Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,177 of 22,177 total issues

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def exploit

    peer = "#{rhost}:#{rport}"

    print_status "Ping host..."
Severity: Major
Found in modules/exploits/windows/misc/hp_operations_agent_coda_34.rb and 1 other location - About 5 hrs to fix
modules/exploits/windows/misc/hp_operations_agent_coda_8c.rb on lines 133..206

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 170.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method run has 127 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def run
    fake_host = datastore['FAKEHOST'] || datastore['HOST']
    fake_port = datastore['FAKEPORT'] || datastore['PORT']
    host = datastore['HOST']
    local_host = datastore['SRVHOST']
Severity: Major
Found in modules/auxiliary/server/jsse_skiptls_mitm_proxy.rb - About 5 hrs to fix

    Method arp_poisoning has 127 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def arp_poisoning
    lsmac = datastore['LOCALSMAC'] || @smac
    raise 'Local Source Mac is not in correct format' unless is_mac?(lsmac)

    dhosts_range = Rex::Socket::RangeWalker.new(datastore['DHOSTS'])
    Severity: Major
    Found in modules/auxiliary/spoof/arp/arp_poisoning.rb - About 5 hrs to fix

      Method run_host has 127 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run_host(ip)
    if datastore['RPORT'].blank? || datastore['RPORT'] == 0
      smb_services = [
        { port: 445, direct: true },
        { port: 139, direct: false }
      Severity: Major
      Found in modules/auxiliary/scanner/smb/smb_version.rb - About 5 hrs to fix

        File vbulletin_vote_sqli_exec.rb has 378 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::HttpClient
        Severity: Minor
        Found in modules/exploits/unix/webapp/vbulletin_vote_sqli_exec.rb - About 5 hrs to fix

          File kiwi.rb has 378 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          require 'rex/post/meterpreter/extensions/kiwi/tlv'
require 'rex/post/meterpreter/extensions/kiwi/command_ids'
require 'rexml/document'
require 'set'
          Severity: Minor
          Found in lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb - About 5 hrs to fix

            Method run has 126 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def run
    if !datastore['SSLServerNameIndication'].nil?
      sni = datastore['SSLServerNameIndication']
      print_status("Connecting to #{rhost}:#{rport} SNI:#{sni}")
    else
            Severity: Major
            Found in modules/auxiliary/gather/impersonate_ssl.rb - About 5 hrs to fix

              Method run has 126 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def run
    def check_results(passwords, results, hash_type, method)
      passwords.each do |password_line|
        password_line.chomp!
        next if password_line.blank?
              Severity: Major
              Found in modules/auxiliary/analyze/crack_webapps.rb - About 5 hrs to fix

                Method run has 126 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run
    def check_results(passwords, results, hash_type, method)
      passwords.each do |password_line|
        password_line.chomp!
        next if password_line.blank?
                Severity: Major
                Found in modules/auxiliary/analyze/crack_osx.rb - About 5 hrs to fix

                  Method add_constants has 126 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def self.add_constants(const_mgr)
    const_mgr.add_const('MAP_FILE',       0x00)
    const_mgr.add_const('MAP_SHARED',     0x01)
    const_mgr.add_const('MAP_PRIVATE',    0x02)
    const_mgr.add_const('MAP_FIXED',      0x10)
                  Severity: Major
                  Found in lib/rex/post/meterpreter/extensions/stdapi/railgun/def/linux/api_constants.rb - About 5 hrs to fix

                    File adobe_cooltype_sing.rb has 376 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    require 'zlib'

class MetasploitModule < Msf::Exploit::Remote
  Rank = GreatRanking # aslr+dep bypass, js heap spray, rop, stack bof
                    Severity: Minor
                    Found in modules/exploits/windows/browser/adobe_cooltype_sing.rb - About 5 hrs to fix

                      File smart_hashdump.rb has 376 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      class MetasploitModule < Msf::Post
  include Msf::Post::File
  include Msf::Post::Windows::Priv
  include Msf::Post::Windows::Registry
  include Msf::Post::Windows::Accounts
                      Severity: Minor
                      Found in modules/post/windows/gather/smart_hashdump.rb - About 5 hrs to fix

                        File client_request.rb has 376 lines of code (exceeds 250 allowed). Consider refactoring.
                        Open

                        require 'uri'

require 'rex/mime'
require 'rex/socket'
require 'rex/text'
                        Severity: Minor
                        Found in lib/rex/proto/http/client_request.rb - About 5 hrs to fix

                          File platform.rb has 376 lines of code (exceeds 250 allowed). Consider refactoring.
                          Open

                          require 'abbrev'

#
# This is the definitions of which Platforms the framework knows about.  The
# relative ranks are used to support ranges, and the Short names are used to
                          Severity: Minor
                          Found in lib/msf/core/module/platform.rb - About 5 hrs to fix

                            Method run has 125 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def run
    packet = prepare_packet(true)

    sock = connect
    if sock.nil?
                            Severity: Major
                            Found in modules/auxiliary/gather/trackit_sql_domain_creds.rb - About 5 hrs to fix

                              Method exploit has 125 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def exploit

    # Request using a non-existing table first, to retrieve the table prefix
    res = sqli(rand_text_alphanumeric(rand(10)+6))
                              Severity: Major
                              Found in modules/exploits/unix/webapp/joomla_contenthistory_sqli_rce.rb - About 5 hrs to fix

                                File nimcontroller_bof.rb has 375 lines of code (exceeds 250 allowed). Consider refactoring.
                                Open

                                class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::Tcp
  prepend Msf::Exploit::Remote::AutoCheck
                                Severity: Minor
                                Found in modules/exploits/windows/nimsoft/nimcontroller_bof.rb - About 5 hrs to fix

                                  Method make_js has 125 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def make_js(encoded_payload)

    # The following executes a ret2lib using BIB.dll
    # The effect is to bypass DEP and execute the shellcode in an indirect way
    stack_data = [
                                  Severity: Major
                                  Found in modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb - About 5 hrs to fix

                                    Method exploit has 125 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def exploit
    data = fake_login

    print_status("Sending fake login request...")
    res = send_request_cgi(
                                    Severity: Major
                                    Found in modules/exploits/windows/novell/netiq_pum_eval.rb - About 5 hrs to fix

                                      File ms10_046_shortcut_icon_dllloader.rb has 375 lines of code (exceeds 250 allowed). Consider refactoring.
                                      Open

                                      class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  #
  # This module acts as an HTTP server
                                      Severity: Minor
                                      Found in modules/exploits/windows/browser/ms10_046_shortcut_icon_dllloader.rb - About 5 hrs to fix
                                        Severity
                                        Category
                                        Status
                                        Source
                                        Language