Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Similar blocks of code found in 3 locations. Consider refactoring.
Open

    super(update_info(
      info,
      'Name'           => 'Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload',
      'Description'    => %q{
          The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.8
Severity: Major
Found in modules/exploits/unix/webapp/wp_wysija_newsletters_upload.rb and 2 other locations - About 55 mins to fix
modules/exploits/multi/http/cmsms_upload_rename_rce.rb on lines 14..45
modules/exploits/unix/webapp/phpcollab_upload_exec.rb on lines 13..41

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 44.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 3 locations. Consider refactoring.
Open

    if res and res.code == 200
      contents = res.body
      fname = File.basename(datastore['FILEPATH'])
      path = store_loot(
        'apache.activemq',
Severity: Major
Found in modules/auxiliary/scanner/http/apache_activemq_traversal.rb and 2 other locations - About 55 mins to fix
modules/auxiliary/scanner/http/apache_activemq_source_disclosure.rb on lines 51..65
modules/auxiliary/scanner/http/groupwise_agents_http_traversal.rb on lines 70..84

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 44.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 3 locations. Consider refactoring.
Open

    head_stager_jsp_code = <<-EOT
<%@page import="java.io.*,
  java.util.*"
%>
<%
Severity: Major
Found in lib/msf/core/exploit/remote/http/jboss/deployment_file_repository_scripts.rb and 2 other locations - About 55 mins to fix
modules/exploits/windows/browser/symantec_consoleutilities_browseandsavefile.rb on lines 77..88
modules/payloads/singles/windows/dns_txt_query_exec.rb on lines 75..248

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 44.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Function __init__ has 7 arguments (exceeds 4 allowed). Consider refactoring.
Open

    def __init__(self, command='', username='', password=None, domain='', hashes=None, share=None,
Severity: Major
Found in modules/auxiliary/scanner/smb/impacket/wmiexec.py - About 50 mins to fix

    Method defineAndCreate has 7 arguments (exceeds 4 allowed). Consider refactoring.
    Open

        public static void defineAndCreate(final ConfusingClassLoader cl, final String name[], final byte data[][], final String hexdata, final String jar, final String lhost, final int lport) {
    Severity: Major
    Found in external/source/exploits/CVE-2012-1723/src/cve1723/ConfusingClassLoader.java - About 50 mins to fix

      Method scheduleme has 7 arguments (exceeds 4 allowed). Consider refactoring.
      Open

      def scheduleme(session,schtype,cmd,tmmod,cmdopt,username,password)
      Severity: Major
      Found in scripts/meterpreter/scheduleme.rb - About 50 mins to fix

        Method connect has 7 arguments (exceeds 4 allowed). Consider refactoring.
        Open

          def connect(host=nil, user=nil, passwd=nil, db=nil, port=nil, socket=nil, flag=0)
        Severity: Major
        Found in lib/rbmysql.rb - About 50 mins to fix

          Method make_ntlmssp_secblob_auth has 7 arguments (exceeds 4 allowed). Consider refactoring.
          Open

              def self.make_ntlmssp_secblob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
          Severity: Major
          Found in lib/rex/proto/ntlm/utils.rb - About 50 mins to fix

            Method make_ntlmssp_blob_auth has 7 arguments (exceeds 4 allowed). Consider refactoring.
            Open

                def self.make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
            Severity: Major
            Found in lib/rex/proto/ntlm/utils.rb - About 50 mins to fix

              Method encode_ldap_response has 7 arguments (exceeds 4 allowed). Consider refactoring.
              Open

                      def encode_ldap_response(msgid, code, dn, msg, tag, context_data = nil, context_code = nil)
              Severity: Major
              Found in lib/rex/proto/ldap/server.rb - About 50 mins to fix

                Method process_type1_message has 7 arguments (exceeds 4 allowed). Consider refactoring.
                Open

                  def self.process_type1_message(message, nonce = "\x11\x22\x33\x44\x55\x66\x77\x88", win_domain = 'DOMAIN',
          win_name = 'SERVER', dns_name = 'server', dns_domain = 'example.com', downgrade = true)
                Severity: Major
                Found in lib/rex/proto/ntlm/message.rb - About 50 mins to fix

                  Method create_pkt has 7 arguments (exceeds 4 allowed). Consider refactoring.
                  Open

                    def create_pkt(src_call, dst_call, tstamp, out_seq, inp_seq, itype, data)
                  Severity: Major
                  Found in lib/rex/proto/iax2/client.rb - About 50 mins to fix

                    Method make_ntlmv2_clientchallenge has 7 arguments (exceeds 4 allowed). Consider refactoring.
                    Open

                        def self.make_ntlmv2_clientchallenge(win_domain, win_name, dns_domain, dns_name,
              client_challenge = nil, chall_MsvAvTimestamp = nil, spnopt = {})
                    Severity: Major
                    Found in lib/rex/proto/ntlm/utils.rb - About 50 mins to fix

                      Method create_rakp_hmac_sha1_salt has 7 arguments (exceeds 4 allowed). Consider refactoring.
                      Open

                        def self.create_rakp_hmac_sha1_salt(con_sid, bmc_sid, con_rid, bmc_rid, bmc_gid, auth_level, username)
                      Severity: Major
                      Found in lib/rex/proto/ipmi/utils.rb - About 50 mins to fix

                        Method trans has 7 arguments (exceeds 4 allowed). Consider refactoring.
                        Open

                          def trans(pipe, param = '', body = '', setup_count = 0, setup_data = '', no_response = false, do_recv = true)
                        Severity: Major
                        Found in lib/rex/proto/smb/client.rb - About 50 mins to fix

                          Method initialize has 7 arguments (exceeds 4 allowed). Consider refactoring.
                          Open

                            def initialize(port = 22, listen_host = '0.0.0.0', context = {}, comm = nil,
    ssh_opts = default_options, cc_cb = nil, cd_cb = nil)
                          Severity: Major
                          Found in lib/rex/proto/ssh/server.rb - About 50 mins to fix

                            Method trans_nonull has 7 arguments (exceeds 4 allowed). Consider refactoring.
                            Open

                              def trans_nonull(pipe, param = '', body = '', setup_count = 0, setup_data = '', no_response = false, do_recv = true)
                            Severity: Major
                            Found in lib/rex/proto/smb/client.rb - About 50 mins to fix

                              Method initialize has 7 arguments (exceeds 4 allowed). Consider refactoring.
                              Open

                                def initialize(host, port, options, tty, database, user, auth)
                              Severity: Major
                              Found in lib/postgres/postgres-pr/postgres-compat.rb - About 50 mins to fix

                                Method parse_host has 7 arguments (exceeds 4 allowed). Consider refactoring.
                                Open

                                  def parse_host(host, wspace, blacklist, allow_yaml, btag, args, &block)
                                Severity: Major
                                Found in lib/msf/core/db_manager/import/metasploit_framework/xml.rb - About 50 mins to fix

                                  Method request_delegation_ticket has 7 arguments (exceeds 4 allowed). Consider refactoring.
                                  Open

                                    def request_delegation_ticket(session_key, tgt_ticket, realm, client_name, tgt_etype, expiry_time, now)
                                  Severity: Major
                                  Found in lib/msf/core/exploit/remote/kerberos/service_authenticator/base.rb - About 50 mins to fix
                                    Severity
                                    Category
                                    Status
                                    Source
                                    Language