-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Turn off Ruby deprecation warnings for all users #13360
Conversation
@@ -8,6 +8,9 @@ | |||
require 'pathname' | |||
|
|||
begin | |||
# TODO: Temporary until warnings can be turned on only for developers to prevent confusion for end users | |||
Warning[:deprecated] = false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would any of the other tools be impacted, like msfvenom etc?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't believe this should affect any other tools no
do you think we should be disabling warnings from other tools? I don't think we've had any issues from that (yet)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In some scenarios msfvenom loads msf, which will trigger warnings:
$ ruby --version
ruby 2.7.0p0 (2019-12-25 revision 647ee6f091) [x86_64-darwin18]
$ bundle exec ruby ./msfvenom -p windows/meterpreter/reverse_tcp LHOST=127.0.0.1 --encrypt rc4 --encrypt-key thisisakey -f c
/Users/user/.rvm/gems/ruby-2.7.0/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract_adapter.rb:84: warning: deprecated Object#=~ is called on Integer; it always returns nil
/Users/user/.rvm/gems/ruby-2.7.0/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract_adapter.rb:84: warning: deprecated Object#=~ is called on Integer; it always returns nil
...
Other tools may also load msf
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm good to land this change for now, and we can look into the other edgecases as part of the follow up work 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
➜ metasploit-framework git:(turn-off-warnings) ✗ ./msfvenom -p windows/meterpreter/reverse_tcp LHOST=127.0.0.1 --encrypt rc4 --encrypt-key thisisakey -f c
/Users/dwelch/.rvm/gems/ruby-2.7.0@metasploit-framework/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract_adapter.rb:84: warning: deprecated Object#=~ is called on Integer; it always returns nil
/Users/dwelch/.rvm/gems/ruby-2.7.0@metasploit-framework/gems/activerecord-4.2.11.1/lib/active_record/connection_adapters/abstract_adapter.rb:84: warning: deprecated Object#=~ is called on Integer; it always returns nil
just checked, it doesn't affect msfvenom, it's loading those files sure but not via the msfconsole file where I added the change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
msfvenom loads msf directly here:
Lines 21 to 32 in 2dc26db
def require_deps | |
require 'msfenv' | |
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB'] | |
require 'rex' | |
require 'msf/ui' | |
require 'msf/base' | |
require 'msf/core/payload_generator' | |
@framework_loaded = true | |
end |
I think that means that either the deprecated warning suppression needs to be in the entrypoints of our tools, or closer to the entrypoint of msf itself.
Confirmed that this no longer shows warnings with Ruby 2.7 on bootup, or later: Master:
Branch:
|
Release NotesThe msfconsole will no longer output ActiveRecord warning messages on start up when using Ruby 2.7.x |
Turns off warnings for all users, this is a temporary measure to limit the confusion we're seeing with end users on ruby 2.7.0 that now produces several warnings.
There will be another PR up soon to enable warnings only when msf is being used in a development environment