Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 21,886 of 21,886 total issues

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def check
    # sanity check to see if the target is likely OpenTSDB
    res1 = send_request_cgi({
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path)
Severity: Major
Found in modules/exploits/linux/http/opentsdb_yrange_cmd_injection.rb and 1 other location - About 3 hrs to fix
modules/exploits/linux/http/opentsdb_key_cmd_injection.rb on lines 75..124

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 129.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

File vcenter_forge_saml_token.rb has 321 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'metasploit/framework/credential_collection'

class MetasploitModule < Msf::Auxiliary
  include Msf::Auxiliary::WmapScanUniqueQuery
  include Msf::Exploit::Remote::HttpClient
Severity: Minor
Found in modules/auxiliary/admin/vmware/vcenter_forge_saml_token.rb - About 3 hrs to fix

    File piwik_superuser_plugin_upload.rb has 321 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    require 'rex/zip'

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking
    Severity: Minor
    Found in modules/exploits/unix/webapp/piwik_superuser_plugin_upload.rb - About 3 hrs to fix

      File file.rb has 321 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      require 'rex/post/file'
require 'rex/post/meterpreter/channel'
require 'rex/post/meterpreter/channels/pools/file'
require 'rex/post/meterpreter/extensions/stdapi/stdapi'
require 'rex/post/meterpreter/extensions/stdapi/fs/io'
      Severity: Minor
      Found in lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb - About 3 hrs to fix

        File base.rb has 321 lines of code (exceeds 250 allowed). Consider refactoring.
        Open

        require 'msf/core/constants'
# Responsible for loading modules for {Msf::ModuleManager}.
#
# @abstract Subclass and override {#each_module_reference_name}, {#loadable?}, {#module_path}, and
#   {#read_module_content}.
        Severity: Minor
        Found in lib/msf/core/modules/loader/base.rb - About 3 hrs to fix

          File enumeration.rb has 321 lines of code (exceeds 250 allowed). Consider refactoring.
          Open

          module Msf

###
#
# This module exposes methods for querying a remote DNS service
          Severity: Minor
          Found in lib/msf/core/exploit/remote/dns/enumeration.rb - About 3 hrs to fix

            Similar blocks of code found in 2 locations. Consider refactoring.
            Open

                    print_status('Preparing ROP chain for target 1.3.8.42!')

        # 0x140cd00a9 | add rsp, 0x10 ; ret
        # This is needed because the next 16 bytes are sometimes messed up.
        overwrite = [0x140cd00a9].pack('Q<')
            Severity: Major
            Found in modules/exploits/windows/http/geutebrueck_gcore_x64_rce_bo.rb and 1 other location - About 3 hrs to fix
            modules/exploits/windows/http/geutebrueck_gcore_x64_rce_bo.rb on lines 154..220

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 128.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Similar blocks of code found in 2 locations. Consider refactoring.
            Open

                    print_status('Preparing ROP chain for target 1.4.2.37!')

        # 0x140cd9759 | add rsp, 0x10 ; ret
        # This is needed because the next 16 bytes are sometimes messed up.
        overwrite = [0x140cd9759].pack('Q<')
            Severity: Major
            Found in modules/exploits/windows/http/geutebrueck_gcore_x64_rce_bo.rb and 1 other location - About 3 hrs to fix
            modules/exploits/windows/http/geutebrueck_gcore_x64_rce_bo.rb on lines 86..151

            Duplicated Code

            Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

            Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

            When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

            Tuning

            This issue has a mass of 128.

