Remove broken code

config/msf_cve-db.txt

@@ -351,6 +351,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/http_login.rb:CVE-1999-0502#Weakpassword
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/http_sickrage_password_leak.rb:CVE-2018-9160
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/iis_internal_ip.rb:CVE-2000-0649
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/iis_internal_ip.rb:CVE-2002-0422
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/intel_amt_digest_bypass.rb:CVE-2017-5689
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/jboss_status.rb:CVE-2008-3273
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/jboss_status.rb:CVE-2010-1429,#regression
@@ -428,6 +429,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wordpress_login_enum.rb:CVE-2009-2335
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wordpress_pingback_access.rb:CVE-2013-0235
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb:CVE-1999-0502#Weakpassword
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_bulletproofsecurity_backups.rb:CVE-2021-39327
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_chopslider_id_sqli.rb:CVE-2020-11530
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_contus_video_gallery_sqli.rb:CVE-2015-2065
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_dukapress_file_read.rb:CVE-2014-8799
@@ -1037,6 +1039,8 @@
 /usr/share/metasploit-framework/modules/exploits/multi/http/getsimplecms_unauth_code_exec.rb:CVE-2019-11231
 /usr/share/metasploit-framework/modules/exploits/multi/http/git_client_command_exec.rb:CVE-2014-9390
 /usr/share/metasploit-framework/modules/exploits/multi/http/gitea_git_hooks_rce.rb:CVE-2020-14144
+/usr/share/metasploit-framework/modules/exploits/multi/http/gitlab_exif_rce.rb:CVE-2021-22204,#ExifTool
+/usr/share/metasploit-framework/modules/exploits/multi/http/gitlab_exif_rce.rb:CVE-2021-22205,#GitLab
 /usr/share/metasploit-framework/modules/exploits/multi/http/gitlab_file_read_rce.rb:CVE-2020-10977
 /usr/share/metasploit-framework/modules/exploits/multi/http/gitlab_shell_exec.rb:CVE-2013-4490
 /usr/share/metasploit-framework/modules/exploits/multi/http/git_lfs_clone_command_exec.rb:CVE-2021-21300

helpers/helpers_emba_dependency_check.sh

@@ -227,6 +227,8 @@ dependency_check()
 
     # CVE-search
     check_dep_file "cve-search" "$EXT_DIR""/cve-search/bin/search.py"
+    # we have to ignore this warning, because shellcheck doesn't know, that this file will be imported
+    # shellcheck disable=SC2309
     if [[ IN_DOCKER -eq 0 ]]; then 
       # really basic check, if cve-search database is running - no check, if populated and also no check, if emba in docker
       check_dep_tool "mongoDB" "mongod"

helpers/helpers_emba_helpers.sh

@@ -31,7 +31,7 @@ wait_for_pid() {
   local WAIT_PIDS=("$@")
   local PID
   #print_output "[*] wait pid protection: ${#WAIT_PIDS[@]}"
-  for PID in ${WAIT_PIDS[*]}; do
+  for PID in "${WAIT_PIDS[@]}"; do
     #print_output "[*] wait pid protection: $PID"
     echo "." | tr -d "\n" 2>/dev/null
     if ! [[ -e /proc/"$PID" ]]; then
@@ -60,7 +60,7 @@ max_pids_protection() {
   while [[ ${#WAIT_PIDS[@]} -gt "$MAX_PIDS_" ]]; do
     TEMP_PIDS=()
     # check for really running PIDs and re-create the array
-    for PID in ${WAIT_PIDS[*]}; do
+    for PID in "${WAIT_PIDS[@]}"; do
       #print_output "[*] max pid protection: ${#WAIT_PIDS[@]}"
       if [[ -e /proc/"$PID" ]]; then
         TEMP_PIDS+=( "$PID" )

helpers/helpers_emba_html_generator.sh

@@ -108,9 +108,9 @@ add_link_tags() {
             generate_info_file "$REF_LINK" "$BACK_LINK"
           fi
           if [[ -n "$REF_ANCHOR" ]] ; then
-            HTML_LINK="$(echo "$REFERENCE_LINK" | sed -e "s@LINK@./$(echo "$BACK_LINK" | cut -d"." -f1)/$(basename "${REF_LINK%.${REF_LINK##*.}}").html""#anchor_$REF_ANCHOR@g")"
+            HTML_LINK="$(echo "$REFERENCE_LINK" | sed -e "s@LINK@./$(echo "$BACK_LINK" | cut -d"." -f1)/$(basename "${REF_LINK%."${REF_LINK##*.}"}").html""#anchor_$REF_ANCHOR@g")"
           else
-            HTML_LINK="$(echo "$REFERENCE_LINK" | sed -e "s@LINK@./$(echo "$BACK_LINK" | cut -d"." -f1)/$(basename "${REF_LINK%.${REF_LINK##*.}}").html@g")"
+            HTML_LINK="$(echo "$REFERENCE_LINK" | sed -e "s@LINK@./$(echo "$BACK_LINK" | cut -d"." -f1)/$(basename "${REF_LINK%."${REF_LINK##*.}"}").html@g")"
           fi
           LINE_NUMBER_INFO_PREV="$(( REF_LINK_NUMBER - 1 ))"
           while [[ ("$(sed "$LINE_NUMBER_INFO_PREV""q;d" "$LINK_FILE")" == "$P_START$SPAN_END$P_END") || ("$(sed "$LINE_NUMBER_INFO_PREV""q;d" "$LINK_FILE")" == "$BR" ) ]] ; do 
@@ -274,7 +274,7 @@ generate_info_file()
   SRC_FILE=$2
   CUSTOM_SUB_PATH=$3
 
