Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star

Showing 7,361 of 22,177 total issues

Similar blocks of code found in 2 locations. Consider refactoring.
Open

  def run
    last_str = nil
    last_inp = nil
    last_err = nil
Severity: Major
Found in modules/auxiliary/fuzzers/smb/smb_tree_connect.rb and 1 other location - About 2 hrs to fix
modules/auxiliary/fuzzers/smb/smb_create_pipe.rb on lines 30..65

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 90.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method generateConfusion has 60 lines of code (exceeds 25 allowed). Consider refactoring.
Open

    public static byte[] generateConfusion() {
        final String STATIC_FIELD_NAME = "staticTypeA";
        final String INSTANCE_FIELD_NAME = "instanceTypeB";
        final String CONFUSE_METHOD_NAME = "confuse";
        final String CONFUSER_CLASS_NAME = "cve1723/Confuser";
Severity: Major
Found in external/source/exploits/CVE-2012-1723/src/cve1723/Generator.java - About 2 hrs to fix

    Method run has 60 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run
    ldap_connect do |ldap|
      validate_bind_success!(ldap)

      fail_with(Failure::UnexpectedReply, "Couldn't discover base DN!") unless ldap.base_dn
    Severity: Major
    Found in modules/auxiliary/gather/ldap_query.rb - About 2 hrs to fix

      Method run has 60 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run
    delay = datastore['DELAY']
    hostname = datastore['HOSTNAME']
    unless valid_hostname?(hostname)
      print_status "Invalid hostname"
      Severity: Major
      Found in modules/auxiliary/gather/ssllabs_scan.rb - About 2 hrs to fix

        Method run_host has 60 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def run_host(ip)

    connect(true, {"SSL" => true}) #Force SSL
    cert  = OpenSSL::X509::Certificate.new(sock.peer_cert)
    disconnect
        Severity: Major
        Found in modules/auxiliary/scanner/http/cert.rb - About 2 hrs to fix

          Method scanner_process has 60 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def scanner_process(data, shost, sport)
    offset = 0
    if data.length < 4
      return
    end
          Severity: Major
          Found in modules/auxiliary/scanner/ubiquiti/ubiquiti_discover.rb - About 2 hrs to fix

            Method run_host has 60 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def run_host(ip)
    begin
      if mysql_version_check("4.1.1") # Pushing down to 4.1.1.
        cred_collection = build_credential_collection(
            username: datastore['USERNAME'],
            Severity: Major
            Found in modules/auxiliary/scanner/mysql/mysql_login.rb - About 2 hrs to fix

              Method do_login has 60 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def do_login(user, pass, luser, status = nil)
    # Reset our accumulators for interacting with /bin/login
    @recvd = ''
    @trace = ''
              Severity: Major
              Found in modules/auxiliary/scanner/rservices/rlogin_login.rb - About 2 hrs to fix

                Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def initialize(_info = {})
    super(
      'Name' => 'Apache Druid JNDI Injection RCE',
      'Description' => %q{
                Severity: Major
                Found in modules/exploits/multi/http/apache_druid_cve_2023_25194.rb - About 2 hrs to fix

                  Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Apache Struts 2 REST Plugin XStream RCE',
      'Description'    => %q{
        Apache Struts versions 2.1.2 - 2.3.33 and Struts 2.5 - Struts 2.5.12,
                  Severity: Major
                  Found in modules/exploits/multi/http/struts2_rest_xstream.rb - About 2 hrs to fix

                    Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                    Open

                      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Intelliants Subrion CMS 4.2.1 - Authenticated File Upload Bypass to RCE',
                    Severity: Major
                    Found in modules/exploits/multi/http/subrion_cms_file_upload_rce.rb - About 2 hrs to fix

                      Method generate_html has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                      Open

                        def generate_html(cli, target)
    vars = {
      :symbol_id        => 'a',
      :random_domain    => 'safe',
      :payload          => run_payload, # defined in FirefoxPrivilegeEscalation mixin
                      Severity: Major
                      Found in modules/exploits/multi/browser/firefox_svg_plugin.rb - About 2 hrs to fix

                        Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                        Open

                          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Calibre Python Code Injection (CVE-2024-6782)',
                        Severity: Major
                        Found in modules/exploits/multi/misc/calibre_exec.rb - About 2 hrs to fix

                          Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                          Open

                            def initialize(info = {})
    super(update_info(info,
      'Name'              => 'Ghostscript Failed Restore Command Execution',
      'Description'       => %q{
        This module exploits a -dSAFER bypass in Ghostscript to execute
                          Severity: Major
                          Found in modules/exploits/multi/fileformat/ghostscript_failed_restore.rb - About 2 hrs to fix

                            Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                            Open

                              def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'WebLogic Server Deserialization RCE - BadAttributeValueExpException',
                            Severity: Major
                            Found in modules/exploits/multi/misc/weblogic_deserialize_badattrval.rb - About 2 hrs to fix

                              Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                              Open

                                def initialize(info = {})
    super(update_info(info,
      'Name'                => 'Citrix ADC (NetScaler) Directory Traversal RCE',
      'Description'         => %q{
        This module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka
                              Severity: Major
                              Found in modules/exploits/freebsd/http/citrix_dir_traversal_rce.rb - About 2 hrs to fix

                                Method exploit has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                                Open

                                  def exploit
    if is_root?
      fail_with Failure::BadConfig, 'Session already has root privileges'
    end
                                Severity: Major
                                Found in modules/exploits/solaris/local/xscreensaver_log_priv_esc.rb - About 2 hrs to fix

                                  Method initialize has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                                  Open

                                    def initialize(info = {})
    super(update_info(info,
      'Name'            => 'SCADA 3S CoDeSys CmpWebServer Stack Buffer Overflow',
      'Description'     => %q{
        This module exploits a remote stack buffer overflow vulnerability in
                                  Severity: Major
                                  Found in modules/exploits/windows/scada/codesys_web_server.rb - About 2 hrs to fix

                                    Method exploit has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                                    Open

                                      def exploit
    unless mssql_login_datastore(datastore['DATABASE'])
      fail_with(Failure::BadConfig, 'Unable to login with the given credentials')
    end
                                    Severity: Major
                                    Found in modules/exploits/windows/mssql/mssql_clr_payload.rb - About 2 hrs to fix

                                      Method rastapi_privileged_filecopy has 60 lines of code (exceeds 25 allowed). Consider refactoring.
                                      Open

                                        def rastapi_privileged_filecopy(file_contents, exploit_dir, upload_payload_pathname, target_payload_pathname)
    handles = [] # stores open handles to cleanup properly
    reg_hash = create_reg_hash(file_contents.length - 1, exploit_dir)
    vprint_status("Registry hash = #{reg_hash}")
                                      Severity: Major
                                      Found in modules/exploits/windows/local/cve_2020_0668_service_tracing.rb - About 2 hrs to fix
                                        Severity
                                        Category
                                        Status
                                        Source
                                        Language