Update rubocop target ruby version

.rubocop.yml

@@ -9,7 +9,7 @@
 # inherit_from: .rubocop_todo.yml
 
 AllCops:
-  TargetRubyVersion: 2.6
+  TargetRubyVersion: 2.7
   SuggestExtensions: false
   NewCops: disable
 

modules/auxiliary/admin/http/netgear_pnpx_getsharefolderlist_auth_bypass.rb

@@ -40,7 +40,7 @@ def initialize(info = {})
           'Stability' => [CRASH_SAFE],
           'Reliability' => [REPEATABLE_SESSION],
           'SideEffects' => [CONFIG_CHANGES, IOC_IN_LOGS],
-          'RelatedModules' => [ 'exploit/linux/telnet/netgear_telnetenable' ], # This module relies on users also running exploit/linux/telnet/netgear_telnetenable to get the shell.
+          'RelatedModules' => [ 'exploit/linux/telnet/netgear_telnetenable' ] # This module relies on users also running exploit/linux/telnet/netgear_telnetenable to get the shell.
         },
         'DisclosureDate' => '2021-09-06',
         'DefaultTarget' => 0

modules/auxiliary/admin/http/netgear_r6700_pass_reset.rb

@@ -53,7 +53,7 @@ def initialize(info = {})
           # resetting the router to the default factory password.
           'Stability' => [ CRASH_SERVICE_DOWN ], # This module will crash the target service after it is run.
           'Reliability' => [],
-          'RelatedModules' => [ 'exploit/linux/telnet/netgear_telnetenable' ], # This module relies on users also running exploit/linux/telnet/netgear_telnetenable to get the shell.
+          'RelatedModules' => [ 'exploit/linux/telnet/netgear_telnetenable' ] # This module relies on users also running exploit/linux/telnet/netgear_telnetenable to get the shell.
         },
         'DisclosureDate' => '2020-06-15',
         'DefaultTarget' => 0

modules/auxiliary/admin/networking/cisco_vpn_3000_ftp_bypass.rb

@@ -48,7 +48,7 @@ def initialize(info = {})
   def run
     connect
     res = sock.get_once
-    if (res && res =~ /220 Session will be terminated after/)
+    if res && res =~ /220 Session will be terminated after/
       print_status('Target appears to be a Cisco VPN Concentrator 3000 series.')
 
       test = Rex::Text.rand_text_alphanumeric(8)

modules/auxiliary/gather/grandstream_ucm62xx_sql_account_guess.rb

@@ -117,7 +117,6 @@ def run
 
       wsock.put_wstext(create_injection_request(payload))
       recv_wsframe_status(wsock) == 0
-
     rescue Rex::Proto::Http::WebSocket::ConnectionError => e
       res = e.http_response
       fail_with(Failure::Unreachable, e.message) if res.nil?

modules/auxiliary/gather/prometheus_node_exporter_gather.rb

@@ -57,11 +57,10 @@ def run
 
     fail_with(Failure::Unreachable, "#{peer} - Could not connect to web service - no response") if res.nil?
     fail_with(Failure::UnexpectedReply, "#{peer} - Unexpected response from server (response code #{res.code})") unless res.code == 200
-    fail_with(Failure::UnexpectedReply, "#{peer} - Prometheus Node Exporter not found") unless (
+    fail_with(Failure::UnexpectedReply, "#{peer} - Prometheus Node Exporter not found") unless
       res.body.include?('<h2>Prometheus Node Exporter</h2>') ||
       res.body.include?('<title>Node Exporter</title>') || # version 0.15.2
       res.body.include?('<h2>Prometheus Exporter for Windows servers</h2>')
-    )
 
     vprint_good("#{peer} - Prometheus Node Exporter version: #{Regexp.last_match(1)}") if res.body =~ /version=([\d.]+)/
 

modules/auxiliary/scanner/http/emby_ssrf_scanner.rb

@@ -18,11 +18,11 @@ def initialize
       'Author' => 'Btnz',
       'License' => MSF_LICENSE,
       'Disclosure Date' => '2020-10-01',
-      'Notes'               => {
-        'Stability'         => [],
-        'SideEffects'       => [],
-        'Reliability'       => [],
-        'RelatedModules' => ['auxiliary/scanner/http/emby_version_ssrf'],
+      'Notes' => {
+        'Stability' => [],
+        'SideEffects' => [],
+        'Reliability' => [],
+        'RelatedModules' => ['auxiliary/scanner/http/emby_version_ssrf']
       },
       'References' => [
         ['CVE', '2020-26948'],

