Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,831 of 21,886 total issues

Method extract_json has 28 lines of code (exceeds 25 allowed). Consider refactoring.
Open

        def extract_json(saving_path, artifact_child, artifact, local_loc)
          json_file = ::File.read(saving_path.to_s)
          json_parse = JSON.parse(json_file)
          parent_json_query = ''
          child_json_query = []
Severity: Minor
Found in lib/msf/core/post/windows/packrat.rb - About 1 hr to fix

    Method ldap_auth_opts_schannel has 28 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

            def ldap_auth_opts_schannel(opts, ssl)
          auth_opts = {}
          pfx_path = opts[:ldap_cert_file]
          raise Msf::ValidationError, 'The SSL option must be enabled when using Schannel authentication.' unless ssl
          raise Msf::ValidationError, 'The LDAP::CertFile option is required when using Schannel authentication.' if pfx_path.blank?
    Severity: Minor
    Found in lib/metasploit/framework/ldap/client.rb - About 1 hr to fix

      Method attempt_login has 28 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

              def attempt_login(credential)
          result_opts = {
            credential: credential,
            host: host,
            port: port,
      Severity: Minor
      Found in lib/metasploit/framework/login_scanner/jupyter.rb - About 1 hr to fix

        Function check_user has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

        def check_user(url, user, password, timeout):
    """Exploit the difference in HTTP responses from the ActiveSync service to identify valid and invalid usernames.
    It was also identified that valid accounts with 2FA enabled can be distinguished from valid accounts without 2FA."""
    headers = {"MS-ASProtocolVersion": "14.0"}
    auth = (user, password)
        Severity: Minor
        Found in modules/auxiliary/gather/office365userenum.py - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method createJarArchive has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

            public static void createJarArchive(File archiveFile, File[] tobeJared) {
        try {
            byte buffer[] = new byte[BUFFER_SIZE];
            // Open archive file
            FileOutputStream stream = new FileOutputStream(archiveFile);
        Severity: Minor
        Found in external/source/msfJavaToolkit/javaCompile/CreateJarFile.java - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method init has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

            public void init()
    {
        try
        {
            if (System.getSecurityManager() == null) {
        Severity: Minor
        Found in external/source/exploits/cve-2013-1493/Init.java - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function tls_connect has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

        def tls_connect(target, timeout=5, cipher_handshake=ch_def):
    s = socket.create_connection(target, 3)
    s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
    s.settimeout(timeout)
    s.sendall(cipher_handshake)
        Severity: Minor
        Found in modules/auxiliary/scanner/ssl/bleichenbacher_oracle.py - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function run has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

        def run(args):
    module.LogHandler.setup(msg_prefix='{} - '.format(args['rhost']))
    if requests_missing:
        logging.error('Required Python module dependency (requests) is missing.')
        logging.error('Please execute pip3 install requests.')
        Severity: Minor
        Found in modules/auxiliary/dos/cisco/cisco_7937g_dos_reboot.py - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function _brute_userspec_offset has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

        def _brute_userspec_offset(argv, env, pos, max_offset):
    offset = None
    for i in range(0, max_offset, 0x10):
        exit_code, err = spawn(SUDO_PATH, argv, env)
        #print("0x%x, exit: %d" % (i, exit_code))
        Severity: Minor
        Found in data/exploits/CVE-2021-3156/userspec_generic.py - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Function create_environment has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

        def create_environment(adjustment, address, offset, bits=64):
    if bits == 64:
        environment = [
            TUNABLES_MISCONFIG + b"P" * adjustment,
            TUNABLES_MISCONFIG + b"X" * 8,
        Severity: Minor
        Found in data/exploits/CVE-2023-4911/cve_2023_4911.py - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method initialize has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

            def initialize(framework, opts)
      super

      host = opts['ServerHost'] || DefaultHost
      port = opts['ServerPort'] || DefaultPort
        Severity: Minor
        Found in plugins/msgrpc.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method handle_request_http has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

              def handle_request_http(opts, _opt_parser)
        uri = opts[:uri]
        http_client = Rex::Proto::Http::Client.new(
          uri.host,
          uri.port,
        Severity: Minor
        Found in plugins/request.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method cmd_nessus_user_del has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

              def cmd_nessus_user_del(*args)
        if args[0] == '-h'
          print_status('nessus_user_del <User ID>')
          print_status('Example:> nessus_user_del 10')
          print_status('This command can only delete non admin users. You must be an admin to delete users.')
        Severity: Minor
        Found in plugins/nessus.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method cmd_nessus_user_passwd has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

              def cmd_nessus_user_passwd(*args)
        if args[0] == '-h'
          print_status('nessus_user_passwd <User ID> <New Password>')
          print_status('Example:> nessus_user_passwd 10 mynewpassword')
          print_status('Changes the password of a user. You must be an admin to change passwords.')
        Severity: Minor
        Found in plugins/nessus.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method add_web_site has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

              def add_web_site(url)
        vhost = nil

        # Allow the URL to be supplied as VHOST,URL if a custom VHOST
        # should be used. This allows for things like:
        Severity: Minor
        Found in plugins/wmap.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method process_ids has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

              def process_ids(idsstr)
        if !lastsites || lastsites.empty?
          view_sites
          print_status('Web sites ids. referenced from previous table.')
        end
        Severity: Minor
        Found in plugins/wmap.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method rpc_add_node has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

              def rpc_add_node(host, port, ssl, user, pass, bypass_exist)
        if !rpcarr
          self.rpcarr = Hash.new
        end
        Severity: Minor
        Found in plugins/wmap.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method cmd_sqlmap_save_data has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

              def cmd_sqlmap_save_data(*args)
        unless args.length == 1
          print_error('Usage:')
          print_error('\tsqlmap_save_data <taskid>')
          return
        Severity: Minor
        Found in plugins/sqlmap.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method extract_saved_creds has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

        def extract_saved_creds(path,xml_file)
  accounts_xml = ""
  creds = ""
  print_status("Reading #{xml_file} file...")
  ### modified to use pidgin_path, which already has .purple in it
        Severity: Minor
        Found in scripts/meterpreter/get_filezilla_creds.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method frfxpswd has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
        Open

        def frfxpswd(path,usrnm)
  @client.fs.dir.foreach(path) {|x|
    next if x =~ /^(\.|\.\.)$/
    fullpath = path + '\\' + x
        Severity: Minor
        Found in scripts/meterpreter/enum_firefox.rb - About 1 hr to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Severity
        Category
        Status
        Source
        Language