Skip to content

Commit ba54341

Browse files
author
jvazquez-r7
committed
Merge branch 'refs_check' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-refs_check
2 parents cdcb58d + 4011c8d commit ba54341

File tree

1 file changed

+60
-0
lines changed

1 file changed

+60
-0
lines changed

tools/msftidy.rb

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,64 @@ def error(txt, line=0)
5959
#
6060
##
6161

62+
def check_ref_identifiers
63+
in_super = false
64+
in_refs = false
65+
66+
@source.each_line do |line|
67+
if !in_super and line =~ /[\n\t]+super\(/
68+
in_super = true
69+
elsif in_super and line =~ /[[:space:]]*def \w+[\(\w+\)]*/
70+
in_super = false
71+
break
72+
end
73+
74+
if in_super and line =~ /'References'[[:space:]]*=>/
75+
in_refs = true
76+
elsif in_super and in_refs and line =~ /^[[:space:]]+\],*/m
77+
break
78+
elsif in_super and in_refs and line =~ /[^#]+\[[[:space:]]*['"](.+)['"][[:space:]]*,[[:space:]]*['"](.+)['"][[:space:]]*\]/
79+
identifier = $1.strip.upcase
80+
value = $2.strip
81+
82+
case identifier
83+
when 'CVE'
84+
warn("Invalid CVE format: '#{value}'") if value !~ /^\d{4}\-\d{4}$/
85+
when 'OSVDB'
86+
warn("Invalid OSVDB format: '#{value}'") if value !~ /^\d+$/
87+
when 'BID'
88+
warn("Invalid BID format: '#{value}'") if value !~ /^\d+$/
89+
when 'MSB'
90+
warn("Invalid MSB format: '#{value}'") if value !~ /^MS\d+\-\d+$/
91+
when 'MIL'
92+
warn("milw0rm references are no longer supported.")
93+
when 'EDB'
94+
warn("Invalid EDB reference") if value !~ /^\d+$/
95+
when 'WVE'
96+
warn("Invalid WVE reference") if value !~ /^\d+\-\d+$/
97+
when 'US-CERT-VU'
98+
warn("Invalid US-CERT-VU reference") if value !~ /^\d+$/
99+
when 'URL'
100+
if value =~ /^http:\/\/www\.osvdb\.org/
101+
warn("Please use 'OSVDB' for '#{value}'")
102+
elsif value =~ /^http:\/\/cvedetails\.com\/cve/
103+
warn("Please use 'CVE' for '#{value}'")
104+
elsif value =~ /^http:\/\/www\.securityfocus\.com\/bid\//
105+
warn("Please use 'BID' for '#{value}'")
106+
elsif value =~ /^http:\/\/www\.microsoft\.com\/technet\/security\/bulletin\//
107+
warn("Please use 'MSB' for '#{value}'")
108+
elsif value =~ /^http:\/\/www\.exploit\-db\.com\/exploits\//
109+
warn("Please use 'EDB' for '#{value}'")
110+
elsif value =~ /^http:\/\/www\.wirelessve\.org\/entries\/show\/WVE\-/
111+
warn("Please use 'WVE' for '#{value}'")
112+
elsif value =~ /^http:\/\/www\.kb\.cert\.org\/vuls\/id\//
113+
warn("Please use 'US-CERT-VU' for '#{value}'")
114+
end
115+
end
116+
end
117+
end
118+
end
119+
62120
def check_old_keywords
63121
max_count = 10
64122
counter = 0
@@ -322,6 +380,8 @@ def load_file(file)
322380

323381
def run_checks(f_rel)
324382
tidy = Msftidy.new(f_rel)
383+
tidy.check_ref_identifiers
384+
return
325385
tidy.check_old_keywords
326386
tidy.check_badchars
327387
tidy.check_extname

0 commit comments

Comments
 (0)