search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.12k stars 13.97k forks source link

Duplicate key issues on a few modules #4818

Closed archey closed 9 years ago

archey commented 9 years ago 
/usr/share/metasploit/lib/rex/proto/http/server.rb:83: warning: duplicated key at line 84 ignored: "jpeg"
/usr/share/metasploit/lib/rex/proto/smb/exceptions.rb:11: warning: duplicated key at line 12 ignored: 0
/usr/share/metasploit/lib/rex/proto/smb/exceptions.rb:17: warning: duplicated key at line 18 ignored: 128
/usr/share/metasploit/vendor/bundle/ruby/2.2.0/gems/activesupport-3.2.21/lib/active_support/values/time_zone.rb:270: warning: circular argument reference - now
/usr/share/metasploit/lib/msf/core/post/windows/ldap.rb:67: warning: duplicated key at line 71 ignored: 9
[*] Starting the Metasploit Framework console...
/usr/share/metasploit/modules/post/windows/gather/credentials/razorsql.rb:130: warning: duplicated key at line 131 ignored: "N"
/usr/share/metasploit/modules/exploits/windows/scada/winlog_runtime_2.rb:40: warning: duplicated key at line 47 ignored: "Platform"
/usr/share/metasploit/modules/exploits/windows/http/hp_pcm_snac_update_domain.rb:44: warning: duplicated key at line 50 ignored: "DefaultOptions"
/usr/share/metasploit/modules/exploits/windows/http/hp_pcm_snac_update_certificates.rb:44: warning: duplicated key at line 50 ignored: "DefaultOptions"
/usr/share/metasploit/modules/exploits/windows/local/pxeexploit.rb:33: warning: duplicated key at line 51 ignored: "DefaultOptions"
/usr/share/metasploit/modules/exploits/windows/browser/cisco_playerpt_setsource.rb:52: warning: duplicated key at line 60 ignored: "DefaultOptions"
/usr/share/metasploit/modules/exploits/windows/browser/ntr_activex_check_bof.rb:54: warning: duplicated key at line 62 ignored: "DefaultOptions"
/usr/share/metasploit/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb:56: warning: duplicated key at line 62 ignored: "DefaultOptions"
/usr/share/metasploit/modules/exploits/windows/browser/ms13_090_cardspacesigninhelper.rb:112: warning: duplicated key at line 114 ignored: "massage_array"
/usr/share/metasploit/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb:60: warning: duplicated key at line 66 ignored: "DefaultOptions"
/usr/share/metasploit/modules/exploits/windows/browser/ntr_activex_stopmodule.rb:51: warning: duplicated key at line 58 ignored: "DefaultOptions"
/usr/share/metasploit/modules/exploits/windows/backupexec/name_service.rb:43: warning: duplicated key at line 44 ignored: "MinNops"
/usr/share/metasploit/modules/exploits/windows/mssql/mssql_linkcrawler.rb:44: warning: duplicated key at line 52 ignored: "Platform"
/usr/share/metasploit/modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb:188: warning: duplicated key at line 192 ignored: "opendns_parental_ctrl"
/usr/share/metasploit/modules/exploits/multi/misc/java_jmx_server.rb:107: warning: duplicated key at line 107 ignored: "RPORT"
/usr/share/metasploit/modules/exploits/multi/misc/java_jmx_server.rb:139: warning: duplicated key at line 139 ignored: "RPORT"
/usr/share/metasploit/modules/auxiliary/scanner/http/http_login.rb:28: warning: duplicated key at line 30 ignored: "References"
/usr/share/metasploit/modules/auxiliary/scanner/http/bmc_trackit_passwd_reset.rb:134: warning: duplicated key at line 135 ignored: "SelectedQuestion"
/usr/share/metasploit/modules/auxiliary/scanner/http/bmc_trackit_passwd_reset.rb:136: warning: duplicated key at line 137 ignored: "answer"
/usr/share/metasploit/modules/auxiliary/scanner/http/bmc_trackit_passwd_reset.rb:138: warning: duplicated key at line 139 ignored: "confirmanswer"

ruby version ruby 2.2.0p0 (2014-12-25 revision 49005) [x86_64-linux]

These dont seem to affect creating handlers or using payloads, I believe this would just affect the above mentioned modules.

hdm commented 9 years ago

This is a Ruby 2.2.x compatibility issue, we might want to track this under a new label.

hdm commented 9 years ago

It looks like Ruby's behavior here is to throw a warning if the same key with the same value is set on the same hash. The modules/auxiliary/scanner/http/http_login.rb issue is due to an empty References array, which is a "duplicate" of the parent hashes default value. The lib/rex/proto/http/server.rb issue is just a duplicate line in a hash initializer (likely a bad merge).

todb-r7 commented 9 years ago

This is all due to the fix at https://bugs.ruby-lang.org/issues/10315 . I was trying to come up with a reason to ignore these 2.2 warnings, but I am foiled. According to https://www.ruby-lang.org/en/downloads/ , current stable is 2.2, previous stable is 2.1. I still think it's a little premature to call 2.2 "stable" since it was just released on Dec 25, 2014, but there it is.

There are loads of projects running into this problem. Seems like a good idea not to duplicate hash keys. Example:

foo_hash = {
  foo: 1,
  bar: 2,
  bar: 3,
  baz: 4
}
puts foo_hash.inspect

Causes the warning on 2.2, not on 2.1.

At any rate, if we're going to start fixing things for 2.2, which I suppose we should given the production-ready(?) status of 2.2.0, we ought to add 2.2 testing to Travis-CI once these and other errors and warnings are cleared. Maybe pop up a branch like we have for staging/rails-4.0? Otherwise we're just fixing things in the dark.

todb-r7 commented 9 years ago

This is a Ruby 2.2.x compatibility issue, we might want to track this under a new label.

Since we're going to treat 2.2 and 2.1 the same, may as well have one label. That label list is getting a little long anyway, and too much labelling is going to make my eyeballs hurt.

todb-r7 commented 9 years ago

/cc @bcook-r7 who's working on @wvu-r7's fix at #4832 now

bcook-r7 commented 9 years ago

Ah, thanks. Let me retest with ruby2.2 real quick.