Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,004 of 22,004 total issues

Method enum_users has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def enum_users
    paths = []
    id = whoami

    if id.nil? || id.empty?
Severity: Minor
Found in modules/post/multi/gather/firefox_creds.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method extract_creds has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def extract_creds(secret, files)
    creds = []
    files.each do |file|
      settings = get_settings(file)
      next if settings.empty?
Severity: Minor
Found in modules/post/multi/gather/remmina_creds.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    userhives = load_missing_hives
    userhives.each do |hive|
      next if hive['HKU'].nil?
Severity: Minor
Found in modules/post/windows/gather/credentials/heidisql.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    if datastore['FILE_INDEX']
      fail_with(Failure::BadConfig, 'Please specify a non-negative file index!') unless datastore['FILE_INDEX'] >= 0

      handle = check_path("\\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy#{datastore['FILE_INDEX']}\\Windows\\System32\\config\\SAM")
Severity: Minor
Found in modules/post/windows/gather/credentials/windows_sam_hivenightmare.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method prompt has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def prompt
    while (input = prompt_show)
      break if input == 'exit'
      break if input == 'exit '
Severity: Minor
Found in modules/post/linux/manage/pseudo_shell.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method choose_mem_regions has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def choose_mem_regions(pid, match_data = [])
    return [] if match_data.empty?

    mem_regions = []
    match_data.each do |match|
Severity: Minor
Found in modules/post/linux/gather/mimipenguin.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

    def on_request_uri(cli, request)
      if request.uri =~ /status$/i
        send_response_html(cli, get_status().to_json(), { 'Content-Type' => 'application/json' })
      elsif request.uri =~ /statistics$/i
        send_response_html(cli, get_stats().to_json(), { 'Content-Type' => 'applicaiton/json' })
Severity: Minor
Found in tools/hardware/elm327_relay.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method parse has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

    def self.parse(args)
      options = {
        formatter:     DND::DEFAULT_FORMATTER,
        gadget_chain:  DND::DEFAULT_GADGET_CHAIN,
        output_format: 'raw',
Severity: Minor
Found in tools/payloads/ysoserial/dot_net.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method use has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def use(mod, opts = { })
    if mod.nil?
      raise RuntimeError, "No modules were specified", caller
    end
Severity: Minor
Found in lib/rex/post/meterpreter/client_core.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cmd_unset_with_fallbacks has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def cmd_unset_with_fallbacks(*args)
    if args.include?('-h') || args.include?('--help')
      cmd_unset_help
      return
    end
Severity: Minor
Found in lib/msf/ui/console/command_dispatcher/core.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method cmd_db_connect has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def cmd_db_connect(*args)
    return if not db_check_driver

    opts = {}
    while (arg = args.shift)
Severity: Minor
Found in lib/msf/ui/console/command_dispatcher/db.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method juniper_junos_config_eater has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

    def juniper_junos_config_eater(thost, tport, config)
      report_host({
        host: thost,
        os_name: 'Juniper JunOS'
      })
Severity: Minor
Found in lib/msf/core/auxiliary/juniper.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method do_report_failure_or_success has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

  def do_report_failure_or_success(opts)
    return unless opts[:refs]
    ::ApplicationRecord.connection_pool.with_connection {
      mrefs  = opts[:refs]
      host   = opts[:host]
Severity: Minor
Found in lib/msf/core/db_manager/exploit_attempt.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method dump_table_fields has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

    def dump_table_fields(table, columns, condition = '', limit = '')
      return '' if columns.empty?

      one_column = columns.length == 1
      if one_column
Severity: Minor
Found in lib/msf/core/exploit/sqli/sqlitei/common.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_aes_keys has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

        def get_aes_keys(base_fqdn, vc_psc_fqdn, base_dn, bind_dn, shell_bind_pw)
          return nil unless command_exists? ldapsearch_bin

          # this may error,
          header = 'vmwSTSTenantKey: '
Severity: Minor
Found in lib/msf/core/post/vcenter/vcenter.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method hash_to_jtr has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
Open

          def self.hash_to_jtr(cred)
            case cred.private.type
            when 'Metasploit::Credential::NTLMHash'
              return "#{cred.public.username}:#{cred.id}:#{cred.private.data}:::#{cred.id}"
            when 'Metasploit::Credential::PostgresMD5'
Severity: Minor
Found in lib/metasploit/framework/password_crackers/jtr/formatter.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Identical blocks of code found in 2 locations. Consider refactoring.
Open

    public final IntBuffer [] spray(short[] sc, short[] np)
      {
          int cnt = 50; // total 50 mb
          int sz = 1024*1024; // 1 mb
          int nops = (sz / 4) - (sc.length);
Severity: Major
Found in external/source/exploits/CVE-2009-3869/AppletX.java and 1 other location - About 4 hrs to fix
external/source/exploits/CVE-2009-3867/AppletX.java on lines 113..140

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 265.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Identical blocks of code found in 2 locations. Consider refactoring.
Open

    public final IntBuffer [] spray(short[] sc, short[] np)
      {
          int cnt = 50; // total 50 mb
          int sz = 1024*1024; // 1 mb
          int nops = (sz / 4) - (sc.length);
Severity: Major
Found in external/source/exploits/CVE-2009-3867/AppletX.java and 1 other location - About 4 hrs to fix
external/source/exploits/CVE-2009-3869/AppletX.java on lines 84..111

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 265.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method run has 106 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def run
    # setting up some basic variables
    uri = datastore['TARGETURI']
    user = datastore['HttpUsername']
    rhost = datastore['RHOST']
Severity: Major
Found in modules/auxiliary/admin/http/linksys_wrt54gl_exec.rb - About 4 hrs to fix

    Method run_host has 106 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run_host(ip)
    host_port = "#{ip}:#{datastore['RPORT']}"
    type = 'ROUTER_ADM'
    version = 0x26
    cmd = 0x2
    Severity: Major
    Found in modules/auxiliary/scanner/sap/sap_router_info_request.rb - About 4 hrs to fix
      Severity
      Category
      Status
      Source
      Language