Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Similar blocks of code found in 3 locations. Consider refactoring.
Open

  def run
    last_str = nil
    last_inp = nil
    last_err = nil
Severity: Major
Found in modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb and 2 other locations - About 3 hrs to fix
modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb on lines 34..75
modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb on lines 33..74

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

      otp_send("< OTP/1.0 >\n",true) # send hello
      if @result !~ /\<\ OTP\/1\.0 \>/
        print_error("#{msg} OpenVAS OTP does not appear to be running: did not get response to OTP hello: #{@result}")
        return :abort
      end
Severity: Major
Found in modules/auxiliary/scanner/openvas/openvas_otp_login.rb and 1 other location - About 3 hrs to fix
modules/auxiliary/scanner/nessus/nessus_ntp_login.rb on lines 88..125

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  class TcpReverseDoubleSSLSessionChannel

    include Rex::IO::StreamAbstraction

    def initialize(framework, inp, out)
Severity: Major
Found in lib/msf/core/handler/reverse_tcp_double_ssl.rb and 1 other location - About 3 hrs to fix
lib/msf/core/handler/reverse_tcp_double.rb on lines 213..279

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    datasecurity_plus_data_repos.each do |repo|
      # send a general query, which should return the "total_hits" parameter that represents the total record count
      res_code, res = get_response(@sock, action_dr_search(repo))
      total_hits = process_dr_search(res, res_code, repo, ['UNIQUE_ID'], 'total_hits')
      # check if total_hits is nil, as that means process_dr_search failed and we should skip to the next repo
Severity: Major
Found in modules/auxiliary/gather/manageengine_datasecurity_plus_xnode_enum.rb and 1 other location - About 3 hrs to fix
modules/auxiliary/gather/manageengine_adaudit_plus_xnode_enum.rb on lines 136..168

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    ad_audit_plus_data_repos.each do |repo|
      # send a general query, which should return the "total_hits" parameter that represents the total record count
      res_code, res = get_response(@sock, action_dr_search(repo))
      total_hits = process_dr_search(res, res_code, repo, ['UNIQUE_ID'], 'total_hits')
      # check if total_hits is nil, as that means process_dr_search failed and we should skip to the next repo
Severity: Major
Found in modules/auxiliary/gather/manageengine_adaudit_plus_xnode_enum.rb and 1 other location - About 3 hrs to fix
modules/auxiliary/gather/manageengine_datasecurity_plus_xnode_enum.rb on lines 136..168

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

      ntp_send("< NTP/1.0 >\n",true) # send hello
      if @result !~ /\<\ NTP\/1\.0 \>/
        print_error("#{msg} Nessus NTP does not appear to be running: did not get response to NTP hello: #{@result}")
        return :abort
      end
Severity: Major
Found in modules/auxiliary/scanner/nessus/nessus_ntp_login.rb and 1 other location - About 3 hrs to fix
modules/auxiliary/scanner/openvas/openvas_otp_login.rb on lines 85..121

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  class TcpReverseDoubleSessionChannel

    include Rex::IO::StreamAbstraction

    def initialize(framework, inp, out)
Severity: Major
Found in lib/msf/core/handler/reverse_tcp_double.rb and 1 other location - About 3 hrs to fix
lib/msf/core/handler/reverse_tcp_double_ssl.rb on lines 263..329

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method run has 90 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def run
    login(datastore['USERNAME'], datastore['PASSWORD'])

    config = export_data
Severity: Major
Found in modules/auxiliary/admin/http/scadabr_credential_dump.rb - About 3 hrs to fix

    Method run_host has 90 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run_host(ip)

    startstage = datastore['STARTATSTAGE']

    @nr_errors = datastore['STOPAFTER']
    Severity: Major
    Found in modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb - About 3 hrs to fix

      Method initialize has 90 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Xorg X11 Server SUID logfile Privilege Escalation',
      Severity: Major
      Found in modules/exploits/multi/local/xorg_x11_suid_server.rb - About 3 hrs to fix

        Method get_traversal_path has 90 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def get_traversal_path
    #
    # ConfigurationService packet structure:
    #
    # @packet_header_pre_packet_size
        Severity: Major
        Found in modules/exploits/windows/http/trackit_file_upload.rb - About 3 hrs to fix

          Method initialize has 90 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(update_info(info,
      'Name'           => 'MS10-087 Microsoft Word RTF pFragments Stack Buffer Overflow (File Format)',
      'Description'    => %q{
          This module exploits a stack-based buffer overflow in the handling of the
          Severity: Major
          Found in modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb - About 3 hrs to fix

            Method exploit has 90 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def exploit
    check_status = check

    if check_status == CheckCode::Appears
      print_good 'The target appears to be vulnerable'
            Severity: Major
            Found in modules/exploits/linux/local/glibc_origin_expansion_priv_esc.rb - About 3 hrs to fix

              Method initialize has 90 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Cacti 1.2.22 unauthenticated command injection',
              Severity: Major
              Found in modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb - About 3 hrs to fix

                Method calc_checksum has 90 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def calc_checksum(packet)
    # reference table used to calculate the packet checksum
    # used by tdpd_pkt_calc_checksum (0x4037f0)
    # located at offset 0x0416e90 in the binary
    reference_tbl = [
                Severity: Major
                Found in modules/exploits/linux/misc/tplink_archer_a7_c7_lan_rce.rb - About 3 hrs to fix

                  Method run has 90 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def run
    group_path = 'MACHINE\\Preferences\\Groups\\Groups.xml'
    group_path_user = 'USER\\Preferences\\Groups\\Groups.xml'
    service_path = 'MACHINE\\Preferences\\Services\\Services.xml'
    printer_path = 'USER\\Preferences\\Printers\\Printers.xml'
                  Severity: Major
                  Found in modules/post/windows/gather/credentials/gpp.rb - About 3 hrs to fix

                    Method process_config has 90 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def process_config(filename)
    config = client.fs.file.new(filename, 'r')
    print_status("Processing #{filename}")
    contents = config.read
    config_lines = contents.split("\n")
                    Severity: Major
                    Found in modules/post/windows/gather/credentials/epo_sql.rb - About 3 hrs to fix

                      Method decrypt_thycotic_db has 90 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def decrypt_thycotic_db(csv_dataset)
    current_row = 0
    decrypted_rows = 0
    plaintext_rows = 0
    blank_rows = 0
                      Severity: Major
                      Found in modules/post/windows/gather/credentials/thycotic_secretserver_dump.rb - About 3 hrs to fix

                        Method create_library has 90 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def self.create_library(constant_manager, library_path = 'wldap32')
    dll = Library.new(library_path, constant_manager)

    dll.add_function('ldap_sslinitA', 'LPVOID',[
        ['PCHAR', 'HostName', 'in'],
                        Severity: Major
                        Found in lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_wldap32.rb - About 3 hrs to fix

                          Method run_cmd_source has 90 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def run_cmd_source
    %Q|
      #{read_file_source}
      #{set_timeout_source}
                          Severity: Major
                          Found in lib/msf/core/payload/firefox.rb - About 3 hrs to fix
                            Severity
                            Category
                            Status
                            Source
                            Language