Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 22,177 of 22,177 total issues

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path),
      'method' => 'GET'
    })
Severity: Minor
Found in modules/exploits/multi/http/cmsms_upload_rename_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    vprint_good("The target appears to be vulnerable.")

    print_status("Sending #{datastore['PAYLOAD']} command payload")
    case target['Type']
Severity: Minor
Found in modules/exploits/multi/http/vbulletin_widgetconfig_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method upload_package has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def upload_package
    print_status('Uploading the package')
    # Default parameters sent when importing packages from the web UI
    # Randomizing these values might be suspicious
    vars_form = {
Severity: Minor
Found in modules/exploits/multi/http/cacti_package_import_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_config_option has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def get_config_option(name)
    # 1) do a quickfind (setting the tapestry state)
    res = send_request_cgi(
      {
        'method' => 'POST',
Severity: Minor
Found in modules/exploits/multi/http/papercut_ng_auth_bypass.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method auto_target has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def auto_target
    uri = normalize_uri(target_uri.path)
    res = send_request_cgi({
      'uri' => uri,
      'method' => 'GET'
Severity: Minor
Found in modules/exploits/multi/http/struts_default_action_mapper.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method begin_reset_pass has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def begin_reset_pass(admin_email, hv_answer, hv_hash, type = 'Image')
    print_status("Making request to '#{target_uri.path}/auth/lostpw' to begin lost password process.")
    if type == 'Question'
      hv_field_name1 = 'humanverify[input]'
      hv_field_name2 = 'humanverify[hash]'
Severity: Minor
Found in modules/exploits/multi/http/vbulletin_getindexablecontent.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def login(base, username, password)
    # Login
    res = send_request_cgi({
      'method'    => 'POST',
      'uri'       => normalize_uri("#{base}/index.php/home/login"),
Severity: Minor
Found in modules/exploits/multi/http/qdpm_upload_exec.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method splunk_change_password has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def splunk_change_password(username, password)
    # due to the AutoCheck mixin and the keep_cookies option, the cookie might be already set
    self.cookie ||= splunk_login(datastore['USERNAME'], datastore['PASSWORD'])
    fail_with(Failure::NoAccess, 'Authentication Failed') unless cookie
Severity: Minor
Found in modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def exploit
    unless check == CheckCode::Vulnerable
      fail_with Failure::NotVulnerable, 'Target is not vulnerable.'
    end
    if @params[:qsl].nil? || @params[:customh_length].nil?
Severity: Minor
Found in modules/exploits/multi/http/php_fpm_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check_sessions has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check_sessions(session_file)
    valid_sessions = []
    session_cookies = session_file.scan(/\d{13}_[A-Za-z0-9]{30}/).uniq
    vprint_status("Found #{session_cookies.size} session cookies in the session file")
    session_cookies.each do |cookie|
Severity: Minor
Found in modules/exploits/multi/http/crushftp_rce_cve_2023_43177.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method create_admin_account has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def create_admin_account(cookie, is_windows)
    # This creates an administrator account with the required VFS setting for the exploit to work
    admin_username = rand_text_hex(10)
    admin_password = rand_text_hex(10)
    user_xml = <<~XML.gsub!(/\n */, '')
Severity: Minor
Found in modules/exploits/multi/http/crushftp_rce_cve_2023_43177.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method fetch_ninja_form_nonce has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def fetch_ninja_form_nonce
    uri = normalize_uri(target_uri.path, datastore['FORM_PATH'])
    res = send_request_cgi(
      'method' => 'GET',
      'uri'    => uri
Severity: Minor
Found in modules/exploits/multi/http/wp_ninja_forms_unauthenticated_file_upload.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method login has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def login
    vprint_status("Logging in as #{datastore['username']}:#{datastore['password']} ... ")
    res = send_request_cgi({
        'method'   => 'GET',
        'uri'      => normalize_uri(target_uri.path, 'login_page.php'),
Severity: Minor
Found in modules/exploits/multi/http/mantisbt_manage_proj_page_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get_repo has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def get_repo
    res = send_request_cgi(
      'method' => 'GET',
      'uri' => normalize_uri(target_uri.path, 'rest/api/latest/repos'),
      'keep_cookies' => true
Severity: Minor
Found in modules/exploits/multi/http/bitbucket_env_var_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method execute_command has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def execute_command(cmd, _opts = {})
    if target['Platform'] == 'win'
      curr_payload = (cmd.ends_with?('.exe') ? uname_payload("cmd.exe /c #{cmd}") : uname_payload(cmd))
    else
      curr_payload = uname_payload(cmd)
Severity: Minor
Found in modules/exploits/multi/http/bitbucket_env_var_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method create_repository has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def create_repository
    repo_uri = normalize_uri(target_uri.path, 'projects', @project_key, 'repos?create')
    res = send_request_cgi(
      'method' => 'GET',
      'uri' => repo_uri,
Severity: Minor
Found in modules/exploits/multi/http/bitbucket_env_var_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check
    begin
      res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path) })
    rescue
      vprint_error("#{peer} - Unable to connect to server")
Severity: Minor
Found in modules/exploits/multi/http/phpmyadmin_lfi_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method class_loader_exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def class_loader_exploit
    prefix_jsp = rand_text_alphanumeric(3+rand(3))
    date_format = rand_text_numeric(1+rand(4))
    @jsp_file = prefix_jsp + date_format + ".jsp"
Severity: Minor
Found in modules/exploits/multi/http/struts_code_exec_classloader.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method check_for_base64 has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def check_for_base64(cookie, post_id)
    uri = normalize_uri(datastore['TARGETURI'])
    # Test if base64 is on target
    test_string = 'YmFzZTY0c3BvdHRlZAo='
    res = send_request_cgi!(
Severity: Minor
Found in modules/exploits/multi/http/wp_crop_rce.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method inject_template has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

  def inject_template(service_url, timeout = 20)
    uri = normalize_uri(target_uri.path, 'rest', 'tinymce', '1', 'macro', 'preview')

    res = send_request_cgi({
      'method' => 'POST',
Severity: Minor
Found in modules/exploits/multi/http/confluence_widget_connector.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Severity
Category
Status
Source
Language