Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 21,886 of 21,886 total issues

Method find_files has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def find_files(file)
    traversal = '/../..'

    res = send_request_cgi(
      {
Severity: Minor
Found in modules/auxiliary/scanner/http/tplink_traversal_noauth.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run_host has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

    def run_host(ip)
      if datastore['SUBDOM_LIST'] and ::File.file?(datastore['SUBDOM_LIST'])
        valstr = IO.readlines(datastore['SUBDOM_LIST']).map {
          |e| e.gsub(".#{datastore['DOMAIN']}", "").chomp
        }
Severity: Minor
Found in modules/auxiliary/scanner/http/vhost_scanner.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run_host has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def run_host(ip)
    trav_strings = [
      '../',
      './.../'
    ]
Severity: Minor
Found in modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method valid? has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

    def valid?
      @error_list = []
      @key_data = Set.new

      unless @private_key.present? || @key_path.present?
Severity: Minor
Found in modules/auxiliary/scanner/ssh/ssh_login_pubkey.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    # obtain token and cookie required for login
    res = send_request_cgi 'uri' => normalize_uri(target_uri.path, 'bolt', 'login')

    return CheckCode::Unknown('Connection failed') unless res
Severity: Minor
Found in modules/exploits/unix/webapp/bolt_authenticated_rce.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    csrf_tok = authenticate

    # Grab the list of configured policies
    policy_list_uri = normalize_uri(target_uri.path, '/ServletAPI/configuration/policyConfig/getPolicyConfigDetails')
Severity: Minor
Found in modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2022_28810.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exec_cmd has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def exec_cmd(sql, cmd, d)
    boundary = rand_text_alphanumeric(8)
    method = datastore['METHOD'] ? "VbBusObj.VbBusObjCls.GetRecordset" : "AdvancedDataFactory.Query"
    dsn = Rex::Text.to_unicode(d)
    if (d =~ /driver=\{SQL Server\}/)
Severity: Minor
Found in modules/exploits/windows/iis/msadc.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if @exploit_method.nil? # this means the user has disabled autocheck so we should try the default exploit method
      @exploit_method = 'default'
    elsif @exploit_method == 'cve_2021_42847' && datastore['PAYLOAD'] =~ /meterpreter/
      print_warning('Exploitation is possible only via CVE-2021-42847. This attack vector may fail in combination with a meterpreter payload.')
Severity: Minor
Found in modules/exploits/windows/http/manageengine_adaudit_plus_authenticated_rce.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    all_files_uploaded = false

    # Upload PHP web shell and meterpreter to writable directory on target
    for i in 0...@WRITABLE_PATHS.size
Severity: Minor
Found in modules/exploits/linux/http/nagios_xi_magpie_debug.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    # Try to authenticate
    success, msg_or_check_code = opennms_login('check')
    return msg_or_check_code unless success
Severity: Minor
Found in modules/exploits/linux/http/opennms_horizon_authenticated_rce.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    username = cmd_exec('whoami').strip
    security_path = datastore['SECURITY_PATH'].shellescape
    sidebar_plist_path = datastore['SIDEBAR_PLIST_PATH'].gsub(/^~/, "/Users/#{username}").shellescape
    recent_plist_path = datastore['RECENT_PLIST_PATH'].gsub(/^~/, "/Users/#{username}").shellescape
Severity: Minor
Found in modules/post/osx/manage/mount_share.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method create_scheduler_task has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def create_scheduler_task(script_on_target)
    unless is_system? || is_admin?
      print_error('Insufficient privileges to create a scheduler task')
      return
    end
Severity: Minor
Found in modules/post/windows/manage/persistence_exe.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    # Registry key to manipulate
    reg_key = 'HKLM\\SAM\\SAM\\Domains\\Account\\Users'

    # Checks privileges of the session, and tries to get SYSTEM privileges if needed.
Severity: Minor
Found in modules/post/windows/manage/rid_hijack.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def run
    # Log file variables
    host = session.session_host
    port = session.session_port
    filenameinfo = '_' + ::Time.now.strftime('%Y%m%d.%M%S')    # Create Filename info to be appended to downloaded files
Severity: Minor
Found in modules/post/windows/capture/lockout_keylogger.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method run has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def run(dirs, options = {})
    @exit_status = 0

    rubocop_runner = RuboCopRunner.new
    dirs.each do |dir|
Severity: Minor
Found in tools/dev/msftidy.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method line_checks has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def line_checks
    idx = 0
    in_codeblock = false
    in_options = false
Severity: Minor
Found in tools/dev/msftidy_docs.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method inspect has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

      def inspect
        retval = ""
        if @answerfrom != "0.0.0.0:0" and @answerfrom
          retval << ";; Answer received from #@answerfrom (#{@answersize} bytes)\n;;\n"
        end
Severity: Minor
Found in lib/net/dns/packet.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method read has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def read()

    max_read = self.options['pipe_read_max_size'] || 1024*1024
    min_read = self.options['pipe_read_min_size'] || max_read
Severity: Minor
Found in lib/rex/proto/dcerpc/client.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method start_element has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

        def start_element(name, attrs = [])
          attrs = attrs.to_h

          case name
          when 'data'
Severity: Minor
Found in lib/rex/parser/graphml.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring.
Open

  def Process.execute(path, arguments = nil, opts = nil)
    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE)
    flags   = 0

    # If we were supplied optional arguments...
Severity: Minor
Found in lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language