rapid7/metasploit-framework

Method `mikrotik_routeros_config_eater` has 205 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    def mikrotik_routeros_config_eater(thost, tport, config)
      if framework.db.active
        credential_data = {
          address: thost,
          port: tport,

Found in lib/msf/core/auxiliary/mikrotik.rb - About 1 day to fix

File `iec104.rb` has 507 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class MetasploitModule < Msf::Auxiliary
  #
  # this module sends IEC104 commands
  #

Found in modules/auxiliary/client/iec104/iec104.rb - About 1 day to fix

File `rftransceiver.rb` has 507 lines of code (exceeds 250 allowed). Consider refactoring.
Open

module Rex
module Post
module HWBridge
module Ui
###

Found in lib/rex/post/hwbridge/ui/console/command_dispatcher/rftransceiver.rb - About 1 day to fix

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def on_request_uri(cli, request)
    # Re-generate the payload.
    return if ((p = regenerate_payload(cli)) == nil)

    # Encode the shellcode.

Found in modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb and 1 other location - About 1 day to fix

Read up
Read up

modules/exploits/windows/browser/novelliprint_getdriversettings.rb on lines 55..110

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 262.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Don't Repeat Yourself on the C2 Wiki
Duplicated Code on SourceMaking
Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def on_request_uri(cli, request)
    # Re-generate the payload.
    return if ((p = regenerate_payload(cli)) == nil)

    # Encode the shellcode.

Found in modules/exploits/windows/browser/novelliprint_getdriversettings.rb and 1 other location - About 1 day to fix

Read up
Read up

modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb on lines 65..119

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 262.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Don't Repeat Yourself on the C2 Wiki
Duplicated Code on SourceMaking
Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76

Method `t3_send` has 203 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def t3_send(payload_obj)
    print_status('Sending object...')

    request_obj = '000009f3' # Original packet length
    request_obj << '016501' # CMD_IDENTIFY_REQUEST, flags

Found in modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb - About 1 day to fix

Method `t3_send` has 203 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def t3_send(payload_obj)
    print_status('Sending object...')

    request_obj = '000009f3' # Original packet length
    request_obj << '016501' # CMD_IDENTIFY_REQUEST, flags

Found in modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb - About 1 day to fix

Method `run` has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    vprint_status("#{peer} - Checking build info")
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path, 'api', 'v1', 'status', 'buildinfo'),
      'method' => 'GET'

Found in modules/auxiliary/gather/prometheus_api_gather.rb - About 1 day to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `check_results` has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

    def check_results(passwords, results, hash_type, method)
      passwords.each do |password_line|
        password_line.chomp!
        next if password_line.blank?

Found in modules/auxiliary/analyze/crack_windows.rb - About 1 day to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `try_user_pass` has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

  def try_user_pass(opts)
    user = opts[:user]
    pass = opts[:pass]
    auth_path = opts[:auth_path]
    inbox_path = opts[:inbox_path]

Found in modules/auxiliary/scanner/http/owa_login.rb - About 1 day to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `run_host` has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

  def run_host(ip)

    startstage = datastore['STARTATSTAGE']

    @nr_errors = datastore['STOPAFTER']

Found in modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb - About 1 day to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `exploit` has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    # Get node_id for requests
    node_id = get_node
    fail_with(Failure::Unknown, 'Could not get a valid node id for the vBulletin install.') unless node_id

Found in modules/exploits/multi/http/vbulletin_getindexablecontent.rb - About 1 day to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `process_files` has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

  def process_files(username)
    secrets = ''
    masterkey = nil
    decrypt_table = Rex::Text::Table.new(
      'Header' => 'Decrypted data',

Found in modules/post/windows/gather/enum_chrome.rb - About 1 day to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `format_prompt` has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

  def format_prompt(str)
    return str unless framework

    # find the active session
    session = framework.sessions.values.find { |session| session.interacting }

Found in lib/rex/ui/text/shell.rb - About 1 day to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `report_vuln` has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

    def report_vuln(&block)
      return unless in_tag("VulnerabilityDefinitions")
      return unless @report_data[:vuln]
      return unless @report_data[:vuln][:matches].kind_of? Array

Found in lib/rex/parser/nexpose_raw_document.rb - About 1 day to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `start_element` has a Cognitive Complexity of 52 (exceeds 5 allowed). Consider refactoring.
Open

  def start_element(name=nil,attrs=[])
    attrs = normalize_attrs(attrs)
    block = @block
    @state[:current_tag][name] = true

Found in lib/rex/parser/openvas_document.rb - About 1 day to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

        elif args['SSL'] == "true":
            if args['TARGETURI'].endswith('/'):
                url = "https://" + args['RHOSTS'] + ":" + \
                    args['RPORT'] + args['TARGETURI'] + "login/"
            else:

Found in modules/auxiliary/admin/http/grafana_auth_bypass.py and 1 other location - About 1 day to fix

Read up
Read up

modules/auxiliary/admin/http/grafana_auth_bypass.py on lines 150..156

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 123.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Don't Repeat Yourself on the C2 Wiki
Duplicated Code on SourceMaking
Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76

Identical blocks of code found in 2 locations. Consider refactoring.
Open

def xmit_dump_ruby(data, length=16):
    dump = ''
    for i in range(0, len(data), length):
        bytes = data[i: i+length]
        hex = "\"%s\"" % (''.join(['\\x%02X' % x for x in bytes]))

Found in external/source/shellcode/windows/x86/build.py and 1 other location - About 1 day to fix

Read up
Read up

external/source/shellcode/windows/x64/build.py on lines 49..57

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 123.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Don't Repeat Yourself on the C2 Wiki
Duplicated Code on SourceMaking
Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76

Similar blocks of code found in 2 locations. Consider refactoring.
Open

        if args['SSL'] == "false":
            if args['TARGETURI'].endswith('/'):
                url = "http://" + args['RHOSTS'] + ":" + \
                    args['RPORT'] + args['TARGETURI'] + "login/"
            else:

Found in modules/auxiliary/admin/http/grafana_auth_bypass.py and 1 other location - About 1 day to fix

Read up
Read up

modules/auxiliary/admin/http/grafana_auth_bypass.py on lines 157..163

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 123.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Don't Repeat Yourself on the C2 Wiki
Duplicated Code on SourceMaking
Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76

Identical blocks of code found in 2 locations. Consider refactoring.
Open

def xmit_dump_ruby(data, length=16):
    dump = ''
    for i in range(0, len(data), length):
        bytes = data[i: i+length]
        hex = "\"%s\"" % (''.join(['\\x%02X' % x for x in bytes]))

Found in external/source/shellcode/windows/x64/build.py and 1 other location - About 1 day to fix

Read up
Read up

external/source/shellcode/windows/x86/build.py on lines 47..55

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 123.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Don't Repeat Yourself on the C2 Wiki
Duplicated Code on SourceMaking
Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76