rapid7/metasploit-framework

View on GitHub
lib/msf/core/exploit/remote/winrm.rb

Summary

Maintainability
B
5 hrs
Test Coverage

Method create_winrm_connection has 50 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def create_winrm_connection
    rhost = datastore['RHOST']
    rport = datastore['RPORT']
    uri = datastore['URI']
    ssl = datastore['SSL']
Severity: Minor
Found in lib/msf/core/exploit/remote/winrm.rb - About 2 hrs to fix

    Method create_winrm_connection has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
    Open

      def create_winrm_connection
        rhost = datastore['RHOST']
        rport = datastore['RPORT']
        uri = datastore['URI']
        ssl = datastore['SSL']
    Severity: Minor
    Found in lib/msf/core/exploit/remote/winrm.rb - About 55 mins to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method check_winrm_parameters has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
    Open

      def check_winrm_parameters
        if datastore['Winrm::Auth'] == Msf::Exploit::Remote::AuthOption::KERBEROS
          fail_with(Msf::Exploit::Failure::BadConfig, 'The Winrm::Rhostname option is required when using Kerberos authentication.') if datastore['Winrm::Rhostname'].blank?
          fail_with(Msf::Exploit::Failure::BadConfig, 'The DOMAIN option is required when using Kerberos authentication.') if datastore['DOMAIN'].blank?
          offered_etypes = Msf::Exploit::Remote::AuthOption.as_default_offered_etypes(datastore['Winrm::KrbOfferedEncryptionTypes'])
    Severity: Minor
    Found in lib/msf/core/exploit/remote/winrm.rb - About 45 mins to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method parse_auth_methods has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
    Open

      def parse_auth_methods(resp)
        return [] unless resp and resp.code == 401
        methods = []
        methods << "Negotiate" if resp.headers['WWW-Authenticate'].include? "Negotiate"
        methods << "Kerberos" if resp.headers['WWW-Authenticate'].include? "Kerberos"
    Severity: Minor
    Found in lib/msf/core/exploit/remote/winrm.rb - About 25 mins to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

      def parse_auth_methods(resp)
        return [] unless resp and resp.code == 401
        methods = []
        methods << "Negotiate" if resp.headers['WWW-Authenticate'].include? "Negotiate"
        methods << "Kerberos" if resp.headers['WWW-Authenticate'].include? "Kerberos"
    Severity: Minor
    Found in lib/msf/core/exploit/remote/winrm.rb and 1 other location - About 55 mins to fix
    lib/metasploit/framework/login_scanner/winrm.rb on lines 43..49

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 45.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

        opts = {
          endpoint: endpoint,
          host: rhost,
          port: rport,
          proxies: datastore['Proxies'],
    Severity: Minor
    Found in lib/msf/core/exploit/remote/winrm.rb and 1 other location - About 25 mins to fix
    modules/auxiliary/scanner/winrm/winrm_cmd.rb on lines 43..56

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 30.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 2 locations. Consider refactoring.
    Open

            Opt::RPORT(5985),
            OptString.new('DOMAIN', [ true, 'The domain to use for Windows authentication', 'WORKSTATION']),
            OptString.new('URI', [ true, "The URI of the WinRM service", "/wsman" ]),
            OptString.new('USERNAME', [ false, 'A specific username to authenticate as' ]),
            OptString.new('PASSWORD', [ false, 'A specific password to authenticate with' ]),
    Severity: Minor
    Found in lib/msf/core/exploit/remote/winrm.rb and 1 other location - About 25 mins to fix
    modules/auxiliary/scanner/http/mediawiki_svg_fileaccess.rb on lines 43..47

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 30.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    There are no issues that match your filters.

    Category
    Status