rapid7/metasploit-framework

View on GitHub
modules/auxiliary/server/browser_autopwn.rb

Summary

Maintainability
F
1 wk
Test Coverage

File browser_autopwn.rb has 756 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'rex/exploitation/js/detect'
require 'rex/exploitation/jsobfu'

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpServer::HTML
Severity: Major
Found in modules/auxiliary/server/browser_autopwn.rb - About 1 day to fix

    Method start_exploit_modules has a Cognitive Complexity of 54 (exceeds 5 allowed). Consider refactoring.
    Open

      def start_exploit_modules()
        @lhost = (datastore['LHOST'] || "0.0.0.0")
    
        @noscript_tests = {}
        @all_tests = {}
    Severity: Minor
    Found in modules/auxiliary/server/browser_autopwn.rb - About 1 day to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method build_script_response has a Cognitive Complexity of 47 (exceeds 5 allowed). Consider refactoring.
    Open

      def build_script_response(cli, request)
        response = create_response()
        response['Expires'] = '0'
        response['Cache-Control'] = 'must-revalidate'
    
    
    Severity: Minor
    Found in modules/auxiliary/server/browser_autopwn.rb - About 7 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method record_detection has a Cognitive Complexity of 44 (exceeds 5 allowed). Consider refactoring.
    Open

      def record_detection(cli, request)
        os_name = nil
        os_flavor = nil
        os_sp = nil
        os_lang = nil
    Severity: Minor
    Found in modules/auxiliary/server/browser_autopwn.rb - About 6 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method build_script_response has 137 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def build_script_response(cli, request)
        response = create_response()
        response['Expires'] = '0'
        response['Cache-Control'] = 'must-revalidate'
    
    
    Severity: Major
    Found in modules/auxiliary/server/browser_autopwn.rb - About 5 hrs to fix

      Method initialize has 103 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
          super(update_info(info,
            'Name'        => 'HTTP Client Automatic Exploiter',
            'Description' => %q{
                This module has three actions.  The first (and the default)
      Severity: Major
      Found in modules/auxiliary/server/browser_autopwn.rb - About 4 hrs to fix

        Method start_exploit_modules has 101 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def start_exploit_modules()
            @lhost = (datastore['LHOST'] || "0.0.0.0")
        
            @noscript_tests = {}
            @all_tests = {}
        Severity: Major
        Found in modules/auxiliary/server/browser_autopwn.rb - About 4 hrs to fix

          Method setup has 78 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def setup
              print_status("Setup")
          
              @init_js = ::Rex::Exploitation::Js::Detect.os(<<-ENDJS
          
          
          Severity: Major
          Found in modules/auxiliary/server/browser_autopwn.rb - About 3 hrs to fix

            Method record_detection has 75 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def record_detection(cli, request)
                os_name = nil
                os_flavor = nil
                os_sp = nil
                os_lang = nil
            Severity: Major
            Found in modules/auxiliary/server/browser_autopwn.rb - About 3 hrs to fix

              Method init_exploit has 70 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def init_exploit(name, mod = nil, targ = 0)
                  if mod.nil?
                    @exploits[name] = framework.modules.create(name)
                  else
                    @exploits[name] = mod.new
              Severity: Major
              Found in modules/auxiliary/server/browser_autopwn.rb - About 2 hrs to fix

                Class MetasploitModule has 21 methods (exceeds 20 allowed). Consider refactoring.
                Open

                class MetasploitModule < Msf::Auxiliary
                  include Msf::Exploit::Remote::HttpServer::HTML
                
                  def initialize(info = {})
                    super(update_info(info,
                Severity: Minor
                Found in modules/auxiliary/server/browser_autopwn.rb - About 2 hrs to fix

                  Method on_request_uri has 36 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def on_request_uri(cli, request)
                      print_status("Handling '#{request.uri}'")
                  
                      case request.uri
                      when self.get_resource
                  Severity: Minor
                  Found in modules/auxiliary/server/browser_autopwn.rb - About 1 hr to fix

                    Method init_exploit has a Cognitive Complexity of 12 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def init_exploit(name, mod = nil, targ = 0)
                        if mod.nil?
                          @exploits[name] = framework.modules.create(name)
                        else
                          @exploits[name] = mod.new
                    Severity: Minor
                    Found in modules/auxiliary/server/browser_autopwn.rb - About 1 hr to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Avoid deeply nested control flow statements.
                    Open

                                    unless client_matches_module_spec?(host_info[:os_name], s[:os_name])
                                      vprint_status("Rejecting #{s[:name]} for non-matching OS")
                                      next
                                    end
                    Severity: Major
                    Found in modules/auxiliary/server/browser_autopwn.rb - About 45 mins to fix

                      Method cleanup has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def cleanup
                          print_status("Cleaning up exploits...")
                          @exploits.each_pair do |name, mod|
                            # if the module died for some reason, we can't kill it
                            next unless mod
                      Severity: Minor
                      Found in modules/auxiliary/server/browser_autopwn.rb - About 45 mins to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Method build_noscript_html has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def build_noscript_html(cli, request)
                          client_info = get_client(:host => cli.peerhost, :ua_string => request['User-Agent'])
                          body = ""
                      
                          sploit_cnt = 0
                      Severity: Minor
                      Found in modules/auxiliary/server/browser_autopwn.rb - About 35 mins to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Method on_request_uri has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def on_request_uri(cli, request)
                          print_status("Handling '#{request.uri}'")
                      
                          case request.uri
                          when self.get_resource
                      Severity: Minor
                      Found in modules/auxiliary/server/browser_autopwn.rb - About 35 mins to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      Method each_autopwn_module has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def each_autopwn_module(&block)
                          m_regex = datastore["MATCH"]
                          e_regex = datastore["EXCLUDE"]
                          framework.exploits.each_module do |name, mod|
                            if mod.respond_to?("autopwn_opts") and
                      Severity: Minor
                      Found in modules/auxiliary/server/browser_autopwn.rb - About 25 mins to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      There are no issues that match your filters.

                      Category
                      Status