Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 21,960 of 21,960 total issues

Similar blocks of code found in 3 locations. Consider refactoring.
Open

  def run
    last_str = nil
    last_inp = nil
    last_err = nil
Severity: Major
Found in modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb and 2 other locations - About 3 hrs to fix
modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb on lines 34..75
modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb on lines 33..74

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 3 locations. Consider refactoring.
Open

  def run
    last_str = nil
    last_inp = nil
    last_err = nil
Severity: Major
Found in modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb and 2 other locations - About 3 hrs to fix
modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb on lines 33..74
modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb on lines 37..78

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 3 locations. Consider refactoring.
Open

  def run
    last_str = nil
    last_inp = nil
    last_err = nil
Severity: Major
Found in modules/auxiliary/fuzzers/smb/smb_negotiate_corrupt.rb and 2 other locations - About 3 hrs to fix
modules/auxiliary/fuzzers/smb/smb2_negotiate_corrupt.rb on lines 34..75
modules/auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb on lines 37..78

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    ad_audit_plus_data_repos.each do |repo|
      # send a general query, which should return the "total_hits" parameter that represents the total record count
      res_code, res = get_response(@sock, action_dr_search(repo))
      total_hits = process_dr_search(res, res_code, repo, ['UNIQUE_ID'], 'total_hits')
      # check if total_hits is nil, as that means process_dr_search failed and we should skip to the next repo
Severity: Major
Found in modules/auxiliary/gather/manageengine_adaudit_plus_xnode_enum.rb and 1 other location - About 3 hrs to fix
modules/auxiliary/gather/manageengine_datasecurity_plus_xnode_enum.rb on lines 136..168

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  class TcpReverseDoubleSessionChannel

    include Rex::IO::StreamAbstraction

    def initialize(framework, inp, out)
Severity: Major
Found in lib/msf/core/handler/reverse_tcp_double.rb and 1 other location - About 3 hrs to fix
lib/msf/core/handler/reverse_tcp_double_ssl.rb on lines 263..329

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

      otp_send("< OTP/1.0 >\n",true) # send hello
      if @result !~ /\<\ OTP\/1\.0 \>/
        print_error("#{msg} OpenVAS OTP does not appear to be running: did not get response to OTP hello: #{@result}")
        return :abort
      end
Severity: Major
Found in modules/auxiliary/scanner/openvas/openvas_otp_login.rb and 1 other location - About 3 hrs to fix
modules/auxiliary/scanner/nessus/nessus_ntp_login.rb on lines 88..125

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  class TcpReverseDoubleSSLSessionChannel

    include Rex::IO::StreamAbstraction

    def initialize(framework, inp, out)
Severity: Major
Found in lib/msf/core/handler/reverse_tcp_double_ssl.rb and 1 other location - About 3 hrs to fix
lib/msf/core/handler/reverse_tcp_double.rb on lines 213..279

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

    datasecurity_plus_data_repos.each do |repo|
      # send a general query, which should return the "total_hits" parameter that represents the total record count
      res_code, res = get_response(@sock, action_dr_search(repo))
      total_hits = process_dr_search(res, res_code, repo, ['UNIQUE_ID'], 'total_hits')
      # check if total_hits is nil, as that means process_dr_search failed and we should skip to the next repo
Severity: Major
Found in modules/auxiliary/gather/manageengine_datasecurity_plus_xnode_enum.rb and 1 other location - About 3 hrs to fix
modules/auxiliary/gather/manageengine_adaudit_plus_xnode_enum.rb on lines 136..168

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

      ntp_send("< NTP/1.0 >\n",true) # send hello
      if @result !~ /\<\ NTP\/1\.0 \>/
        print_error("#{msg} Nessus NTP does not appear to be running: did not get response to NTP hello: #{@result}")
        return :abort
      end
Severity: Major
Found in modules/auxiliary/scanner/nessus/nessus_ntp_login.rb and 1 other location - About 3 hrs to fix
modules/auxiliary/scanner/openvas/openvas_otp_login.rb on lines 85..121

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 126.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

File dnsadmin_serverlevelplugindll.rb has 317 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'metasploit/framework/compiler/windows'

class MetasploitModule < Msf::Exploit::Local
  Rank = NormalRanking
Severity: Minor
Found in modules/exploits/windows/local/dnsadmin_serverlevelplugindll.rb - About 3 hrs to fix

    File oracle_autovue_setmarkupmode.rb has 317 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::Remote::HttpServer::HTML
  include Msf::Exploit::Remote::Seh
    Severity: Minor
    Found in modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb - About 3 hrs to fix

      File add_user.rb has 317 lines of code (exceeds 250 allowed). Consider refactoring.
      Open

      class MetasploitModule < Msf::Post
  include Msf::Post::Windows::Priv
  include Msf::Post::Windows::Accounts
  include Msf::Exploit::Deprecated
      Severity: Minor
      Found in modules/post/windows/manage/add_user.rb - About 3 hrs to fix

        Method run has 90 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run
    login(datastore['USERNAME'], datastore['PASSWORD'])

    config = export_data
        Severity: Major
        Found in modules/auxiliary/admin/http/scadabr_credential_dump.rb - About 3 hrs to fix

          Method run_host has 90 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run_host(ip)

    startstage = datastore['STARTATSTAGE']

    @nr_errors = datastore['STOPAFTER']
          Severity: Major
          Found in modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb - About 3 hrs to fix

            Method initialize has 90 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Xorg X11 Server SUID logfile Privilege Escalation',
            Severity: Major
            Found in modules/exploits/multi/local/xorg_x11_suid_server.rb - About 3 hrs to fix

              Method get_traversal_path has 90 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def get_traversal_path
    #
    # ConfigurationService packet structure:
    #
    # @packet_header_pre_packet_size
              Severity: Major
              Found in modules/exploits/windows/http/trackit_file_upload.rb - About 3 hrs to fix

                Method initialize has 90 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'MS10-087 Microsoft Word RTF pFragments Stack Buffer Overflow (File Format)',
      'Description'    => %q{
          This module exploits a stack-based buffer overflow in the handling of the
                Severity: Major
                Found in modules/exploits/windows/fileformat/ms10_087_rtf_pfragments_bof.rb - About 3 hrs to fix

                  Method exploit has 90 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def exploit
    check_status = check

    if check_status == CheckCode::Appears
      print_good 'The target appears to be vulnerable'
                  Severity: Major
                  Found in modules/exploits/linux/local/glibc_origin_expansion_priv_esc.rb - About 3 hrs to fix

                    Method initialize has 90 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Cacti 1.2.22 unauthenticated command injection',
                    Severity: Major
                    Found in modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb - About 3 hrs to fix

                      Method exploit has 90 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def exploit

    @pl = generate_payload_exe
    @elf_sent = false
                      Severity: Major
                      Found in modules/exploits/linux/smtp/exim4_dovecot_exec.rb - About 3 hrs to fix
                        Severity
                        Category
                        Status
                        Source
                        Language