Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,301 of 22,004 total issues

Method prometheus_config_eater has 151 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    def prometheus_config_eater(yamlconf)
      @table_creds = Rex::Text::Table.new(
        'Header' => 'Credentials',
        'Indent' => 2,
        'Columns' =>
Severity: Major
Found in lib/msf/core/auxiliary/prometheus.rb - About 6 hrs to fix

    Method asm_reverse_named_pipe has 151 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def asm_reverse_named_pipe(opts={})

    #reliable       = opts[:reliable]
    reliable       = false
    retry_count    = [opts[:retry_count].to_i, 1].max
    Severity: Major
    Found in lib/msf/core/payload/windows/x64/reverse_named_pipe_x64.rb - About 6 hrs to fix

      Method run has 150 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run
    case session.type
    when 'meterpreter'
      meterpreter = true
    else
      Severity: Major
      Found in modules/post/multi/sap/smdagent_get_properties.rb - About 6 hrs to fix

        Method cmd_connect has 150 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def cmd_connect(*args)
    if args.length < 2 or args.include?("-h") or args.include?("--help")
      cmd_connect_help
      return false
    end
        Severity: Major
        Found in lib/msf/ui/console/command_dispatcher/core.rb - About 6 hrs to fix

          Method run has 149 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run
    @port = datastore['SRVPORT'].to_i

    @log_console  = false
    @log_database = false
          Severity: Major
          Found in modules/auxiliary/server/fakedns.rb - About 5 hrs to fix

            Method create_library has 149 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def self.create_library(constant_manager, library_path = 'netapi32')
    dll = Library.new(library_path, constant_manager)

    dll.add_function('NetApiBufferFree','DWORD',[
      ["LPVOID","Buffer","in"]
            Severity: Major
            Found in lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_netapi32.rb - About 5 hrs to fix

              Identical blocks of code found in 2 locations. Consider refactoring.
              Open

                def init
    payload = "\x00\x5a\x00\x02"
    sendframe(makeframe(payload))
    payload = "\x00\x5a\x00\x01\x00"
    sendframe(makeframe(payload))
              Severity: Major
              Found in modules/auxiliary/admin/scada/modicon_stux_transfer.rb and 1 other location - About 5 hrs to fix
              modules/auxiliary/admin/scada/modicon_command.rb on lines 75..150

              Duplicated Code

              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

              Tuning

              This issue has a mass of 196.

              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

              Refactorings

              Further Reading

              Identical blocks of code found in 2 locations. Consider refactoring.
              Open

                def init
    payload = "\x00\x5a\x00\x02"
    sendframe(makeframe(payload))
    payload = "\x00\x5a\x00\x01\x00"
    sendframe(makeframe(payload))
              Severity: Major
              Found in modules/auxiliary/admin/scada/modicon_command.rb and 1 other location - About 5 hrs to fix
              modules/auxiliary/admin/scada/modicon_stux_transfer.rb on lines 111..186

              Duplicated Code

              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

              Tuning

              This issue has a mass of 196.

              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

              Refactorings

              Further Reading

              Identical blocks of code found in 2 locations. Consider refactoring.
              Open

                    case ntlm_ver
      when NTLM_CONST::NTLM_V1_RESPONSE
        if NTLM_CRYPT::is_hash_from_empty_pwd?({:hash => [nt_hash].pack("H*"),:srv_challenge => @challenge,
                :ntlm_ver => NTLM_CONST::NTLM_V1_RESPONSE, :type => 'ntlm' })
          print_status("NLMv1 Hash correspond to an empty password, ignoring ... ")
              Severity: Major
              Found in modules/auxiliary/server/capture/http_ntlm.rb and 1 other location - About 5 hrs to fix
              modules/auxiliary/server/capture/mssql.rb on lines 177..224

              Duplicated Code

              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

              Tuning

              This issue has a mass of 196.

