Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star
modules/post/multi/gather/lastpass_creds.rb

Summary

Maintainability
F
1 wk
Test Coverage

File lastpass_creds.rb has 697 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'English'
require 'sqlite3'
require 'uri'

class MetasploitModule < Msf::Post
Severity: Major
Found in modules/post/multi/gather/lastpass_creds.rb - About 1 day to fix

    Method extract_vault_and_iterations has a Cognitive Complexity of 45 (exceeds 5 allowed). Consider refactoring.
    Open

      def extract_vault_and_iterations(account_map)
    account_map.each_pair do |account, browser_map|
      browser_map.each_pair do |browser, lp_data|
        lp_data['lp_creds'].each_pair do |username, _user_data|
          if browser.match(/Firefox|IE/)
    Severity: Minor
    Found in modules/post/multi/gather/lastpass_creds.rb - About 6 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method decrypt_local_vault_key has a Cognitive Complexity of 44 (exceeds 5 allowed). Consider refactoring.
    Open

      def decrypt_local_vault_key(account, browser_map)
    data = nil
    session_cookie_value = nil

    browser_map.each_pair do |browser, lp_data|
    Severity: Minor
    Found in modules/post/multi/gather/lastpass_creds.rb - About 6 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method extract_credentials has a Cognitive Complexity of 43 (exceeds 5 allowed). Consider refactoring.
    Open

      def extract_credentials(account_map)
    account_map.each_pair do |account, browser_map|
      browser_map.each_pair do |browser, lp_data|
        account_map[account][browser]['lp_creds'] = {}
        if browser.match(/Firefox|IE/)
    Severity: Minor
    Found in modules/post/multi/gather/lastpass_creds.rb - About 6 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method print_vault_passwords has a Cognitive Complexity of 31 (exceeds 5 allowed). Consider refactoring.
    Open

      def print_vault_passwords(account_map)
    account_map.each_pair do |_account, browser_map|
      browser_map.each_pair do |browser, lp_data|
        lp_data['lp_creds'].each_pair do |username, user_data|
          lastpass_vault_data_table = Rex::Text::Table.new(
    Severity: Minor
    Found in modules/post/multi/gather/lastpass_creds.rb - About 4 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method ie_firefox_credentials has a Cognitive Complexity of 28 (exceeds 5 allowed). Consider refactoring.
    Open

      def ie_firefox_credentials(prefs_path, localstorage_db_path)
    credentials = []
    data = nil

    if prefs_path.nil? # IE
    Severity: Minor
    Found in modules/post/multi/gather/lastpass_creds.rb - About 4 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Class MetasploitModule has 30 methods (exceeds 20 allowed). Consider refactoring.
    Open

    class MetasploitModule < Msf::Post
  include Msf::Post::File
  include Msf::Post::Windows::UserProfiles
  include Msf::Post::OSX::System
  include Msf::Post::Unix
    Severity: Minor
    Found in modules/post/multi/gather/lastpass_creds.rb - About 3 hrs to fix

      Method extract_vault_keys has a Cognitive Complexity of 25 (exceeds 5 allowed). Consider refactoring.
      Open

        def extract_vault_keys(account_map)
    account_map.each_pair do |account, browser_map|
      browser_map.each_pair do |browser, lp_data|
        browser_checked = false # Track if local stored vault key was already decrypted for this browser (only one session cookie)
        lp_data['lp_creds'].each_pair do |username, user_data|
      Severity: Minor
      Found in modules/post/multi/gather/lastpass_creds.rb - About 3 hrs to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method extract_2fa_tokens has a Cognitive Complexity of 23 (exceeds 5 allowed). Consider refactoring.
      Open

        def extract_2fa_tokens(account_map)
    account_map.each_pair do |account, browser_map|
      browser_map.each_pair do |browser, lp_data|
        if browser.match(/Firefox|IE/)
          path = lp_data['localstorage_db'] + system_separator + 'lp.suid'
      Severity: Minor
      Found in modules/post/multi/gather/lastpass_creds.rb - About 3 hrs to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method build_account_map has 80 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def build_account_map
    profiles = user_profiles
    account_map = {}

    profiles.each do |user_profile|
      Severity: Major
      Found in modules/post/multi/gather/lastpass_creds.rb - About 3 hrs to fix

        Method build_account_map has a Cognitive Complexity of 21 (exceeds 5 allowed). Consider refactoring.
        Open

          def build_account_map
    profiles = user_profiles
    account_map = {}

    profiles.each do |user_profile|
        Severity: Minor
        Found in modules/post/multi/gather/lastpass_creds.rb - About 2 hrs to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method decrypt_local_vault_key has 64 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def decrypt_local_vault_key(account, browser_map)
    data = nil
    session_cookie_value = nil

    browser_map.each_pair do |browser, lp_data|
        Severity: Major
        Found in modules/post/multi/gather/lastpass_creds.rb - About 2 hrs to fix

          Method extract_otpbin has a Cognitive Complexity of 14 (exceeds 5 allowed). Consider refactoring.
          Open

            def extract_otpbin(browser, username, lp_data)
    if browser.match(/Firefox|IE/)
      if browser == 'Firefox'
        path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + '_ff.sotp'
      else # IE
          Severity: Minor
          Found in modules/post/multi/gather/lastpass_creds.rb - About 1 hr to fix

