Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,177 of 22,177 total issues

Method run_host has a Cognitive Complexity of 60 (exceeds 5 allowed). Consider refactoring.
Open

  def run_host(ip)
    # Force http verb to be upper-case, because otherwise some web servers such as
    # Apache might throw you a 501
    http_method = datastore['METHOD'].upcase
Severity: Minor
Found in modules/auxiliary/scanner/http/blind_sql_query.rb - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run_host has a Cognitive Complexity of 60 (exceeds 5 allowed). Consider refactoring.
Open

  def run_host(ip)
    conn = false
    usecode = datastore['ForceCode']

    tpath = normalize_uri(datastore['PATH'])
Severity: Minor
Found in modules/auxiliary/scanner/http/web_vulndb.rb - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check_ref_identifiers has a Cognitive Complexity of 60 (exceeds 5 allowed). Consider refactoring.
Open

  def check_ref_identifiers
    in_super     = false
    in_refs      = false
    in_notes     = false
    cve_assigned = false
Severity: Minor
Found in tools/dev/msftidy.rb - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method apply_prepends has a Cognitive Complexity of 60 (exceeds 5 allowed). Consider refactoring.
Open

  def apply_prepends(buf)
    pre = ''
    app = ''

    test_arch = [ *(self.arch) ]
Severity: Minor
Found in lib/msf/core/payload/linux.rb - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

File Program.cs has 559 lines of code (exceeds 250 allowed). Consider refactoring.
Open

using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
Severity: Major
Found in external/source/exploits/CVE-2020-17136/POC_CloudFilter_ArbitraryFile_EoP/Program.cs - About 1 day to fix

    File weblogic_deserialize_unicastref.rb has 558 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::Remote::TcpServer
    Severity: Major
    Found in modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb - About 1 day to fix

      Method exploit has 234 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def exploit
    main = %q^
/*
* Exploit Title: pkexec Race condition (CVE-2011-1485) exploit
* Author: xi4oyu
      Severity: Major
      Found in modules/exploits/linux/local/pkexec.rb - About 1 day to fix

        Class Core has 64 methods (exceeds 20 allowed). Consider refactoring.
        Open

        class Console::CommandDispatcher::Core

  include Console::CommandDispatcher

  #
        Severity: Major
        Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb - About 1 day to fix

          Class Config has 64 methods (exceeds 20 allowed). Consider refactoring.
          Open

          class Config < Hash

  # The installation's root directory for the distribution
  InstallRoot = File.expand_path(File.join(File.dirname(__FILE__), '..', '..', '..'))
          Severity: Major
          Found in lib/msf/base/config.rb - About 1 day to fix

            File nexpose.rb has 553 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            require 'English'
require 'nexpose'

module Msf
  Nexpose_yaml = "#{Msf::Config.config_directory}/nexpose.yaml".freeze # location of the nexpose.yml containing saved nexpose creds
            Severity: Major
            Found in plugins/nexpose.rb - About 1 day to fix

              File nexpose_raw_document.rb has 553 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              require "rex/parser/nokogiri_doc_mixin"
require "date"

module Rex
  module Parser
              Severity: Major
              Found in lib/rex/parser/nexpose_raw_document.rb - About 1 day to fix

                Method run has a Cognitive Complexity of 59 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run
    open_pcap({'SNAPLEN' => 68, 'FILTER' => "arp[6:2] == 0x0002"})
    @netifaces = true
    if not netifaces_implemented?
      print_error("WARNING : Pcaprub is not up-to-date, some functionality will not be available")
                Severity: Minor
                Found in modules/auxiliary/spoof/arp/arp_poisoning.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method run_host has a Cognitive Complexity of 59 (exceeds 5 allowed). Consider refactoring.
                Open

                  def run_host(ip)

    http_method = datastore['METHOD'].upcase

    qvars = nil
                Severity: Minor
                Found in modules/auxiliary/scanner/http/error_sql_injection.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method exploit has a Cognitive Complexity of 59 (exceeds 5 allowed). Consider refactoring.
                Open

                  def exploit
    if target.name =~ /prestashop/
      uri = normalize_uri(target_uri.path)
      res = send_request_cgi({'uri' => uri})
      if res && res.code != 301
                Severity: Minor
                Found in modules/exploits/linux/http/php_imap_open_rce.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method read_response has a Cognitive Complexity of 59 (exceeds 5 allowed). Consider refactoring.
                Open

                  def read_response(t = -1, opts = {})
    # Return a nil response if timeout is nil or 0
    return if t.nil? || t == 0

    resp = Response.new
                Severity: Minor
                Found in lib/rex/proto/http/client.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method send_tcp has a Cognitive Complexity of 59 (exceeds 5 allowed). Consider refactoring.
                Open

                    def send_tcp(packet, packet_data, nameservers, prox = @config[:proxies])
      ans = nil
      length = [packet_data.size].pack("n")
      nameservers.each do |ns, socket_options|
        socket = nil
                Severity: Minor
                Found in lib/rex/proto/dns/resolver.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method cmd_download has a Cognitive Complexity of 59 (exceeds 5 allowed). Consider refactoring.
                Open

                  def cmd_download(*args)
    if (args.empty? or args.include? "-h")
      cmd_download_help
      return true
    end
                Severity: Minor
                Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb - About 1 day to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                File weblogic_deserialize_badattr_extcomp.rb has 551 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::CmdStager
                Severity: Major
                Found in modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb - About 1 day to fix

                  File dnn_cookie_deserialization_rce.rb has 548 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  require 'openssl'
require 'set'

class MetasploitModule < Msf::Exploit::Remote
  include Msf::Exploit::Remote::HttpClient
                  Severity: Major
                  Found in modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb - About 1 day to fix

                    File client_mixin.rb has 548 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    module Rex
module Proto
module MSSQL
# A base mixin of useful mssql methods for parsing structures etc
module ClientMixin
                    Severity: Major
                    Found in lib/rex/proto/mssql/client_mixin.rb - About 1 day to fix
                      Severity
                      Category
                      Status
                      Source
                      Language