Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 16,065 of 22,177 total issues

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    res = login
    if target.name == 'Auto'
      select_target(res)
    else
Severity: Minor
Found in modules/exploits/multi/http/atutor_upload_traversal.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    # We leverage the vulnerability to reach the /app/rest/server endpoint. If this request succeeds then we know the
    # target is vulnerable.
    server_res = send_auth_bypass_request_cgi(
      'method' => 'GET',
Severity: Minor
Found in modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2024_27198.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    jsp_info = "#{rand_text_alphanumeric(4 + rand(32-4))}.jsp"
    print_status("Uploading Information Gathering JSP #{jsp_info}...")
    if upload(jsp_info, jsp_path)
      print_good("JSP payload uploaded successfully")
Severity: Minor
Found in modules/exploits/multi/http/solarwinds_store_manager_auth_filter.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method auto_target has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def auto_target(session, res, version)
    print_status("Attempting to automatically select a target...")

    res = query_serverinfo(session, version)
    return nil unless res
Severity: Minor
Found in modules/exploits/multi/http/glassfish_deployer.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    self.postgres_conn = session.client if session
    return unless vuln_version?
    return unless login_success?
    print_status("Exploiting...")
Severity: Minor
Found in modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri(cli, request)
    print_status("Sending #{request.uri} to #{request['User-Agent']}")
    download_payload = ''
    shellcode = payload.encoded
    uripath = datastore['URIPATH'] || get_resource
Severity: Minor
Found in modules/exploits/multi/browser/chrome_object_create.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if is_root?
      fail_with Failure::BadConfig, 'Session already has root privileges'
    end
Severity: Minor
Found in modules/exploits/solaris/local/rsh_stack_clash_priv_esc.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if datastore['DisablePayloadHandler']
      print_error "DisablePayloadHandler is enabled, so there is nothing to do. Exiting!"
      return
    end
Severity: Minor
Found in modules/exploits/multi/handler.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri(cli, request)

    agent = request.headers['User-Agent']
    jar_uri = ('/' == get_resource[-1,1]) ? get_resource[0, get_resource.length-1] : get_resource
    jar_uri << "/#{rand_text_alpha(rand(6)+3)}.jar"
Severity: Minor
Found in modules/exploits/multi/misc/batik_svg_java.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    sunrpc_create('udp', 100232, 10)
    sunrpc_authunix('localhost', datastore['UID'], datastore['GID'], [])

    if !datastore['HOSTNAME']
Severity: Minor
Found in modules/exploits/solaris/sunrpc/sadmind_exec.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    target = select_target
    if target.nil?
      return Exploit::CheckCode::Safe
    end
Severity: Minor
Found in modules/exploits/multi/misc/claymore_dual_miner_remote_manager_rce.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit_target has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit_target(t)

    connect
    banner_sanitized = Rex::Text.to_hex_ascii(banner.to_s)
    vprint_status(banner_sanitized)
Severity: Minor
Found in modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method upload_file has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def upload_file(filename, my_payload)
    connect

    # Get Application version
    data = [0x14].pack("C")
Severity: Minor
Found in modules/exploits/windows/scada/indusoft_webstudio_exec.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if is_system?
      fail_with(Failure::None, 'Session is already elevated')
    end
Severity: Minor
Found in modules/exploits/windows/local/ms14_058_track_popup_menu.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if sysinfo['Architecture'] != ARCH_X64
      fail_with(Failure::NoTarget, 'This module currently only supports targeting x64 systems!')
    elsif session.arch != ARCH_X64
      fail_with(Failure::NoTarget, 'Sorry, WOW64 is not supported at this time!')
Severity: Minor
Found in modules/exploits/windows/local/cve_2020_17136.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method rastapi_privileged_filecopy has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def rastapi_privileged_filecopy(file_contents, exploit_dir, upload_payload_pathname, target_payload_pathname)
    handles = [] # stores open handles to cleanup properly
    reg_hash = create_reg_hash(file_contents.length - 1, exploit_dir)
    vprint_status("Registry hash = #{reg_hash}")
Severity: Minor
Found in modules/exploits/windows/local/cve_2020_0668_service_tracing.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    print_status('Checking target...')
    if is_system?
      fail_with(Failure::None, 'Session is already elevated')
    end
Severity: Minor
Found in modules/exploits/windows/local/ms15_078_atmfd_bof.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha(6..14)
    payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha(6..14)
    exploit_name = "#{exploit_name}.exe" unless exploit_name.end_with?('.exe')
    payload_name = "#{payload_name}.exe" unless payload_name.end_with?('.exe')
Severity: Minor
Found in modules/exploits/windows/local/comahawk.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if is_system?
      fail_with(Failure::None, 'Session is already elevated')
    end
Severity: Minor
Found in modules/exploits/windows/local/razer_zwopenprocess.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    unless session.platform == 'windows'
      return Exploit::CheckCode::Safe
    end
Severity: Minor
Found in modules/exploits/windows/local/ms13_053_schlamperei.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language