          Cognitive Complexity

          Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

          A method's cognitive complexity is based on a few simple rules:

          • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
          • Code is considered more complex for each "break in the linear flow of the code"
          • Code is considered more complex when "flow breaking structures are nested"

          Further reading

          Method extract_vault_and_iterations has 41 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def extract_vault_and_iterations(account_map)
    account_map.each_pair do |account, browser_map|
      browser_map.each_pair do |browser, lp_data|
        lp_data['lp_creds'].each_pair do |username, _user_data|
          if browser.match(/Firefox|IE/)
          Severity: Minor
          Found in modules/post/multi/gather/lastpass_creds.rb - About 1 hr to fix

            Method extract_credentials has 40 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def extract_credentials(account_map)
    account_map.each_pair do |account, browser_map|
      browser_map.each_pair do |browser, lp_data|
        account_map[account][browser]['lp_creds'] = {}
        if browser.match(/Firefox|IE/)
            Severity: Minor
            Found in modules/post/multi/gather/lastpass_creds.rb - About 1 hr to fix

              Method parse_vault_account has a Cognitive Complexity of 13 (exceeds 5 allowed). Consider refactoring.
              Open

                def parse_vault_account(chunk, vault_key)
    pointer = 22 # Starting position to find data to decrypt
    labels = ['name', 'folder', 'url', 'notes', 'undefined', 'undefined2', 'username', 'password']
    vault_data = []
    for label in labels
              Severity: Minor
              Found in modules/post/multi/gather/lastpass_creds.rb - About 1 hr to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method print_vault_passwords has 39 lines of code (exceeds 25 allowed). Consider refactoring.
              Open

                def print_vault_passwords(account_map)
    account_map.each_pair do |_account, browser_map|
      browser_map.each_pair do |browser, lp_data|
        lp_data['lp_creds'].each_pair do |username, user_data|
          lastpass_vault_data_table = Rex::Text::Table.new(
              Severity: Minor
              Found in modules/post/multi/gather/lastpass_creds.rb - About 1 hr to fix

                Method ie_firefox_credentials has 36 lines of code (exceeds 25 allowed). Consider refactoring.
                Open

                  def ie_firefox_credentials(prefs_path, localstorage_db_path)
    credentials = []
    data = nil

    if prefs_path.nil? # IE
                Severity: Minor
                Found in modules/post/multi/gather/lastpass_creds.rb - About 1 hr to fix

                  Method initialize has 35 lines of code (exceeds 25 allowed). Consider refactoring.
                  Open

                    def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'LastPass Vault Decryptor',
                  Severity: Minor
                  Found in modules/post/multi/gather/lastpass_creds.rb - About 1 hr to fix

                    Method read_registry_key_value has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def read_registry_key_value(key, value)
    begin
      root_key, base_key = session.sys.registry.splitkey(key)
      reg_key = session.sys.registry.open_key(root_key, base_key, KEY_READ)
      return nil unless reg_key
                    Severity: Minor
                    Found in modules/post/multi/gather/lastpass_creds.rb - About 45 mins to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method find_db_paths has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
                    Open

                      def find_db_paths(path, browser, account)
    paths = []

    vprint_status "Checking #{account}'s #{browser}"
    if browser == 'IE' # Special case for IE
                    Severity: Minor
                    Found in modules/post/multi/gather/lastpass_creds.rb - About 45 mins to fix

                    Cognitive Complexity

                    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                    A method's cognitive complexity is based on a few simple rules:

                    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                    • Code is considered more complex for each "break in the linear flow of the code"
                    • Code is considered more complex when "flow breaking structures are nested"

                    Further reading

                    Method loot_file has 5 arguments (exceeds 4 allowed). Consider refactoring.
                    Open

                      def loot_file(path, data, title, type, description)
                    Severity: Minor
                    Found in modules/post/multi/gather/lastpass_creds.rb - About 35 mins to fix

                      Method extract_local_encrypted_vault_key has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
                      Open

                        def extract_local_encrypted_vault_key(browser, username, lp_data)
    if browser.match(/Firefox|IE/)
      encrypted_key_path = lp_data['localstorage_db'] + system_separator + OpenSSL::Digest::SHA256.hexdigest(username) + '_lpall.slps'
      encrypted_vault_key = read_remote_file(encrypted_key_path)
      encrypted_vault_key = windows_unprotect(encrypted_vault_key) if !encrypted_vault_key.nil? && encrypted_vault_key.match(/^AQAAA.+/) # Verify Windows protection
                      Severity: Minor
                      Found in modules/post/multi/gather/lastpass_creds.rb - About 35 mins to fix

                      Cognitive Complexity

                      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                      A method's cognitive complexity is based on a few simple rules:

                      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                      • Code is considered more complex for each "break in the linear flow of the code"
                      • Code is considered more complex when "flow breaking structures are nested"

                      Further reading

                      There are no issues that match your filters.

                      Category
                      Status