-  INFO_HTML_FILE="$(basename "${INFO_FILE%.${INFO_FILE##*.}}"".html")"
+  INFO_HTML_FILE="$(basename "${INFO_FILE%."${INFO_FILE##*.}"}"".html")"
   if [[ -z "$CUSTOM_SUB_PATH" ]] ; then
     INFO_PATH="$ABS_HTML_PATH""/""$(echo "$SRC_FILE" | cut -d"." -f1 )"
   else
@@ -336,8 +336,8 @@ generate_report_file()
   # if set to 1, then generate file in supplementary folder and link to menu
   SUPPL_FILE_GEN=$2
 
-  if ! ( grep -a -o -i -q "$(basename "${REPORT_FILE%.${REPORT_FILE##*.}}")"" nothing reported" "$REPORT_FILE" ) ; then
-    HTML_FILE="$(basename "${REPORT_FILE%.${REPORT_FILE##*.}}"".html")"
+  if ! ( grep -a -o -i -q "$(basename "${REPORT_FILE%."${REPORT_FILE##*.}"}")"" nothing reported" "$REPORT_FILE" ) ; then
+    HTML_FILE="$(basename "${REPORT_FILE%."${REPORT_FILE##*.}"}"".html")"
     if [[ $SUPPL_FILE_GEN -eq 1 ]] ; then
       cp "./helpers/base.html" "$ABS_HTML_PATH$SUPPL_PATH_HTML""/""$HTML_FILE"
     else
@@ -450,7 +450,7 @@ update_index()
 {
   # add emba.log to webreport
   generate_report_file "$MAIN_LOG"
-  sed -i -e "s@buttonTimeInvisible@buttonTime@ ; s@TIMELINK@.\/$(basename "${MAIN_LOG%.${MAIN_LOG##*.}}"".html")@" "$ABS_HTML_PATH""/""$INDEX_FILE"
+  sed -i -e "s@buttonTimeInvisible@buttonTime@ ; s@TIMELINK@.\/$(basename "${MAIN_LOG%."${MAIN_LOG##*.}"}"".html")@" "$ABS_HTML_PATH""/""$INDEX_FILE"
   # generate files in $SUPPL_PATH (supplementary files from modules) 
   readarray -t SUPPL_FILES < <(find "$SUPPL_PATH" ! -path "$SUPPL_PATH")
   if [[ "${#SUPPL_FILES[@]}" -gt 0 ]] ; then
@@ -459,8 +459,8 @@ update_index()
   for S_FILE in "${SUPPL_FILES[@]}" ; do
     generate_info_file "$S_FILE" "" "$SUPPL_PATH_HTML"
     LINE_NUMBER_NAV=$(grep -a -n "etc start" "$ABS_HTML_PATH""/""$INDEX_FILE" | cut -d ":" -f 1)
-    REP_NAV_LINK="$(echo "$ETC_INDEX_LINK" | sed -e "s@LINK@./$SUPPL_PATH_HTML/$(basename "${S_FILE%.${S_FILE##*.}}"".html")@g")"
-    sed -i "$LINE_NUMBER_NAV""i""$REP_NAV_LINK""$(basename "${S_FILE%.${S_FILE##*.}}")""$LINK_END" "$ABS_HTML_PATH""/""$INDEX_FILE"
+    REP_NAV_LINK="$(echo "$ETC_INDEX_LINK" | sed -e "s@LINK@./$SUPPL_PATH_HTML/$(basename "${S_FILE%."${S_FILE##*.}"}"".html")@g")"
+    sed -i "$LINE_NUMBER_NAV""i""$REP_NAV_LINK""$(basename "${S_FILE%."${S_FILE##*.}"}")""$LINK_END" "$ABS_HTML_PATH""/""$INDEX_FILE"
   done
   scan_report
   add_arrows

helpers/helpers_emba_path.sh

@@ -178,18 +178,7 @@ mod_path() {
     done
   done
 
-  local NEW_RET_PATHS
-
-  for RET_PATHS_I in "${RET_PATHS[@]}"; do
-    mapfile -t NEW_RET_PATHS < <(find "$FIRMWARE_PATH" -xdev -path "$RET_PATHS_I")
-    for I in "${!NEW_RET_PATHS[@]}"; do
-      if ! [[ -e "${NEW_RET_PATHS[I]}" ]] || ! [[ -d "${NEW_RET_PATHS[I]}" ]] ;  then
-        unset 'NEW_RET_PATHS[I]'
-      fi
-    done
-  done
-
-  echo "${NEW_RET_PATHS[@]}"
+  echo "${RET_PATHS[@]}"
 }
 
 mod_path_array() {

modules/S09_firmware_base_version_check.sh

@@ -165,7 +165,7 @@ recover_wait_pids() {
   local TEMP_PIDS=()
   local PID
   # check for really running PIDs and re-create the array
-  for PID in ${WAIT_PIDS_S09[*]}; do
+  for PID in "${WAIT_PIDS_S09[@]}"; do
     #print_output "[*] max pid protection: ${#WAIT_PIDS[@]}"
     if [[ -e /proc/"$PID" ]]; then
       TEMP_PIDS+=( "$PID" )