rapid7/metasploit-framework

View on GitHub

Showing 13,944 of 19,648 total issues

File firefox_creds.rb has 581 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'tmpdir'

#
# Gems
#
Severity: Major
Found in modules/post/multi/gather/firefox_creds.rb - About 1 day to fix

    File cloud_lookup.rb has 580 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    require 'public_suffix'
    
    class MetasploitModule < Msf::Auxiliary
      include Msf::Exploit::Remote::DNS::Enumeration
      include Msf::Auxiliary::Report
    Severity: Major
    Found in modules/auxiliary/gather/cloud_lookup.rb - About 1 day to fix

      Function main has a Cognitive Complexity of 63 (exceeds 5 allowed). Consider refactoring.
      Open

      def main(argv=None):
          if not argv:
              argv = sys.argv
              if len(argv) == 1:
                  print('Usage: build.py [clean|all|<name>]')
      Severity: Minor
      Found in external/source/shellcode/windows/x86/build.py - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method create_lm_ntlm_responses has a Cognitive Complexity of 63 (exceeds 5 allowed). Consider refactoring.
      Open

          def self.create_lm_ntlm_responses(user, pass, challenge_key, domain = '', default_name = '', default_domain = '',
                  dns_host_name = '', dns_domain_name = '', chall_MsvAvTimestamp = nil, spnopt = {}, opt = {} )
      
            usentlm2_session     = opt[:usentlm2_session]    != nil ? opt[:usentlm2_session] : true
            use_ntlmv2         = opt[:use_ntlmv2]         != nil ? opt[:use_ntlmv2] : false
      Severity: Minor
      Found in lib/rex/proto/ntlm/utils.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method cmd_transport has a Cognitive Complexity of 63 (exceeds 5 allowed). Consider refactoring.
      Open

        def cmd_transport(*args)
          if ( args.length == 0 or args.include?("-h") )
            cmd_transport_help
            return
          end
      Severity: Minor
      Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method monitor_socket has a Cognitive Complexity of 63 (exceeds 5 allowed). Consider refactoring.
      Open

        def monitor_socket
      
          # Skip if we are using a passive dispatcher
          return if self.passive_service
      
      
      Severity: Minor
      Found in lib/rex/post/meterpreter/packet_dispatcher.rb - About 1 day to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method command_string has 247 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def command_string
          if (datastore['JOBNAME'] == "DUMMY") && !datastore['FTPUSER'].nil?
            datastore['JOBNAME'] = (datastore['FTPUSER'] + "1").strip.upcase
          end
          lhost = Rex::Socket.resolv_nbo(datastore['LHOST'])
      Severity: Major
      Found in modules/payloads/singles/cmd/mainframe/bind_shell_jcl.rb - About 1 day to fix

        Method osx_capture_media has 247 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def osx_capture_media(opts)
            capture_code = <<-EOS
        #{osx_ruby_dl_header}
        
        options = {
        Severity: Major
        Found in lib/msf/core/post/osx/ruby_dl.rb - About 1 day to fix

          Method get_registry has 245 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def get_registry(outlook_ver)
              # Determine if saved accounts exist within Outlook.  Ignore the Address Book and Personal Folder registry entries.
              outlook_exists = 0
              saved_accounts = 0
          
          
          Severity: Major
          Found in modules/post/windows/gather/credentials/outlook.rb - About 1 day to fix

            Function run has a Cognitive Complexity of 62 (exceeds 5 allowed). Consider refactoring.
            Open

                def run(self):
                    self.__target = self.__kdcHost
            
                    # Connect to LDAP
                    try:
            Severity: Minor
            Found in modules/auxiliary/gather/get_user_spns.py - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method enum_instance has a Cognitive Complexity of 62 (exceeds 5 allowed). Consider refactoring.
            Open

              def enum_instance(rhost)
                print_status("#{rhost}:#{rport} [SAP] Connecting to SAP Management Console SOAP Interface")
                success = false
                soapenv='http://schemas.xmlsoap.org/soap/envelope/'
                xsi='http://www.w3.org/2001/XMLSchema-instance'
            Severity: Minor
            Found in modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method recalculate has a Cognitive Complexity of 62 (exceeds 5 allowed). Consider refactoring.
            Open

              def recalculate
                old_keys = self.keys
                new_keys = []
            
                # Recalculate single payloads
            Severity: Minor
            Found in lib/msf/core/payload_set.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method parse_sessionsetup has a Cognitive Complexity of 62 (exceeds 5 allowed). Consider refactoring.
            Open

              def parse_sessionsetup(pkt, s)
                payload = pkt.payload.dup
                ntlmpayload = payload[/NTLMSSP\x00.*/m]
                if ntlmpayload
                  ntlmmessagetype = ntlmpayload[8,4].unpack("V")[0]
            Severity: Minor
            Found in data/exploits/psnuffle/smb.rb - About 1 day to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            File protocol.rb has 571 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            require "socket"
            require "timeout"
            require "digest/sha1"
            require "stringio"
            
            
            Severity: Major
            Found in lib/rbmysql/protocol.rb - About 1 day to fix

              Method run_host has 240 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def run_host(ip)
                  # Force http verb to be upper-case, because otherwise some web servers such as
                  # Apache might throw you a 501
                  http_method = datastore['METHOD'].upcase
              
              
              Severity: Major
              Found in modules/auxiliary/scanner/http/blind_sql_query.rb - About 1 day to fix

                Method parse_ns_config has a Cognitive Complexity of 61 (exceeds 5 allowed). Consider refactoring.
                Open

                  def parse_ns_config
                    ns_config_data = File.binread(ns_conf)
                    ns_secret.each do |secret|
                      element = secret[0]
                      secret[1].each do |keyword|
                Severity: Minor
                Found in modules/auxiliary/admin/citrix/citrix_netscaler_config_decrypt.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                File userspec_generic.py has 564 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                #!/usr/bin/python
                '''
                Exploit for CVE-2021-3156 with struct userspec overwrite by sleepya
                
                From https://github.com/worawit/CVE-2021-3156
                Severity: Major
                Found in data/exploits/CVE-2021-3156/userspec_generic.py - About 1 day to fix

                  Method initialize has 238 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
                      super(
                        update_info(
                          info,
                          'Name' => 'Cisco RV110W/RV130(W)/RV215W Routers Management Interface Remote Command Execution',
                  Severity: Major
                  Found in modules/exploits/linux/http/cve_2019_1663_cisco_rmi_rce.rb - About 1 day to fix

                    Method run has 237 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def run
                        if ! @telephony_loaded
                          print_error("The Telephony module is not available: #{@telephony_error}")
                          raise RuntimeError, "Telephony not available"
                        end
                    Severity: Major
                    Found in modules/auxiliary/scanner/telephony/wardial.rb - About 1 day to fix

                      Method run_host has a Cognitive Complexity of 60 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def run_host(ip)
                          # Force http verb to be upper-case, because otherwise some web servers such as
                          # Apache might throw you a 501
                          http_method = datastore['METHOD'].upcase
                      
                      
                      Severity: Minor
                      Found in modules/auxiliary/scanner/http/blind_sql_query.rb - About 1 day to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Severity
                      Category
                      Status
                      Source
                      Language