Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def setup_handler
    if !datastore['Proxies'].blank? && !datastore['ReverseAllowProxy']
      raise RuntimeError, "SCTP connect-back payloads cannot be used with Proxies. Use 'set ReverseAllowProxy true' to override this behaviour."
    end
Severity: Major
Found in lib/msf/core/handler/reverse_sctp.rb and 1 other location - About 2 hrs to fix
lib/msf/core/handler/reverse.rb on lines 80..112

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 94.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method cmd_nessus_report_host_details has 63 lines of code (exceeds 25 allowed). Consider refactoring.
Open

      def cmd_nessus_report_host_details(*args)
        search_term = nil
        search_vuln = nil
        scan_id = nil
        host_id = nil
Severity: Major
Found in plugins/nessus.rb - About 2 hrs to fix

    Method enum_viclient has 63 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

    def enum_viclient
  print_status("Information about VMware VI Client:")
  vi_pluggins = nil
  begin
    vi_version = registry_getvaldata("HKLM\\SOFTWARE\\VMware, Inc.\\VMware Virtual Infrastructure Client\\4.0","InstalledVersion")
    Severity: Major
    Found in scripts/meterpreter/enum_vmware.rb - About 2 hrs to fix

      Method get_indices has 63 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def get_indices
    vprint_status('Querying indices...')
    request = {
      'uri' => normalize_uri(target_uri.path, '_cat', 'indices/'),
      'method' => 'GET',
      Severity: Major
      Found in modules/auxiliary/gather/elasticsearch_enum.rb - About 2 hrs to fix

        Method run has 63 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run
    begin
      res = send_request_cgi({
        'method' => 'GET',
        'uri' => normalize_uri(datastore['TARGETURI'], 'getGfiUpgradeFile'),
        Severity: Major
        Found in modules/auxiliary/admin/http/sysaid_sql_creds.rb - About 2 hrs to fix

          Method scanner_postscan has 63 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def scanner_postscan(batch)
    print_status "No SSDP endpoints found." if @results.empty?

    @results.each_pair do |skey,res|
      sinfo = res[:service]
          Severity: Major
          Found in modules/auxiliary/scanner/upnp/ssdp_msearch.rb - About 2 hrs to fix

            Method exec_command has 63 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def exec_command(ip,data)
    print_status("[SAP] #{ip}:#{rport} - sending SOAP SXPG_COMMAND_EXECUTE request")
    begin
      res = send_request_cgi({
        'uri' => '/sap/bc/soap/rfc',
            Severity: Major
            Found in modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb - About 2 hrs to fix

              Method exec_command has 63 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def exec_command(ip,data)
    print_status("[SAP] #{ip}:#{rport} - sending SOAP SXPG_CALL_SYSTEM request")
    begin
      res = send_request_cgi({
        'uri' => '/sap/bc/soap/rfc',
              Severity: Major
              Found in modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb - About 2 hrs to fix

                Method run has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def run
    vprint_status('Checking if target is online and running Wordpress...')
    if wordpress_and_online?.nil?
      fail_with(Failure::BadConfig, 'The target is not online and running Wordpress')
    end
                Severity: Major
                Found in modules/auxiliary/scanner/http/wp_arbitrary_file_deletion.rb - About 2 hrs to fix

                  Method scanner_postscan has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def scanner_postscan(batch)
    @results.keys.each do |k|
      response_map = { @probe => @results[k][:messages] }
      peer = "#{k}:#{rport}"
                  Severity: Major
                  Found in modules/auxiliary/scanner/ntp/ntp_monlist.rb - About 2 hrs to fix

                    Method run_host has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def run_host(ip)
    @ip = ip
    print_brute :ip => ip, :msg => 'Starting bruteforce'

    cred_collection = build_credential_collection(
                    Severity: Major
                    Found in modules/auxiliary/scanner/ssh/ssh_login.rb - About 2 hrs to fix

                      Method run_host has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def run_host(ip)
    begin
      domain = nil
      connect
                      Severity: Major
                      Found in modules/auxiliary/scanner/smtp/smtp_ntlm_domain.rb - About 2 hrs to fix

                        Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(update_info(info,
      'Name' => 'Mac OS X mDNSResponder UPnP Location Overflow',
      'Description'    => %q{
          This module exploits a buffer overflow that occurs when processing
                        Severity: Major
                        Found in modules/exploits/osx/mdns/upnp_location.rb - About 2 hrs to fix

                          Method exploit has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def exploit
    mytarget = target
    if (target.name =~ /Automatic/)
      mytarget = auto_target
      if (not mytarget)
                          Severity: Major
                          Found in modules/exploits/multi/http/tomcat_mgr_deploy.rb - About 2 hrs to fix

                            Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Openfire authentication bypass with RCE plugin',
                            Severity: Major
                            Found in modules/exploits/multi/http/openfire_auth_bypass_rce_cve_2023_32315.rb - About 2 hrs to fix

                              Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(update_info(info,
      'Name' => 'vBulletin widgetConfig RCE',
      'Description' => %q{
        vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code]
                              Severity: Major
                              Found in modules/exploits/multi/http/vbulletin_widgetconfig_rce.rb - About 2 hrs to fix

                                Method create_admin_account has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def create_admin_account(cookie, is_windows)
    # This creates an administrator account with the required VFS setting for the exploit to work
    admin_username = rand_text_hex(10)
    admin_password = rand_text_hex(10)
    user_xml = <<~XML.gsub!(/\n */, '')
                                Severity: Major
                                Found in modules/exploits/multi/http/crushftp_rce_cve_2023_43177.rb - About 2 hrs to fix

                                  Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Jenkins XStream Groovy classpath Deserialization Vulnerability',
      'Description'    => %q{
        This module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions
                                  Severity: Major
                                  Found in modules/exploits/multi/http/jenkins_xstream_deserialize.rb - About 2 hrs to fix

                                    Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Apache OFBiz forgotPassword/ProgramExport RCE',
                                    Severity: Major
                                    Found in modules/exploits/multi/http/apache_ofbiz_forgot_password_directory_traversal.rb - About 2 hrs to fix

                                      Method initialize has 63 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def initialize(info = {})
    super(update_info(info,
      'Name' => 'PostgreSQL COPY FROM PROGRAM Command Execution',
      'Description' => %q(
        Installations running Postgres 9.3 and above have functionality which allows for the superuser
                                      Severity: Major
                                      Found in modules/exploits/multi/postgres/postgres_copy_from_program_cmd_exec.rb - About 2 hrs to fix
                                        Severity
                                        Category
                                        Status
                                        Source
                                        Language