rapid7/metasploit-framework

View on GitHub

Showing 13,944 of 19,648 total issues

File http_client.rb has 609 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'uri'
require 'digest'

module Msf

Severity: Major
Found in lib/msf/core/exploit/remote/http_client.rb - About 1 day to fix

    Method to_executable_fmt has a Cognitive Complexity of 67 (exceeds 5 allowed). Consider refactoring.
    Open

      def self.to_executable_fmt(framework, arch, plat, code, fmt, exeopts)
        # For backwards compatibility with the way this gets called when
        # generating from Msf::Simple::Payload.generate_simple
        if arch.kind_of? Array
          output = nil
    Severity: Minor
    Found in lib/msf/util/exe.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method cmd_loot has a Cognitive Complexity of 67 (exceeds 5 allowed). Consider refactoring.
    Open

      def cmd_loot(*args)
        return unless active?
    
        mode = :search
        host_ranges = []
    Severity: Minor
    Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method rpc_del_service has a Cognitive Complexity of 67 (exceeds 5 allowed). Consider refactoring.
    Open

      def rpc_del_service(xopts)
      ::ApplicationRecord.connection_pool.with_connection {
        opts, wspace = init_db_opts_workspace(xopts)
        hosts  = []
        services = []
    Severity: Minor
    Found in lib/msf/core/rpc/v10/rpc_db.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Class EXE has 71 methods (exceeds 20 allowed). Consider refactoring.
    Open

    class EXE
    
    require 'rex'
    require 'rex/peparsey'
    require 'rex/pescan'
    Severity: Major
    Found in lib/msf/util/exe.rb - About 1 day to fix

      Class Modules has 71 methods (exceeds 20 allowed). Consider refactoring.
      Open

              class Modules
      
                include Msf::Ui::Console::CommandDispatcher
                include Msf::Ui::Console::CommandDispatcher::Common
      
      
      Severity: Major
      Found in lib/msf/ui/console/command_dispatcher/modules.rb - About 1 day to fix

        Class Db has 71 methods (exceeds 20 allowed). Consider refactoring.
        Open

        class Db
        
          require 'tempfile'
        
          include Msf::Ui::Console::CommandDispatcher
        Severity: Major
        Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

          Method crawler_process_page has a Cognitive Complexity of 66 (exceeds 5 allowed). Consider refactoring.
          Open

            def crawler_process_page(t, page, cnt)
              return if page.nil? # Skip over pages that don't contain any info aka page is nil. We can't process these types of pages since there is no data to process.
              msg = "[#{"%.5d" % cnt}/#{"%.5d" % max_page_count}]    #{page ? page.code || "ERR" : "ERR"} - #{t[:vhost]} - #{page.url}"
              if page.error
                print_error("Error accessing page #{page.error.to_s}")
          Severity: Minor
          Found in modules/auxiliary/scanner/http/crawler.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method get_files_info has a Cognitive Complexity of 66 (exceeds 5 allowed). Consider refactoring.
          Open

            def get_files_info(ip, shares)
              # Creating a separate file for each IP address's results.
              detailed_tbl = Rex::Text::Table.new(
                'Header' => "Spidered results for #{ip}.",
                'Indent' => 1,
          Severity: Minor
          Found in modules/auxiliary/scanner/smb/smb_enumshares.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          File vim_soap.rb has 597 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          module Msf
          
          module Exploit::Remote::VIMSoap
            include Msf::Exploit::Remote::HttpClient
          
          
          Severity: Major
          Found in lib/msf/core/exploit/remote/vim_soap.rb - About 1 day to fix

            Method send_tcp has a Cognitive Complexity of 65 (exceeds 5 allowed). Consider refactoring.
            Open

                def send_tcp(packet,packet_data,prox = @config[:proxies])
                  ans = nil
                  length = [packet_data.size].pack("n")
                  @config[:nameservers].each do |ns|
                    begin
            Severity: Minor
            Found in lib/rex/proto/dns/resolver.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            File auth_brute.rb has 592 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            module Msf
            
            ###
            #
            # This module provides methods for brute forcing authentication
            Severity: Major
            Found in lib/msf/core/auxiliary/auth_brute.rb - About 1 day to fix

              File utils.rb has 587 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              module Rex::Proto::NTLM
                class Utils
              
                  # duplicate from lib/rex/proto/smb/utils cause we only need this fonction from Rex::Proto::SMB::Utils
                  # Convert a unix timestamp to a 64-bit signed server time
              Severity: Major
              Found in lib/rex/proto/ntlm/utils.rb - About 1 day to fix

                Method run has a Cognitive Complexity of 64 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run
                    # check if we already have a socket, if not, create one
                    unless @sock
                      # create a socket
                      res_code, sock_or_msg = create_socket_for_xnode(rhost, rport)
                Severity: Minor
                Found in modules/auxiliary/gather/manageengine_adaudit_plus_xnode_enum.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method run has a Cognitive Complexity of 64 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run
                    # check if we already have a socket, if not, create one
                    unless @sock
                      # create a socket
                      res_code, sock_or_msg = create_socket_for_xnode(rhost, rport)
                Severity: Minor
                Found in modules/auxiliary/gather/manageengine_datasecurity_plus_xnode_enum.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method run has a Cognitive Complexity of 64 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run
                    base_addr = datastore['BASEDNS']
                    targ_addr = datastore['TARGDNS']
                    check_ar  = datastore['CHECK_ADDITIONAL']
                    check_aa  = datastore['CHECK_AUTHORITY']
                Severity: Minor
                Found in modules/auxiliary/spoof/dns/compare_results.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method run_host has a Cognitive Complexity of 64 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run_host(target_host)
                    print_status("Trying #{target_host}")
                    if wordpress_and_online?
                      version = wordpress_version
                      version_string = version || '(no version detected)'
                Severity: Minor
                Found in modules/auxiliary/scanner/http/wordpress_scanner.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method initialize has a Cognitive Complexity of 64 (exceeds 5 allowed). Consider refactoring.
                Open

                  def initialize(framework)
                    self.framework = framework
                    self.sid_pool  = 0
                    self.mutex = Mutex.new
                    self.scheduler_queue = ::Queue.new
                Severity: Minor
                Found in lib/msf/core/session_manager.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method on_request_uri has 252 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def on_request_uri(cli, request)
                    print_status("Sending #{request.uri} to #{request['User-Agent']}")
                    escaped_payload = Rex::Text.to_unescape(payload.raw)
                    jscript = %Q^
                var shellcode = unescape("#{escaped_payload}");
                Severity: Major
                Found in modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb - About 1 day to fix

                  Method on_request_uri has 249 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def on_request_uri(cli, request)
                      print_status("Sending #{request.uri} to #{request['User-Agent']}")
                      download_payload = ''
                      shellcode = payload.encoded
                      uripath = datastore['URIPATH'] || get_resource
                  Severity: Major
                  Found in modules/exploits/multi/browser/chrome_object_create.rb - About 1 day to fix
                    Severity
                    Category
                    Status
                    Source
                    Language