Sign upLogin

ronin-rb/ronin-vulns

View on GitHub
Star

Showing 20 of 30 total issues

File web_vuln.rb has 277 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'ronin/vulns/vuln'
require 'ronin/vulns/web_vuln/http_request'
require 'ronin/support/network/http'

require 'chars'
Severity: Minor
Found in lib/ronin/vulns/web_vuln.rb - About 2 hrs to fix

    Method scan has a Cognitive Complexity of 18 (exceeds 5 allowed). Consider refactoring.
    Open

          def self.scan(url, query_params:  nil,
                         header_names:  nil,
                         cookie_params: nil,
                         form_params:   nil,
                         http:          nil,
    Severity: Minor
    Found in lib/ronin/vulns/web_vuln.rb - About 2 hrs to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Method scan has 38 lines of code (exceeds 25 allowed). Consider refactoring.
    Open

          def self.scan(url, query_params:  nil,
                         header_names:  nil,
                         cookie_params: nil,
                         form_params:   nil,
                         http:          nil,
    Severity: Minor
    Found in lib/ronin/vulns/web_vuln.rb - About 1 hr to fix

      Method original_value has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
      Open

            def original_value
        if @query_param
          @url.query_params[@query_param]
        elsif @header_name
          @headers[@header_name] if @headers
      Severity: Minor
      Found in lib/ronin/vulns/web_vuln.rb - About 1 hr to fix

      Cognitive Complexity

      Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

      A method's cognitive complexity is based on a few simple rules:

      • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
      • Code is considered more complex for each "break in the linear flow of the code"
      • Code is considered more complex when "flow breaking structures are nested"

      Further reading

      Method vulnerable? has 26 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

            def vulnerable?
        response = exploit(@test_url)

        case response.code
        when '301', '302', '303', '307', '308'
      Severity: Minor
      Found in lib/ronin/vulns/open_redirect.rb - About 1 hr to fix

        Method escape has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
        Open

              def escape(sql)
        sqli = if sql.start_with?(';')
                 "#{@escape_string}#{sql}"
               else
                 "#{@escape_string} #{sql}"
        Severity: Minor
        Found in lib/ronin/vulns/sqli.rb - About 55 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method to_http has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
        Open

                def to_http
          request = []
          request << "#{@request_method.upcase} #{@url.request_uri} HTTP/1.1"

          if (@form_data && !@form_data.empty?)
        Severity: Minor
        Found in lib/ronin/vulns/web_vuln/http_request.rb - About 55 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method run has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
        Open

                def run(*urls)
          unless (options[:input] || !urls.empty?)
            print_error "must specify URL(s) or --input"
            exit(-1)
          end
        Severity: Minor
        Found in lib/ronin/vulns/cli/web_vuln_command.rb - About 55 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method scan_cookie_params has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
        Open

              def self.scan_cookie_params(url,cookie_params=nil, http: nil, **kwargs)
        url    = URI(url)
        http ||= Support::Network::HTTP.connect_uri(url)

        unless cookie_params
        Severity: Minor
        Found in lib/ronin/vulns/web_vuln.rb - About 45 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method identify has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
        Open

                def self.identify(body,index)
          prefix = body[0,index]

          if    (match = prefix.match(IN_TAG_BODY))
            new(:tag_body, tag: match[1])
        Severity: Minor
        Found in lib/ronin/vulns/reflected_xss/context.rb - About 45 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method to_curl has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
        Open

                def to_curl
          escape = ->(str) { "'#{str.to_s.tr("'","\\'")}'" }

          command = ['curl']
        Severity: Minor
        Found in lib/ronin/vulns/web_vuln/http_request.rb - About 45 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method process_url has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
        Open

                def process_url(url)
          unless url.start_with?('http://') || url.start_with?('https://')
            print_error("URL must start with http:// or https://: #{url.inspect}")
            exit(-1)
          end
        Severity: Minor
        Found in lib/ronin/vulns/cli/web_vuln_command.rb - About 35 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method scan_query_params has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
        Open

              def self.scan_query_params(url,query_params=nil, http: nil, **kwargs)
        url    = URI(url)
        http ||= Support::Network::HTTP.connect_uri(url)

        query_params ||= url.query_params.keys
        Severity: Minor
        Found in lib/ronin/vulns/web_vuln.rb - About 35 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method scan has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
        Open

              def self.scan(url, lfi:  {},
                         rfi:  {},
                         sqli: {},
                         ssti: {},
                         reflected_xss: {},
        Severity: Minor
        Found in lib/ronin/vulns/url_scanner.rb - About 25 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method test_sleep has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
        Open

              def test_sleep
        SLEEP_TESTS.each do |sql|
          [sql, ";SELECT #{sql}"].each do |sqli|
            start_time = Time.now
            response   = exploit(sqli)
        Severity: Minor
        Found in lib/ronin/vulns/sqli.rb - About 25 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method vulnerable? has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
        Open

              def vulnerable?
        response = exploit(@test_url)

        case response.code
        when '301', '302', '303', '307', '308'
        Severity: Minor
        Found in lib/ronin/vulns/open_redirect.rb - About 25 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method log_vuln has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
        Open

                def log_vuln(vuln)
          vuln_name = vuln_type(vuln)
          location  = if vuln.query_param
                        "query param '#{vuln.query_param}'"
                      elsif vuln.header_name
        Severity: Minor
        Found in lib/ronin/vulns/cli/logging.rb - About 25 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method scan_headers has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
        Open

              def self.scan_headers(url,header_names, http: nil, **kwargs)
        url    = URI(url)
        http ||= Support::Network::HTTP.connect_uri(url)

        vulns = []
        Severity: Minor
        Found in lib/ronin/vulns/web_vuln.rb - About 25 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method escape has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
        Open

              def escape(path)
        if @os == :windows && path.start_with?('C:\\')
          # escape absolute Windows paths to the C: drive
          "#{@escape_path}#{path[3..]}"
        elsif @os == :windows && path =~ /\A[A-Z]:/
        Severity: Minor
        Found in lib/ronin/vulns/lfi.rb - About 25 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Method scan_form_params has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
        Open

              def self.scan_form_params(url,form_params, http: nil, **kwargs)
        url    = URI(url)
        http ||= Support::Network::HTTP.connect_uri(url)

        vulns = []
        Severity: Minor
        Found in lib/ronin/vulns/web_vuln.rb - About 25 mins to fix

        Cognitive Complexity

        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

        A method's cognitive complexity is based on a few simple rules:

        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
        • Code is considered more complex for each "break in the linear flow of the code"
        • Code is considered more complex when "flow breaking structures are nested"

        Further reading

        Severity
        Category
        Status
        Source
        Language