Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 139 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Script Web Delivery',
Severity: Major
Found in modules/exploits/multi/script/web_delivery.rb - About 5 hrs to fix

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

        this.asInt16 = function() {
        var value = new Int64(0);
        for (var i = 0; i < 8; i++) {
            if (i < 2) {
                value.bytes[i] = this.bytes[i];
    Severity: Major
    Found in data/exploits/javascript_utils/int64.js and 1 other location - About 5 hrs to fix
    data/exploits/javascript_utils/int64.js on lines 92..103

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 146.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

        this.asInt32 = function() {
        var value = new Int64(0);
        for (var i = 0; i < 8; i++) {
            if (i < 4) {
                value.bytes[i] = this.bytes[i];
    Severity: Major
    Found in data/exploits/javascript_utils/int64.js and 1 other location - About 5 hrs to fix
    data/exploits/javascript_utils/int64.js on lines 105..116

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 146.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Method post_4a has 138 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def post_4a
    {
      'ADD' => '4A',
      'custom_fields_modify' => '0',
      'user' => '111',
    Severity: Major
    Found in modules/auxiliary/scanner/http/vicidial_multiple_sqli.rb - About 5 hrs to fix

      Identical blocks of code found in 2 locations. Consider refactoring.
      Open

        def capture_user_keys
    users = {}
    ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'SAM\\SAM\\Domains\\Account\\Users', KEY_READ)
    return if !ok
      Severity: Major
      Found in modules/post/windows/gather/smart_hashdump.rb and 1 other location - About 5 hrs to fix
      modules/post/windows/gather/hashdump.rb on lines 173..218

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 183.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      Identical blocks of code found in 2 locations. Consider refactoring.
      Open

        def capture_user_keys
    users = {}
    ok = session.sys.registry.open_key(HKEY_LOCAL_MACHINE, 'SAM\\SAM\\Domains\\Account\\Users', KEY_READ)
    return if !ok
      Severity: Major
      Found in modules/post/windows/gather/hashdump.rb and 1 other location - About 5 hrs to fix
      modules/post/windows/gather/smart_hashdump.rb on lines 92..137

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 183.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      Identical blocks of code found in 2 locations. Consider refactoring.
      Open

        def process_propfind(cli, request)
    path = request.uri
    vprint_status("PROPFIND #{path}")

    if path !~ /\/$/
      Severity: Major
      Found in modules/exploits/windows/http/cogent_datahub_command.rb and 1 other location - About 5 hrs to fix
      modules/exploits/windows/http/sap_host_control_cmd_exec.rb on lines 137..249

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 182.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      Identical blocks of code found in 2 locations. Consider refactoring.
      Open

        def process_propfind(cli, request)
    path = request.uri
    vprint_status("PROPFIND #{path}")

    if path !~ /\/$/
      Severity: Major
      Found in modules/exploits/windows/http/sap_host_control_cmd_exec.rb and 1 other location - About 5 hrs to fix
      modules/exploits/windows/http/cogent_datahub_command.rb on lines 142..254

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 182.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      Method build_script_response has 137 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def build_script_response(cli, request)
    response = create_response()
    response['Expires'] = '0'
    response['Cache-Control'] = 'must-revalidate'
      Severity: Major
      Found in modules/auxiliary/server/browser_autopwn.rb - About 5 hrs to fix

        Method run_host has 136 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run_host(ip)

    ipmi_status("Sending IPMI probes")

    usernames = []
        Severity: Major
        Found in modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb - About 5 hrs to fix

          Method run_host has 136 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run_host(ip)
    msg = "#{ip}:#{rhost} - DNS -"
    begin
      @lastdata = nil
      @probablyVuln = nil
          Severity: Major
          Found in modules/auxiliary/fuzzers/dns/dns_fuzzer.rb - About 5 hrs to fix

            Method generate has 136 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def generate(_opts = {})
    style = 0x00
    case datastore['ICON'].upcase.strip
      # default = NO
    when 'ERROR'
            Severity: Major
            Found in modules/payloads/singles/windows/x64/messagebox.rb - About 5 hrs to fix

              Method exploit has 136 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def exploit
    if datastore['DefangedMode']
      warning = <<~EOF
              Severity: Major
              Found in modules/exploits/multi/http/open_web_analytics_rce.rb - About 5 hrs to fix

                Method create_lm_ntlm_responses has 136 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                    def self.create_lm_ntlm_responses(user, pass, challenge_key, domain = '', default_name = '', default_domain = '',
            dns_host_name = '', dns_domain_name = '', chall_MsvAvTimestamp = nil, spnopt = {}, opt = {} )

      usentlm2_session     = opt[:usentlm2_session]    != nil ? opt[:usentlm2_session] : true
      use_ntlmv2         = opt[:use_ntlmv2]         != nil ? opt[:use_ntlmv2] : false
                Severity: Major
                Found in lib/rex/proto/ntlm/utils.rb - About 5 hrs to fix

                  Method initialize has 135 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(update_info(info,
      'Name'           => 'CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free',
      'Description'    => %q(
        The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120,
                  Severity: Major
                  Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 5 hrs to fix

                    Method make_pdf has 135 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def make_pdf(ttf, js)

    #swf_name = rand_text_alpha(8 + rand(8)) + ".swf"

    xref = []
                    Severity: Major
                    Found in modules/exploits/windows/browser/adobe_cooltype_sing.rb - About 5 hrs to fix

                      Method exploit_html has 135 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def exploit_html(cli)
    p = payload.encoded
    arch = Rex::Arch.endian(target.arch)
    payload_final = Rex::Text.to_unescape(p, arch, prefix='\\u')
    base_uri = get_module_resource
                      Severity: Major
                      Found in modules/exploits/windows/browser/firefox_smil_uaf.rb - About 5 hrs to fix

                        Method on_request_uri has 135 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def on_request_uri(client, request)

    return if ((p = regenerate_payload(client)) == nil)

    agent = request.headers['User-Agent']
                        Severity: Major
                        Found in modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb - About 5 hrs to fix

                          Method make_pdf has 135 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def make_pdf(ttf, js)

    #swf_name = rand_text_alpha(8 + rand(8)) + ".swf"

    xref = []
                          Severity: Major
                          Found in modules/exploits/windows/fileformat/adobe_cooltype_sing.rb - About 5 hrs to fix

                            Method parse_sddl_sid has 135 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                                  def parse_sddl_sid(sid, domain_sid:)
        # see: https://learn.microsoft.com/en-us/windows/win32/secauthz/sid-strings
        sid = sid.dup.upcase

        # these can be validated using powershell where ?? is the code
                            Severity: Major
                            Found in lib/rex/proto/ms_dtyp.rb - About 5 hrs to fix
                              Severity
                              Category
                              Status
                              Source
                              Language