modules/auxiliary/scanner/http/fortimail_login_bypass_detection.rb

@@ -70,7 +70,7 @@ def run_host(ip)
 
     version_raw = res.body[/fml-admin-login-(\d+).js/, 1]
     version = version_raw.to_i
-    unless (res.body.include?('newpassword') && (version.between?(140, 160) || version.between?(730, 745) || version.between?(250, 263)))
+    unless res.body.include?('newpassword') && (version.between?(140, 160) || version.between?(730, 745) || version.between?(250, 263))
       print_bad("#{ip} - Not vulnerable version (Build: #{version_raw}) of FortiMail detected")
       return :abort
     end

modules/auxiliary/scanner/scada/bacnet_l3.rb

@@ -156,7 +156,7 @@ def broadcast_who_is
     loop do
       data, host, port = lsocket.recvfrom(65535, datastore['TIMEOUT'])
       data2, host2, port2 = ssocket.recvfrom(65535, datastore['TIMEOUT'])
-      break if (host.nil? && host2.nil?)
+      break if host.nil? && host2.nil?
 
       cap << [data, host, port] if host
       cap << [data2, host2, port2] if host2

modules/exploits/freebsd/http/citrix_formssso_target_rce.rb

@@ -208,7 +208,7 @@ def exploit
 
     send_request_cgi({
       'uri' => normalize_uri(datastore['TARGETURI'], 'gwtest', 'formssso'),
-      'encode_params' => false,  # we'll encode them ourselves
+      'encode_params' => false, # we'll encode them ourselves
       'vars_get' => {
         'event' => 'start',
         'target' => buffer

modules/exploits/linux/http/apache_superset_cookie_sig_rce.rb

@@ -531,7 +531,7 @@ def cleanup
     super
 
     # We didn't know the previous values, so just blank out XXX
-    unless (@client_id.nil? || @csrf_token.nil? || @db_id.nil? || @values_to_reset.nil?)
+    unless @client_id.nil? || @csrf_token.nil? || @db_id.nil? || @values_to_reset.nil?
       print_status('Unsetting RCE Payloads')
       @values_to_reset.each do |row|
         next if row[0] == 'id' # headers
@@ -540,7 +540,7 @@ def cleanup
 
         set_query_latest_query_id
         is_binary = false
-        if (row[1].starts_with?("b'") && row[1].ends_with?("'"))
+        if row[1].starts_with?("b'") && row[1].ends_with?("'")
           row[1] = row[1][2..-2] # remove encoding and substring marks
           row[1] = Rex::Text.to_hex(row[1])
           row[1] = row[1].gsub('\x', '') # we only need a beginning \x not every character for this format

modules/exploits/linux/http/fortinet_authentication_bypass_cve_2022_40684.rb

@@ -187,7 +187,7 @@ def detect_username
       'method' => 'GET',
       'uri' => normalize_uri(target_uri.path, '/system/admin')
     )
-    users = res.get_json_document['results'].collect { |e| e['name'] if (e['accprofile'] == 'super_admin' && e['trusthost1'] == '0.0.0.0 0.0.0.0') }.compact
+    users = res.get_json_document['results'].collect { |e| e['name'] if e['accprofile'] == 'super_admin' && e['trusthost1'] == '0.0.0.0 0.0.0.0' }.compact
     # we prefer to use admin, but if it doesn't exist we chose a random one.
     if datastore['PREFER_ADMIN']
       vprint_status("PREFER_ADMIN is #{datastore['PREFER_ADMIN']}, but if it isn't found we will pick a random one.")

modules/exploits/linux/http/froxlor_log_path_rce.rb

@@ -137,7 +137,7 @@ def get_csrf_token(url)
       'keep_cookies' => true
     )
 
