MakersNetwork/agenda-saude

View on GitHub

Showing 48 of 48 total issues

Possible Open Redirect in Host Authorization Middleware
Open

    actionpack (6.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-44528

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ

Solution: upgrade to >= 6.0.4.2, ~> 6.0.4, >= 6.1.4.2, ~> 6.1.4, >= 7.0.0.rc2

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Use the return of the conditional for variable assignment and comparison.
Open

      if current_patient.doses.exists?
        @appointments_count = Appointment.waiting.not_scheduled
                                        .where(start: from..to, ubs_id: allowed_ubs_ids)
                                        .count
      else

Align .count with .waiting on line 25.
Open

                                        .count

This cop checks the indentation of the method name part in method calls that span more than one line.

Example: EnforcedStyle: aligned (default)

# bad
while myvariable
.b
  # do something
end

# good
while myvariable
      .b
  # do something
end

# good
Thing.a
     .b
     .c

Example: EnforcedStyle: indented

# good
while myvariable
  .b

  # do something
end

Example: EnforcedStyle: indentedrelativeto_receiver

# good
while myvariable
        .a
        .b

  # do something
end

# good
myvariable = Thing
               .a
               .b
               .c

Use the return of the conditional for variable assignment and comparison.
Open

      if current_patient.doses.exists?
        rescheduled = true
      else
        rescheduled = false
      end

Align .where with .waiting on line 25.
Open

                                        .where(start: from..to, ubs_id: allowed_ubs_ids)

This cop checks the indentation of the method name part in method calls that span more than one line.

Example: EnforcedStyle: aligned (default)

# bad
while myvariable
.b
  # do something
end

# good
while myvariable
      .b
  # do something
end

# good
Thing.a
     .b
     .c

Example: EnforcedStyle: indented

# good
while myvariable
  .b

  # do something
end

Example: EnforcedStyle: indentedrelativeto_receiver

# good
while myvariable
        .a
        .b

  # do something
end

# good
myvariable = Thing
               .a
               .b
               .c

Use the return of the conditional for variable assignment and comparison.
Open

    if reschedule
      appointments = Appointment.waiting.not_scheduled
    else
      appointments = Appointment.available_doses
    end

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (6.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

Severity
Category
Status
Source
Language