Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,730 of 21,757 total issues

Function check_user has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

def check_user(url, user, password, timeout):
    """Exploit the difference in HTTP responses from the ActiveSync service to identify valid and invalid usernames.
    It was also identified that valid accounts with 2FA enabled can be distinguished from valid accounts without 2FA."""
    headers = {"MS-ASProtocolVersion": "14.0"}
    auth = (user, password)
Severity: Minor
Found in modules/auxiliary/gather/office365userenum.py - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method init has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

    public void init()
    {
        try
        {
            if (System.getSecurityManager() == null) {
Severity: Minor
Found in external/source/exploits/cve-2013-1493/Init.java - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function run has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

def run(args):
    module.LogHandler.setup(msg_prefix='{} - '.format(args['rhost']))
    if requests_missing:
        logging.error('Required Python module dependency (requests) is missing.')
        logging.error('Please execute pip3 install requests.')
Severity: Minor
Found in modules/auxiliary/dos/cisco/cisco_7937g_dos_reboot.py - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function tls_connect has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

def tls_connect(target, timeout=5, cipher_handshake=ch_def):
    s = socket.create_connection(target, 3)
    s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
    s.settimeout(timeout)
    s.sendall(cipher_handshake)
Severity: Minor
Found in modules/auxiliary/scanner/ssl/bleichenbacher_oracle.py - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cmd_nessus_user_del has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

      def cmd_nessus_user_del(*args)
        if args[0] == '-h'
          print_status('nessus_user_del <User ID>')
          print_status('Example:> nessus_user_del 10')
          print_status('This command can only delete non admin users. You must be an admin to delete users.')
Severity: Minor
Found in plugins/nessus.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method handle_request_http has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

      def handle_request_http(opts, _opt_parser)
        uri = opts[:uri]
        http_client = Rex::Proto::Http::Client.new(
          uri.host,
          uri.port,
Severity: Minor
Found in plugins/request.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function _brute_userspec_offset has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

def _brute_userspec_offset(argv, env, pos, max_offset):
    offset = None
    for i in range(0, max_offset, 0x10):
        exit_code, err = spawn(SUDO_PATH, argv, env)
        #print("0x%x, exit: %d" % (i, exit_code))
Severity: Minor
Found in data/exploits/CVE-2021-3156/userspec_generic.py - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Function create_environment has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

def create_environment(adjustment, address, offset, bits=64):
    if bits == 64:
        environment = [
            TUNABLES_MISCONFIG + b"P" * adjustment,
            TUNABLES_MISCONFIG + b"X" * 8,
Severity: Minor
Found in data/exploits/CVE-2023-4911/cve_2023_4911.py - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method initialize has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

    def initialize(framework, opts)
      super

      host = opts['ServerHost'] || DefaultHost
      port = opts['ServerPort'] || DefaultPort
Severity: Minor
Found in plugins/msgrpc.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cmd_nessus_user_passwd has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

      def cmd_nessus_user_passwd(*args)
        if args[0] == '-h'
          print_status('nessus_user_passwd <User ID> <New Password>')
          print_status('Example:> nessus_user_passwd 10 mynewpassword')
          print_status('Changes the password of a user. You must be an admin to change passwords.')
Severity: Minor
Found in plugins/nessus.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method add_web_site has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

      def add_web_site(url)
        vhost = nil

        # Allow the URL to be supplied as VHOST,URL if a custom VHOST
        # should be used. This allows for things like:
Severity: Minor
Found in plugins/wmap.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method process_ids has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

      def process_ids(idsstr)
        if !lastsites || lastsites.empty?
          view_sites
          print_status('Web sites ids. referenced from previous table.')
        end
Severity: Minor
Found in plugins/wmap.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method rpc_add_node has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

      def rpc_add_node(host, port, ssl, user, pass, bypass_exist)
        if !rpcarr
          self.rpcarr = Hash.new
        end
Severity: Minor
Found in plugins/wmap.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cmd_sqlmap_save_data has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

      def cmd_sqlmap_save_data(*args)
        unless args.length == 1
          print_error('Usage:')
          print_error('\tsqlmap_save_data <taskid>')
          return
Severity: Minor
Found in plugins/sqlmap.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method extract_saved_creds has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

def extract_saved_creds(path,xml_file)
  accounts_xml = ""
  creds = ""
  print_status("Reading #{xml_file} file...")
  ### modified to use pidgin_path, which already has .purple in it
Severity: Minor
Found in scripts/meterpreter/get_filezilla_creds.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method frfxpswd has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

def frfxpswd(path,usrnm)
  @client.fs.dir.foreach(path) {|x|
    next if x =~ /^(\.|\.\.)$/
    fullpath = path + '\\' + x
Severity: Minor
Found in scripts/meterpreter/enum_firefox.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check_cf has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def check_cf
    vuln = false
    url = '/CFIDE/adminapi/customtags/l10n.cfm'
    res = send_request_cgi({
        'uri' => url,
Severity: Minor
Found in modules/auxiliary/gather/coldfusion_pwd_props.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_client_data has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def on_client_data(c)
    data = c.get_once
    return if !data

    peer = "#{c.peerhost}:#{c.peerport}"
Severity: Minor
Found in modules/auxiliary/server/capture/vnc.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method decode_config_file has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def decode_config_file(config_file_encoded)
    # if we've made it all the way here, this shouldn't break, but better safe than sorry
    begin
      config_file_base64 = config_file_encoded.tr(custom_base64_alphabet, default_base64_alphabet)
      config_file_decoded = Base64.decode64(config_file_base64)
Severity: Minor
Found in modules/auxiliary/gather/cisco_pvc2300_download_config.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method setup has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def setup
    # setup the desired charset
    @charset = []
    # setup array to hold user data
    @user_data = []
Severity: Minor
Found in modules/auxiliary/gather/ibm_sametime_enumerate_users.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language