Showing 48 of 48 total issues
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.11.7)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.11.7)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4
Method schedule
has a Cognitive Complexity of 14 (exceeds 10 allowed). Consider refactoring. Open
def schedule(patient:, ubs_id:, from:, reschedule:)
return [CONDITIONS_UNMET] unless patient.can_schedule?
current_appointment = patient.appointments.current
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Possible XSS Vulnerability in Action View tag helpers Open
actionview (6.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-27777
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw
Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4
SQL Injection Vulnerability via ActiveRecord comments Open
activerecord (6.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22794
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 6.0.6.1, ~> 6.0.6, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
ReDoS based DoS vulnerability in Active Support’s underscore Open
activesupport (6.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22796
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Denial of Service Vulnerability in Rack Content-Disposition parsing Open
rack (2.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44571
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Denial of service via header parsing in Rack Open
rack (2.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44570
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.2, ~> 2.2.6, >= 3.0.4.1
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (6.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22795
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible XSS Vulnerability in Action Pack Open
actionpack (6.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-22577
Criticality: Medium
URL: https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI
Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4
Denial of service via multipart parsing in Rack Open
rack (2.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44572
URL: https://github.com/rack/rack/releases/tag/v3.0.4.1
Solution: upgrade to >= 2.0.9.2, ~> 2.0.9, >= 2.1.4.2, ~> 2.1.4, >= 2.2.6.1, ~> 2.2.6, >= 3.0.4.1
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open
activerecord (6.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-44566
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Possible RCE escalation bug with Serialized Columns in Active Record Open
activerecord (6.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-32224
Criticality: Critical
URL: https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
Solution: upgrade to >= 5.2.8.1, ~> 5.2.8, >= 6.0.5.1, ~> 6.0.5, >= 6.1.6.1, ~> 6.1.6, >= 7.0.3.1
ReDoS based DoS vulnerability in Action Dispatch Open
actionpack (6.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2023-22792
URL: https://github.com/rails/rails/releases/tag/v7.0.4.1
Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1
Use the return of the conditional for variable assignment and comparison. Open
if current_patient.doses.exists?
@appointments_count = Appointment.waiting.not_scheduled
.where(start: from..to, ubs_id: allowed_ubs_ids)
.count
else
- Exclude checks
Trailing whitespace detected. Open
- Read upRead up
- Exclude checks
This cop looks for trailing whitespace in the source code.
Example:
# The line in this example contains spaces after the 0.
# bad
x = 0
# The line in this example ends directly after the 0.
# good
x = 0
Example: AllowInHeredoc: false (default)
# The line in this example contains spaces after the 0.
# bad
code = <<~RUBY
x = 0
RUBY
# ok
code = <<~RUBY
x = 0 #{}
RUBY
# good
trailing_whitespace = ' '
code = <<~RUBY
x = 0#{trailing_whitespace}
RUBY
Example: AllowInHeredoc: true
# The line in this example contains spaces after the 0.
# good
code = <<~RUBY
x = 0
RUBY
Denial of Service Vulnerability in Rack Multipart Parsing Open
rack (2.2.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-30122
Criticality: High
URL: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1
Align .count
with .waiting
on line 25. Open
.count
- Read upRead up
- Exclude checks
This cop checks the indentation of the method name part in method calls that span more than one line.
Example: EnforcedStyle: aligned (default)
# bad
while myvariable
.b
# do something
end
# good
while myvariable
.b
# do something
end
# good
Thing.a
.b
.c
Example: EnforcedStyle: indented
# good
while myvariable
.b
# do something
end
Example: EnforcedStyle: indentedrelativeto_receiver
# good
while myvariable
.a
.b
# do something
end
# good
myvariable = Thing
.a
.b
.c
Possible Open Redirect in Host Authorization Middleware Open
actionpack (6.1.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-22942
Criticality: High
URL: https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c
Solution: upgrade to >= 6.0.4.1, ~> 6.0.4, >= 6.1.4.1
Use the return of the conditional for variable assignment and comparison. Open
if current_patient.doses.exists?
rescheduled = true
else
rescheduled = false
end
- Exclude checks