Method enumerate_writable_path_dirs
has a Cognitive Complexity of 51 (exceeds 5 allowed). Consider refactoring. Open
def enumerate_writable_path_dirs(path_dirs, user_groups, current_user)
writable_path_dirs = []
perms_we_need = ['(F)', '(M)']
print_status('')
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
File srclient_dll_hijacking.rb
has 276 lines of code (exceeds 250 allowed). Consider refactoring. Open
class MetasploitModule < Msf::Exploit::Local
Rank = NormalRanking
include Msf::Exploit::EXE
include Msf::Exploit::FileDropper
Method exploit
has a Cognitive Complexity of 19 (exceeds 5 allowed). Consider refactoring. Open
def exploit
if is_system?
fail_with(Failure::None, 'Session is already elevated')
end
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method initialize
has 58 lines of code (exceeds 25 allowed). Consider refactoring. Open
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Windows Server 2012 SrClient DLL hijacking',
Method exploit
has 53 lines of code (exceeds 25 allowed). Consider refactoring. Open
def exploit
if is_system?
fail_with(Failure::None, 'Session is already elevated')
end
Method check
has a Cognitive Complexity of 16 (exceeds 5 allowed). Consider refactoring. Open
def check
version = get_version_info
unless version.build_number == Msf::WindowsVersion::Server2012 && version.windows_server?
return Exploit::CheckCode::Safe('Target is not Windows Server 2012.')
end
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method check
has 40 lines of code (exceeds 25 allowed). Consider refactoring. Open
def check
version = get_version_info
unless version.build_number == Msf::WindowsVersion::Server2012 && version.windows_server?
return Exploit::CheckCode::Safe('Target is not Windows Server 2012.')
end
Method enumerate_writable_path_dirs
has 34 lines of code (exceeds 25 allowed). Consider refactoring. Open
def enumerate_writable_path_dirs(path_dirs, user_groups, current_user)
writable_path_dirs = []
perms_we_need = ['(F)', '(M)']
print_status('')
Method grab_user_groups
has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring. Open
def grab_user_groups(current_user)
print_status("Obtaining group information for the current user #{current_user}...")
# add current user to the groups we are a member of in case user-specific permissions are set for any of the %PATH% directories
user_groups = [current_user]
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method monitor_tiworker
has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def monitor_tiworker
print_warning("TiWorker.exe is already running on the target. The module will monitor the process every 10 seconds for up to #{wait_for_tiworker} minute(s)...")
wait_time_left = wait_for_tiworker
sleep_time = 0
while wait_time_left > 0
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Avoid too many return
statements within this method. Open
return Exploit::CheckCode::Appears
Avoid too many return
statements within this method. Open
return Exploit::CheckCode::Safe(writable_path_dirs_fail_message)
Method find_pdir_owner
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def find_pdir_owner(pdir, current_user)
# we need double backslashes in the path for wmic, using block gsub because regular gsub doesn't seem to work
pdir_escaped = pdir.gsub(/\\/) { '\\\\' }
pdir_owner_info = cmd_exec("wmic path Win32_LogicalFileSecuritySetting where Path=\"#{pdir_escaped}\" ASSOC /RESULTROLE:Owner /ASSOCCLASS:Win32_LogicalFileOwner /RESULTCLASS:Win32_SID")
if pdir_owner_info.blank? || pdir_owner_info.split('{')[0].blank?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"