Sign upLogin

Dalphi/dalphi

View on GitHub
Star

Showing 1,441 of 1,441 total issues

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.8.1)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

Directory traversal in Rack::Directory app bundled with Rack
Open

    rack (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8161

Criticality: High

URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA

Solution: upgrade to ~> 2.1.3, >= 2.2.0

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23518

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Solution: upgrade to >= 1.4.4

RuboCop gem Insecure use of /tmp
Open

    rubocop (0.48.1)
Severity: Info
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2017-8418

Criticality: Low

URL: https://github.com/bbatsov/rubocop/issues/4336

Solution: upgrade to >= 0.49.0

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23519

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h

Solution: upgrade to >= 1.4.4

Denial of Service in rubyzip ("zip bombs")
Open

    rubyzip (1.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2019-16892

Criticality: Medium

URL: https://github.com/rubyzip/rubyzip/pull/403

Solution: upgrade to >= 1.3.0

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (2.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32209

Criticality: Medium

URL: https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s

Solution: upgrade to >= 1.4.3

Inefficient Regular Expression Complexity in rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23517

Criticality: High

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w

Solution: upgrade to >= 1.4.4

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Block has too many lines. [105/25]
Open

RSpec.describe 'Project setup', type: :request do
  before(:each) do
    Service.destroy_all
    project = FactoryGirl.build(:project)
    @current_admin = project.admin
Severity: Minor
Found in spec/requests/projects/setup_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [105/25]
Open

RSpec.describe "Problem identifier check", type: :request do
  before(:each) do
    @project = FactoryGirl.create(:project)
    sign_in(@project.admin)
  end
Severity: Minor
Found in spec/requests/projects/check_interfaces_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [103/25]
Open

  describe 'bulk creation' do
    it 'creates no raw_data for an empty list' do
      expect(RawDatum.count).to eq(0)

      post api_v1_raw_data_path(auth_token: @auth_token),
Severity: Minor
Found in spec/requests/api/v1/raw_data_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

Block has too many lines. [102/25]
Open

RSpec.describe InterfaceType, type: :model do
  before(:each) do
    @interface_type = FactoryGirl.build(:interface_type)
  end
Severity: Minor
Found in spec/models/interface_type_spec.rb by rubocop

This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

File project_spec.rb has 437 lines of code (exceeds 250 allowed). Consider refactoring.
Open

require 'rails_helper'

RSpec.describe Project, type: :model do
  before(:each) do
    @project = FactoryGirl.build(:project)
Severity: Minor
Found in spec/models/project_spec.rb - About 6 hrs to fix

    Block has too many lines. [92/25]
    Open

    RSpec.describe 'AnnotationDocuments internal API', type: :request do
  before(:each) do
    @annotation_document = FactoryGirl.create(:annotation_document)
    @project = @annotation_document.project
    sign_in(@project.admin)
    Severity: Minor
    Found in spec/requests/annotation_documents_spec.rb by rubocop

    This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

    Block has too many lines. [91/25]
    Open

      describe 'zip_to_data' do
    it 'can batch process a zip archive with valid files' do
      expect(RawDatum.all.count).to eq(0)
      file_path = Rails.root.join('spec/fixtures/zip/valid.zip')
      batch_result = RawDatum.zip_to_data @raw_datum.project,
    Severity: Minor
    Found in spec/models/raw_datum_spec.rb by rubocop

    This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

    Block has too many lines. [76/25]
    Open

    RSpec.describe 'Service refresh', type: :request do
  before(:each) do
    service_url = 'http://example.com/iterate'

    stub_request(:get, service_url)
    Severity: Minor
    Found in spec/requests/services/refresh_spec.rb by rubocop

    This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

    File statistics_spec.rb has 342 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    require 'rails_helper'

RSpec.describe 'Statistics API', type: :request do
  before(:each) do
    @auth_token = ApplicationController.generate_auth_token
    Severity: Minor
    Found in spec/requests/api/v1/statistics_spec.rb - About 4 hrs to fix

      Block has too many lines. [69/25]
      Open

      RSpec.describe 'RawData', type: :request do
  before(:each) do
    @raw_datum = FactoryGirl.create(:raw_datum)
    sign_in(@raw_datum.project.admin)
  end
      Severity: Minor
      Found in spec/requests/projects/raw_data/index_spec.rb by rubocop

      This cop checks if the length of a block exceeds some maximum value. Comment lines can optionally be ignored. The maximum allowed length is configurable. The cop can be configured to ignore blocks passed to certain methods.

      Severity
      Category
      Status
      Source
      Language