Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,730 of 21,757 total issues

File file.rb has 755 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'rex/post/meterpreter/extensions/stdapi/command_ids'
require 'rex/post/file_stat'

module Msf::Post::File
  include Msf::Post::Common
Severity: Major
Found in lib/msf/core/post/file.rb - About 1 day to fix

    File snmp_enum.rb has 749 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::SNMPClient
  include Msf::Auxiliary::Report
  include Msf::Auxiliary::Scanner
    Severity: Major
    Found in modules/auxiliary/scanner/snmp/snmp_enum.rb - About 1 day to fix

      Method cmd_reg has a Cognitive Complexity of 86 (exceeds 5 allowed). Consider refactoring.
      Open

        def cmd_reg(*args)
    # Extract the command, if any
    cmd = args.shift

    if (args.length == 0)
      Severity: Minor
      Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      File mssql_enum.rb has 734 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::MSSQL
  include Msf::Auxiliary::Report
  include Msf::OptionalSession::MSSQL
      Severity: Major
      Found in modules/auxiliary/admin/mssql/mssql_enum.rb - About 1 day to fix

        Method sql_statement has 340 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def sql_statement()

    # DEFINED HEADER TEXT
    headings = [
      ["Server","Database", "Schema", "Table", "Column", "Data Type", "Sample Data","Row Count"]
        Severity: Major
        Found in modules/auxiliary/admin/mssql/mssql_findandsampledata.rb - About 1 day to fix

          Method run has a Cognitive Complexity of 85 (exceeds 5 allowed). Consider refactoring.
          Open

            def run
    return if not check_dependencies

    begin
      # Get all values from v$parameter
          Severity: Minor
          Found in modules/auxiliary/admin/oracle/oraenum.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method cmd_portfwd has a Cognitive Complexity of 85 (exceeds 5 allowed). Consider refactoring.
          Open

            def cmd_portfwd(*args)
    args.unshift('list') if args.empty?

    # For clarity's sake.
    lport = nil
          Severity: Minor
          Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          File ssllabs_scan.rb has 732 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          require 'active_support/inflector'
require 'json'
require 'active_support/core_ext/hash'

class MetasploitModule < Msf::Auxiliary
          Severity: Major
          Found in modules/auxiliary/gather/ssllabs_scan.rb - About 1 day to fix

            File readable_text.rb has 731 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            module Msf
module Serializer

# This class formats information in a plain-text format that
# is meant to be displayed on a console or some other non-GUI
            Severity: Major
            Found in lib/msf/base/serializer/readable_text.rb - About 1 day to fix

              File weblogic_deserialize_badattrval.rb has 728 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::CmdStager
              Severity: Major
              Found in modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb - About 1 day to fix

                Method end_element has a Cognitive Complexity of 84 (exceeds 5 allowed). Consider refactoring.
                Open

                  def end_element(name=nil)
    block = @block
    case name
    when 'name'
      if in_tag('result')
                Severity: Minor
                Found in lib/rex/parser/openvas_document.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method cmd_workspace has a Cognitive Complexity of 84 (exceeds 5 allowed). Consider refactoring.
                Open

                  def cmd_workspace(*args)
    return unless active?

    state = :nil
                Severity: Minor
                Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                File veeam_credential_dump.rb has 724 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                require 'metasploit/framework/credential_collection'

class MetasploitModule < Msf::Post
  include Msf::Post::Common
  include Msf::Post::File
                Severity: Major
                Found in modules/post/windows/gather/credentials/veeam_credential_dump.rb - About 1 day to fix

                  Method on_request_uri has 334 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def on_request_uri(cli, request)
    print_status("Sending #{request.uri}")
    if request.uri =~ %r{/exploit.html$}
      html = %Q^
<html>
                  Severity: Major
                  Found in modules/exploits/windows/browser/chrome_filereader_uaf.rb - About 1 day to fix

                    Class Core has 88 methods (exceeds 20 allowed). Consider refactoring.
                    Open

                    class Core

  include Msf::Ui::Console::CommandDispatcher
  include Msf::Ui::Console::CommandDispatcher::Common
  include Msf::Ui::Console::ModuleOptionTabCompletion
                    Severity: Major
                    Found in lib/msf/ui/console/command_dispatcher/core.rb - About 1 day to fix

                      File java_jdwp_debugger.rb has 718 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      class MetasploitModule < Msf::Exploit::Remote
  Rank = GoodRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::EXE
                      Severity: Major
                      Found in modules/exploits/multi/misc/java_jdwp_debugger.rb - About 1 day to fix

                        Method exploit has 329 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def exploit
    if target.name =~ /prestashop/
      uri = normalize_uri(target_uri.path)
      res = send_request_cgi({'uri' => uri})
      if res && res.code != 301
                        Severity: Major
                        Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 1 day to fix

                          Method import_netsparker_xml has a Cognitive Complexity of 82 (exceeds 5 allowed). Consider refactoring.
                          Open

                            def import_netsparker_xml(args={}, &block)
    data = args[:data]
    wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
    addr = nil
                          Severity: Minor
                          Found in lib/msf/core/db_manager/import/netsparker.rb - About 1 day to fix

                          Cognitive Complexity

                          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                          A method's cognitive complexity is based on a few simple rules:

                          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                          • Code is considered more complex for each "break in the linear flow of the code"
                          • Code is considered more complex when "flow breaking structures are nested"

                          Further reading

                          Method exploit has 326 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def exploit
    if is_root?
      fail_with Failure::BadConfig, 'Session already has root privileges'
    end
                          Severity: Major
                          Found in modules/exploits/solaris/local/rsh_stack_clash_priv_esc.rb - About 1 day to fix

                            Method cisco_ios_config_eater has 324 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                                def cisco_ios_config_eater(thost, tport, config)

      if framework.db.active
        credential_data = {
          address: thost,
                            Severity: Major
                            Found in lib/msf/core/auxiliary/cisco.rb - About 1 day to fix
                              Severity
                              Category
                              Status
                              Source
                              Language