Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 16,065 of 22,177 total issues

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    return CheckCode::Unknown('WordPress does not appear to be online.') unless wordpress_and_online?

    plugin_check_code = check_plugin_version_from_readme('hash-form', '1.1.1')
Severity: Minor
Found in modules/exploits/multi/http/wp_hash_form_rce.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method upload_payload has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def upload_payload(payload, is_exploit)
    jsp_name = 'WebStart-' + rand_text_alpha(rand(8) + 3) + '.jsp'
    if is_exploit
      print_status("#{peer} - Uploading payload...")
    end
Severity: Minor
Found in modules/exploits/multi/http/webnms_file_upload.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method add_meta has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def add_meta(cookie, post_id, ajax_nonce, payload_name)
    payload_url = "http://#{datastore['SRVHOSTNAME']}:#{datastore['SRVPORT']}/#{payload_name}"
    vprint_status("Adding malicious metadata for redirect to #{payload_url}")
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'),
Severity: Minor
Found in modules/exploits/multi/http/wp_popular_posts_rce.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    @my_target = pick_target
    if @my_target.nil?
      print_error("#{peer} - Unable to select a target, we must bail.")
      return
Severity: Minor
Found in modules/exploits/multi/http/webnms_file_upload.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    session_id = login_bypass
    fail_with(Failure::NoAccess, 'Login bypass failed') unless session_id

    print_good('Login bypass successful')
Severity: Minor
Found in modules/exploits/multi/http/navigate_cms_rce.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit_java has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit_java
    print_status("Uploading WAR file")
    app_base = rand_text_alphanumeric(4+rand(32-4))

    war = payload.encoded_war({ :app_name => app_base }).to_s
Severity: Minor
Found in modules/exploits/multi/http/sonicwall_gms_upload.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def login
    hashed_pass = Rex::Text.sha1(datastore['PASSWORD'])
    @token = Rex::Text.rand_text_alpha_lower(5..8)
    hashed_pass << @token
    hash_final = Rex::Text.sha1(hashed_pass)
Severity: Minor
Found in modules/exploits/multi/http/atutor_upload_traversal.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exec_function? has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def exec_function?(func_name)
    query = "SELECT exec_#{func_name}('#{payload.encoded.gsub("'", "''")}')"
    select_query = postgres_query(query)

    case select_query.keys[0]
Severity: Minor
Found in modules/exploits/multi/postgres/postgres_createlang.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri( cli, request )
    if not request.uri.match(/\.jar$/i)
      if not request.uri.match(/\/$/)
        send_redirect(cli, get_resource() + '/', '')
        return
Severity: Minor
Found in modules/exploits/multi/browser/java_trusted_chain.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri( cli, request )
    if not request.uri.match(/\.jar$/i)
      if not request.uri.match(/\/$/)
        send_redirect(cli, get_resource() + '/', '')
        return
Severity: Minor
Found in modules/exploits/multi/browser/java_jre17_jaxws.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri( cli, request )
    if not request.uri.match(/\.jar$/i)
      if not request.uri.match(/\/$/)
        send_redirect(cli, get_resource() + '/', '')
        return
Severity: Minor
Found in modules/exploits/multi/browser/java_rhino.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri(cli, request)
    if request.uri.match(/\.xpi$/i)
      # browser has navigated to the .xpi file
      print_status("Sending xpi and waiting for user to click 'accept'...")
      if not xpi = generate_addon_xpi(cli)
Severity: Minor
Found in modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    tpath = normalize_uri(datastore['TARGETURI'])

    vprint_status("Checking URI #{rhost + tpath}")
    response = send_request_cgi({ 'uri' => tpath }, timeout = datastore['TIMEOUT'])
Severity: Minor
Found in modules/exploits/multi/php/wp_duplicator_code_inject.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method tls_enabling has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def tls_enabling(ndmp_sock)
    print_status('Enabling TLS for NDMP connection')
    ndmp_tls_certs = NdmpTlsCerts.new('VeritasBE', datastore['RHOSTS'].to_s)
    ndmp_tls_certs.forge_ca
    ndmp_msg = ndmp_sock.do_request_response(
Severity: Minor
Found in modules/exploits/multi/veritas/beagent_sha_auth_rce.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri( cli, request )
    if not request.uri.match(/\.jar$/i)
      if not request.uri.match(/\/$/)
        send_redirect(cli, get_resource() + '/', '')
        return
Severity: Minor
Found in modules/exploits/multi/browser/java_rmi_connection_impl.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri( cli, request )

    if not request.uri.match(/\.jar$/i)
      if not request.uri.match(/\/$/)
        send_redirect(cli, get_resource() + '/', '')
Severity: Minor
Found in modules/exploits/multi/browser/java_jre17_exec.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method build_payload_obj has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def build_payload_obj(payload_data)
    payload_obj = 'aced0005' # STREAM_MAGIC, STREAM_VERSION
    payload_obj << '73720017' # TC_OBJECT, TC_CLASSDESC, class name length: 23
    payload_obj << '6a6176612e7574696c2e5072696f726974795175657565' # java.util.PriorityQueue
    payload_obj << '94da30b4fb3f82b1' # SerialVersionUID
Severity: Minor
Found in modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    connect

    res = register(sock)
    if res =~ /463/ || res =~ /464/
Severity: Minor
Found in modules/exploits/multi/misc/xdh_x_exec.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    connect

    response = register(sock)
    if response =~ /463/ or response =~ /464/
Severity: Minor
Found in modules/exploits/multi/misc/pbot_exec.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    connect

    unless is_rmi?
      return Exploit::CheckCode::Safe
Severity: Minor
Found in modules/exploits/multi/misc/java_jmx_server.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language