Land rapid7#6202, unbalanced angle brackets fixes

Author: wvu

modules/auxiliary/scanner/http/cisco_ssl_vpn_priv_esc.rb

@@ -21,7 +21,7 @@ def initialize(info = {})
       'Author'       =>
         [
           'jclaudius <jclaudius[at]trustwave.com>',
-          'lguay <laura.r.guay[at]gmail.com'
+          'lguay <laura.r.guay[at]gmail.com>'
         ],
       'License'     => MSF_LICENSE,
       'References'  =>

modules/auxiliary/scanner/quake/server_info.rb

@@ -20,7 +20,7 @@ def initialize(info = {})
           This module uses the getstatus or getinfo request to obtain
           information from a Quakeserver.
         ),
-        'Author'        => 'Jon Hart <jon_hart[at]rapid7.com',
+        'Author'        => 'Jon Hart <jon_hart[at]rapid7.com>',
         'References'    =>
           [
             ['URL', 'ftp://ftp.idsoftware.com/idstuff/quake3/docs/server.txt']

modules/exploits/windows/http/kaseya_uploadimage_file_upload.rb

@@ -23,7 +23,7 @@ def initialize(info = {})
       },
       'Author'         =>
         [
-          'Thomas Hibbert <[email protected]' # Vulnerability discovery and MSF module
+          'Thomas Hibbert <[email protected]>' # Vulnerability discovery and MSF module
         ],
       'License'        => MSF_LICENSE,
       'References'     =>

modules/exploits/windows/mysql/mysql_start_up.rb

@@ -24,7 +24,7 @@ def initialize(info = {})
       'Author'         =>
         [
           'sinn3r',
-          'Sean Verity <veritysr1980[at]gmail.com'
+          'Sean Verity <veritysr1980[at]gmail.com>'
         ],
       'DefaultOptions' =>
         {

modules/exploits/windows/smb/psexec_psh.rb

@@ -36,7 +36,7 @@ def initialize(info = {})
 
       'Author'           => [
         'Royce @R3dy__ Davis <rdavis[at]accuvant.com>', # PSExec command module
-        'RageLtMan <rageltman[at]sempervictus' # PSH exploit, libs, encoders
+        'RageLtMan <rageltman[at]sempervictus>' # PSH exploit, libs, encoders
       ],
       'License'          => MSF_LICENSE,
       'Privileged'       => true,

modules/post/multi/gather/lastpass_creds.rb

@@ -19,7 +19,7 @@ def initialize(info = {})
         'Author' => [
           'Alberto Garcia Illera <agarciaillera[at]gmail.com>', # original module and research
           'Martin Vigo <martinvigo[at]gmail.com>', # original module and research
-          'Jon Hart <jon_hart[at]rapid7.com' # module rework and cleanup
+          'Jon Hart <jon_hart[at]rapid7.com>' # module rework and cleanup
         ],
         'Platform' => %w(linux osx unix win),
         'References'   => [['URL', 'http://www.martinvigo.com/a-look-into-lastpass/']],

modules/post/windows/gather/phish_windows_credentials.rb

@@ -20,7 +20,7 @@ def initialize(info={})
       'License'       => MSF_LICENSE,
       'Author'        =>
             [
-              'Wesley Neelen <security[at]forsec.nl', # Metasploit module, @wez3forsec on Twitter
+              'Wesley Neelen <security[at]forsec.nl>', # Metasploit module, @wez3forsec on Twitter
               'Matt Nelson'                           # Original powershell script, @enigma0x3 on Twitter
             ],
       'References'    => [ 'URL', 'https://forsec.nl/2015/02/windows-credentials-phishing-using-metasploit' ],

tools/dev/msftidy.rb

@@ -317,6 +317,8 @@ def check_badchars
         next
       end
 
+      # XXX: note that this is all very fragile and regularly incorrectly parses
+      # the author
       #
       # Mark our 'Author' block
       #
@@ -328,10 +330,12 @@ def check_badchars
 
 
       #
-      # While in 'Author' block, check for Twitter handles
+      # While in 'Author' block, check for malformed authors
       #
       if in_super and in_author
-        if line =~ /Author/
+        if line =~ /Author['"]\s*=>\s*['"](.*)['"],/
+          author_name = Regexp.last_match(1)
+        elsif line =~ /Author/
           author_name = line.scan(/\[[[:space:]]*['"](.+)['"]/).flatten[-1] || ''
         else
           author_name = line.scan(/['"](.+)['"]/).flatten[-1] || ''
@@ -344,6 +348,14 @@ def check_badchars
         if not author_name.ascii_only?
           error("Please avoid unicode or non-printable characters in Author")
         end
+
+        unless author_name.empty?
+          author_open_brackets = author_name.scan('<').size
+          author_close_brackets = author_name.scan('>').size
+          if author_open_brackets != author_close_brackets
+            error("Author has unbalanced brackets: #{author_name}")
+          end
+        end
       end
     end
   end