Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 16,065 of 22,177 total issues

Method handle_responses has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def handle_responses(host, request, responses, what)
    problems = []
    descriptions = []
    request = request.to_binary_s if request.respond_to?('to_binary_s')
    responses.select! { |r| r[1] }
Severity: Minor
Found in modules/auxiliary/fuzzers/ntp/ntp_protocol_fuzzer.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method insertnewpath has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def insertnewpath(hashreq)

    hashreq['uri'] = canonicalize(hashreq['uri'])

    if hashreq['rhost'] == datastore['RHOSTS'] and hashreq['rport'] == datastore['RPORT']
Severity: Minor
Found in modules/auxiliary/crawler/msfcrawler.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method injectpdf has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def injectpdf
    # Payload which gets injected
    inject_payload = "/AA <</O <</F (\\\\\\\\#{datastore['LHOST']}\\\\test)/D [ 0 /Fit]/S /GoToE>>>>"

    # if given path doesn't exist display error and return
Severity: Minor
Found in modules/auxiliary/fileformat/badpdf.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method decoder_stub has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def decoder_stub(state)
    buf = ""
    shellcode = state.buf.split(//)
    while shellcode.size>0
      buf << shellcode.pop(4).join
Severity: Minor
Found in modules/encoders/x86/add_sub.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method encode_block_perl has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def encode_block_perl(state, buf)

    hex = buf.unpack("H*")
    cmd = 'perl -e '
    qot = ',-:.=+!@#$%^&'
Severity: Minor
Found in modules/encoders/cmd/generic_sh.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_new_session has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def on_new_session(session)
    # Delete profile to disguise attack in Web GUI
    vprint_status("#{peer} - Trying to delete IOCs")
    json_body = {
      'ProfileName' => @profile_name,
Severity: Minor
Found in modules/exploits/unix/http/syncovery_linux_rce_2022_36534.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def login(user, pass)
    res = send_request_cgi(
      {
        'uri' => '/cgi-bin/luci',
        'method' => 'POST',
Severity: Minor
Found in modules/exploits/unix/http/epmp1000_get_chart_cmd_shell.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def login(user, pass)
    res = send_request_cgi(
      {
        'uri' => '/cgi-bin/luci',
        'method' => 'POST',
Severity: Minor
Found in modules/exploits/unix/http/epmp1000_ping_cmd_shell.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    unless splunk?
      return CheckCode::Unknown('Target does not appear to be a Splunk instance')
    end
Severity: Minor
Found in modules/exploits/unix/http/splunk_xslt_authenticated_rce.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method inject_code has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def inject_code(session, code)

    vprint_status("Retrieving the validation_key...")

    res = send_request_cgi({
Severity: Minor
Found in modules/exploits/unix/webapp/foswiki_maketext.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method parse_wp_config has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def parse_wp_config(body)
    p = store_loot('wordpress.config', 'text/plain', rhost, body, "#{rhost}_wp-config.php")
    print_good("wp-config.php saved in: #{p}")
    print_status("Parsing config file")
    values = {}
Severity: Minor
Found in modules/exploits/unix/webapp/wp_google_document_embedder_exec.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit

    print_status("Logging in as user [ #{datastore['USER']} ]")
    res = send_request_cgi({
      'method' => 'POST',
Severity: Minor
Found in modules/exploits/unix/webapp/seportal_sqli_exec.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    checkcode = CheckCode::Unknown

    @version = target['Version'] || drupal_version
Severity: Minor
Found in modules/exploits/unix/webapp/drupal_drupalgeddon2.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    php_pagename = rand_text_alpha(4 + rand(4)) + '.php'

    data = Rex::MIME::Message.new
    data.add_part('upload', nil, nil, 'form-data; name="action"')
Severity: Minor
Found in modules/exploits/unix/webapp/wp_nmediawebsite_file_upload.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'useradm.sh'),
      'authorization' => basic_auth(user, pass)
    })
Severity: Minor
Found in modules/exploits/unix/webapp/xymon_useradm_cmd_exec.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    unless @logged_in
      if login(user, pass)
        res = check_target
        fail_with(Failure::Unknown, 'Can not identify target as OpenMediaVault.') if res.nil?
Severity: Minor
Found in modules/exploits/unix/webapp/openmediavault_auth_cron_rce.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    wmusecurity_id = find_wmusecurity_id[0]
    php_page_name = "#{rand_text_alpha(5..12)}.php"
    data = Rex::MIME::Message.new
    data.add_part('wmuUploadFiles', nil, nil, 'form-data; name="action"')
Severity: Minor
Found in modules/exploits/unix/webapp/wp_wpdiscuz_unauthenticated_file_upload.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_piwik_version has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def get_piwik_version(login_cookies)
    res = send_request_cgi({
      'method' => 'GET',
      'uri' => normalized_index,
      'cookie' => login_cookies,
Severity: Minor
Found in modules/exploits/unix/webapp/piwik_superuser_plugin_upload.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method select_target has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def select_target(version, banner)

    # No banner and version, no target
    if banner.nil? or version.nil?
      return nil
Severity: Minor
Found in modules/exploits/unix/webapp/nagios3_history_cgi.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = wordpress_and_online?
    unless res
      vprint_error("#{peer} does not seeem to be Wordpress site")
      return Exploit::CheckCode::Unknown
Severity: Minor
Found in modules/exploits/unix/webapp/wp_total_cache_exec.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language