Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Method exploit has 73 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def exploit
    # get system architecture
    arch = sysinfo['Architecture']
    if arch != payload_instance.arch.first
      fail_with(Failure::BadConfig, 'Wrong payload architecture!')
Severity: Major
Found in modules/exploits/windows/local/dnsadmin_serverlevelplugindll.rb - About 2 hrs to fix

    Method exploit has 73 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def exploit
    fail_with(Failure::None, 'Session is already elevated') if is_system?
    if !payload.arch.include?(ARCH_X86)
      fail_with(Failure::None, 'Payload architecture is not compatible with this module. Please, select an x86 payload')
    end
    Severity: Major
    Found in modules/exploits/windows/local/anyconnect_lpe.rb - About 2 hrs to fix

      Method initialize has 73 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Oracle Business Transaction Management FlashTunnelService Remote Code Execution',
      Severity: Major
      Found in modules/exploits/windows/http/oracle_btm_writetofile.rb - About 2 hrs to fix

        Method initialize has 73 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Dup Scout Enterprise Login Buffer Overflow',
        Severity: Major
        Found in modules/exploits/windows/http/dup_scout_enterprise_login_bof.rb - About 2 hrs to fix

          Method on_request_uri has 73 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def on_request_uri(cli, request)

    agent = request.headers['User-Agent']
    my_target = get_target(agent)
          Severity: Major
          Found in modules/exploits/windows/browser/ms12_037_ie_colspan.rb - About 2 hrs to fix

            Method initialize has 73 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(update_info(info,
      'Name'           => 'MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution',
      'Description'    => %q{
        This module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where
            Severity: Major
            Found in modules/exploits/windows/smb/ms17_010_psexec.rb - About 2 hrs to fix

              Method exploit has 73 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def exploit
    if !datastore['ForceExploit'] && is_root?
      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
    end
              Severity: Major
              Found in modules/exploits/linux/local/asan_suid_executable_priv_esc.rb - About 2 hrs to fix

                Method initialize has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Linux Nested User Namespace idmap Limit Local Privilege Escalation',
                Severity: Major
                Found in modules/exploits/linux/local/nested_namespace_idmap_limit_priv_esc.rb - About 2 hrs to fix

                  Method initialize has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(update_info(info,
      'Name'           => 'GoAhead Web Server LD_PRELOAD Arbitrary Module Load',
      'Description'    => %q{
          This module triggers an arbitrary shared library load vulnerability
                  Severity: Major
                  Found in modules/exploits/linux/http/goahead_ldpreload.rb - About 2 hrs to fix

                    Method initialize has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.',
                    Severity: Major
                    Found in modules/exploits/linux/http/terramaster_unauth_rce_cve_2021_45837.rb - About 2 hrs to fix

                      Method initialize has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Hikvision IP Camera Unauthenticated Command Injection',
                      Severity: Major
                      Found in modules/exploits/linux/http/hikvision_cve_2021_36260_blind.rb - About 2 hrs to fix

                        Method mapping_data has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def mapping_data
    {
      'properties' => {
        'upgrade-assistant-telemetry' => {
          'properties' => {
                        Severity: Major
                        Found in modules/exploits/linux/http/kibana_upgrade_assistant_telemetry_rce.rb - About 2 hrs to fix

                          Method initialize has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Aerospike Database UDF Lua Code Execution',
                          Severity: Major
                          Found in modules/exploits/linux/misc/aerospike_database_udf_cmd_exec.rb - About 2 hrs to fix

                            Method wlan_get_networks has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def wlan_get_networks(wlan_handle, guid)
    networks = []

    bss_list = @wlanapi.WlanGetNetworkBssList(wlan_handle, guid, nil, 3, true, nil, 4)
    pointer = bss_list['ppWlanBssList']
                            Severity: Major
                            Found in modules/post/windows/wlan/wlan_bss_list.rb - About 2 hrs to fix

                              Method parse has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                  def self.parse(args)
      options = {
        formatter:     DND::DEFAULT_FORMATTER,
        gadget_chain:  DND::DEFAULT_GADGET_CHAIN,
        output_format: 'raw',
                              Severity: Major
                              Found in tools/payloads/ysoserial/dot_net.rb - About 2 hrs to fix

                                Method make_bind_fake_multi has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def self.make_bind_fake_multi(uuid, vers, bind_head=0, bind_tail=0)

    bind_head = bind_head.to_i
    bind_tail = bind_tail.to_i
    bind_head = rand(6)+10 if bind_head == 0
                                Severity: Major
                                Found in lib/rex/proto/dcerpc/packet.rb - About 2 hrs to fix

                                  Method cmd_webcam_stream has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def cmd_webcam_stream(*args)
    if client.webcam.webcam_list.length == 0
      print_error("Target does not have a webcam")
      return
    end
                                  Severity: Major
                                  Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb - About 2 hrs to fix

                                    Method generate has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                        def self.generate(cmd)
      inner = GadgetChains::TextFormattingRunProperties.generate(cmd)
      system_data = Assemblies::VERSIONS['4.0.0.0'].fetch('System.Data')
      library = Types::RecordValues::BinaryLibrary.new(
        library_id: 2,
                                    Severity: Major
                                    Found in lib/msf/util/dot_net_deserialization/gadget_chains/data_set.rb - About 2 hrs to fix

                                      Method add_computer has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def add_computer(opts = {})
    tree = opts[:tree] || connect_ipc

    samr_con = connect_samr(tree)
                                      Severity: Major
                                      Found in lib/msf/core/exploit/remote/ms_samr/computer.rb - About 2 hrs to fix

                                        Method _write_file_unix_shell has 73 lines of code (exceeds 25 allowed). Consider refactoring.
                                        Open

                                          def _write_file_unix_shell(file_name, data, append = false)
    redirect = (append ? '>>' : '>')

    # Short-circuit an empty string. The : builtin is part of posix
    # standard and should theoretically exist everywhere.
                                        Severity: Major
                                        Found in lib/msf/core/post/file.rb - About 2 hrs to fix
                                          Severity
                                          Category
                                          Status
                                          Source
                                          Language