Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,177 of 22,177 total issues

Method run has a Cognitive Complexity of 36 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    unless (flow_file && properties_file) || identity_file
      fail_with(Failure::NotFound, 'Unable to find login-identity-providers.xml, nifi.properties and/or flow.json.gz files')
    end
Severity: Minor
Found in modules/post/linux/gather/apache_nifi_credentials.rb - About 5 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check_badchars has a Cognitive Complexity of 36 (exceeds 5 allowed). Consider refactoring.
Open

  def check_badchars
    badchars = %Q|&<=>|

    in_super   = false
    in_author  = false
Severity: Minor
Found in tools/dev/msftidy.rb - About 5 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cmd_load has a Cognitive Complexity of 36 (exceeds 5 allowed). Consider refactoring.
Open

  def cmd_load(*args)
    if args.length == 0
      args.unshift('-h')
    end
Severity: Minor
Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb - About 5 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method tab_complete_option_values has a Cognitive Complexity of 36 (exceeds 5 allowed). Consider refactoring.
Open

        def tab_complete_option_values(mod, str, words, opt:)
          if words.last.casecmp?('SessionTlvLogging')
            return %w[console true false file:<file>]
          end
Severity: Minor
Found in lib/msf/ui/console/module_option_tab_completion.rb - About 5 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method extract_user_and_realm has a Cognitive Complexity of 36 (exceeds 5 allowed). Consider refactoring.
Open

            def extract_user_and_realm(certificate, username, realm)
              raise ArgumentError, 'Must provide username if providing realm' if username.nil? && !realm.nil?
              raise ArgumentError, 'Must provide realm if providing username' if realm.nil? && !username.nil?

              results = []
Severity: Minor
Found in lib/msf/core/exploit/remote/kerberos/client/pkinit.rb - About 5 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

File util.rb has 392 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'rex/post/meterpreter/extensions/stdapi/railgun/library_helper'

module Rex
module Post
module Meterpreter
Severity: Minor
Found in lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb - About 5 hrs to fix

    Method initialize has 135 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(update_info(info,
      'Name'           => 'CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free',
      'Description'    => %q(
        The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120,
    Severity: Major
    Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 5 hrs to fix

      Method make_pdf has 135 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def make_pdf(ttf, js)

    #swf_name = rand_text_alpha(8 + rand(8)) + ".swf"

    xref = []
      Severity: Major
      Found in modules/exploits/windows/browser/adobe_cooltype_sing.rb - About 5 hrs to fix

        Method exploit_html has 135 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def exploit_html(cli)
    p = payload.encoded
    arch = Rex::Arch.endian(target.arch)
    payload_final = Rex::Text.to_unescape(p, arch, prefix='\\u')
    base_uri = get_module_resource
        Severity: Major
        Found in modules/exploits/windows/browser/firefox_smil_uaf.rb - About 5 hrs to fix

          Method on_request_uri has 135 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def on_request_uri(client, request)

    return if ((p = regenerate_payload(client)) == nil)

    agent = request.headers['User-Agent']
          Severity: Major
          Found in modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb - About 5 hrs to fix

            Method make_pdf has 135 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def make_pdf(ttf, js)

    #swf_name = rand_text_alpha(8 + rand(8)) + ".swf"

    xref = []
            Severity: Major
            Found in modules/exploits/windows/fileformat/adobe_cooltype_sing.rb - About 5 hrs to fix

              Method parse_sddl_sid has 135 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                    def parse_sddl_sid(sid, domain_sid:)
        # see: https://learn.microsoft.com/en-us/windows/win32/secauthz/sid-strings
        sid = sid.dup.upcase

        # these can be validated using powershell where ?? is the code
              Severity: Major
              Found in lib/rex/proto/ms_dtyp.rb - About 5 hrs to fix

                Method cmd_loot has 135 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def cmd_loot(*args)
    return unless active?

    mode = :search
    host_ranges = []
                Severity: Major
                Found in lib/msf/ui/console/command_dispatcher/db.rb - About 5 hrs to fix

                  Method send_request_tgt has 135 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                            def send_request_tgt(options = {})
            realm = options[:realm]
            server_name = options[:server_name] || "krbtgt/#{realm}"
            client_name = options[:client_name]
            client_name = client_name.dup.force_encoding('utf-8') if client_name
                  Severity: Major
                  Found in lib/msf/core/exploit/remote/kerberos/client.rb - About 5 hrs to fix

                    Method get_detection_html has 135 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                        def get_detection_html(user_agent)
      ua_info = fingerprint_user_agent(user_agent)
      os      = ua_info[:os_name]
      client  = ua_info[:ua_name]
                    Severity: Major
                    Found in lib/msf/core/exploit/remote/browser_exploit_server.rb - About 5 hrs to fix

                      Method run has 134 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def run
    # If the action can be detected automatically. (Action: Automatic)
    @my_action = pick_action
    if @my_action.nil?
      # If the automatic search fails, bye bye.
                      Severity: Major
                      Found in modules/auxiliary/gather/cloud_lookup.rb - About 5 hrs to fix

                        Method exploit has 134 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def exploit
    sploit = ''
    if target.name =~ /Windows 2000 SP4/

      sploit << rand_text_alpha(934)
                        Severity: Major
                        Found in modules/exploits/windows/lotus/domino_icalendar_organizer.rb - About 5 hrs to fix

                          File mssql_linkcrawler.rb has 390 lines of code (exceeds 250 allowed). Consider refactoring.
                          Open

                          class MetasploitModule < Msf::Exploit::Remote
  Rank = GreatRanking

  include Msf::Exploit::Remote::MSSQL
  include Msf::Auxiliary::Report
                          Severity: Minor
                          Found in modules/exploits/windows/mssql/mssql_linkcrawler.rb - About 5 hrs to fix

                            File sock_sendpage.rb has 390 lines of code (exceeds 250 allowed). Consider refactoring.
                            Open

                            class MetasploitModule < Msf::Exploit::Local
  Rank = GreatRanking

  include Msf::Post::File
  include Msf::Post::Linux::Priv
                            Severity: Minor
                            Found in modules/exploits/linux/local/sock_sendpage.rb - About 5 hrs to fix

                              File cve_2019_1663_cisco_rmi_rce.rb has 390 lines of code (exceeds 250 allowed). Consider refactoring.
                              Open

                              class MetasploitModule < Msf::Exploit::Remote
  Rank = GoodRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::CmdStager
                              Severity: Minor
                              Found in modules/exploits/linux/http/cve_2019_1663_cisco_rmi_rce.rb - About 5 hrs to fix
                                Severity
                                Category
                                Status
                                Source
                                Language