rapid7/metasploit-framework

View on GitHub

Showing 13,734 of 19,454 total issues

Method sql_statement has 335 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def sql_statement()

    # DEFINED HEADER TEXT
    headings = [
      ["Server","Database", "Schema", "Table", "Column", "Data Type", "Sample Data","Row Count"]
Severity: Major
Found in modules/auxiliary/admin/mssql/mssql_findandsampledata.rb - About 1 day to fix

    Method on_request_uri has 334 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def on_request_uri(cli, request)
        print_status("Sending #{request.uri}")
        if request.uri =~ %r{/exploit.html$}
          html = %Q^
    <html>
    Severity: Major
    Found in modules/exploits/windows/browser/chrome_filereader_uaf.rb - About 1 day to fix

      Method dump_ntds_hashes has a Cognitive Complexity of 83 (exceeds 5 allowed). Consider refactoring.
      Open

        def dump_ntds_hashes
          _machine_name, domain_name = get_machine_name_and_domain
          return unless domain_name
      
          print_status('Dumping Domain Credentials (domain\\uid:rid:lmhash:nthash)')
      Severity: Minor
      Found in modules/auxiliary/gather/windows_secrets_dump.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      File java_jdwp_debugger.rb has 718 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      class MetasploitModule < Msf::Exploit::Remote
        Rank = GoodRanking
      
        include Msf::Exploit::Remote::Tcp
        include Msf::Exploit::EXE
      Severity: Major
      Found in modules/exploits/multi/misc/java_jdwp_debugger.rb - About 1 day to fix

        Method exploit has 329 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def exploit
            if target.name =~ /prestashop/
              uri = normalize_uri(target_uri.path)
              res = send_request_cgi({'uri' => uri})
              if res && res.code != 301
        Severity: Major
        Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 1 day to fix

          File weblogic_deserialize_badattrval.rb has 712 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          class MetasploitModule < Msf::Exploit::Remote
            Rank = NormalRanking
          
            include Msf::Exploit::Remote::Tcp
            include Msf::Exploit::CmdStager
          Severity: Major
          Found in modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb - About 1 day to fix

            Method import_netsparker_xml has a Cognitive Complexity of 82 (exceeds 5 allowed). Consider refactoring.
            Open

              def import_netsparker_xml(args={}, &block)
                data = args[:data]
                wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
                bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
                addr = nil
            Severity: Minor
            Found in lib/msf/core/db_manager/import/netsparker.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method exploit has 326 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def exploit
                if is_root?
                  fail_with Failure::BadConfig, 'Session already has root privileges'
                end
            
            
            Severity: Major
            Found in modules/exploits/solaris/local/rsh_stack_clash_priv_esc.rb - About 1 day to fix

              Method cmd_sessions has 326 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def cmd_sessions(*args)
                  begin
                  method   = nil
                  quiet    = false
                  show_active = false
              Severity: Major
              Found in lib/msf/ui/console/command_dispatcher/core.rb - About 1 day to fix

                Method cisco_ios_config_eater has 324 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                    def cisco_ios_config_eater(thost, tport, config)
                
                      if framework.db.active
                        credential_data = {
                          address: thost,
                Severity: Major
                Found in lib/msf/core/auxiliary/cisco.rb - About 1 day to fix

                  Method on_request_uri has 323 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def on_request_uri(cli, request)
                      user_agent = request['User-Agent']
                      print_status("Request from #{user_agent}")
                      offsets = get_offsets(user_agent)
                      unless offsets
                  Severity: Major
                  Found in modules/exploits/osx/browser/safari_proxy_object_type_confusion.rb - About 1 day to fix

                    Method run_host has a Cognitive Complexity of 81 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def run_host(target_host)
                        case
                          when action.name == 'LISTFILES'
                            res = http_post('listFiles')
                            unless res
                    Severity: Minor
                    Found in modules/auxiliary/scanner/http/es_file_explorer_open_port.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method information_leak has a Cognitive Complexity of 81 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def information_leak
                        print_status("Trying information leak...")
                        leaked_arch = nil
                        leaked_addr = []
                    
                    
                    Severity: Minor
                    Found in modules/exploits/linux/smtp/exim_gethostbyname_bof.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method report_vuln has a Cognitive Complexity of 81 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def report_vuln(opts)
                        return if not active
                        raise ArgumentError.new("Missing required option :host") if opts[:host].nil?
                        raise ArgumentError.new("Deprecated data column for vuln, use .info instead") if opts[:data]
                        name = opts[:name] || return
                    Severity: Minor
                    Found in lib/msf/core/db_manager/vuln.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    File lastpass_creds.rb has 702 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    require 'sqlite3'
                    require 'uri'
                    
                    class MetasploitModule < Msf::Post
                      include Msf::Post::File
                    Severity: Major
                    Found in modules/post/multi/gather/lastpass_creds.rb - About 1 day to fix

                      Method run has a Cognitive Complexity of 79 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def run
                          unless db
                            print_warning('Cannot find any active database. Extracted data will only be displayed here and NOT stored.')
                          end
                      
                      
                      Severity: Minor
                      Found in modules/auxiliary/gather/windows_secrets_dump.rb - About 1 day to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Method run has a Cognitive Complexity of 79 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def run
                      
                          loot = ""
                          uri = "/"
                          uri << (datastore['YEAR']).to_s if datastore['YEAR'].to_s != ""
                      Severity: Minor
                      Found in modules/auxiliary/gather/corpwatch_lookup_id.rb - About 1 day to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Method run_host has a Cognitive Complexity of 79 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def run_host(ip)
                      
                          ipmi_status("Sending IPMI probes")
                      
                          usernames = []
                      Severity: Minor
                      Found in modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb - About 1 day to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Method parse_server has a Cognitive Complexity of 79 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def parse_server(data)
                          creds = []
                          perms = []
                          groups = []
                          settings = {}
                      Severity: Minor
                      Found in modules/post/windows/gather/credentials/filezilla_server.rb - About 1 day to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Method cmd_portfwd has a Cognitive Complexity of 79 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def cmd_portfwd(*args)
                          args.unshift('list') if args.empty?
                      
                          # For clarity's sake.
                          lport = nil
                      Severity: Minor
                      Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb - About 1 day to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Severity
                      Category
                      Status
                      Source
                      Language