Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,301 of 22,004 total issues

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    super(update_info(info,
      'Name'           => 'MS07-029 Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)',
      'Description'    => %q{
          This module exploits a stack buffer overflow in the RPC interface
        of the Microsoft DNS service. The vulnerability is triggered
Severity: Major
Found in modules/exploits/windows/smb/ms07_029_msdns_zonename.rb and 1 other location - About 1 day to fix
modules/exploits/windows/dcerpc/ms07_029_msdns_zonename.rb on lines 12..84

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 257.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method enum_instance has 199 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def enum_instance(rhost)
    print_status("#{rhost}:#{rport} [SAP] Connecting to SAP Management Console SOAP Interface")
    success = false
    soapenv='http://schemas.xmlsoap.org/soap/envelope/'
    xsi='http://www.w3.org/2001/XMLSchema-instance'
Severity: Major
Found in modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb - About 7 hrs to fix

    Method build_t3_request_object has 199 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def build_t3_request_object
    # T3 request serialized data
    # retrieved by watching network traffic
    # This is a proprietary, undocumented protocol
    data =  '000005c3'                                     # lenght of the packet
    Severity: Major
    Found in modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb - About 7 hrs to fix

      Method cmd_nexpose_scan has 198 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

            def cmd_nexpose_scan(*args)
        opts = Rex::Parser::Arguments.new(
          '-h' => [ false, 'This help menu'],
          '-t' => [ true, 'The scan template to use (default:pentest-audit options:full-audit,exhaustive-audit,discovery,aggressive-discovery,dos-audit)'],
          '-c' => [ true, 'Specify credentials to use against these targets (format is type:user:pass'],
      Severity: Major
      Found in plugins/nexpose.rb - About 7 hrs to fix

        Identical blocks of code found in 2 locations. Consider refactoring.
        Open

          def make_js(encoded_payload)

    # The following executes a ret2lib using icucnv36.dll
    # The effect is to bypass DEP and execute the shellcode in an indirect way
    stack_data = [
        Severity: Major
        Found in modules/exploits/windows/fileformat/adobe_cooltype_sing.rb and 1 other location - About 7 hrs to fix
        modules/exploits/windows/browser/adobe_cooltype_sing.rb on lines 141..342

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 254.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Identical blocks of code found in 2 locations. Consider refactoring.
        Open

          def make_js(encoded_payload)

    # The following executes a ret2lib using icucnv36.dll
    # The effect is to bypass DEP and execute the shellcode in an indirect way
    stack_data = [
        Severity: Major
        Found in modules/exploits/windows/browser/adobe_cooltype_sing.rb and 1 other location - About 7 hrs to fix
        modules/exploits/windows/fileformat/adobe_cooltype_sing.rb on lines 128..329

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 254.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

          def on_request_uri(cli, request)
    # Re-generate the payload.
    return if ((p = regenerate_payload(cli)) == nil)

    # Encode the shellcode.
        Severity: Major
        Found in modules/exploits/windows/browser/softartisans_getdrivename.rb and 1 other location - About 7 hrs to fix
        modules/exploits/windows/browser/ms08_053_mediaencoder.rb on lines 54..110

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 253.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Similar blocks of code found in 2 locations. Consider refactoring.
        Open

          def on_request_uri(cli, request)
    # Re-generate the payload.
    return if ((p = regenerate_payload(cli)) == nil)

    # Encode the shellcode.
        Severity: Major
        Found in modules/exploits/windows/browser/ms08_053_mediaencoder.rb and 1 other location - About 7 hrs to fix
        modules/exploits/windows/browser/softartisans_getdrivename.rb on lines 54..114

        Duplicated Code

        Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

        Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

        When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

        Tuning

        This issue has a mass of 253.

