Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,177 of 22,177 total issues

Method build_packet_and_layouts has a Cognitive Complexity of 54 (exceeds 5 allowed). Consider refactoring.
Open

  def build_packet_and_layouts(packet, function, args, arch)
    case arch
    when ARCH_X64
      native = 'Q<'
    when ARCH_X86
Severity: Minor
Found in lib/rex/post/meterpreter/extensions/stdapi/railgun/library.rb - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cmd_route has a Cognitive Complexity of 54 (exceeds 5 allowed). Consider refactoring.
Open

  def cmd_route(*args)
    begin
      args << 'print' if args.length == 0

      action = args.shift
Severity: Minor
Found in lib/msf/ui/console/command_dispatcher/core.rb - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method add_dns has a Cognitive Complexity of 54 (exceeds 5 allowed). Consider refactoring.
Open

  def add_dns(*args)
    rules = ['*']
    first_rule = true
    comm = nil
    resolvers = []
Severity: Minor
Found in lib/msf/ui/console/command_dispatcher/dns.rb - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method report_note has a Cognitive Complexity of 54 (exceeds 5 allowed). Consider refactoring.
Open

  def report_note(opts)
    return if not active
  ::ApplicationRecord.connection_pool.with_connection {
    wspace = Msf::Util::DBManager.process_opts_workspace(opts, framework)
    opts = opts.clone()
Severity: Minor
Found in lib/msf/core/db_manager/note.rb - About 1 day to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Identical blocks of code found in 2 locations. Consider refactoring.
Open

  def make_js(encoded_payload)

    # The following executes a ret2lib using BIB.dll
    # The effect is to bypass DEP and execute the shellcode in an indirect way
    stack_data = [
Severity: Major
Found in modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb and 1 other location - About 1 day to fix
modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb on lines 94..240

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 270.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Identical blocks of code found in 2 locations. Consider refactoring.
Open

  def make_js(encoded_payload)

    # The following executes a ret2lib using BIB.dll
    # The effect is to bypass DEP and execute the shellcode in an indirect way
    stack_data = [
Severity: Major
Found in modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb and 1 other location - About 1 day to fix
modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb on lines 92..238

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 270.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method parse_host has 210 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block)

    host_data = {}
    host_data[:task] = args[:task]
    host_data[:workspace] = wspace
Severity: Major
Found in lib/msf/core/db_manager/import/metasploit_framework/xml.rb - About 1 day to fix

    Method run has 208 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run
    print_status('Gathering System info ....')
    vm = nil
    dmi_info = nil
    Severity: Major
    Found in modules/post/linux/gather/checkvm.rb - About 1 day to fix

      File acunetix_document.rb has 513 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      require "rex/parser/nokogiri_doc_mixin"
require 'rex'
require 'uri'

module Rex
      Severity: Major
      Found in lib/rex/parser/acunetix_document.rb - About 1 day to fix

        File def_ws2_32.rb has 513 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        module Rex
module Post
module Meterpreter
module Extensions
module Stdapi
        Severity: Major
        Found in lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_ws2_32.rb - About 1 day to fix

          File kiwi.rb has 512 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          require 'rex/post/meterpreter'

module Rex
module Post
module Meterpreter
          Severity: Major
          Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb - About 1 day to fix

            File syscall_inject.rb has 511 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            require 'metasploit/framework/compiler/mingw'
require 'metasploit/framework/compiler/windows'
class MetasploitModule < Msf::Evasion
  RC4 = File.join(Msf::Config.data_directory, 'headers', 'windows', 'rc4.h')
  BASE64 = File.join(Msf::Config.data_directory, 'headers', 'windows', 'base64.h')
            Severity: Major
            Found in modules/evasion/windows/syscall_inject.rb - About 1 day to fix

              Method isotp_send_and_wait has a Cognitive Complexity of 53 (exceeds 5 allowed). Consider refactoring.
              Open

                def isotp_send_and_wait(bus, srcid, dstid, data, opt = {})
    result = {}
    result["Success"] = false
    srcid = srcid.to_i(16).to_s(16)
    dstid = dstid.to_i(16).to_s(16)
              Severity: Minor
              Found in modules/auxiliary/server/local_hwbridge.rb - About 1 day to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method run has a Cognitive Complexity of 53 (exceeds 5 allowed). Consider refactoring.
              Open

                def run
    vprint_status("#{peer} - Checking ")
    # since we will check res to see if auth was a success, make sure to capture the return
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path),
              Severity: Minor
              Found in modules/auxiliary/gather/prometheus_node_exporter_gather.rb - About 1 day to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method run_host has a Cognitive Complexity of 53 (exceeds 5 allowed). Consider refactoring.
              Open

                def run_host(ip)
    conn = true
    ecode = nil
    emesg = nil
              Severity: Minor
              Found in modules/auxiliary/scanner/http/dir_scanner.rb - About 1 day to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method run has a Cognitive Complexity of 53 (exceeds 5 allowed). Consider refactoring.
              Open

                def run
    case session.platform
    when 'windows'
      if command_exists?('wmic') == false
        print_error("The 'wmic' command doesn't exist on this host!") # wmic is technically marked as depreciated so this command could very well be removed in future releases.
              Severity: Minor
              Found in modules/post/multi/gather/enum_software_versions.rb - About 1 day to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method run has a Cognitive Complexity of 53 (exceeds 5 allowed). Consider refactoring.
              Open

                def run
    # docker install, and default path according to https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#api-audit-log-options
    fail_with Failure::BadConfig, "#{datastore['LOGFILE']} is not readable or not found" unless readable?(datastore['LOGFILE'])

    log = read_file(datastore['LOGFILE'])
              Severity: Minor
              Found in modules/post/linux/gather/rancher_audit_log_leak.rb - About 1 day to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method process_setting has a Cognitive Complexity of 53 (exceeds 5 allowed). Consider refactoring.
              Open

                    def process_setting(lines, credential_data)
        lines.each do |line|
          case line['key']
          when 'snmp'
            if framework.db.active
              Severity: Minor
              Found in lib/msf/core/auxiliary/ubiquiti.rb - About 1 day to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              File net.rb has 510 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              require 'rex/post/meterpreter'
require 'rex/post/meterpreter/extensions/stdapi/command_ids'

module Rex
module Post
              Severity: Major
              Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb - About 1 day to fix

                File client.rb has 509 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                require 'rex/socket'

require 'rex/text'
require 'digest'
                Severity: Major
                Found in lib/rex/proto/http/client.rb - About 1 day to fix
                  Severity
                  Category
                  Status
                  Source
                  Language