Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,177 of 22,177 total issues

File command_shell.rb has 536 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'shellwords'
require 'rex/text/table'
require "base64"

module Msf
Severity: Major
Found in lib/msf/base/sessions/command_shell.rb - About 1 day to fix

    Method run_host has 221 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run_host(target_host)
    case
      when action.name == 'LISTFILES'
        res = http_post('listFiles')
        unless res
    Severity: Major
    Found in modules/auxiliary/scanner/http/es_file_explorer_open_port.rb - About 1 day to fix

      Method getMbeanServer has 220 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

          private MBeanServer getMbeanServer() {

        return new MBeanServer() {

            @Override
      Severity: Major
      Found in external/source/exploits/CVE-2010-0094/Exploit.java - About 1 day to fix

        Method exploit has 219 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def exploit
    # Make initial request to get assigned a session token
    cookie = "pagerefresh=1; NfaupdateMsg=true; sortBy=sByName; testcookie=; "
    cookie << "am_username=;am_check="
    begin
        Severity: Major
        Found in modules/exploits/windows/http/manageengine_apps_mngr.rb - About 1 day to fix

          Method run has a Cognitive Complexity of 56 (exceeds 5 allowed). Consider refactoring.
          Open

            def run
    begin
      @port = datastore['SRVPORT'].to_i
      @sock = Rex::Socket::Udp.create(
            'LocalHost' => datastore['SRVHOST'],
          Severity: Minor
          Found in modules/auxiliary/server/capture/sip.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method run_host has a Cognitive Complexity of 56 (exceeds 5 allowed). Consider refactoring.
          Open

            def run_host(ip)
    begin
      snmp = connect_snmp

      vprint_status("Connecting to #{ip}")
          Severity: Minor
          Found in modules/auxiliary/scanner/snmp/snmp_enum_hp_laserjet.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method run_host has a Cognitive Complexity of 56 (exceeds 5 allowed). Consider refactoring.
          Open

            def run_host(ip)
    trav = datastore['FILE']

    if(trav == '' or datastore['FINGERPINT'])
    # the user did not specify what they wanted, fingerprint, go after password.properties
          Severity: Minor
          Found in modules/auxiliary/scanner/http/coldfusion_locale_traversal.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method process_config has a Cognitive Complexity of 56 (exceeds 5 allowed). Consider refactoring.
          Open

            def process_config(filename)
    config = client.fs.file.new(filename, 'r')
    print_status("Processing #{filename}")
    contents = config.read
    config_lines = contents.split("\n")
          Severity: Minor
          Found in modules/post/windows/gather/credentials/epo_sql.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method substitute_vars has a Cognitive Complexity of 56 (exceeds 5 allowed). Consider refactoring.
          Open

            def substitute_vars(raw, offsets)
    offsets.each_pair { |name, info|
      offset, pack = info

      # Give the derived class a chance to substitute this variable
          Severity: Minor
          Found in lib/msf/core/payload.rb - About 1 day to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method process_propfind has 218 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def process_propfind(cli, request)
    path = request.uri
    print_status("Received WebDAV PROPFIND request for #{path}")
    body = ''
          Severity: Major
          Found in modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb - About 1 day to fix

            Method initialize has 217 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Windows x64 Pingback, Reverse TCP Inline',
      'Description'   => 'Connect back to attacker and report UUID (Windows x64)',
      'Author'        => [ 'bwatters-r7' ],
            Severity: Major
            Found in modules/payloads/singles/windows/x64/pingback_reverse_tcp.rb - About 1 day to fix

              Method exploit_html has 217 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def exploit_html(req_uri)
    srvhost = datastore['SRVHOST']
    srvport = datastore['SRVPORT']

    template = <<-EOF
              Severity: Major
              Found in modules/exploits/windows/browser/ms16_051_vbscript.rb - About 1 day to fix

                Method custom_inflections has 216 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def custom_inflections
    {
      'uuid' => 'UUID',
      'db_manager' => 'DBManager',
      'ci' => 'CI',
                Severity: Major
                Found in lib/msf_autoload.rb - About 1 day to fix

                  File solarwinds_orion_dump.rb has 526 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  require 'metasploit/framework/credential_collection'

class MetasploitModule < Msf::Post
  include Msf::Post::Common
  include Msf::Post::File
                  Severity: Major
                  Found in modules/post/windows/gather/credentials/solarwinds_orion_dump.rb - About 1 day to fix

                    File apache_superset_cookie_sig_rce.rb has 525 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    class MetasploitModule < Msf::Exploit::Remote
  Rank = GoodRanking
  include Msf::Exploit::Remote::HttpClient

  def initialize(info = {})
                    Severity: Major
                    Found in modules/exploits/linux/http/apache_superset_cookie_sig_rce.rb - About 1 day to fix

                      Method cmd_hosts has 215 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def cmd_hosts(*args)
    return unless active?
    onlyup = false
    set_rhosts = false
    mode = []
                      Severity: Major
                      Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

                        Function main has a Cognitive Complexity of 55 (exceeds 5 allowed). Consider refactoring.
                        Open

                        def main(argv=None):
    if not argv:
        argv = sys.argv
    if len(argv) == 1:
        print('Usage: build.py [clean|all|<name>]')
                        Severity: Minor
                        Found in external/source/shellcode/windows/x64/build.py - About 1 day to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Function dump has a Cognitive Complexity of 55 (exceeds 5 allowed). Consider refactoring.
                        Open

                            def dump(self):
        try:
            if self.__remoteName.upper() == 'LOCAL' and self.__username == '':
                self.__isRemote = False
                self.__useVSSMethod = True
                        Severity: Minor
                        Found in modules/auxiliary/scanner/smb/impacket/secretsdump.py - About 1 day to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Method cmd_token_hunt_user has a Cognitive Complexity of 55 (exceeds 5 allowed). Consider refactoring.
                        Open

                              def cmd_token_hunt_user(*args)
        opts = Rex::Parser::Arguments.new(
          '-h' => [ false, 'This help menu'],
          '-f' => [ true, 'A file containing a list of users to search for (one per line)']
        )
                        Severity: Minor
                        Found in plugins/token_hunter.rb - About 1 day to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Method run has a Cognitive Complexity of 55 (exceeds 5 allowed). Consider refactoring.
                        Open

                          def run
    ldap_connect do |ldap|
      validate_bind_success!(ldap)

      fail_with(Failure::UnexpectedReply, "Couldn't discover base DN!") unless ldap.base_dn
                        Severity: Minor
                        Found in modules/auxiliary/gather/ldap_query.rb - About 1 day to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Severity
                        Category
                        Status
                        Source
                        Language