rapid7/metasploit-framework

View on GitHub

Showing 14,626 of 20,405 total issues

File browser_autopwn.rb has 756 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'rex/exploitation/js/detect'
require 'rex/exploitation/jsobfu'

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpServer::HTML
Severity: Major
Found in modules/auxiliary/server/browser_autopwn.rb - About 1 day to fix

    File file.rb has 754 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    require 'rex/post/meterpreter/extensions/stdapi/command_ids'
    require 'rex/post/file_stat'
    
    module Msf::Post::File
      include Msf::Post::Common
    Severity: Major
    Found in lib/msf/core/post/file.rb - About 1 day to fix

      File snmp_enum.rb has 747 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      class MetasploitModule < Msf::Auxiliary
        include Msf::Exploit::Remote::SNMPClient
        include Msf::Auxiliary::Report
        include Msf::Auxiliary::Scanner
      
      
      Severity: Major
      Found in modules/auxiliary/scanner/snmp/snmp_enum.rb - About 1 day to fix

        Method cmd_reg has a Cognitive Complexity of 86 (exceeds 5 allowed). Consider refactoring.
        Open

          def cmd_reg(*args)
            # Extract the command, if any
            cmd = args.shift
        
            if (args.length == 0)
        Severity: Minor
        Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb - About 1 day to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        File base.rb has 738 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        class Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Base
          extend Forwardable
          include Msf::Exploit::Remote::Kerberos::Client
          include Msf::Auxiliary::Report
          include Rex::Proto::Gss::Asn1
        Severity: Major
        Found in lib/msf/core/exploit/remote/kerberos/service_authenticator/base.rb - About 1 day to fix

          Method run has a Cognitive Complexity of 85 (exceeds 5 allowed). Consider refactoring.
          Open

            def run
              return if not check_dependencies
          
              begin
                # Get all values from v$parameter
          Severity: Minor
          Found in modules/auxiliary/admin/oracle/oraenum.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          File ssllabs_scan.rb has 732 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          require 'active_support/inflector'
          require 'json'
          require 'active_support/core_ext/hash'
          
          class MetasploitModule < Msf::Auxiliary
          Severity: Major
          Found in modules/auxiliary/gather/ssllabs_scan.rb - About 1 day to fix

            File mssql_enum.rb has 729 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            class MetasploitModule < Msf::Auxiliary
              include Msf::Exploit::Remote::MSSQL
              include Msf::Auxiliary::Report
            
              def initialize(info = {})
            Severity: Major
            Found in modules/auxiliary/admin/mssql/mssql_enum.rb - About 1 day to fix

              Method end_element has a Cognitive Complexity of 84 (exceeds 5 allowed). Consider refactoring.
              Open

                def end_element(name=nil)
                  block = @block
                  case name
                  when 'name'
                    if in_tag('result')
              Severity: Minor
              Found in lib/rex/parser/openvas_document.rb - About 1 day to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method cmd_workspace has a Cognitive Complexity of 84 (exceeds 5 allowed). Consider refactoring.
              Open

                def cmd_workspace(*args)
                  return unless active?
              
                  state = :nil
              
              
              Severity: Minor
              Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method sql_statement has 335 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def sql_statement()
              
                  # DEFINED HEADER TEXT
                  headings = [
                    ["Server","Database", "Schema", "Table", "Column", "Data Type", "Sample Data","Row Count"]
              Severity: Major
              Found in modules/auxiliary/admin/mssql/mssql_findandsampledata.rb - About 1 day to fix

                File veeam_credential_dump.rb has 724 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                require 'metasploit/framework/credential_collection'
                
                class MetasploitModule < Msf::Post
                  include Msf::Post::Common
                  include Msf::Post::File
                Severity: Major
                Found in modules/post/windows/gather/credentials/veeam_credential_dump.rb - About 1 day to fix

                  Method on_request_uri has 334 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def on_request_uri(cli, request)
                      print_status("Sending #{request.uri}")
                      if request.uri =~ %r{/exploit.html$}
                        html = %Q^
                  <html>
                  Severity: Major
                  Found in modules/exploits/windows/browser/chrome_filereader_uaf.rb - About 1 day to fix

                    Method cmd_portfwd has a Cognitive Complexity of 83 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def cmd_portfwd(*args)
                        args.unshift('list') if args.empty?
                    
                        # For clarity's sake.
                        lport = nil
                    Severity: Minor
                    Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    File java_jdwp_debugger.rb has 718 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    class MetasploitModule < Msf::Exploit::Remote
                      Rank = GoodRanking
                    
                      include Msf::Exploit::Remote::Tcp
                      include Msf::Exploit::EXE
                    Severity: Major
                    Found in modules/exploits/multi/misc/java_jdwp_debugger.rb - About 1 day to fix

                      Method exploit has 329 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def exploit
                          if target.name =~ /prestashop/
                            uri = normalize_uri(target_uri.path)
                            res = send_request_cgi({'uri' => uri})
                            if res && res.code != 301
                      Severity: Major
                      Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 1 day to fix

                        File weblogic_deserialize_badattrval.rb has 712 lines of code (exceeds 250 allowed). Consider refactoring.
                        Open

                        class MetasploitModule < Msf::Exploit::Remote
                          Rank = NormalRanking
                        
                          include Msf::Exploit::Remote::Tcp
                          include Msf::Exploit::CmdStager
                        Severity: Major
                        Found in modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb - About 1 day to fix

                          Method import_netsparker_xml has a Cognitive Complexity of 82 (exceeds 5 allowed). Consider refactoring.
                          Open

                            def import_netsparker_xml(args={}, &block)
                              data = args[:data]
                              wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
                              bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
                              addr = nil
                          Severity: Minor
                          Found in lib/msf/core/db_manager/import/netsparker.rb - About 1 day to fix

                          Cognitive Complexity

                          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                          A method's cognitive complexity is based on a few simple rules:

                          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                          • Code is considered more complex for each "break in the linear flow of the code"
                          • Code is considered more complex when "flow breaking structures are nested"

                          Further reading

                          Method exploit has 326 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def exploit
                              if is_root?
                                fail_with Failure::BadConfig, 'Session already has root privileges'
                              end
                          
                          
                          Severity: Major
                          Found in modules/exploits/solaris/local/rsh_stack_clash_priv_esc.rb - About 1 day to fix

                            Method cmd_sessions has 326 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def cmd_sessions(*args)
                                begin
                                method   = nil
                                quiet    = false
                                show_active = false
                            Severity: Major
                            Found in lib/msf/ui/console/command_dispatcher/core.rb - About 1 day to fix
                              Severity
                              Category
                              Status
                              Source
                              Language