rapid7/metasploit-framework

View on GitHub

Showing 14,333 of 20,109 total issues

Method check_lines has a Cognitive Complexity of 73 (exceeds 5 allowed). Consider refactoring.
Open

  def check_lines
    url_ok     = true
    no_stdio   = true
    in_comment = false
    in_literal = false
Severity: Minor
Found in tools/dev/msftidy.rb - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

File glassfish_deployer.rb has 647 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'nokogiri'
require 'metasploit/framework/login_scanner/glassfish'
require 'metasploit/framework/credential_collection'

class MetasploitModule < Msf::Exploit::Remote
Severity: Major
Found in modules/exploits/multi/http/glassfish_deployer.rb - About 1 day to fix

    Class Core has 77 methods (exceeds 20 allowed). Consider refactoring.
    Open

    class Console::CommandDispatcher::Core
    
      include Console::CommandDispatcher
    
      #
    Severity: Major
    Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb - About 1 day to fix

      Class Exploit has 77 methods (exceeds 20 allowed). Consider refactoring.
      Open

      class Exploit < Msf::Module
      
      ##
        # Exceptions
        ##
      Severity: Major
      Found in lib/msf/core/exploit.rb - About 1 day to fix

        File thycotic_secretserver_dump.rb has 644 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        require 'metasploit/framework/credential_collection'
        
        class MetasploitModule < Msf::Post
          include Msf::Post::Common
          include Msf::Post::File
        Severity: Major
        Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 1 day to fix

          Method run_host has a Cognitive Complexity of 72 (exceeds 5 allowed). Consider refactoring.
          Open

            def run_host(ip)
          
              #
              # Max string len
              #
          Severity: Minor
          Found in modules/auxiliary/scanner/http/xpath.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method generate has 285 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def generate(_opts = {})
          
              target_uri = datastore['URL'] || ""
              filename = datastore['EXE'] || ""
              proto = "https"
          Severity: Major
          Found in modules/payloads/singles/windows/download_exec.rb - About 1 day to fix

            File resolver.rb has 640 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            require 'socket'
            require 'timeout'
            require 'ipaddr'
            require 'logger'
            require 'net/dns/packet'
            Severity: Major
            Found in lib/net/dns/resolver.rb - About 1 day to fix

              File android.rb has 637 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              require 'rex/post/meterpreter'
              require 'rex/post/meterpreter/extensions/android/command_ids'
              require 'date'
              
              module Rex
              Severity: Major
              Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb - About 1 day to fix

                File uds.rb has 636 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                module Msf
                class Post
                module Hardware
                module Automotive
                
                
                Severity: Major
                Found in lib/msf/core/post/hardware/automotive/uds.rb - About 1 day to fix

                  Method run_host has a Cognitive Complexity of 71 (exceeds 5 allowed). Consider refactoring.
                  Open

                    def run_host(ip)
                  
                      [[139, false], [445, true]].each do |info|
                  
                      @rport = info[0]
                  Severity: Minor
                  Found in modules/auxiliary/scanner/smb/smb_enumusers.rb - About 1 day to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Method code_execution has a Cognitive Complexity of 71 (exceeds 5 allowed). Consider refactoring.
                  Open

                    def code_execution
                      print_status("Trying code execution...")
                  
                      # can't "${run{/bin/sh -c 'exec /bin/sh -i <&#{b} >&0 2>&0'}} " anymore:
                      # DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
                  Severity: Minor
                  Found in modules/exploits/linux/smtp/exim_gethostbyname_bof.rb - About 1 day to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  Method on_request_uri has 280 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def on_request_uri(cli, request)
                      print_status("Request from #{request['User-Agent']}")
                      if request.uri =~ %r{/loader32$}
                        print_good("armle target is vulnerable.")
                        local_file = File.join( Msf::Config.data_directory, "exploits", "CVE-2016-4655", "exploit32" )
                  Severity: Major
                  Found in modules/exploits/apple_ios/browser/webkit_trident.rb - About 1 day to fix

                    Method run has a Cognitive Complexity of 70 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def run
                        @port = datastore['SRVPORT'].to_i
                    
                        @log_console  = false
                        @log_database = false
                    Severity: Minor
                    Found in modules/auxiliary/server/fakedns.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method get_files_info has a Cognitive Complexity of 70 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def get_files_info(ip, shares)
                        # Creating a separate file for each IP address's results.
                        detailed_tbl = Rex::Text::Table.new(
                          'Header' => "Spidered results for #{ip}.",
                          'Indent' => 1,
                    Severity: Minor
                    Found in modules/auxiliary/scanner/smb/smb_enumshares.rb - About 1 day to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method exploit has 274 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def exploit
                        if is_root?
                          unless datastore['ForceExploit']
                            fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.'
                          end
                    Severity: Major
                    Found in modules/exploits/linux/local/sock_sendpage.rb - About 1 day to fix

                      Method run_host has a Cognitive Complexity of 69 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def run_host(ip)
                      
                          begin
                            snmp = connect_snmp
                      
                      
                      Severity: Minor
                      Found in modules/auxiliary/scanner/snmp/sbg6580_enum.rb - About 1 day to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Method cmd_set has a Cognitive Complexity of 69 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def cmd_set(*args)
                          # Figure out if these are global variables
                          global = false
                          append = false
                          clear = false
                      Severity: Minor
                      Found in lib/msf/ui/console/command_dispatcher/core.rb - About 1 day to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      File oraenum.rb has 621 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      class MetasploitModule < Msf::Auxiliary
                        include Msf::Auxiliary::Report
                        include Msf::Exploit::ORACLE
                      
                        def initialize(info = {})
                      Severity: Major
                      Found in modules/auxiliary/admin/oracle/oraenum.rb - About 1 day to fix

                        File client.rb has 616 lines of code (exceeds 250 allowed). Consider refactoring.
                        Open

                        require 'rex/encoder/ndr'
                        require 'recog'
                        
                        module Msf
                          module Exploit::Remote::SMB
                        Severity: Major
                        Found in lib/msf/core/exploit/remote/smb/client.rb - About 1 day to fix
                          Severity
                          Category
                          Status
                          Source
                          Language