        We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

        The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

        If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

        See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

        Refactorings

        Further Reading

        Class ConsoleCommandDispatcher has 55 methods (exceeds 20 allowed). Consider refactoring.
        Open

            class ConsoleCommandDispatcher
      include Msf::Ui::Console::CommandDispatcher

      def name
        PLUGIN_NAME
        Severity: Major
        Found in plugins/nessus.rb - About 7 hrs to fix

          Identical blocks of code found in 2 locations. Consider refactoring.
          Open

          def build(name):
    location = locate('%s.asm' % name)
    if location:
        input = os.path.normpath(os.path.join(location, name))
        output = os.path.normpath(os.path.join('./bin/', name))
          Severity: Major
          Found in external/source/shellcode/windows/x64/build.py and 1 other location - About 7 hrs to fix
          external/source/shellcode/windows/x86/build.py on lines 35..45

          Duplicated Code

          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

          Tuning

          This issue has a mass of 120.

          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

          Refactorings

          Further Reading

          Identical blocks of code found in 2 locations. Consider refactoring.
          Open

          def build(name):
    location = locate('%s.asm' % name)
    if location:
        input = os.path.normpath(os.path.join(location, name))
        output = os.path.normpath(os.path.join('./bin/', name))
          Severity: Major
          Found in external/source/shellcode/windows/x86/build.py and 1 other location - About 7 hrs to fix
          external/source/shellcode/windows/x64/build.py on lines 37..47

          Duplicated Code

          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

          Tuning

          This issue has a mass of 120.

          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

          Refactorings

          Further Reading

          Method exploit has 195 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def exploit
    # lots of this file's format is based on pkexec.rb

    # direct copy of code from exploit-db
    main = %q{
          Severity: Major
          Found in modules/exploits/unix/local/netbsd_mail_local.rb - About 7 hrs to fix

            Method cmd_reg has 195 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def cmd_reg(*args)
    # Extract the command, if any
    cmd = args.shift

    if (args.length == 0)
            Severity: Major
            Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb - About 7 hrs to fix

              Method init has 194 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                 @SuppressWarnings("unchecked")
   public void init()
     {
    try
      {
              Severity: Major
              Found in external/source/exploits/cve-2010-4452/AppletX.java - About 7 hrs to fix

                Method exploit has 194 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def exploit
    print_status('Trying to detect if target is running a supported version of piwik')
    res = send_request_cgi({
      'method' => 'GET',
      'uri' => normalized_index
                Severity: Major
                Found in modules/exploits/unix/webapp/piwik_superuser_plugin_upload.rb - About 7 hrs to fix

                  Identical blocks of code found in 2 locations. Consider refactoring.
                  Open

                          def recv_telnet(fd, timeout)

          data = ''

          begin
                  Severity: Major
                  Found in lib/metasploit/framework/telnet/client.rb and 1 other location - About 7 hrs to fix
                  lib/msf/core/exploit/remote/telnet.rb on lines 155..217

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 249.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Identical blocks of code found in 2 locations. Consider refactoring.
                  Open

                    def recv_telnet(fd, timeout)

    data = ''

    begin
                  Severity: Major
                  Found in lib/msf/core/exploit/remote/telnet.rb and 1 other location - About 7 hrs to fix
                  lib/metasploit/framework/telnet/client.rb on lines 140..202

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 249.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Method parse_server has 192 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def parse_server(data)
    creds = []
    perms = []
    groups = []
    settings = {}
                  Severity: Major
                  Found in modules/post/windows/gather/credentials/filezilla_server.rb - About 7 hrs to fix

                    Method build_t3_request_object has 191 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def build_t3_request_object
    # T3 request serialized data
    # retrieved by watching network traffic
    # This is a proprietary, undocumented protocol
    # TODO: WHAT DOES THIS DO?  CAN WE RANDOMIZE ANY OF IT?
                    Severity: Major
                    Found in modules/exploits/multi/misc/weblogic_deserialize_marshalledobject.rb - About 7 hrs to fix

                      Method exploit has 191 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def exploit
    # Hijacking Administrator session by exploiting objection injection vuln that end up with sqli
    print_status("Hijacking administrator session")

    sql = "SELECT id FROM sessions LIMIT 1"
                      Severity: Major
                      Found in modules/exploits/linux/http/alienvault_exec.rb - About 7 hrs to fix
                        Severity
                        Category
                        Status
                        Source
                        Language