You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Risky direct Key accesses on results of rpc calls are preformed throughout msfrpc.py and should be changed to .get() to avoid uncaught KeyErrors being thrown.
Risky direct Key accesses on results of rpc calls are preformed throughout
msfrpc.pyand should be changed to.get()to avoid uncaught KeyErrors being thrown.Examples:
pymetasploit3/pymetasploit3/msfrpc.py
Line 926 in 9776da5
https://github.com/DanMcInerney/pymetasploit3/blob/9776da55b0abacfa843a32204f3972ec7d9b3de7/pymetasploit3/msfrpc.py#L1691C16-L1691C16
I suggest doing something like:
val = <rpc_call>.get('<keyname>') if not val: raise Exceptionor just surrounded them with a KeyError catch
The text was updated successfully, but these errors were encountered: