rapid7/metasploit-framework

View on GitHub

Showing 14,186 of 19,939 total issues

Method initialize has 238 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Cisco RV110W/RV130(W)/RV215W Routers Management Interface Remote Command Execution',
Severity: Major
Found in modules/exploits/linux/http/cve_2019_1663_cisco_rmi_rce.rb - About 1 day to fix

    Method run has 237 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run
        if ! @telephony_loaded
          print_error("The Telephony module is not available: #{@telephony_error}")
          raise RuntimeError, "Telephony not available"
        end
    Severity: Major
    Found in modules/auxiliary/scanner/telephony/wardial.rb - About 1 day to fix

      Method run_host has a Cognitive Complexity of 60 (exceeds 5 allowed). Consider refactoring.
      Open

        def run_host(ip)
          # Force http verb to be upper-case, because otherwise some web servers such as
          # Apache might throw you a 501
          http_method = datastore['METHOD'].upcase
      
      
      Severity: Minor
      Found in modules/auxiliary/scanner/http/blind_sql_query.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method run_host has a Cognitive Complexity of 60 (exceeds 5 allowed). Consider refactoring.
      Open

        def run_host(ip)
          conn = false
          usecode = datastore['ForceCode']
      
          tpath = normalize_uri(datastore['PATH'])
      Severity: Minor
      Found in modules/auxiliary/scanner/http/web_vulndb.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method check_ref_identifiers has a Cognitive Complexity of 60 (exceeds 5 allowed). Consider refactoring.
      Open

        def check_ref_identifiers
          in_super     = false
          in_refs      = false
          in_notes     = false
          cve_assigned = false
      Severity: Minor
      Found in tools/dev/msftidy.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method apply_prepends has a Cognitive Complexity of 60 (exceeds 5 allowed). Consider refactoring.
      Open

        def apply_prepends(buf)
          pre = ''
          app = ''
      
          test_arch = [ *(self.arch) ]
      Severity: Minor
      Found in lib/msf/core/payload/linux.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      File Program.cs has 559 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

        File weblogic_deserialize_unicastref.rb has 558 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        class MetasploitModule < Msf::Exploit::Remote
          Rank = ExcellentRanking
        
          include Msf::Exploit::Remote::Tcp
          include Msf::Exploit::Remote::TcpServer
        Severity: Major
        Found in modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb - About 1 day to fix

          File nexpose.rb has 557 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          require 'nexpose'
          
          module Msf
            Nexpose_yaml = "#{Msf::Config.config_directory}/nexpose.yaml" #location of the nexpose.yml containing saved nexpose creds
          
          
          Severity: Major
          Found in plugins/nexpose.rb - About 1 day to fix

            Method exploit has 234 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def exploit
                main = %q^
            /*
            * Exploit Title: pkexec Race condition (CVE-2011-1485) exploit
            * Author: xi4oyu
            Severity: Major
            Found in modules/exploits/linux/local/pkexec.rb - About 1 day to fix

              File nexpose_raw_document.rb has 553 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              require "rex/parser/nokogiri_doc_mixin"
              require "date"
              
              module Rex
                module Parser
              Severity: Major
              Found in lib/rex/parser/nexpose_raw_document.rb - About 1 day to fix

                Method cmd_token_hunt_user has a Cognitive Complexity of 59 (exceeds 5 allowed). Consider refactoring.
                Open

                    def cmd_token_hunt_user(*args)
                
                      opts = Rex::Parser::Arguments.new(
                        "-h"   => [ false,  "This help menu"],
                        "-f"   => [ true,   "A file containing a list of users to search for (one per line)"]
                Severity: Minor
                Found in plugins/token_hunter.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method run has a Cognitive Complexity of 59 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run
                    open_pcap({'SNAPLEN' => 68, 'FILTER' => "arp[6:2] == 0x0002"})
                    @netifaces = true
                    if not netifaces_implemented?
                      print_error("WARNING : Pcaprub is not uptodate, some functionality will not be available")
                Severity: Minor
                Found in modules/auxiliary/spoof/arp/arp_poisoning.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method run_host has a Cognitive Complexity of 59 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run_host(ip)
                
                    http_method = datastore['METHOD'].upcase
                
                    qvars = nil
                Severity: Minor
                Found in modules/auxiliary/scanner/http/error_sql_injection.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method exploit has a Cognitive Complexity of 59 (exceeds 5 allowed). Consider refactoring.
                Open

                  def exploit
                    if target.name =~ /prestashop/
                      uri = normalize_uri(target_uri.path)
                      res = send_request_cgi({'uri' => uri})
                      if res && res.code != 301
                Severity: Minor
                Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method cmd_download has a Cognitive Complexity of 59 (exceeds 5 allowed). Consider refactoring.
                Open

                  def cmd_download(*args)
                    if (args.empty? or args.include? "-h")
                      cmd_download_help
                      return true
                    end
                Severity: Minor
                Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                File client_core.rb has 551 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                require 'rex/post/meterpreter/packet'
                require 'rex/post/meterpreter/core_ids'
                require 'rex/post/meterpreter/extension'
                require 'rex/post/meterpreter/extension_mapper'
                require 'rex/post/meterpreter/client'
                Severity: Major
                Found in lib/rex/post/meterpreter/client_core.rb - About 1 day to fix

                  File dnn_cookie_deserialization_rce.rb has 549 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  require 'openssl'
                  require 'set'
                  
                  class MetasploitModule < Msf::Exploit::Remote
                    include Msf::Exploit::Remote::HttpClient
                  Severity: Major
                  Found in modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb - About 1 day to fix

                    Method report_auth_info has a Cognitive Complexity of 58 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def report_auth_info(opts={})
                        return if not active
                        raise ArgumentError.new("Missing required option :host") if opts[:host].nil?
                        raise ArgumentError.new("Missing required option :port") if (opts[:port].nil? and opts[:service].nil?)
                    
                    
                    Severity: Minor
                    Found in lib/msf/core/db_manager/cred.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method exploit has 227 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def exploit
                        if check != CheckCode::Appears
                          fail_with(Failure::NotVulnerable, 'Target not vulnerable! punt!')
                        end
                    
                    
                    Severity: Major
                    Found in modules/exploits/linux/local/netfilter_priv_esc_ipv4.rb - About 1 day to fix
                      Severity
                      Category
                      Status
                      Source
                      Language