              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

              Refactorings

              Further Reading

              Identical blocks of code found in 2 locations. Consider refactoring.
              Open

                    case ntlm_ver
      when NTLM_CONST::NTLM_V1_RESPONSE
        if NTLM_CRYPT::is_hash_from_empty_pwd?({:hash => [nt_hash].pack("H*"),:srv_challenge => @challenge,
          :ntlm_ver => NTLM_CONST::NTLM_V1_RESPONSE, :type => 'ntlm' })
          print_status("NLMv1 Hash correspond to an empty password, ignoring ... ")
              Severity: Major
              Found in modules/auxiliary/server/capture/mssql.rb and 1 other location - About 5 hrs to fix
              modules/auxiliary/server/capture/http_ntlm.rb on lines 232..280

              Duplicated Code

              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

              Tuning

              This issue has a mass of 196.

              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

              Refactorings

              Further Reading

              Method get_upload_data has 148 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def get_upload_data(opts = {})
    boundary = opts[:boundary]
    version = opts[:version]
    war = opts[:war]
    app_base = opts[:app_base]
              Severity: Major
              Found in modules/exploits/multi/http/glassfish_deployer.rb - About 5 hrs to fix

                Method vbs_prepare has 148 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def vbs_prepare()
    code = %Q|
dim   aa()
dim   ab()
dim   a0
                Severity: Major
                Found in modules/exploits/windows/browser/ms14_064_ole_code_execution.rb - About 5 hrs to fix

                  Method initialize has 147 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize
    super(
      'Name'           => 'Veeder-Root Automatic Tank Gauge (ATG) Administrative Client',
      'Description'    => %q{
        This module acts as a simplistic administrative client for interfacing
                  Severity: Major
                  Found in modules/auxiliary/admin/atg/atg_client.rb - About 5 hrs to fix

                    Method cmd_workspace has 146 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def cmd_workspace(*args)
    return unless active?

    state = :nil
                    Severity: Major
                    Found in lib/msf/ui/console/command_dispatcher/db.rb - About 5 hrs to fix

                      Method listeners_start has 145 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                            def listeners_start(args)
        config = parse_start_args(args)
        if config[:show_help]
          help('start')
          return
                      Severity: Major
                      Found in plugins/capture.rb - About 5 hrs to fix

                        Method run_host has 145 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def run_host(ip)

    begin
      snmp = connect_snmp
                        Severity: Major
                        Found in modules/auxiliary/scanner/snmp/sbg6580_enum.rb - About 5 hrs to fix

                          Method run_host has 145 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def run_host(ip)
    verbs = %w(
      get
      active
      activate
                          Severity: Major
                          Found in modules/auxiliary/scanner/http/soap_xml.rb - About 5 hrs to fix

                            Method run has 144 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def run
    dork = datastore['ZOOMEYE_DORK']
    resource = datastore['RESOURCE']
    maxpage = datastore['MAXPAGE']
    facets = datastore['FACETS']
                            Severity: Major
                            Found in modules/auxiliary/gather/zoomeye_search.rb - About 5 hrs to fix

                              Method run_host has 144 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def run_host(ip)
    base_header = BaseHeader.new

    # Version number is always 0x10
    base_header.version_number = 16
                              Severity: Major
                              Found in modules/auxiliary/scanner/msmq/cve_2023_21554_queuejumper.rb - About 5 hrs to fix

                                Method exploit has 144 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def exploit
    # CVE-2024-0204 allows an unauthenticated attacker to create a new administrator account on the target system. So
    # we generate the username/password pair we want to use.
    # Note: We cannot delete the administrator account that we create.
    admin_username = Rex::Text.rand_text_alpha_lower(8)
                                Severity: Major
                                Found in modules/exploits/multi/http/fortra_goanywhere_mft_rce_cve_2024_0204.rb - About 5 hrs to fix
                                  Severity
                                  Category
                                  Status
                                  Source
                                  Language