Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,177 of 22,177 total issues

Method build_unirpc_message has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.
Open

        def build_unirpc_message(
          version_byte: 0x6c,
          other_version_byte: 0x01,
          body_length_override: nil,
Severity: Minor
Found in lib/msf/core/exploit/remote/unirpc.rb - About 5 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method find_hook_point has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.
Open

  def find_hook_point(manifest)
    return unless manifest

    package = manifest.xpath('//manifest').first['package']
Severity: Minor
Found in lib/msf/core/payload/apk.rb - About 5 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method asm_reverse_http has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.
Open

  def asm_reverse_http(opts={})

    retry_count   = opts[:retry_count].to_i
    retry_wait   = opts[:retry_wait].to_i * 1000
    proxy_enabled = !!(opts[:proxy_host].to_s.strip.length > 0)
Severity: Minor
Found in lib/msf/core/payload/windows/x64/reverse_http_x64.rb - About 5 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has 131 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def run
    if datastore['DEPTH'] < 5
      print_bad('A DEPTH of < 5 is unlikely to succeed as almost all observed installs require 5-11 depth.')
    end
Severity: Major
Found in modules/auxiliary/gather/gitlab_authenticated_subgroups_file_read.rb - About 5 hrs to fix

    Method send_payload_objdata has 131 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def send_payload_objdata
    # basic weblogic ClassTableEntry object (serialized)
    # TODO: WHAT DOES THIS DO?  CAN WE RANDOMIZE ANY OF IT?
    objdata = '056508000000010000001b0000005d0101007372017870737202787000000000'
    objdata << '00000000757203787000000000787400087765626c6f67696375720478700000'
    Severity: Major
    Found in modules/exploits/multi/misc/weblogic_deserialize_marshalledobject.rb - About 5 hrs to fix

      Method exploit has 131 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def exploit
    peer = "#{rhost}:#{rport}"

    if target.name =~ /WMI/
      Severity: Major
      Found in modules/exploits/windows/http/oracle_btm_writetofile.rb - About 5 hrs to fix

        File cogent_datahub_command.rb has 384 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        class MetasploitModule < Msf::Exploit::Remote
  # Exploitation is reliable, but the service hangs and needs manual restarting.
  Rank = ManualRanking

  include Msf::Exploit::Remote::HttpClient
        Severity: Minor
        Found in modules/exploits/windows/http/cogent_datahub_command.rb - About 5 hrs to fix

          File MainPage.xaml.cs has 384 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          using System;
using System.Windows;
using System.Windows.Controls;
using System.Windows.Documents;
using System.IO;
          Severity: Minor
          Found in external/source/exploits/cve-2013-0074/SilverApp1/MainPage.xaml.cs - About 5 hrs to fix

            Method exploit has 130 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def exploit
    jsp_name = datastore['JSP'] || rand_text_alpha(8+rand(8))
    app_base = datastore['APPBASE'] || rand_text_alpha(8+rand(8))

    mytarget = target
            Severity: Major
            Found in modules/exploits/multi/http/jboss_maindeployer.rb - About 5 hrs to fix

              Method send_payload_objdata has 130 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def send_payload_objdata
    shost = srvhost
    if ['0.0.0.0', '127.0.0.1', '::'].include?(shost)
      shost = Rex::Socket.source_address
    end
              Severity: Major
              Found in modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb - About 5 hrs to fix

                Method search has 130 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def search(args = nil)
    args ||= {}

    # filtering, scoping, search base
    # filter: https://tools.ietf.org/html/rfc4511#section-4.5.1.7
                Severity: Major
                Found in lib/rex/proto/ldap.rb - About 5 hrs to fix

                  File wp_popular_posts_rce.rb has 383 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  prepend Msf::Exploit::Remote::AutoCheck
  include Msf::Exploit::FileDropper
                  Severity: Minor
                  Found in modules/exploits/multi/http/wp_popular_posts_rce.rb - About 5 hrs to fix

                    File huawei_hg532n_cmdinject.rb has 383 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    require 'base64'

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking
                    Severity: Minor
                    Found in modules/exploits/linux/http/huawei_hg532n_cmdinject.rb - About 5 hrs to fix

                      File mssql_findandsampledata.rb has 382 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      class MetasploitModule < Msf::Auxiliary
  include Msf::Auxiliary::Scanner
  include Msf::Auxiliary::Report
  include Msf::Exploit::Remote::MSSQL
  include Msf::OptionalSession::MSSQL
                      Severity: Minor
                      Found in modules/auxiliary/admin/mssql/mssql_findandsampledata.rb - About 5 hrs to fix

                        File payload_set.rb has 382 lines of code (exceeds 250 allowed). Consider refactoring.
                        Open

                        module Msf

###
#
# This class is a special case of the generic module set class because
                        Severity: Minor
                        Found in lib/msf/core/payload_set.rb - About 5 hrs to fix

                          Class FileStat has 39 methods (exceeds 20 allowed). Consider refactoring.
                          Open

                          class FileStat

  #
  # Basic file types.
  #
                          Severity: Minor
                          Found in lib/rex/post/file_stat.rb - About 5 hrs to fix

                            Method make_js has 129 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def make_js(encoded_payload)

    # The following executes a ret2lib using BIB.dll
    # The effect is to bypass DEP and execute the shellcode in an indirect way
    stack_data = [
                            Severity: Major
                            Found in modules/exploits/windows/fileformat/adobe_flashplayer_button.rb - About 5 hrs to fix

                              Method run has 128 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def run
    def check_results(passwords, results, hash_type, method)
      passwords.each do |password_line|
        password_line.chomp!
        next if password_line.blank?
                              Severity: Major
                              Found in modules/auxiliary/analyze/crack_linux.rb - About 5 hrs to fix

                                Method sap_port_info has 128 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def sap_port_info(port)

    case port.to_s

    when /^3299$/
                                Severity: Major
                                Found in modules/auxiliary/scanner/sap/sap_router_portscanner.rb - About 5 hrs to fix

                                  Method initialize has 128 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'SpamTitan Unauthenticated RCE',
                                  Severity: Major
                                  Found in modules/exploits/freebsd/webapp/spamtitan_unauth_rce.rb - About 5 hrs to fix
                                    Severity
                                    Category
                                    Status
                                    Source
                                    Language