-    fail_with(Failure::UnexpectedReply, "Failed to get csrf token from #{normalize_uri(target_uri.path, url)}") unless (!res.nil? || res.code == 200)
+    fail_with(Failure::UnexpectedReply, "Failed to get csrf token from #{normalize_uri(target_uri.path, url)}") unless !res.nil? || res.code == 200
     csrf_token = res.get_html_document.at('//input[@name="csrf_token"]/@value')&.text
     fail_with(Failure::UnexpectedReply, "No CSRF token found when querying #{normalize_uri(target_uri.path, url)}.") unless csrf_token
     print_good("CSRF token is : #{csrf_token}")

modules/exploits/linux/http/hikvision_cve_2021_36260_blind.rb

@@ -119,7 +119,7 @@ def check
     })
 
     return CheckCode::Unknown("Didn't receive a response from the target.") unless res
-    return CheckCode::Safe('The target did not respond with a 200 OK or 500 error') unless (res.code == 200 || res.code == 500)
+    return CheckCode::Safe('The target did not respond with a 200 OK or 500 error') unless res.code == 200 || res.code == 500
 
     # Some cameras are not vulnerable and still respond 500. We can weed them out by making
     # the remote target sleep and use a low timeout. This might not be good for high latency targets
@@ -162,7 +162,7 @@ def execute_command(cmd, _opts = {})
     })
 
     fail_with(Failure::Disconnected, 'Connection failed') unless res
-    fail_with(Failure::UnexpectedReply, "HTTP status code is not 200 or 500: #{res.code}") unless (res.code == 200 || res.code == 500)
+    fail_with(Failure::UnexpectedReply, "HTTP status code is not 200 or 500: #{res.code}") unless res.code == 200 || res.code == 500
   end
 
   def exploit

modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb

@@ -191,7 +191,7 @@ def mod3_key_generator(seed)
         else
           found0s += 1
         end
-        power_of_2 = power_of_2 << 1
+        power_of_2 <<= 1
       end
     end
     return seed, round4_array

modules/exploits/linux/misc/tplink_archer_a7_c7_lan_rce.rb

@@ -336,7 +336,7 @@ def on_request_uri(cli, _request)
   end
 
   def exploit
-    if ((datastore['SRVHOST'] == '0.0.0.0') || (datastore['SRVHOST'] == '::'))
+    if (datastore['SRVHOST'] == '0.0.0.0') || (datastore['SRVHOST'] == '::')
       fail_with(Failure::Unreachable, "#{peer} - Please specify the LAN IP address of this computer in SRVHOST")
     end
 

modules/exploits/linux/ssh/microfocus_obr_shrboadmin.rb

@@ -26,7 +26,7 @@ def initialize(info = {})
         },
         'License' => MSF_LICENSE,
         'Author' => [
-          'Pedro Ribeiro <pedrib[at]gmail.com>'        # Vulnerability discovery and Metasploit module
+          'Pedro Ribeiro <pedrib[at]gmail.com>' # Vulnerability discovery and Metasploit module
         ],
         'References' => [
           [ 'CVE', '2020-11857' ],

modules/exploits/multi/http/atutor_upload_traversal.rb

@@ -303,7 +303,7 @@ def create_zip_and_upload(exploit)
       fail_with(Failure::Unknown, 'Connection failed while trying to upload the payload.')
     end
 
-    unless (res.code == 200 || res.code == 302)
+    unless res.code == 200 || res.code == 302
       fail_with(Failure::Unknown, 'Failed to upload the payload.')
     end
     print_status("Uploaded malicious PHP file #{@pl_file}.")

modules/exploits/multi/http/gitlab_file_read_rce.rb

@@ -454,11 +454,11 @@ def check
 
     # Arbitrary file reads are present from 8.5 and fixed in 12.9.1, 12.8.8, and 12.7.8
     # However, RCE is only available from 12.4 and fixed in 12.9.1, 12.8.8, and 12.7.8
-    has_rce_present = (
+    has_rce_present =
       version.between?(Rex::Version.new('12.4.0'), Rex::Version.new('12.7.7')) ||
-        version.between?(Rex::Version.new('12.8.0'), Rex::Version.new('12.8.7')) ||
-        version == Rex::Version.new('12.9.0')
-    )
+      version.between?(Rex::Version.new('12.8.0'), Rex::Version.new('12.8.7')) ||
+      version == Rex::Version.new('12.9.0')
+
     if has_rce_present
       return Exploit::CheckCode::Appears("GitLab #{version} is a vulnerable version.")
     end

modules/exploits/multi/http/gitlab_github_import_rce_cve_2022_2992.rb

@@ -107,11 +107,10 @@ def check
 
     version = Rex::Version.new(gitlab_version)
 
