Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star
modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb

Summary

Maintainability
F
3 days
Test Coverage

File zyxel_lfi_unauth_ssh_rce.rb has 397 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'socket'
require 'digest/md5'

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking
Severity: Minor
Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 5 hrs to fix

    Method serial_num_method3 has a Cognitive Complexity of 35 (exceeds 5 allowed). Consider refactoring.
    Open

      def serial_num_method3(serial_number)
    # SerialNumMethod3 password derivation function

    # constant definitions
    keystr1_byte_array = 'IO'.bytes.to_a
    Severity: Minor
    Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 5 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method exploit has a Cognitive Complexity of 29 (exceeds 5 allowed). Consider refactoring.
    Open

      def exploit
    # run if AutoCheck is false (@config = nil), otherwise use the information in @config gathered during the check method
    unless @config
      res = get_configuration
      fail_with(Failure::NotVulnerable, 'Target is not vulnerable.') if res.nil? || res.code != 200
    Severity: Minor
    Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 4 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method initialize has 96 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Zyxel chained RCE using LFI and weak password derivation algorithm',
    Severity: Major
    Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 3 hrs to fix

      Method process_configuration has a Cognitive Complexity of 18 (exceeds 5 allowed). Consider refactoring.
      Open

        def process_configuration(res)
    # Initiate the instance variable config to store the configuration
    @config = {}

    # Parse the device configuration json file
      Severity: Minor
      Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 2 hrs to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method exploit has 51 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def exploit
    # run if AutoCheck is false (@config = nil), otherwise use the information in @config gathered during the check method
    unless @config
      res = get_configuration
      fail_with(Failure::NotVulnerable, 'Target is not vulnerable.') if res.nil? || res.code != 200
      Severity: Major
      Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 2 hrs to fix

        Method serial_num_method3 has 48 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def serial_num_method3(serial_number)
    # SerialNumMethod3 password derivation function

    # constant definitions
    keystr1_byte_array = 'IO'.bytes.to_a
        Severity: Minor
        Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 1 hr to fix

          Method process_configuration has 34 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def process_configuration(res)
    # Initiate the instance variable config to store the configuration
    @config = {}

    # Parse the device configuration json file
          Severity: Minor
          Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 1 hr to fix

            Method double_hash has 31 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def double_hash(input, size = 8)
    # ROUND 1
    # take the MD5 hash from the serial number SXXXXXXXXXXXX
    # this returns a hash of 32 char bytes.
    # read md5 hash per two char bytes, check if first char byte = '0', then make first byte char == second byte char
            Severity: Minor
            Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 1 hr to fix

              Method double_hash has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
              Open

                def double_hash(input, size = 8)
    # ROUND 1
    # take the MD5 hash from the serial number SXXXXXXXXXXXX
    # this returns a hash of 32 char bytes.
    # read md5 hash per two char bytes, check if first char byte = '0', then make first byte char == second byte char
              Severity: Minor
              Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 55 mins to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method mod3_key_generator has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
              Open

                def mod3_key_generator(seed)
    # key generator function used in the SerialNumMethod3 pasword derivation function
    round4_array = Array.new(16, 0)
    found0s = 0
    found1s = 0
              Severity: Minor
              Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 55 mins to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Avoid deeply nested control flow statements.
              Open

                        next unless (round3_byte_array[i] == keystr2_byte_array[j])
              Severity: Major
              Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 45 mins to fix

                Avoid deeply nested control flow statements.
                Open

                          next unless (round3_byte_array[i] == keystr3_byte_array[j])
                Severity: Major
                Found in modules/exploits/linux/http/zyxel_lfi_unauth_ssh_rce.rb - About 45 mins to fix

                  There are no issues that match your filters.

                  Category
                  Status