rapid7/metasploit-framework

View on GitHub

Showing 14,186 of 19,939 total issues

Method generate has 226 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def generate(_opts = {})
    uri = URI(datastore['HOPURL'])
    #create actual payload
    payload_data = <<EOS
  cld            ; clear direction flag
Severity: Major
Found in modules/payloads/stagers/windows/reverse_hop_http.rb - About 1 day to fix

    Method exploit has 225 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def exploit
        if is_root?
          unless datastore['ForceExploit']
            fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.'
          end
    Severity: Major
    Found in modules/exploits/linux/local/bpf_priv_esc.rb - About 1 day to fix

      Method run has 225 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run
          max_search = datastore['MAX_SEARCH']
      
          db, dbfile = create_sqlite_db
          print_status "Temporary database created: #{dbfile.path}"
      Severity: Major
      Found in modules/post/windows/gather/ad_to_sqlite.rb - About 1 day to fix

        File winenum.rb has 539 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        @client = client
        opts = Rex::Parser::Arguments.new(
          "-h" => [ false, "Help menu." ],
          "-m" => [ false, "Migrate the Meterpreter Session from it current process to a new cmd.exe before doing anything" ],
          "-r" => [ false, "Dump, compress and download entire Registry" ],
        Severity: Major
        Found in scripts/meterpreter/winenum.rb - About 1 day to fix

          Method run has 223 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run
              '
            Hash format
              :name,
              :check_file,
          Severity: Major
          Found in modules/post/windows/gather/credentials/vnc.rb - About 1 day to fix

            Method cmd_wmap_sites has a Cognitive Complexity of 57 (exceeds 5 allowed). Consider refactoring.
            Open

            Severity: Minor
            Found in plugins/wmap.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method run_host has a Cognitive Complexity of 57 (exceeds 5 allowed). Consider refactoring.
            Open

              def run_host(ip)
                epm = dcerpc_endpoint_list
                if !epm
                  print_status("Could not contact the endpoint mapper on #{ip}")
                  return
            Severity: Minor
            Found in modules/auxiliary/scanner/dcerpc/hidden.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method smart_hash_dump has a Cognitive Complexity of 57 (exceeds 5 allowed). Consider refactoring.
            Open

              def smart_hash_dump(migrate_system, pwdfile)
                domain_controller = domain_controller?
                print_good('Host is a Domain Controller') if domain_controller
            
                if !is_uac_enabled? || is_admin?
            Severity: Minor
            Found in modules/post/windows/gather/smart_hashdump.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method cmd_connect has a Cognitive Complexity of 57 (exceeds 5 allowed). Consider refactoring.
            Open

              def cmd_connect(*args)
                if args.length < 2 or args.include?("-h") or args.include?("--help")
                  cmd_connect_help
                  return false
                end
            Severity: Minor
            Found in lib/msf/ui/console/command_dispatcher/core.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method cmd_vulns has a Cognitive Complexity of 57 (exceeds 5 allowed). Consider refactoring.
            Open

              def cmd_vulns(*args)
                return unless active?
            
                default_columns = ['Timestamp', 'Host', 'Name', 'References']
                host_ranges = []
            Severity: Minor
            Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method encode has a Cognitive Complexity of 57 (exceeds 5 allowed). Consider refactoring.
            Open

              def encode
                # Get the minimum number of nops to use
                min = (reqs['MinNops'] || 0).to_i
                min = 0 if reqs['DisableNops']
            
            
            Severity: Minor
            Found in lib/msf/core/encoded_payload.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method run_host has 221 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

            Severity: Major
            Found in modules/auxiliary/scanner/http/es_file_explorer_open_port.rb - About 1 day to fix

              File weblogic_deserialize_badattr_extcomp.rb has 535 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              class MetasploitModule < Msf::Exploit::Remote
                Rank = NormalRanking
              
                include Msf::Exploit::Remote::Tcp
                include Msf::Exploit::CmdStager
              Severity: Major
              Found in modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb - About 1 day to fix

                Method getMbeanServer has 220 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                    private MBeanServer getMbeanServer() {
                
                        return new MBeanServer() {
                
                            @Override
                Severity: Major
                Found in external/source/exploits/CVE-2010-0094/Exploit.java - About 1 day to fix

                  Method exploit has 219 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def exploit
                      # Make initial request to get assigned a session token
                      cookie = "pagerefresh=1; NfaupdateMsg=true; sortBy=sByName; testcookie=; "
                      cookie << "am_username=;am_check="
                      begin
                  Severity: Major
                  Found in modules/exploits/windows/http/manageengine_apps_mngr.rb - About 1 day to fix

                    Method run has a Cognitive Complexity of 56 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def run
                        begin
                          @port = datastore['SRVPORT'].to_i
                          @sock = Rex::Socket::Udp.create(
                                'LocalHost' => datastore['SRVHOST'],
                    Severity: Minor
                    Found in modules/auxiliary/server/capture/sip.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method run_host has a Cognitive Complexity of 56 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def run_host(ip)
                        begin
                          snmp = connect_snmp
                    
                          vprint_status("Connecting to #{ip}")
                    Severity: Minor
                    Found in modules/auxiliary/scanner/snmp/snmp_enum_hp_laserjet.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method run_host has a Cognitive Complexity of 56 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def run_host(ip)
                        trav = datastore['FILE']
                    
                        if(trav == '' or datastore['FINGERPINT'])
                        # the user did not specify what they wanted, fingerprint, go after password.properties
                    Severity: Minor
                    Found in modules/auxiliary/scanner/http/coldfusion_locale_traversal.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method process_config has a Cognitive Complexity of 56 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def process_config(filename)
                        config = client.fs.file.new(filename, 'r')
                        print_status("Processing #{filename}")
                        contents = config.read
                        config_lines = contents.split("\n")
                    Severity: Minor
                    Found in modules/post/windows/gather/credentials/epo_sql.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method read_response has a Cognitive Complexity of 56 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def read_response(t = -1, opts = {})
                        # Return a nil response if timeout is nil or 0
                        return if t.nil? || t == 0
                    
                        resp = Response.new
                    Severity: Minor
                    Found in lib/rex/proto/http/client.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Severity
                    Category
                    Status
                    Source
                    Language