-    return CheckCode::Safe("Detected GitLab version #{version} which is not vulnerable") unless (
+    return CheckCode::Safe("Detected GitLab version #{version} which is not vulnerable") unless
       version.between?(Rex::Version.new('11.10'), Rex::Version.new('15.1.6')) ||
       version.between?(Rex::Version.new('15.2'), Rex::Version.new('15.2.4')) ||
       version.between?(Rex::Version.new('15.3'), Rex::Version.new('15.3.2'))
-    )
 
     report_vuln(
       host: rhost,

modules/exploits/multi/http/phpstudy_backdoor_rce.rb

@@ -19,7 +19,7 @@ def initialize(info = {})
         'License' => MSF_LICENSE,
         'Author' => [
           'Dimensional', # POC
-          'Airevan'       # Metasploit Module
+          'Airevan' # Metasploit Module
         ],
         'Platform' => ['php'],
         'Arch' => ARCH_PHP,

modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb

@@ -117,11 +117,10 @@ def check
     body = res.get_json_document
     version = Rex::Version.new(body['generator']['version'])
 
-    return CheckCode::Safe("Detected Splunk version #{version} which is not vulnerable") unless (
+    return CheckCode::Safe("Detected Splunk version #{version} which is not vulnerable") unless
       (Rex::Version.new('9.0.0') <= version && version < Rex::Version.new('9.0.5')) ||
       (Rex::Version.new('8.2.0') <= version && version < Rex::Version.new('8.2.11')) ||
       (Rex::Version.new('8.1.0') <= version && version < Rex::Version.new('8.1.14'))
-    )
 
     print_status("Detected Splunk version #{version} which is vulnerable")
     capabilities = body['entry'].first['content']['capabilities']

modules/exploits/unix/webapp/aerohive_netconfig_lfi_log_poison_rce.rb

@@ -229,7 +229,7 @@ def execute_command(cmd, _opts = {})
         'debug' => 'true'
       },
       'vars_post' => {
-        '_page' => rand_text_alphanumeric(1) + '/..' * 8 + '/' * 4041 + '/tmp/messages',  # Trigger LFI through path truncation
+        '_page' => rand_text_alphanumeric(1) + '/..' * 8 + '/' * 4041 + '/tmp/messages', # Trigger LFI through path truncation
         @shell_cmd_name => cmd
       }
     }, 0)

modules/exploits/unix/webapp/wp_wpdiscuz_unauthenticated_file_upload.rb

@@ -23,7 +23,7 @@ def initialize(info = {})
         },
         'Author' => [
           'Chloe Chamberland', # Vulnerability Discovery, initial msf module
-          'Hoa Nguyen - SunCSR'  # Metasploit Module enhancement
+          'Hoa Nguyen - SunCSR' # Metasploit Module enhancement
         ],
         'License' => MSF_LICENSE,
         'References' => [

modules/exploits/windows/http/hpe_sim_76_amf_deserialization.rb

@@ -133,7 +133,7 @@ def payload_template_adjustments(original_content, cmd)
           break
         else
           pack_array.prepend((current_number >> 7) | 0x80)
-          current_number = current_number >> 7
+          current_number >>= 7
         end
         count += 1
       end

modules/exploits/windows/http/manageengine_adaudit_plus_cve_2022_28219.rb

@@ -78,7 +78,7 @@ def initialize(info = {})
   end
 
   def srv_host
-    if ((datastore['SRVHOST'] == '0.0.0.0') || (datastore['SRVHOST'] == '::'))
+    if (datastore['SRVHOST'] == '0.0.0.0') || (datastore['SRVHOST'] == '::')
       return datastore['URIHOST'] || Rex::Socket.source_address(rhost)
     end
 

