Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 14,626 of 20,405 total issues

File browser_autopwn.rb has 756 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'rex/exploitation/js/detect'
require 'rex/exploitation/jsobfu'

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpServer::HTML
Severity: Major
Found in modules/auxiliary/server/browser_autopwn.rb - About 1 day to fix

    File file.rb has 754 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    require 'rex/post/meterpreter/extensions/stdapi/command_ids'
require 'rex/post/file_stat'

module Msf::Post::File
  include Msf::Post::Common
    Severity: Major
    Found in lib/msf/core/post/file.rb - About 1 day to fix

      File snmp_enum.rb has 747 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::SNMPClient
  include Msf::Auxiliary::Report
  include Msf::Auxiliary::Scanner
      Severity: Major
      Found in modules/auxiliary/scanner/snmp/snmp_enum.rb - About 1 day to fix

        Method cmd_reg has a Cognitive Complexity of 86 (exceeds 5 allowed). Consider refactoring.
        Open

          def cmd_reg(*args)
    # Extract the command, if any
    cmd = args.shift

    if (args.length == 0)
        Severity: Minor
        Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb - About 1 day to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        File base.rb has 738 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        class Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Base
  extend Forwardable
  include Msf::Exploit::Remote::Kerberos::Client
  include Msf::Auxiliary::Report
  include Rex::Proto::Gss::Asn1
        Severity: Major
        Found in lib/msf/core/exploit/remote/kerberos/service_authenticator/base.rb - About 1 day to fix

          Method run has a Cognitive Complexity of 85 (exceeds 5 allowed). Consider refactoring.
          Open

            def run
    return if not check_dependencies

    begin
      # Get all values from v$parameter
          Severity: Minor
          Found in modules/auxiliary/admin/oracle/oraenum.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          File ssllabs_scan.rb has 732 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          require 'active_support/inflector'
require 'json'
require 'active_support/core_ext/hash'

class MetasploitModule < Msf::Auxiliary
          Severity: Major
          Found in modules/auxiliary/gather/ssllabs_scan.rb - About 1 day to fix

            File mssql_enum.rb has 729 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::MSSQL
  include Msf::Auxiliary::Report

  def initialize(info = {})
            Severity: Major
            Found in modules/auxiliary/admin/mssql/mssql_enum.rb - About 1 day to fix

              Method end_element has a Cognitive Complexity of 84 (exceeds 5 allowed). Consider refactoring.
              Open

                def end_element(name=nil)
    block = @block
    case name
    when 'name'
      if in_tag('result')
              Severity: Minor
              Found in lib/rex/parser/openvas_document.rb - About 1 day to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method cmd_workspace has a Cognitive Complexity of 84 (exceeds 5 allowed). Consider refactoring.
              Open

                def cmd_workspace(*args)
    return unless active?

    state = :nil
              Severity: Minor
              Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method sql_statement has 335 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def sql_statement()

    # DEFINED HEADER TEXT
    headings = [
      ["Server","Database", "Schema", "Table", "Column", "Data Type", "Sample Data","Row Count"]
              Severity: Major
              Found in modules/auxiliary/admin/mssql/mssql_findandsampledata.rb - About 1 day to fix

                File veeam_credential_dump.rb has 724 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                require 'metasploit/framework/credential_collection'

class MetasploitModule < Msf::Post
  include Msf::Post::Common
  include Msf::Post::File
                Severity: Major
                Found in modules/post/windows/gather/credentials/veeam_credential_dump.rb - About 1 day to fix

                  Method on_request_uri has 334 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def on_request_uri(cli, request)
    print_status("Sending #{request.uri}")
    if request.uri =~ %r{/exploit.html$}
      html = %Q^
<html>
                  Severity: Major
                  Found in modules/exploits/windows/browser/chrome_filereader_uaf.rb - About 1 day to fix

                    Method cmd_portfwd has a Cognitive Complexity of 83 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def cmd_portfwd(*args)
    args.unshift('list') if args.empty?

    # For clarity's sake.
    lport = nil
                    Severity: Minor
                    Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    File java_jdwp_debugger.rb has 718 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    class MetasploitModule < Msf::Exploit::Remote
  Rank = GoodRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::EXE
                    Severity: Major
                    Found in modules/exploits/multi/misc/java_jdwp_debugger.rb - About 1 day to fix

                      Method exploit has 329 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def exploit
    if target.name =~ /prestashop/
      uri = normalize_uri(target_uri.path)
      res = send_request_cgi({'uri' => uri})
      if res && res.code != 301
                      Severity: Major
                      Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 1 day to fix

                        File weblogic_deserialize_badattrval.rb has 712 lines of code (exceeds 250 allowed). Consider refactoring.
                        Open

                        class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::CmdStager
                        Severity: Major
                        Found in modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb - About 1 day to fix

                          Method import_netsparker_xml has a Cognitive Complexity of 82 (exceeds 5 allowed). Consider refactoring.
                          Open

                            def import_netsparker_xml(args={}, &block)
    data = args[:data]
    wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
    addr = nil
                          Severity: Minor
                          Found in lib/msf/core/db_manager/import/netsparker.rb - About 1 day to fix

                          Cognitive Complexity

                          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                          A method's cognitive complexity is based on a few simple rules:

                          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                          • Code is considered more complex for each "break in the linear flow of the code"
                          • Code is considered more complex when "flow breaking structures are nested"

                          Further reading

                          Method exploit has 326 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def exploit
    if is_root?
      fail_with Failure::BadConfig, 'Session already has root privileges'
    end
                          Severity: Major
                          Found in modules/exploits/solaris/local/rsh_stack_clash_priv_esc.rb - About 1 day to fix

                            Method cmd_sessions has 326 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def cmd_sessions(*args)
    begin
    method   = nil
    quiet    = false
    show_active = false
                            Severity: Major
                            Found in lib/msf/ui/console/command_dispatcher/core.rb - About 1 day to fix
                              Severity
                              Category
                              Status
                              Source
                              Language