Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,004 of 22,004 total issues

Method view_site_tree has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

      def view_site_tree(urlstr, md, ld)
        if !urlstr
          return
        end
Severity: Minor
Found in plugins/wmap.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method scheduleremote has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

def scheduleremote(session,schtype,cmd,tmmod,cmdopt,targetsys,username,password)
  execmd = ""
  success = false
  taskname = "syscheck#{rand(100)}"
  if cmdopt != nil
Severity: Minor
Found in scripts/meterpreter/scheduleme.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method packetrecord has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

def packetrecord(packtime, logfile,intid)
  begin
    rec = 1
    print_status("Packets being saved in to #{logfile}")
    print_status("Packet capture interval is #{packtime} Seconds")
Severity: Minor
Found in scripts/meterpreter/packetrecorder.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method test_handler has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def test_handler
    print_status("Beginning tests using #{datastore['TYPE']} search method (#{datastore['Threads']} Threads)")
    test_length = 1 # initial test length set

    until @test_queue.empty?
Severity: Minor
Found in modules/auxiliary/gather/ibm_sametime_enumerate_users.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run_host has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def run_host(ip)
    @rhost = ip

    @read_timeout = datastore['READ_TIMEOUT'] || 600
Severity: Minor
Found in modules/auxiliary/gather/ldap_hashdump.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    # check our API key is somewhat sane
    unless /^[a-z\d]{32}$/i.match?(datastore['SHODAN_APIKEY'])
      fail_with(Failure::BadConfig, 'Shodan API key should be 32 characters a-z,A-Z,0-9.')
    end
Severity: Minor
Found in modules/auxiliary/gather/shodan_search.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    login(datastore['USERNAME'], datastore['PASSWORD'])

    config = export_data
Severity: Minor
Found in modules/auxiliary/admin/http/scadabr_credential_dump.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    print_status("Logging into #{target_url}...")
    res = send_request_cgi(
      'method' => 'POST',
      'uri' => normalize_uri(target_uri.path, 'users', 'login'),
Severity: Minor
Found in modules/auxiliary/admin/http/foreman_openstack_satellite_priv_esc.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run_batch has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def run_batch(hosts)
    open_pcap({'SNAPLEN' => 68, 'FILTER' => "arp[6:2] == 0x0002"})

    @netifaces = true
    if not netifaces_implemented?
Severity: Minor
Found in modules/auxiliary/scanner/discovery/arp_sweep.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method do_login has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def do_login(user, pass, luser, status = nil)
    # Reset our accumulators for interacting with /bin/login
    @recvd = ''
    @trace = ''
Severity: Minor
Found in modules/auxiliary/scanner/rservices/rlogin_login.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_client_data has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def on_client_data(c)
    # get the client data
    data = c.get_once
    return if not data
    # split data into command and arguments
Severity: Minor
Found in modules/auxiliary/fuzzers/ftp/client_ftp.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    jsp_name = datastore['JSP'] || rand_text_alpha(8+rand(8))
    app_base = datastore['APPBASE'] || rand_text_alpha(8+rand(8))

    mytarget = target
Severity: Minor
Found in modules/exploits/multi/http/jboss_maindeployer.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    uri = target_uri.path

    print_status("Grabbing version and login CSRF token...")
    response = send_request_cgi({
Severity: Minor
Found in modules/exploits/multi/http/mediawiki_thumb.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    vprint_status('Getting nonce')
    res = send_request_cgi(
      'uri' => normalize_uri(target_uri.path)
    )
Severity: Minor
Found in modules/exploits/multi/http/wp_dnd_mul_file_rce.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    sysinfo_value = sysinfo['OS']

    if sysinfo_value !~ /windows/i
      # Non-Windows systems are definitely not affected.
Severity: Minor
Found in modules/exploits/windows/local/cve_2022_26904_superprofile.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method find_key has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def find_key(cipher_text)
    print_status('Finding Key...')

    # Counter
    total_keys = @key_charset.length**8
Severity: Minor
Found in modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check_via_version has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def check_via_version
    sysinfo = get_sysinfo
    case sysinfo[:distro]
    when 'fedora'
      if sysinfo[:version] =~ /Fedora( release)? (\d+)/
Severity: Minor
Found in modules/exploits/linux/local/polkit_dbus_auth_bypass.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method inject_payload has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def inject_payload(payload)
    if session.type == 'meterpreter'
      socket_subsystem, socket = open_tcp_connection

      tcp_conversation = {
Severity: Minor
Found in modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    # run if AutoCheck is false (@config = nil), otherwise use the information in @config gathered during the check method
    unless @config
      res = get_configuration
      fail_with(Failure::NotVulnerable, 'Target is not vulnerable.') if res.nil? || res.code != 200
Severity: Minor
Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit

    @pl = generate_payload_exe
    @elf_sent = false
Severity: Minor
Found in modules/exploits/linux/smtp/exim4_dovecot_exec.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language