Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 21,757 of 21,757 total issues

Method dump_sessions has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
Open

  def self.dump_sessions(framework, opts={})
    output = ""
    verbose = opts[:verbose] || false
    sessions = opts[:sessions] || framework.sessions
    show_active = opts[:show_active] || false
Severity: Minor
Found in lib/msf/base/serializer/readable_text.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method rpc_del_client has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
Open

  def rpc_del_client(xopts)
  ::ApplicationRecord.connection_pool.with_connection {
    db_check
    opts = fix_options(xopts)
    wspace = find_workspace(opts[:workspace])
Severity: Minor
Found in lib/msf/core/rpc/v10/rpc_db.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method find_context_key has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
Open

  def find_context_key(buf, badchars, state)
    # Make sure our context information file is sane
    if !File.exist?(datastore['ContextInformationFile'])
      raise NoKeyError, "A context information file must specified when using context encoding", caller
    end
Severity: Minor
Found in lib/msf/core/encoder.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method brocade_config_eater has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
Open

    def brocade_config_eater(thost, tport, config)
      # this is for brocade type devices.
      # It is similar to cisco
      # Docs: enable password-display -> http://wwwaem.brocade.com/content/html/en/command-reference-guide/fastiron-08040-commandref/GUID-169889CD-1A74-4A23-AC78-38796692374F.html
Severity: Minor
Found in lib/msf/core/auxiliary/brocade.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method suggest_modules_for_vulns has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
Open

  def suggest_modules_for_vulns(eval_host, vuln_families, payloads: nil)
    mrefs, _mports, _mservs = Msf::Modules::Metadata::Cache.instance.all_exploit_maps
    suggested_modules = []

    evaluated_module_targets = Set.new
Severity: Minor
Found in lib/msf/core/analyze.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method generate_sled has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
Open

  def generate_sled
    min   = reqs['MinNops'] || 0
    space = reqs['Space']
    pad_nops = reqs['PadNops']
Severity: Minor
Found in lib/msf/core/encoded_payload.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method report_web_vuln has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
Open

  def report_web_vuln(opts)
    return if not active
  ::ApplicationRecord.connection_pool.with_connection {
    opts = opts.clone() # protect the original caller's opts
    wspace = Msf::Util::DBManager.process_opts_workspace(opts, framework)
Severity: Minor
Found in lib/msf/core/db_manager/web.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_request_uri has a Cognitive Complexity of 26 (exceeds 5 allowed). Consider refactoring.
Open

    def on_request_uri(cli, request)
      case request.uri
      when '/', get_resource.chomp("/")
        #
        # This is the information gathering stage
Severity: Minor
Found in lib/msf/core/exploit/remote/browser_exploit_server.rb - About 3 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Identical blocks of code found in 3 locations. Consider refactoring.
Open

  def do_login(user)
    opt_hash = ssh_client_defaults.merge({
      auth_methods: ['publickey'],
      port: rport,
      key_data: [ key_data ]
Severity: Major
Found in modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb and 2 other locations - About 3 hrs to fix
modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb on lines 83..119
modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb on lines 79..116

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 130.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Identical blocks of code found in 3 locations. Consider refactoring.
Open

  def do_login(user)
    opt_hash = ssh_client_defaults.merge({
      auth_methods: ['publickey'],
      port: rport,
      key_data: [ key_data ]
Severity: Major
Found in modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb and 2 other locations - About 3 hrs to fix
modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb on lines 83..119
modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb on lines 78..115

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 130.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Identical blocks of code found in 3 locations. Consider refactoring.
Open

  def do_login(user)
    opt_hash = ssh_client_defaults.merge({
      auth_methods: ['publickey'],
      port: rport,
      key_data: [ key_data ]
Severity: Major
Found in modules/exploits/linux/ssh/ceragon_fibeair_known_privkey.rb and 2 other locations - About 3 hrs to fix
modules/exploits/linux/ssh/loadbalancerorg_enterprise_known_privkey.rb on lines 79..116
modules/exploits/linux/ssh/quantum_dxi_known_privkey.rb on lines 78..115

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 130.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

File manageengine_adaudit_plus_cve_2022_28219.rb has 322 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class MetasploitModule < Msf::Exploit::Remote

  Rank = ExcellentRanking

  prepend Msf::Exploit::Remote::AutoCheck
Severity: Minor
Found in modules/exploits/windows/http/manageengine_adaudit_plus_cve_2022_28219.rb - About 3 hrs to fix

    File enum_chrome.rb has 322 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class MetasploitModule < Msf::Post
  include Msf::Post::File
  include Msf::Post::Windows::Priv

  def initialize(info = {})
    Severity: Minor
    Found in modules/post/windows/gather/enum_chrome.rb - About 3 hrs to fix

      File clipboard.rb has 322 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      require 'rex/post/meterpreter'
require 'rex/post/meterpreter/extensions/extapi/command_ids'

module Rex
module Post
      Severity: Minor
      Found in lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb - About 3 hrs to fix

        Method initialize has 93 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Novell eDirectory eMBox Unauthenticated File Access',
      'Description'    => %q{
          This module will access Novell eDirectory's eMBox service and can run the
        Severity: Major
        Found in modules/auxiliary/admin/edirectory/edirectory_edirutil.rb - About 3 hrs to fix

          Method run_host has 93 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run_host(ip)
    begin
      snmp = connect_snmp

      vprint_status("Connecting to #{ip}")
          Severity: Major
          Found in modules/auxiliary/scanner/snmp/snmp_enum_hp_laserjet.rb - About 3 hrs to fix

            Method initialize_tables has 93 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize_tables

    @computer_table = Msf::Ui::Console::Table.new(
      Msf::Ui::Console::Table::Style::Default,
      'Header' => "Remote Computer Listing",
            Severity: Major
            Found in modules/auxiliary/scanner/sap/sap_hostctrl_getcomputersystem.rb - About 3 hrs to fix

              Method do_login has 93 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def do_login(user, pass)
    vprint_status("#{rhost}:#{rport} - Trying username:#{user.inspect} with password:#{pass.inspect}")

    # Set Cookie - Box is vuln to Session Fixation. Generating a random cookie for use.
    randomvalue = Rex::Text.rand_text_alphanumeric(26)
              Severity: Major
              Found in modules/auxiliary/scanner/http/gavazzi_em_login_loot.rb - About 3 hrs to fix

                Method syscall_parser has 93 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def syscall_parser
    %@
    SYSCALL_LIST _SyscallList;

    DWORD HashSyscall(PCSTR FunctionName)
                Severity: Major
                Found in modules/evasion/windows/syscall_inject.rb - About 3 hrs to fix

                  Method initialize has 93 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(update_info(
      info,
      'Name'           => 'Splunk Custom App Remote Code Execution',
      'Description'    =>
                  Severity: Major
                  Found in modules/exploits/multi/http/splunk_upload_app_exec.rb - About 3 hrs to fix
                    Severity
                    Category
                    Status
                    Source
                    Language