Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 21,757 of 21,757 total issues

Method asm_block_recv_rc4 has 96 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def asm_block_recv_rc4(opts={})
    xorkey = Rex::Text.to_dword(opts[:xorkey]).chomp
    reliable     = opts[:reliable]
    asm = %Q^
      recv:
Severity: Major
Found in lib/msf/core/payload/windows/reverse_tcp_rc4.rb - About 3 hrs to fix

    Method each_unfiltered has 96 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

        def each_unfiltered
      if pass_file.present?
        pass_fd = File.open(pass_file, 'r:binary')
      end
    Severity: Major
    Found in lib/metasploit/framework/credential_collection.rb - About 3 hrs to fix

      Class ConsoleCommandDispatcher has 31 methods (exceeds 20 allowed). Consider refactoring.
      Open

          class ConsoleCommandDispatcher
      include Msf::Ui::Console::CommandDispatcher

      class CaptureJobListener
        def initialize(name, done_event, dispatcher)
      Severity: Minor
      Found in plugins/capture.rb - About 3 hrs to fix

        Class NexposeRawDocument has 31 methods (exceeds 20 allowed). Consider refactoring.
        Open

            load_nokogiri && class NexposeRawDocument < Nokogiri::XML::SAX::Document

    include NokogiriDocMixin

    attr_reader :tests
        Severity: Minor
        Found in lib/rex/parser/nexpose_raw_document.rb - About 3 hrs to fix

          Class NmapDocument has 31 methods (exceeds 20 allowed). Consider refactoring.
          Open

              load_nokogiri && class NmapDocument < Nokogiri::XML::SAX::Document

    include NokogiriDocMixin

    attr_accessor :result
          Severity: Minor
          Found in lib/rex/parser/nmap_document.rb - About 3 hrs to fix

            Class Shares has 31 methods (exceeds 20 allowed). Consider refactoring.
            Open

                    class Console::CommandDispatcher::Shares

          include Rex::Post::SMB::Ui::Console::CommandDispatcher

          #
            Severity: Minor
            Found in lib/rex/post/smb/ui/console/command_dispatcher/shares.rb - About 3 hrs to fix

              Similar blocks of code found in 2 locations. Consider refactoring.
              Open

              module Payload::Windows::ReflectiveDllInject

  include Msf::ReflectiveDLLLoader
  include Msf::Payload::Windows
              Severity: Major
              Found in lib/msf/core/payload/windows/reflective_dll_inject.rb and 1 other location - About 3 hrs to fix
              lib/msf/core/payload/windows/x64/reflective_dll_inject_x64.rb on lines 13..94

              Duplicated Code

              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

              Tuning

              This issue has a mass of 132.

              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

              Refactorings

              Further Reading

              Similar blocks of code found in 2 locations. Consider refactoring.
              Open

                def initialize(info={})
    super(update_info(info,
      'Name'           => "IBM Lotus iNotes dwa85W ActiveX Buffer Overflow",
      'Description'    => %q{
          This module exploits a buffer overflow vulnerability on the UploadControl
              Severity: Major
              Found in modules/exploits/windows/browser/inotes_dwa85w_bof.rb and 1 other location - About 3 hrs to fix
              modules/exploits/windows/browser/quickr_qp2_bof.rb on lines 25..82

              Duplicated Code

              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

              Tuning

              This issue has a mass of 132.

              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

              Refactorings

              Further Reading

              Similar blocks of code found in 2 locations. Consider refactoring.
              Open

              module Payload::Windows::ReflectiveDllInject_x64

  include Msf::ReflectiveDLLLoader
  include Msf::Payload::Windows
              Severity: Major
              Found in lib/msf/core/payload/windows/x64/reflective_dll_inject_x64.rb and 1 other location - About 3 hrs to fix
              lib/msf/core/payload/windows/reflective_dll_inject.rb on lines 13..92

              Duplicated Code

              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

              Tuning

              This issue has a mass of 132.

