rapid7/metasploit-framework

File `sys.rb` has 1012 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'rex/post/meterpreter'
require 'rex/post/meterpreter/extensions/stdapi/command_ids'

module Rex
module Post

Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb - About 2 days to fix

Identical blocks of code found in 2 locations. Consider refactoring.
Open

  def t3_send(payload_obj)
    print_status('Sending object...')

    request_obj = '000009f3' # Original packet length
    request_obj << '016501' # CMD_IDENTIFY_REQUEST, flags

Found in modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb and 1 other location - About 2 days to fix

Read up
Read up

modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb on lines 370..578

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 620.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Don't Repeat Yourself on the C2 Wiki
Duplicated Code on SourceMaking
Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76

Identical blocks of code found in 2 locations. Consider refactoring.
Open

  def t3_send(payload_obj)
    print_status('Sending object...')

    request_obj = '000009f3' # Original packet length
    request_obj << '016501' # CMD_IDENTIFY_REQUEST, flags

Found in modules/exploits/multi/misc/weblogic_deserialize_badattr_extcomp.rb and 1 other location - About 2 days to fix

Read up
Read up

modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb on lines 566..774

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 620.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Don't Repeat Yourself on the C2 Wiki
Duplicated Code on SourceMaking
Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76

Method `create_library` has 501 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def self.create_library(constant_manager, library_path = 'ws2_32')
    dll = Library.new(library_path, constant_manager)

    dll.add_function('getaddrinfo', 'DWORD',[
      ["PCHAR","pNodeName","in"],

Found in lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_ws2_32.rb - About 2 days to fix

Method `get_registry` has a Cognitive Complexity of 123 (exceeds 5 allowed). Consider refactoring.
Open

  def get_registry(outlook_ver)
    # Determine if saved accounts exist within Outlook.  Ignore the Address Book and Personal Folder registry entries.
    outlook_exists = 0
    saved_accounts = 0

Found in modules/post/windows/gather/credentials/outlook.rb - About 2 days to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

File `error.rb` has 970 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class RbMysql
  class Error < StandardError
    ERRNO = 0

    def self.define_error_class(prefix_re)

Found in lib/rbmysql/error.rb - About 2 days to fix

File `navigation.rb` has 955 lines of code (exceeds 250 allowed). Consider refactoring.
Open

def without_prefix(prefix)
  proc { |value| value.sub(/^#{prefix}/, '') }
end

=begin

Found in docs/navigation.rb - About 2 days to fix

Method `list` has a Cognitive Complexity of 116 (exceeds 5 allowed). Consider refactoring.
Open

  def list
    tbl = Rex::Text::Table.new(
      'Header' => 'Device Information',
      'Indent' => 1,
      'Columns' =>

Found in modules/post/windows/gather/enum_devices.rb - About 2 days to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `to_s` has a Cognitive Complexity of 115 (exceeds 5 allowed). Consider refactoring.
Open

  def to_s(headers_only: false)
    # Start GET query string
    qstr = opts['query'] ? opts['query'].dup : ""

    # Start POST data string

Found in lib/rex/proto/http/client_request.rb - About 2 days to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

File `webkit_createthis.rb` has 934 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class MetasploitModule < Msf::Exploit::Remote
  Rank = ManualRanking

  include Msf::Post::File
  include Msf::Exploit::EXE

Found in modules/exploits/apple_ios/browser/webkit_createthis.rb - About 2 days to fix

Method `asm_reverse_winhttp` has 458 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def asm_reverse_winhttp(opts={})

    retry_count       = [opts[:retry_count].to_i, 1].max
    verify_ssl        = nil
    encoded_cert_hash = nil

Found in lib/msf/core/payload/windows/reverse_win_http.rb - About 2 days to fix

Method `get_form_data` has a Cognitive Complexity of 113 (exceeds 5 allowed). Consider refactoring.
Open

  def get_form_data(body)
    print_status("Enumerating form data")
    body = body.gsub("\r","")
    body = body.gsub("\n","")
    bodydata = body.downcase.split(/<form/)

Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 2 days to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `asm_reverse_winhttp` has 456 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def asm_reverse_winhttp(opts={})

    retry_count       = [opts[:retry_count].to_i, 1].max
    verify_ssl        = nil
    encoded_cert_hash = nil

Found in lib/msf/core/payload/windows/x64/reverse_win_http_x64.rb - About 2 days to fix

Method `cmd_nexpose_scan` has a Cognitive Complexity of 110 (exceeds 5 allowed). Consider refactoring.
Open

      def cmd_nexpose_scan(*args)
        opts = Rex::Parser::Arguments.new(
          '-h' => [ false, 'This help menu'],
          '-t' => [ true, 'The scan template to use (default:pentest-audit options:full-audit,exhaustive-audit,discovery,aggressive-discovery,dos-audit)'],
          '-c' => [ true, 'Specify credentials to use against these targets (format is type:user:pass'],

Found in plugins/nexpose.rb - About 2 days to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `run` has a Cognitive Complexity of 110 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    case session.type
    when 'meterpreter'
      meterpreter = true
    else

Found in modules/post/multi/sap/smdagent_get_properties.rb - About 2 days to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `cmd_notes` has a Cognitive Complexity of 110 (exceeds 5 allowed). Consider refactoring.
Open

  def cmd_notes(*args)
    return unless active?
  ::ApplicationRecord.connection_pool.with_connection {
    mode = :search
    data = nil

Found in lib/msf/ui/console/command_dispatcher/db.rb - About 2 days to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `description` has 442 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def self.description(code)

    case code
    when SUCCESS
      "The operation completed successfully."

Found in lib/msf/windows_error.rb - About 2 days to fix

Method `search` has a Cognitive Complexity of 109 (exceeds 5 allowed). Consider refactoring.
Open

  def search(args = nil)
    args ||= {}

    # filtering, scoping, search base
    # filter: https://tools.ietf.org/html/rfc4511#section-4.5.1.7

Found in lib/rex/proto/ldap.rb - About 2 days to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading

Method `kernel_mode_payload` has 438 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def kernel_mode_payload

    # Windows x64 kernel shellcode from ring 0 to ring 3 by sleepya
    #
    # This shellcode was written originally for eternalblue exploits

Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 2 days to fix

Method `run` has a Cognitive Complexity of 108 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    unless db
      print_warning('Cannot find any active database. Extracted data will only be displayed here and NOT stored.')
    end

Found in modules/auxiliary/gather/windows_secrets_dump.rb - About 2 days to fix

Read up
Read up

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
Code is considered more complex for each "break in the linear flow of the code"
Code is considered more complex when "flow breaking structures are nested"

Further reading