Sign upLogin

rastating/wordpress-exploit-framework

View on GitHub
Star
lib/wpxf/modules/auxiliary/dos/long_password_dos.rb

Summary

Maintainability
B
4 hrs
Test Coverage

Assignment Branch Condition size for run is too high. [30.82/15]
Open

  def run
    return false unless super

    if should_validate_user?
      emit_info "Checking if user \"#{username}\" exists..."
Severity: Minor
Found in lib/wpxf/modules/auxiliary/dos/long_password_dos.rb by rubocop

This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

Method initialize has 51 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def initialize
    super

    update_info(
      name: 'Long Password DoS',
Severity: Major
Found in lib/wpxf/modules/auxiliary/dos/long_password_dos.rb - About 2 hrs to fix

    Assignment Branch Condition size for check is too high. [15.43/15]
    Open

      def check
    target_version = wordpress_version
    vuln_ranges = [
      [Gem::Version.new('0'), Gem::Version.new('3.7.5')],
      [Gem::Version.new('3.8'), Gem::Version.new('3.8.5')],
    Severity: Minor
    Found in lib/wpxf/modules/auxiliary/dos/long_password_dos.rb by rubocop

    This cop checks that the ABC size of methods is not higher than the configured maximum. The ABC size is based on assignments, branches (method calls), and conditions. See http://c2.com/cgi/wiki?AbcMetric

    Method run has 33 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

      def run
    return false unless super

    if should_validate_user?
      emit_info "Checking if user \"#{username}\" exists..."
    Severity: Minor
    Found in lib/wpxf/modules/auxiliary/dos/long_password_dos.rb - About 1 hr to fix

      Method run has a Cognitive Complexity of 11 (exceeds 5 allowed). Consider refactoring.
      Open

        def run
    return false unless super

    if should_validate_user?
      emit_info "Checking if user \"#{username}\" exists..."
      Severity: Minor
      Found in lib/wpxf/modules/auxiliary/dos/long_password_dos.rb - About 1 hr to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Prefer single-quoted strings when you don't need string interpolation or special symbols.
      Open

          emit_info "Generating payload..."
      Severity: Minor
      Found in lib/wpxf/modules/auxiliary/dos/long_password_dos.rb by rubocop

      Checks if uses of quotes match the configured preference.

      Example: EnforcedStyle: single_quotes (default)

      # bad
"No special symbols"
"No string interpolation"
"Just text"

# good
'No special symbols'
'No string interpolation'
'Just text'
"Wait! What's #{this}!"

      Example: EnforcedStyle: double_quotes

      # bad
'Just some text'
'No special chars or interpolation'

# good
"Just some text"
"No special chars or interpolation"
"Every string in #{project} uses double_quotes"

      Unused block argument - res. You can omit the argument if you don't care about it.
      Open

            queue_request(opts) do |res|
      Severity: Minor
      Found in lib/wpxf/modules/auxiliary/dos/long_password_dos.rb by rubocop

      This cop checks for unused block arguments.

      Example:

      # bad

do_something do |used, unused|
  puts used
end

do_something do |bar|
  puts :foo
end

define_method(:foo) do |bar|
  puts :baz
end

      Example:

      #good

do_something do |used, _unused|
  puts used
end

do_something do
  puts :foo
end

define_method(:foo) do |_bar|
  puts :baz
end

      Use (complete_requests % 10).zero? instead of complete_requests % 10 == 0.
      Open

              emit_warning("#{complete_requests} requests executed") if complete_requests % 10 == 0
      Severity: Minor
      Found in lib/wpxf/modules/auxiliary/dos/long_password_dos.rb by rubocop

      This cop checks for usage of comparison operators (==, >, <) to test numbers as zero, positive, or negative. These can be replaced by their respective predicate methods. The cop can also be configured to do the reverse.

      The cop disregards #nonzero? as it its value is truthy or falsey, but not true and false, and thus not always interchangeable with != 0.

      The cop ignores comparisons to global variables, since they are often populated with objects which can be compared with integers, but are not themselves Interger polymorphic.

      Example: EnforcedStyle: predicate (default)

      # bad

foo == 0
0 > foo
bar.baz > 0

# good

foo.zero?
foo.negative?
bar.baz.positive?

      Example: EnforcedStyle: comparison

      # bad

foo.zero?
foo.negative?
bar.baz.positive?

# good

foo == 0
0 > foo
bar.baz > 0

      There are no issues that match your filters.

      Category
      Status