Showing 792 of 792 total issues
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.2.4.1)- Read upRead up
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Method <=> has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def <=> other
if (@sym == :what_they_do && other.sym == :how_they_help) || (@sym == :what_they_do && other.sym == :who_they_help) ||
(@sym == :who_they_help && other.sym == :how_they_help)
-1
elsif @sym == other.sym- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Consider simplifying this complex logical expression. Open
if (@sym == :what_they_do && other.sym == :how_they_help) || (@sym == :what_they_do && other.sym == :who_they_help) ||
(@sym == :who_they_help && other.sym == :how_they_help)
-1
elsif @sym == other.sym
0Method with has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def self.with(listener, params, model_klass = ProposedOrganisationEdit, user_klass = User, mailer_klass = AdminMailer)Method initialize has 5 arguments (exceeds 4 allowed). Consider refactoring. Open
def initialize(listener, params, model_klass, user_klass, mailer_klass)Method create_and_validate has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring. Open
def self.create_and_validate(attributes)
# create!(attributes.select{|k,v| !v.nil?})
create!(attributes.each { |k, v| attributes[k] =v.nil? ? 'No information recorded' : (v.empty? ? 'No information recorded' : v) })
end- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Potentially unsafe model attribute in link_to href Open
<%= sanitize(link_to sanitize(@service.website), sanitize(@service.website), {:target => '_blank'}) %>- Read upRead up
- Exclude checks
Even though Rails will escape the link provided to link_to, values starting with javascript: or data: are unescaped and dangerous.
Brakeman will warn on if user values are used to provide the HREF value in link_to or if they are interpolated at the beginning of a string.
The --url-safe-methods option can be used to specify methods which make URLs safe.
See here for more details.
Potentially unsafe model attribute in link_to href Open
<%= link_to @proposed_organisation_edit.website, @proposed_organisation_edit.website, {:target => '_blank'} if @proposed_organisation_edit.website.present?%>- Read upRead up
- Exclude checks
Even though Rails will escape the link provided to link_to, values starting with javascript: or data: are unescaped and dangerous.
Brakeman will warn on if user values are used to provide the HREF value in link_to or if they are interpolated at the beginning of a string.
The --url-safe-methods option can be used to specify methods which make URLs safe.
See here for more details.
Potentially unsafe model attribute in link_to href Open
<%= link_to @organisation.website, @organisation.website, {:target => '_blank'} if @organisation.website.present?%>- Read upRead up
- Exclude checks
Even though Rails will escape the link provided to link_to, values starting with javascript: or data: are unescaped and dangerous.
Brakeman will warn on if user values are used to provide the HREF value in link_to or if they are interpolated at the beginning of a string.
The --url-safe-methods option can be used to specify methods which make URLs safe.
See here for more details.
Potentially unsafe model attribute in link_to href Open
<h4>Website: <span><%= link_to org.website, org.website, {:target => '_blank'} %></span></h4>- Read upRead up
- Exclude checks
Even though Rails will escape the link provided to link_to, values starting with javascript: or data: are unescaped and dangerous.
Brakeman will warn on if user values are used to provide the HREF value in link_to or if they are interpolated at the beginning of a string.
The --url-safe-methods option can be used to specify methods which make URLs safe.
See here for more details.
Method build_map_markers has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def build_map_markers(organisations)
::MapMarkerJson.build(organisations) do |org, marker|
marker.lat org.latitude
marker.lng org.longitude
marker.infowindow render_to_string(partial: 'organisations/popup', locals: {org: org})- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method show has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def show
render template: 'pages/404', status: 404 and return if @organisation.nil?
organisations = Organisation.where(id: @organisation.id)
@user_opts = current_user ? get_user_options(@organisation) : { grabbable: true }
@user_opts[:can_propose_edits] = current_user.present? && !@user_opts[:editable]- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method render_error has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def render_error(status, error)
raise error unless Rails.env.production?
Rails.logger.error error.message
error.backtrace.each_with_index { |line, index| Rails.logger.error line; break if index >= 5 }- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Line contains inconsistent indentation Open
$('.nav-collapse').collapse('show')- Exclude checks
Line contains inconsistent indentation Open
menu = $('#menuLogin');- Exclude checks
Line contains inconsistent indentation Open
$('#toggle_link').click()- Exclude checks
Line contains inconsistent indentation Open
menu.addClass('open')- Exclude checks
Ability to forge per-form CSRF tokens given a global CSRF token Open
actionpack (5.2.4.1)- Read upRead up
- Exclude checks
Advisory: CVE-2020-8166
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Rule doesn't have all its properties in alphabetical order. Open
.nav-tabs:before, .nav-pills:before, .nav-tabs:after, .nav-pills:after {- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.navbar .btn-navbar .icon-bar {- Exclude checks