Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 98 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info={})
    super(update_info(info,
      'Name'           => "Aladdin Knowledge System Ltd ChooseFilePath Buffer Overflow",
      'Description'    => %q{
          This module exploits a vulnerability found in Aladdin Knowledge System's
Severity: Major
Found in modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb - About 3 hrs to fix

    Method exploit has 98 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def exploit

    overflow = rand_text(target["Offset"])
    overflow << generate_seh_record(target.ret)
    overflow << payload.encoded
    Severity: Major
    Found in modules/exploits/windows/fileformat/acdsee_fotoslate_string.rb - About 3 hrs to fix

      Method create_session_key has 98 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

          def self.create_session_key(ntlmssp_flags, server_ntlmssp_flags, user, pass, domain, challenge_key,
            client_challenge = '', ntlm_cli_challenge = '' , opt = {} )

      usentlm2_session     = opt[:usentlm2_session]    != nil ? opt[:usentlm2_session] : true
      use_ntlmv2         = opt[:use_ntlmv2]         != nil ? opt[:use_ntlmv2] : false
      Severity: Major
      Found in lib/rex/proto/ntlm/utils.rb - About 3 hrs to fix

        Method cmd_creds_help has 98 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def cmd_creds_help
    print_line
    print_line "With no sub-command, list credentials. If an address range is"
    print_line "given, show only credentials with logins on hosts within that"
    print_line "range."
        Severity: Major
        Found in lib/msf/ui/console/command_dispatcher/creds.rb - About 3 hrs to fix

          Method f5_config_eater has 98 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

              def f5_config_eater(thost, tport, config, store = true)

      credential_data = {
        address: thost,
        port: tport,
          Severity: Major
          Found in lib/msf/core/auxiliary/f5.rb - About 3 hrs to fix

            Method asm_bind_tcp has 98 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def asm_bind_tcp(opts={})

    #reliable     = opts[:reliable]
    af_inet = 2
            Severity: Major
            Found in lib/msf/core/payload/linux/bind_tcp.rb - About 3 hrs to fix

              Method asm_reverse_tcp has 98 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def asm_reverse_tcp(opts={})
    # TODO: reliability is coming
    retry_count  = opts[:retry_count]
    encoded_port = "0x%.8x" % [opts[:port].to_i, 2].pack("vn").unpack("N").first
    encoded_host = "0x%.8x" % Rex::Socket.addr_aton(opts[:host]||"127.127.127.127").unpack("V").first
              Severity: Major
              Found in lib/msf/core/payload/linux/reverse_tcp_x86.rb - About 3 hrs to fix

                Similar blocks of code found in 2 locations. Consider refactoring.
                Open

                                    elif str(attribute['type']) == 'lastLogon':
                        if str(attribute['vals'][0]) == '0':
                            lastLogon = '<never>'
                        else:
                            lastLogon = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute['vals'][0])))))
                Severity: Major
                Found in modules/auxiliary/gather/get_user_spns.py and 1 other location - About 3 hrs to fix
                modules/auxiliary/gather/get_user_spns.py on lines 352..356

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 73.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Similar blocks of code found in 2 locations. Consider refactoring.
                Open

                                    elif str(attribute['type']) == 'pwdLastSet':
                        if str(attribute['vals'][0]) == '0':
                            pwdLastSet = '<never>'
                        else:
                            pwdLastSet = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute['vals'][0])))))
                Severity: Major
                Found in modules/auxiliary/gather/get_user_spns.py and 1 other location - About 3 hrs to fix
                modules/auxiliary/gather/get_user_spns.py on lines 357..361

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 73.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Identical blocks of code found in 2 locations. Consider refactoring.
                Open

                  def on_request_uri( cli, request )
    data = ""
    host = ""
    port = ""
                Severity: Major
                Found in modules/exploits/multi/browser/java_atomicreferencearray.rb and 1 other location - About 3 hrs to fix
                modules/exploits/multi/browser/java_verifier_field_access.rb on lines 96..150

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 135.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Identical blocks of code found in 2 locations. Consider refactoring.
                Open

                  def on_request_uri( cli, request )
    data = ""
    host = ""
    port = ""
                Severity: Major
                Found in modules/exploits/multi/browser/java_verifier_field_access.rb and 1 other location - About 3 hrs to fix
                modules/exploits/multi/browser/java_atomicreferencearray.rb on lines 96..150

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 135.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Identical blocks of code found in 3 locations. Consider refactoring.
                Open

                  def on_request_uri(cli, request)

    # For this exploit, this does little besides ensures the user agent is a recognized one..
    mytarget = target
    if target.name == 'Automatic'
                Severity: Major
                Found in modules/exploits/windows/browser/java_ws_vmargs.rb and 2 other locations - About 3 hrs to fix
                modules/exploits/windows/browser/java_ws_arginject_altjvm.rb on lines 94..148
                modules/exploits/windows/browser/java_ws_double_quote.rb on lines 95..145

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 134.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Identical blocks of code found in 3 locations. Consider refactoring.
                Open

                  def on_request_uri(cli, request)

    # For this exploit, this does little besides ensures the user agent is a recognized one..
    mytarget = target
    if target.name == 'Automatic'
                Severity: Major
                Found in modules/exploits/windows/browser/java_ws_arginject_altjvm.rb and 2 other locations - About 3 hrs to fix
                modules/exploits/windows/browser/java_ws_double_quote.rb on lines 95..145
                modules/exploits/windows/browser/java_ws_vmargs.rb on lines 91..145

