Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method initialize has 85 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Cisco UCS Director Cloupia Script RCE',
Severity: Major
Found in modules/exploits/linux/http/cisco_ucs_cloupia_script_rce.rb - About 3 hrs to fix

    Method exploit has 85 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def exploit
    downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8))
    uri = '/setup.cgi'
    user = datastore['HttpUsername']
    pass = datastore['HttpPassword']
    Severity: Major
    Found in modules/exploits/linux/http/netgear_dgn1000b_setup_exec.rb - About 3 hrs to fix

      Method initialize has 85 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(update_info(info,
      'Name' => 'Endian Firewall Proxy Password Change Command Injection',
      'Description' => %q{
        This module exploits an OS command injection vulnerability in a
      Severity: Major
      Found in modules/exploits/linux/http/efw_chpasswd_exec.rb - About 3 hrs to fix

        Method exploit has 85 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def exploit
    downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8))
    uri = '/apply.cgi'
    user = datastore['HttpUsername']
    pass = datastore['HttpPassword']
        Severity: Major
        Found in modules/exploits/linux/http/linksys_e1500_apply_exec.rb - About 3 hrs to fix

          Method initialize has 85 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'F5 iControl REST Unauthenticated SSRF Token Generation RCE',
          Severity: Major
          Found in modules/exploits/linux/http/f5_icontrol_rest_ssrf_rce.rb - About 3 hrs to fix

            Method cmd_show has 85 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

                      def cmd_show(*args)
            if args.empty?
              print_error("Argument required\n")
              cmd_show_help
              return
            Severity: Major
            Found in lib/msf/ui/console/command_dispatcher/modules.rb - About 3 hrs to fix

              Method nexpose_host_from_rawxml has 85 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def nexpose_host_from_rawxml(h, vstructs, wspace,task=nil)
    hobj = nil
    data = {:workspace => wspace}
    if h["addr"]
      addr = h["addr"]
              Severity: Major
              Found in lib/msf/core/db_manager/import/nexpose/raw.rb - About 3 hrs to fix

                Method asm_block_recv has 85 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def asm_block_recv(opts={})

    reliable     = opts[:reliable]

    asm = %Q^
                Severity: Major
                Found in lib/msf/core/payload/windows/x64/reverse_tcp_x64.rb - About 3 hrs to fix

                  Identical blocks of code found in 2 locations. Consider refactoring.
                  Open

                          def send_cmd_data(args, data, mode = 'a', nsock = self.sock)
          type = nil
          # implement some aliases for various commands
          if (args[0] =~ /^DIR$/i || args[0] =~ /^LS$/i)
            # TODO || args[0] =~ /^MDIR$/i || args[0] =~ /^MLS$/i
                  Severity: Major
                  Found in lib/metasploit/framework/ftp/client.rb and 1 other location - About 3 hrs to fix
                  lib/rex/proto/ftp/client.rb on lines 238..290

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 119.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Identical blocks of code found in 2 locations. Consider refactoring.
                  Open

                          def send_cmd_data(args, data, mode = 'a', nsock = self.sock)
          type = nil
          # implement some aliases for various commands
          if args[0] =~ /^DIR$/i || args[0] =~ /^LS$/i
            # TODO || args[0] =~ /^MDIR$/i || args[0] =~ /^MLS$/i
                  Severity: Major
                  Found in lib/rex/proto/ftp/client.rb and 1 other location - About 3 hrs to fix
                  lib/metasploit/framework/ftp/client.rb on lines 138..190

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 119.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Similar blocks of code found in 2 locations. Consider refactoring.
                  Open

                    def exploit_target(target)

    target['Length'].each do |length|

      connect
                  Severity: Major
                  Found in modules/exploits/windows/misc/fb_isc_create_database.rb and 1 other location - About 3 hrs to fix
                  modules/exploits/windows/misc/fb_isc_attach_database.rb on lines 102..167

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 119.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Similar blocks of code found in 2 locations. Consider refactoring.
                  Open

                    def exploit_target(target)

    target['Length'].each do |length|

      connect
                  Severity: Major
                  Found in modules/exploits/windows/misc/fb_isc_attach_database.rb and 1 other location - About 3 hrs to fix
                  modules/exploits/windows/misc/fb_isc_create_database.rb on lines 102..167

                  Duplicated Code

                  Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                  Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                  When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                  Tuning

                  This issue has a mass of 119.

                  We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                  The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                  If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                  See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                  Refactorings

                  Further Reading

                  Method cmd_nessus_scan_details has 84 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                        def cmd_nessus_scan_details(*args)
        valid_categories = ['info', 'hosts', 'vulnerabilities', 'history']
        search_term = nil
        scan_id = nil
        category = nil
                  Severity: Major
                  Found in plugins/nessus.rb - About 3 hrs to fix

                    Method check_login has 84 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def check_login(targeturi, domain, username, password)
    request_id = SecureRandom.uuid
    url = "https://#{rhost}/#{domain}#{targeturi}"

    created = Time.new.inspect
                    Severity: Major
                    Found in modules/auxiliary/scanner/http/azure_ad_login.rb - About 3 hrs to fix

                      Method initialize has 84 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize
    super(
      'Name'           => 'Outlook Web App (OWA) Brute Force Utility',
      'Description'    => %q{
        This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers.
                      Severity: Major
                      Found in modules/auxiliary/scanner/http/owa_login.rb - About 3 hrs to fix

                        Method initialize has 84 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'Linux x64 Pingback, Reverse TCP Inline',
      'Description'   => 'Connect back to attacker and report UUID (Linux x64)',
      'Author'        => [ 'bwatters-r7' ],
                        Severity: Major
                        Found in modules/payloads/singles/linux/x64/pingback_reverse_tcp.rb - About 3 hrs to fix

                          Method create_payload_plugin has 84 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def create_payload_plugin(plugin_name)
    if target['Arch'] == ARCH_CMD

      case target['Platform']
      when 'win'
                          Severity: Major
                          Found in modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2024_27198.rb - About 3 hrs to fix

                            Method initialize has 84 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info={})
    super(update_info(info,
      'Name'                => 'Adobe Flash Player ByteArray Use After Free',
      'Description'         => %q{
        This module exploits an use after free on Adobe Flash Player. The vulnerability,
                            Severity: Major
                            Found in modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb - About 3 hrs to fix

                              Method initialize has 84 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(update_info(info,
      'Name'            => 'IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow',
      'Description'        => %q{
          This module exploits a stack buffer overflow in IBM Lotus Domino Web Server
                              Severity: Major
                              Found in modules/exploits/windows/lotus/domino_http_accept_language.rb - About 3 hrs to fix

                                Method exploit has 84 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def exploit
    print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")

    data  = "5|0|4|"
    data << "http://#{datastore['RHOST']}:#{datastore['RPORT']}"
                                Severity: Major
                                Found in modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb - About 3 hrs to fix
                                  Severity
                                  Category
                                  Status
                                  Source
                                  Language