Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star
modules/exploits/windows/nimsoft/nimcontroller_bof.rb

Summary

Maintainability
D
3 days
Test Coverage

Method parse_listing has a Cognitive Complexity of 40 (exceeds 5 allowed). Consider refactoring.
Open

  def parse_listing(response, directory)
    result = { 'name' => '', 'date' => '', 'size' => '', 'type' => '' }
    i = 0

    begin
Severity: Minor
Found in modules/exploits/windows/nimsoft/nimcontroller_bof.rb - About 6 hrs to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

File nimcontroller_bof.rb has 375 lines of code (exceeds 250 allowed). Consider refactoring.
Open

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::Tcp
  prepend Msf::Exploit::Remote::AutoCheck
Severity: Minor
Found in modules/exploits/windows/nimsoft/nimcontroller_bof.rb - About 5 hrs to fix

    Method generate_rop_chain has 124 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def generate_rop_chain
    # RAX -> HMODULE GetModuleHandleA(
    #   ( RCX == *module ) LPCSTR lpModuleName,
    # );
    rop_gadgets = [0x0000000140018c42] * 15 # ret
    Severity: Major
    Found in modules/exploits/windows/nimsoft/nimcontroller_bof.rb - About 4 hrs to fix

      Method parse_listing has 80 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def parse_listing(response, directory)
    result = { 'name' => '', 'date' => '', 'size' => '', 'type' => '' }
    i = 0

    begin
      Severity: Major
      Found in modules/exploits/windows/nimsoft/nimcontroller_bof.rb - About 3 hrs to fix

        Method initialize has 58 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow',
        Severity: Major
        Found in modules/exploits/windows/nimsoft/nimcontroller_bof.rb - About 2 hrs to fix

          Method generate_probe has 34 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def generate_probe(probe, args)
    client = "#{rand_text_alphanumeric(14)}\x00"
    packet_args = ''
    probe += "\x00"
          Severity: Minor
          Found in modules/exploits/windows/nimsoft/nimcontroller_bof.rb - About 1 hr to fix

            Method exploit has 30 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def exploit
    connect

    shellcode = make_nops(500)
    shellcode << payload.encoded
            Severity: Minor
            Found in modules/exploits/windows/nimsoft/nimcontroller_bof.rb - About 1 hr to fix

              There are no issues that match your filters.

              Category
              Status