Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method juniper_junos_config_eater has 103 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    def juniper_junos_config_eater(thost, tport, config)
      report_host({
        host: thost,
        os_name: 'Juniper JunOS'
      })
Severity: Major
Found in lib/msf/core/auxiliary/juniper.rb - About 4 hrs to fix

    Method identify_hash has 103 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

          def self.identify_hash(hash)
        # @param [str] a string of a hashed password
        # @return [String] the jtr type or empty string on no match
        hash = hash.to_s.strip
        case
    Severity: Major
    Found in lib/metasploit/framework/hashes.rb - About 4 hrs to fix

      Similar blocks of code found in 5 locations. Consider refactoring.
      Open

          content = %Q|
      <html>
        <object id='#{vname}' classid='clsid:A09AE68F-B14D-43ED-B713-BA413F034904'></object>
        <script language="JavaScript">
        function #{boom}() {
      Severity: Major
      Found in modules/exploits/windows/browser/winzip_fileview.rb and 4 other locations - About 4 hrs to fix
      modules/exploits/windows/browser/hpmqc_progcolor.rb on lines 87..103
      modules/exploits/windows/browser/ms09_002_memory_corruption.rb on lines 101..128
      modules/exploits/windows/browser/novelliprint_executerequest.rb on lines 79..96
      modules/exploits/windows/fileformat/aol_phobos_bof.rb on lines 107..123

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 140.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      Similar blocks of code found in 5 locations. Consider refactoring.
      Open

      <object classid='clsid:A105BD70-BF56-4D10-BC91-41C88321F47C' id='#{phobos}'></object>
<script>
#{j_shellcode}=unescape('#{shellcode}');
#{j_nops}=unescape('#{nops}');
#{j_headersize}=20;
      Severity: Major
      Found in modules/exploits/windows/fileformat/aol_phobos_bof.rb and 4 other locations - About 4 hrs to fix
      modules/exploits/windows/browser/hpmqc_progcolor.rb on lines 87..103
      modules/exploits/windows/browser/ms09_002_memory_corruption.rb on lines 101..128
      modules/exploits/windows/browser/novelliprint_executerequest.rb on lines 79..96
      modules/exploits/windows/browser/winzip_fileview.rb on lines 88..108

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 140.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      Similar blocks of code found in 5 locations. Consider refactoring.
      Open

          js = %Q|
var #{rand1} = unescape("#{shellcode}");
var #{rand2} = new Array();
var #{rand3} = 0x100000-(#{rand1}.length*2+0x01020);
var #{rand4} = unescape("#{ret}");
      Severity: Major
      Found in modules/exploits/windows/browser/ms09_002_memory_corruption.rb and 4 other locations - About 4 hrs to fix
      modules/exploits/windows/browser/hpmqc_progcolor.rb on lines 87..103
      modules/exploits/windows/browser/novelliprint_executerequest.rb on lines 79..96
      modules/exploits/windows/browser/winzip_fileview.rb on lines 88..108
      modules/exploits/windows/fileformat/aol_phobos_bof.rb on lines 107..123

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 140.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      Similar blocks of code found in 5 locations. Consider refactoring.
      Open

          content = %Q|
      <html>
      <object id='#{vname}' classid='clsid:36723F97-7AA0-11D4-8919-FF2D71D0D32C'></object>
      <script language="JavaScript">
      var #{rand1} = unescape('#{shellcode}');
      Severity: Major
      Found in modules/exploits/windows/browser/novelliprint_executerequest.rb and 4 other locations - About 4 hrs to fix
      modules/exploits/windows/browser/hpmqc_progcolor.rb on lines 87..103
      modules/exploits/windows/browser/ms09_002_memory_corruption.rb on lines 101..128
      modules/exploits/windows/browser/winzip_fileview.rb on lines 88..108
      modules/exploits/windows/fileformat/aol_phobos_bof.rb on lines 107..123

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 140.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      Similar blocks of code found in 5 locations. Consider refactoring.
      Open

      <object classid='clsid:98C53984-8BF8-4D11-9B1C-C324FCA9CADE' id='#{mqcontrol}'></object>
<script language='javascript'>
#{j_shellcode} = unescape('#{shellcode}');
#{randnop} = "#{nops}";
#{j_nops} = unescape(#{randnop});
      Severity: Major
      Found in modules/exploits/windows/browser/hpmqc_progcolor.rb and 4 other locations - About 4 hrs to fix
      modules/exploits/windows/browser/ms09_002_memory_corruption.rb on lines 101..128
      modules/exploits/windows/browser/novelliprint_executerequest.rb on lines 79..96
      modules/exploits/windows/browser/winzip_fileview.rb on lines 88..108
      modules/exploits/windows/fileformat/aol_phobos_bof.rb on lines 107..123

      Duplicated Code

      Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

      Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

      When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

      Tuning

      This issue has a mass of 140.

