BindaCMS/binda

View on GitHub

Showing 81 of 81 total issues

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (5.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (5.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

Possible Strong Parameters Bypass in ActionPack
Open

    actionpack (5.2.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8164

Criticality: High

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Potential XSS vulnerability in Action View
Open

    actionview (5.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-15169

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3

Possible XSS vulnerability in ActionView
Open

    actionview (5.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-5267

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2

OS Command Injection in Rake
Open

    rake (12.3.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8130

Criticality: High

URL: https://github.com/advisories/GHSA-jppv-gw3r-w3q8

Solution: upgrade to >= 12.3.3

Possible DoS Vulnerability in Action Controller Token Authentication
Open

    actionpack (5.2.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22904

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2

CSRF Vulnerability in rails-ujs
Open

    actionview (5.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

Method get_relation_dependents has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

            def get_relation_dependents(field_slug, instance_type = nil)
                raise ArgumentError, "There isn't any instance named: #{instance_type}. Make sure is either 'component' or 'board'", caller if !instance_type.nil? && ['board','component'].include?(instance_type)
                
                dependents = get_dependents(instance_type, field_slug)
                
Severity: Minor
Found in app/models/concerns/binda/default_helpers.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method create has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

    def create
      build_resource( sign_up_params )

      resource.save
      yield resource if block_given?
Severity: Minor
Found in app/controllers/binda/users/registrations_controller.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

end at 31, 4 is not aligned with def at 23, 2.
Open

    end
Severity: Minor
Found in app/models/binda/board.rb by rubocop

This cop checks whether the end keywords of method definitions are aligned properly.

Two modes are supported through the EnforcedStyleAlignWith configuration parameter. If it's set to start_of_line (which is the default), the end shall be aligned with the start of the line where the def keyword is. If it's set to def, the end shall be aligned with the def keyword.

Example: EnforcedStyleAlignWith: startofline (default)

# bad

private def foo
            end

# good

private def foo
end

Example: EnforcedStyleAlignWith: def

# bad

private def foo
            end

# good

private def foo
        end

end at 58, 2 is not aligned with def at 56, 4.
Open

        end
Severity: Minor
Found in app/models/binda/component.rb by rubocop

This cop checks whether the end keywords of method definitions are aligned properly.

Two modes are supported through the EnforcedStyleAlignWith configuration parameter. If it's set to start_of_line (which is the default), the end shall be aligned with the start of the line where the def keyword is. If it's set to def, the end shall be aligned with the def keyword.

Example: EnforcedStyleAlignWith: startofline (default)

# bad

private def foo
            end

# good

private def foo
end

Example: EnforcedStyleAlignWith: def

# bad

private def foo
            end

# good

private def foo
        end

TODO found
Open

    // TODO add a fallback if request fails

TODO found
Open

        # TODO it shouldn't be possible to add another choice to a radio button. 
Severity: Minor
Found in app/models/binda/choice.rb by fixme

TODO found
Open

      # TODO params should be passed into a permit method

TODO found
Open

        # TODO this MUST be optimized
Severity: Minor
Found in app/models/binda/field_setting.rb by fixme

TODO found
Open

<%# TODO: refactor in order to have a single depenedent field, not one per instance type %>

TODO found
Open

        # TODO: Update all helpers replacing `find` method with ruby `select`. 

TODO found
Open

Populate `binda_new_feature.gemspec` with dependencies and replace every `TODO` with a content that makes sense.
Severity: Minor
Found in README.md by fixme

TODO found
Open

    # TODO check if find_or_create_a_field_by method should be used instead (it's used in editors views)
Severity
Category
Status
Source
Language