rapid7/metasploit-framework

View on GitHub
modules/auxiliary/fuzzers/http/http_form_field.rb

Summary

Maintainability
F
1 wk
Test Coverage

Method get_form_data has a Cognitive Complexity of 113 (exceeds 5 allowed). Consider refactoring.
Open

  def get_form_data(body)
    print_status("Enumerating form data")
    body = body.gsub("\r","")
    body = body.gsub("\n","")
    bodydata = body.downcase.split(/<form/)
Severity: Minor
Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 2 days to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

File http_form_field.rb has 499 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpClient

  def initialize(info = {})
    super(update_info(info,
Severity: Minor
Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 1 day to fix

    Method run has a Cognitive Complexity of 40 (exceeds 5 allowed). Consider refactoring.
    Open

      def run
        init_fuzzdata()
        init_vars()
    
        print_status("Grabbing webpage #{datastore['URL']} from #{datastore['RHOST']}")
    Severity: Minor
    Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 6 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method get_form_data has 141 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def get_form_data(body)
        print_status("Enumerating form data")
        body = body.gsub("\r","")
        body = body.gsub("\n","")
        bodydata = body.downcase.split(/<form/)
    Severity: Major
    Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 5 hrs to fix

      Method do_fuzz_field has a Cognitive Complexity of 31 (exceeds 5 allowed). Consider refactoring.
      Open

        def do_fuzz_field(form,field)
          fieldstofuzz = field.downcase.strip.split(",")
          @nrerrors = 0
          while @fuzzsize <= @endsize+1
            allfields = form[:fields]
      Severity: Minor
      Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 4 hrs to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method do_fuzz_headers has a Cognitive Complexity of 23 (exceeds 5 allowed). Consider refactoring.
      Open

        def do_fuzz_headers(form,headers)
          headercnt = 0
          datastr = ""
          form[:fields].each do | thisfield |
            normaldata = "blah&"
      Severity: Minor
      Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 3 hrs to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method run has 71 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def run
          init_fuzzdata()
          init_vars()
      
          print_status("Grabbing webpage #{datastore['URL']} from #{datastore['RHOST']}")
      Severity: Major
      Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 2 hrs to fix

        Method do_fuzz_headers has 52 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def do_fuzz_headers(form,headers)
            headercnt = 0
            datastr = ""
            form[:fields].each do | thisfield |
              normaldata = "blah&"
        Severity: Major
        Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 2 hrs to fix

          Method do_fuzz_field has 41 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def do_fuzz_field(form,field)
              fieldstofuzz = field.downcase.strip.split(",")
              @nrerrors = 0
              while @fuzzsize <= @endsize+1
                allfields = form[:fields]
          Severity: Minor
          Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 1 hr to fix

            Method initialize has 37 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def initialize(info = {})
                super(update_info(info,
                  'Name'           => 'HTTP Form Field Fuzzer',
                  'Description'    => %q{
                    This module will grab all fields from a form,
            Severity: Minor
            Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 1 hr to fix

              Method fuzz_this_field has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
              Open

                def fuzz_this_field(fieldname,fieldtype)
                  fuzzcommands = datastore['FIELDS'].split(",")
                  fuzzme = 0
                  if fuzzcommands.size > 0
                    fuzzcommands.each do |thiscmd|
              Severity: Minor
              Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 1 hr to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method process_response has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
              Open

                def process_response(response,field,type)
                  if response == nil
                    print_error("      No response - #{@nrerrors+1} / #{datastore['STOPAFTER']} - fuzzdata length : #{@fuzzsize}")
                    if @nrerrors+1 >= datastore['STOPAFTER']
                      print_status("      *!* No response : #{type} #{field} | fuzzdata length : #{@fuzzsize}")
              Severity: Minor
              Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 1 hr to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Avoid deeply nested control flow statements.
              Open

                                if thisfield.match(/^value=/)
                                  # special case
                                  location = fielddata[0].index(thisfield)
                                  delta = fielddata[0].size - location
                                  remaining = fielddata[0][location,delta]
              Severity: Major
              Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 45 mins to fix

                Avoid deeply nested control flow statements.
                Open

                                if fieldname == "" and fieldid != ""
                                  fieldname = fieldid
                                end
                Severity: Major
                Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 45 mins to fix

                  Avoid deeply nested control flow statements.
                  Open

                                    if currfieldmark == "<select" and thisfield.match(/^class=/)
                                      fieldtype = get_field_val(thisfield)
                                    end
                  Severity: Major
                  Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 45 mins to fix

                    Avoid deeply nested control flow statements.
                    Open

                                    if fieldid == "" and fieldname != ""
                                      fieldid = fieldname
                                    end
                    Severity: Major
                    Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 45 mins to fix

                      Avoid deeply nested control flow statements.
                      Open

                                      if thisfield[:name]
                                        if fuzz_this_field(thisfield[:name],thisfield[:type]) == 1
                                          print_status("    - Fuzzing field #{thisfield[:name]}")
                                          do_fuzz_field(thisform,thisfield[:name])
                                          init_fuzzdata()
                      Severity: Major
                      Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 45 mins to fix

                        Avoid deeply nested control flow statements.
                        Open

                                          if thisfield.match(/^type=/)
                                            fieldtype = get_field_val(thisfield)
                                          end
                        Severity: Major
                        Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 45 mins to fix

                          Avoid deeply nested control flow statements.
                          Open

                                          if fieldid != ""
                                            formfields << {
                                              :id => fieldid,
                                              :name => fieldname,
                                              :type => fieldtype,
                          Severity: Major
                          Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 45 mins to fix

                            Avoid deeply nested control flow statements.
                            Open

                                              if thisfield.match(/^name=/)
                                                fieldname = get_field_val(thisfield)
                                              end
                            Severity: Major
                            Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 45 mins to fix

                              Method fuzz_this_headerfield has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                              Open

                                def fuzz_this_headerfield(fieldname)
                                  fuzzheaderfields = datastore['HEADERFIELDS'].split(",")
                                  fuzzme = 0
                                  if fuzzheaderfields.size > 0
                                    fuzzheaderfields.each do |thisfield|
                              Severity: Minor
                              Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 45 mins to fix

                              Cognitive Complexity

                              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                              A method's cognitive complexity is based on a few simple rules:

                              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                              • Code is considered more complex for each "break in the linear flow of the code"
                              • Code is considered more complex when "flow breaking structures are nested"

                              Further reading

                              Avoid deeply nested control flow statements.
                              Open

                                                if thisfield.match(/^id=/)
                                                  fieldid = get_field_val(thisfield)
                                                end
                              Severity: Major
                              Found in modules/auxiliary/fuzzers/http/http_form_field.rb - About 45 mins to fix

                                Similar blocks of code found in 2 locations. Consider refactoring.
                                Open

                                    forms.each do | thisform |
                                      print_status("     - Name : #{thisform[:name]}, ID : #{thisform[:id]}, Action : #{thisform[:action]}, Method : #{thisform[:method]}")
                                Severity: Minor
                                Found in modules/auxiliary/fuzzers/http/http_form_field.rb and 1 other location - About 15 mins to fix
                                modules/post/multi/gather/dns_srv_lookup.rb on lines 83..84

                                Duplicated Code

                                Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                                Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                                When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                                Tuning

                                This issue has a mass of 25.

                                We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                                The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                                If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                                See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                                Refactorings

                                Further Reading

                                There are no issues that match your filters.

                                Category
                                Status