update example modules to have zero violations

Brent Cook · Brent Cook · commit 80d18fae6a30 · 2017-07-24T06:15:54.000-07:00
diff --git a/modules/auxiliary/example.rb b/modules/auxiliary/example.rb
@@ -10,21 +10,21 @@
 #
 ###
 class MetasploitModule < Msf::Auxiliary
-
-  def initialize(info={})
-    super(update_info(info,
-      'Name'        => 'Sample Auxiliary Module',
-      # The description can be multiple lines, but does not preserve formatting.
-      'Description' => 'Sample Auxiliary Module',
-      'Author'      => ['Joe Module <joem@example.com>'],
-      'License'     => MSF_LICENSE,
-      'Actions'     =>
-        [
-          ['Default Action'],
-          ['Another Action']
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name'        => 'Sample Auxiliary Module',
+        # The description can be multiple lines, but does not preserve formatting.
+        'Description' => 'Sample Auxiliary Module',
+        'Author'      => ['Joe Module <joem@example.com>'],
+        'License'     => MSF_LICENSE,
+        'Actions'     => [
+          [ 'Default Action' ],
+          [ 'Another Action' ]
         ]
-    ))
-
+      )
+    )
   end
 
   def run
@@ -34,11 +34,10 @@ def run
   # auxiliary modules can register new commands, they all call cmd_* to
   # dispatch them
   def auxiliary_commands
-    return { "aux_extra_command" => "Run this auxiliary test commmand" }
+    { "aux_extra_command" => "Run this auxiliary test commmand" }
   end
 
   def cmd_aux_extra_command(*args)
-    print_status("Running inside aux_extra_command(#{args.join(" ")})")
+    print_status("Running inside aux_extra_command(#{args.join(' ')})")
   end
-
 end
diff --git a/modules/auxiliary/scanner/udp/example.rb b/modules/auxiliary/scanner/udp/example.rb
@@ -22,25 +22,26 @@ def initialize(info = {})
         'Author'         => 'Joe Contributor <joe_contributor[at]example.com>',
         'DisclosureDate' => 'Mar 15 2014',
         'License'        => MSF_LICENSE,
-        'References'     =>
-          [
-              ['CVE', '0000-0000'], # remove or update if CVE exists
-              ['URL', 'https://SomeURLinCyberspace.local']
-          ]
+        'References'     => [
+          [ 'CVE', '0000-0000' ], # remove or update if CVE exists
+          [ 'URL', 'https://SomeURLinCyberspace.local' ]
+        ]
       )
     )
 
     register_options(
-    [
-      # TODO: change to the port you need to scan
-      Opt::RPORT(12345)
-    ])
+      [
+        # TODO: change to the port you need to scan
+        Opt::RPORT(12345)
+      ]
+    )
 
     # TODO: add any advanced, special options here, otherwise remove
     register_advanced_options(
-    [
-      OptBool.new('SPECIAL', [true, 'Try this special thing', false])
-    ])
+      [
+        OptBool.new('SPECIAL', [true, 'Try this special thing', false])
+      ]
+    )
   end
 
   def setup
diff --git a/modules/exploits/example.rb b/modules/exploits/example.rb
@@ -20,46 +20,50 @@ class MetasploitModule < Msf::Exploit::Remote
   include Exploit::Remote::Tcp
 
