File rdp.rb has 1073 lines of code (exceeds 250 allowed). Consider refactoring. Open
module Msf
###
#
# This module exposes methods for interacting with a remote RDP serviceMethod rdp_check_protocol has a Cognitive Complexity of 27 (exceeds 5 allowed). Consider refactoring. Open
def rdp_check_protocol(req_proto = RDPConstants::PROTOCOL_SSL)
if datastore['RDP_USER']
@user_name = datastore['RDP_USER']
else
@user_name = Rex::Text.rand_text_alpha(7)- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method pdu_client_confirm_active has 64 lines of code (exceeds 25 allowed). Consider refactoring. Open
def pdu_client_confirm_active
pdu =
"\xea\x03\x01\x00" + # shareId: 66538
"\xea\x03" + # originatorId
"\x06\x00" + # lengthSourceDescriptor: 6Method pdu_client_info has 45 lines of code (exceeds 25 allowed). Consider refactoring. Open
def pdu_client_info(user_name, domain_name = "", ip_address = "")
# Max len for 4.0/6.0 servers is 44 bytes including terminator
# Max len for all other versions is 512 including terminator
# We're going to limit to 44 (21 chars + null -> unicode) here.
# Blank username is ok, nil = randomMethod rdp_check_protocol has 44 lines of code (exceeds 25 allowed). Consider refactoring. Open
def rdp_check_protocol(req_proto = RDPConstants::PROTOCOL_SSL)
if datastore['RDP_USER']
@user_name = datastore['RDP_USER']
else
@user_name = Rex::Text.rand_text_alpha(7)Method pdu_connect_initial has 36 lines of code (exceeds 25 allowed). Consider refactoring. Open
def pdu_connect_initial(channels, selected_proto = 0, host_name = "rdesktop")
# After negotiating TLS or NLA the connectInitial packet needs to include the
# protocol selection that the server indicated in its Negotiation Response
pdu = [Method rdp_fingerprint has 34 lines of code (exceeds 25 allowed). Consider refactoring. Open
def rdp_fingerprint
peer_info = {}
# warning: if rdp_check_protocol starts handling NLA, this will need to be updated
is_rdp, server_selected_proto = rdp_check_protocol(RDPConstants::PROTOCOL_SSL | RDPConstants::PROTOCOL_HYBRID | RDPConstants::PROTOCOL_HYBRID_EX)
return false, nil unless is_rdpMethod rdp_negotiate_security has 31 lines of code (exceeds 25 allowed). Consider refactoring. Open
def rdp_negotiate_security(channels, req_proto = RDPConstants::PROTOCOL_SSL)
if req_proto == RDPConstants::PROTOCOL_SSL
swap_sock_plain_to_ssl
res = rdp_send_recv(pdu_connect_initial(channels, req_proto, @computer_name))
elsif req_proto == RDPConstants::PROTOCOL_RDPMethod rdp_parse_negotiation_response has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def rdp_parse_negotiation_response(data)
return false, "Response is not an RDP Negotiation Response packet." unless data.match("\x03\x00\x00..\xd0")
return false, "Negotiation Response packet too short." if data.length < 19
response_code = data[11].unpack("C")[0]- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method oid has 6 arguments (exceeds 4 allowed). Consider refactoring. Open
def oid(itut, rec, t, t124, ver, desc)Method rdpdr_client_device_list_announce_request has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def rdpdr_client_device_list_announce_request(pkt, chan_user_id, chan_id, flags, data)Method rdp_send_channel has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def rdp_send_channel(chan_user_id, chan_id, data, flags = 3, data_length = nil)Method rdp_create_channel_msg has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def rdp_create_channel_msg(chan_user_id, chan_id, data, flags = 3, data_length = nil)Method rdp_on_core_client_id_confirm has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def rdp_on_core_client_id_confirm(pkt, chan_user_id, chan_id, flags, data)Method rdpdr_client_name_request has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def rdpdr_client_name_request(pkt, chan_user_id, chan_id, flags, data)Method rdp_on_channel_receive has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def rdp_on_channel_receive(pkt, chan_user_id, chan_id, flags, data)Method rdpdr_client_announce_reply has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def rdpdr_client_announce_reply(pkt, chan_user_id, chan_id, flags, data)Method rdp_on_core_server_capability has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def rdp_on_core_server_capability(pkt, chan_user_id, chan_id, flags, data)Method rdp_on_core_server_announce has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def rdp_on_core_server_announce(pkt, chan_user_id, chan_id, flags, data)Method rdp_handle_packet has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def rdp_handle_packet(pkt)
if pkt && pkt[0] == "\x03"
if pkt[4..6] == "\x02\xf0\x80"
if pkt[7] == "\x68"
chan_user_id = pkt[8..9].unpack('S>')[0]- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method rdp_build_pkt has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def rdp_build_pkt(data, channel_id = "\x03\xeb", client_info: false, license_info: false)
flags = 0
flags |= 0x08 if @rdp_sec # Set SEC_ENCRYPT
flags |= 0x40 if client_info # Set SEC_INFO_PKT
flags |= 0x80 if license_info # Set SEC_LICENSE_PKT- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Avoid too many return statements within this method. Open
return nil, "Unknown Negotiation Response code: #{response_code}"Avoid too many return statements within this method. Open
return nil, RDPConstants::RDP_NEG_FAILURE[failure_code]Avoid too many return statements within this method. Open
return false, 0Method rdp_parse_connect_response has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def rdp_parse_connect_response(pkt)
ptr = 0
rdp_pkt = pkt[0x49..pkt.length]
while ptr < rdp_pkt.length- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Similar blocks of code found in 2 locations. Consider refactoring. Open
result = [
[0xc004, body.length + 4].pack('S<S<'),
body
].join('')
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 30.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76
Similar blocks of code found in 2 locations. Consider refactoring. Open
result = [
[0xc002, body.length + 4].pack('S<S<'),
body
].join('')
- Read upRead up
Duplicated Code
Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:
Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.
When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).
Tuning
This issue has a mass of 30.
We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.
The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.
If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.
See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.
Refactorings
- Extract Method
- Extract Class
- Form Template Method
- Introduce Null Object
- Pull Up Method
- Pull Up Field
- Substitute Algorithm
Further Reading
- Don't Repeat Yourself on the C2 Wiki
- Duplicated Code on SourceMaking
- Refactoring: Improving the Design of Existing Code by Martin Fowler. Duplicated Code, p76