Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,730 of 21,757 total issues

File weblogic_deserialize_badattr_extcomp.rb has 551 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::CmdStager
Severity: Major
Found in modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb - About 1 day to fix

    File dnn_cookie_deserialization_rce.rb has 547 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    require 'openssl'
require 'set'

class MetasploitModule < Msf::Exploit::Remote
  include Msf::Exploit::Remote::HttpClient
    Severity: Major
    Found in modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb - About 1 day to fix

      Method smart_hash_dump has a Cognitive Complexity of 58 (exceeds 5 allowed). Consider refactoring.
      Open

        def smart_hash_dump(migrate_system, pwdfile)
    domain_controller = domain_controller?
    print_good('Host is a Domain Controller') if domain_controller

    if !is_uac_enabled? || is_admin?
      Severity: Minor
      Found in modules/post/windows/gather/smart_hashdump.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method encode has a Cognitive Complexity of 58 (exceeds 5 allowed). Consider refactoring.
      Open

        def encode
    # Get the minimum number of nops to use
    min = (reqs['MinNops'] || 0).to_i
    min = 0 if reqs['DisableNops']
      Severity: Minor
      Found in lib/msf/core/encoded_payload.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method report_auth_info has a Cognitive Complexity of 58 (exceeds 5 allowed). Consider refactoring.
      Open

        def report_auth_info(opts={})
    return if not active
    raise ArgumentError.new("Missing required option :host") if opts[:host].nil?
    raise ArgumentError.new("Missing required option :port") if (opts[:port].nil? and opts[:service].nil?)
      Severity: Minor
      Found in lib/msf/core/db_manager/cred.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method scan! has a Cognitive Complexity of 58 (exceeds 5 allowed). Consider refactoring.
      Open

                def scan!
            valid!

            # Keep track of connection errors.
            # If we encounter too many, we will stop.
      Severity: Minor
      Found in lib/metasploit/framework/login_scanner/base.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method exploit has 227 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def exploit
    if check != CheckCode::Appears
      fail_with(Failure::NotVulnerable, 'Target not vulnerable! punt!')
    end
      Severity: Major
      Found in modules/exploits/linux/local/netfilter_priv_esc_ipv4.rb - About 1 day to fix

        Method run has 227 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run
    max_search = datastore['MAX_SEARCH']

    db, dbfile = create_sqlite_db
    print_status "Temporary database created: #{dbfile.path}"
        Severity: Major
        Found in modules/post/windows/gather/ad_to_sqlite.rb - About 1 day to fix

          Method generate has 226 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def generate(_opts = {})
    uri = URI(datastore['HOPURL'])
    #create actual payload
    payload_data = <<EOS
  cld            ; clear direction flag
          Severity: Major
          Found in modules/payloads/stagers/windows/reverse_hop_http.rb - About 1 day to fix

            File winenum.rb has 539 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            @client = client
opts = Rex::Parser::Arguments.new(
  "-h" => [ false, "Help menu." ],
  "-m" => [ false, "Migrate the Meterpreter Session from it current process to a new cmd.exe before doing anything" ],
  "-r" => [ false, "Dump, compress and download entire Registry" ],
            Severity: Major
            Found in scripts/meterpreter/winenum.rb - About 1 day to fix

              Method exploit has 223 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def exploit
    if !datastore['ForceExploit'] && is_root?
      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
    end
              Severity: Major
              Found in modules/exploits/linux/local/bpf_priv_esc.rb - About 1 day to fix

                Method cmd_wmap_sites has a Cognitive Complexity of 57 (exceeds 5 allowed). Consider refactoring.
                Open

                      def cmd_wmap_sites(*args)
        args.push('-h') if args.empty?

        while (arg = args.shift)
          case arg
                Severity: Minor
                Found in plugins/wmap.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method run has a Cognitive Complexity of 57 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run
    found = false
    roots.each do |root|
      break if found
                Severity: Minor
                Found in modules/auxiliary/gather/owncloud_phpinfo_reader.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method run_host has a Cognitive Complexity of 57 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run_host(ip)
    epm = dcerpc_endpoint_list
    if !epm
      print_status("Could not contact the endpoint mapper on #{ip}")
      return
                Severity: Minor
                Found in modules/auxiliary/scanner/dcerpc/hidden.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method cmd_connect has a Cognitive Complexity of 57 (exceeds 5 allowed). Consider refactoring.
                Open

                  def cmd_connect(*args)
    if args.length < 2 or args.include?("-h") or args.include?("--help")
      cmd_connect_help
      return false
    end
                Severity: Minor
                Found in lib/msf/ui/console/command_dispatcher/core.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method cmd_vulns has a Cognitive Complexity of 57 (exceeds 5 allowed). Consider refactoring.
                Open

                  def cmd_vulns(*args)
    return unless active?

    default_columns = ['Timestamp', 'Host', 'Name', 'References']
    host_ranges = []
                Severity: Minor
                Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method run has 222 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run
    '
  Hash format
    :name,
    :check_file,
                Severity: Major
                Found in modules/post/windows/gather/credentials/vnc.rb - About 1 day to fix

                  Method run_host has 221 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def run_host(target_host)
    case
      when action.name == 'LISTFILES'
        res = http_post('listFiles')
        unless res
                  Severity: Major
                  Found in modules/auxiliary/scanner/http/es_file_explorer_open_port.rb - About 1 day to fix

                    File command_shell.rb has 534 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    require 'shellwords'
require 'rex/text/table'
require "base64"

module Msf
                    Severity: Major
                    Found in lib/msf/base/sessions/command_shell.rb - About 1 day to fix

                      Method getMbeanServer has 220 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                          private MBeanServer getMbeanServer() {

        return new MBeanServer() {

            @Override
                      Severity: Major
                      Found in external/source/exploits/CVE-2010-0094/Exploit.java - About 1 day to fix
                        Severity
                        Category
                        Status
                        Source
                        Language