Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,004 of 22,004 total issues

Method cmd_features has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
Open

  def cmd_features(*args)
    args << 'print' if args.empty?

    action, *rest = args
    case action
Severity: Minor
Found in lib/msf/ui/console/command_dispatcher/core.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_user_keys has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
Open

    def get_user_keys(&block)
      users = {}
      users_key = normalize_key('HKLM\\SAM\\SAM\\Domains\\Account\\Users')
      rids = enum_key(users_key)
      if rids
Severity: Minor
Found in lib/msf/util/windows_registry/sam.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method start_keep_alive_loop has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
Open

      def start_keep_alive_loop(framework)
        self.keep_alive_thread = framework.threads.spawn('WinRM-shell-keepalive', false, shell) do |_thr_shell|
          loop_delay = 0.5
          loop do
            tmp_buffer = []
Severity: Minor
Found in lib/msf/base/sessions/winrm_command_shell.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method scanner_recv has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
Open

  def scanner_recv(timeout = 0.1)
    queue = []
    start = Time.now
    while Time.now - start < timeout do
      readable, _, _ = ::IO.select(@udp_sockets.values, nil, nil, timeout)
Severity: Minor
Found in lib/msf/core/auxiliary/udp_scanner.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method determine_prerequisites has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
Open

  def determine_prerequisites
    mod_detail = @framework.modules.create(@mod.fullname)
    if mod_detail.nil?
      @required << :module_not_loadable
      return
Severity: Minor
Found in lib/msf/core/analyze/result.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method process_data has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
Open

  def process_data(data)
    @inbuffer += data if data
    case @state
    when :id_state
      if line?
Severity: Minor
Found in lib/msf/core/exploit/remote/tincd_exploit_client.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method read_data_by_id has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
Open

  def read_data_by_id(bus, src_id, dst_id, id, opt = {})
    data = []
    unless client.automotive
      print_error("Not an automotive hwbridge session")
      return {} if show_error
Severity: Minor
Found in lib/msf/core/post/hardware/automotive/uds.rb - About 4 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Similar blocks of code found in 5 locations. Consider refactoring.
Open

<object classid='clsid:98C53984-8BF8-4D11-9B1C-C324FCA9CADE' id='#{mqcontrol}'></object>
<script language='javascript'>
#{j_shellcode} = unescape('#{shellcode}');
#{randnop} = "#{nops}";
#{j_nops} = unescape(#{randnop});
Severity: Major
Found in modules/exploits/windows/browser/hpmqc_progcolor.rb and 4 other locations - About 4 hrs to fix
modules/exploits/windows/browser/ms09_002_memory_corruption.rb on lines 101..128
modules/exploits/windows/browser/novelliprint_executerequest.rb on lines 79..96
modules/exploits/windows/browser/winzip_fileview.rb on lines 88..108
modules/exploits/windows/fileformat/aol_phobos_bof.rb on lines 107..123

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 140.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 5 locations. Consider refactoring.
Open

    js = %Q|
var #{rand1} = unescape("#{shellcode}");
var #{rand2} = new Array();
var #{rand3} = 0x100000-(#{rand1}.length*2+0x01020);
var #{rand4} = unescape("#{ret}");
Severity: Major
Found in modules/exploits/windows/browser/ms09_002_memory_corruption.rb and 4 other locations - About 4 hrs to fix
modules/exploits/windows/browser/hpmqc_progcolor.rb on lines 87..103
modules/exploits/windows/browser/novelliprint_executerequest.rb on lines 79..96
modules/exploits/windows/browser/winzip_fileview.rb on lines 88..108
modules/exploits/windows/fileformat/aol_phobos_bof.rb on lines 107..123

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 140.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 5 locations. Consider refactoring.
Open

    content = %Q|
      <html>
        <object id='#{vname}' classid='clsid:A09AE68F-B14D-43ED-B713-BA413F034904'></object>
        <script language="JavaScript">
        function #{boom}() {
Severity: Major
Found in modules/exploits/windows/browser/winzip_fileview.rb and 4 other locations - About 4 hrs to fix
modules/exploits/windows/browser/hpmqc_progcolor.rb on lines 87..103
modules/exploits/windows/browser/ms09_002_memory_corruption.rb on lines 101..128
modules/exploits/windows/browser/novelliprint_executerequest.rb on lines 79..96
modules/exploits/windows/fileformat/aol_phobos_bof.rb on lines 107..123

