Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method on_request_uri has 52 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def on_request_uri(socket, _request)
    if datastore['TARGET'] == 0 # restart
      filename = '/shared/f5_update_action'
      file_payload = <<~EOT
        UpdateAction
Severity: Major
Found in modules/exploits/linux/http/f5_icontrol_soap_csrf_rce_cve_2022_41622.rb - About 2 hrs to fix

    Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'VMware View Planner Unauthenticated Log File Upload RCE',
    Severity: Major
    Found in modules/exploits/linux/http/vmware_view_planner_4_6_uploadlog_rce.rb - About 2 hrs to fix

      Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.',
      Severity: Major
      Found in modules/exploits/linux/http/kafka_ui_unauth_rce_cve_2023_52251.rb - About 2 hrs to fix

        Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability',
        Severity: Major
        Found in modules/exploits/linux/ssh/symantec_smg_ssh.rb - About 2 hrs to fix

          Method check has 52 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def check
    connect_udp
    udp_sock.put 'discover;013;'
    res = udp_sock.get(5)
    disconnect_udp
          Severity: Major
          Found in modules/exploits/linux/misc/hid_discoveryd_command_blink_on_unauth_rce.rb - About 2 hrs to fix

            Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(update_info(info,
      'Name'        => 'Nagios Remote Plugin Executor Arbitrary Command Execution',
      'Description' => %q{
          The Nagios Remote Plugin Executor (NRPE) is installed to allow a central
            Severity: Major
            Found in modules/exploits/linux/misc/nagios_nrpe_arguments.rb - About 2 hrs to fix

              Method initialize has 52 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(
      update_info(
        info,
        {
              Severity: Major
              Found in modules/exploits/linux/ssh/exagrid_known_privkey.rb - About 2 hrs to fix

                Method run has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run
    if client.nil?
      print_error("Invalid session ID selected. Make sure the host isn't dead.")
      return
    end
                Severity: Major
                Found in modules/post/osx/gather/password_prompt_spoof.rb - About 2 hrs to fix

                  Method gatherwin has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def gatherwin
    print_status('Windows OS detected, enumerating services')
    tomcatHomeArray = []
    service_list.each do |service|
      if service[:name].downcase.include? 'tomcat'
                  Severity: Major
                  Found in modules/post/multi/gather/tomcat_gather.rb - About 2 hrs to fix

                    Method print_routes has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def print_routes
    # IPv4 Table
    tbl_ipv4 = Msf::Ui::Console::Table.new(
      Msf::Ui::Console::Table::Style::Default,
      'Header' => 'IPv4 Active Routing Table',
                    Severity: Major
                    Found in modules/post/multi/manage/autoroute.rb - About 2 hrs to fix

                      Method run has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def run
    # syinfo is only on meterpreter sessions
    print_status("Running module against #{sysinfo['Computer']}") if !sysinfo.nil?
    macro = datastore['MACRO']
    entries = []
                      Severity: Major
                      Found in modules/post/multi/manage/multi_post.rb - About 2 hrs to fix

                        Method parse_results has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def parse_results(results)
    laps_results = []
    # Results table holds raw string data
    results_table = Rex::Text::Table.new(
      'Header' => 'Local Administrator Password Solution (LAPS) Results',
                        Severity: Major
                        Found in modules/post/windows/gather/credentials/enum_laps.rb - About 2 hrs to fix

                          Method community_strings has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def community_strings
    print_status('Enumerating community strings')
    key = 'HKLM\\System\\CurrentControlSet\\Services\\SNMP\\Parameters\\ValidCommunities'

    unless registry_key_exist?(key)
                          Severity: Major
                          Found in modules/post/windows/gather/enum_snmp.rb - About 2 hrs to fix

                            Method run has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def run
    certfile = datastore['CAFILE']

    # Check file path
    begin
                            Severity: Major
                            Found in modules/post/windows/manage/inject_ca.rb - About 2 hrs to fix

                              Method run has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def run
    # Make sure we meet the requirements before running the script
    unless session.type == 'meterpreter' || have_powershell?
      print_error 'Incompatible Environment'
      return 0
                              Severity: Major
                              Found in modules/post/windows/manage/powershell/build_net_code.rb - About 2 hrs to fix

                                Method run has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def run
    if session.type == 'meterpreter'
      sep = session.fs.file.separator
    else
      # Guess, but it's probably right
                                Severity: Major
                                Found in modules/post/linux/manage/sshkey_persistence.rb - About 2 hrs to fix

                                  Method response has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                      def response(arg, opt = {})
      usr = arg[:user]
      pwd = arg[:password]
      if usr.nil? or pwd.nil?
        raise ArgumentError, "user and password have to be supplied"
                                  Severity: Major
                                  Found in lib/rex/proto/ntlm/message.rb - About 2 hrs to fix

                                    Method negotiate_auth has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def negotiate_auth(opts={})

    to = opts['timeout'] || 20
    opts['username'] ||= ''
    opts['password'] ||= ''
                                    Severity: Major
                                    Found in lib/rex/proto/http/client.rb - About 2 hrs to fix

                                      Method tag_start has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def tag_start(name, attributes)
    begin
      case name
      when "address"
        @host["addrs"][attributes["addrtype"]] = attributes["addr"]
                                      Severity: Major
                                      Found in lib/rex/parser/nmap_xml.rb - About 2 hrs to fix

                                        Method cmd_interval_collect has 52 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def cmd_interval_collect(*args)
      @@interval_collect_opts ||= Rex::Parser::Arguments.new(
        '-h' => [false, 'Help Banner'],
        '-a' => [true, "Action (required, one of: #{client.android.collect_actions.join(', ')})"],
        '-c' => [true, "Collector type (required, one of: #{client.android.collect_types.join(', ')})"],
                                        Severity: Major
                                        Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language