Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 16,065 of 22,177 total issues

Method rdp_build_pkt has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def rdp_build_pkt(data, channel_id = "\x03\xeb", client_info: false, license_info: false)
    flags = 0
    flags |= 0x08 if @rdp_sec     # Set SEC_ENCRYPT
    flags |= 0x40 if client_info  # Set SEC_INFO_PKT
    flags |= 0x80 if license_info # Set SEC_LICENSE_PKT
Severity: Minor
Found in lib/msf/core/exploit/remote/rdp.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method postgres_upload_binary_data has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def postgres_upload_binary_data(data, remote_fname=nil)
    remote_fname ||= Rex::Text::rand_text_alpha(8) + ".dll"

    # From the Postgres documentation:
    #   SELECT lo_creat(-1);       -- returns OID of new, empty large object
Severity: Minor
Found in lib/msf/core/exploit/remote/postgres.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method validate_query_result! has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

    def validate_query_result!(query_result, filter=nil)
      if query_result.class != Hash
        raise ArgumentError, 'Parameter to "validate_query_result!" function was not a Hash!'
      end
Severity: Minor
Found in lib/msf/core/exploit/remote/ldap.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method rdp_handle_packet has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def rdp_handle_packet(pkt)
    if pkt && pkt[0] == "\x03"
      if pkt[4..6] == "\x02\xf0\x80"
        if pkt[7] == "\x68"
          chan_user_id = pkt[8..9].unpack('S>')[0]
Severity: Minor
Found in lib/msf/core/exploit/remote/rdp.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method adaudit_plus_grab_build has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def adaudit_plus_grab_build(adapcsrf_cookie)
    vprint_status('Attempting to obtain the ADAudit Plus build number')

    res = send_request_cgi({
      'uri' => adaudit_plus_license_details_uri,
Severity: Minor
Found in lib/msf/core/exploit/remote/http/manage_engine_adaudit_plus/target_info.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method send_request has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

        def send_request(message)
          resp = nil
          @max_backend_attempts.times do
            resp = @ssrf_proc.call('POST', @endpoint.path, { ctype: 'application/soap+xml;charset=UTF-8', data: message })
Severity: Minor
Found in lib/msf/core/exploit/remote/http/exchange/proxy_maybe_shell.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method java_class_loader_on_request_uri has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def java_class_loader_on_request_uri(cli, request)
    vprint_status("#{request.method} #{request.uri} requested")

    unless %w[HEAD GET].include?(request.method)
      vprint_error("Ignoring #{request.method} request")
Severity: Minor
Found in lib/msf/core/exploit/remote/java/http/class_loader.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method wdbrpc_client_memread has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def wdbrpc_client_memread(offset, length, params=0)
    pkt = wdbrpc_request_memread(offset, length, params)
    cnt = 0
    res = nil
Severity: Minor
Found in lib/msf/core/exploit/remote/wdbrpc_client.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method parse_gss_init_response has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def parse_gss_init_response(token, session_key)
    mech_id, encapsulated_token = unwrap_pseudo_asn1(token)

    if mech_id.value == Rex::Proto::Gss::OID_KERBEROS_5.value
      tok_id = encapsulated_token[0,2]
Severity: Minor
Found in lib/msf/core/exploit/remote/kerberos/service_authenticator/base.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method send_request_tgt_pkinit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

          def send_request_tgt_pkinit(options = {})
            pfx = options[:pfx]
            request_pac = options.fetch(:request_pac, true)
            realm = options[:realm]
            server_name = options[:server_name] || "krbtgt/#{realm}"
Severity: Minor
Found in lib/msf/core/exploit/remote/kerberos/client.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method send_new_client has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

                def send_new_client(opts = {})
                  send_call(
                    sock: opts[:sock] || sock,
                    call: build_jmx_new_client(opts)
                  )
Severity: Minor
Found in lib/msf/core/exploit/remote/java/rmi/client/jmx/server.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method process_browser_info has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

    def process_browser_info(source, cli, request)
      tag = retrieve_tag(cli, request)

      browser_profile[tag] ||= {}
      profile = browser_profile[tag]
Severity: Minor
Found in lib/msf/core/exploit/remote/browser_exploit_server.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method blind_detect_length has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

    def blind_detect_length(query, timebased)
      if_function = ''
      sleep_part = ''
      if timebased
        if_function = 'if(' + if_function
Severity: Minor
Found in lib/msf/core/exploit/sqli/mssqli/common.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method initialize has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

    def initialize(datastore, framework, user_output, opts = {}, &query_proc)
      raise ArgumentError, 'Missing the block that does the requests' unless block_given?
      raise ArgumentError, 'Positional arguments can\'t be nil' if [datastore, framework, user_output].any?(&:nil?)

      check_opts(opts)
Severity: Minor
Found in lib/msf/core/exploit/sqli/common.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method authenticate has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def authenticate
    raise ::RubySMB::Error::AuthenticationFailure, "Missing negotiation security buffer" if negotiation_security_buffer.nil?

    begin
      gss_api = OpenSSL::ASN1.decode(negotiation_security_buffer)
Severity: Minor
Found in lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_requested_obj_response has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def get_requested_obj_response(request, repo_objects)
    repo_objects = [ repo_objects ] unless repo_objects.kind_of?(Array)

    response = Msf::Exploit::Git::Lfs::Response.from_http_request(request)
    return nil unless response
Severity: Minor
Found in lib/msf/core/exploit/git/lfs.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method query_async has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def query_async(queries = [], threadmax = datastore['THREADS'], &block)
    running = []
    while !queries.empty?
      domain, type = queries.shift
      running << framework.threads.spawn("Module(#{self.refname})-#{domain} #{type}", false) do |qat|
Severity: Minor
Found in lib/msf/core/exploit/remote/dns/client.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method guess_flavor has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def guess_flavor
    # First try to guess a compatible flavor based on the module & target information.
    unless target_flavor.nil?
      case target_flavor
      when Array
Severity: Minor
Found in lib/msf/core/exploit/cmd_stager.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method create_pdf has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def create_pdf(js)
    strFilter = ""
    arrResults = []
    numIterations = 0
    arrEncodings = ['ASCII85','ASCIIHEX','FLATE','RUN']
Severity: Minor
Found in lib/msf/core/exploit/pdf.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method capture_sendto has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

      def capture_sendto(payload="", dhost=nil, bcast=false, dev=nil)
        raise RuntimeError, "Could not access the capture process (remember to open_pcap first!)" unless self.capture
        raise RuntimeError, "Must specify a host to sendto" unless dhost
        dev              ||= datastore['INTERFACE']
        dst_mac, src_mac = lookup_eth(dhost, dev)
Severity: Minor
Found in lib/msf/core/exploit/capture.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language