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 134.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Identical blocks of code found in 3 locations. Consider refactoring.
                Open

                  def on_request_uri(cli, request)

    # For this exploit, this does little besides ensures the user agent is a recognized one..
    mytarget = target
    if target.name == 'Automatic'
                Severity: Major
                Found in modules/exploits/windows/browser/java_ws_double_quote.rb and 2 other locations - About 3 hrs to fix
                modules/exploits/windows/browser/java_ws_arginject_altjvm.rb on lines 94..148
                modules/exploits/windows/browser/java_ws_vmargs.rb on lines 91..145

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 134.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Similar blocks of code found in 5 locations. Consider refactoring.
                Open

                    content = %Q|
      <html>
        <object id='#{vname}' classid='clsid:0A5FD7C5-A45C-49FC-ADB5-9952547D5715'></object>
        <script language="JavaScript">
        var #{rand1} = unescape('#{shellcode}');
                Severity: Major
                Found in modules/exploits/windows/browser/creative_software_cachefolder.rb and 4 other locations - About 3 hrs to fix
                modules/exploits/windows/browser/adobe_utilprintf.rb on lines 77..91
                modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb on lines 86..107
                modules/exploits/windows/browser/msvidctl_mpeg2.rb on lines 204..220
                modules/exploits/windows/fileformat/emc_appextender_keyworks.rb on lines 73..91

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 134.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Similar blocks of code found in 5 locations. Consider refactoring.
                Open

                    content = %Q|
<html>
  <script language="javascript">
  var #{rand1}='<object classid="clsid:C932BA85-4374-101B-A56C-00AA003668DC"><param name="Mask" value="';
  var #{rand2}='"></object>';
                Severity: Major
                Found in modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb and 4 other locations - About 3 hrs to fix
                modules/exploits/windows/browser/adobe_utilprintf.rb on lines 77..91
                modules/exploits/windows/browser/creative_software_cachefolder.rb on lines 74..91
                modules/exploits/windows/browser/msvidctl_mpeg2.rb on lines 204..220
                modules/exploits/windows/fileformat/emc_appextender_keyworks.rb on lines 73..91

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 134.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Similar blocks of code found in 5 locations. Consider refactoring.
                Open

                    html = %Q|
      <html>
      <head>
        <script>
          try {
                Severity: Major
                Found in modules/exploits/windows/fileformat/emc_appextender_keyworks.rb and 4 other locations - About 3 hrs to fix
                modules/exploits/windows/browser/adobe_utilprintf.rb on lines 77..91
                modules/exploits/windows/browser/creative_software_cachefolder.rb on lines 74..91
                modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb on lines 86..107
                modules/exploits/windows/browser/msvidctl_mpeg2.rb on lines 204..220

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 134.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Similar blocks of code found in 5 locations. Consider refactoring.
                Open

                #{j_nops}=unescape('#{nops}');
#{j_headersize}=20;
#{j_slackspace}=#{j_headersize}+#{j_shellcode}.length;
while(#{j_nops}.length<#{j_slackspace})#{j_nops}+=#{j_nops};
#{j_fillblock}=#{j_nops}.substring(0,#{j_slackspace});
                Severity: Major
                Found in modules/exploits/windows/browser/msvidctl_mpeg2.rb and 4 other locations - About 3 hrs to fix
                modules/exploits/windows/browser/adobe_utilprintf.rb on lines 77..91
                modules/exploits/windows/browser/creative_software_cachefolder.rb on lines 74..91
                modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb on lines 86..107
                modules/exploits/windows/fileformat/emc_appextender_keyworks.rb on lines 73..91

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 134.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Similar blocks of code found in 5 locations. Consider refactoring.
                Open

                    script = %Q|
    var #{rand1} = unescape("#{shellcode}");
    var #{randnop} = "#{nops}";
    var #{rand2} ="";
    for (#{rand3}=128;#{rand3}>=0;--#{rand3}) #{rand2} += unescape(#{randnop});
                Severity: Major
                Found in modules/exploits/windows/browser/adobe_utilprintf.rb and 4 other locations - About 3 hrs to fix
                modules/exploits/windows/browser/creative_software_cachefolder.rb on lines 74..91
                modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb on lines 86..107
                modules/exploits/windows/browser/msvidctl_mpeg2.rb on lines 204..220
                modules/exploits/windows/fileformat/emc_appextender_keyworks.rb on lines 73..91

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 134.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Similar blocks of code found in 2 locations. Consider refactoring.
                Open

                  def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Linux Command Shell, Reverse TCP Inline',
      'Description'   => 'Connect back to attacker and spawn a command shell',
      'Author'        => 'Ramon de C Valle',
                Severity: Major
                Found in modules/payloads/singles/linux/ppc64/shell_reverse_tcp.rb and 1 other location - About 3 hrs to fix
                modules/payloads/singles/linux/ppc/shell_reverse_tcp.rb on lines 15..79

                Duplicated Code

                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                Tuning

                This issue has a mass of 134.

                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                Refactorings

                Further Reading

                Severity
                Category
                Status
                Source
                Language