Sign upLogin

MakersNetwork/agenda-saude

View on GitHub
Star

Showing 48 of 48 total issues

Possible Open Redirect in Host Authorization Middleware
Open

    actionpack (6.1.4)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2021-44528

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ

Solution: upgrade to >= 6.0.4.2, ~> 6.0.4, >= 6.1.4.2, ~> 6.1.4, >= 7.0.0.rc2

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (2.2.3)
Severity: Minor
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

Use the return of the conditional for variable assignment and comparison.
Open

      if current_patient.doses.exists?
        @appointments_count = Appointment.waiting.not_scheduled
                                        .where(start: from..to, ubs_id: allowed_ubs_ids)
                                        .count
      else
Severity: Minor
Found in app/controllers/community/appointments_controller.rb by rubocop

Align .count with .waiting on line 25.
Open

                                        .count
Severity: Minor
Found in app/controllers/community/appointments_controller.rb by rubocop

This cop checks the indentation of the method name part in method calls that span more than one line.

Example: EnforcedStyle: aligned (default)

# bad
while myvariable
.b
  # do something
end

# good
while myvariable
      .b
  # do something
end

# good
Thing.a
     .b
     .c

Example: EnforcedStyle: indented

# good
while myvariable
  .b

  # do something
end

Example: EnforcedStyle: indentedrelativeto_receiver

# good
while myvariable
        .a
        .b

  # do something
end

# good
myvariable = Thing
               .a
               .b
               .c

Use the return of the conditional for variable assignment and comparison.
Open

      if current_patient.doses.exists?
        rescheduled = true
      else
        rescheduled = false
      end
Severity: Minor
Found in app/controllers/community/appointments_controller.rb by rubocop

Align .where with .waiting on line 25.
Open

                                        .where(start: from..to, ubs_id: allowed_ubs_ids)
Severity: Minor
Found in app/controllers/community/appointments_controller.rb by rubocop

This cop checks the indentation of the method name part in method calls that span more than one line.

Example: EnforcedStyle: aligned (default)

# bad
while myvariable
.b
  # do something
end

# good
while myvariable
      .b
  # do something
end

# good
Thing.a
     .b
     .c

Example: EnforcedStyle: indented

# good
while myvariable
  .b

  # do something
end

Example: EnforcedStyle: indentedrelativeto_receiver

# good
while myvariable
        .a
        .b

  # do something
end

# good
myvariable = Thing
               .a
               .b
               .c

Use the return of the conditional for variable assignment and comparison.
Open

    if reschedule
      appointments = Appointment.waiting.not_scheduled
    else
      appointments = Appointment.available_doses
    end
Severity: Minor
Found in app/services/appointment_scheduler.rb by rubocop

Possible exposure of information vulnerability in Action Pack
Open

    actionpack (6.1.4)
Severity: Critical
Found in Gemfile.lock by bundler-audit

Advisory: CVE-2022-23633

Criticality: High

URL: https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

Solution: upgrade to >= 5.2.6.2, ~> 5.2.6, >= 6.0.4.6, ~> 6.0.4, >= 6.1.4.6, ~> 6.1.4, >= 7.0.2.2

Severity
Category
Status
Source
Language