rapid7/metasploit-framework

View on GitHub

Showing 19,155 of 19,155 total issues

Similar blocks of code found in 2 locations. Consider refactoring.
Open

class RPC_Db < RPC_Base

private

  include Metasploit::Credential::Creation
Severity: Major
Found in lib/msf/core/rpc/v10/rpc_db.rb and 1 other location - About 2 wks to fix
modules/exploits/multi/http/struts_include_params.rb on lines 113..134

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 4208.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method create_library has 3116 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def self.create_library(constant_manager, library_path = 'kernel32')
    dll = Library.new(library_path, constant_manager)

    dll.add_function( 'GetConsoleWindow', 'LPVOID',[])

    Method create_library has 2604 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def self.create_library(constant_manager, library_path = 'user32')
        dll = Library.new(library_path, constant_manager)
    
        dll.add_function('ActivateKeyboardLayout', 'DWORD',[
          ["DWORD","hkl","in"],

      Method cmd_wmap_run has a Cognitive Complexity of 488 (exceeds 5 allowed). Consider refactoring.
      Open

          def cmd_wmap_run(*args)
            # Stop everything
            self.masstop = false
            self.killwhenstop  = true
      
      
      Severity: Minor
      Found in plugins/wmap.rb - About 1 wk to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      File def_kernel32.rb has 3128 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      module Rex
      module Post
      module Meterpreter
      module Extensions
      module Stdapi

        Method create_library has 1774 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def self.create_library(constant_manager, library_path = 'advapi32')
            dll = Library.new(library_path, constant_manager)
        
            dll.add_function('QueryServiceStatus', 'DWORD', [
                ['LPVOID', 'hService', 'in'],

          Method run has a Cognitive Complexity of 419 (exceeds 5 allowed). Consider refactoring.
          Open

            def run
              max_search = datastore['MAX_SEARCH']
          
              db, dbfile = create_sqlite_db
              print_status "Database created: #{dbfile}"
          Severity: Minor
          Found in modules/post/windows/gather/ad_to_sqlite.rb - About 1 wk to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          File def_user32.rb has 2616 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          module Rex
          module Post
          module Meterpreter
          module Extensions
          module Stdapi

            File error.rb has 2530 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            module Msf::Post::Windows::Error
              SUCCESS = 0x0000
              INVALID_FUNCTION = 0x0001
              FILE_NOT_FOUND = 0x0002
              PATH_NOT_FOUND = 0x0003
            Severity: Major
            Found in lib/msf/core/post/windows/error.rb - About 1 wk to fix

              File g711.rb has 2166 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              module Rex
              module Proto
              module IAX2
              module Codecs
              class G711
              Severity: Major
              Found in lib/rex/proto/iax2/codecs/g711.rb - About 6 days to fix

                File dtc.rb has 2078 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                module Msf
                class Post
                module Hardware
                module Automotive
                
                
                Severity: Major
                Found in lib/msf/core/post/hardware/automotive/dtc.rb - About 5 days to fix

                  File def_advapi32.rb has 1800 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  module Rex
                  module Post
                  module Meterpreter
                  module Extensions
                  module Stdapi

                    File nessus.rb has 1787 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    require 'nessus_rest'
                    
                    module Msf
                    
                      PLUGIN_NAME        = 'Nessus'
                    Severity: Major
                    Found in plugins/nessus.rb - About 4 days to fix

                      File db.rb has 1768 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      require 'json'
                      require 'rexml/document'
                      require 'metasploit/framework/data_service'
                      require 'metasploit/framework/data_service/remote/http/core'
                      
                      
                      Severity: Major
                      Found in lib/msf/ui/console/command_dispatcher/db.rb - About 4 days to fix

                        File core.rb has 1759 lines of code (exceeds 250 allowed). Consider refactoring.
                        Open

                        require 'msf/core/opt_condition'
                        
                        require 'optparse'
                        
                        module Msf
                        Severity: Major
                        Found in lib/msf/ui/console/command_dispatcher/core.rb - About 4 days to fix

                          Method mikrotik_routeros_config_eater has a Cognitive Complexity of 228 (exceeds 5 allowed). Consider refactoring.
                          Open

                              def mikrotik_routeros_config_eater(thost, tport, config)
                                if framework.db.active
                                  credential_data = {
                                    address: thost,
                                    port: tport,
                          Severity: Minor
                          Found in lib/msf/core/auxiliary/mikrotik.rb - About 4 days to fix

                          Cognitive Complexity

                          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                          A method's cognitive complexity is based on a few simple rules:

                          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                          • Code is considered more complex for each "break in the linear flow of the code"
                          • Code is considered more complex when "flow breaking structures are nested"

                          Further reading

                          File wmap.rb has 1664 lines of code (exceeds 250 allowed). Consider refactoring.
                          Open

                          require 'rabal/tree'
                          
                          module Msf
                          
                          class Plugin::Wmap < Msf::Plugin
                          Severity: Major
                          Found in plugins/wmap.rb - About 4 days to fix

                            Method on_request_uri has 867 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def on_request_uri(cli, request)
                                if request.uri =~ %r{/apple-touch-icon*}
                                  return
                                elsif request.uri =~ %r{/favicon*}
                                  return
                            Severity: Major
                            Found in modules/exploits/apple_ios/browser/webkit_createthis.rb - About 4 days to fix

                              Method cmd_sessions has a Cognitive Complexity of 207 (exceeds 5 allowed). Consider refactoring.
                              Open

                                def cmd_sessions(*args)
                                  begin
                                  method   = nil
                                  quiet    = false
                                  show_active = false
                              Severity: Minor
                              Found in lib/msf/ui/console/command_dispatcher/core.rb - About 4 days to fix

                              Cognitive Complexity

                              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                              A method's cognitive complexity is based on a few simple rules:

                              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                              • Code is considered more complex for each "break in the linear flow of the code"
                              • Code is considered more complex when "flow breaking structures are nested"

                              Further reading

                              Similar blocks of code found in 2 locations. Consider refactoring.
                              Open

                                  0x20022000, 0x20000000, 0x0, 0x20022000, 0x0, 0x20022000, 0x20000000, 0x0, 0x20022000,
                                  0x20022000, 0x20000000, 0x22000, 0x22000, 0x0, 0x0, 0x20000000, 0x20000000, 0x0,
                                  0x22000, 0x20022000, 0x20022000, 0x20000000, 0x22000, 0x22000, 0x0, 0x22000,
                                  0x20022000, 0x20000000, 0x22000, 0x22000, 0x20000000, 0x0, 0x0, 0x20022000, 0x22000,
                                  0x20000000, 0x20022000, 0x20000000, 0x22000, 0x22000, 0x20000000, 0x22000,
                              Severity: Major
                              Found in modules/exploits/multi/misc/bmc_patrol_cmd_exec.rb and 1 other location - About 4 days to fix
                              modules/exploits/linux/misc/tplink_archer_a7_c7_lan_rce.rb on lines 129..202

                              Duplicated Code

                              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                              Tuning

                              This issue has a mass of 1025.

                              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                              Refactorings

                              Further Reading

                              Severity
                              Category
                              Status
                              Source
                              Language