Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 16,065 of 22,177 total issues

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    @uri = normalize_uri(target_uri.path)
    @uri << '/' if @uri[-1,1] != '/'
    @session_id = ""
Severity: Minor
Found in modules/exploits/unix/webapp/hastymail_exec.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check

    peer = "#{rhost}:#{rport}"

    vprint_status("Attempting to login...")
Severity: Minor
Found in modules/exploits/unix/webapp/webmin_show_cgi_exec.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, opts = {})
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'useradm.sh'),
      'method' => 'POST',
      'authorization' => basic_auth(user, pass),
Severity: Minor
Found in modules/exploits/unix/webapp/xymon_useradm_cmd_exec.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    content = rand_text_alphanumeric(16+rand(16))
    test_file = rand_text_alphanumeric(8+rand(8))
    cmd_base = normalize_uri(datastore['URI'], '/view/Main/WebSearch?search=')
    test_url = normalize_uri(datastore['URI'], '/view/Main/', test_file)
Severity: Minor
Found in modules/exploits/unix/webapp/twiki_search.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    php_page_name = rand_text_alpha(5 + rand(5)) + '.php'

    data = Rex::MIME::Message.new
    data.add_part('ajaxUpload', nil, nil, 'form-data; name="elementCode"')
Severity: Minor
Found in modules/exploits/unix/webapp/wp_wpshop_ecommerce_file_upload.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, opts = { analytics_host: vhost })
    vuln_cookies = %w(anw anm)
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path, 'aa.php'),
      'vars_get' => { 'anp' => opts[:analytics_host] },
Severity: Minor
Found in modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    uri = normalize_uri(target_uri.path, '')
    res = send_request_raw({'uri' => uri})

    if not res
Severity: Minor
Found in modules/exploits/unix/webapp/flashchat_upload_exec.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method primer has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def primer
    srv_uri = "#{get_uri}/#{rand_text_alpha(4 + rand(3))}.zip"

    php_serialized_akfactory = 'O:9:"AKFactory":1:{s:18:"' + "\x00" + 'AKFactory' + "\x00" + 'varlist";a:2:{s:27:"kickstart.security.password";s:0:"";s:26:"kickstart.setup.sourcefile";s:' + srv_uri.length.to_s + ':"' + srv_uri + '";}}'
    php_filename = rand_text_alpha(8 + rand(8)) + '.php'
Severity: Minor
Found in modules/exploits/unix/webapp/joomla_akeeba_unserialize.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    upload_php = '/custom/' + rand_text_alpha(rand(4)+8) + '.php'

    payload_serialized =  "O:+14:\"SugarCacheFile\":23:{S:17:\"\\00*\\00_cacheFileName\";"
    payload_serialized << "s:#{upload_php.length+2}:\"..#{upload_php}\";S:16:\"\\00*\\00"
Severity: Minor
Found in modules/exploits/unix/webapp/sugarcrm_rest_unserialize_exec.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    test_file = rand_text_alphanumeric(8+rand(8))
    cmd_base = normalize_uri(datastore['URI'], '/view/Main/TWikiUsers?rev=')
    test_url = normalize_uri(datastore['URI'], test_file)
Severity: Minor
Found in modules/exploits/unix/webapp/twiki_history.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    print_status("Sending exploit request")

    # for details of the backdoor mechanism.
    cookie = "collapsed=0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|"
Severity: Minor
Found in modules/exploits/unix/webapp/mybb_backdoor.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = send_request_cgi({
      'method'        => 'POST',
      'uri'           => normalize_uri(target_uri.path),
      'ctype'         => 'application/x-www-form-urlencoded',
Severity: Minor
Found in modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    php_page_name = rand_text_alpha(8 + rand(8)) + '.php'

    data = Rex::MIME::Message.new
    data.add_part(payload.encoded, 'application/octet-stream', nil, "form-data; name=\"file\"; filename=\"#{php_page_name}\"")
Severity: Minor
Found in modules/exploits/unix/webapp/wp_inboundio_marketing_file_upload.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    print_status("Authenticating...")
    res = send_request_auth

    if res && res.code == 302
Severity: Minor
Found in modules/exploits/unix/webapp/get_simple_cms_upload_exec.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_target has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def get_target
    print_status("#{peer} - Trying to detect if target is running a supported version of OpenMediaVault.")
    res = send_request_cgi({
      'uri' => @uri,
      'method' => 'POST',
Severity: Minor
Found in modules/exploits/unix/webapp/openmediavault_rpc_rce.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = get_upload_form

    if res and (res.code == 200 or res.code == 302)
      if res.body =~ /You are not authorised to view this resource/
Severity: Minor
Found in modules/exploits/unix/webapp/joomla_media_upload_exec.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = send_request_cgi({
      'method' => 'GET',
      'uri'    => '/view/login/normal'
    })
Severity: Minor
Found in modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method restore_contents has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def restore_contents(og_contents)
    print_status("Restoring original contents of #{plugin_uri}")
    unless wordpress_edit_plugin(plugin_file, og_contents, @cookie)
      fail_with(Failure::UnexpectedReply, "Could not restore #{plugin_uri}")
    end
Severity: Minor
Found in modules/exploits/unix/webapp/wp_infinitewp_auth_bypass.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if is_root?
      fail_with Failure::BadConfig, 'Session already has root privileges'
    end
Severity: Minor
Found in modules/exploits/osx/local/rootpipe_entitlements.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    connect
    res = sock.get_once

    return CheckCode::Unknown unless res
Severity: Minor
Found in modules/exploits/unix/smtp/opensmtpd_mail_from_rce.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language