rapid7/metasploit-framework

View on GitHub

Showing 15,639 of 21,649 total issues

Method run has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    print_status("Sending RMI Header...")
    connect

    send_header
Severity: Minor
Found in modules/auxiliary/gather/java_rmi_registry.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method parse_password has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def parse_password(filedata)
    filedata.each_line { |line|
      elem = line.strip.split('=')
      if elem.length >= 1
        if elem[0] == 'PASSWD'
Severity: Minor
Found in modules/auxiliary/gather/darkcomet_filedownloader.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method convert_sids_to_human_readable_name has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def convert_sids_to_human_readable_name(sids_array)
    output = []
    for sid in sids_array
      raw_filter = "(objectSID=#{sid})"
      attributes = ['sAMAccountName', 'name']
Severity: Minor
Found in modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method grab_domain_ip_history has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def grab_domain_ip_history(domain)
    begin
      cli = Rex::Proto::Http::Client.new('viewdns.info', 443, {}, true, nil, datastore['Proxies'])
      cli.connect

Severity: Minor
Found in modules/auxiliary/gather/cloud_lookup.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = send_request_cgi!({
      'uri' => normalize_uri(target_uri.path, 'login')
    })
    return Exploit::CheckCode::Unknown("#{peer} - Could not connect to web service - no response") if res.nil?
Severity: Minor
Found in modules/auxiliary/gather/apache_superset_cookie_sig_priv_esc.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method process_propfind has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def process_propfind(cli, request)
    path = request.uri
    print_status("PROPFIND #{path}")
    body = ''

Severity: Minor
Found in modules/auxiliary/gather/ie_sandbox_findfiles.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    # Define our instance variables real quick.
    @base_dn = nil
    @ldap_mspki_enterprise_oids = []
    @ldap_groups = []
Severity: Minor
Found in modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run_brute has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def run_brute
    result_count = 0
    user_file = datastore['USER_FILE']
    if user_file.nil?
      fail_with(Msf::Module::Failure::BadConfig, 'User file must be specified when brute forcing')
Severity: Minor
Found in modules/auxiliary/gather/asrep.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_version_info has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def get_version_info
    vprint_status('Querying version information...')
    request = {
      'uri' => normalize_uri(target_uri.path),
      'method' => 'GET'
Severity: Minor
Found in modules/auxiliary/gather/elasticsearch_enum.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method action_remove has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def action_remove(obj)
    delegate_from = get_delegate_from_obj

    security_descriptor = obj[ATTRIBUTE]
    unless security_descriptor.dacl && !security_descriptor.dacl.aces.empty?
Severity: Minor
Found in modules/auxiliary/admin/ldap/rbcd.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run_host has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def run_host(_ip)
    soapenv = 'http://schemas.xmlsoap.org/soap/envelope/'
    soapenvenc = 'http://schemas.xmlsoap.org/soap/encoding/'
    xsi = 'http://www.w3.org/1999/XMLSchema-instance'
    xsd = 'http://www.w3.org/1999/XMLSchema'
Severity: Minor
Found in modules/auxiliary/admin/networking/cisco_secure_acs_bypass.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check_imp_sysadmin has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def check_imp_sysadmin(imp_user_list)
    # Check if the user has the db_owner role is any databases
    imp_user_list.each do |imp_user|
      # Setup query
      clue_start = Rex::Text.rand_text_alpha(8 + rand(4))
Severity: Minor
Found in modules/auxiliary/admin/mssql/mssql_escalate_execute_as_sqli.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_win_domain_users has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def get_win_domain_users(windows_domain_sid)

    # Create array to store the windws accounts etc
    windows_logins = []

Severity: Minor
Found in modules/auxiliary/admin/mssql/mssql_enum_domain_accounts.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    res = send_request_cgi({
      'uri' => normalize_uri(datastore['TARGETURI'], 'cgi-bin', 'cgi_system'),
      'vars_get' => { 'cmd' => 'loaddefconfig' }
    })
Severity: Minor
Found in modules/auxiliary/admin/http/nuuo_nvrmini_reset.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    validate_command
    if check != Exploit::CheckCode::Appears
      fail_with(Failure::NotVulnerable, 'Target is not vulnerable')
    end
Severity: Minor
Found in modules/auxiliary/admin/http/pihole_domains_api_exec.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method reset_one has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def reset_one(password, report = false)
    (0..datastore['MAXINT']).each do |int_to_try|
      encode_pass = REXML::Text.new(password).to_s

      xml = ''
Severity: Minor
Found in modules/auxiliary/admin/http/rails_devise_pass_reset.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run_host has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def run_host(_ip)
    tmpfile = Rex::Text.rand_text_alphanumeric(20) # Store the base64 encoded traversal data in a hard-to-brute filename, just in case.

    print_status("Attempting to connect to #{rhost}:#{rport}")
    res = send_request_raw(
Severity: Minor
Found in modules/auxiliary/admin/http/contentkeeper_fileaccess.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    print_status('Establishing a connection to the target...')

    error_uri = datastore['URI'] + '/index.php?jumpurl=' + datastore['RFILE'] + '&juSecure=1&type=0&locationData=1:'
    ju_hash = nil
Severity: Minor
Found in modules/auxiliary/admin/http/typo3_sa_2009_002.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = send_request_cgi({ 'uri' => postfixadmin_url_login, 'method' => 'GET' })

    return Exploit::CheckCode::Unknown unless res

Severity: Minor
Found in modules/auxiliary/admin/http/pfadmin_set_protected_alias.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    vprint_status("#{peer} - Attempting to connect...")
    vprint_status("#{peer} - Trying to retrieve the first user id...")
    first_id = send_sql_request('id from wp_users order by id asc limit 1 ; --')
    if first_id.nil?
Severity: Minor
Found in modules/auxiliary/admin/http/wp_symposium_sql_injection.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language