   def initialize(info = {})
-    super(update_info(info,
-      # The Name should be just like the line of a Git commit - software name,
-      # vuln type, class. It needs to fit in 50 chars ideally. Preferably apply
-      # some search optimization so people can actually find the module.
-      # We encourage consistency between module name and file name.
-      'Name'           => 'Sample Exploit',
-      'Description'    => %q{
-          This exploit module illustrates how a vulnerability could be exploited
-        in an TCP server that has a parsing bug.
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         => ['skape'],
-      'References'     =>
-        [
-          [ 'OSVDB', '12345' ],
-          [ 'EDB', '12345' ],
-          [ 'URL', 'http://www.example.com'],
-          [ 'CVE', '1978-1234'],
-        ],
-      'Payload'        =>
-        {
-          'Space'    => 1000,
-          'BadChars' => "\x00",
-        },
-      'Targets'        =>
-        [
-          # Target 0: Windows All
+    super(
+      update_info(
+        info,
+        # The Name should be just like the line of a Git commit - software name,
+        # vuln type, class. It needs to fit in 50 chars ideally. Preferably apply
+        # some search optimization so people can actually find the module.
+        # We encourage consistency between module name and file name.
+        'Name'           => 'Sample Exploit',
+        'Description'    => %q(
+            This exploit module illustrates how a vulnerability could be exploited
+          in an TCP server that has a parsing bug.
+        ),
+        'License'        => MSF_LICENSE,
+        'Author'         => ['skape'],
+        'References'     =>
           [
-            'Windows XP/Vista/7/8',
-            {
-              'Platform' => 'win',
-              'Ret'      => 0x41424344
-            }
+            [ 'OSVDB', '12345' ],
+            [ 'EDB', '12345' ],
+            [ 'URL', 'http://www.example.com'],
+            [ 'CVE', '1978-1234']
           ],
-        ],
-      'DisclosureDate' => "Apr 1 2013",
-      # Note that this is by index, rather than name. It's generally easiest
-      # just to put the default at the beginning of the list and skip this
-      # entirely.
-      'DefaultTarget'  => 0))
+        'Payload'        =>
+          {
+            'Space'    => 1000,
+            'BadChars' => "\x00"
+          },
+        'Targets'        =>
+          [
+            # Target 0: Windows All
+            [
+              'Windows XP/Vista/7/8',
+              {
+                'Platform' => 'win',
+                'Ret'      => 0x41424344
+              }
+            ]
+          ],
+        'DisclosureDate' => "Apr 1 2013",
+        # Note that this is by index, rather than name. It's generally easiest
+        # just to put the default at the beginning of the list and skip this
+        # entirely.
+        'DefaultTarget'  => 0
+      )
+    )
   end
 
   #
@@ -80,7 +84,7 @@ def exploit
     print_status("Sending #{payload.encoded.length} byte payload...")
 
     # Build the buffer for transmission
-    buf  = rand_text_alpha(1024)
+    buf = rand_text_alpha(1024)
     buf << [ target.ret ].pack('V')
     buf << payload.encoded
 