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 140.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 5 locations. Consider refactoring.
Open

    content = %Q|
      <html>
      <object id='#{vname}' classid='clsid:36723F97-7AA0-11D4-8919-FF2D71D0D32C'></object>
      <script language="JavaScript">
      var #{rand1} = unescape('#{shellcode}');
Severity: Major
Found in modules/exploits/windows/browser/novelliprint_executerequest.rb and 4 other locations - About 4 hrs to fix
modules/exploits/windows/browser/hpmqc_progcolor.rb on lines 87..103
modules/exploits/windows/browser/ms09_002_memory_corruption.rb on lines 101..128
modules/exploits/windows/browser/winzip_fileview.rb on lines 88..108
modules/exploits/windows/fileformat/aol_phobos_bof.rb on lines 107..123

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 140.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 5 locations. Consider refactoring.
Open

<object classid='clsid:A105BD70-BF56-4D10-BC91-41C88321F47C' id='#{phobos}'></object>
<script>
#{j_shellcode}=unescape('#{shellcode}');
#{j_nops}=unescape('#{nops}');
#{j_headersize}=20;
Severity: Major
Found in modules/exploits/windows/fileformat/aol_phobos_bof.rb and 4 other locations - About 4 hrs to fix
modules/exploits/windows/browser/hpmqc_progcolor.rb on lines 87..103
modules/exploits/windows/browser/ms09_002_memory_corruption.rb on lines 101..128
modules/exploits/windows/browser/novelliprint_executerequest.rb on lines 79..96
modules/exploits/windows/browser/winzip_fileview.rb on lines 88..108

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 140.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method try_exploit has 102 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def try_exploit(exploit_string, keystream, bruting)
    connect
    idtype_msg = sock.get_once(12)

    if idtype_msg.length != 12
Severity: Major
Found in modules/auxiliary/gather/darkcomet_filedownloader.rb - About 4 hrs to fix

    Method run_host has 102 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run_host(ip)
      output_data = {}
    begin
      snmp = connect_snmp
    Severity: Major
    Found in modules/auxiliary/scanner/snmp/ubee_ddw3611.rb - About 4 hrs to fix

      Method exploit has 102 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def exploit
    base = normalize_uri(target_uri.path)
    base << '/' if base[-1, 1] != '/'

    datastore['COOKIE'] = "PHPSESSID=" + rand_text_alpha_lower(26) + ";"
      Severity: Major
      Found in modules/exploits/multi/http/testlink_upload_exec.rb - About 4 hrs to fix

        Method initialize has 102 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Gitea Git Hooks Remote Code Execution',
        Severity: Major
        Found in modules/exploits/multi/http/gitea_git_hooks_rce.rb - About 4 hrs to fix

          Method brute_exploit has 102 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def brute_exploit(target_addrs)

    zvalref   = encode_semis('i:0;R:2;')

#
          Severity: Major
          Found in modules/exploits/multi/php/php_unserialize_zval_cookie.rb - About 4 hrs to fix

            Method initialize has 102 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution',
            Severity: Major
            Found in modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb - About 4 hrs to fix

              Method find_exec has 102 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def find_exec
    # config data - greets to rain forest puppy :)
    boundary = rand_text_alphanumeric(8)

    if (datastore['NAME']) # Obtain the hostname if true
              Severity: Major
              Found in modules/exploits/windows/iis/msadc.rb - About 4 hrs to fix

                Method process_propfind has 102 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def process_propfind(cli, request)
    path = request.uri
    vprint_status("PROPFIND #{path}")

    if path !~ /\/$/
                Severity: Major
                Found in modules/exploits/windows/http/cogent_datahub_command.rb - About 4 hrs to fix
                  Severity
                  Category
                  Status
                  Source
                  Language