Sign upLogin

ManageIQ/amazon_ssa_support

View on GitHub
Star

Showing 17 of 17 total issues

Method new has a Cognitive Complexity of 15 (exceeds 5 allowed). Consider refactoring.
Open

    def self.new(ec2_id, host_instance, ec2, ost = nil)
      if ec2_id[0, 4] == "ami-"
        ec2_obj = ec2.image(ec2_id)
        raise "MiqEC2Vm.new: EC2 Image #{ec2_id} not found" unless ec2_obj
        raise "MiqEC2Vm.new: Image of instance store isn't supported!" unless ec2_obj.root_device_type == "ebs"
Severity: Minor
Found in lib/amazon_ssa_support/miq_ec2_vm/miq_ec2_vm.rb - About 1 hr to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method start_heartbeat_loop has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
Open

    def start_heartbeat_loop
      return unless @heartbeat_thread.nil?
      _log.debug("Starting heartbeat loop (#{object_id})")
      @heartbeat_thread = Thread.new do
        while @do_heartbeat
Severity: Minor
Found in lib/amazon_ssa_support/ssa_heartbeat.rb - About 35 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method extract_loop has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

    def extract_loop(timeout)
      start = Time.now.to_i
      loop do
        begin
          @ssaq.request_loop do |req|
Severity: Minor
Found in lib/amazon_ssa_support/ssa_queue_extractor.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method initialize has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

    def initialize(args)
      @extractor_id       = args[:extractor_id]
      @ssa_bucket_name    = args[:ssa_bucket]
      @ssa_region         = args[:region]
      @request_queue_name = args[:request_queue] || DEFAULT_REQUEST_QUEUE
Severity: Minor
Found in lib/amazon_ssa_support/ssa_queue.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method miq_vm has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

    def miq_vm
      return @miq_vm unless @miq_vm.nil?

      raise "#{self.class.name}.miq_vm: could not map volumes" unless map_volumes
      `ls -l #{map_device_prefix}*`.each_line { |l| _log.debug("        #{l.chomp}") } if _log.debug?
Severity: Minor
Found in lib/amazon_ssa_support/miq_ec2_vm/miq_ec2_ebs_vmbase.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Method get has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring.
Open

    def self.get(arg_hash)
      raise ArgumentError, "Bucket and region must be specified." unless arg_hash[:ssa_bucket] && arg_hash[:region]

      ssa_bucket_name = arg_hash[:ssa_bucket]
      s3              = arg_hash[:s3] || Aws::S3::Resource.new(region: arg_hash[:region])
Severity: Minor
Found in lib/amazon_ssa_support/ssa_bucket.rb - About 25 mins to fix

Cognitive Complexity

Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

A method's cognitive complexity is based on a few simple rules:

  • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
  • Code is considered more complex for each "break in the linear flow of the code"
  • Code is considered more complex when "flow breaking structures are nested"

Further reading

Variable val used in void context.
Open

      val
Severity: Minor
Found in lib/amazon_ssa_support/instance_metadata.rb by rubocop

Checks for operators, variables, literals, lambda, proc and nonmutating methods used in void context.

Example: CheckForMethodsWithNoSideEffects: false (default)

# bad
def some_method
  some_num * 10
  do_something
end

def some_method(some_var)
  some_var
  do_something
end

Example: CheckForMethodsWithNoSideEffects: true

# bad
def some_method(some_array)
  some_array.sort
  do_something(some_array)
end

# good
def some_method
  do_something
  some_num * 10
end

def some_method(some_var)
  do_something
  some_var
end

def some_method(some_array)
  some_array.sort!
  do_something(some_array)
end

Use match? instead of =~ when MatchData is not used.
Open

    raise OptionParser::ParseError, "Unrecognized log level: #{v}" unless /^(DEBUG|INFO|WARN|ERROR|FATAL)$/i =~ v
Severity: Minor
Found in bin/amazon_ssa_agent by rubocop

In Ruby 2.4, String#match?, Regexp#match? and Symbol#match? have been added. The methods are faster than match. Because the methods avoid creating a MatchData object or saving backref. So, when MatchData is not used, use match? instead of match.

Example:

# bad
def foo
  if x =~ /re/
    do_something
  end
end

# bad
def foo
  if x.match(/re/)
    do_something
  end
end

# bad
def foo
  if /re/ === x
    do_something
  end
end

# good
def foo
  if x.match?(/re/)
    do_something
  end
end

# good
def foo
  if x =~ /re/
    do_something(Regexp.last_match)
  end
end

# good
def foo
  if x.match(/re/)
    do_something($~)
  end
end

# good
def foo
  if /re/ === x
    do_something($~)
  end
end

metadata['rubygems_mfa_required'] must be set to 'true'.
Open

Gem::Specification.new do |spec|
  spec.name          = "amazon_ssa_support"
  spec.version       = AmazonSsaSupport::VERSION
  spec.authors       = ["ManageIQ Developers"]
Severity: Minor
Found in amazon_ssa_support.gemspec by rubocop

Requires a gemspec to have rubygems_mfa_required metadata set.

This setting tells RubyGems that MFA (Multi-Factor Authentication) is required for accounts to be able perform privileged operations, such as (see RubyGems' documentation for the full list of privileged operations):

  • gem push
  • gem yank
  • gem owner --add/remove
  • adding or removing owners using gem ownership page

This helps make your gem more secure, as users can be more confident that gem updates were pushed by maintainers.

