rapid7/metasploit-framework

View on GitHub

Showing 15,639 of 21,649 total issues

Method on_request_uri has 323 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def on_request_uri(cli, request)
    user_agent = request['User-Agent']
    print_status("Request from #{user_agent}")
    offsets = get_offsets(user_agent)
    unless offsets
Severity: Major
Found in modules/exploits/osx/browser/safari_proxy_object_type_confusion.rb - About 1 day to fix

    Method asm_reverse_http has 323 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def asm_reverse_http(opts={})
    
        retry_count   = opts[:retry_count].to_i
        retry_wait   = opts[:retry_wait].to_i * 1000
        proxy_enabled = !!(opts[:proxy_host].to_s.strip.length > 0)
    Severity: Major
    Found in lib/msf/core/payload/windows/reverse_http.rb - About 1 day to fix

      Method run_host has a Cognitive Complexity of 81 (exceeds 5 allowed). Consider refactoring.
      Open

        def run_host(target_host)
          case
            when action.name == 'LISTFILES'
              res = http_post('listFiles')
              unless res
      Severity: Minor
      Found in modules/auxiliary/scanner/http/es_file_explorer_open_port.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method information_leak has a Cognitive Complexity of 81 (exceeds 5 allowed). Consider refactoring.
      Open

        def information_leak
          print_status("Trying information leak...")
          leaked_arch = nil
          leaked_addr = []
      
      
      Severity: Minor
      Found in modules/exploits/linux/smtp/exim_gethostbyname_bof.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method report_vuln has a Cognitive Complexity of 81 (exceeds 5 allowed). Consider refactoring.
      Open

        def report_vuln(opts)
          return if not active
          raise ArgumentError.new("Missing required option :host") if opts[:host].nil?
          raise ArgumentError.new("Deprecated data column for vuln, use .info instead") if opts[:data]
          name = opts[:name] || return
      Severity: Minor
      Found in lib/msf/core/db_manager/vuln.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      File lastpass_creds.rb has 697 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      require 'English'
      require 'sqlite3'
      require 'uri'
      
      class MetasploitModule < Msf::Post
      Severity: Major
      Found in modules/post/multi/gather/lastpass_creds.rb - About 1 day to fix

        Method asm_reverse_http has 316 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def asm_reverse_http(opts={})
        
            retry_count   = opts[:retry_count].to_i
            retry_wait   = opts[:retry_wait].to_i * 1000
            proxy_enabled = !!(opts[:proxy_host].to_s.strip.length > 0)
        Severity: Major
        Found in lib/msf/core/payload/windows/x64/reverse_http_x64.rb - About 1 day to fix

          File fs.rb has 691 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          require 'tempfile'
          require 'filesize'
          require 'rex/post/meterpreter'
          require 'rex/post/meterpreter/extensions/stdapi/command_ids'
          require 'msf/ui/console/local_file_system'
          Severity: Major
          Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb - About 1 day to fix

            Method run has a Cognitive Complexity of 79 (exceeds 5 allowed). Consider refactoring.
            Open

              def run
            
                loot = ""
                uri = "/"
                uri << (datastore['YEAR']).to_s if datastore['YEAR'].to_s != ""
            Severity: Minor
            Found in modules/auxiliary/gather/corpwatch_lookup_id.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method run_host has a Cognitive Complexity of 79 (exceeds 5 allowed). Consider refactoring.
            Open

              def run_host(ip)
            
                ipmi_status("Sending IPMI probes")
            
                usernames = []
            Severity: Minor
            Found in modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method parse_server has a Cognitive Complexity of 79 (exceeds 5 allowed). Consider refactoring.
            Open

              def parse_server(data)
                creds = []
                perms = []
                groups = []
                settings = {}
            Severity: Minor
            Found in modules/post/windows/gather/credentials/filezilla_server.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method download has a Cognitive Complexity of 79 (exceeds 5 allowed). Consider refactoring.
            Open

              def Dir.download(dst, src, opts = {}, force = true, glob = nil, &stat)
                src.force_encoding('UTF-8')
                dst.force_encoding('UTF-8')
                tries_cnt = 0
            
            
            Severity: Minor
            Found in lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method build_payload_obj has 312 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def build_payload_obj(payload_data)
                payload_obj = 'aced' # STREAM_MAGIC
                payload_obj << '0005' # STREAM_VERSION
                payload_obj << '7372' # TC_OBJECT, TC_CLASSDESC
                payload_obj << '002e' # Class name length: 46
            Severity: Major
            Found in modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb - About 1 day to fix

              File rbmysql.rb has 686 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              class RbMysql
              
                require "rbmysql/constants"
                require "rbmysql/error"
                require "rbmysql/charset"
              Severity: Major
              Found in lib/rbmysql.rb - About 1 day to fix

                Method super_redacted_deobfuscation has a Cognitive Complexity of 78 (exceeds 5 allowed). Consider refactoring.
                Open

                  def super_redacted_deobfuscation(ciphertext)
                    input = ciphertext
                    input = input.gsub('Z', '000')
                
                    base = '0'.upto('9').to_a + 'a'.upto('z').to_a + 'A'.upto('G').to_a
                Severity: Minor
                Found in modules/auxiliary/admin/http/webnms_cred_disclosure.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method prometheus_config_eater has a Cognitive Complexity of 78 (exceeds 5 allowed). Consider refactoring.
                Open

                    def prometheus_config_eater(yamlconf)
                      @table_creds = Rex::Text::Table.new(
                        'Header' => 'Credentials',
                        'Indent' => 2,
                        'Columns' =>
                Severity: Minor
                Found in lib/msf/core/auxiliary/prometheus.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                File msftidy.rb has 680 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                require 'fileutils'
                require 'find'
                require 'time'
                require 'rubocop'
                require 'open3'
                Severity: Major
                Found in tools/dev/msftidy.rb - About 1 day to fix

                  Method run_host has 307 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def run_host(ip)
                      begin
                  
                      res = send_request_raw({
                        'uri'     => '/oradb/PUBLIC/GLOBAL_NAME',
                  Severity: Major
                  Found in modules/auxiliary/scanner/oracle/xdb_sid_brute.rb - About 1 day to fix

                    File teamcity_agent_xmlrpc_exec.rb has 673 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    class MetasploitModule < Msf::Exploit::Remote
                      Rank = ExcellentRanking
                    
                      include Msf::Exploit::Remote::HttpClient
                      include Msf::Exploit::CmdStager
                    Severity: Major
                    Found in modules/exploits/multi/misc/teamcity_agent_xmlrpc_exec.rb - About 1 day to fix

                      File windows_error.rb has 673 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      module Msf
                      
                      class WindowsError
                      
                        #
                      Severity: Major
                      Found in lib/msf/windows_error.rb - About 1 day to fix
                        Severity
                        Category
                        Status
                        Source
                        Language