              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

              Refactorings

              Further Reading

              Similar blocks of code found in 2 locations. Consider refactoring.
              Open

                def initialize(info={})
    super(update_info(info,
      'Name'           => "IBM Lotus QuickR qp2 ActiveX Buffer Overflow",
      'Description'    => %q{
          This module exploits a buffer overflow vulnerability on the UploadControl
              Severity: Major
              Found in modules/exploits/windows/browser/quickr_qp2_bof.rb and 1 other location - About 3 hrs to fix
              modules/exploits/windows/browser/inotes_dwa85w_bof.rb on lines 25..84

              Duplicated Code

              Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

              Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

              When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

              Tuning

              This issue has a mass of 132.

              We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

              The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

              If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

              See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

              Refactorings

              Further Reading

              Method handle_intermediate_stage has 95 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def handle_intermediate_stage(conn, payload)
    stager_file = File.join(Msf::Config.data_directory, 'meterpreter', 'aarch64_osx_stage')
    data = File.binread(stager_file)
    macho = Msf::Payload::MachO.new(data)
    output_data = macho.flatten
              Severity: Major
              Found in modules/payloads/stages/osx/aarch64/meterpreter.rb - About 3 hrs to fix

                Method initialize has 95 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'MyBB Admin Control Code Injection RCE',
                Severity: Major
                Found in modules/exploits/multi/http/mybb_rce_cve_2022_24734.rb - About 3 hrs to fix

                  File adobe_flashplayer_newfunction.rb has 325 lines of code (exceeds 250 allowed). Consider refactoring.
                  Open

                  require 'zlib'

class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking
                  Severity: Minor
                  Found in modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb - About 3 hrs to fix

                    Method make_pdf has 95 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def make_pdf(swf, js)

    swf_name = rand_text_alpha(8 + rand(8)) + ".swf"

    xref = []
                    Severity: Major
                    Found in modules/exploits/windows/browser/adobe_flashplayer_newfunction.rb - About 3 hrs to fix

                      Method make_js has 95 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def make_js

    # CreateFileMappingA + MapViewOfFile + memcpy rop chain
    rop_9 = Rex::Text.to_unescape(generate_rop_payload('reader', '', { 'target' => '9' }))
    rop_10 = Rex::Text.to_unescape(generate_rop_payload('reader', '', { 'target' => '10' }))
                      Severity: Major
                      Found in modules/exploits/windows/fileformat/adobe_toolbutton.rb - About 3 hrs to fix

                        Method make_pdf has 95 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def make_pdf(swf, js)

    swf_name = rand_text_alpha(8 + rand(8)) + ".swf"

    xref = []
                        Severity: Major
                        Found in modules/exploits/windows/fileformat/adobe_flashplayer_newfunction.rb - About 3 hrs to fix

                          Method make_pdf has 95 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def make_pdf(swf, js)

    swf_name = rand_text_alpha(8 + rand(8)) + ".swf"

    xref = []
                          Severity: Major
                          Found in modules/exploits/windows/fileformat/adobe_flashplayer_button.rb - About 3 hrs to fix

                            File kibana_upgrade_assistant_telemetry_rce.rb has 325 lines of code (exceeds 250 allowed). Consider refactoring.
                            Open

                            class MetasploitModule < Msf::Exploit::Remote
  Rank = ManualRanking # causes service to not respond until cleanup and reboot
  include Msf::Exploit::Remote::HttpClient
  # decided not to use autocheck since it doesn't work for both targets
                            Severity: Minor
                            Found in modules/exploits/linux/http/kibana_upgrade_assistant_telemetry_rce.rb - About 3 hrs to fix

                              File dumplinks.rb has 325 lines of code (exceeds 250 allowed). Consider refactoring.
                              Open

                              class MetasploitModule < Msf::Post
  include Msf::Post::Windows::Priv
  include Msf::Post::Windows::Accounts

  def initialize(info = {})
                              Severity: Minor
                              Found in modules/post/windows/gather/dumplinks.rb - About 3 hrs to fix

                                Method run has 95 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def run
    unless ((flow_file && properties_file) || identity_file)
      fail_with(Failure::NotFound, 'Unable to find login-identity-providers.xml, nifi.properties and/or flow.json.gz files')
    end
                                Severity: Major
                                Found in modules/post/linux/gather/apache_nifi_credentials.rb - About 3 hrs to fix
                                  Severity
                                  Category
                                  Status
                                  Source
                                  Language