rapid7/metasploit-framework

View on GitHub

Showing 15,888 of 21,960 total issues

Method print_timezone_key_values has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def print_timezone_key_values(key_value)
    # Looks for timezone information from registry.
    timezone = registry_getvaldata('HKLM\\SYSTEM\\CurrentControlSet\\Control\\TimeZoneInformation', key_value)
    tz_bias = registry_getvaldata('HKLM\\SYSTEM\\CurrentControlSet\\Control\\TimeZoneInformation', 'Bias')
    if timezone.nil? || tz_bias.nil?
Severity: Minor
Found in modules/post/windows/gather/enum_prefetch.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method decrypt_password has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def decrypt_password(data)
    session.railgun.add_dll('crypt32') unless session.railgun.get_dll('crypt32')

    pid = client.sys.process.getpid
    process = client.sys.process.open(pid, PROCESS_ALL_ACCESS)
Severity: Minor
Found in modules/post/windows/gather/credentials/rdc_manager_creds.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    print_status("Running module against #{sysinfo['Computer']}")
    enum_users.each do |user|
      if user['userpath']
        print_status "Extracting lnk files for user #{user['username']} at #{user['userpath']}..."
Severity: Minor
Found in modules/post/windows/gather/dumplinks.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method export_mailboxes has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def export_mailboxes(mailbox, filter)
    # Get the target's TEMP path and generate a random filename to serve as the save path for the export action
    temp_folder = get_env('TEMP')
    random_filename = "#{Rex::Text.rand_text_alpha(16)}.tmp"
    temp_save_path = "#{temp_folder}\\#{random_filename}"
Severity: Minor
Found in modules/post/windows/gather/exchange.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method process_hive has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def process_hive(sys_path, user, muicache, hive_file)
    user_home_path = expand_path(sys_path)
    hive_path = user_home_path + hive_file
    ntuser_status = file_exist?(hive_path)

Severity: Minor
Found in modules/post/windows/gather/enum_muicache.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method decrypt has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def decrypt(csv_file)
    csv = read_csv_file(csv_file)
    print_good("#{csv.count} WUG rows loaded, #{@wug_total_secrets} unique nCredentialTypeIDs")
    result = decrypt_wug_db(csv)
    processed_rows = result[:processed_rows]
Severity: Minor
Found in modules/post/windows/gather/credentials/whatsupgold_credential_dump.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_locations has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def get_locations
    progfiles_env = session.sys.config.getenvs('ProgramData')
    locations = []
    progfiles_env.each do |_k, v|
      vprint_status("Searching PureVPN Client installation at #{v}")
Severity: Minor
Found in modules/post/windows/gather/credentials/purevpn_cred_collector.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method report_db has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def report_db(cred)
    ip_add = nil
    host = ''
    port = 0
    begin
Severity: Minor
Found in modules/post/windows/gather/credentials/enum_cred_store.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method parse_history has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def parse_history(str)
    # @keys is defined in decrypt_pref, and this function is called by decrypt_pref after @keys is defined
    result = Hash[@keys.map { |k| [k.to_sym, ''] }]
    result[:Parent] = '-2'

Severity: Minor
Found in modules/post/windows/gather/credentials/plsql_developer.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method decrypt_blob has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def decrypt_blob(daddr, dlen, type)
    # type 0 = passport cred, type 1 = wininet cred
    # set up entropy
    c32 = session.railgun.crypt32
    guid = '82BD0E67-9FEA-4748-8672-D5EFE5B779B0' if type == 0
Severity: Minor
Found in modules/post/windows/gather/credentials/enum_cred_store.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    grab_user_profiles.each do |user|
      next if user['AppData'].nil?

      xml = get_xml(user['AppData'] + '\\FTP Explorer\\profiles.xml')
Severity: Minor
Found in modules/post/windows/gather/credentials/ftpx.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method parser_ini has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def parser_ini(ini_config_path)
    valuable_info = {}
    if session.fs.file.exist?(ini_config_path)
      file_contents = read_file(ini_config_path)
      if file_contents.nil? || file_contents.empty?
Severity: Minor
Found in modules/post/windows/gather/credentials/moba_xterm.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method extract_hashes_and_versions has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def extract_hashes_and_versions(keys)
    vprint_status("Attempting to extract hashes from #{keys.size} McAfee VSE installations")
    hash_map = {}
    keys.each do |key|
      hash = registry_getvaldata(key, 'UIPEx')
Severity: Minor
Found in modules/post/windows/gather/credentials/mcafee_vse_hashdump.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method init_module has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def init_module
    orion_hostname = get_env('COMPUTERNAME')
    print_status("Hostname #{orion_hostname} IPv4 #{rhost}")
    require_sql = action.name.downcase == 'export' || action.name.downcase == 'dump' # only need to be concerned with SQL if doing these actions
    if require_sql
Severity: Minor
Found in modules/post/windows/gather/credentials/solarwinds_orion_dump.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method aes_cbc_decrypt has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def aes_cbc_decrypt(ciphertext_bytes, aes_key, aes_iv)
    return nil unless aes_iv.length == 16

    case aes_key.length
    when 16
Severity: Minor
Found in modules/post/windows/gather/credentials/solarwinds_orion_dump.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method aes_cbc_decrypt has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def aes_cbc_decrypt(ciphertext_bytes, aes_key, aes_iv)
    return false unless aes_iv.length == 16

    case aes_key.length
    when 16
Severity: Minor
Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method decrypt has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def decrypt(csv_file)
    csv = read_csv_file(csv_file)
    total_rows = csv.count
    print_good("#{total_rows} rows loaded, #{@orion_total_secrets} unique CredentialIDs")
    result = decrypt_orion_db(csv)
Severity: Minor
Found in modules/post/windows/gather/credentials/solarwinds_orion_dump.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method dump_orion_db has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def dump_orion_db
    # CONVERT(VARBINARY()) is an awful hack to get around sqlcmd's equally awful support for CSV output
    sql_query = 'SET NOCOUNT ON;SELECT c.ID AS CredentialID,
      CONVERT(VARBINARY(1024),c.Name) Name,
      CONVERT(VARBINARY(1024),c.Description) Description,
Severity: Minor
Found in modules/post/windows/gather/credentials/solarwinds_orion_dump.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method extract_data has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def extract_data(username)
    # Prepare Chrome's path on remote machine
    chrome_path = @profiles_path + '\\' + username + @data_path + 'Default'
    raw_files = {}

Severity: Minor
Found in modules/post/windows/gather/enum_chrome.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_install_path has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def get_install_path(target)
    target_name = target.upcase
    case target_name
    when 'VBR'
      reg_key = 'HKLM\\SOFTWARE\\Veeam\\Veeam Backup and Replication'
Severity: Minor
Found in modules/post/windows/gather/credentials/veeam_credential_dump.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language