rapid7/metasploit-framework

View on GitHub

Showing 7,287 of 21,960 total issues

File dns.rb has 611 lines of code (exceeds 250 allowed). Consider refactoring.
Open

module Msf
module Ui
module Console
module CommandDispatcher

Severity: Major
Found in lib/msf/ui/console/command_dispatcher/dns.rb - About 1 day to fix

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

    
        xref = []
        eol = "\x0d\x0a"
        endobj = "endobj" << eol
    
    
    Severity: Major
    Found in modules/exploits/windows/browser/adobe_jbig2decode.rb and 1 other location - About 1 day to fix
    modules/exploits/windows/fileformat/adobe_jbig2decode.rb on lines 176..225

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 333.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

    
        xref = []
        eol = "\x0d\x0a"
        endobj = "endobj" << eol
    
    
    Severity: Major
    Found in modules/exploits/windows/fileformat/adobe_jbig2decode.rb and 1 other location - About 1 day to fix
    modules/exploits/windows/browser/adobe_jbig2decode.rb on lines 185..234

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 333.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

        jobs_to_do.each do |job|
          format = job['type']
          hash_file = Rex::Quickfile.new("hashes_#{job['type']}_")
          hash_file.puts job['formatted_hashlist']
          hash_file.close
    Severity: Major
    Found in modules/auxiliary/analyze/crack_databases.rb and 1 other location - About 1 day to fix
    modules/auxiliary/analyze/crack_webapps.rb on lines 129..207

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 333.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

        jobs_to_do.each do |job|
          format = job['type']
          hash_file = Rex::Quickfile.new("hashes_#{job['type']}_")
          hash_file.puts job['formatted_hashlist']
          hash_file.close
    Severity: Major
    Found in modules/auxiliary/analyze/crack_webapps.rb and 1 other location - About 1 day to fix
    modules/auxiliary/analyze/crack_databases.rb on lines 176..256

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 333.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Class Db has 70 methods (exceeds 20 allowed). Consider refactoring.
    Open

    class Db
    
      require 'tempfile'
    
      include Msf::Ui::Console::CommandDispatcher
    Severity: Major
    Found in lib/msf/ui/console/command_dispatcher/db.rb - About 1 day to fix

      File vim_soap.rb has 597 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      module Msf
      
      module Exploit::Remote::VIMSoap
        include Msf::Exploit::Remote::HttpClient
      
      
      Severity: Major
      Found in lib/msf/core/exploit/remote/vim_soap.rb - About 1 day to fix

        File auth_brute.rb has 595 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        module Msf
        
        ###
        #
        # This module provides methods for brute forcing authentication
        Severity: Major
        Found in lib/msf/core/auxiliary/auth_brute.rb - About 1 day to fix

          File utils.rb has 587 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          module Rex::Proto::NTLM
            class Utils
          
              # duplicate from lib/rex/proto/smb/utils cause we only need this function from Rex::Proto::SMB::Utils
              # Convert a unix timestamp to a 64-bit signed server time
          Severity: Major
          Found in lib/rex/proto/ntlm/utils.rb - About 1 day to fix

            File http_client.rb has 587 lines of code (exceeds 250 allowed). Consider refactoring.
            Open

            require 'uri'
            require 'digest'
            
            module Msf
            
            
            Severity: Major
            Found in lib/msf/core/exploit/remote/http_client.rb - About 1 day to fix

              Method on_request_uri has 252 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def on_request_uri(cli, request)
                  print_status("Sending #{request.uri} to #{request['User-Agent']}")
                  escaped_payload = Rex::Text.to_unescape(payload.raw)
                  jscript = %Q^
              var shellcode = unescape("#{escaped_payload}");
              Severity: Major
              Found in modules/exploits/multi/browser/chrome_jscreate_sideeffect.rb - About 1 day to fix

                File crushftp_rce_cve_2023_43177.rb has 585 lines of code (exceeds 250 allowed). Consider refactoring.
                Open

                class MetasploitModule < Msf::Exploit::Remote
                  Rank = ExcellentRanking
                
                  include Msf::Exploit::Remote::HttpClient
                  include Msf::Exploit::FileDropper
                Severity: Major
                Found in modules/exploits/multi/http/crushftp_rce_cve_2023_43177.rb - About 1 day to fix

                  Method on_request_uri has 249 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def on_request_uri(cli, request)
                      print_status("Sending #{request.uri} to #{request['User-Agent']}")
                      download_payload = ''
                      shellcode = payload.encoded
                      uripath = datastore['URIPATH'] || get_resource
                  Severity: Major
                  Found in modules/exploits/multi/browser/chrome_object_create.rb - About 1 day to fix

                    File cloud_lookup.rb has 580 lines of code (exceeds 250 allowed). Consider refactoring.
                    Open

                    require 'public_suffix'
                    
                    class MetasploitModule < Msf::Auxiliary
                      include Msf::Exploit::Remote::DNS::Enumeration
                      include Msf::Auxiliary::Report
                    Severity: Major
                    Found in modules/auxiliary/gather/cloud_lookup.rb - About 1 day to fix

                      File firefox_creds.rb has 580 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      require 'tmpdir'
                      
                      #
                      # Gems
                      #
                      Severity: Major
                      Found in modules/post/multi/gather/firefox_creds.rb - About 1 day to fix

                        Method command_string has 247 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def command_string
                            if (datastore['JOBNAME'] == "DUMMY") && !datastore['FTPUSER'].nil?
                              datastore['JOBNAME'] = (datastore['FTPUSER'] + "1").strip.upcase
                            end
                            lhost = Rex::Socket.resolv_nbo(datastore['LHOST'])
                        Severity: Major
                        Found in modules/payloads/singles/cmd/mainframe/bind_shell_jcl.rb - About 1 day to fix

                          Method osx_capture_media has 247 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def osx_capture_media(opts)
                              capture_code = <<-EOS
                          #{osx_ruby_dl_header}
                          
                          options = {
                          Severity: Major
                          Found in lib/msf/core/post/osx/ruby_dl.rb - About 1 day to fix

                            Method mssql_login has 246 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                                    def mssql_login(user='sa', pass='', db='', domain_name='')
                                      prelogin_data = mssql_prelogin
                                      if auth == Msf::Exploit::Remote::AuthOption::KERBEROS
                                        idx = 0
                                        pkt = ''
                            Severity: Major
                            Found in lib/rex/proto/mssql/client.rb - About 1 day to fix

                              Method get_registry has 245 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def get_registry(outlook_ver)
                                  # Determine if saved accounts exist within Outlook.  Ignore the Address Book and Personal Folder registry entries.
                                  outlook_exists = 0
                                  saved_accounts = 0
                              
                              
                              Severity: Major
                              Found in modules/post/windows/gather/credentials/outlook.rb - About 1 day to fix

                                File protocol.rb has 575 lines of code (exceeds 250 allowed). Consider refactoring.
                                Open

                                require "socket"
                                require "timeout"
                                require "digest/sha1"
                                require "stringio"
                                
                                
                                Severity: Major
                                Found in lib/rbmysql/protocol.rb - About 1 day to fix
                                  Severity
                                  Category
                                  Status
                                  Source
                                  Language