      We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

      The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

      If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

      See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

      Refactorings

      Further Reading

      Method try_exploit has 102 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def try_exploit(exploit_string, keystream, bruting)
    connect
    idtype_msg = sock.get_once(12)

    if idtype_msg.length != 12
      Severity: Major
      Found in modules/auxiliary/gather/darkcomet_filedownloader.rb - About 4 hrs to fix

        Method run_host has 102 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run_host(ip)
      output_data = {}
    begin
      snmp = connect_snmp
        Severity: Major
        Found in modules/auxiliary/scanner/snmp/ubee_ddw3611.rb - About 4 hrs to fix

          Method initialize has 102 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Gitea Git Hooks Remote Code Execution',
          Severity: Major
          Found in modules/exploits/multi/http/gitea_git_hooks_rce.rb - About 4 hrs to fix

            Method exploit has 102 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def exploit
    base = normalize_uri(target_uri.path)
    base << '/' if base[-1, 1] != '/'

    datastore['COOKIE'] = "PHPSESSID=" + rand_text_alpha_lower(26) + ";"
            Severity: Major
            Found in modules/exploits/multi/http/testlink_upload_exec.rb - About 4 hrs to fix

              Method brute_exploit has 102 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def brute_exploit(target_addrs)

    zvalref   = encode_semis('i:0;R:2;')

#
              Severity: Major
              Found in modules/exploits/multi/php/php_unserialize_zval_cookie.rb - About 4 hrs to fix

                Method initialize has 102 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution',
                Severity: Major
                Found in modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb - About 4 hrs to fix

                  Method find_exec has 102 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def find_exec
    # config data - greets to rain forest puppy :)
    boundary = rand_text_alphanumeric(8)

    if (datastore['NAME']) # Obtain the hostname if true
                  Severity: Major
                  Found in modules/exploits/windows/iis/msadc.rb - About 4 hrs to fix

                    Method process_propfind has 102 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def process_propfind(cli, request)
    path = request.uri
    vprint_status("PROPFIND #{path}")

    if path !~ /\/$/
                    Severity: Major
                    Found in modules/exploits/windows/http/cogent_datahub_command.rb - About 4 hrs to fix

                      Method process_propfind has 102 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def process_propfind(cli, request)
    path = request.uri
    vprint_status("PROPFIND #{path}")

    if path !~ /\/$/
                      Severity: Major
                      Found in modules/exploits/windows/http/sap_host_control_cmd_exec.rb - About 4 hrs to fix

                        Method exploit has 102 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def exploit
    downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8))
    uri = '/apply.cgi'
    user = datastore['HttpUsername']
    pass = datastore['HttpPassword']
                        Severity: Major
                        Found in modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb - About 4 hrs to fix

                          Method exploit has 102 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def exploit
    print_status('Obtaining credentails...')

    resp = send_request_cgi({
      'uri'      => '/cslog_export.php',
                          Severity: Major
                          Found in modules/exploits/linux/http/samsung_srv_1670d_upload_exec.rb - About 4 hrs to fix

                            Identical blocks of code found in 2 locations. Consider refactoring.
                            Open

                                for (var i=0; i < nprocs.length; i++) {
        var found = false;
        for (var x=0; x < procs.length; x++) {
            if (nprocs[i] == procs[x]) {
                found = true;
                            Severity: Major
                            Found in external/source/DLLHijackAuditKit/audit.js and 1 other location - About 4 hrs to fix
                            external/source/DLLHijackAuditKit/analyze.js on lines 172..182

                            Duplicated Code

                            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                            Tuning

                            This issue has a mass of 116.

                            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                            Refactorings

                            Further Reading

                            Identical blocks of code found in 2 locations. Consider refactoring.
                            Open

                                        for (var i=0; i < nprocs.length; i++) {
                var found = false;
                for (var x=0; x < procs.length; x++) {
                    if (nprocs[i] == procs[x]) {
                        found = true;
                            Severity: Major
                            Found in external/source/DLLHijackAuditKit/analyze.js and 1 other location - About 4 hrs to fix
                            external/source/DLLHijackAuditKit/audit.js on lines 134..144

                            Duplicated Code

                            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                            Tuning

                            This issue has a mass of 116.

                            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                            Refactorings

                            Further Reading

                            Severity
                            Category
                            Status
                            Source
                            Language