Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def rpc_nops(module_info = nil, arch = nil)
    unless module_info.nil?
      module_info = module_info.strip.split(',').map(&:strip)
      module_info.map!(&:to_sym)
    end
Severity: Major
Found in lib/msf/core/rpc/v10/rpc_module.rb and 1 other location - About 2 hrs to fix
lib/msf/core/rpc/v10/rpc_module.rb on lines 116..137

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 91.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

            Types::Record.from_value(Types::RecordValues::ClassWithMembersAndTypes.new(
              class_info: Types::General::ClassInfo.new(
                obj_id: -4,
                name: 'System.Data.SerializationFormat',
                member_names: %w[ value__ ]
Severity: Major
Found in lib/msf/util/dot_net_deserialization/gadget_chains/data_set_type_spoof.rb and 1 other location - About 2 hrs to fix
lib/msf/util/dot_net_deserialization/gadget_chains/data_set.rb on lines 56..77

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 91.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

            Types::Record.from_value(Types::RecordValues::ClassWithMembersAndTypes.new(
              class_info: Types::General::ClassInfo.new(
                obj_id: -3,
                name: 'System.Data.SerializationFormat',
                member_names: %w[ value__ ]
Severity: Major
Found in lib/msf/util/dot_net_deserialization/gadget_chains/data_set.rb and 1 other location - About 2 hrs to fix
lib/msf/util/dot_net_deserialization/gadget_chains/data_set_type_spoof.rb on lines 57..78

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 91.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  module OptionalSession
    module PostgreSQL
      include Msf::OptionalSession

      RHOST_GROUP_OPTIONS = %w[RHOSTS RPORT DATABASE USERNAME PASSWORD THREADS]
Severity: Major
Found in lib/msf/core/optional_session/postgresql.rb and 1 other location - About 2 hrs to fix
lib/msf/core/optional_session/mssql.rb on lines 4..41

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 91.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Function exploit has 61 lines of code (exceeds 25 allowed). Consider refactoring.
Open

function exploit() {
   var x = window["document"];
   var then = window["Document"]["prototype"]["createElement"];
   var _0x4d7c02 = window["Document"]["prototype"]["write"];
   var PL$22 = window["HTMLElement"]["prototype"]["appendChild"];
Severity: Major
Found in data/exploits/CVE-2021-40444/cve_2021_40444.js - About 2 hrs to fix

    Method wiki has 61 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

          def wiki(wiki_type, *args)
        # Create a table options hash
        tbl_opts = {}
        # Set some default options for the table hash
        tbl_opts[:hosts] = []
    Severity: Major
    Found in plugins/wiki.rb - About 2 hrs to fix

      Method run has 61 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run

    uri = "/"
    uri << (datastore['YEAR'].to_s + "/") if datastore['YEAR'].to_s != ""
    uri << "companies.xml"
      Severity: Major
      Found in modules/auxiliary/gather/corpwatch_lookup_name.rb - About 2 hrs to fix

        Method run_host has 61 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run_host(ip)
    unless wordpress_and_online?
      vprint_error('Server not online or not detected as wordpress')
      return
    end
        Severity: Major
        Found in modules/auxiliary/scanner/http/wp_learnpress_sqli.rb - About 2 hrs to fix

          Method run_host has 61 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def run_host(ip)

    web_path = normalize_uri(datastore['PATH'])
    http_method = datastore['METHOD']
    target_host = datastore['TARGETHOST'] || Rex::Text.rand_text_alpha_lower(8)+".com"
          Severity: Major
          Found in modules/auxiliary/scanner/http/host_header_injection.rb - About 2 hrs to fix

            Method run_host has 61 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def run_host(ip)
    tpath = normalize_uri(datastore['PATH'])
    if tpath[-1,1] != '/'
      tpath += '/'
    end
            Severity: Major
            Found in modules/auxiliary/scanner/http/ms09_020_webdav_unicode_bypass.rb - About 2 hrs to fix

              Method do_login has 61 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def do_login(user='DBSNMP', pass='DBSNMP', version=9.0)
    uri = datastore['URI']

    vprint_status("#{msg} Trying username:'#{user}' with password:'#{pass}' with SID '#{sid}'")
    success = false
              Severity: Major
              Found in modules/auxiliary/scanner/oracle/isqlplus_login.rb - About 2 hrs to fix

                Method query_host has 61 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def query_host(rhost)
    # Create a handler with our UUID and Transfer Syntax

    self.handle = Rex::Proto::DCERPC::Handle.new(
      [
                Severity: Major
                Found in modules/auxiliary/scanner/dcerpc/windows_deployment_services.rb - About 2 hrs to fix

                  Method run_host has 61 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def run_host(target_host)
    begin
      connect
    rescue Rex::ConnectionError
      return Exploit::CheckCode::Unknown
                  Severity: Major
                  Found in modules/auxiliary/scanner/misc/java_rmi_server.rb - About 2 hrs to fix

                    Method initialize has 61 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Xorg X11 Server Local Privilege Escalation',
      'Description'    => %q(
        WARNING: Successful execution of this module results in /etc/passwd being overwritten.
                    Severity: Major
                    Found in modules/exploits/aix/local/xorg_x11_server.rb - About 2 hrs to fix

                      Method exploit has 61 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def exploit
    uri = normalize_uri(target_uri.path)

    #get upload filepath
    print_status("Getting the upload path...")
                      Severity: Major
                      Found in modules/exploits/unix/webapp/wp_optimizepress_upload.rb - About 2 hrs to fix

                        Method initialize has 61 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Portable UPnP SDK unique_service_name() Remote Code Execution',
      'Description'    => %q{
          This module exploits a buffer overflow in the unique_service_name()
                        Severity: Major
                        Found in modules/exploits/multi/upnp/libupnp_ssdp_overflow.rb - About 2 hrs to fix

                          Method initialize has 61 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(update_info(info,
      'Name'        => 'Openfire Admin Console Authentication Bypass',
      'Description' => %q{
          This module exploits an authentication bypass vulnerability in the administration
                          Severity: Major
                          Found in modules/exploits/multi/http/openfire_auth_bypass.rb - About 2 hrs to fix

                            Method initialize has 61 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Mirth Connect Deserialization RCE',
                            Severity: Major
                            Found in modules/exploits/multi/http/mirth_connect_cve_2023_43208.rb - About 2 hrs to fix

                              Method initialize has 61 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Cacti RCE via SQLi in pollers.php',
                              Severity: Major
                              Found in modules/exploits/multi/http/cacti_pollers_sqli_rce.rb - About 2 hrs to fix

                                Method setup_repo_structure has 61 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def setup_repo_structure
    link_content = '.git/hooks'
    link_name = Rex::Text.rand_text_alpha(8..12).downcase
    link_obj = GitObject.build_blob_object(link_content)
                                Severity: Major
                                Found in modules/exploits/multi/http/git_lfs_clone_command_exec.rb - About 2 hrs to fix
                                  Severity
                                  Category
                                  Status
                                  Source
                                  Language