MakersNetwork/agenda-saude

View on GitHub

Showing 48 of 48 total issues

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.11.7)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.3.0)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Method schedule has a Cognitive Complexity of 14 (exceeds 10 allowed). Consider refactoring.
Open

  def schedule(patient:, ubs_id:, from:, reschedule:)
    return [CONDITIONS_UNMET] unless patient.can_schedule?

    current_appointment = patient.appointments.current

Severity: Minor
Found in app/services/appointment_scheduler.rb - About 55 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (6.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22795

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible XSS Vulnerability in Action Pack
Open

    actionpack (6.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-22577

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Denial of Service Vulnerability in Rack Content-Disposition parsing
Open

    rack (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44571

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

ReDoS based DoS vulnerability in Action Dispatch
Open

    actionpack (6.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22792

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Possible RCE escalation bug with Serialized Columns in Active Record
Open

    activerecord (6.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-32224

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1

SQL Injection Vulnerability via ActiveRecord comments
Open

    activerecord (6.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22794

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 6.0.6.1, ~> 6.0.6, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (6.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Denial of service via header parsing in Rack
Open

    rack (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44570

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1

Denial of service via multipart parsing in Rack
Open

    rack (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44572

URL: https://github.com/rack/rack/releases/tag/v3.0.4.1

Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (6.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (6.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Trailing whitespace detected.
Open

      .update_all(patient_id: patient_id, 

This cop looks for trailing whitespace in the source code.

Example:

# The line in this example contains spaces after the 0.
# bad
x = 0

# The line in this example ends directly after the 0.
# good
x = 0

Example: AllowInHeredoc: false (default)

# The line in this example contains spaces after the 0.
# bad
code = <<~RUBY
  x = 0
RUBY

# ok
code = <<~RUBY
  x = 0 #{}
RUBY

# good
trailing_whitespace = ' '
code = <<~RUBY
  x = 0#{trailing_whitespace}
RUBY

Example: AllowInHeredoc: true

# The line in this example contains spaces after the 0.
# good
code = <<~RUBY
  x = 0
RUBY

Possible code injection vulnerability in Rails / Active Storage
Open

    activestorage (6.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-21831

Criticality: Critical

URL: https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI

Solution: upgrade to >= 5.2.6.3, ~> 5.2.6, >= 6.0.4.7, ~> 6.0.4, >= 6.1.4.7, ~> 6.1.4, >= 7.0.2.3

Use the return of the conditional for variable assignment and comparison.
Open

    if rescheduled
      appointment = Appointment.waiting.not_scheduled
    else
      appointment = Appointment.available_doses
    end

Possible Open Redirect in Host Authorization Middleware
Open

    actionpack (6.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-22942

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c

Solution: upgrade to >= 6.0.4.1, ~> 6.0.4, >= 6.1.4.1

Denial of Service Vulnerability in Rack Multipart Parsing
Open

    rack (2.2.3)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30122

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Trailing whitespace detected.
Open

    

This cop looks for trailing whitespace in the source code.

Example:

# The line in this example contains spaces after the 0.
# bad
x = 0

# The line in this example ends directly after the 0.
# good
x = 0

Example: AllowInHeredoc: false (default)

# The line in this example contains spaces after the 0.
# bad
code = <<~RUBY
  x = 0
RUBY

# ok
code = <<~RUBY
  x = 0 #{}
RUBY

# good
trailing_whitespace = ' '
code = <<~RUBY
  x = 0#{trailing_whitespace}
RUBY

Example: AllowInHeredoc: true

# The line in this example contains spaces after the 0.
# good
code = <<~RUBY
  x = 0
RUBY
Severity
Category
Status
Source
Language