            We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

            The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

            If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

            See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

            Refactorings

            Further Reading

            Method run has 92 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def run
    begin
      @port = datastore['SRVPORT'].to_i
      @sock = Rex::Socket::Udp.create(
            'LocalHost' => datastore['SRVHOST'],
            Severity: Major
            Found in modules/auxiliary/server/capture/sip.rb - About 3 hrs to fix

              Method run_host has 92 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def run_host(ip)
    snmp = connect_snmp

    if snmp.get_value('sysDescr.0') =~ /DG950A/
      print_line("#{ip}")
              Severity: Major
              Found in modules/auxiliary/scanner/snmp/arris_dg950.rb - About 3 hrs to fix

                Method run_host has 92 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run_host(ip)
    self.postgres_conn = session.client if session
    # Query the Postgres Shadow table for username and password hashes and report them
    res = postgres_query('SELECT usename, passwd FROM pg_shadow',false)
                Severity: Major
                Found in modules/auxiliary/scanner/postgres/postgres_hashdump.rb - About 3 hrs to fix

                  Method initialize has 92 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(merge_info(info,
      'Name'          => 'OS X Write and Execute Binary',
      'Description'   => 'Spawn a command shell (staged)',
      'Author'        => 'hdm',
                  Severity: Major
                  Found in modules/payloads/stages/osx/armle/execute.rb - About 3 hrs to fix

                    Method exploit has 92 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def exploit
    # Need to grab the PHP session cookie value first to pass to application
    vprint_status('Gathering PHP session cookie')
    if datastore['SSL'] == true
      vprint_status('SSL is true, changing protocol to HTTPS')
                    Severity: Major
                    Found in modules/exploits/multi/http/churchinfo_upload_exec.rb - About 3 hrs to fix

                      File chrome_object_create.rb has 320 lines of code (exceeds 250 allowed). Consider refactoring.
                      Open

                      class MetasploitModule < Msf::Exploit::Remote
  Rank = ManualRanking

  include Msf::Post::File
  include Msf::Exploit::Remote::HttpServer::BrowserExploit
                      Severity: Minor
                      Found in modules/exploits/multi/browser/chrome_object_create.rb - About 3 hrs to fix

                        File dlink_upnp_msearch_exec.rb has 320 lines of code (exceeds 250 allowed). Consider refactoring.
                        Open

                        class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::CmdStager
                        Severity: Minor
                        Found in modules/exploits/linux/upnp/dlink_upnp_msearch_exec.rb - About 3 hrs to fix

                          Method initialize has 92 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(
      update_info(
        info,
        'Name'           => 'Service Persistence',
                          Severity: Major
                          Found in modules/exploits/linux/local/service_persistence.rb - About 3 hrs to fix

                            File shell.rb has 320 lines of code (exceeds 250 allowed). Consider refactoring.
                            Open

                            require 'rex/text/color'

module Rex
module Ui
module Text
                            Severity: Minor
                            Found in lib/rex/ui/text/shell.rb - About 3 hrs to fix

                              Method import_libpcap has 92 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def import_libpcap(args={}, &block)
    data = args[:data]
    wspace = Msf::Util::DBManager.process_opts_workspace(args, framework).name
    bl = validate_ips(args[:blacklist]) ? args[:blacklist].split : []
    # seen_hosts is only used for determining when to yield an address. Once we get
                              Severity: Major
                              Found in lib/msf/core/db_manager/import/libpcap.rb - About 3 hrs to fix

                                Class SessionNotifierCommandDispatcher has 30 methods (exceeds 20 allowed). Consider refactoring.
                                Open

                                    class SessionNotifierCommandDispatcher

      include Msf::Ui::Console::CommandDispatcher

      attr_reader :sms_client, :sms_carrier, :sms_number, :smtp_address, :smtp_port, :smtp_username, :smtp_password, :smtp_from, :minimum_ip, :maximum_ip, :dingtalk_webhook, :gotify_address, :gotify_sslcert_path, :serverjang_webhook
                                Severity: Minor
                                Found in plugins/session_notifier.rb - About 3 hrs to fix

                                  Class MetasploitModule has 30 methods (exceeds 20 allowed). Consider refactoring.
                                  Open

                                  class MetasploitModule < Msf::Post
  include Msf::Post::File
  include Msf::Post::Windows::UserProfiles
  include Msf::Post::OSX::System
  include Msf::Post::Unix
                                  Severity: Minor
                                  Found in modules/post/multi/gather/lastpass_creds.rb - About 3 hrs to fix
                                    Severity
                                    Category
                                    Status
                                    Source
                                    Language