Sign upLogin

hackedteam/vector-exploit

View on GitHub
Star

Showing 389 of 389 total issues

Function _read_7z_aes256_sha256 has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

    def _read_7z_aes256_sha256(self, coder, input):
        if not self._archive.password:
            raise NoPasswordGivenError()
        
        # TODO: this needs some sanity checks
Severity: Minor
Found in ht-2013-004-IE/pylzma.egg/py7zlib.py - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Avoid deeply nested control flow statements.
Open

                        if len(plaintext)-1 < i:
                            ciphertext[i] = 0 ^ output[i]
                        elif len(output)-1 < i:
                            ciphertext[i] = plaintext[i] ^ 0
                        elif len(plaintext)-1 < i and len(output) < i:
Severity: Major
Found in src/ht-webkit-Android4-src/precompiled/debug/slowaes.py - About 45 mins to fix

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

        for (var i = 0; i < CALLSTUB.length; i++) {
    memobj.write8(shellcode_addr + i, CALLSTUB[i]);
    }
    Severity: Minor
    Found in src/ht-webkit-Android4-src/precompiled/debug/script.js and 1 other location - About 45 mins to fix
    src/ht-webkit-Android4-src/precompiled/debug/script.js on lines 1655..1657

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 50.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

    if (isset($_POST['DEMO']) && $_POST['DEMO'] == "y")
{
    system("python26 exploit_demo.py payload:http $urlbase sendtotarget.zip original.ppsx \"".$_FILES['original']['name']."\" agent.exe server.zip \"$scout_name\" DEMO > /tmp/py.log 2>&1");
}
else
    Severity: Minor
    Found in src/exploit_vps/html/admin/upload_ppsx.php and 1 other location - About 40 mins to fix
    src/exploit_vps/html/admin/upload.php on lines 97..104

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 94.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

    if (isset($_POST['DEMO']) && $_POST['DEMO'] == "y")
{
    system("python26 exploit_demo.py payload:http $urlbase sendtotarget.zip original.docx \"".$_FILES['original']['name']."\" agent.exe server.zip \"$scout_name\" DEMO > /tmp/py.log 2>&1");
}
else
    Severity: Minor
    Found in src/exploit_vps/html/admin/upload.php and 1 other location - About 40 mins to fix
    src/exploit_vps/html/admin/upload_ppsx.php on lines 96..103

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 94.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

    function loadtext(filename) {
    var req = new XMLHttpRequest();
    req.open("GET", filename, false);
    req.send();
    // TODO error checking
    Severity: Minor
    Found in src/ht-webkit-Android4-src/precompiled/debug/script.js and 1 other location - About 40 mins to fix
    src/ht-webkit-Android4-src/precompiled/debug/script.js on lines 282..288

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 48.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

    function loadXML(filename) {
    var req = new XMLHttpRequest();
    req.open("GET", filename, false);
    req.send();
    // TODO error checking
    Severity: Minor
    Found in src/ht-webkit-Android4-src/precompiled/debug/script.js and 1 other location - About 40 mins to fix
    src/ht-webkit-Android4-src/precompiled/debug/script.js on lines 290..296

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 48.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Function stage4 has 5 arguments (exceeds 4 allowed). Consider refactoring.
    Open

    function stage4(memobj, rce, libc, libwebcore, addr) {
    Severity: Minor
    Found in src/ht-webkit-Android4-src/src/stage4.js - About 35 mins to fix

      Function encrypt has 5 arguments (exceeds 4 allowed). Consider refactoring.
      Open

          def encrypt(self, stringIn, mode, key, size, IV):
      Severity: Minor
      Found in src/ht-webkit-Android4-src/precompiled/release/slowaes.py - About 35 mins to fix

        Function stage2 has 5 arguments (exceeds 4 allowed). Consider refactoring.
        Open

        function stage2(page, base, iframe, xml, documentarea) {
        Severity: Minor
        Found in src/ht-webkit-Android4-src/precompiled/debug/script.js - About 35 mins to fix

          Function stage3 has 5 arguments (exceeds 4 allowed). Consider refactoring.
          Open

          function stage3 (memobj, webcoretext, node, addr, page) {
          Severity: Minor
          Found in src/ht-webkit-Android4-src/precompiled/debug/script.js - About 35 mins to fix

            Function XSLTObject has 5 arguments (exceeds 4 allowed). Consider refactoring.
            Open

            function XSLTObject(page, childrenaddr, nameaddr, elementaddr, xml) {
            Severity: Minor
            Found in src/ht-webkit-Android4-src/precompiled/debug/script.js - About 35 mins to fix

              Function encrypt has 5 arguments (exceeds 4 allowed). Consider refactoring.
              Open

                  def encrypt(self, stringIn, mode, key, size, IV):
              Severity: Minor
              Found in src/edn2/2014-004-AndroidBrowser/slowaes.py - About 35 mins to fix

                Function xslt_exploit has 5 arguments (exceeds 4 allowed). Consider refactoring.
                Open

                function xslt_exploit(iframe, xml, base, documentarea, pagenum) {
                Severity: Minor
                Found in src/ht-webkit-Android4-src/precompiled/debug/script.js - About 35 mins to fix

                  Function RCE has 5 arguments (exceeds 4 allowed). Consider refactoring.
                  Open

                  function RCE(memobj, node, structfn, callstub, fakevtable) {
                  Severity: Minor
                  Found in src/ht-webkit-Android4-src/precompiled/debug/script.js - About 35 mins to fix

                    Function stage4 has 5 arguments (exceeds 4 allowed). Consider refactoring.
                    Open

                    function stage4(memobj, rce, libc, libwebcore, addr) {
                    Severity: Minor
                    Found in src/ht-webkit-Android4-src/precompiled/debug/stage4.js - About 35 mins to fix

                      Function encrypt has 5 arguments (exceeds 4 allowed). Consider refactoring.
                      Open

                          def encrypt(self, stringIn, mode, key, size, IV):
                      Severity: Minor
                      Found in src/ht-webkit-Android4-src/ext/slowaes.py - About 35 mins to fix

                        Function encrypt has 5 arguments (exceeds 4 allowed). Consider refactoring.
                        Open

                            def encrypt(self, stringIn, mode, key, size, IV):
                        Severity: Minor
                        Found in src/ht-webkit-Android4-src/precompiled/debug/slowaes.py - About 35 mins to fix

                          Identical blocks of code found in 2 locations. Consider refactoring.
                          Open

                              for (var i = 0; i < arr.length; i++) {
    this.write8(addr + i, arr[i]);
    }
                          Severity: Minor
                          Found in src/ht-webkit-Android4-src/precompiled/debug/script.js and 1 other location - About 35 mins to fix
                          src/ht-webkit-Android4-src/precompiled/debug/script.js on lines 2441..2443

                          Duplicated Code

                          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                          Tuning

                          This issue has a mass of 47.

                          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                          Refactorings

                          Further Reading

                          Identical blocks of code found in 2 locations. Consider refactoring.
                          Open

                              for (var i = 0; i < arr.length; i++) {
    this.write8(addr + i, arr[i]);
    }
                          Severity: Minor
                          Found in src/ht-webkit-Android4-src/precompiled/debug/script.js and 1 other location - About 35 mins to fix
                          src/ht-webkit-Android4-src/precompiled/debug/script.js on lines 2450..2452

                          Duplicated Code

                          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                          Tuning

                          This issue has a mass of 47.

                          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                          Refactorings

                          Further Reading

                          Severity
                          Category
                          Status
                          Source
                          Language