enabled: false
+  Description: 'This is confusing for folks coming from other languages'
+
 Style/Encoding:
   Enabled: true
   Description: 'We prefer binary to UTF-8.'
@@ -53,7 +92,7 @@ Style/NumericLiterals:
   Enabled: false
   Description: 'This often hurts readability for exploit-ish code.'
 
-Style/SpaceInsideBrackets:
+Layout/SpaceInsideBrackets:
   Enabled: false
   Description: 'Until module template are final, most modules will fail this.'
 

.ruby-version

@@ -1 +1 @@
-2.4.1
+2.4.2

.travis.yml

@@ -12,20 +12,24 @@ addons:
 language: ruby
 rvm:
   - '2.2'
-  - '2.3.4'
-  - '2.4.1'
+  - '2.3.5'
+  - '2.4.2'
 
 env:
-# TODO: restore these tests when the code passes them!
-#  - CMD='bundle exec rake cucumber cucumber:boot CREATE_BINSTUBS=true'
-  - CMD='bundle exec rake spec SPEC_OPTS="--tag content"'
-  - CMD='bundle exec rake spec SPEC_OPTS="--tag ~content"'
+  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag content"'
+  - CMD='bundle exec rake rspec-rerun:spec SPEC_OPTS="--tag ~content"'
 
 matrix:
   fast_finish: true
+
+jobs:
+  # build docker image
   include:
-  - rvm: ruby-head
-    env: CMD="docker-compose -f $TRAVIS_BUILD_DIR/docker-compose.yml build"
+  - env: CMD="docker-compose -f $TRAVIS_BUILD_DIR/docker-compose.yml build" DOCKER="true"
+    # we do not need any setup
+    before_install: skip
+    install: skip
+    before_script: skip
 before_install:
   - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
   - rake --version
@@ -44,7 +48,8 @@ before_script:
   - git diff --exit-code db/schema.rb
 script:
   - echo "${CMD}"
-  - bash -c "${CMD}"
+    # we need travis_wait because the Docker build job can take longer than 10 minutes
+  - if [[ "${DOCKER}" == "true" ]]; then echo "Starting Docker build job"; travis_wait 40 "${CMD}"; else bash -c "${CMD}"; fi
 
 notifications:
   irc: "irc.freenode.org#msfnotify"

.yardopts

@@ -2,7 +2,7 @@
 --exclude samples/
 --exclude \.ut\.rb/
 --exclude \.ts\.rb/
---files CONTRIBUTING.md,COPYING,HACKING,LICENSE
+--files CONTRIBUTING.md,COPYING,LICENSE
 app/**/*.rb
 lib/msf/**/*.rb
 lib/metasploit/**/*.rb

CONTRIBUTING.md

@@ -119,4 +119,4 @@ already way ahead of the curve, so keep it up!
 [YARD]:http://yardoc.org
 [Issues]:https://github.com/rapid7/metasploit-framework/issues
 [Freenode IRC channel]:http://webchat.freenode.net/?channels=%23metasploit&uio=d4
-[metasploit-hackers]:https://lists.sourceforge.net/lists/listinfo/metasploit-hackers
+[metasploit-hackers]:https://groups.google.com/forum/#!forum/metasploit-hackers

docker/Dockerfile renamed to Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.4.1-alpine
+FROM ruby:2.4.2-alpine
 MAINTAINER Rapid7
 
 ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"
@@ -24,7 +24,6 @@ RUN apk update && \
       bison \
       build-base \
       ruby-dev \
-      libffi-dev\
       openssl-dev \
       readline-dev \
       sqlite-dev \
@@ -35,15 +34,14 @@ RUN apk update && \
       yaml-dev \
       zlib-dev \
       ncurses-dev \
+      git \
     && echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
+    && gem update --system \
+    && gem install bundler \
     && bundle install --system $BUNDLER_ARGS \
     && apk del .ruby-builddeps \
     && rm -rf /var/cache/apk/*
 
-# fix for robots gem not readable (known bug)
-# https://github.com/rapid7/metasploit-framework/issues/6068
-RUN chmod o+r /usr/local/bundle/gems/robots-*/lib/robots.rb
-
 RUN adduser -g msfconsole -D $MSF_USER
 
 RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)

Gemfile

@@ -18,9 +18,9 @@ group :development do
   gem 'pry'
   # module documentation
   gem 'octokit'
-  # metasploit-aggregator as a framework only option for now
   # Metasploit::Aggregator external session proxy
-  gem 'metasploit-aggregator'
+  # Disabled for now for crypttlv updates
+  # gem 'metasploit-aggregator'
 end
 
 group :development, :test do
@@ -33,14 +33,10 @@ group :development, :test do
   # Define `rake spec`.  Must be in development AND test so that its available by default as a rake test when the
   # environment is development
   gem 'rspec-rails'
+  gem 'rspec-rerun'
 end
 
 group :test do
-  # cucumber extension for testing command line applications, like msfconsole
-  gem 'aruba'
-  # cucumber + automatic database cleaning with database_cleaner
-  gem 'cucumber-rails', :require => false
-  gem 'shoulda-matchers'
   # Manipulate Time.now in specs
   gem 'timecop'
 end