Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 16,065 of 22,177 total issues

Avoid deeply nested control flow statements.
Open

      print_status("Sending Timezone") if datastore['VERBOSE']
Severity: Major
Found in modules/auxiliary/server/local_hwbridge.rb - About 45 mins to fix

    Method backend_url has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
    Open

      def backend_url
    proto = (datastore['SSL'] ? 'https' : 'http')
    my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address : datastore['SRVHOST']
    port_str = (datastore['SRVPORT'].to_i == 80) ? '' : ":#{datastore['SRVPORT']}"
    resource = ('/' == get_resource[-1,1]) ? get_resource[0, get_resource.length-1] : get_resource
    Severity: Minor
    Found in modules/auxiliary/server/android_mercury_parseuri.rb - About 45 mins to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Avoid deeply nested control flow statements.
    Open

                  resp << ( auth_tokens['qop'] ? auth_tokens['qop'] : "" )
    Severity: Major
    Found in modules/auxiliary/server/capture/sip.rb - About 45 mins to fix

      Avoid deeply nested control flow statements.
      Open

                    resp << ( auth_tokens['cnonce'] ? auth_tokens['cnonce'] : "" )
      Severity: Major
      Found in modules/auxiliary/server/capture/sip.rb - About 45 mins to fix

        Method setup has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
        Open

          def setup
    super
    @state = {}

    begin
        Severity: Minor
        Found in modules/auxiliary/server/capture/printjob_capture.rb - About 45 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Avoid deeply nested control flow statements.
        Open

                        unless client_matches_module_spec?(host_info[:os_name], s[:os_name])
                  vprint_status("Rejecting #{s[:name]} for non-matching OS")
                  next
                end
        Severity: Major
        Found in modules/auxiliary/server/browser_autopwn.rb - About 45 mins to fix

          Method on_client_data has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
          Open

            def on_client_data(c)
    curr_data = c.get_once
    @state[c][:data] << curr_data
    if @mode == 'RAW'
      # RAW Mode - no further actions
          Severity: Minor
          Found in modules/auxiliary/server/capture/printjob_capture.rb - About 45 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Avoid deeply nested control flow statements.
          Open

                        if result["Packets"][0]["DATA"][0] == "10"
                system("cansend #{bus} #{srcid}#3000000000000000")
                candump(bus, dstid, timeout, maxpkts)
                @packets_sent += 1
                @last_sent = Time.now.to_i
          Severity: Major
          Found in modules/auxiliary/server/local_hwbridge.rb - About 45 mins to fix

            Method cleanup has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
            Open

              def cleanup
    print_status("Cleaning up exploits...")
    @exploits.each_pair do |name, mod|
      # if the module died for some reason, we can't kill it
      next unless mod
            Severity: Minor
            Found in modules/auxiliary/server/browser_autopwn.rb - About 45 mins to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
            Open

              def run
    if check == Exploit::CheckCode::Safe
      print_error('Device does not appear to be a QNAP')
      return
    end
            Severity: Minor
            Found in modules/auxiliary/gather/qnap_backtrace_admin_hash.rb - About 45 mins to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method check has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
            Open

              def check
    login_page = target_uri.path.end_with?('index.php') ? normalize_uri(target_uri.path) : normalize_uri(target_uri.path, '/index.php')

    res = send_request_cgi(
      'method' => 'GET',
            Severity: Minor
            Found in modules/auxiliary/gather/piwigo_cve_2023_26876.rb - About 45 mins to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Method authenticate has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
            Open

              def authenticate
    print_status("Authenticating as #{datastore['USERNAME']}")
    initial_req = send_request_cgi(
      {
        'method' => 'GET',
            Severity: Minor
            Found in modules/auxiliary/gather/suite_crm_export_sqli.rb - About 45 mins to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Avoid deeply nested control flow statements.
            Open

                        if datastore['INLINE']
              print_warning('This might be expected or you can still try again with the `INLINE` option set to false')
            end
            Severity: Major
            Found in modules/auxiliary/gather/windows_secrets_dump.rb - About 45 mins to fix

              Method on_request_uri has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
              Open

                def on_request_uri(cli, request)
    print_status("Request '#{request.method} #{request.uri}'")
    selected_headers = [ 'user-agent', 'origin', 'referer' ]
    request.headers.each_key { |k|
      next if not selected_headers.include? k.downcase
              Severity: Minor
              Found in modules/auxiliary/gather/android_htmlfileprovider.rb - About 45 mins to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Avoid deeply nested control flow statements.
              Open

                          if ['ALL', 'CACHE'].include?(action.name)
              nlkm_key = get_nlkm_secret_key(windows_reg, lsa_key)
              if nlkm_key.nil? || nlkm_key.empty?
                print_warning('No NLKM key (skip cached hashes dump)')
                if datastore['INLINE']
              Severity: Major
              Found in modules/auxiliary/gather/windows_secrets_dump.rb - About 45 mins to fix

                Method backend_url has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                Open

                  def backend_url
    proto = (datastore['SSL'] ? 'https' : 'http')
    my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address : datastore['SRVHOST']
    port_str = (datastore['SRVPORT'].to_i == 80) ? '' : ":#{datastore['SRVPORT']}"
    resource = ('/' == get_resource[-1,1]) ? get_resource[0, get_resource.length-1] : get_resource
                Severity: Minor
                Found in modules/auxiliary/gather/firefox_pdfjs_file_theft.rb - About 45 mins to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method retrieve_users has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                Open

                  def retrieve_users(type)
    vprint_status "Retrieving #{type.upcase} users..."

    req = "action: command\r\n"
    req << "command: #{type} show users\r\n"
                Severity: Minor
                Found in modules/auxiliary/gather/asterisk_creds.rb - About 45 mins to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Avoid deeply nested control flow statements.
                Open

                          unless report_creds(print_name, key_data, **credential_opts)
            vprint_bad("Error when reporting #{print_name} machine kerberos key #{krb_enc_key_to_s(key)}")
          end
                Severity: Major
                Found in modules/auxiliary/gather/windows_secrets_dump.rb - About 45 mins to fix

                  Avoid deeply nested control flow statements.
                  Open

                              if ['ALL', 'LSA'].include?(action.name)
              dump_lsa_secrets(windows_reg, lsa_key)
            end
                  Severity: Major
                  Found in modules/auxiliary/gather/windows_secrets_dump.rb - About 45 mins to fix

                    Method sqli has 6 arguments (exceeds 4 allowed). Consider refactoring.
                    Open

                      def sqli(left_marker, right_marker, sql_true, i, cookie, filename)
                    Severity: Minor
                    Found in modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb - About 45 mins to fix
                      Severity
                      Category
                      Status
                      Source
                      Language