modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb from rapid7/metasploit-framework

modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb

Summary

Maintainability

3 days

Test Coverage

File `weblogic_deserialize_unicastref.rb` has 558 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::Remote::TcpServer

Found in modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb - About 1 day to fix

Method `build_t3_request_object` has 199 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def build_t3_request_object
    # T3 request serialized data
    # retrieved by watching network traffic
    # This is a proprietary, undocumented protocol
    data =  '000005c3'                                     # lenght of the packet

Found in modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb - About 7 hrs to fix

Method `send_payload_objdata` has 130 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def send_payload_objdata
    shost = srvhost
    if ['0.0.0.0', '127.0.0.1', '::'].include?(shost)
      shost = Rex::Socket.source_address
    end

Found in modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb - About 5 hrs to fix

Method `gen_resp` has 86 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def gen_resp
    if target.name == 'Windows'
      pwrshl = cmd_psh_payload(payload.encoded, payload_instance.arch.first, {remove_comspec: true})
      mycmd = pwrshl.each_byte.map {|b| b.to_s(16)}.join
    elsif target.name == 'Unix' || target.name == 'Solaris'

Found in modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb - About 3 hrs to fix

Method `initialize` has 59 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize(info={})
    super(update_info(info,
      'Name' => 'Oracle Weblogic Server Deserialization RCE - RMI UnicastRef',
      'Description' => %q{
        An unauthenticated attacker with network access to the Oracle Weblogic Server T3

Found in modules/exploits/multi/misc/weblogic_deserialize_unicastref.rb - About 2 hrs to fix

rapid7/metasploit-framework

Summary

Maintainability

Test Coverage

File `weblogic_deserialize_unicastref.rb` has 558 lines of code (exceeds 250 allowed). Consider refactoring.
Open

Method `build_t3_request_object` has 199 lines of code (exceeds 25 allowed). Consider refactoring.
Open

Method `send_payload_objdata` has 130 lines of code (exceeds 25 allowed). Consider refactoring.
Open

Method `gen_resp` has 86 lines of code (exceeds 25 allowed). Consider refactoring.
Open

Method `initialize` has 59 lines of code (exceeds 25 allowed). Consider refactoring.
Open

There are no issues that match your filters.

Category

Status

rapid7/metasploit-framework

Summary

Maintainability

Test Coverage

File weblogic_deserialize_unicastref.rb has 558 lines of code (exceeds 250 allowed). Consider refactoring. Open

Method build_t3_request_object has 199 lines of code (exceeds 25 allowed). Consider refactoring. Open

Method send_payload_objdata has 130 lines of code (exceeds 25 allowed). Consider refactoring. Open

Method gen_resp has 86 lines of code (exceeds 25 allowed). Consider refactoring. Open

Method initialize has 59 lines of code (exceeds 25 allowed). Consider refactoring. Open

There are no issues that match your filters.

Category

Status

File `weblogic_deserialize_unicastref.rb` has 558 lines of code (exceeds 250 allowed). Consider refactoring.
Open

Method `build_t3_request_object` has 199 lines of code (exceeds 25 allowed). Consider refactoring.
Open

Method `send_payload_objdata` has 130 lines of code (exceeds 25 allowed). Consider refactoring.
Open

Method `gen_resp` has 86 lines of code (exceeds 25 allowed). Consider refactoring.
Open

Method `initialize` has 59 lines of code (exceeds 25 allowed). Consider refactoring.
Open