Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 15,831 of 21,886 total issues

Method append_file has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def append_file(file_name, data)
    if session.type == 'meterpreter'
      return _write_file_meterpreter(file_name, data, 'ab')
    elsif session.type == 'powershell'
      return _append_file_powershell(file_name, data)
Severity: Minor
Found in lib/msf/core/post/file.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method _write_file_powershell has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def _write_file_powershell(file_name, data, append = false)
    offset = 0
    chunk_size = 1000
    loop do
      success = _write_file_powershell_fragment(file_name, data, offset, chunk_size, append)
Severity: Minor
Found in lib/msf/core/post/file.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method asm_reverse_tcp has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def asm_reverse_tcp(opts={})
    # TODO: reliability is coming
    retry_count  = opts[:retry_count]
    encoded_port = "0x%.8x" % [opts[:port].to_i, 2].pack("vn").unpack("N").first
    encoded_host = "0x%.8x" % Rex::Socket.addr_aton(opts[:host]||"127.127.127.127").unpack("V").first
Severity: Minor
Found in lib/msf/core/payload/linux/reverse_tcp_x86.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method lsa_call_authentication_package has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

        def lsa_call_authentication_package(handle, auth_package, submit_buffer, submit_buffer_length: nil)
          if auth_package.is_a?(String)
            auth_package = lsa_lookup_authentication_package(handle, auth_package)
            return nil if auth_package.nil?
          end
Severity: Minor
Found in lib/msf/core/post/windows/lsa.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method listen_udp_ports has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

        def listen_udp_ports
          ports = []
          content = read_file('/proc/net/udp')
          content.each_line do |line|
            next unless (m = line.match(/^\s*\d+:\s+(.{8}|.{32}):(.{4})\s+(.{8}|.{32}):(.{4})\s+(.{2})/))
Severity: Minor
Found in lib/msf/core/post/linux/system.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method json_to_mdm_object has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def json_to_mdm_object(response_wrapper, mdm_class)
    body = response_wrapper.response_body
    if !body.nil? && !body.empty?
      parsed_body = JSON.parse(body, symbolize_names: true)
Severity: Minor
Found in lib/metasploit/framework/data_service/remote/http/response_data_helper.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_cpu_info has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

        def get_cpu_info
          info = {}
          orig = read_file('/proc/cpuinfo').to_s
          cpuinfo = orig.split("\n\n")[0]
          # This is probably a more platform independent way to parse the results (compared to splitting and assigning preset indices to values)
Severity: Minor
Found in lib/msf/core/post/linux/system.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_schtasks_cmd_string has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

        def get_schtasks_cmd_string(schtasks_cmd, opts = {})
          cmd = schtasks_cmd.dup
          cmd.prepend('schtasks')
          system = opts[:remote_system] || (datastore['ScheduleRemoteSystem'].present? ? datastore['ScheduleRemoteSystem'] : nil)
          cmd += ['/s', system] if system
Severity: Minor
Found in lib/msf/core/post/windows/task_scheduler.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method task_info_field has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

        def task_info_field(task_name, task_info, key)
          task_name = task_name.delete_prefix('"').delete_suffix('"')
          key = key.delete_prefix('"').delete_suffix('"')
          task_info = task_info.lines
          title_array = task_info.shift&.split(',')
Severity: Minor
Found in lib/msf/core/post/windows/task_scheduler.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method set_sane_defaults has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

        def set_sane_defaults
          self.connection_timeout ||= 20
          self.uri = '/' if self.uri.blank?
          self.method = 'GET' if self.method.blank?
          self.http_success_codes = DEFAULT_HTTP_SUCCESS_CODES if self.http_success_codes.nil?
Severity: Minor
Found in lib/metasploit/framework/login_scanner/http.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method attempt_login has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

        def attempt_login(credential)
          result_opts = {
            credential: credential,
            status: Metasploit::Model::Login::Status::INCORRECT,
            proof: nil,
Severity: Minor
Found in lib/metasploit/framework/login_scanner/http.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method each_credential has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

        def each_credential
          cred_details.each do |raw_cred|
            # This could be a Credential object, or a Credential Core, or an Attempt object
            # so make sure that whatever it is, we end up with a Credential.
            credential = raw_cred.to_credential
Severity: Minor
Found in lib/metasploit/framework/login_scanner/ldap.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method MemoryDiscl has a Cognitive Complexity of 25 (exceeds 20 allowed). Consider refactoring.
Open

        ulong MemoryDiscl()
        {
            try
            {
                // prepare malicious MemoryStream
Severity: Minor
Found in external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml.cs - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method main has 27 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    public static void main(final String[] args) throws Exception {
        // ensure payload doesn't detonate during construction or deserialization 
        ExecBlockingSecurityManager.wrap(new Callable<Void>(){public Void call() throws Exception {
            Registry registry = LocateRegistry.getRegistry(args[0], Integer.parseInt(args[1]));        
            String className = CommonsCollections1.class.getPackage().getName() +  "." + args[2];
Severity: Minor
Found in external/source/exploits/CVE-2015-8103/RMIRegistryExploit.java - About 1 hr to fix

    Function onmessage has 27 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

            function onmessage(e) {
            var message = JSON.parse(e.data);

            if (message.userid == root.userid) return;
            root.participant = message.userid;
    Severity: Minor
    Found in data/webcam/api.js - About 1 hr to fix

      Method init has 27 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

          public void init()
    {
        try
        {
            byte[] buf = new byte[] {
      Severity: Minor
      Found in external/source/exploits/CVE-2012-0507/msf/x/Exploit.java - About 1 hr to fix

        Method setDimensions has 27 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

            public void setDimensions(int width, int height)
      {
          // System.out.println("in setDimensions");
          consumer.setDimensions(width, height);
        Severity: Minor
        Found in external/source/exploits/CVE-2009-3869/AppletX.java - About 1 hr to fix

          Function find_target_userspec_chunk has 27 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

          def find_target_userspec_chunk(argv, env_prefix):
    pos = len(env_prefix) - 1
    env = env_prefix[:]
    env.extend([ b"LC_ALL=C", b"TZ=:", None ])
          Severity: Minor
          Found in data/exploits/CVE-2021-3156/userspec_generic.py - About 1 hr to fix

            Method aggregator_login has 27 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

                  def aggregator_login
        if !((@host && !@host.empty?) && (@port && !@port.empty? && @port.to_i > 0))
          usage_connect
          return
        end
            Severity: Minor
            Found in plugins/aggregator.rb - About 1 hr to fix

              Method services_to_table has 27 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                    def services_to_table(opts = {})
        tbl = Rex::Text::Table.new({ 'Columns' => ['host', 'port', 'proto', 'name', 'state', 'info'] })
        tbl.header = 'Services'
        tbl.headeri = opts[:heading_size]
        framework.db.services.each do |service|
              Severity: Minor
              Found in plugins/wiki.rb - About 1 hr to fix
                Severity
                Category
                Status
                Source
                Language