rapid7/metasploit-framework

View on GitHub

Showing 13,811 of 19,502 total issues

Class Exploit has 77 methods (exceeds 20 allowed). Consider refactoring.
Open

class Exploit < Msf::Module

##
  # Exceptions
  ##
Severity: Major
Found in lib/msf/core/exploit.rb - About 1 day to fix

    Method run_host has a Cognitive Complexity of 72 (exceeds 5 allowed). Consider refactoring.
    Open

      def run_host(ip)
    
        #
        # Max string len
        #
    Severity: Minor
    Found in modules/auxiliary/scanner/http/xpath.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method generate has 285 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def generate
    
        target_uri = datastore['URL'] || ""
        filename = datastore['EXE'] || ""
        proto = "https"
    Severity: Major
    Found in modules/payloads/singles/windows/download_exec.rb - About 1 day to fix

      File resolver.rb has 640 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      require 'socket'
      require 'timeout'
      require 'ipaddr'
      require 'logger'
      require 'net/dns/packet'
      Severity: Major
      Found in lib/net/dns/resolver.rb - About 1 day to fix

        File android.rb has 637 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        require 'rex/post/meterpreter'
        require 'rex/post/meterpreter/extensions/android/command_ids'
        require 'date'
        
        module Rex
        Severity: Major
        Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb - About 1 day to fix

          File uds.rb has 636 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          module Msf
          class Post
          module Hardware
          module Automotive
          
          
          Severity: Major
          Found in lib/msf/core/post/hardware/automotive/uds.rb - About 1 day to fix

            Method run_host has a Cognitive Complexity of 71 (exceeds 5 allowed). Consider refactoring.
            Open

              def run_host(ip)
            
                [[139, false], [445, true]].each do |info|
            
                @rport = info[0]
            Severity: Minor
            Found in modules/auxiliary/scanner/smb/smb_enumusers.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method code_execution has a Cognitive Complexity of 71 (exceeds 5 allowed). Consider refactoring.
            Open

              def code_execution
                print_status("Trying code execution...")
            
                # can't "${run{/bin/sh -c 'exec /bin/sh -i <&#{b} >&0 2>&0'}} " anymore:
                # DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
            Severity: Minor
            Found in modules/exploits/linux/smtp/exim_gethostbyname_bof.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method on_request_uri has 280 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def on_request_uri(cli, request)
                print_status("Request from #{request['User-Agent']}")
                if request.uri =~ %r{/loader32$}
                  print_good("armle target is vulnerable.")
                  local_file = File.join( Msf::Config.data_directory, "exploits", "CVE-2016-4655", "exploit32" )
            Severity: Major
            Found in modules/exploits/apple_ios/browser/webkit_trident.rb - About 1 day to fix

              Method asm_reverse_http has 278 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def asm_reverse_http(opts={})
              
                  retry_count   = opts[:retry_count].to_i
                  retry_wait   = opts[:retry_wait].to_i * 1000
                  proxy_enabled = !!(opts[:proxy_host].to_s.strip.length > 0)
              Severity: Major
              Found in lib/msf/core/payload/windows/reverse_http.rb - About 1 day to fix

                Method run has a Cognitive Complexity of 70 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run
                    @port = datastore['SRVPORT'].to_i
                
                    @log_console  = false
                    @log_database = false
                Severity: Minor
                Found in modules/auxiliary/server/fakedns.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method exploit has 274 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def exploit
                    if is_root?
                      unless datastore['ForceExploit']
                        fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.'
                      end
                Severity: Major
                Found in modules/exploits/linux/local/sock_sendpage.rb - About 1 day to fix

                  Method run_host has a Cognitive Complexity of 69 (exceeds 5 allowed). Consider refactoring.
                  Open

                    def run_host(ip)
                  
                      begin
                        snmp = connect_snmp
                  
                  
                  Severity: Minor
                  Found in modules/auxiliary/scanner/snmp/sbg6580_enum.rb - About 1 day to fix

                  Cognitive Complexity

                  Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                  A method's cognitive complexity is based on a few simple rules:

                  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                  • Code is considered more complex for each "break in the linear flow of the code"
                  • Code is considered more complex when "flow breaking structures are nested"

                  Further reading

                  File oraenum.rb has 621 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  class MetasploitModule < Msf::Auxiliary
                    include Msf::Auxiliary::Report
                    include Msf::Exploit::ORACLE
                  
                    def initialize(info = {})
                  Severity: Major
                  Found in modules/auxiliary/admin/oracle/oraenum.rb - About 1 day to fix

                    File client.rb has 616 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    require 'rex/encoder/ndr'
                    require 'recog'
                    
                    module Msf
                      module Exploit::Remote::SMB
                    Severity: Major
                    Found in lib/msf/core/exploit/remote/smb/client.rb - About 1 day to fix

                      File packet.rb has 615 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      require 'openssl'
                      require 'rex/post/meterpreter/command_mapper'
                      
                      module Rex
                      module Post
                      Severity: Major
                      Found in lib/rex/post/meterpreter/packet.rb - About 1 day to fix

                        Method asm_reverse_http has 269 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def asm_reverse_http(opts={})
                        
                            retry_count   = opts[:retry_count].to_i
                            retry_wait   = opts[:retry_wait].to_i * 1000
                            proxy_enabled = !!(opts[:proxy_host].to_s.strip.length > 0)
                        Severity: Major
                        Found in lib/msf/core/payload/windows/x64/reverse_http_x64.rb - About 1 day to fix

                          Method rpc_del_vuln has a Cognitive Complexity of 68 (exceeds 5 allowed). Consider refactoring.
                          Open

                            def rpc_del_vuln(xopts)
                            ::ApplicationRecord.connection_pool.with_connection {
                              opts, wspace = init_db_opts_workspace(xopts)
                              opts[:workspace] = opts[:workspace].name
                              hosts  = []
                          Severity: Minor
                          Found in lib/msf/core/rpc/v10/rpc_db.rb - About 1 day to fix

                          Cognitive Complexity

                          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                          A method's cognitive complexity is based on a few simple rules:

                          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                          • Code is considered more complex for each "break in the linear flow of the code"
                          • Code is considered more complex when "flow breaking structures are nested"

                          Further reading

                          Method apply_prepends has 267 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def apply_prepends(buf)
                              pre = ''
                              app = ''
                          
                              test_arch = [ *(self.arch) ]
                          Severity: Major
                          Found in lib/msf/core/payload/linux.rb - About 1 day to fix

                            File http_client.rb has 609 lines of code (exceeds 250 allowed). Consider refactoring.
                            Open

                            require 'uri'
                            require 'digest'
                            
                            module Msf
                            
                            
                            Severity: Major
                            Found in lib/msf/core/exploit/remote/http_client.rb - About 1 day to fix
                              Severity
                              Category
                              Status
                              Source
                              Language