Skip to content

Commit 506c354

Browse files
wvuwvu
committed
Land rapid7#3103, vars_get check for msftidy
2 parents 9eada52 + c62f407 commit 506c354

File tree

1 file changed

+21
-4
lines changed

1 file changed

+21
-4
lines changed

tools/msftidy.rb

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ def initialize(source_file)
6262
# @return status [Integer] Returns WARNINGS unless we already have an
6363
# error.
6464
def warn(txt, line=0) line_msg = (line>0) ? ":#{line}" : ''
65-
puts "#{@full_filepath}#{line_msg} - [#{'WARNING'.yellow}] #{txt}"
65+
puts "#{@full_filepath}#{line_msg} - [#{'WARNING'.yellow}] #{cleanup_text(txt)}"
6666
@status == ERRORS ? @status = ERRORS : @status = WARNINGS
6767
end
6868

@@ -74,14 +74,14 @@ def warn(txt, line=0) line_msg = (line>0) ? ":#{line}" : ''
7474
# @return status [Integer] Returns ERRORS
7575
def error(txt, line=0)
7676
line_msg = (line>0) ? ":#{line}" : ''
77-
puts "#{@full_filepath}#{line_msg} - [#{'ERROR'.red}] #{txt}"
77+
puts "#{@full_filepath}#{line_msg} - [#{'ERROR'.red}] #{cleanup_text(txt)}"
7878
@status = ERRORS
7979
end
8080

8181
# Currently unused, but some day msftidy will fix errors for you.
8282
def fixed(txt, line=0)
8383
line_msg = (line>0) ? ":#{line}" : ''
84-
puts "#{@full_filepath}#{line_msg} - [#{'FIXED'.green}] #{txt}"
84+
puts "#{@full_filepath}#{line_msg} - [#{'FIXED'.green}] #{cleanup_text(txt)}"
8585
end
8686

8787

@@ -463,7 +463,7 @@ def check_lines
463463

464464
# do not change datastore in code
465465
if ln =~ /(?<!\.)datastore\[["'][^"']+["']\]\s*=(?![=~>])/
466-
error("datastore is modified in code: #{ln.inspect}", idx)
466+
error("datastore is modified in code: #{ln}", idx)
467467
end
468468
}
469469
end
@@ -475,6 +475,15 @@ def check_vuln_codes
475475
end
476476
end
477477

478+
def check_vars_get
479+
test = @source.scan(/send_request_(?:cgi|raw)\s*\(\s*\{\s*['"]uri['"]\s*=>\s*[^=\}]*?\?[^,\}]+/im)
480+
unless test.empty?
481+
test.each { |item|
482+
warn("Please use vars_get in send_request_cgi and send_request_raw: #{item}")
483+
}
484+
end
485+
end
486+
478487
private
479488

480489
def load_file(file)
@@ -484,6 +493,13 @@ def load_file(file)
484493
f.close
485494
return buf
486495
end
496+
497+
def cleanup_text(txt)
498+
# remove line breaks
499+
txt = txt.gsub(/[\r\n]/, ' ')
500+
# replace multiple spaces by one space
501+
txt.gsub(/\s{2,}/, ' ')
502+
end
487503
end
488504

489505
#
@@ -511,6 +527,7 @@ def run_checks(full_filepath)
511527
tidy.check_snake_case_filename
512528
tidy.check_comment_splat
513529
tidy.check_vuln_codes
530+
tidy.check_vars_get
514531
return tidy
515532
end
516533

0 commit comments

Comments
 (0)