Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,888 of 21,960 total issues

Method run has a Cognitive Complexity of 49 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    # If the action can be detected automatically. (Action: Automatic)
    @my_action = pick_action
    if @my_action.nil?
      # If the automatic search fails, bye bye.
Severity: Minor
Found in modules/auxiliary/gather/cloud_lookup.rb - About 7 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method getprocparam has a Cognitive Complexity of 49 (exceeds 5 allowed). Consider refactoring.
Open

  def getprocparam(rhost)
    print_status("[SAP] Connecting to SAP Management Console SOAP Interface on #{rhost}:#{rport}")
    success = false
    soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
    xsi = 'http://www.w3.org/2001/XMLSchema-instance'
Severity: Minor
Found in modules/auxiliary/scanner/sap/sap_mgmt_con_getprocessparameter.rb - About 7 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run_host has a Cognitive Complexity of 49 (exceeds 5 allowed). Consider refactoring.
Open

  def run_host(target_host)
    begin
      iplist = Rex::Socket::RangeWalker.new(datastore['RANGE'])
      portlist = Rex::Socket.portspec_crack(datastore['PORTS'])
      dead = false
Severity: Minor
Found in modules/auxiliary/scanner/http/squid_pivot_scanning.rb - About 7 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method enable_xp_cmdshell has a Cognitive Complexity of 49 (exceeds 5 allowed). Consider refactoring.
Open

  def enable_xp_cmdshell(path,name,shelled)
    # Enables "show advanced options" and xp_cmdshell if needed and possible
    # They cannot be enabled in user transactions (i.e. via openquery)
    # Only enabled if RPC_Out is enabled for linked server
    # All changes are reverted after payload delivery and execution
Severity: Minor
Found in modules/exploits/windows/mssql/mssql_linkcrawler.rb - About 7 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 49 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    print_status('Obtaining credentails...')

    resp = send_request_cgi({
      'uri'      => '/cslog_export.php',
Severity: Minor
Found in modules/exploits/linux/http/samsung_srv_1670d_upload_exec.rb - About 7 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 49 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    case session.platform
    when 'windows'
      listing = cmd_exec('netsh wlan show networks mode=bssid')
      if listing.nil?
Severity: Minor
Found in modules/post/multi/gather/wlan_geolocate.rb - About 7 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method dump_jobs has a Cognitive Complexity of 49 (exceeds 5 allowed). Consider refactoring.
Open

  def self.dump_jobs(framework, verbose = false, indent = DefaultIndent, col = DefaultColumnWrap)
    columns = [ 'Id', 'Name', "Payload", "Payload opts"]

    if (verbose)
      columns += [ "URIPATH", "Start Time", "Handler opts", "Persist" ]
Severity: Minor
Found in lib/msf/base/serializer/readable_text.rb - About 7 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method devices_list has 189 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def devices_list
    known_devices = {
      :'AZ-D140W' =>
          {
            name: 'Azmoon', model: 'AZ-D140W', values: [
Severity: Major
Found in modules/auxiliary/admin/http/allegro_rompager_auth_bypass.rb - About 7 hrs to fix

    Method run_host has 189 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run_host(ip)

    http_method = datastore['METHOD'].upcase

    qvars = nil
    Severity: Major
    Found in modules/auxiliary/scanner/http/error_sql_injection.rb - About 7 hrs to fix

      Method exploit has 189 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def exploit
    # Sanity check the USERNAME and PASSWORD will meet the servers password requirements.
    fail_with(Failure::BadConfig, 'USERNAME must not be empty.') if datastore['USERNAME'].empty?
    fail_with(Failure::BadConfig, 'PASSWORD must be 8 characters of more.') if datastore['PASSWORD'].length < 8
      Severity: Major
      Found in modules/exploits/multi/http/connectwise_screenconnect_rce_cve_2024_1709.rb - About 7 hrs to fix

        Method on_request_uri has 188 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def on_request_uri(cli, request)
    print_status("Sending #{request.uri} to #{request['User-Agent']}")
    escaped_payload = Rex::Text.to_unescape(payload.encoded)
    jscript = %^
// HELPER FUNCTIONS
        Severity: Major
        Found in modules/exploits/multi/browser/chrome_array_map.rb - About 7 hrs to fix

          Method import_nmap_xml has 188 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def import_nmap_xml(args={}, &block)
    return nil if args[:data].nil? or args[:data].empty?
    wspace = Msf::Util::DBManager.process_opts_workspace(args, framework)
    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
          Severity: Major
          Found in lib/msf/core/db_manager/import/nmap.rb - About 7 hrs to fix

            Method run has 187 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def run
    check_pcaprub_loaded # Check first
    target  = rhost()
    source  = Rex::Socket.source_address(target)
    saddr   = datastore['SRCADDR']
            Severity: Major
            Found in modules/auxiliary/spoof/dns/bailiwicked_domain.rb - About 7 hrs to fix

              Method generate has 187 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def generate(_opts = {})

    strTitle = datastore['TITLE'] + "X"
    if (strTitle.length < 1)
      raise ArgumentError, "You must specify a title"
              Severity: Major
              Found in modules/payloads/singles/windows/messagebox.rb - About 7 hrs to fix

                File safari_in_operator_side_effect.rb has 478 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                class MetasploitModule < Msf::Exploit::Remote
  Rank = ManualRanking

  include Msf::Post::File
  include Msf::Exploit::Remote::HttpServer::BrowserExploit
                Severity: Minor
                Found in modules/exploits/osx/browser/safari_in_operator_side_effect.rb - About 7 hrs to fix

                  File exim_gethostbyname_bof.rb has 478 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  class MetasploitModule < Msf::Exploit::Remote
  Rank = GreatRanking

  include Msf::Exploit::Remote::Tcp
                  Severity: Minor
                  Found in modules/exploits/linux/smtp/exim_gethostbyname_bof.rb - About 7 hrs to fix

                    File registry.rb has 478 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    module Msf
class Post
module Windows

module Registry
                    Severity: Minor
                    Found in lib/msf/core/post/windows/registry.rb - About 7 hrs to fix

                      File client.rb has 477 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      require 'metasploit/framework/tcp/client'
require 'metasploit/framework/mssql/tdssslproxy'
require 'rex/proto/mssql/client_mixin'
require 'rex/text'
require 'msf/core/exploit'
                      Severity: Minor
                      Found in lib/rex/proto/mssql/client.rb - About 7 hrs to fix

                        File browser_exploit_server.rb has 477 lines of code (exceeds 250 allowed). Consider refactoring.
                        Open

                        require 'erb'
require 'cgi'
require 'date'
require 'set'
require 'rex/exploitation/js'
                        Severity: Minor
                        Found in lib/msf/core/exploit/remote/browser_exploit_server.rb - About 7 hrs to fix

                          Method run has 186 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def run
    check_pcaprub_loaded # Check first.

    target   = rhost()
    source   = Rex::Socket.source_address(target)
                          Severity: Major
                          Found in modules/auxiliary/spoof/dns/bailiwicked_host.rb - About 7 hrs to fix
                            Severity
                            Category
                            Status
                            Source
                            Language