Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  when HASH_MODE
    if not srvchal
      $stderr.puts "[*] Server challenge must be provided with this type"
      exit
    end
Severity: Major
Found in tools/password/lm2ntcrack.rb and 1 other location - About 2 hrs to fix
tools/password/lm2ntcrack.rb on lines 668..700

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 96.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def read_holding_registers
    if datastore['NUMBER'] + datastore['DATA_ADDRESS'] > 65535
      print_error('Holding Registers addresses go from 0 to 65535. You cannot go beyond.')
      return
    end
Severity: Major
Found in modules/auxiliary/scanner/scada/modbusclient.rb and 1 other location - About 2 hrs to fix
modules/auxiliary/scanner/scada/modbusclient.rb on lines 248..269

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 96.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    begin
      res = send_request_cgi({
        'uri'     => '/index.asp',
        'method'  => 'GET',
        'authorization' => basic_auth(user,pass)
Severity: Major
Found in modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb and 1 other location - About 2 hrs to fix
modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb on lines 85..104

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 96.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    entries.each do |entry|
      # This is the "username"
      dn = entry.dn

      # https://github.com/vmware/lightwave/blob/3bc154f823928fa0cf3605cc04d95a859a15c2a2/vmdir/server/middle-layer/password.c#L32-L76
Severity: Major
Found in modules/post/linux/gather/vcenter_secrets_dump.rb and 1 other location - About 2 hrs to fix
modules/auxiliary/gather/vmware_vcenter_vmdir_ldap.rb on lines 157..190

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 96.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    begin
      res = send_request_cgi({
        'uri'     => '/BAS_pppoe.htm',
        'method'  => 'GET',
        'authorization' => basic_auth(user,pass)
Severity: Major
Found in modules/exploits/linux/http/netgear_dgn2200b_pppoe_exec.rb and 1 other location - About 2 hrs to fix
modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb on lines 86..105

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 96.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    if target.name =~ /Automatic/
      print_status("Attempting automatic target detection...")

      version = mssql_query_version
      fail_with(Failure::NoAccess, "Unable to retrieve version information") if not version
Severity: Major
Found in modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb and 1 other location - About 2 hrs to fix
modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb on lines 280..310

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 96.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    if target.name =~ /Automatic/
      print_status("Attempting automatic target detection...")

      version = mssql_query_version
      fail_with(Failure::NoAccess, "Unable to get version!") if not version
Severity: Major
Found in modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb and 1 other location - About 2 hrs to fix
modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin.rb on lines 277..307

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 96.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def generate(opts={})
    cmd             = datastore['CMD'] || ''
    nullfreeversion = datastore['NullFreeVersion']
    if cmd.empty?
      #
Severity: Major
Found in modules/payloads/singles/linux/x86/exec.rb and 1 other location - About 2 hrs to fix
modules/payloads/singles/linux/x64/exec.rb on lines 33..172

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 96.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def read_input_registers
    if datastore['NUMBER'] + datastore['DATA_ADDRESS'] > 65535
      print_error('Input Registers addresses go from 0 to 65535. You cannot go beyond.')
      return
    end
Severity: Major
Found in modules/auxiliary/scanner/scada/modbusclient.rb and 1 other location - About 2 hrs to fix
modules/auxiliary/scanner/scada/modbusclient.rb on lines 224..245

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 96.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    entries.each do |entry|
      # This is the "username"
      dn = entry.dn

      # https://github.com/vmware/lightwave/blob/3bc154f823928fa0cf3605cc04d95a859a15c2a2/vmdir/server/middle-layer/password.c#L32-L76
Severity: Major
Found in modules/auxiliary/gather/vmware_vcenter_vmdir_ldap.rb and 1 other location - About 2 hrs to fix
modules/post/linux/gather/vcenter_secrets_dump.rb on lines 381..414

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 96.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method tryExpl has 65 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    private int tryExpl() 
    {                                      
        try {
            // alloc aux vars
            String name = "setSecurityManager";
Severity: Major
Found in external/source/exploits/CVE-2013-2465/Exploit.java - About 2 hrs to fix

    Method run has 65 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run
    if (datastore['FILEPATH'].nil? || datastore['FILEPATH'].empty?) && (datastore['URL'].nil? || datastore['URL'].empty?)
      print_error('Must set FilePath or Url')
      return
    end
    Severity: Major
    Found in modules/auxiliary/gather/chrome_debugger.rb - About 2 hrs to fix

      Method run has 65 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run
    vprint_status 'Connecting...'

    connect
    banner = sock.get_once
      Severity: Major
      Found in modules/auxiliary/gather/teamtalk_creds.rb - About 2 hrs to fix

        Method initialize has 65 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(update_info(info,
      'Name'                => 'Pulse Secure VPN Arbitrary File Disclosure',
      'Description'         => %q{
        This module exploits a pre-auth directory traversal in the Pulse Secure
        Severity: Major
        Found in modules/auxiliary/gather/pulse_secure_file_disclosure.rb - About 2 hrs to fix

          Method run_host has 65 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run_host(_ip)
    res = send_request_raw(
      {
        'method' => 'GET',
        'uri' => '/'
          Severity: Major
          Found in modules/auxiliary/admin/http/tomcat_administration.rb - About 2 hrs to fix

            Method command_string has 65 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def command_string
    jcl_jobcard +
      "//S1        EXEC ASMACLG,PARM.L='AC(1)'\n" \
      "//C.SYSLIB  DD DSN=SYS1.SISTMAC1,DISP=SHR\n" \
      "//          DD DSN=SYS1.MACLIB,DISP=SHR\n" \
            Severity: Major
            Found in modules/payloads/singles/cmd/mainframe/apf_privesc_jcl.rb - About 2 hrs to fix

              Method initialize has 65 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'RaspAP Unauthenticated Command Injection',
              Severity: Major
              Found in modules/exploits/unix/http/raspap_rce.rb - About 2 hrs to fix

                Method initialize has 65 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(update_info(info,
      'Name'               => 'Drupal RESTful Web Services unserialize() RCE',
      'Description'        => %q{
        This module exploits a PHP unserialize() vulnerability in Drupal RESTful
                Severity: Major
                Found in modules/exploits/unix/webapp/drupal_restws_unserialize.rb - About 2 hrs to fix

                  Method initialize has 65 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'OpenMediaVault rpc.php Authenticated Cron Remote Code Execution',
                  Severity: Major
                  Found in modules/exploits/unix/webapp/openmediavault_auth_cron_rce.rb - About 2 hrs to fix

                    Method on_request_uri has 65 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def on_request_uri(cli, request)
    user_agent = request['User-Agent']
    print_status("Request #{request.uri} from #{user_agent}")
    if request.uri.ends_with? '.pdf'
      send_response(cli, '', { 'Content-Type' => 'application/pdf' })
                    Severity: Major
                    Found in modules/exploits/osx/browser/safari_in_operator_side_effect.rb - About 2 hrs to fix
                      Severity
                      Category
                      Status
                      Source
                      Language