Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,177 of 22,177 total issues

Method gatherwin has a Cognitive Complexity of 32 (exceeds 5 allowed). Consider refactoring.
Open

  def gatherwin
    print_status('Windows OS detected, enumerating services')
    tomcatHomeArray = []
    service_list.each do |service|
      if service[:name].downcase.include? 'tomcat'
Severity: Minor
Found in modules/post/multi/gather/tomcat_gather.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method parse_accounts has a Cognitive Complexity of 32 (exceeds 5 allowed). Consider refactoring.
Open

  def parse_accounts(data)
    creds = []

    doc = begin
      REXML::Document.new(data).root
Severity: Minor
Found in modules/post/multi/gather/filezilla_client_cred.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method filter_cred_cores has a Cognitive Complexity of 32 (exceeds 5 allowed). Consider refactoring.
Open

  def filter_cred_cores(cores, opts, origin_ranges, host_ranges)
    # Some creds may have been cracked that exist outside of the filtered cores list, let's resolve them all to show the cracked value
    cores_by_id = cores.each_with_object({}) { |core, hash| hash[core.id] = core }
    # Map of any originating core ids that have been cracked; The value is cracked core value
    cracked_core_id_to_cracked_value = cores.each_with_object({}) do |core, hash|
Severity: Minor
Found in lib/msf/ui/console/command_dispatcher/creds.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method find_key has a Cognitive Complexity of 32 (exceeds 5 allowed). Consider refactoring.
Open

  def find_key(buf, badchars, keyChars)

    keyFound = nil

    bufLen = buf.length
Severity: Minor
Found in lib/msf/core/encoder/xor_dynamic.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method import_nessus_xml_v2 has a Cognitive Complexity of 32 (exceeds 5 allowed). Consider refactoring.
Open

  def import_nessus_xml_v2(args={}, &block)
    data = args[:data]
    wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
Severity: Minor
Found in lib/msf/core/db_manager/import/nessus/xml/v2.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method connect_login has a Cognitive Complexity of 32 (exceeds 5 allowed). Consider refactoring.
Open

  def connect_login(global = true)
    if datastore['DOMAIN'] && datastore['DOMAIN'] != ''
      domain = datastore['DOMAIN']
    else
      domain = Rex::Text.rand_text_alpha(rand(32)+1)
Severity: Minor
Found in lib/msf/core/exploit/remote/smtp_deliver.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method major_release_name has a Cognitive Complexity of 32 (exceeds 5 allowed). Consider refactoring.
Open

    def major_release_name
      if _major == 5
        if _minor == 0
          return MajorRelease::Win2000
        elsif _minor == 1
Severity: Minor
Found in lib/msf/core/windows_version.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method asm_reverse_http has a Cognitive Complexity of 32 (exceeds 5 allowed). Consider refactoring.
Open

  def asm_reverse_http(opts={})

    retry_count   = opts[:retry_count].to_i
    retry_wait   = opts[:retry_wait].to_i * 1000
    proxy_enabled = !!(opts[:proxy_host].to_s.strip.length > 0)
Severity: Minor
Found in lib/msf/core/payload/windows/reverse_http.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_platform_info has a Cognitive Complexity of 32 (exceeds 5 allowed). Consider refactoring.
Open

        def self.get_platform_info(ssh_socket, timeout: 10)
          info = ''
          begin
            Timeout.timeout(timeout) do
              info = ssh_socket.exec!("id\n").to_s
Severity: Minor
Found in lib/metasploit/framework/ssh/platform.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

File jira_hipchat_template.rb has 364 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'json'

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking
Severity: Minor
Found in modules/exploits/multi/http/jira_hipchat_template.rb - About 4 hrs to fix

    File ubisoft_uplay_cmd_exec.rb has 364 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::HttpServer::HTML
  include Msf::Exploit::EXE
    Severity: Minor
    Found in modules/exploits/windows/browser/ubisoft_uplay_cmd_exec.rb - About 4 hrs to fix

      File eyesofnetwork_autodiscovery_rce.rb has 364 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::CmdStager
  include Msf::Exploit::SQLi
      Severity: Minor
      Found in modules/exploits/linux/http/eyesofnetwork_autodiscovery_rce.rb - About 4 hrs to fix

        File screenshare.rb has 364 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        class MetasploitModule < Msf::Post

  include Msf::Exploit::Remote::HttpServer

  def initialize(info = {})
        Severity: Minor
        Found in modules/post/multi/manage/screenshare.rb - About 4 hrs to fix

          Method exploit has 118 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def exploit
    # process standard options
    @username = datastore['USERNAME']
    @password = datastore['PASSWORD']
    file_name = datastore['SPLUNK_APP_FILE']
          Severity: Major
          Found in modules/exploits/multi/http/splunk_upload_app_exec.rb - About 4 hrs to fix

            Method initialize has 118 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Cisco Linksys PlayerPT ActiveX Control SetSource sURL Argument Buffer Overflow',
      'Description'    => %q{
          This module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15
            Severity: Major
            Found in modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb - About 4 hrs to fix

              Method cmd_execute_bof has 118 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                        def cmd_execute_bof(*args)
            if args.empty?
              cmd_execute_bof_help
              return false
            end
              Severity: Major
              Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/bofloader.rb - About 4 hrs to fix

                Method cmd_route has 118 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def cmd_route(*args)
    begin
      args << 'print' if args.length == 0

      action = args.shift
                Severity: Major
                Found in lib/msf/ui/console/command_dispatcher/core.rb - About 4 hrs to fix

                  Method import_nexpose_simplexml has 118 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def import_nexpose_simplexml(args={}, &block)
    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
    wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
    if Rex::Parser.nokogiri_loaded
      parser = "Nokogiri v#{::Nokogiri::VERSION}"
                  Severity: Major
                  Found in lib/msf/core/db_manager/import/nexpose/simple.rb - About 4 hrs to fix

                    File shell_to_meterpreter.rb has 363 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    require 'rex/exploitation/cmdstager'

class MetasploitModule < Msf::Post
  include Exploit::Powershell
  include Post::Architecture
                    Severity: Minor
                    Found in modules/post/multi/manage/shell_to_meterpreter.rb - About 4 hrs to fix

                      File arp_poisoning.rb has 362 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::Capture
  include Msf::Auxiliary::Report

  def initialize
                      Severity: Minor
                      Found in modules/auxiliary/spoof/arp/arp_poisoning.rb - About 4 hrs to fix
                        Severity
                        Category
                        Status
                        Source
                        Language