Sign upLogin

Growstuff/growstuff

View on GitHub
Star

Showing 3,995 of 4,033 total issues

Server side request forgery in gibbon
Open

    gibbon (1.2.1)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-27311

Criticality: Critical

URL: https://github.com/amro/gibbon/pull/321

Solution: upgrade to >= 3.4.4

CSRF vulnerability in OmniAuth's request phase
Open

    omniauth (1.9.2)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2015-9284

Criticality: High

URL: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284

Solution: upgrade to >= 2.0.0

Class Crop has 22 methods (exceeds 20 allowed). Consider refactoring.
Open

class Crop < ApplicationRecord
  extend FriendlyId
  include PhotoCapable
  include OpenFarmData
  include GbifData
Severity: Minor
Found in app/models/crop.rb - About 2 hrs to fix

Method show has 38 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def show
    @member        = Member.confirmed.kept.find_by!(slug: params[:slug])
    @twitter_auth  = @member.auth('twitter')
    @flickr_auth   = @member.auth('flickr')
    @posts         = @member.posts
Severity: Minor
Found in app/controllers/members_controller.rb - About 1 hr to fix

Method create has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring.
Open

  def create
    auth = request.env['omniauth.auth']
    action = Growstuff::OauthSignupAction.new

    @authentication = nil
Severity: Minor
Found in app/controllers/omniauth_callbacks_controller.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method planting_reminder has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.
Open

  def planting_reminder(member)
    @member = member
    @sitename = ENV['GROWSTUFF_SITE_NAME']

    @late = []
Severity: Minor
Found in app/mailers/notifier_mailer.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method show has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def show
    @member        = Member.confirmed.kept.find_by!(slug: params[:slug])
    @twitter_auth  = @member.auth('twitter')
    @flickr_auth   = @member.auth('flickr')
    @posts         = @member.posts
Severity: Minor
Found in app/controllers/members_controller.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def create
    ActiveRecord::Base.transaction do
      @photo = find_or_create_photo_from_flickr_photo
      @item = item_to_link_to
      raise "Could not find this #{type} owned by you" unless @item
Severity: Minor
Found in app/controllers/photos_controller.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method planting_status has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
Open

  def planting_status(planting)
    if planting.crop.perennial
      t 'planting.status.perennial'
    elsif planting.finished?
      t 'planting.status.finished'
Severity: Minor
Found in app/helpers/plantings_helper.rb - About 45 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Identical blocks of code found in 2 locations. Consider refactoring.
Open

    @member.plantings.active.annual.each do |planting|
      if planting.finish_is_predicatable?
        if planting.super_late?
          @super_late << planting
        elsif planting.late?
Severity: Minor
Found in app/mailers/notifier_mailer.rb and 1 other location - About 25 mins to fix
app/controllers/members_controller.rb on lines 30..40

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 31.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Identical blocks of code found in 2 locations. Consider refactoring.
Open

    @member.plantings.active.annual.each do |planting|
      if planting.finish_is_predicatable?
        if planting.super_late?
          @super_late << planting
        elsif planting.late?
Severity: Minor
Found in app/controllers/members_controller.rb and 1 other location - About 25 mins to fix
app/mailers/notifier_mailer.rb on lines 37..47

Duplicated Code

Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

Tuning

This issue has a mass of 31.

We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

Refactorings

Further Reading

Method display_human_quantity has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def display_human_quantity(harvest)
    return unless harvest.quantity.present? && harvest.quantity > 0

    if harvest.unit == 'individual' # just the number
      number_to_human(harvest.quantity, strip_insignificant_zeros: true)
Severity: Minor
Found in app/helpers/harvests_helper.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method thumbnail_url has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

    def thumbnail_url
      df = default_photo

      return unless df
Severity: Minor
Found in app/models/concerns/photo_capable.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method display_garden_plantings has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

  def display_garden_plantings(plantings)
    if plantings.blank?
      "None"
    else
      output = '<ul class="plantings">'
Severity: Minor
Found in app/helpers/gardens_helper.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Files should end with a trailing newline
Open

}
Severity: Minor
Found in app/assets/stylesheets/_members.scss by scss-lint

Selector should have depth of applicability no greater than 2, but was 4
Open

      a {
Severity: Minor
Found in app/assets/stylesheets/_seeds.scss by scss-lint

Selector should have depth of applicability no greater than 2, but was 3
Open

    strong {
Severity: Minor
Found in app/assets/stylesheets/overrides.scss by scss-lint

Selector should have depth of applicability no greater than 2, but was 3
Open

    a:active {
Severity: Minor
Found in app/assets/stylesheets/overrides.scss by scss-lint

Selector should have depth of applicability no greater than 2, but was 3
Open

    h3 {
Severity: Minor
Found in app/assets/stylesheets/_harvests.scss by scss-lint

This } is literal. Check expression (missing ;/\n?) or quote it.
Open

      response=$(curl --write-out %{http_code} --silent --output /dev/null $host)
Severity: Minor
Found in script/check_elasticsearch.sh by shellcheck

This {/} is literal. Check expression (missing ;/\n?) or quote it.

Problematic code:

rmf() { rm -f "$@" }

or

eval echo \${foo}

Correct code:

rmf() { rm -f "$@"; }

and

eval "echo \${foo}"

Rationale:

Curly brackets are normally used as syntax in parameter expansion, command grouping and brace expansion.

However, if they don't appear alone at the start of an expression or as part of a parameter or brace expansion, the shell silently treats them as literals. This frequently indicates a bug, so ShellCheck warns about it.

In the example function, the } is literal because it's not at the start of an expression. We fix it by adding a ; before it.

In the example eval, the code works fine. However, we can quiet the warning and follow good practice by adding quotes around the literal data.

ShellCheck does not warn about {}, since this is frequently used with find and rarely indicates a bug.

Exceptions

This error is harmless when the curly brackets are supposed to be literal, in e.g. awk {'print $1'}. However, it's cleaner and less error prone to simply include them inside the quotes: awk '{print $1}'.

Notice

Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.

Severity
Category
Status
Source
Language