New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rework DisclosureDate check in msftidy, including ISO 8601 support #10973

Merged
merged 8 commits into from Nov 19, 2018

Conversation

Projects
None yet
5 participants
@wvu-r7
Contributor

wvu-r7 commented Nov 16, 2018

Omitting the day is fine, as Framework uses Date.parse. Defaults to the first day of the month.

msf5 exploit(unix/local/[redacted]) > grep Disclosed info
  Disclosed: 1986-08-01
msf5 exploit(unix/local/[redacted]) >

Additionally, ISO 8601 dates have always been fine. There is no reason we shouldn't be using them.

ETA: Please verify that this is Pro-safe.

#10974

Make day in DisclosureDate optional for msftidy
Defaults to the first day of the month.

@wvu-r7 wvu-r7 requested a review from bcoles Nov 16, 2018

@bcoles

This comment has been minimized.

Contributor

bcoles commented Nov 16, 2018

Despite being illegible, your regex black magic appears to work as described:

# grep DisclosureDate modules/exploits/linux/local/test.rb 
      'DisclosureDate' => 'Jul 2018',
# ./tools/dev/msftidy.rb modules/exploits/linux/local/test.rb 
# 

Unrelated to this patch, but nice:

# grep DisclosureDate modules/exploits/linux/local/test.rb       'DisclosureDate' => 'Jul 69 2018',
# ./tools/dev/msftidy.rb modules/exploits/linux/local/test.rb 
#
@bcoles

This comment has been minimized.

Contributor

bcoles commented Nov 16, 2018

# grep DisclosureDate modules/exploits/linux/local/test.rb 
      'DisclosureDate' => 'Jul 0 2018',
# ./tools/dev/msftidy.rb modules/exploits/linux/local/test.rb 
# 
@bcoles

Appears to work as described.

@wvu-r7

This comment has been minimized.

Contributor

wvu-r7 commented Nov 16, 2018

msftidy regexing Ruby invites Zalgo.

@wvu-r7 wvu-r7 added the delayed label Nov 16, 2018

Rework DisclosureDate check to match core code
Framework core uses Date.parse, so many date formats are valid.

There is no reason we shouldn't be using ISO 8601 dates.

@wvu-r7 wvu-r7 changed the title from Make day in DisclosureDate optional for msftidy to Rework DisclosureDate check in msftidy Nov 16, 2018

wvu-r7 added some commits Nov 16, 2018

Use non-greedy regex against DisclosureDate
Zalgo. He comes.

wvu@kharak:~/metasploit-framework:bug/msftidy$ tools/dev/msftidy.rb modules/exploits/unix/webapp/jquery_file_upload.rb
"Oct 9 2018', # Larry"
wvu@kharak:~/metasploit-framework:bug/msftidy$
Update DisclosureDate to ISO 8601 in my modules
Basic msftidy fixer:

diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
     # Check disclosure date format
     if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
       d = $1  #Captured date
+      File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+      fixed('Probably updated traditional DisclosureDate to ISO 8601')
       # Flag if overall format is wrong
       if d =~ /^... (?:\d{1,2},? )?\d{4}$/
         # Flag if month format is wrong

@wvu-r7 wvu-r7 removed the delayed label Nov 16, 2018

@wvu-r7 wvu-r7 changed the title from Rework DisclosureDate check in msftidy to Rework DisclosureDate check in msftidy, including ISO 8601 support Nov 16, 2018

@busterb busterb self-assigned this Nov 16, 2018

@bcook-r7 bcook-r7 merged commit 2b231d3 into rapid7:master Nov 19, 2018

2 of 3 checks passed

Metasploit Automation - Sanity Test Execution Failed to pass tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

bcook-r7 pushed a commit that referenced this pull request Nov 19, 2018

@busterb

This comment has been minimized.

Contributor

busterb commented Nov 19, 2018

Release Notes

This enables support for ISO 8601 style dates for disclosure dates in modules.

msjenkins-r7 added a commit that referenced this pull request Nov 19, 2018

@wvu-r7 wvu-r7 deleted the wvu-r7:bug/msftidy branch Nov 19, 2018

@gdavidson-r7 gdavidson-r7 added the rn-fix label Dec 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment