Showing 81 of 81 total issues
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open
activerecord (5.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44566
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible RCE escalation bug with Serialized Columns in Active Record Open
activerecord (5.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1
Possible Strong Parameters Bypass in ActionPack Open
actionpack (5.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8164
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Potential XSS vulnerability in Action View Open
actionview (5.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-15169
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc
Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3
Possible XSS vulnerability in ActionView Open
actionview (5.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-5267
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2
OS Command Injection in Rake Open
rake (12.3.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8130
Criticality: High
URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8
Solution: upgrade to >= 12.3.3
Possible DoS Vulnerability in Action Controller Token Authentication Open
actionpack (5.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22904
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
CSRF Vulnerability in rails-ujs Open
actionview (5.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8167
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Method get_relation_dependents
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def get_relation_dependents(field_slug, instance_type = nil)
raise ArgumentError, "There isn't any instance named: #{instance_type}. Make sure is either 'component' or 'board'", caller if !instance_type.nil? && ['board','component'].include?(instance_type)
dependents = get_dependents(instance_type, field_slug)
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method create
has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring. Open
def create
build_resource( sign_up_params )
resource.save
yield resource if block_given?
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
end
at 31, 4 is not aligned with def
at 23, 2. Open
end
- Read upRead up
- Exclude checks
This cop checks whether the end keywords of method definitions are aligned properly.
Two modes are supported through the EnforcedStyleAlignWith configuration
parameter. If it's set to start_of_line
(which is the default), the
end
shall be aligned with the start of the line where the def
keyword is. If it's set to def
, the end
shall be aligned with the
def
keyword.
Example: EnforcedStyleAlignWith: startofline (default)
# bad
private def foo
end
# good
private def foo
end
Example: EnforcedStyleAlignWith: def
# bad
private def foo
end
# good
private def foo
end
end
at 58, 2 is not aligned with def
at 56, 4. Open
end
- Read upRead up
- Exclude checks
This cop checks whether the end keywords of method definitions are aligned properly.
Two modes are supported through the EnforcedStyleAlignWith configuration
parameter. If it's set to start_of_line
(which is the default), the
end
shall be aligned with the start of the line where the def
keyword is. If it's set to def
, the end
shall be aligned with the
def
keyword.
Example: EnforcedStyleAlignWith: startofline (default)
# bad
private def foo
end
# good
private def foo
end
Example: EnforcedStyleAlignWith: def
# bad
private def foo
end
# good
private def foo
end
TODO found Open
// TODO add a fallback if request fails
- Exclude checks
TODO found Open
# TODO it shouldn't be possible to add another choice to a radio button.
- Exclude checks
TODO found Open
# TODO params should be passed into a permit method
- Exclude checks
TODO found Open
# TODO this MUST be optimized
- Exclude checks
TODO found Open
<%# TODO: refactor in order to have a single depenedent field, not one per instance type %>
- Exclude checks
TODO found Open
# TODO: Update all helpers replacing `find` method with ruby `select`.
- Exclude checks
TODO found Open
Populate `binda_new_feature.gemspec` with dependencies and replace every `TODO` with a content that makes sense.
- Exclude checks
TODO found Open
# TODO check if find_or_create_a_field_by method should be used instead (it's used in editors views)
- Exclude checks