@@ -90,6 +94,4 @@ def exploit
 
     handler
   end
-
 end
-
diff --git a/modules/exploits/windows/browser/example.rb b/modules/exploits/windows/browser/example.rb
@@ -19,48 +19,52 @@ class MetasploitModule < Msf::Exploit::Remote
   # Set :classid and :method for ActiveX exploits. For example:
   # :classid    => "{C3B92104-B5A7-11D0-A37F-00A0248F0AF1}",
   # :method     => "SetShapeNodeType",
-  autopwn_info({
-    :ua_name    => HttpClients::IE,
-    :ua_minver  => "8.0",
-    :ua_maxver  => "10.0",
-    :javascript => true,
-    :os_name    => OperatingSystems::Match::WINDOWS,
-    :rank       => NormalRanking
-  })
-
-  def initialize(info={})
-    super(update_info(info,
-      'Name'           => "Module Name",
-      'Description'    => %q{
-        This template covers IE8/9/10, and uses the user-agent HTTP header to detect
-        the browser version.  Please note IE8 and newer may emulate an older IE version
-        in compatibility mode, in that case the module won't be able to detect the
-        browser correctly.
-      },
-      'License'        => MSF_LICENSE,
-      'Author'         => [ 'sinn3r' ],
-      'References'     =>
-        [
-          [ 'URL', 'http://metasploit.com' ]
-        ],
-      'Platform'       => 'win',
-      'Targets'        =>
-        [
-          [ 'Automatic', {} ],
-          [ 'IE 8 on Windows XP SP3', { 'Rop' => :jre } ],
-          [ 'IE 8 on Windows Vista',  { 'Rop' => :jre } ],
-          [ 'IE 8 on Windows 7',      { 'Rop' => :jre } ],
-          [ 'IE 9 on Windows 7',      { 'Rop' => :jre } ],
-          [ 'IE 10 on Windows 8',     { 'Rop' => :jre } ]
-        ],
-      'Payload'        =>
-        {
-          'BadChars'        => "\x00",  # js_property_spray
-          'StackAdjustment' => -3500
-        },
-      'Privileged'     => false,
-      'DisclosureDate' => "Apr 1 2013",
-      'DefaultTarget'  => 0))
+  autopwn_info(
+    ua_name:    HttpClients::IE,
+    ua_minver:  "8.0",
+    ua_maxver:  "10.0",
+    javascript: true,
+    os_name:    OperatingSystems::Match::WINDOWS,
+    rank:       NormalRanking
+  )
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name'           => "Module Name",
+        'Description'    => %q(
+          This template covers IE8/9/10, and uses the user-agent HTTP header to detect
+          the browser version.  Please note IE8 and newer may emulate an older IE version
+          in compatibility mode, in that case the module won't be able to detect the
+          browser correctly.
+        ),
+        'License'        => MSF_LICENSE,
+        'Author'         => [ 'sinn3r' ],
+        'References'     =>
+          [
+            [ 'URL', 'http://metasploit.com' ]
+          ],
+        'Platform'       => 'win',
+        'Targets'        =>
+          [
+            [ 'Automatic', {} ],
+            [ 'IE 8 on Windows XP SP3', { 'Rop' => :jre } ],
+            [ 'IE 8 on Windows Vista',  { 'Rop' => :jre } ],
+            [ 'IE 8 on Windows 7',      { 'Rop' => :jre } ],
+            [ 'IE 9 on Windows 7',      { 'Rop' => :jre } ],
+            [ 'IE 10 on Windows 8',     { 'Rop' => :jre } ]
+          ],
+        'Payload'        =>
+          {
+            'BadChars'        => "\x00", # js_property_spray
+            'StackAdjustment' => -3500
+          },
+        'Privileged'     => false,
+        'DisclosureDate' => "Apr 1 2013",
+        'DefaultTarget'  => 0
+      )
+    )
   end
 
   def get_target(agent)
@@ -85,7 +89,7 @@ def get_target(agent)
     end
 
     targets.each do |t|
-      if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name))
+      if (!ie.empty? && t.name.include?(ie_name)) && (!nt.empty? && t.name.include?(os_name))
         return t
       end
     end
@@ -100,20 +104,19 @@ def get_payload(t)
     case t['Rop']
     when :msvcrt
       print_status("Using msvcrt ROP")
-      rop_payload = generate_rop_payload('msvcrt', code, {'pivot'=>stack_pivot, 'target'=>'xp'})
+      rop_payload = generate_rop_payload('msvcrt', code, 'pivot' => stack_pivot, 'target' => 'xp')
 
     else
       print_status("Using JRE ROP")
-      rop_payload = generate_rop_payload('java', code, {'pivot'=>stack_pivot})
+      rop_payload = generate_rop_payload('java', code, 'pivot' => stack_pivot)
     end
 
     rop_payload
   end
 
-
   def get_html(t)
     js_p = ::Rex::Text.to_unescape(get_payload(t), ::Rex::Arch.endian(t.arch))
-    html = %Q|
+    html = %|
       <script>
       #{js_property_spray}
 
@@ -125,7 +128,6 @@ def get_html(t)
     html.gsub(/^\t\t/, '')
   end
 
-
   def on_request_uri(cli, request)
     agent = request.headers['User-Agent']
     print_status("Requesting: #{request.uri}")
@@ -139,6 +141,6 @@ def on_request_uri(cli, request)
 
     print_status("Target selected as: #{target.name}")
     html = get_html(target)
-    send_response(cli, html, { 'Content-Type'=>'text/html', 'Cache-Control'=>'no-cache' })
+    send_response(cli, html, 'Content-Type' => 'text/html', 'Cache-Control' => 'no-cache')
   end
 end
