Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 16,065 of 22,177 total issues

Method modify_function has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

          def modify_function(s)
            function_statements = s.var.initializer.statements
            new_function_statements = []

            function_statements.each do |func_stmt|
Severity: Minor
Found in lib/metasploit/framework/obfuscation/crandomizer/modifier.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method write has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

        def write(buf, opts={})

          return super(buf, opts) if not @evasive

          ret = 0
Severity: Minor
Found in lib/metasploit/framework/tcp/client.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Avoid deeply nested control flow statements.
Open

              elsif info =~ /sh: id: not found/
                info = ssh_socket.exec!("vmware -v\n").to_s
              else
                info << ssh_socket.exec!("help\n?\n\n\n").to_s
Severity: Major
Found in lib/metasploit/framework/ssh/platform.rb - About 45 mins to fix

    Avoid deeply nested control flow statements.
    Open

                if smb_status == 0 # success

              ntlm_ver = detect_ntlm_ver(s[:lmhash],s[:ntlmhash])

              logmessage =
    Severity: Major
    Found in data/exploits/psnuffle/smb.rb - About 45 mins to fix

      Method CreateThread has 6 arguments (exceeds 4 allowed). Consider refactoring.
      Open

              public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
      Severity: Minor
      Found in external/source/psh_exe/dot_net_exe.cs - About 45 mins to fix

        Method set_sane_defaults has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
        Open

                def set_sane_defaults
          self.connection_timeout ||= 30
          self.port               ||= DEFAULT_PORT
          self.banner_timeout     ||= 25
          self.telnet_timeout     ||= 10
        Severity: Minor
        Found in lib/metasploit/framework/login_scanner/telnet.rb - About 45 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method print_results has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
        Open

                def print_results(doc, action)
          response = "#{action}Response"
          result = "#{action}Result"
          resource = /[A-Z][a-z]+([A-Za-z]+)/.match(action)[1]
        Severity: Minor
        Found in lib/metasploit/framework/aws/client.rb - About 45 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method parse has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
        Open

          def parse(request,result)
    return unless result['Content-Type'].include?('text/html')

    # doc = Hpricot(result.body.to_s)
    doc = Nokogiri::HTML(result.body.to_s)
        Severity: Minor
        Found in data/msfcrawler/basic.rb - About 45 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method do_login has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
        Open

                def do_login(user, pass)
          # prep the data needed for login
          protocol = ssl ? 'https' : 'http'
          # attempt to get an authentication token
          auth_token_res = get_auth_token(user)
        Severity: Minor
        Found in lib/metasploit/framework/login_scanner/softing_sis.rb - About 45 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method parse has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
        Open

          def parse(request,result)

    return unless result['Content-Type'].include?('text/html')

    doc = Nokogiri::HTML(result.body.to_s)
        Severity: Minor
        Found in data/msfcrawler/image.rb - About 45 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method parse has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
        Open

          def parse(request,result)

    return unless result['Content-Type'].include?('text/html')

    doc = Nokogiri::HTML(result.body.to_s)
        Severity: Minor
        Found in data/msfcrawler/frames.rb - About 45 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method parse has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
        Open

          def parse(request,result)
    return unless result['Content-Type'].include?('text/html')

    doc = Nokogiri::HTML(result.body.to_s)
    doc.css('link').each do |link|
        Severity: Minor
        Found in data/msfcrawler/link.rb - About 45 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Avoid deeply nested control flow statements.
        Open

                    s[:lmhash] = "00" * 24 if s[:lmhash] == s[:ntlmhash]
        Severity: Major
        Found in data/exploits/psnuffle/smb.rb - About 45 mins to fix

          Method CreateThread has 6 arguments (exceeds 4 allowed). Consider refactoring.
          Open

              private static extern IntPtr CreateThread(IntPtr lpThreadAttributes, UIntPtr dwStackSize, IntPtr lpStartAddress, IntPtr param, Int32 dwCreationFlags, ref IntPtr lpThreadId);
          Severity: Minor
          Found in external/source/SqlClrPayload/StoredProcedures.cs - About 45 mins to fix

            Method CfConvertToPlaceholder has 6 arguments (exceeds 4 allowed). Consider refactoring.
            Open

                        SafeHandle FileHandle,
            IntPtr FileIdentity,
            int FileIdentityLength,
            CF_CONVERT_FLAGS ConvertFlags,
            out long ConvertUsn,
            Severity: Minor
            Found in external/source/exploits/CVE-2020-17136/POC_CloudFilter_ArbitraryFile_EoP/Program.cs - About 45 mins to fix

              Consider simplifying this complex logical expression.
              Open

                      if
        (
            (start.hi() < off.hi() || (start.hi() == off.hi() && start.lo() <= off.lo())) &&
            (end.hi() > off.hi() || (end.hi() == off.hi() && end.lo() > off.lo()))
        )
              Severity: Major
              Found in data/exploits/javascript_utils/utils.js - About 40 mins to fix

                Consider simplifying this complex logical expression.
                Open

                            next unless (using_p && eprofile.include?(xref[0].split('/').last)) || (using_m && xref[0].to_s.match(mname)) || (!using_m && !using_p)
                Severity: Major
                Found in plugins/wmap.rb - About 40 mins to fix

                  Consider simplifying this complex logical expression.
                  Open

                              next unless !(using_p && eprofile.include?(xref[0].split('/').last)) || (using_m && xref[0].to_s.match(mname)) || (!using_m && !using_p)
                  Severity: Major
                  Found in plugins/wmap.rb - About 40 mins to fix

                    Consider simplifying this complex logical expression.
                    Open

                                next unless (using_p && eprofile.include?(xref[0].split('/').last)) || (using_m && xref[0].to_s.match(mname)) || (!using_m && !using_p)
                    Severity: Major
                    Found in plugins/wmap.rb - About 40 mins to fix

                      Consider simplifying this complex logical expression.
                      Open

                                  next unless (using_p && eprofile.include?(xref[0].split('/').last)) || (using_m && xref[0].to_s.match(mname)) || (!using_m && !using_p)
                      Severity: Major
                      Found in plugins/wmap.rb - About 40 mins to fix
                        Severity
                        Category
                        Status
                        Source
                        Language