rapid7/metasploit-framework

View on GitHub

Showing 13,734 of 19,454 total issues

Method initialize has 390 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'NetWare Command Shell',
      'Description'   => 'Connect to the NetWare console (staged)',
      'Author'        => 'toto',
Severity: Major
Found in modules/payloads/stages/netware/shell.rb - About 1 day to fix

    Method arp_poisoning has a Cognitive Complexity of 97 (exceeds 5 allowed). Consider refactoring.
    Open

      def arp_poisoning
        lsmac = datastore['LOCALSMAC'] || @smac
        raise 'Local Source Mac is not in correct format' unless is_mac?(lsmac)
    
        dhosts_range = Rex::Socket::RangeWalker.new(datastore['DHOSTS'])
    Severity: Minor
    Found in modules/auxiliary/spoof/arp/arp_poisoning.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method check_results has a Cognitive Complexity of 97 (exceeds 5 allowed). Consider refactoring.
    Open

        def check_results(passwords, results, hash_type, hashes, method, cracker)
          passwords.each do |password_line|
            password_line.chomp!
            next if password_line.blank?
            fields = password_line.split(":")
    Severity: Minor
    Found in modules/auxiliary/analyze/crack_databases.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method creds_search has a Cognitive Complexity of 95 (exceeds 5 allowed). Consider refactoring.
    Open

      def creds_search(*args)
        host_ranges   = []
        origin_ranges = []
        port_ranges   = []
        svcs          = []
    Severity: Minor
    Found in lib/msf/ui/console/command_dispatcher/creds.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method import_libpcap has a Cognitive Complexity of 95 (exceeds 5 allowed). Consider refactoring.
    Open

      def import_libpcap(args={}, &block)
        data = args[:data]
        wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
        bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
        # seen_hosts is only used for determining when to yield an address. Once we get
    Severity: Minor
    Found in lib/msf/core/db_manager/import/libpcap.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    File cve_2019_0708_bluekeep_rce.rb has 798 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class MetasploitModule < Msf::Exploit::Remote
      prepend Msf::Exploit::Remote::AutoCheck
    
      Rank = ManualRanking
    
    
    Severity: Major
    Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 1 day to fix

      Method run_host has a Cognitive Complexity of 93 (exceeds 5 allowed). Consider refactoring.
      Open

        def run_host(ip)
          begin
      
          res = send_request_raw({
            'uri'     => '/oradb/PUBLIC/GLOBAL_NAME',
      Severity: Minor
      Found in modules/auxiliary/scanner/oracle/xdb_sid_brute.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      File exploit.rb has 785 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      module Msf
      
      
      
      ###
      Severity: Major
      Found in lib/msf/core/exploit.rb - About 1 day to fix

        Method run_host has a Cognitive Complexity of 91 (exceeds 5 allowed). Consider refactoring.
        Open

          def run_host(target_host)
            conn = true
            ecode = nil
            emesg = nil
        
        
        Severity: Minor
        Found in modules/auxiliary/scanner/http/svn_scanner.rb - About 1 day to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method run has a Cognitive Complexity of 90 (exceeds 5 allowed). Consider refactoring.
        Open

          def run
            cracker = new_password_cracker(action.name)
        
            lookups = []
        
        
        Severity: Minor
        Found in modules/auxiliary/analyze/apply_pot.rb - About 1 day to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method run_host has a Cognitive Complexity of 89 (exceeds 5 allowed). Consider refactoring.
        Open

          def run_host(ip)
        
            path = datastore['PATH']
            check1 = [
              'iNotes/Forms5.nsf',
        Severity: Minor
        Found in modules/auxiliary/scanner/lotus/lotus_domino_version.rb - About 1 day to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method cmd_services has a Cognitive Complexity of 89 (exceeds 5 allowed). Consider refactoring.
        Open

          def cmd_services(*args)
            return unless active?
            mode = :search
            onlyup = false
            output_file = nil
        Severity: Minor
        Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        File browser_autopwn.rb has 756 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        require 'rex/exploitation/js/detect'
        require 'rex/exploitation/jsobfu'
        
        class MetasploitModule < Msf::Auxiliary
          include Msf::Exploit::Remote::HttpServer::HTML
        Severity: Major
        Found in modules/auxiliary/server/browser_autopwn.rb - About 1 day to fix

          File navigation.rb has 749 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          def without_prefix(prefix)
            proc { |value| value.sub(/^#{prefix}/, '') }
          end
          
          NAVIGATION_CONFIG = [
          Severity: Major
          Found in docs/navigation.rb - About 1 day to fix

            File snmp_enum.rb has 745 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            class MetasploitModule < Msf::Auxiliary
              include Msf::Exploit::Remote::SNMPClient
              include Msf::Auxiliary::Report
              include Msf::Auxiliary::Scanner
            
            
            Severity: Major
            Found in modules/auxiliary/scanner/snmp/snmp_enum.rb - About 1 day to fix

              Method run has a Cognitive Complexity of 85 (exceeds 5 allowed). Consider refactoring.
              Open

                def run
                  return if not check_dependencies
              
                  begin
                    # Get all values from v$parameter
              Severity: Minor
              Found in modules/auxiliary/admin/oracle/oraenum.rb - About 1 day to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              File ssllabs_scan.rb has 732 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              require 'active_support/inflector'
              require 'json'
              require 'active_support/core_ext/hash'
              
              class MetasploitModule < Msf::Auxiliary
              Severity: Major
              Found in modules/auxiliary/gather/ssllabs_scan.rb - About 1 day to fix

                File mssql_enum.rb has 729 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                class MetasploitModule < Msf::Auxiliary
                  include Msf::Exploit::Remote::MSSQL
                  include Msf::Auxiliary::Report
                
                  def initialize(info = {})
                Severity: Major
                Found in modules/auxiliary/admin/mssql/mssql_enum.rb - About 1 day to fix

                  Method end_element has a Cognitive Complexity of 84 (exceeds 5 allowed). Consider refactoring.
                  Open

                    def end_element(name=nil)
                      block = @block
                      case name
                      when 'name'
                        if in_tag('result')
                  Severity: Minor
                  Found in lib/rex/parser/openvas_document.rb - About 1 day to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Method cmd_workspace has a Cognitive Complexity of 84 (exceeds 5 allowed). Consider refactoring.
                  Open

                    def cmd_workspace(*args)
                      return unless active?
                  
                      state = :nil
                  
                  
                  Severity: Minor
                  Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Severity
                  Category
                  Status
                  Source
                  Language