Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 21,757 of 21,757 total issues

File apk.rb has 323 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'rex/text'
require 'tmpdir'
require 'nokogiri'
require 'fileutils'
require 'optparse'
Severity: Minor
Found in lib/msf/core/payload/apk.rb - About 3 hrs to fix

    Method tryExpl has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

        private int tryExpl() 
    {                                      
        try {
            // alloc aux vars
            String name = "setSecurityManager";
    Severity: Minor
    Found in external/source/exploits/CVE-2013-2465/Exploit.java - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method cmd_aggregator_sessions has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

          def cmd_aggregator_sessions(*args)
        case args.length
        when 0
          is_detailed = false
        when 1
    Severity: Minor
    Found in plugins/aggregator.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method search_subdomains has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def search_subdomains(target)
    domains = {}
    ipv4 = Rex::Socket.is_ipv4?(target)
    dork = ipv4 ? "ip:#{target}" : "domain:#{target}"
    Severity: Minor
    Found in modules/auxiliary/gather/searchengine_subdomains_collector.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method run has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def run

    print_status("#{rhost}:#{rport} - Fingerprinting...")
    res = send_request_cgi({
      'uri'      => normalize_uri(target_uri.to_s, "login"),
    Severity: Minor
    Found in modules/auxiliary/gather/apache_rave_creds.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method run has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def run
    print_status("Beginning IBM Lotus Notes Sametime Meeting Room Bruteforce")
    print_status("Using owner: #{datastore['OWNER']}")

    # test for expected response code on non-existent meeting room name
    Severity: Minor
    Found in modules/auxiliary/gather/ibm_sametime_room_brute.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method find_esc13_vuln_cert_templates has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def find_esc13_vuln_cert_templates
    esc_raw_filter = <<~FILTER
      (&
        (objectclass=pkicertificatetemplate)
        (!(mspki-enrollment-flag:1.2.840.113556.1.4.804:=2))
    Severity: Minor
    Found in modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method run has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def run()
    strtport = datastore['STRTPORT']
    fnlport = datastore['FNLPORT']

    print_status("Trying target #{datastore['RHOST']}...")
    Severity: Minor
    Found in modules/auxiliary/scanner/sip/sipdroid_ext_enum.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method analyze has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def analyze(ipids)
    allzeros = true
    allsame = true
    mul256 = true
    inc = true
    Severity: Minor
    Found in modules/auxiliary/scanner/ip/ipidseq.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method get_version has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def get_version
    res = send_request_cgi({
      'uri'    => '/',
      'method' => 'GET'
    })
    Severity: Minor
    Found in modules/exploits/multi/http/manageengine_auth_upload.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method upload_exec has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def upload_exec(session,rpath)
    contents=''
    name = Rex::Text.rand_text_alpha(8)

    # We must register this file early, that way the on_new_session method
    Severity: Minor
    Found in modules/exploits/multi/http/axis2_deployer.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method exploit has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def exploit
    user = datastore['USERNAME']
    pass = datastore['PASSWORD']
    rpath = normalize_uri(datastore['PATH'])
    Severity: Minor
    Found in modules/exploits/multi/http/axis2_deployer.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method exploit has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def exploit
    check_pcaprub_loaded # Check first

    ret_offset = target['RetOff']
    Severity: Minor
    Found in modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method exploit has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def exploit
    begin
      @token = get_imperstoken
    rescue Rex::Post::Meterpreter::RequestError
      vprint_error("Error while using get_imperstoken: #{e}")
    Severity: Minor
    Found in modules/exploits/windows/local/webexec.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method weak_file_permissions has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def weak_file_permissions(service_name, service, _path, token)
    success = false
    vprint_status("[#{service_name}] Checking for weak file permissions")

    # get path to exe; parse out quotes and arguments
    Severity: Minor
    Found in modules/exploits/windows/local/service_permissions.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method exploit has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def exploit
    peer = "#{rhost}:#{rport}"

    if target.name =~ /WMI/
    Severity: Minor
    Found in modules/exploits/windows/http/oracle_btm_writetofile.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method exploit has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def exploit
    return unless check == Exploit::CheckCode::Appears

    @encrypted = datastore['ENCRYPTED']
    verification_code = datastore['VERIFICATION_CODE']
    Severity: Minor
    Found in modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method check has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def check
    arch = kernel_hardware

    # Could we potentially support x86? Yes, potentially. Will we? Well considering the 5.7 kernel was released
    # in 2020 and official support for x64 kernels ended in 2012 with
    Severity: Minor
    Found in modules/exploits/linux/local/cve_2021_3490_ebpf_alu32_bounds_check_lpe.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method exploit has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def exploit

    connect(versions: [1])
    login_time = Time.now
    smb_login()
    Severity: Minor
    Found in modules/exploits/windows/smb/ms10_061_spoolss.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method exploit has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
    Open

      def exploit
    downfile = datastore['DOWNFILE'] || rand_text_alpha(8+rand(8))
    @uri = '/tools_vct.htm'
    user = datastore['USERNAME']
    pass = datastore['PASSWORD']
    Severity: Minor
    Found in modules/exploits/linux/http/dlink_dir615_up_exec.rb - About 3 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Severity
    Category
    Status
    Source
    Language