Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,177 of 22,177 total issues

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    content = %Q|<html>
<object classid='clsid:#{clsid}' id='#{axobj}'></object>
<script>
#{j_shellcode}=unescape('#{shellcode}');
#{j_nops}=unescape('#{nops}');
Severity: Major
Found in modules/exploits/windows/browser/aventail_epi_activex.rb and 1 other location - About 4 hrs to fix
modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb on lines 76..92

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 158.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    content = %Q|<html>
<object classid='clsid:BA83FD38-CE14-4DA3-BEF5-96050D55F78A' id='#{vname}'></object>
<script language='javascript'>
var #{rand1} = unescape('#{shellcode}');
var #{randnop} = "#{nops}";
Severity: Major
Found in modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb and 1 other location - About 4 hrs to fix
modules/exploits/windows/browser/aventail_epi_activex.rb on lines 122..143

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 158.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method exploit has 117 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def exploit
    def upload_and_compile(filename, file_path, file_content, compile=nil)
      rm_f "#{file_path}"
      if not compile.nil?
        rm_f "#{file_path}.c"
Severity: Major
Found in modules/exploits/linux/local/ntfs3g_priv_esc.rb - About 4 hrs to fix

    Method run has 117 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run
    version = get_az_version
    if version.nil?
      print_status('Unable to determine az cli version')
    else
    Severity: Major
    Found in modules/post/multi/gather/azure_cli_creds.rb - About 4 hrs to fix

      Class AcunetixDocument has 36 methods (exceeds 20 allowed). Consider refactoring.
      Open

          load_nokogiri && class AcunetixDocument < Nokogiri::XML::SAX::Document

    include NokogiriDocMixin

    # The resolver prefers your local /etc/hosts (or windows equiv), but will
      Severity: Minor
      Found in lib/rex/parser/acunetix_document.rb - About 4 hrs to fix

        Class Meterpreter has 36 methods (exceeds 20 allowed). Consider refactoring.
        Open

        class Meterpreter < Rex::Post::Meterpreter::Client

  include Msf::Session
  #
  # The meterpreter session is interactive
        Severity: Minor
        Found in lib/msf/base/sessions/meterpreter.rb - About 4 hrs to fix

          Class Payload has 36 methods (exceeds 20 allowed). Consider refactoring.
          Open

          class Payload < Msf::Module


  # Platform specific includes
  require 'metasploit/framework/compiler/mingw'
          Severity: Minor
          Found in lib/msf/core/payload.rb - About 4 hrs to fix

            Class Exploit has 36 methods (exceeds 20 allowed). Consider refactoring.
            Open

              class Exploit
    module Capture

      #
      # Initializes an instance of an exploit module that captures traffic
            Severity: Minor
            Found in lib/msf/core/exploit/capture.rb - About 4 hrs to fix

              File exchange_proxylogon_collector.rb has 361 lines of code (exceeds 250 allowed). Consider refactoring.
              Open

              class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpClient

  def initialize(info = {})
    super(
              Severity: Minor
              Found in modules/auxiliary/gather/exchange_proxylogon_collector.rb - About 4 hrs to fix

                File bailiwicked_host.rb has 360 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                require 'net/dns'
require 'resolv'

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Capture
                Severity: Minor
                Found in modules/auxiliary/spoof/dns/bailiwicked_host.rb - About 4 hrs to fix

                  Method generate_malicious_tar has 116 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def generate_malicious_tar
    mf_file = <<~EOF.strip
      {
          "CHECKSUMS": [
              {
                  Severity: Major
                  Found in modules/exploits/linux/http/vmware_vrli_rce.rb - About 4 hrs to fix

                    File is_known_pipename.rb has 360 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::DCERPC
  include Msf::Exploit::Remote::SMB::Client
                    Severity: Minor
                    Found in modules/exploits/linux/samba/is_known_pipename.rb - About 4 hrs to fix

                      Method run has 116 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def run
    fail_with(Failure::NoAccess, 'Session isnt running as root') unless is_root?
    case datastore['UseraddMethod']
    when 'CUSTOM'
      fail_with(Failure::NotFound, "Cannot find command on path given: #{datastore['UseraddBinary']}") unless check_command_exists?(datastore['UseraddBinary'])
                      Severity: Major
                      Found in modules/post/linux/manage/adduser.rb - About 4 hrs to fix

                        Method to_s has 116 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def to_s(headers_only: false)
    # Start GET query string
    qstr = opts['query'] ? opts['query'].dup : ""

    # Start POST data string
                        Severity: Major
                        Found in lib/rex/proto/http/client_request.rb - About 4 hrs to fix

                          File magento_unserialize.rb has 359 lines of code (exceeds 250 allowed). Consider refactoring.
                          Open

                          class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::FileDropper
                          Severity: Minor
                          Found in modules/exploits/multi/http/magento_unserialize.rb - About 4 hrs to fix

                            File service_persistence.rb has 359 lines of code (exceeds 250 allowed). Consider refactoring.
                            Open

                            class MetasploitModule < Msf::Exploit::Local
  Rank = ExcellentRanking

  include Msf::Post::File
  include Msf::Post::Unix
                            Severity: Minor
                            Found in modules/exploits/linux/local/service_persistence.rb - About 4 hrs to fix

                              Method run_host has 115 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def run_host(ip)
    unless wordpress_and_online?
      fail_with Failure::NotVulnerable, "#{ip} - Server not online or not detected as wordpress"
    end
                              Severity: Major
                              Found in modules/auxiliary/scanner/http/wp_total_upkeep_downloader.rb - About 4 hrs to fix

                                Method initialize has 115 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Geutebruck Multiple Remote Command Execution',
                                Severity: Major
                                Found in modules/exploits/linux/http/geutebruck_cmdinject_cve_2021_335xx.rb - About 4 hrs to fix

                                  Method import_netsparker_xml has 115 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def import_netsparker_xml(args={}, &block)
    data = args[:data]
    wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
    addr = nil
                                  Severity: Major
                                  Found in lib/msf/core/db_manager/import/netsparker.rb - About 4 hrs to fix

                                    Method print_tree_recursive has a Cognitive Complexity of 31 (exceeds 5 allowed). Consider refactoring.
                                    Open

                                          def print_tree_recursive(tree, max_level, indent, prefix, is_last, unicode)
        if !tree.nil? && (tree.depth <= max_level)
          print(' ' * indent)

          # Prefix serve to print the superior hierarchy
                                    Severity: Minor
                                    Found in plugins/wmap.rb - About 4 hrs to fix

                                    Cognitive Complexity

                                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                                    A method's cognitive complexity is based on a few simple rules:

                                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                                    • Code is considered more complex for each "break in the linear flow of the code"
                                    • Code is considered more complex when "flow breaking structures are nested"

                                    Further reading

                                    Severity
                                    Category
                                    Status
                                    Source
                                    Language