modules/exploits/windows/http/moveit_cve_2023_34362.rb

@@ -140,7 +140,7 @@ def cleanup_user(files_json)
     deleteuser_payload = [
       "DELETE FROM moveittransfer.fileuploadinfo WHERE FileID='#{files_json['fileId']}'", # delete the deserialization payload
       "DELETE FROM moveittransfer.files WHERE UploadUsername='#{hax_username}'", # delete the file we uploaded
-      "DELETE FROM moveittransfer.activesessions WHERE Username='#{hax_username}'", #
+      "DELETE FROM moveittransfer.activesessions WHERE Username='#{hax_username}'",
       "DELETE FROM moveittransfer.users WHERE Username='#{hax_username}'", # delete the user account we created
       "DELETE FROM moveittransfer.log WHERE Username='#{hax_username}'", # The web ASP stuff logs by username
       "DELETE FROM moveittransfer.log WHERE Username='#{hax_loginname}'", # The API logs by loginname

modules/exploits/windows/http/sharepoint_ssi_viewstate.rb

@@ -143,7 +143,7 @@ def check
   end
 
   def exploit
-    if (username.blank? && password.blank?)
+    if username.blank? && password.blank?
       if cookie.blank?
         fail_with(Failure::BadConfig, 'HttpUsername and HttpPassword or COOKIE are required for exploitation')
       end

modules/exploits/windows/http/sharepoint_unsafe_control.rb

@@ -146,7 +146,7 @@ def check
   end
 
   def exploit
-    if (username.blank? && password.blank?)
+    if username.blank? && password.blank?
       if cookie.blank?
         fail_with(Failure::BadConfig, 'HttpUsername and HttpPassword or COOKIE are required for exploitation')
       end

modules/exploits/windows/nimsoft/nimcontroller_bof.rb

@@ -179,7 +179,7 @@ def generate_rop_chain
       0x0000000000000000, #
       0x0000000000000000, #
       0x0000000000000000
-    ] #
+    ]
     rop_gadgets += [0x0000000140018c42] * 10 # ret
     rop_gadgets += [
       0x0000000140131643, # pop rcx ; ret
@@ -212,7 +212,7 @@ def generate_rop_chain
       0x0000000000000000, #
       0x0000000000000000, #
       0x0000000000000000
-    ] #
+    ]
     rop_gadgets += [0x0000000140018c42] * 10 # ret
     rop_gadgets += [
       0x0000000140131643, # pop rcx ; ret
@@ -232,7 +232,7 @@ def generate_rop_chain
       0x0000000000000000, #
       0x0000000000000000, #
       0x0000000000000000
-    ] #
+    ]
     rop_gadgets += [0x0000000140018c42] * 6 # ret
     rop_gadgets += [
       0x0000000140002ef6, # pop rax ; ret
@@ -266,7 +266,7 @@ def generate_rop_chain
       0x0000000000000000, #
       0x0000000000000000, #
       0x0000000000000000
-    ] #
+    ]
     rop_gadgets += [0x0000000140018c42] * 10 # ret
     rop_gadgets += [
       0x0000000140131643, # pop rcx ; ret
@@ -300,7 +300,7 @@ def generate_rop_chain
       0x0000000000000000, #
       0x0000000000000000, #
       0x0000000000000000
-    ] #
+    ]
     rop_gadgets += [0x0000000140018c42] * 10 # ret
     rop_gadgets += [
       0x0000000140131643, # pop rcx ; ret

modules/payloads/singles/cmd/unix/bind_aws_instance_connect.rb

@@ -34,6 +34,6 @@ def initialize(info = {})
   def on_session(session)
     super
 
-    session.arch.clear  # undo the ARCH_ALL amalgamation
+    session.arch.clear # undo the ARCH_ALL amalgamation
   end
 end

modules/payloads/singles/generic/shell_bind_aws_ssm.rb

@@ -33,6 +33,6 @@ def initialize(info = {})
   def on_session(session)
     super
 
-    session.arch.clear  # undo the ARCH_ALL amalgamation
+    session.arch.clear # undo the ARCH_ALL amalgamation
   end
 end

modules/payloads/singles/generic/ssh/interact.rb

@@ -33,6 +33,6 @@ def initialize(info = {})
   def on_session(session)
     super
 
-    session.arch.clear  # undo the ARCH_ALL amalgamation
+    session.arch.clear # undo the ARCH_ALL amalgamation
   end
 end