rapid7/metasploit-framework

View on GitHub

Showing 13,691 of 19,405 total issues

File windows_secrets_dump.rb has 967 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'metasploit/framework/hashes/identify'
require 'ruby_smb/dcerpc/client'

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::SMB::Client::Authenticated
Severity: Major
Found in modules/auxiliary/gather/windows_secrets_dump.rb - About 2 days to fix

    Method cmd_nexpose_scan has a Cognitive Complexity of 117 (exceeds 5 allowed). Consider refactoring.
    Open

        def cmd_nexpose_scan(*args)
    
          opts = Rex::Parser::Arguments.new(
            "-h"   => [ false,  "This help menu"],
            "-t"   => [ true,   "The scan template to use (default:pentest-audit options:full-audit,exhaustive-audit,discovery,aggressive-discovery,dos-audit)"],
    Severity: Minor
    Found in plugins/nexpose.rb - About 2 days to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    File webkit_createthis.rb has 934 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class MetasploitModule < Msf::Exploit::Remote
      Rank = ManualRanking
    
      include Msf::Post::File
      include Msf::Exploit::EXE
    Severity: Major
    Found in modules/exploits/apple_ios/browser/webkit_createthis.rb - About 2 days to fix

      Method get_form_data has a Cognitive Complexity of 113 (exceeds 5 allowed). Consider refactoring.
      Open

        def get_form_data(body)
          print_status("Enumerating form data")
          body = body.gsub("\r","")
          body = body.gsub("\n","")
          bodydata = body.downcase.split(/<form/)
      Severity: Minor
      Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 2 days to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method run has a Cognitive Complexity of 110 (exceeds 5 allowed). Consider refactoring.
      Open

        def run
          case session.type
          when 'meterpreter'
            meterpreter = true
          else
      Severity: Minor
      Found in modules/post/multi/sap/smdagent_get_properties.rb - About 2 days to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method to_s has a Cognitive Complexity of 110 (exceeds 5 allowed). Consider refactoring.
      Open

        def to_s(headers_only: false)
          # Start GET query string
          qstr = opts['query'] ? opts['query'].dup : ""
      
          # Start POST data string
      Severity: Minor
      Found in lib/rex/proto/http/client_request.rb - About 2 days to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method cmd_notes has a Cognitive Complexity of 110 (exceeds 5 allowed). Consider refactoring.
      Open

        def cmd_notes(*args)
          return unless active?
        ::ApplicationRecord.connection_pool.with_connection {
          mode = :search
          data = nil
      Severity: Minor
      Found in lib/msf/ui/console/command_dispatcher/db.rb - About 2 days to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method description has 442 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def self.description(code)
      
          case code
          when SUCCESS
            "The operation completed successfully."
      Severity: Major
      Found in lib/msf/windows_error.rb - About 2 days to fix

        Method kernel_mode_payload has 438 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def kernel_mode_payload
        
            # Windows x64 kernel shellcode from ring 0 to ring 3 by sleepya
            #
            # This shellcode was written originally for eternalblue exploits
        Severity: Major
        Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 2 days to fix

          Method run has a Cognitive Complexity of 106 (exceeds 5 allowed). Consider refactoring.
          Open

            def run
              print_status("Running MS SQL Server Enumeration...")
          
              if !mssql_login_datastore
                print_error("Login was unsuccessful. Check your credentials.")
          Severity: Minor
          Found in modules/auxiliary/admin/mssql/mssql_enum.rb - About 2 days to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method run_host has a Cognitive Complexity of 105 (exceeds 5 allowed). Consider refactoring.
          Open

            def run_host(ip)
              msg = "#{ip}:#{rhost} - DNS -"
              begin
                @lastdata = nil
                @probablyVuln = nil
          Severity: Minor
          Found in modules/auxiliary/fuzzers/dns/dns_fuzzer.rb - About 2 days to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method parse_host has a Cognitive Complexity of 103 (exceeds 5 allowed). Consider refactoring.
          Open

            def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block)
          
              host_data = {}
              host_data[:task] = args[:task]
              host_data[:workspace] = wspace
          Severity: Minor
          Found in lib/msf/core/db_manager/import/metasploit_framework/xml.rb - About 2 days to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method run has a Cognitive Complexity of 102 (exceeds 5 allowed). Consider refactoring.
          Open

            def run
              dork = datastore['ZOOMEYE_DORK']
              resource = datastore['RESOURCE']
              maxpage = datastore['MAXPAGE']
              facets = datastore['FACETS']
          Severity: Minor
          Found in modules/auxiliary/gather/zoomeye_search.rb - About 2 days to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method asm_reverse_winhttp has 409 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def asm_reverse_winhttp(opts={})
          
              retry_count       = [opts[:retry_count].to_i, 1].max
              verify_ssl        = nil
              encoded_cert_hash = nil
          Severity: Major
          Found in lib/msf/core/payload/windows/x64/reverse_win_http_x64.rb - About 2 days to fix

            Method asm_reverse_winhttp has 404 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def asm_reverse_winhttp(opts={})
            
                retry_count       = [opts[:retry_count].to_i, 1].max
                verify_ssl        = nil
                encoded_cert_hash = nil
            Severity: Major
            Found in lib/msf/core/payload/windows/reverse_win_http.rb - About 2 days to fix

              File exceptions.rb has 838 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              module Rex
              module Proto
              module SMB
              module Exceptions
              
              
              Severity: Major
              Found in lib/rex/proto/smb/exceptions.rb - About 2 days to fix

                Method run has 401 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run
                
                    loot = ""
                    uri = "/"
                    uri << (datastore['YEAR']).to_s if datastore['YEAR'].to_s != ""
                Severity: Major
                Found in modules/auxiliary/gather/corpwatch_lookup_id.rb - About 2 days to fix

                  File fs.rb has 834 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  require 'tempfile'
                  require 'filesize'
                  require 'rex/post/meterpreter'
                  require 'rex/post/meterpreter/extensions/stdapi/command_ids'
                  
                  
                  Severity: Major
                  Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb - About 2 days to fix

                    Method import_nmap_xml has a Cognitive Complexity of 99 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def import_nmap_xml(args={}, &block)
                        return nil if args[:data].nil? or args[:data].empty?
                        wspace = Msf::Util::DBManager.process_opts_workspace(args, framework)
                        bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
                    
                    
                    Severity: Minor
                    Found in lib/msf/core/db_manager/import/nmap.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    File lm2ntcrack.rb has 822 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    msfbase = __FILE__
                    while File.symlink?(msfbase)
                      msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
                    end
                    
                    
                    Severity: Major
                    Found in tools/password/lm2ntcrack.rb - About 1 day to fix
                      Severity
                      Category
                      Status
                      Source
                      Language