Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 16,065 of 22,177 total issues

Avoid deeply nested control flow statements.
Open

        next unless user['Favorites']
Severity: Major
Found in modules/post/windows/gather/get_bookmarks.rb - About 45 mins to fix

    Avoid deeply nested control flow statements.
    Open

              if imap_password.nil?
            print_status('     User Password: <not stored>')
          else
            imap_password.slice!(0, 1)
            pass = decrypt_password(imap_password)
    Severity: Major
    Found in modules/post/windows/gather/credentials/outlook.rb - About 45 mins to fix

      Method init_wug_encryption has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
      Open

        def init_wug_encryption
    print_status('Init WhatsUp Gold crypto ...')

    # Static RC2-40 key "salted" with 11 bytes of 0x00 - looking at you, wincrypt.h
    @wug_rc2_key = ['112cc5a60c0000000000000000000000'].pack('H*')
      Severity: Minor
      Found in modules/post/windows/gather/credentials/whatsupgold_credential_dump.rb - About 45 mins to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Avoid deeply nested control flow statements.
      Open

                if imap_port.nil?
            print_status('     IMAP Port: 143')
            portnum = 143
          else
            print_status("     IMAP Port: #{imap_port}")
      Severity: Major
      Found in modules/post/windows/gather/credentials/outlook.rb - About 45 mins to fix

        Avoid deeply nested control flow statements.
        Open

                  if smtp_use_ssl.nil?
            print_status('     SMTP Use SSL: No')
          else
            print_status('     SMTP Use SSL: Yes')
          end
        Severity: Major
        Found in modules/post/windows/gather/credentials/outlook.rb - About 45 mins to fix

          Method preconditions_met? has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
          Open

            def preconditions_met?
    unless is_admin?
      print_error('This module requires Admin privs to run')
      return false
    end
          Severity: Minor
          Found in modules/post/windows/gather/credentials/domain_hashdump.rb - About 45 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method mobaxterm_decrypt has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
          Open

            def mobaxterm_decrypt(ciphertext, key)
    ct = ''.bytes
    ciphertext.each_byte do |c|
      ct << c if key.include?(c)
    end
          Severity: Minor
          Found in modules/post/windows/gather/credentials/moba_xterm.rb - About 45 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
          Open

            def run
    pw_tbl = Rex::Text::Table.new(
      'Header' => 'MobaXterm Password',
      'Columns' => [
        'Protocol',
          Severity: Minor
          Found in modules/post/windows/gather/credentials/moba_xterm.rb - About 45 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
          Open

            def run
    creds = Rex::Text::Table.new(
      'Header' => 'IMVU Credentials',
      'Indent' => 1,
      'Columns' => [
          Severity: Minor
          Found in modules/post/windows/gather/credentials/imvu.rb - About 45 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method parse_odbc_dsn has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
          Open

            def parse_odbc_dsn(dsn_reg_key)
    return nil unless registry_key_exist?(dsn_reg_key)

    res = {}
    wug_server = registry_getvaldata(dsn_reg_key, 'Server').to_s.delete("\000")
          Severity: Minor
          Found in modules/post/windows/gather/credentials/whatsupgold_credential_dump.rb - About 45 mins to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Avoid deeply nested control flow statements.
          Open

                    if imap_use_ssl.nil?
            print_status('     IMAP Use SSL: No')
          else
            print_status('     IMAP Use SSL: Yes')
          end
          Severity: Major
          Found in modules/post/windows/gather/credentials/outlook.rb - About 45 mins to fix

            Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
            Open

              def run
    print_status("Running module against #{sysinfo['Computer']}")
    # Collect even without a database to store them.
    if session.framework.db.active
      db_ok = true
            Severity: Minor
            Found in modules/post/windows/gather/credentials/credential_collector.rb - About 45 mins to fix

            Cognitive Complexity

            Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

            A method's cognitive complexity is based on a few simple rules:

            • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
            • Code is considered more complex for each "break in the linear flow of the code"
            • Code is considered more complex when "flow breaking structures are nested"

            Further reading

            Avoid deeply nested control flow statements.
            Open

                      if smtp_port.nil?
            print_status('     SMTP Port: 25')
            smtp_port = 25
          else
            print_status("     SMTP Port: #{smtp_port}")
            Severity: Major
            Found in modules/post/windows/gather/credentials/outlook.rb - About 45 mins to fix

              Avoid deeply nested control flow statements.
              Open

                        if smtp_use_auth.nil? # Account for SMTP servers requiring authentication
            print_status("     Outgoing Mail Server (SMTP): #{smtp_server}")
          else
            print_status("     Outgoing Mail Server (SMTP): #{smtp_server}   [Authentication Required]")
            # Check if smtp_auth_method is null.  If so, the inbound credentials are utilized
              Severity: Major
              Found in modules/post/windows/gather/credentials/outlook.rb - About 45 mins to fix

                Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run
    if session.type != 'meterpreter'
      print_error 'Only meterpreter sessions are supported by this post module'
      return
    end
                Severity: Minor
                Found in modules/post/windows/gather/credentials/filezilla_server.rb - About 45 mins to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method enum_subdirs has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                Open

                  def enum_subdirs(path)
    xmlfiles = []

    begin
      session.fs.dir.foreach(path) do |sub|
                Severity: Minor
                Found in modules/post/windows/gather/credentials/smartftp.rb - About 45 mins to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method decrypt has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                Open

                  def decrypt(csv_file)
    unless (csv = read_csv_file(csv_file))
      print_error('No records imported from CSV dataset')
      return false
    end
                Severity: Minor
                Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 45 mins to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method get_ini has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                Open

                  def get_ini(filename)
    config = client.fs.file.new(filename, 'r')
    parse = config.read
    ini = Rex::Parser::Ini.from_s(parse)
                Severity: Minor
                Found in modules/post/windows/gather/credentials/flashfxp.rb - About 45 mins to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method check_mdaemons has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                Open

                  def check_mdaemons(locations)
    tmp_filename = (0...12).map { rand(65..90).chr }.join
    begin
      locations.each do |location|
        vprint_status("Checking for Userlist in MDaemons directory at: #{location}")
                Severity: Minor
                Found in modules/post/windows/gather/credentials/mdaemon_cred_collector.rb - About 45 mins to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method run has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run
    if session.type != 'meterpreter'
      print_error('Only meterpreter sessions are supported by this post module')
      return
    end
                Severity: Minor
                Found in modules/post/windows/gather/credentials/mdaemon_cred_collector.rb - About 45 mins to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Severity
                Category
                Status
                Source
                Language