Showing 1,441 of 1,441 total issues
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open
nokogiri (1.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-41098
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
Solution: upgrade to >= 1.12.5
Directory traversal in Rack::Directory app bundled with Rack Open
rack (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8161
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
Solution: upgrade to ~> 2.1.3, >= 2.2.0
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23518
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
Solution: upgrade to >= 1.4.4
RuboCop gem Insecure use of /tmp Open
rubocop (0.48.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-8418
Criticality: Low
URL: https://github.com/bbatsov/rubocop/issues/4336
Solution: upgrade to >= 0.49.0
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23519
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
Solution: upgrade to >= 1.4.4
Denial of Service in rubyzip ("zip bombs") Open
rubyzip (1.2.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-16892
Criticality: Medium
URL: https://github.com/rubyzip/rubyzip/pull/403
Solution: upgrade to >= 1.3.0
Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open
rack (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-8184
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
Solution: upgrade to ~> 2.1.4, >= 2.2.3
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32209
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s
Solution: upgrade to >= 1.4.3
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23520
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
Solution: upgrade to >= 1.4.4
Block has too many lines. [105/25] Open
RSpec.describe 'Project setup', type: :request do
before(:each) do
Service.destroy_all
project = FactoryGirl.build(:project)
@current_admin = project.admin
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Block has too many lines. [105/25] Open
RSpec.describe "Problem identifier check", type: :request do
before(:each) do
@project = FactoryGirl.create(:project)
sign_in(@project.admin)
end
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Block has too many lines. [103/25] Open
describe 'bulk creation' do
it 'creates no raw_data for an empty list' do
expect(RawDatum.count).to eq(0)
post api_v1_raw_data_path(auth_token: @auth_token),
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Block has too many lines. [102/25] Open
RSpec.describe InterfaceType, type: :model do
before(:each) do
@interface_type = FactoryGirl.build(:interface_type)
end
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
File project_spec.rb
has 437 lines of code (exceeds 250 allowed). Consider refactoring. Open
require 'rails_helper'
RSpec.describe Project, type: :model do
before(:each) do
@project = FactoryGirl.build(:project)
Block has too many lines. [92/25] Open
RSpec.describe 'AnnotationDocuments internal API', type: :request do
before(:each) do
@annotation_document = FactoryGirl.create(:annotation_document)
@project = @annotation_document.project
sign_in(@project.admin)
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Block has too many lines. [91/25] Open
describe 'zip_to_data' do
it 'can batch process a zip archive with valid files' do
expect(RawDatum.all.count).to eq(0)
file_path = Rails.root.join('spec/fixtures/zip/valid.zip')
batch_result = RawDatum.zip_to_data @raw_datum.project,
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
Block has too many lines. [76/25] Open
RSpec.describe 'Service refresh', type: :request do
before(:each) do
service_url = 'http://example.com/iterate'
stub_request(:get, service_url)
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.
File statistics_spec.rb
has 342 lines of code (exceeds 250 allowed). Consider refactoring. Open
require 'rails_helper'
RSpec.describe 'Statistics API', type: :request do
before(:each) do
@auth_token = ApplicationController.generate_auth_token
Block has too many lines. [69/25] Open
RSpec.describe 'RawData', type: :request do
before(:each) do
@raw_datum = FactoryGirl.create(:raw_datum)
sign_in(@raw_datum.project.admin)
end
- Read upRead up
- Exclude checks
This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.