Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 16,065 of 22,177 total issues

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if is_system?
      fail_with(Failure::NoTarget, 'Session is already elevated')
    end
Severity: Minor
Found in modules/exploits/windows/local/lenovo_systemupdate.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    jsp_leak = jsp_path
    jsp_name_leak = "#{rand_text_alphanumeric(4 + rand(32 - 4))}.jsp"
    # By default files uploaded to C:\Program Files\Lexmark\Markvision Enterprise\apps\library\gfd-scheduled
    # Default app folder on C:\Program Files\Lexmark\Markvision Enterprise\tomcat\webappps\ROOT
Severity: Minor
Found in modules/exploits/windows/http/lexmark_markvision_gfd_upload.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method fingerprint_mod_wl has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def fingerprint_mod_wl

    my_data = rand_text_alpha(rand(5) + 8)
    res = send_request_cgi(
        {
Severity: Minor
Found in modules/exploits/windows/http/bea_weblogic_post_bof.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method leak_web_config has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def leak_web_config
    print_status('Leaking web.config')

    res = send_request_cgi(
      'method' => 'GET',
Severity: Minor
Found in modules/exploits/windows/http/sharepoint_ssi_viewstate.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    # Make sure it's ADAudit Plus by requesting the root and checking the title
    res1 = send_request_cgi(
      'method' => 'GET',
      'uri' => '/'
Severity: Minor
Found in modules/exploits/windows/http/manageengine_adaudit_plus_cve_2022_28219.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check_repos has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def check_repos
    begin
      res = send_request_cgi({
        'uri'     =>  '/rest/repository/',
        'method'  =>  'GET',
Severity: Minor
Found in modules/exploits/windows/http/gitstack_rce.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method modify_proxy has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def modify_proxy(params)
    res = send_request_cgi(
      {
        'uri' => normalize_uri(target_uri.path, 'api', 'json', 'admin', 'saveServerSettings'),
        'method' => 'POST',
Severity: Minor
Found in modules/exploits/windows/http/manageengine_admanager_plus_cve_2023_29084_auth_cmd_injection.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")

    data  = "5|0|4|"
    data << "http://#{datastore['RHOST']}:#{datastore['RPORT']}"
Severity: Minor
Found in modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    # Check version
    vprint_status("Trying to detect ManageEngine OpManager")

    res = send_request_cgi({
Severity: Minor
Found in modules/exploits/windows/http/manage_engine_opmanager_rce.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method ensure_target_dir_present has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def ensure_target_dir_present
    res = send_get_request('/_api/web/GetFolderByServerRelativeUrl(\'/\')/Folders')
    @backup_bdc_metadata = ''
    if res&.code == 200 && res&.body&.include?('BusinessDataMetadataCatalog')
      print_status('BDCMetadata file already present on the remote host, backing it up.')
Severity: Minor
Found in modules/exploits/windows/http/sharepoint_dynamic_proxy_generator_auth_bypass_rce.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, opts)
    commands = cmd.split(/&/)
    commands.each do |command|
      timeout = 20
      if datastore['DELETE_FILES'] and command =~ /shell\.run \"(.*)\"/
Severity: Minor
Found in modules/exploits/windows/http/sap_configservlet_exec_noauth.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_new_session has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def on_new_session(session)
    if session.type == "meterpreter"
      session.core.use("stdapi") unless session.ext.aliases.include?("stdapi")
    end
Severity: Minor
Found in modules/exploits/windows/novell/netiq_pum_eval.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_target has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def get_target(agent)
    #If the user is already specified by the user, we'll just use that
    return target if target.name != 'Automatic'

    if agent =~ /NT 5\.1/ and agent =~ /MSIE 6/
Severity: Minor
Found in modules/exploits/windows/browser/adobe_flash_otf_font.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    print_status("Attempting to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'")
    begin
      # If we have a session make use of it
      if session
Severity: Minor
Found in modules/exploits/windows/mysql/mysql_mof.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri(cli, request)

    mytarget = target
    if target.name == 'Automatic'
      mytarget = auto_target(cli, request)
Severity: Minor
Found in modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method process_get has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def process_get(cli, request, target)

    print_status("Responding to GET request #{request.uri}")
    # dispatch based on extension
    if (request.uri =~ /\.chm$/i)
Severity: Minor
Found in modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method generate_rop has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def generate_rop(buf_addr, rvas)
    # ROP fun! (XP SP3 English, Dec 15 2010)
    rvas.merge!({
      # Instructions / Name    => RVA
      'BaseAddress'            => 0x63f00000,
Severity: Minor
Found in modules/exploits/windows/browser/wmi_admintools.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri(cli, request)

    agent = request['User-Agent']
    case request['User-Agent']
      when /MSIE.*Windows NT 5\.1.*\.NET CLR .*/
Severity: Minor
Found in modules/exploits/windows/browser/ms10_026_avi_nsamplespersec.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri(cli, request)

    if (request.uri.match(/payload/))
      return if ((p = regenerate_payload(cli)) == nil)
      data = generate_payload_exe({ :code => p.encoded })
Severity: Minor
Found in modules/exploits/windows/browser/ie_createobject.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri(cli, request)

    mytarget = target
    if target.name == 'Automatic'
      mytarget = auto_target(cli, request)
Severity: Minor
Found in modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language