Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 21,886 of 21,886 total issues

Method on_request_uri has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def on_request_uri(cli, request)
    print_status("Sending #{request.uri}")
    if request.uri =~ %r{/exploit.html$}
      html = %Q^
<html>
Severity: Minor
Found in modules/exploits/windows/browser/chrome_filereader_uaf.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method retrieve_header has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def retrieve_header(filename)
    if (not datastore['INJECT_PATH'].nil?)
      path = "#{datastore['INJECT_PATH']}"
    else
      path = nil
Severity: Minor
Found in modules/exploits/windows/fileformat/office_dde_delivery.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method primer has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def primer
    payload_dll = generate_payload_dll
    max_length = [payload_dll.length, @file.length].max
    # make sure that the lengths are the same by padding the smaller to the length of the larger
    @file.ljust(max_length, "\x00".b)
Severity: Minor
Found in modules/exploits/windows/fileformat/theme_dll_hijack_cve_2023_38146.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method generate_rop has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def generate_rop(rvas)
    # ROP fun! (XP SP3 English, Dec 29 2010)
    rvas.merge!({
      # Instructions / Name    => RVA
      'BaseAddress'            => 0x01000000,
Severity: Minor
Found in modules/exploits/windows/fileformat/ms11_006_createsizeddibsection.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit_telnetenabled has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit_telnetenabled
    print_status('Generating magic packet')
    payload = magic_packet(@mac, @username, @password)

    begin
Severity: Minor
Found in modules/exploits/linux/telnet/netgear_telnetenable.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method on_new_session has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def on_new_session(client)
    return if not stager_instance.payload_exe

    # can't scrub dropped payload while the process is still active so...
    # iterate through process list, find our process and the associated
Severity: Minor
Found in modules/exploits/windows/misc/altiris_ds_sqli.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method autodetect_netlink_pid has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def autodetect_netlink_pid
    netlink_pid = nil

    case session.type
    when "meterpreter"
Severity: Minor
Found in modules/exploits/linux/local/udev_netlink.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    # Make sure we can write our exploit and payload to the local system
    fail_with Failure::BadConfig, "#{datastore['WritableDir']} is not writable" unless writable? datastore['WritableDir']
    ping_hosts_print if datastore['CALCULATE']
Severity: Minor
Found in modules/exploits/linux/local/ansible_node_deployer.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method find_enlightenment_sys has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def find_enlightenment_sys
    enlightenment_sys = '/usr/lib/x86_64-linux-gnu/enlightenment/utils/enlightenment_sys'
    if file_exist?(enlightenment_sys)
      vprint_good("Found binary: #{enlightenment_sys}")
      if setuid?(enlightenment_sys)
Severity: Minor
Found in modules/exploits/linux/local/ubuntu_enlightenment_mount_priv_esc.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    pid = pidof('omiserver').first
    return CheckCode::Safe('The omiserver process was not found.') if pid.nil?

    omiserver_bin = read_file("/proc/#{pid}/cmdline").split("\x00", 2).first
Severity: Minor
Found in modules/exploits/linux/local/cve_2021_38648_omigod.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method compile_source has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def compile_source
    fail_with(Failure::BadConfig, 'make command not available on the target') unless command_exists?('make')
    info = cmd_exec("make -C #{@exploit_source_path}")
    vprint_status(info)
    @executable_path = ::File.join(@exploit_source_path, 'ubuntu.elf')
Severity: Minor
Found in modules/exploits/linux/local/netfilter_nft_set_elem_init_privesc.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    # Introduced in 4.10, but also backported
    # Patched in 4.4.185, 4.9.185, 4.14.133, 4.19.58, 5.1.17
    release = kernel_release
    v = Rex::Version.new release.split('-').first
Severity: Minor
Found in modules/exploits/linux/local/ptrace_traceme_pkexec_helper.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    def iptables_loaded?()
      # user@ubuntu:~$ grep ip_tables /proc/modules
      # ip_tables 28672 1 iptable_filter, Live 0x0000000000000000
      # x_tables 36864 2 iptable_filter,ip_tables, Live 0x0000000000000000
Severity: Minor
Found in modules/exploits/linux/local/netfilter_priv_esc_ipv4.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if !datastore['ForceExploit'] && is_root?
      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
    end
Severity: Minor
Found in modules/exploits/linux/local/blueman_set_dhcp_handler_dbus_priv_esc.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    if !datastore['ForceExploit'] && is_root?
      fail_with(Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.')
    end
Severity: Minor
Found in modules/exploits/linux/local/servu_ftp_server_prepareinstallation_priv_esc.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, _opts = {})
    vprint_status("Executing command: #{cmd}")

    res = send_command(cmd)
    unless res
Severity: Minor
Found in modules/exploits/linux/http/f5_icontrol_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method authenticate has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def authenticate
    begin
      # get a cookie to start with
      res = send_request_cgi(
        'uri'       => normalize_uri(target_uri.path, 'tiki-login_scr.php'),
Severity: Minor
Found in modules/exploits/linux/http/tiki_calendar_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    # /bin/sh -c 'ssh-keygen -P "" -f /dev/null < /dev/null & # -t rsa -q'
    res = send_request_cmd_inject('/dev/null < /dev/null & #')

    unless res
Severity: Minor
Found in modules/exploits/linux/http/saltstack_salt_api_cmd_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    if datastore['USERNAME'] && !datastore['USERNAME'].blank?
      cookie = authenticate
    end
Severity: Minor
Found in modules/exploits/linux/http/tiki_calendar_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def login(username, password)
    # yet another csrf token gathering.
    print_status('Authenticating with our activated new user')
    res = send_request_cgi(
      'method' => 'GET',
Severity: Minor
Found in modules/exploits/linux/http/xplico_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language