Showing 81 of 83 total issues
Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open
nokogiri (1.8.3)- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
Solution: upgrade to >= 1.11.4
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation Open
nokogiri (1.8.3)- Read upRead up
- Exclude checks
Advisory: CVE-2020-7595
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1992
Solution: upgrade to >= 1.10.8
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (5.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible exposure of information vulnerability in Action Pack Open
actionpack (5.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23633
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ
Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2
Potential XSS vulnerability in Action View Open
actionview (5.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2020-15169
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc
Solution: upgrade to >= 5.2.4.4, ~> 5.2.4, >= 6.0.3.3
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.8.3)- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.8.3)- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Directory traversal in Rack::Directory app bundled with Rack Open
rack (2.0.5)- Read upRead up
- Exclude checks
Advisory: CVE-2020-8161
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA
Solution: upgrade to ~> 2.1.3, >= 2.2.0
Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open
rails-html-sanitizer (1.0.4)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23519
Criticality: Medium
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
Solution: upgrade to >= 1.4.4
XML Injection in Xerces Java affects Nokogiri Open
nokogiri (1.8.3)- Read upRead up
- Exclude checks
Advisory: CVE-2022-23437
Criticality: Medium
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
Solution: upgrade to >= 1.13.4
Possible Information Disclosure / Unintended Method Execution in Action Pack Open
actionpack (5.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2021-22885
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
Solution: upgrade to ~> 5.2.4.6, ~> 5.2.6, >= 6.0.3.7, ~> 6.0.3, >= 6.1.3.2
Possible XSS vulnerability in ActionView Open
actionview (5.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2020-5267
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8
Solution: upgrade to >= 5.2.4.2, ~> 5.2.4, >= 6.0.2.2
CSRF Vulnerability in rails-ujs Open
actionview (5.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2020-8167
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1
Possible DoS Vulnerability in Active Record PostgreSQL adapter Open
activerecord (5.1.4)- Read upRead up
- Exclude checks
Advisory: CVE-2021-22880
Criticality: Medium
URL: https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI
Solution: upgrade to >= 5.2.4.5, ~> 5.2.4, >= 6.0.3.5, ~> 6.0.3, >= 6.1.2.1
Method search_for has 143 lines of code (exceeds 25 allowed). Consider refactoring. Open
def search_for(options = {})
options.reverse_merge!(size: 10, from: 0)
document_limit = [options[:size].to_i, MAX_RETURNED_DOCUMENTS].min
source = options[:source]
sort_by = options[:sort_by] || :timestampFile position_opening.rb has 346 lines of code (exceeds 250 allowed). Consider refactoring. Open
require 'active_model'
require 'elasticsearch/dsl'
class PositionOpening
include ActiveModel::ModelMethod process_job has a Cognitive Complexity of 16 (exceeds 5 allowed). Consider refactoring. Open
def process_job(job_xml)
end_date_str = job_xml.xpath(XPATHS[:end_date]).inner_text.squish
pubdate = DateTime.parse(job_xml.xpath(XPATHS[:pubdate]).inner_text.squish)
now = DateTime.current.freeze- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method process_job has 47 lines of code (exceeds 25 allowed). Consider refactoring. Open
def process_job(job_xml)
end_date_str = job_xml.xpath(XPATHS[:end_date]).inner_text.squish
pubdate = DateTime.parse(job_xml.xpath(XPATHS[:pubdate]).inner_text.squish)
now = DateTime.current.freezeMethod parse has 35 lines of code (exceeds 25 allowed). Consider refactoring. Open
def parse(query)
query.gsub!(/volunteer(ing)? ?/) do
self.rate_interval_code = 'WC'
nil
endMethod delete_expired_docs has 34 lines of code (exceeds 25 allowed). Consider refactoring. Open
def delete_expired_docs
query = Elasticsearch::DSL::Search.search do
query do
bool do
filter do