Example:

# bad
Gem::Specification.new do |spec|
  # no `rubygems_mfa_required` metadata specified
end

# good
Gem::Specification.new do |spec|
  spec.metadata = {
    'rubygems_mfa_required' => 'true'
  }
end

# good
Gem::Specification.new do |spec|
  spec.metadata['rubygems_mfa_required'] = 'true'
end

# bad
Gem::Specification.new do |spec|
  spec.metadata = {
    'rubygems_mfa_required' => 'false'
  }
end

# good
Gem::Specification.new do |spec|
  spec.metadata = {
    'rubygems_mfa_required' => 'true'
  }
end

# bad
Gem::Specification.new do |spec|
  spec.metadata['rubygems_mfa_required'] = 'false'
end

# good
Gem::Specification.new do |spec|
  spec.metadata['rubygems_mfa_required'] = 'true'
end

Remove redundant sort.
Open

Dir.glob(File.expand_path("lib/tasks/*", __dir__)).sort.each { |f| load f }
Severity: Minor
Found in Rakefile by rubocop

Sort globbed results by default in Ruby 3.0. This cop checks for redundant sort method to Dir.glob and Dir[].

Safety:

This cop is unsafe, in case of having a file and a directory with identical names, since directory will be loaded before the file, which will break exe/files.rb that rely on exe.rb file.

Example:

# bad
Dir.glob('./lib/**/*.rb').sort.each do |file|
end

Dir['./lib/**/*.rb'].sort.each do |file|
end

# good
Dir.glob('./lib/**/*.rb').each do |file|
end

Dir['./lib/**/*.rb'].each do |file|
end

Prefer using YAML.safe_load over YAML.load.
Open

      body = YAML.load(msg.body)
Severity: Minor
Found in lib/amazon_ssa_support/ssa_queue.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Prefer using YAML.safe_load over YAML.load.
Open

        reply_data = YAML.load(s3_obj.get.body.read)
Severity: Minor
Found in lib/amazon_ssa_support/ssa_queue.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Dependencies should be sorted in an alphabetical order within their section of the gemspec. Dependency aws-sdk-ec2 should appear before aws-sdk-sqs.
Open

  spec.add_dependency "aws-sdk-ec2",           "~> 1.0"
Severity: Minor
Found in amazon_ssa_support.gemspec by rubocop

Dependencies in the gemspec should be alphabetically sorted.

Example:

# bad
spec.add_dependency 'rubocop'
spec.add_dependency 'rspec'

# good
spec.add_dependency 'rspec'
spec.add_dependency 'rubocop'

# good
spec.add_dependency 'rubocop'

spec.add_dependency 'rspec'

# bad
spec.add_development_dependency 'rubocop'
spec.add_development_dependency 'rspec'

# good
spec.add_development_dependency 'rspec'
spec.add_development_dependency 'rubocop'

# good
spec.add_development_dependency 'rubocop'

spec.add_development_dependency 'rspec'

# bad
spec.add_runtime_dependency 'rubocop'
spec.add_runtime_dependency 'rspec'

# good
spec.add_runtime_dependency 'rspec'
spec.add_runtime_dependency 'rubocop'

# good
spec.add_runtime_dependency 'rubocop'

spec.add_runtime_dependency 'rspec'

Example: TreatCommentsAsGroupSeparators: true (default)

# good
# For code quality
spec.add_dependency 'rubocop'
# For tests
spec.add_dependency 'rspec'

Example: TreatCommentsAsGroupSeparators: false

# bad
# For code quality
spec.add_dependency 'rubocop'
# For tests
spec.add_dependency 'rspec'

Prefer using YAML.safe_load over YAML.load.
Open

      req = YAML.load(msg.body)
Severity: Minor
Found in lib/amazon_ssa_support/ssa_queue.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Prefer using YAML.safe_load over YAML.load.
Open

aws_args = YAML.load(File.read("#{work_dir}/config.yml"))
Severity: Minor
Found in bin/amazon_ssa_agent by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Prefer using YAML.safe_load over YAML.load.
Open

      body = YAML.load(msg.body)
Severity: Minor
Found in lib/amazon_ssa_support/ssa_queue.rb by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)

Prefer using YAML.safe_load over YAML.load.
Open

  region                        = YAML.load(extractor_doc)["region"]
Severity: Minor
Found in bin/amazon_ssa_agent by rubocop

Checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

NOTE: Ruby 3.1+ (Psych 4) uses Psych.load as Psych.safe_load by default.

Safety:

The behavior of the code might change depending on what was in the YAML payload, since YAML.safe_load is more restrictive.

Example:

# bad
YAML.load("--- !ruby/object:Foo {}") # Psych 3 is unsafe by default

# good
YAML.safe_load("--- !ruby/object:Foo {}", [Foo])                    # Ruby 2.5  (Psych 3)
YAML.safe_load("--- !ruby/object:Foo {}", permitted_classes: [Foo]) # Ruby 3.0- (Psych 3)
YAML.load("--- !ruby/object:Foo {}", permitted_classes: [Foo])      # Ruby 3.1+ (Psych 4)
YAML.dump(foo)
Severity
Category
Status
Source
Language