Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 16,065 of 22,177 total issues

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    # Obtain a valid image ID
    res = send_request_cgi({
      'uri'      => normalize_uri(datastore['URI']),
      'vars_get' =>
Severity: Minor
Found in modules/exploits/unix/webapp/cacti_graphimage_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_target has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def get_target(res)
    version = res.body.scan(/v(\d.\d.{0,1}\d{0,1}.{0,1}\d{0,1})/).flatten.first
    if version.nil?
      version = res.body.scan(/Version: (\d.\d.{0,1}\d{0,1}.{0,1}\d{0,1})/).flatten.first
      if version.nil?
Severity: Minor
Found in modules/exploits/unix/webapp/trixbox_ce_endpoint_devicemap_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit

    # Init variables
    @page = datastore['WritablePage']
Severity: Minor
Found in modules/exploits/unix/webapp/moinmoin_twikidraw.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cleanup has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def cleanup
    super
    if self.service
      print_status("Shutting down payload stager listener...")
      begin
Severity: Minor
Found in modules/exploits/unix/misc/polycom_hdx_traceroute_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if !datastore['ForceExploit'] && is_root?
      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
    end
Severity: Minor
Found in modules/exploits/osx/local/vmware_fusion_lpe.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method start_http has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def start_http(opts={})
    # Ensure all dependencies are present before initializing HTTP
    use_zlib

    comm = datastore['ListenerComm']
Severity: Minor
Found in modules/exploits/osx/browser/safari_file_policy.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cleanup has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def cleanup
    super
    if self.service
      print_status("Shutting down payload stager listener...")
      begin
Severity: Minor
Found in modules/exploits/unix/misc/polycom_hdx_auth_bypass.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    cast = []
    castmap = {}
    Base64.decode64(target['script']).each_line do |line|
      target, msg = line.split(':').map(&:strip)
Severity: Minor
Found in modules/exploits/multi/hams/steamed.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method sploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def sploit
    user = cmd_exec("whoami").chomp
    vprint_status("The current effective user is #{user}. Starting the sploit")
    # Get size of sudoers file
    sudoer_path = "/etc/sudoers"
Severity: Minor
Found in modules/exploits/osx/local/rsh_libmalloc.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cleanup has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def cleanup
    super
    if self.service
      print_status("Shutting down payload stager listener...")
      begin
Severity: Minor
Found in modules/exploits/multi/upnp/libupnp_ssdp_overflow.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method create_exclude_table has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def create_exclude_table(cookie)
    @exclude_uri = normalize_uri(target_uri.path, 'wp-admin', 'tools.php')
    res = send_request_cgi(
      'method'    =>  'GET',
      'uri'       =>  @exclude_uri,
Severity: Minor
Found in modules/exploits/multi/http/wp_db_backup_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    check_status = check
    if check_status == CheckCode::Appears
      print_warning 'Could not get version or Xorg process possibly running, may fail'
    elsif check_status == CheckCode::Safe
Severity: Minor
Found in modules/exploits/multi/local/xorg_x11_suid_server_modulepath.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_nonce has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def get_nonce(response)
    fail_with(Failure::UnexpectedReply, 'Failed to get a proper response') unless response

    div_res = response.at('p[@class="submit"]')
    fail_with(Failure::NotFound, 'Failed to find the element containing the nonce') unless div_res
Severity: Minor
Found in modules/exploits/multi/http/wp_db_backup_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, opts={})
    if target.name =~ /Windows/
      cmd.gsub!(/data = Replace\(data, vbCrLf, ""\)/, "data = Replace(data, \" \" + vbCrLf, \"\")")
      command = "cmd.exe /c "
      command << cmd.gsub(/&/, "&#x26;")   # HTML Encode '&' character to avoid soap request parsing errors
Severity: Minor
Found in modules/exploits/multi/http/hp_sitescope_issuesiebelcmd.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    base = normalize_uri(target_uri.path)
    base << '/' if base[-1, 1] != '/'

    plugin_name = datastore['PLUGINNAME'] || rand_text_alphanumeric(8+rand(8))
Severity: Minor
Found in modules/exploits/multi/http/openfire_auth_bypass.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method send_command has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def send_command(cmd)
    if !datastore['USERNAME'].to_s.empty? && !datastore['PASSWORD'].to_s.empty? && @cookie.empty?
      @cookie = login
      if @cookie.empty?
        fail_with(Failure::NoAccess, "#{peer} - Login failed")
Severity: Minor
Found in modules/exploits/multi/http/hp_sys_mgmt_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method do_login has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def do_login
    cookie = ''

    prerequisites = get_login_prerequisites
    xsrf          = prerequisites['atlassian.xsrf.token']
Severity: Minor
Found in modules/exploits/multi/http/jira_hipchat_template.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    base = target_uri.path
    base << '/' if base[-1, 1] != '/'

    path = normalize_uri(base, "login.jsp")
Severity: Minor
Found in modules/exploits/multi/http/openfire_auth_bypass.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_jira_version has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def get_jira_version
    version = nil

    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'secure', 'Dashboard.jspa')
Severity: Minor
Found in modules/exploits/multi/http/jira_hipchat_template.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check_desktop_central has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check_desktop_central
    res = send_request_cgi({
                               'uri' => normalize_uri("configurations.do"),
                               'method' => 'GET'
                           })
Severity: Minor
Found in modules/exploits/multi/http/manage_engine_dc_pmp_sqli.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language